staging: android: ram_console: honor dmesg_restrict

The Linux kernel has a setting called dmesg_restrict. When true, only processes with CAP_SYSLOG can view the kernel dmesg logs. This helps prevent leaking of kernel information into user space. On Android, it's possible to bypass these restrictions by viewing /proc/last_kmsg. This change makes /proc/last_kmsg require the same permissions as dmesg. CC: Android Kernel Team <kernel-team@android.com> Signed-off-by: Nick Kralevich <nnk@google.com> Signed-off-by: John Stultz <john.stultz@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

staging: android: ram_console: honor dmesg_restrict
The Linux kernel has a setting called dmesg_restrict. When true, only processes with CAP_SYSLOG can view the kernel dmesg logs. This helps prevent leaking of kernel information into user space. On Android, it's possible to bypass these restrictions by viewing /proc/last_kmsg. This change makes /proc/last_kmsg require the same permissions as dmesg. CC: Android Kernel Team <kernel-team@android.com> Signed-off-by: Nick Kralevich <nnk@google.com> Signed-off-by: John Stultz <john.stultz@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
dd099793 · Nick Kralevich · Greg Kroah-Hartman · 3a21138d · dd099793
Commit dd099793 authored Mar 07, 2012 by Nick Kralevich Committed by Greg Kroah-Hartman Mar 08, 2012
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 0 deletions

drivers/staging/android/ram_console.c drivers/staging/android/ram_console.c +3 -0

No files found.
--- a/drivers/staging/android/ram_console.c
+++ b/drivers/staging/android/ram_console.c
@@ -99,6 +99,9 @@ static ssize_t ram_console_read_old(struct file *file, char __user *buf,
 	char *str;
 	int ret;

+	if (dmesg_restrict && !capable(CAP_SYSLOG))
+		return -EPERM;
+
 	/* Main last_kmsg log */
 	if (pos < old_log_size) {
 		count = min(len, (size_t)(old_log_size - pos));