syslog: distinguish between /proc/kmsg and syscalls (00234592) · Commits · e / devices / android_kernel_oneplus_sm7250

fs/proc/kmsg.c

+7 −7

Original line number	Original line	Diff line number	Diff line
	@@ -12,37 +12,37 @@
	#include <linux/poll.h>		#include <linux/poll.h>
	#include <linux/proc_fs.h>		#include <linux/proc_fs.h>
	#include <linux/fs.h>		#include <linux/fs.h>
			#include <linux/syslog.h>

	#include <asm/uaccess.h>		#include <asm/uaccess.h>
	#include <asm/io.h>		#include <asm/io.h>

	extern wait_queue_head_t log_wait;		extern wait_queue_head_t log_wait;

	extern int do_syslog(int type, char __user *bug, int count);

	static int kmsg_open(struct inode * inode, struct file * file)		static int kmsg_open(struct inode * inode, struct file * file)
	{		{
	return do_syslog(1,NULL,0);		return do_syslog(1, NULL, 0, SYSLOG_FROM_FILE);
	}		}

	static int kmsg_release(struct inode * inode, struct file * file)		static int kmsg_release(struct inode * inode, struct file * file)
	{		{
	(void) do_syslog(0,NULL,0);		(void) do_syslog(0, NULL, 0, SYSLOG_FROM_FILE);
	return 0;		return 0;
	}		}

	static ssize_t kmsg_read(struct file file, char __user buf,		static ssize_t kmsg_read(struct file file, char __user buf,
	size_t count, loff_t *ppos)		size_t count, loff_t *ppos)
	{		{
	if ((file->f_flags & O_NONBLOCK) && !do_syslog(9, NULL, 0))		if ((file->f_flags & O_NONBLOCK) &&
			!do_syslog(9, NULL, 0, SYSLOG_FROM_FILE))
	return -EAGAIN;		return -EAGAIN;
	return do_syslog(2, buf, count);		return do_syslog(2, buf, count, SYSLOG_FROM_FILE);
	}		}

	static unsigned int kmsg_poll(struct file file, poll_table wait)		static unsigned int kmsg_poll(struct file file, poll_table wait)
	{		{
	poll_wait(file, &log_wait, wait);		poll_wait(file, &log_wait, wait);
	if (do_syslog(9, NULL, 0))		if (do_syslog(9, NULL, 0, SYSLOG_FROM_FILE))
	return POLLIN \| POLLRDNORM;		return POLLIN \| POLLRDNORM;
	return 0;		return 0;
	}		}

include/linux/security.h

+6 −5

include/linux/syslog.h

0 → 100644

+29 −0

Original line number	Original line	Diff line number	Diff line
			/* Syslog internals
			*
			* Copyright 2010 Canonical, Ltd.
			* Author: Kees Cook <kees.cook@canonical.com>
			*
			* This program is free software; you can redistribute it and/or modify
			* it under the terms of the GNU General Public License as published by
			* the Free Software Foundation; either version 2, or (at your option)
			* any later version.
			*
			* This program is distributed in the hope that it will be useful,
			* but WITHOUT ANY WARRANTY; without even the implied warranty of
			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
			* GNU General Public License for more details.
			*
			* You should have received a copy of the GNU General Public License
			* along with this program; see the file COPYING. If not, write to
			* the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
			*/

			#ifndef _LINUX_SYSLOG_H
			#define _LINUX_SYSLOG_H

			#define SYSLOG_FROM_CALL 0
			#define SYSLOG_FROM_FILE 1

			int do_syslog(int type, char __user *buf, int count, bool from_file);

			#endif /* _LINUX_SYSLOG_H */

kernel/printk.c

+4 −3

Original line number	Original line	Diff line number	Diff line
	@@ -35,6 +35,7 @@
	#include <linux/kexec.h>		#include <linux/kexec.h>
	#include <linux/ratelimit.h>		#include <linux/ratelimit.h>
	#include <linux/kmsg_dump.h>		#include <linux/kmsg_dump.h>
			#include <linux/syslog.h>

	#include <asm/uaccess.h>		#include <asm/uaccess.h>

	@@ -273,14 +274,14 @@ static inline void boot_delay_msec(void)
	* 9 -- Return number of unread characters in the log buffer		* 9 -- Return number of unread characters in the log buffer
	* 10 -- Return size of the log buffer		* 10 -- Return size of the log buffer
	*/		*/
	int do_syslog(int type, char __user *buf, int len)		int do_syslog(int type, char __user *buf, int len, bool from_file)
	{		{
	unsigned i, j, limit, count;		unsigned i, j, limit, count;
	int do_clear = 0;		int do_clear = 0;
	char c;		char c;
	int error = 0;		int error = 0;

	error = security_syslog(type);		error = security_syslog(type, from_file);
	if (error)		if (error)
	return error;		return error;

	@@ -417,7 +418,7 @@ int do_syslog(int type, char __user *buf, int len)

