diff options
author | JP Abgrall | 2013-01-04 20:18:36 -0600 |
---|---|---|
committer | Arve Hjønnevåg | 2013-03-11 17:25:18 -0500 |
commit | 33ad7056499c2b2fdf255d4222f0e4c89d82a445 (patch) | |
tree | a892108841b7e6fbce73325aac463ac19b1082b3 | |
parent | e128e25e5aeddf96197d57e548e16bde54c8fee2 (diff) | |
download | kernel-common-33ad7056499c2b2fdf255d4222f0e4c89d82a445.tar.gz kernel-common-33ad7056499c2b2fdf255d4222f0e4c89d82a445.tar.xz kernel-common-33ad7056499c2b2fdf255d4222f0e4c89d82a445.zip |
netfilter: xt_qtaguid: remove AID_* dependency for access control
qtaguid limits what can be done with /ctrl and /stats based on group
membership.
This changes removes AID_NET_BW_STATS and AID_NET_BW_ACCT, and picks
up the groups from the gid of the matching proc entry files.
Signed-off-by: JP Abgrall <jpa@google.com>
Change-Id: I42e477adde78a12ed5eb58fbc0b277cdaadb6f94
-rw-r--r-- | net/netfilter/xt_qtaguid.c | 51 |
1 files changed, 26 insertions, 25 deletions
diff --git a/net/netfilter/xt_qtaguid.c b/net/netfilter/xt_qtaguid.c index 603bdd20699..923f1bdd02e 100644 --- a/net/netfilter/xt_qtaguid.c +++ b/net/netfilter/xt_qtaguid.c | |||
@@ -53,25 +53,22 @@ static unsigned int proc_stats_perms = S_IRUGO; | |||
53 | module_param_named(stats_perms, proc_stats_perms, uint, S_IRUGO | S_IWUSR); | 53 | module_param_named(stats_perms, proc_stats_perms, uint, S_IRUGO | S_IWUSR); |
54 | 54 | ||
55 | static struct proc_dir_entry *xt_qtaguid_ctrl_file; | 55 | static struct proc_dir_entry *xt_qtaguid_ctrl_file; |
56 | #ifdef CONFIG_ANDROID_PARANOID_NETWORK | 56 | |
57 | /* Everybody can write. But proc_ctrl_write_limited is true by default which | ||
58 | * limits what can be controlled. See the can_*() functions. | ||
59 | */ | ||
57 | static unsigned int proc_ctrl_perms = S_IRUGO | S_IWUGO; | 60 | static unsigned int proc_ctrl_perms = S_IRUGO | S_IWUGO; |
58 | #else | ||
59 | static unsigned int proc_ctrl_perms = S_IRUGO | S_IWUSR; | ||
60 | #endif | ||
61 | module_param_named(ctrl_perms, proc_ctrl_perms, uint, S_IRUGO | S_IWUSR); | 61 | module_param_named(ctrl_perms, proc_ctrl_perms, uint, S_IRUGO | S_IWUSR); |
62 | 62 | ||
63 | #ifdef CONFIG_ANDROID_PARANOID_NETWORK | 63 | /* Limited by default, so the gid of the ctrl and stats proc entries |
64 | #include <linux/android_aid.h> | 64 | * will limit what can be done. See the can_*() functions. |
65 | static gid_t proc_stats_readall_gid = AID_NET_BW_STATS; | 65 | */ |
66 | static gid_t proc_ctrl_write_gid = AID_NET_BW_ACCT; | 66 | static bool proc_stats_readall_limited = true; |
67 | #else | 67 | static bool proc_ctrl_write_limited = true; |
68 | /* 0 means, don't limit anybody */ | 68 | |
69 | static gid_t proc_stats_readall_gid; | 69 | module_param_named(stats_readall_limited, proc_stats_readall_limited, bool, |
70 | static gid_t proc_ctrl_write_gid; | ||
71 | #endif | ||
72 | module_param_named(stats_readall_gid, proc_stats_readall_gid, uint, | ||
73 | S_IRUGO | S_IWUSR); | 70 | S_IRUGO | S_IWUSR); |
74 | module_param_named(ctrl_write_gid, proc_ctrl_write_gid, uint, | 71 | module_param_named(ctrl_write_limited, proc_ctrl_write_limited, bool, |
75 | S_IRUGO | S_IWUSR); | 72 | S_IRUGO | S_IWUSR); |
76 | 73 | ||
77 | /* | 74 | /* |
@@ -242,8 +239,9 @@ static struct qtaguid_event_counts qtu_events; | |||
242 | static bool can_manipulate_uids(void) | 239 | static bool can_manipulate_uids(void) |
