From 1e70bd46a5a950b7ba319e50bdfed9d20ed9fd73 Mon Sep 17 00:00:00 2001
From: Charndeep Grewal <csgrewa@tycho.ncsc.mil>
Date: Tue, 26 Feb 2013 22:07:38 -0800
Subject: staging: android: logger: enforce GID and CAP check on log flush

Restrict log flushing to those in the logs group, or
anyone with CAP_SYSLOG.

Cc: Android Kernel Team <kernel-team@android.com>
Cc: Charndeep Grewal <csgrewa@tycho.ncsc.mil>
Signed-off-by: Charndeep Grewal <csgrewa@tycho.ncsc.mil>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/staging/android/logger.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'drivers/staging/android')

diff --git a/drivers/staging/android/logger.c b/drivers/staging/android/logger.c
index cfa606110cc2..b14a55742559 100644
--- a/drivers/staging/android/logger.c
+++ b/drivers/staging/android/logger.c
@@ -695,6 +695,11 @@ static long logger_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 			ret = -EBADF;
 			break;
 		}
+		if (!(in_egroup_p(file->f_dentry->d_inode->i_gid) ||
+				capable(CAP_SYSLOG))) {
+			ret = -EPERM;
+			break;
+		}
 		list_for_each_entry(reader, &log->readers, list)
 			reader->r_off = log->w_off;
 		log->head = log->w_off;
-- 
cgit v1.2.3