Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b094216b authored by JP Abgrall's avatar JP Abgrall Committed by Ruchi Kandoi
Browse files

netfilter: xt_qtaguid: report only uid tags to non-privileged processes 



In the past, a process could only see its own stats (uid-based summary,
and details).
Now we allow any process to see other UIDs uid-based stats, but still
hide the detailed stats.

Change-Id: I7666961ed244ac1d9359c339b048799e5db9facc
Signed-off-by: default avatarJP Abgrall <jpa@google.com>
parent 46547e0d

net/netfilter/xt_qtaguid.c

+3 −2
Original line number Diff line number Diff line
@@ -2588,8 +2588,9 @@ static int pp_stats_line(struct proc_print_info *ppi, int cnt_set) 
	} else {

		tag_t tag = ppi->ts_entry->tn.tag;

		uid_t stat_uid = get_uid_from_tag(tag);



		if (!can_read_other_uid_stats(stat_uid)) {

		/* Detailed tags are not available to everybody */

		if (get_atag_from_tag(tag)

		    && !can_read_other_uid_stats(stat_uid)) {

			CT_DEBUG("qtaguid: stats line: "

				 "%s 0x%llx %u: insufficient priv "

				 "from pid=%u tgid=%u uid=%u\n",