Huawei get the device's MAC address via a remote API call to the radio. In stock ROMs, I believe it's handled in libhardware_legacy. Since that's tricky for us to do with CM (as we can't add to what it links with without *gasp* editing the source tree), we have a custom binary to handle the getting and setting of the address in a similar way, and it's saved in the property wlan.module.mac_param to be read by libhardware_legacy when it loads the Wi-Fi module. It passes the address to the module as a parameter. The module is otherwise dumb, it uses the address it's given, or it uses the dummy developer one.
The safest way to run the binary is when the module's state is "loading", which is what currently happens. You probably can't override the value as it'll be overwritten by the binary just before the module gets loaded.
Providing stock ROMs work how I think they do, any difficulties shouldn't be specific to CM. I have no idea how the spoofing apps work anyway - devices always have these quirks when it comes to MAC addresses.
Like my work? Give me rep!
Like my work a lot? Donate!
Remember to leave your forum name if you want to be credited!
You're likely to get a quicker response from me on Twitter