netfilter: xt_qtaguid: remove AID_* dependency for access control

qtaguid limits what can be done with /ctrl and /stats based on group membership. This changes removes AID_NET_BW_STATS and AID_NET_BW_ACCT, and picks up the groups from the gid of the matching proc entry files. Signed-off-by: JP Abgrall <jpa@google.com> Change-Id: I42e477adde78a12ed5eb58fbc0b277cdaadb6f94
author: JP Abgrall 2013-01-04 20:18:36 -0600
committer: Arve Hjønnevåg 2013-03-11 17:25:18 -0500
commit: 33ad7056499c2b2fdf255d4222f0e4c89d82a445 (patch)
tree: a892108841b7e6fbce73325aac463ac19b1082b3
parent: e128e25e5aeddf96197d57e548e16bde54c8fee2 (diff)
download: kernel-common-33ad7056499c2b2fdf255d4222f0e4c89d82a445.tar.gz
kernel-common-33ad7056499c2b2fdf255d4222f0e4c89d82a445.tar.xz
kernel-common-33ad7056499c2b2fdf255d4222f0e4c89d82a445.zip
1 files changed, 26 insertions, 25 deletions
diff --git a/net/netfilter/xt_qtaguid.c b/net/netfilter/xt_qtaguid.c
index 603bdd20699..923f1bdd02e 100644
--- a/net/netfilter/xt_qtaguid.c
+++ b/net/netfilter/xt_qtaguid.c
@@ -53,25 +53,22 @@ static unsigned int proc_stats_perms = S_IRUGO;
 module_param_named(stats_perms, proc_stats_perms, uint, S_IRUGO | S_IWUSR);
 static struct proc_dir_entry *xt_qtaguid_ctrl_file;
-#ifdef CONFIG_ANDROID_PARANOID_NETWORK
+/* Everybody can write. But proc_ctrl_write_limited is true by default which
+ * limits what can be controlled. See the can_*() functions.
+ */
 static unsigned int proc_ctrl_perms = S_IRUGO | S_IWUGO;
-#else
-static unsigned int proc_ctrl_perms = S_IRUGO | S_IWUSR;
-#endif
 module_param_named(ctrl_perms, proc_ctrl_perms, uint, S_IRUGO | S_IWUSR);
-#ifdef CONFIG_ANDROID_PARANOID_NETWORK
+/* Limited by default, so the gid of the ctrl and stats proc entries
-#include <linux/android_aid.h>
+ * will limit what can be done. See the can_*() functions.
-static gid_t proc_stats_readall_gid = AID_NET_BW_STATS;
+ */
-static gid_t proc_ctrl_write_gid = AID_NET_BW_ACCT;
+static bool proc_stats_readall_limited = true;
-#else
+static bool proc_ctrl_write_limited = true;
-/* 0 means, don't limit anybody */
-static gid_t proc_stats_readall_gid;
+module_param_named(stats_readall_limited, proc_stats_readall_limited, bool,
-static gid_t proc_ctrl_write_gid;
-#endif
-module_param_named(stats_readall_gid, proc_stats_readall_gid, uint,
                   S_IRUGO | S_IWUSR);
-module_param_named(ctrl_write_gid, proc_ctrl_write_gid, uint,
+module_param_named(ctrl_write_limited, proc_ctrl_write_limited, bool,
                   S_IRUGO | S_IWUSR);
 /*
@@ -242,8 +239,9 @@ static struct qtaguid_event_counts qtu_events;
 static bool can_manipulate_uids(void)
 {
        /* root pwnd */
-        return unlikely(!current_fsuid()) || unlikely(!proc_ctrl_write_gid)
+        return in_egroup_p(xt_qtaguid_ctrl_file->gid)
-                || in_egroup_p(proc_ctrl_write_gid);
+                || unlikely(!current_fsuid()) || unlikely(!proc_ctrl_write_limited)
+                || unlikely(current_fsuid() == xt_qtaguid_ctrl_file->uid);
 }
 static bool can_impersonate_uid(uid_t uid)
@@ -254,9 +252,10 @@ static bool can_impersonate_uid(uid_t uid)
 static bool can_read_other_uid_stats(uid_t uid)
 {
        /* root pwnd */
-        return unlikely(!current_fsuid()) || uid == current_fsuid()
+        return in_egroup_p(xt_qtaguid_stats_file->gid)
-                || unlikely(!proc_stats_readall_gid)
+                || unlikely(!current_fsuid()) || uid == current_fsuid()
-                || in_egroup_p(proc_stats_readall_gid);
+                || unlikely(!proc_stats_readall_limited)
