77 lines
3.4 KiB
Plaintext
77 lines
3.4 KiB
Plaintext
# socket ioctls allowed to unprivileged apps
|
|
define(`unpriv_sock_ioctls', `
|
|
{
|
|
# Socket ioctls for gathering information about the interface
|
|
SIOCGSTAMP SIOCGSTAMPNS
|
|
SIOCGIFNAME SIOCGIFCONF SIOCGIFFLAGS SIOCGIFADDR SIOCGIFDSTADDR SIOCGIFBRDADDR
|
|
SIOCGIFNETMASK SIOCGIFMTU SIOCGIFINDEX SIOCGIFCOUNT SIOCGIFTXQLEN
|
|
# Wireless extension ioctls. Primarily get functions.
|
|
SIOCGIWNAME SIOCGIWFREQ SIOCGIWMODE SIOCGIWSENS SIOCGIWRANGE SIOCGIWPRIV
|
|
SIOCGIWSTATS SIOCGIWSPY SIOCSIWTHRSPY SIOCGIWTHRSPY SIOCGIWRATE SIOCGIWRTS
|
|
SIOCGIWFRAG SIOCGIWTXPOW SIOCGIWRETRY SIOCGIWPOWER
|
|
}')
|
|
|
|
# socket ioctls never allowed to unprivileged apps
|
|
define(`priv_sock_ioctls', `
|
|
{
|
|
# qualcomm rmnet ioctls
|
|
WAN_IOC_ADD_FLT_RULE WAN_IOC_ADD_FLT_INDEX
|
|
# socket ioctls
|
|
SIOCADDRT SIOCDELRT SIOCRTMSG SIOCSIFLINK SIOCSIFFLAGS SIOCSIFADDR
|
|
SIOCSIFDSTADDR SIOCSIFBRDADDR SIOCSIFNETMASK SIOCGIFMETRIC SIOCSIFMETRIC SIOCGIFMEM
|
|
SIOCSIFMEM SIOCSIFMTU SIOCSIFNAME SIOCSIFHWADDR SIOCGIFENCAP SIOCSIFENCAP
|
|
SIOCGIFHWADDR SIOCGIFSLAVE SIOCSIFSLAVE SIOCADDMULTI SIOCDELMULTI
|
|
SIOCSIFPFLAGS SIOCGIFPFLAGS SIOCDIFADDR SIOCSIFHWBROADCAST SIOCKILLADDR SIOCGIFBR SIOCSIFBR
|
|
SIOCSIFTXQLEN SIOCETHTOOL SIOCGMIIPHY SIOCGMIIREG SIOCSMIIREG SIOCWANDEV
|
|
SIOCOUTQNSD SIOCDARP SIOCGARP SIOCSARP SIOCDRARP SIOCGRARP SIOCSRARP SIOCGIFMAP
|
|
SIOCSIFMAP SIOCADDDLCI SIOCDELDLCI SIOCGIFVLAN SIOCSIFVLAN SIOCBONDENSLAVE
|
|
SIOCBONDRELEASE SIOCBONDSETHWADDR SIOCBONDSLAVEINFOQUERY SIOCBONDINFOQUERY
|
|
SIOCBONDCHANGEACTIVE SIOCBRADDBR SIOCBRDELBR SIOCBRADDIF SIOCBRDELIF SIOCSHWTSTAMP
|
|
# device and protocol specific ioctls
|
|
SIOCDEVPRIVATE-SIOCDEVPRIVLAST
|
|
SIOCPROTOPRIVATE-SIOCPROTOPRIVLAST
|
|
# Wireless extension ioctls
|
|
SIOCSIWCOMMIT SIOCSIWNWID SIOCSIWFREQ SIOCSIWMODE SIOCSIWSENS SIOCSIWRANGE
|
|
SIOCSIWPRIV SIOCSIWSTATS SIOCSIWSPY SIOCSIWAP SIOCGIWAP SIOCSIWMLME SIOCGIWAPLIST
|
|
SIOCSIWSCAN SIOCGIWSCAN SIOCSIWESSID SIOCGIWESSID SIOCSIWNICKN SIOCGIWNICKN
|
|
SIOCSIWRATE SIOCSIWRTS SIOCSIWFRAG SIOCSIWTXPOW SIOCSIWRETRY SIOCSIWENCODE
|
|
SIOCGIWENCODE SIOCSIWPOWER SIOCSIWGENIE SIOCGIWGENIE SIOCSIWAUTH SIOCGIWAUTH
|
|
SIOCSIWENCODEEXT SIOCGIWENCODEEXT SIOCSIWPMKSA
|
|
# Dev private ioctl i.e. hardware specific ioctls
|
|
SIOCIWFIRSTPRIV-SIOCIWLASTPRIV
|
|
}')
|
|
|
|
# commonly used ioctls on unix sockets
|
|
define(`unpriv_unix_sock_ioctls', `{
|
|
TIOCOUTQ FIOCLEX FIONCLEX TCGETS TIOCGWINSZ TIOCSWINSZ FIONREAD
|
|
}')
|
|
|
|
# commonly used TTY ioctls
|
|
# merge with unpriv_unix_sock_ioctls?
|
|
define(`unpriv_tty_ioctls', `{
|
|
TIOCOUTQ FIOCLEX FIONCLEX TCGETS TCSETS TCSETSW TCSETSF TIOCGWINSZ TIOCSWINSZ
|
|
TIOCSCTTY TCFLSH TIOCSPGRP TIOCGPGRP
|
|
}')
|
|
|
|
# point to point ioctls
|
|
define(`ppp_ioctls', `{
|
|
PPPIOCGL2TPSTATS PPPIOCGCHAN PPPIOCATTCHAN PPPIOCDISCONN
|
|
PPPIOCCONNECT PPPIOCSMRRU PPPIOCDETACH PPPIOCATTACH
|
|
PPPIOCNEWUNIT PPPIOCGIDLE PPPIOCSDEBUG PPPIOCGDEBUG
|
|
PPPIOCSACTIVE PPPIOCSPASS PPPIOCSNPMODE PPPIOCGNPMODE
|
|
PPPIOCSCOMPRESS PPPIOCXFERUNIT PPPIOCSXASYNCMAP
|
|
PPPIOCGXASYNCMAP PPPIOCSMAXCID PPPIOCSMRU PPPIOCGMRU
|
|
PPPIOCSRASYNCMAP PPPIOCGRASYNCMAP PPPIOCGUNIT PPPIOCSASYNCMAP
|
|
PPPIOCGASYNCMAP PPPIOCSFLAGS PPPIOCGFLAGS PPPIOCGCALLINFO
|
|
PPPIOCBUNDLE PPPIOCGMPFLAGS PPPIOCSMPFLAGS PPPIOCSMPMTU
|
|
PPPIOCSMPMRU PPPIOCGCOMPRESSORS PPPIOCSCOMPRESSOR PPPIOCGIFNAME
|
|
}')
|
|
|
|
# unprivileged binder ioctls
|
|
define(`unpriv_binder_ioctls', `{
|
|
BINDER_WRITE_READ BINDER_SET_IDLE_TIMEOUT BINDER_SET_MAX_THREADS
|
|
BINDER_SET_IDLE_PRIORITY BINDER_SET_CONTEXT_MGR BINDER_THREAD_EXIT
|
|
BINDER_VERSION BINDER_GET_NODE_DEBUG_INFO BINDER_GET_NODE_INFO_FOR_REF
|
|
BINDER_SET_CONTEXT_MGR_EXT BINDER_ENABLE_ONEWAY_SPAM_DETECTION
|
|
}')
|