From dd09979346813357200adf71b07003fc0a778089 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Wed, 7 Mar 2012 17:34:38 -0800
Subject: staging: android: ram_console: honor dmesg_restrict

The Linux kernel has a setting called dmesg_restrict. When true,
only processes with CAP_SYSLOG can view the kernel dmesg logs. This
helps prevent leaking of kernel information into user space.

On Android, it's possible to bypass these restrictions by viewing
/proc/last_kmsg.

This change makes /proc/last_kmsg require the same permissions as
dmesg.

CC: Android Kernel Team <kernel-team@android.com>
Signed-off-by: Nick Kralevich <nnk@google.com>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/staging/android/ram_console.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'drivers/staging/android')

diff --git a/drivers/staging/android/ram_console.c b/drivers/staging/android/ram_console.c
index d956b844144..b242be246cd 100644
--- a/drivers/staging/android/ram_console.c
+++ b/drivers/staging/android/ram_console.c
@@ -99,6 +99,9 @@ static ssize_t ram_console_read_old(struct file *file, char __user *buf,
 	char *str;
 	int ret;
 
+	if (dmesg_restrict && !capable(CAP_SYSLOG))
+		return -EPERM;
+
 	/* Main last_kmsg log */
 	if (pos < old_log_size) {
 		count = min(len, (size_t)(old_log_size - pos));
-- 
cgit v1.2.3