+                || unlikely(current_fsuid() == xt_qtaguid_ctrl_file->uid);
 }
 static inline void dc_add_byte_packets(struct data_counters *counters, int set,
@@ -2302,11 +2301,12 @@ static int ctrl_cmd_tag(const char *input)
        }
        CT_DEBUG("qtaguid: ctrl_tag(%s): "
                 "pid=%u tgid=%u uid=%u euid=%u fsuid=%u "
-                 "in_group=%d in_egroup=%d\n",
+                 "ctrl.gid=%u in_group()=%d in_egroup()=%d\n",
                 input, current->pid, current->tgid, current_uid(),
                 current_euid(), current_fsuid(),
-                 in_group_p(proc_ctrl_write_gid),
+                 xt_qtaguid_ctrl_file->gid,
-                 in_egroup_p(proc_ctrl_write_gid));
+                 in_group_p(xt_qtaguid_ctrl_file->gid),
+                 in_egroup_p(xt_qtaguid_ctrl_file->gid));
        if (argc < 4) {
                uid = current_fsuid();
        } else if (!can_impersonate_uid(uid)) {
@@ -2598,10 +2598,11 @@ static int pp_stats_line(struct proc_print_info *ppi, int cnt_set)
                    && !can_read_other_uid_stats(stat_uid)) {
                        CT_DEBUG("qtaguid: stats line: "
                                 "%s 0x%llx %u: insufficient priv "
-                                 "from pid=%u tgid=%u uid=%u\n",
+                                 "from pid=%u tgid=%u uid=%u stats.gid=%u\n",
                                 ppi->iface_entry->ifname,
                                 get_atag_from_tag(tag), stat_uid,
-                                 current->pid, current->tgid, current_fsuid());
+                                 current->pid, current->tgid, current_fsuid(),
+                                 xt_qtaguid_stats_file->gid);
                        return 0;
                }
                if (ppi->item_index++ < ppi->items_to_skip)
author	JP Abgrall	2013-01-04 20:18:36 -0600
committer	Arve Hjønnevåg	2013-03-11 17:25:18 -0500
commit	33ad7056499c2b2fdf255d4222f0e4c89d82a445 (patch)
tree	a892108841b7e6fbce73325aac463ac19b1082b3
parent	e128e25e5aeddf96197d57e548e16bde54c8fee2 (diff)
download	kernel-common-33ad7056499c2b2fdf255d4222f0e4c89d82a445.tar.gz kernel-common-33ad7056499c2b2fdf255d4222f0e4c89d82a445.tar.xz kernel-common-33ad7056499c2b2fdf255d4222f0e4c89d82a445.zip

diff --git a/net/netfilter/xt_qtaguid.c b/net/netfilter/xt_qtaguid.c index 603bdd20699..923f1bdd02e 100644 --- a/net/netfilter/xt_qtaguid.c +++ b/net/netfilter/xt_qtaguid.c
@@ -53,25 +53,22 @@ static unsigned int proc_stats_perms = S_IRUGO;
53	module_param_named(stats_perms, proc_stats_perms, uint, S_IRUGO \| S_IWUSR);	53	module_param_named(stats_perms, proc_stats_perms, uint, S_IRUGO \| S_IWUSR);
54		54
55	static struct proc_dir_entry *xt_qtaguid_ctrl_file;	55	static struct proc_dir_entry *xt_qtaguid_ctrl_file;
56	#ifdef CONFIG_ANDROID_PARANOID_NETWORK	56
		57	/* Everybody can write. But proc_ctrl_write_limited is true by default which
		58	* limits what can be controlled. See the can_*() functions.
		59	*/
57	static unsigned int proc_ctrl_perms = S_IRUGO \| S_IWUGO;	60	static unsigned int proc_ctrl_perms = S_IRUGO \| S_IWUGO;
58	#else
59	static unsigned int proc_ctrl_perms = S_IRUGO \| S_IWUSR;
60	#endif
61	module_param_named(ctrl_perms, proc_ctrl_perms, uint, S_IRUGO \| S_IWUSR);	61	module_param_named(ctrl_perms, proc_ctrl_perms, uint, S_IRUGO \| S_IWUSR);
62		62
63	#ifdef CONFIG_ANDROID_PARANOID_NETWORK	63	/* Limited by default, so the gid of the ctrl and stats proc entries
64	#include <linux/android_aid.h>	64	* will limit what can be done. See the can_*() functions.
