staging: android: logger: enforce GID and CAP check on log flush

Restrict log flushing to those in the logs group, or
anyone with CAP_SYSLOG.

Cc: Android Kernel Team <kernel-team@android.com>
Cc: Charndeep Grewal <csgrewa@tycho.ncsc.mil>
Signed-off-by: Charndeep Grewal <csgrewa@tycho.ncsc.mil>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/staging/android/logger.c b/drivers/staging/android/logger.c
index cfa6061..b14a557 100644 (file)
--- a/drivers/staging/android/logger.c
+++ b/drivers/staging/android/logger.c
@@ -695,6 +695,11 @@ static long logger_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
                        ret = -EBADF;
                        break;
                }
+               if (!(in_egroup_p(file->f_dentry->d_inode->i_gid) ||
+                               capable(CAP_SYSLOG))) {
+                       ret = -EPERM;
+                       break;
+               }
                list_for_each_entry(reader, &log->readers, list)
                        reader->r_off = log->w_off;
                log->head = log->w_off;