From 84a61cc5351d1061ac840f9977c260e17fc27b41 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Tue, 5 Jan 2016 08:01:53 -0800
Subject: [PATCH] disallow unprivileged access to rmnet

Enforce via neverallow rule by adding WAN_IOC_ADD_FLT_RULE
and WAN_IOC_ADD_FLT_RULE_INDEX to neverallow macro.

Bug: 26324307
Change-Id: I5350d9339e45ddeefd5423c3fe9a0ea14fe877b2
---
 ioctl_defines | 2 ++
 ioctl_macros  | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/ioctl_defines b/ioctl_defines
index eafcaff66..97bdcc10f 100644
--- a/ioctl_defines
+++ b/ioctl_defines
@@ -2631,3 +2631,5 @@ define(`BTRFS_IOC_INO_LOOKUP', `0xd0009412')
 define(`BTRFS_IOC_DEV_INFO', `0xd000941e')
 define(`HIDIOCGUSAGES', `0xd01c4813')
 define(`SNDRV_COMPRESS_GET_CODEC_CAPS', `0xeb884311')
+define(`WAN_IOC_ADD_FLT_RULE', `0x00006900')
+define(`WAN_IOC_ADD_FLT_INDEX', `0x00006902')
diff --git a/ioctl_macros b/ioctl_macros
index 890fc3cb5..5a94bf21b 100644
--- a/ioctl_macros
+++ b/ioctl_macros
@@ -15,6 +15,8 @@ TIOCOUTQ FIOCLEX
 # socket ioctls never allowed to unprivileged apps
 define(`priv_sock_ioctls', `
 {
+# qualcomm rmnet ioctls
+WAN_IOC_ADD_FLT_RULE WAN_IOC_ADD_FLT_INDEX
 # socket ioctls
 SIOCADDRT SIOCDELRT SIOCRTMSG SIOCSIFLINK SIOCSIFFLAGS SIOCSIFADDR SIOCGIFDSTADDR
 SIOCSIFDSTADDR SIOCSIFBRDADDR SIOCSIFNETMASK SIOCGIFMETRIC SIOCSIFMETRIC SIOCGIFMEM
-- 
GitLab