65	static gid_t proc_stats_readall_gid = AID_NET_BW_STATS;	65	*/
66	static gid_t proc_ctrl_write_gid = AID_NET_BW_ACCT;	66	static bool proc_stats_readall_limited = true;
67	#else	67	static bool proc_ctrl_write_limited = true;
68	/* 0 means, don't limit anybody */	68
69	static gid_t proc_stats_readall_gid;	69	module_param_named(stats_readall_limited, proc_stats_readall_limited, bool,
70	static gid_t proc_ctrl_write_gid;
71	#endif
72	module_param_named(stats_readall_gid, proc_stats_readall_gid, uint,
73	S_IRUGO \| S_IWUSR);	70	S_IRUGO \| S_IWUSR);
74	module_param_named(ctrl_write_gid, proc_ctrl_write_gid, uint,	71	module_param_named(ctrl_write_limited, proc_ctrl_write_limited, bool,
75	S_IRUGO \| S_IWUSR);	72	S_IRUGO \| S_IWUSR);
76		73
77	/*	74	/*
@@ -242,8 +239,9 @@ static struct qtaguid_event_counts qtu_events;
242	static bool can_manipulate_uids(void)	239	static bool can_manipulate_uids(void)
243	{	240	{
244	/* root pwnd */	241	/* root pwnd */
245	return unlikely(!current_fsuid()) \|\| unlikely(!proc_ctrl_write_gid)	242	return in_egroup_p(xt_qtaguid_ctrl_file->gid)
246	\|\| in_egroup_p(proc_ctrl_write_gid);	243	\|\| unlikely(!current_fsuid()) \|\| unlikely(!proc_ctrl_write_limited)
		244	\|\| unlikely(current_fsuid() == xt_qtaguid_ctrl_file->uid);
247	}	245	}
248		246
249	static bool can_impersonate_uid(uid_t uid)	247	static bool can_impersonate_uid(uid_t uid)
@@ -254,9 +252,10 @@ static bool can_impersonate_uid(uid_t uid)
254	static bool can_read_other_uid_stats(uid_t uid)	252	static bool can_read_other_uid_stats(uid_t uid)
255	{	253	{
256	/* root pwnd */	254	/* root pwnd */
257	return unlikely(!current_fsuid()) \|\| uid == current_fsuid()	255	return in_egroup_p(xt_qtaguid_stats_file->gid)
258	\|\| unlikely(!proc_stats_readall_gid)	256	\|\| unlikely(!current_fsuid()) \|\| uid == current_fsuid()
259	\|\| in_egroup_p(proc_stats_readall_gid);	257	\|\| unlikely(!proc_stats_readall_limited)
		258	\|\| unlikely(current_fsuid() == xt_qtaguid_ctrl_file->uid);
260	}	259	}
261		260
262	static inline void dc_add_byte_packets(struct data_counters *counters, int set,	261	static inline void dc_add_byte_packets(struct data_counters *counters, int set,
@@ -2302,11 +2301,12 @@ static int ctrl_cmd_tag(const char *input)
2302	}	2301	}
2303	CT_DEBUG("qtaguid: ctrl_tag(%s): "	2302	CT_DEBUG("qtaguid: ctrl_tag(%s): "
2304	"pid=%u tgid=%u uid=%u euid=%u fsuid=%u "	2303	"pid=%u tgid=%u uid=%u euid=%u fsuid=%u "
2305	"in_group=%d in_egroup=%d\n",	2304	"ctrl.gid=%u in_group()=%d in_egroup()=%d\n",
2306	input, current->pid, current->tgid, current_uid(),	2305	input, current->pid, current->tgid, current_uid(),
2307	current_euid(), current_fsuid(),	2306	current_euid(), current_fsuid(),
2308	in_group_p(proc_ctrl_write_gid),	2307	xt_qtaguid_ctrl_file->gid,
2309	in_egroup_p(proc_ctrl_write_gid));	2308	in_group_p(xt_qtaguid_ctrl_file->gid),
		2309	in_egroup_p(xt_qtaguid_ctrl_file->gid));
2310	if (argc < 4) {	2310	if (argc < 4) {
2311	uid = current_fsuid();	2311	uid = current_fsuid();
2312	} else if (!can_impersonate_uid(uid)) {	2312	} else if (!can_impersonate_uid(uid)) {
@@ -2598,10 +2598,11 @@ static int pp_stats_line(struct proc_print_info *ppi, int cnt_set)
2598	&& !can_read_other_uid_stats(stat_uid)) {	2598	&& !can_read_other_uid_stats(stat_uid)) {
2599	CT_DEBUG("qtaguid: stats line: "	2599	CT_DEBUG("qtaguid: stats line: "
2600	"%s 0x%llx %u: insufficient priv "	2600	"%s 0x%llx %u: insufficient priv "
2601	"from pid=%u tgid=%u uid=%u\n",	2601	"from pid=%u tgid=%u uid=%u stats.gid=%u\n",
2602	ppi->iface_entry->ifname,	2602	ppi->iface_entry->ifname,
2603	get_atag_from_tag(tag), stat_uid,	2603	get_atag_from_tag(tag), stat_uid,
2604	current->pid, current->tgid, current_fsuid());	2604	current->pid, current->tgid, current_fsuid(),
		2605	xt_qtaguid_stats_file->gid);
2605	return 0;	2606	return 0;
2606	}	2607	}
2607	if (ppi->item_index++ < ppi->items_to_skip)	2608	if (ppi->item_index++ < ppi->items_to_skip)