kernel: require admin permissions for swconfig set operations

[openwrt/openwrt.git] / target / linux / generic / files / drivers / net / phy / swconfig.c

diff --git a/target/linux/generic/files/drivers/net/phy/swconfig.c b/target/linux/generic/files/drivers/net/phy/swconfig.c
index 68ddd246addab8897dde186484c08be138db9a00..c70ca74cadde948bd330543cdf9811ce130899b1 100644 (file)
--- a/target/linux/generic/files/drivers/net/phy/swconfig.c
+++ b/target/linux/generic/files/drivers/net/phy/swconfig.c
@@ -1,7 +1,7 @@
 /*
  * swconfig.c: Switch configuration API
  *
- * Copyright (C) 2008 Felix Fietkau <nbd@openwrt.org>
+ * Copyright (C) 2008 Felix Fietkau <nbd@nbd.name>
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -31,7 +31,7 @@
 
 #include "swconfig_leds.c"
 
-MODULE_AUTHOR("Felix Fietkau <nbd@openwrt.org>");
+MODULE_AUTHOR("Felix Fietkau <nbd@nbd.name>");
 MODULE_LICENSE("GPL");
 
 static int swdev_id;
@@ -635,6 +635,9 @@ swconfig_set_attr(struct sk_buff *skb, struct genl_info *info)
        struct switch_val val;
        int err = -EINVAL;
 
+       if (!capable(CAP_NET_ADMIN))
+               return -EPERM;
+
        dev = swconfig_get_dev(info);
        if (!dev)
                return -EINVAL;
@@ -1022,16 +1025,19 @@ static struct genl_ops swconfig_ops[] = {
        },
        {
                .cmd = SWITCH_CMD_SET_GLOBAL,
+               .flags = GENL_ADMIN_PERM,
                .doit = swconfig_set_attr,
                .policy = switch_policy,
        },
        {
                .cmd = SWITCH_CMD_SET_VLAN,
+               .flags = GENL_ADMIN_PERM,
                .doit = swconfig_set_attr,
                .policy = switch_policy,
        },
        {
                .cmd = SWITCH_CMD_SET_PORT,
+               .flags = GENL_ADMIN_PERM,
                .doit = swconfig_set_attr,
                .policy = switch_policy,
        },