From: Nick Kralevich Date: Thu, 8 Mar 2012 01:34:38 +0000 (-0800) Subject: staging: android: ram_console: honor dmesg_restrict X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=dd09979346813357200adf71b07003fc0a778089;p=GitHub%2Fmt8127%2Fandroid_kernel_alcatel_ttab.git staging: android: ram_console: honor dmesg_restrict The Linux kernel has a setting called dmesg_restrict. When true, only processes with CAP_SYSLOG can view the kernel dmesg logs. This helps prevent leaking of kernel information into user space. On Android, it's possible to bypass these restrictions by viewing /proc/last_kmsg. This change makes /proc/last_kmsg require the same permissions as dmesg. CC: Android Kernel Team Signed-off-by: Nick Kralevich Signed-off-by: John Stultz Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/android/ram_console.c b/drivers/staging/android/ram_console.c index d956b8441442..b242be246cd8 100644 --- a/drivers/staging/android/ram_console.c +++ b/drivers/staging/android/ram_console.c @@ -99,6 +99,9 @@ static ssize_t ram_console_read_old(struct file *file, char __user *buf, char *str; int ret; + if (dmesg_restrict && !capable(CAP_SYSLOG)) + return -EPERM; + /* Main last_kmsg log */ if (pos < old_log_size) { count = min(len, (size_t)(old_log_size - pos));