243 | { | 240 | { |
244 | /* root pwnd */ | 241 | /* root pwnd */ |
245 | return unlikely(!current_fsuid()) || unlikely(!proc_ctrl_write_gid) | 242 | return in_egroup_p(xt_qtaguid_ctrl_file->gid) |
246 | || in_egroup_p(proc_ctrl_write_gid); | 243 | || unlikely(!current_fsuid()) || unlikely(!proc_ctrl_write_limited) |
244 | || unlikely(current_fsuid() == xt_qtaguid_ctrl_file->uid); | ||
247 | } | 245 | } |
248 | 246 | ||
249 | static bool can_impersonate_uid(uid_t uid) | 247 | static bool can_impersonate_uid(uid_t uid) |
@@ -254,9 +252,10 @@ static bool can_impersonate_uid(uid_t uid) | |||
254 | static bool can_read_other_uid_stats(uid_t uid) | 252 | static bool can_read_other_uid_stats(uid_t uid) |
255 | { | 253 | { |
256 | /* root pwnd */ | 254 | /* root pwnd */ |
257 | return unlikely(!current_fsuid()) || uid == current_fsuid() | 255 | return in_egroup_p(xt_qtaguid_stats_file->gid) |
258 | || unlikely(!proc_stats_readall_gid) | 256 | || unlikely(!current_fsuid()) || uid == current_fsuid() |
259 | || in_egroup_p(proc_stats_readall_gid); | 257 | || unlikely(!proc_stats_readall_limited) |
258 | || unlikely(current_fsuid() == xt_qtaguid_ctrl_file->uid); | ||
260 | } | 259 | } |
261 | 260 | ||
262 | static inline void dc_add_byte_packets(struct data_counters *counters, int set, | 261 | static inline void dc_add_byte_packets(struct data_counters *counters, int set, |
@@ -2302,11 +2301,12 @@ static int ctrl_cmd_tag(const char *input) | |||
2302 | } | 2301 | } |
2303 | CT_DEBUG("qtaguid: ctrl_tag(%s): " | 2302 | CT_DEBUG("qtaguid: ctrl_tag(%s): " |
2304 | "pid=%u tgid=%u uid=%u euid=%u fsuid=%u " | 2303 | "pid=%u tgid=%u uid=%u euid=%u fsuid=%u " |
2305 | "in_group=%d in_egroup=%d\n", | 2304 | "ctrl.gid=%u in_group()=%d in_egroup()=%d\n", |
2306 | input, current->pid, current->tgid, current_uid(), | 2305 | input, current->pid, current->tgid, current_uid(), |
2307 | current_euid(), current_fsuid(), | 2306 | current_euid(), current_fsuid(), |
2308 | in_group_p(proc_ctrl_write_gid), | 2307 | xt_qtaguid_ctrl_file->gid, |
2309 | in_egroup_p(proc_ctrl_write_gid)); | 2308 | in_group_p(xt_qtaguid_ctrl_file->gid), |
2309 | in_egroup_p(xt_qtaguid_ctrl_file->gid)); | ||
2310 | if (argc < 4) { | 2310 | if (argc < 4) { |
2311 | uid = current_fsuid(); | 2311 | uid = current_fsuid(); |
2312 | } else if (!can_impersonate_uid(uid)) { | 2312 | } else if (!can_impersonate_uid(uid)) { |
@@ -2598,10 +2598,11 @@ static int pp_stats_line(struct proc_print_info *ppi, int cnt_set) | |||
2598 | && !can_read_other_uid_stats(stat_uid)) { | 2598 | && !can_read_other_uid_stats(stat_uid)) { |
2599 | CT_DEBUG("qtaguid: stats line: " | 2599 | CT_DEBUG("qtaguid: stats line: " |
2600 | "%s 0x%llx %u: insufficient priv " | 2600 | "%s 0x%llx %u: insufficient priv " |
2601 | "from pid=%u tgid=%u uid=%u\n", | 2601 | "from pid=%u tgid=%u uid=%u stats.gid=%u\n", |
2602 | ppi->iface_entry->ifname, | 2602 | ppi->iface_entry->ifname, |
2603 | get_atag_from_tag(tag), stat_uid, | 2603 | get_atag_from_tag(tag), stat_uid, |
2604 | current->pid, current->tgid, current_fsuid()); | 2604 | current->pid, current->tgid, current_fsuid(), |
2605 | xt_qtaguid_stats_file->gid); | ||
2605 | return 0; | 2606 | return 0; |
2606 | } | 2607 | } |
2607 | if (ppi->item_index++ < ppi->items_to_skip) | 2608 | if (ppi->item_index++ < ppi->items_to_skip) |