summaryrefslogtreecommitdiff
path: root/server/InterfaceController.cpp
diff options
context:
space:
mode:
authorMaciej Żenczykowski <maze@google.com>2019-04-16 13:00:53 -0700
committerMaciej Żenczykowski <maze@google.com>2019-04-16 13:49:19 -0700
commitee0f48dd5faef71ed57e9ccc7909302452ed32ba (patch)
tree273cb17469022ac0f0883795b282a33f431e332b /server/InterfaceController.cpp
parentb049513d366c37ca481317c0ff51e49932cae8b3 (diff)
netd: ignore non-directories/symlinks when getting interfaces from /sys/class/net
This prevents /sys/class/net/bonding_masters file (which is present if kernel is bonding device capable) from being detected as a network interface and triggering attempts to load netdev-bonding_masters module. This should eliminate selinux policy violations: type=1400 audit(:3): avc: denied { module_request } for comm="netd" kmod="netdev-bonding_masters" scontext=u:r:netd:s0 tcontext=u:r:kernel:s0 tclass=system type=1400 audit(:3): avc: denied { module_request } for comm="netd" kmod="netdev-bonding_masters" scontext=u:r:netd:s0 tcontext=u:r:kernel:s0 tclass=system type=1400 audit(:4): avc: denied { sys_module } for comm="netd" capability=16 scontext=u:r:netd:s0 tcontext=u:r:netd:s0 tclass=capability type=1400 audit(:4): avc: denied { sys_module } for comm="netd" capability=16 scontext=u:r:netd:s0 tcontext=u:r:netd:s0 tclass=capability type=1400 audit(:3): avc: denied { module_request } for kmod="netdev-bonding_masters" scontext=u:r:netd:s0 tcontext=u:r:kernel:s0 tclass=system type=1400 audit(:4): avc: denied { sys_module } for capability=16 scontext=u:r:netd:s0 tcontext=u:r:netd:s0 tclass=capability ie. netd kernel:system module_request; netd self:capability sys_module; Test: build and a_test libbpf_android_test libnetdbpf_test netd_integration_test netd_unit_test netdutils_test resolv_integration_test resolv_unit_test Bug: 129670638 Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: Ibe10c33b2c6ebe5661d5665f3fde89e540248f72
Diffstat (limited to 'server/InterfaceController.cpp')
-rw-r--r--server/InterfaceController.cpp1
1 files changed, 1 insertions, 0 deletions
diff --git a/server/InterfaceController.cpp b/server/InterfaceController.cpp
index 78e08d02..bad4ba23 100644
--- a/server/InterfaceController.cpp
+++ b/server/InterfaceController.cpp
@@ -431,6 +431,7 @@ StatusOr<std::vector<std::string>> InterfaceController::getIfaceNames() {
return statusFromErrno(errno, "Cannot open iface directory");
}
while ((de = readdir(d))) {
+ if ((de->d_type != DT_DIR) && (de->d_type != DT_LNK)) continue;
if (de->d_name[0] == '.') continue;
ifaceNames.push_back(std::string(de->d_name));
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-21 19:55:55 +0000