staging: android: ram_console: honor dmesg_restrict

The Linux kernel has a setting called dmesg_restrict. When true, only processes with CAP_SYSLOG can view the kernel dmesg logs. This helps prevent leaking of kernel information into user space. On Android, it's possible to bypass these restrictions by viewing /proc/last_kmsg. This change makes /proc/last_kmsg require the same permissions as dmesg. CC: Android Kernel Team <kernel-team@android.com> Signed-off-by: N Nick Kralevich <nnk@google.com> Signed-off-by: N John Stultz <john.stultz@linaro.org> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org>

staging: android: ram_console: honor dmesg_restrict
The Linux kernel has a setting called dmesg_restrict. When true, only processes with CAP_SYSLOG can view the kernel dmesg logs. This helps prevent leaking of kernel information into user space. On Android, it's possible to bypass these restrictions by viewing /proc/last_kmsg. This change makes /proc/last_kmsg require the same permissions as dmesg. CC: Android Kernel Team <kernel-team@android.com> Signed-off-by: N Nick Kralevich <nnk@google.com> Signed-off-by: N John Stultz <john.stultz@linaro.org> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org>
dd099793 · Nick Kralevich · Greg Kroah-Hartman · 3a21138d · dd099793
隐藏空白更改
内联并排

Showing with 3 addition and 0 deletion

drivers/staging/android/ram_console.c drivers/staging/android/ram_console.c +3 -0

未找到文件。
--- a/drivers/staging/android/ram_console.c
+++ b/drivers/staging/android/ram_console.c
@@ -99,6 +99,9 @@ static ssize_t ram_console_read_old(struct file *file, char __user *buf,
 	char *str;
 	int ret;

+	if (dmesg_restrict && !capable(CAP_SYSLOG))
+		return -EPERM;
+
 	/* Main last_kmsg log */
 	if (pos < old_log_size) {
 		count = min(len, (size_t)(old_log_size - pos));