From patchwork Wed Feb 27 06:07:38 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: John Stultz <john.stultz@linaro.org>
X-Patchwork-Id: 15116
Return-Path: <patch+caf_=linaro-patchwork=canonical.com@linaro.org>
X-Original-To: patchwork@peony.canonical.com
Delivered-To: patchwork@peony.canonical.com
Received: from fiordland.canonical.com (fiordland.canonical.com
 [91.189.94.145])
 by peony.canonical.com (Postfix) with ESMTP id B936523DFE
 for <patchwork@peony.canonical.com>;
 Wed, 27 Feb 2013 06:08:10 +0000 (UTC)
Received: from mail-vc0-f177.google.com (mail-vc0-f177.google.com
 [209.85.220.177])
 by fiordland.canonical.com (Postfix) with ESMTP id 7191CA191B7
 for <linaro-patchwork@canonical.com>;
 Wed, 27 Feb 2013 06:08:10 +0000 (UTC)
Received: by mail-vc0-f177.google.com with SMTP id m18so138131vcm.36
 for <linaro-patchwork@canonical.com>;
 Tue, 26 Feb 2013 22:08:10 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=google.com; s=20120113;
 h=x-received:x-forwarded-to:x-forwarded-for:delivered-to:x-received
 :received-spf:x-received:from:to:cc:subject:date:message-id:x-mailer
 :in-reply-to:references:x-gm-message-state;
 bh=OalzsvPz2DXR0ZeeFzu14RY/ksm++iMp2jMyzSlNHwM=;
 b=kODAkpMy5Mqseh2W9R+emaj7W3M5Ie/ixE8lng8YhZc7hQi9tzEBM+Bq4I+a3iAsQq
 15dthOesQdYz1expysLQkeUv7SMv+o0UoA7DmdwNcsg0PIqE91ShKGNciOoZ5RTXg8EA
 9c0bN3GlFFZLrvTBl05B1wPxEkzQn1mmTagROVk0gJ/7E+xE1kbaPDCMNgJfVyN+YF9N
 2vUx2L/37X+yrDFvJjt3Rpfmz7DwkBP4+UZ0XmB9fbxVV2QdTXaHHEHuP9lTkC5roa/r
 8rL095Hxtu/MmjVHHilEl+mQ531Zb8ZE22d/m/liJ0lUo+qPikQzdUOD3C37dlQq4QZA
 Lfwg==
X-Received: by 10.220.39.69 with SMTP id f5mr414229vce.45.1361945289945;
 Tue, 26 Feb 2013 22:08:09 -0800 (PST)
X-Forwarded-To: linaro-patchwork@canonical.com
X-Forwarded-For: patch@linaro.org linaro-patchwork@canonical.com
Delivered-To: patches@linaro.org
Received: by 10.58.145.101 with SMTP id st5csp150787veb;
 Tue, 26 Feb 2013 22:08:09 -0800 (PST)
X-Received: by 10.66.52.116 with SMTP id s20mr5857126pao.70.1361945289014;
 Tue, 26 Feb 2013 22:08:09 -0800 (PST)
Received: from mail-da0-f43.google.com (mail-da0-f43.google.com
 [209.85.210.43]) by mx.google.com with ESMTPS id
 ib1si3419194pbc.283.2013.02.26.22.08.08
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Tue, 26 Feb 2013 22:08:09 -0800 (PST)
Received-SPF: neutral (google.com: 209.85.210.43 is neither permitted nor
 denied by best guess record for domain of
 john.stultz@linaro.org) client-ip=209.85.210.43; 
Authentication-Results: mx.google.com;
 spf=neutral (google.com: 209.85.210.43 is neither permitted nor
 denied by best guess record for domain of
 john.stultz@linaro.org) smtp.mail=john.stultz@linaro.org
Received: by mail-da0-f43.google.com with SMTP id u36so129782dak.16
 for <patches@linaro.org>; Tue, 26 Feb 2013 22:08:08 -0800 (PST)
X-Received: by 10.68.230.225 with SMTP id tb1mr1648989pbc.86.1361945288647; 
 Tue, 26 Feb 2013 22:08:08 -0800 (PST)
Received: from localhost.localdomain (c-24-21-54-107.hsd1.or.comcast.net.
 [24.21.54.107]) by mx.google.com with ESMTPS id
 tm1sm3499861pbc.11.2013.02.26.22.08.06
 (version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Tue, 26 Feb 2013 22:08:07 -0800 (PST)
From: John Stultz <john.stultz@linaro.org>
To: lkml <linux-kernel@vger.kernel.org>
Cc: Charndeep Grewal <csgrewa@tycho.ncsc.mil>,
 Android Kernel Team <kernel-team@android.com>,
 Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
 John Stultz <john.stultz@linaro.org>
Subject: [PATCH 5/5] staging: android: logger: enforce GID and CAP check on
 log flush
Date: Tue, 26 Feb 2013 22:07:38 -0800
Message-Id: <1361945258-24420-6-git-send-email-john.stultz@linaro.org>
X-Mailer: git-send-email 1.7.10.4
In-Reply-To: <1361945258-24420-1-git-send-email-john.stultz@linaro.org>
References: <1361945258-24420-1-git-send-email-john.stultz@linaro.org>
X-Gm-Message-State: ALoCoQnyn9dGiYujY77U7sLzdawyGCbMFbJn2XsWHByF71xIDRheo/wu+QBkTRrfEiEzL1R6adEX

From: Charndeep Grewal <csgrewa@tycho.ncsc.mil>

Restrict log flushing to those in the logs group, or
anyone with CAP_SYSLOG.

Cc: Android Kernel Team <kernel-team@android.com>
Cc: Charndeep Grewal <csgrewa@tycho.ncsc.mil>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Charndeep Grewal <csgrewa@tycho.ncsc.mil>
Signed-off-by: John Stultz <john.stultz@linaro.org>
---
 drivers/staging/android/logger.c |    5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/staging/android/logger.c b/drivers/staging/android/logger.c
index cfa6061..b14a557 100644
--- a/drivers/staging/android/logger.c
+++ b/drivers/staging/android/logger.c
@@ -695,6 +695,11 @@ static long logger_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 			ret = -EBADF;
 			break;
 		}
+		if (!(in_egroup_p(file->f_dentry->d_inode->i_gid) ||
+				capable(CAP_SYSLOG))) {
+			ret = -EPERM;
+			break;
+		}
 		list_for_each_entry(reader, &log->readers, list)
 			reader->r_off = log->w_off;
 		log->head = log->w_off;