staging: android: ram_console: honor dmesg_restrict

The Linux kernel has a setting called dmesg_restrict. When true,
only processes with CAP_SYSLOG can view the kernel dmesg logs. This
helps prevent leaking of kernel information into user space.

On Android, it's possible to bypass these restrictions by viewing
/proc/last_kmsg.

This change makes /proc/last_kmsg require the same permissions as
dmesg.

CC: Android Kernel Team <kernel-team@android.com>
Signed-off-by: Nick Kralevich <nnk@google.com>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/staging/android/ram_console.c b/drivers/staging/android/ram_console.c
index d956b8441442ada2d00c9a78eb1cf14dce0b5449..b242be246cd812662b82f674de91c71f839a6122 100644 (file)
--- a/drivers/staging/android/ram_console.c
+++ b/drivers/staging/android/ram_console.c
@@ -99,6 +99,9 @@ static ssize_t ram_console_read_old(struct file *file, char __user *buf,
        char *str;
        int ret;
 
+       if (dmesg_restrict && !capable(CAP_SYSLOG))
+               return -EPERM;
+
        /* Main last_kmsg log */
        if (pos < old_log_size) {
                count = min(len, (size_t)(old_log_size - pos));