android: ram_console: honor dmesg_restricttracking-linaro-android-3.3-3.3-2012.03-2 tracking-linaro-android-3.3

The Linux kernel has a setting called dmesg_restrict. When true, only processes with CAP_SYSLOG can view the kernel dmesg logs. This helps prevent leaking of kernel information into user space. On Android, it's possible to bypass these restrictions by viewing /proc/last_kmsg. This change makes /proc/last_kmsg require the same permissions as dmesg. Bug: 5555691 Signed-off-by: Nick Kralevich <nnk@google.com> Change-Id: I50ecb74012ef2ac0a3cff7325192634341fddae9
author: Nick Kralevich <nnk@google.com> 2012-02-22 15:48:11 -0800
committer: Nick Kralevich <nnk@google.com> 2012-03-05 16:10:46 -0800
commit: 88bef40b1205317592bb0c6c60ebf084422485c3 (patch)
tree: f62f680833988bf5cb952cc506f91ada12239de7
parent: 91154555190c1d25d02db5240a4cb89d2603c6da (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/drivers/staging/android/ram_console.c b/drivers/staging/android/ram_console.c
index f24679f9f0e4..233d652684c9 100644
--- a/drivers/staging/android/ram_console.c
+++ b/drivers/staging/android/ram_console.c
@@ -99,6 +99,9 @@ static ssize_t ram_console_read_old(struct file *file, char __user *buf,
 	char *str;
 	int ret;
 
+	if (dmesg_restrict && !capable(CAP_SYSLOG))
+		return -EPERM;
+
 	/* Main last_kmsg log */
 	if (pos < old_log_size) {
 		count = min(len, (size_t)(old_log_size - pos));
author	Nick Kralevich <nnk@google.com>	2012-02-22 15:48:11 -0800
committer	Nick Kralevich <nnk@google.com>	2012-03-05 16:10:46 -0800
commit	88bef40b1205317592bb0c6c60ebf084422485c3 (patch)
tree	f62f680833988bf5cb952cc506f91ada12239de7
parent	91154555190c1d25d02db5240a4cb89d2603c6da (diff)