3650ea9bb2
Needed for legacy VPN access. Note that ioctl whitelisting only uses the type and command fields of the ioctl so only the last two bytes are necessary, thus 0x40047438 and 0x7438 are treated the same. Bug: 30154346 Change-Id: I45bdc77ab666e05707729a114d933900655ba48b
62 lines
2.9 KiB
Text
62 lines
2.9 KiB
Text
# socket ioctls allowed to unprivileged apps
|
|
define(`unpriv_sock_ioctls', `
|
|
{
|
|
# Socket ioctls for gathering information about the interface
|
|
SIOCGSTAMP SIOCGSTAMPNS
|
|
SIOCGIFNAME SIOCGIFCONF SIOCGIFFLAGS SIOCGIFADDR SIOCGIFDSTADDR SIOCGIFBRDADDR
|
|
SIOCGIFNETMASK SIOCGIFMTU SIOCGIFINDEX SIOCGIFCOUNT SIOCGIFTXQLEN
|
|
# Wireless extension ioctls. Primarily get functions.
|
|
SIOCGIWNAME SIOCGIWFREQ SIOCGIWMODE SIOCGIWSENS SIOCGIWRANGE SIOCGIWPRIV
|
|
SIOCGIWSTATS SIOCGIWSPY SIOCSIWTHRSPY SIOCGIWTHRSPY SIOCGIWRATE SIOCGIWRTS
|
|
SIOCGIWFRAG SIOCGIWTXPOW SIOCGIWRETRY SIOCGIWPOWER
|
|
}')
|
|
|
|
# socket ioctls never allowed to unprivileged apps
|
|
define(`priv_sock_ioctls', `
|
|
{
|
|
# qualcomm rmnet ioctls
|
|
WAN_IOC_ADD_FLT_RULE WAN_IOC_ADD_FLT_INDEX
|
|
# socket ioctls
|
|
SIOCADDRT SIOCDELRT SIOCRTMSG SIOCSIFLINK SIOCSIFFLAGS SIOCSIFADDR
|
|
SIOCSIFDSTADDR SIOCSIFBRDADDR SIOCSIFNETMASK SIOCGIFMETRIC SIOCSIFMETRIC SIOCGIFMEM
|
|
SIOCSIFMEM SIOCSIFMTU SIOCSIFNAME SIOCSIFHWADDR SIOCGIFENCAP SIOCSIFENCAP
|
|
SIOCGIFHWADDR SIOCGIFSLAVE SIOCSIFSLAVE SIOCADDMULTI SIOCDELMULTI
|
|
SIOCSIFPFLAGS SIOCGIFPFLAGS SIOCDIFADDR SIOCSIFHWBROADCAST SIOCKILLADDR SIOCGIFBR SIOCSIFBR
|
|
SIOCSIFTXQLEN SIOCETHTOOL SIOCGMIIPHY SIOCGMIIREG SIOCSMIIREG SIOCWANDEV
|
|
SIOCOUTQNSD SIOCDARP SIOCGARP SIOCSARP SIOCDRARP SIOCGRARP SIOCSRARP SIOCGIFMAP
|
|
SIOCSIFMAP SIOCADDDLCI SIOCDELDLCI SIOCGIFVLAN SIOCSIFVLAN SIOCBONDENSLAVE
|
|
SIOCBONDRELEASE SIOCBONDSETHWADDR SIOCBONDSLAVEINFOQUERY SIOCBONDINFOQUERY
|
|
SIOCBONDCHANGEACTIVE SIOCBRADDBR SIOCBRDELBR SIOCBRADDIF SIOCBRDELIF SIOCSHWTSTAMP
|
|
# device and protocol specific ioctls
|
|
SIOCDEVPRIVATE-SIOCDEVPRIVLAST
|
|
SIOCPROTOPRIVATE-SIOCPROTOPRIVLAST
|
|
# Wireless extension ioctls
|
|
SIOCSIWCOMMIT SIOCSIWNWID SIOCSIWFREQ SIOCSIWMODE SIOCSIWSENS SIOCSIWRANGE
|
|
SIOCSIWPRIV SIOCSIWSTATS SIOCSIWSPY SIOCSIWAP SIOCGIWAP SIOCSIWMLME SIOCGIWAPLIST
|
|
SIOCSIWSCAN SIOCGIWSCAN SIOCSIWESSID SIOCGIWESSID SIOCSIWNICKN SIOCGIWNICKN
|
|
SIOCSIWRATE SIOCSIWRTS SIOCSIWFRAG SIOCSIWTXPOW SIOCSIWRETRY SIOCSIWENCODE
|
|
SIOCGIWENCODE SIOCSIWPOWER SIOCSIWGENIE SIOCGIWGENIE SIOCSIWAUTH SIOCGIWAUTH
|
|
SIOCSIWENCODEEXT SIOCGIWENCODEEXT SIOCSIWPMKSA
|
|
# Dev private ioctl i.e. hardware specific ioctls
|
|
SIOCIWFIRSTPRIV-SIOCIWLASTPRIV
|
|
}')
|
|
|
|
# commonly used ioctls on unix sockets
|
|
define(`unpriv_unix_sock_ioctls', `{TIOCOUTQ FIOCLEX TCGETS TIOCGWINSZ TIOCSWINSZ FIONREAD }')
|
|
|
|
# commonly used TTY ioctls
|
|
define(`unpriv_tty_ioctls', `{ TIOCOUTQ FIOCLEX }')
|
|
|
|
# point to point ioctls
|
|
define(`ppp_ioctls', `{
|
|
PPPIOCGL2TPSTATS PPPIOCGCHAN PPPIOCATTCHAN PPPIOCDISCONN
|
|
PPPIOCCONNECT PPPIOCSMRRU PPPIOCDETACH PPPIOCATTACH
|
|
PPPIOCNEWUNIT PPPIOCGIDLE PPPIOCSDEBUG PPPIOCGDEBUG
|
|
PPPIOCSACTIVE PPPIOCSPASS PPPIOCSNPMODE PPPIOCGNPMODE
|
|
PPPIOCSCOMPRESS PPPIOCXFERUNIT PPPIOCSXASYNCMAP
|
|
PPPIOCGXASYNCMAP PPPIOCSMAXCID PPPIOCSMRU PPPIOCGMRU
|
|
PPPIOCSRASYNCMAP PPPIOCGRASYNCMAP PPPIOCGUNIT PPPIOCSASYNCMAP
|
|
PPPIOCGASYNCMAP PPPIOCSFLAGS PPPIOCGFLAGS PPPIOCGCALLINFO
|
|
PPPIOCBUNDLE PPPIOCGMPFLAGS PPPIOCSMPFLAGS PPPIOCSMPMTU
|
|
PPPIOCSMPMRU PPPIOCGCOMPRESSORS PPPIOCSCOMPRESSOR PPPIOCGIFNAME
|
|
}')
|