diff options
author | Nick Kralevich <nnk@google.com> | 2012-02-22 15:48:11 -0800 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2012-03-05 16:10:46 -0800 |
commit | 88bef40b1205317592bb0c6c60ebf084422485c3 (patch) | |
tree | f62f680833988bf5cb952cc506f91ada12239de7 | |
parent | 91154555190c1d25d02db5240a4cb89d2603c6da (diff) |
android: ram_console: honor dmesg_restricttracking-linaro-android-3.3-3.3-2012.03-2
The Linux kernel has a setting called dmesg_restrict. When true,
only processes with CAP_SYSLOG can view the kernel dmesg logs. This
helps prevent leaking of kernel information into user space.
On Android, it's possible to bypass these restrictions by viewing
/proc/last_kmsg.
This change makes /proc/last_kmsg require the same permissions as
dmesg.
Bug: 5555691
Signed-off-by: Nick Kralevich <nnk@google.com>
Change-Id: I50ecb74012ef2ac0a3cff7325192634341fddae9
-rw-r--r-- | drivers/staging/android/ram_console.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/drivers/staging/android/ram_console.c b/drivers/staging/android/ram_console.c index f24679f9f0e4..233d652684c9 100644 --- a/drivers/staging/android/ram_console.c +++ b/drivers/staging/android/ram_console.c @@ -99,6 +99,9 @@ static ssize_t ram_console_read_old(struct file *file, char __user *buf, char *str; int ret; + if (dmesg_restrict && !capable(CAP_SYSLOG)) + return -EPERM; + /* Main last_kmsg log */ if (pos < old_log_size) { count = min(len, (size_t)(old_log_size - pos)); |