	SYSCALL_DEFINE3(syslog, int, type, char __user *, buf, int, len)		SYSCALL_DEFINE3(syslog, int, type, char __user *, buf, int, len)
	{		{
	return do_syslog(type, buf, len);		return do_syslog(type, buf, len, SYSLOG_FROM_CALL);
	}		}

	/*		/*

security/commoncap.c

+6 −1

Original line number	Original line	Diff line number	Diff line
	@@ -27,6 +27,7 @@
	#include <linux/sched.h>		#include <linux/sched.h>
	#include <linux/prctl.h>		#include <linux/prctl.h>
	#include <linux/securebits.h>		#include <linux/securebits.h>
			#include <linux/syslog.h>

	/*		/*
	* If a non-root user executes a setuid-root binary in		* If a non-root user executes a setuid-root binary in
	@@ -888,12 +889,16 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
	/**		/**
	* cap_syslog - Determine whether syslog function is permitted		* cap_syslog - Determine whether syslog function is permitted
	* @type: Function requested		* @type: Function requested
			* @from_file: Whether this request came from an open file (i.e. /proc)
	*		*
	* Determine whether the current process is permitted to use a particular		* Determine whether the current process is permitted to use a particular
	* syslog function, returning 0 if permission is granted, -ve if not.		* syslog function, returning 0 if permission is granted, -ve if not.
	*/		*/
	int cap_syslog(int type)		int cap_syslog(int type, bool from_file)
	{		{
			/* /proc/kmsg can open be opened by CAP_SYS_ADMIN */
			if (type != 1 && from_file)
			return 0;
	if ((type != 3 && type != 10) && !capable(CAP_SYS_ADMIN))		if ((type != 3 && type != 10) && !capable(CAP_SYS_ADMIN))
	return -EPERM;		return -EPERM;
	return 0;		return 0;

Original line number	Original line	Diff line number	Diff line
	@@ -76,7 +76,7 @@ extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
	extern int cap_task_setscheduler(struct task_struct p, int policy, struct sched_param lp);		extern int cap_task_setscheduler(struct task_struct p, int policy, struct sched_param lp);
	extern int cap_task_setioprio(struct task_struct *p, int ioprio);		extern int cap_task_setioprio(struct task_struct *p, int ioprio);
	extern int cap_task_setnice(struct task_struct *p, int nice);		extern int cap_task_setnice(struct task_struct *p, int nice);
	extern int cap_syslog(int type);		extern int cap_syslog(int type, bool from_file);
	extern int cap_vm_enough_memory(struct mm_struct *mm, long pages);		extern int cap_vm_enough_memory(struct mm_struct *mm, long pages);

	struct msghdr;		struct msghdr;
	@@ -1349,6 +1349,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
	* logging to the console.		* logging to the console.
	* See the syslog(2) manual page for an explanation of the @type values.		* See the syslog(2) manual page for an explanation of the @type values.
	* @type contains the type of action.		* @type contains the type of action.
			* @from_file indicates the context of action (if it came from /proc).
	* Return 0 if permission is granted.		* Return 0 if permission is granted.
	* @settime:		* @settime:
	* Check permission to change the system time.		* Check permission to change the system time.
	@@ -1463,7 +1464,7 @@ struct security_operations {
	int (sysctl) (struct ctl_table table, int op);		int (sysctl) (struct ctl_table table, int op);
	int (quotactl) (int cmds, int type, int id, struct super_block sb);		int (quotactl) (int cmds, int type, int id, struct super_block sb);
	int (quota_on) (struct dentry dentry);		int (quota_on) (struct dentry dentry);
	int (*syslog) (int type);		int (*syslog) (int type, bool from_file);
	int (settime) (struct timespec ts, struct timezone *tz);		int (settime) (struct timespec ts, struct timezone *tz);
	int (vm_enough_memory) (struct mm_struct mm, long pages);		int (vm_enough_memory) (struct mm_struct mm, long pages);

	@@ -1762,7 +1763,7 @@ int security_acct(struct file *file);
	int security_sysctl(struct ctl_table *table, int op);		int security_sysctl(struct ctl_table *table, int op);
	int security_quotactl(int cmds, int type, int id, struct super_block *sb);		int security_quotactl(int cmds, int type, int id, struct super_block *sb);
	int security_quota_on(struct dentry *dentry);		int security_quota_on(struct dentry *dentry);
	int security_syslog(int type);		int security_syslog(int type, bool from_file);
	int security_settime(struct timespec ts, struct timezone tz);		int security_settime(struct timespec ts, struct timezone tz);
	int security_vm_enough_memory(long pages);		int security_vm_enough_memory(long pages);
	int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);		int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
	@@ -2008,9 +2009,9 @@ static inline int security_quota_on(struct dentry *dentry)
	return 0;		return 0;
	}		}

	static inline int security_syslog(int type)		static inline int security_syslog(int type, bool from_file)
	{		{
	return cap_syslog(type);		return cap_syslog(type, from_file);
	}		}