ANDROID: netfilter: xt_qtaguid: remove AID_* dependency for access control
qtaguid limits what can be done with /ctrl and /stats based on group membership. This changes removes AID_NET_BW_STATS and AID_NET_BW_ACCT, and picks up the groups from the gid of the matching proc entry files. Signed-off-by: JP Abgrall <jpa@google.com> Change-Id: I42e477adde78a12ed5eb58fbc0b277cdaadb6f94
This commit is contained in:
JP Abgrall
@@ -53,25 +53,22 @@ static unsigned int proc_stats_perms = S_IRUGO;
|
|||||||
module_param_named(stats_perms, proc_stats_perms, uint, S_IRUGO | S_IWUSR);
|
module_param_named(stats_perms, proc_stats_perms, uint, S_IRUGO | S_IWUSR);
|
||||||
|
|
||||||
static struct proc_dir_entry *xt_qtaguid_ctrl_file;
|
static struct proc_dir_entry *xt_qtaguid_ctrl_file;
|
||||||
#ifdef CONFIG_ANDROID_PARANOID_NETWORK
|
|
||||||
|
/* Everybody can write. But proc_ctrl_write_limited is true by default which
|
||||||
|
* limits what can be controlled. See the can_*() functions.
|
||||||
|
*/
|
||||||
static unsigned int proc_ctrl_perms = S_IRUGO | S_IWUGO;
|
static unsigned int proc_ctrl_perms = S_IRUGO | S_IWUGO;
|
||||||
#else
|
|
||||||
static unsigned int proc_ctrl_perms = S_IRUGO | S_IWUSR;
|
|
||||||
#endif
|
|
||||||
module_param_named(ctrl_perms, proc_ctrl_perms, uint, S_IRUGO | S_IWUSR);
|
module_param_named(ctrl_perms, proc_ctrl_perms, uint, S_IRUGO | S_IWUSR);
|
||||||
|
|
||||||
#ifdef CONFIG_ANDROID_PARANOID_NETWORK
|
/* Limited by default, so the gid of the ctrl and stats proc entries
|
||||||
#include <linux/android_aid.h>
|
* will limit what can be done. See the can_*() functions.
|
||||||
static gid_t proc_stats_readall_gid = AID_NET_BW_STATS;
|
*/
|
||||||
static gid_t proc_ctrl_write_gid = AID_NET_BW_ACCT;
|
static bool proc_stats_readall_limited = true;
|
||||||
#else
|
static bool proc_ctrl_write_limited = true;
|
||||||
/* 0 means, don't limit anybody */
|
|
||||||
static gid_t proc_stats_readall_gid;
|
module_param_named(stats_readall_limited, proc_stats_readall_limited, bool,
|
||||||
static gid_t proc_ctrl_write_gid;
|
|
||||||
#endif
|
|
||||||
module_param_named(stats_readall_gid, proc_stats_readall_gid, uint,
|
|
||||||
S_IRUGO | S_IWUSR);
|
S_IRUGO | S_IWUSR);
|
||||||
module_param_named(ctrl_write_gid, proc_ctrl_write_gid, uint,
|
module_param_named(ctrl_write_limited, proc_ctrl_write_limited, bool,
|
||||||
S_IRUGO | S_IWUSR);
|
S_IRUGO | S_IWUSR);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -242,8 +239,9 @@ static struct qtaguid_event_counts qtu_events;
|
|||||||
static bool can_manipulate_uids(void)
|
static bool can_manipulate_uids(void)
|
||||||
{
|
{
|
||||||
/* root pwnd */
|
/* root pwnd */
|
||||||
return unlikely(!current_fsuid()) || unlikely(!proc_ctrl_write_gid)
|
return in_egroup_p(xt_qtaguid_ctrl_file->gid)
|
||||||
|| in_egroup_p(proc_ctrl_write_gid);
|
|| unlikely(!current_fsuid()) || unlikely(!proc_ctrl_write_limited)
|
||||||
|
|| unlikely(current_fsuid() == xt_qtaguid_ctrl_file->uid);
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool can_impersonate_uid(uid_t uid)
|
static bool can_impersonate_uid(uid_t uid)
|
||||||
@@ -254,9 +252,10 @@ static bool can_impersonate_uid(uid_t uid)
|
|||||||
static bool can_read_other_uid_stats(uid_t uid)
|
static bool can_read_other_uid_stats(uid_t uid)
|
||||||
{
|
{
|
||||||
/* root pwnd */
|
/* root pwnd */
|
||||||
return unlikely(!current_fsuid()) || uid == current_fsuid()
|
return in_egroup_p(xt_qtaguid_stats_file->gid)
|
||||||
|| unlikely(!proc_stats_readall_gid)
|
|| unlikely(!current_fsuid()) || uid == current_fsuid()
|
||||||
|| in_egroup_p(proc_stats_readall_gid);
|
|| unlikely(!proc_stats_readall_limited)
|
||||||
|
|| unlikely(current_fsuid() == xt_qtaguid_ctrl_file->uid);
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline void dc_add_byte_packets(struct data_counters *counters, int set,
|
static inline void dc_add_byte_packets(struct data_counters *counters, int set,
|
||||||
@@ -2302,11 +2301,12 @@ static int ctrl_cmd_tag(const char *input)
|
|||||||
}
|
}
|
||||||
CT_DEBUG("qtaguid: ctrl_tag(%s): "
|
CT_DEBUG("qtaguid: ctrl_tag(%s): "
|
||||||
"pid=%u tgid=%u uid=%u euid=%u fsuid=%u "
|
"pid=%u tgid=%u uid=%u euid=%u fsuid=%u "
|
||||||
"in_group=%d in_egroup=%d\n",
|
"ctrl.gid=%u in_group()=%d in_egroup()=%d\n",
|
||||||
input, current->pid, current->tgid, current_uid(),
|
input, current->pid, current->tgid, current_uid(),
|
||||||
current_euid(), current_fsuid(),
|
current_euid(), current_fsuid(),
|
||||||
in_group_p(proc_ctrl_write_gid),
|
xt_qtaguid_ctrl_file->gid,
|
||||||
in_egroup_p(proc_ctrl_write_gid));
|
in_group_p(xt_qtaguid_ctrl_file->gid),
|
||||||
|
in_egroup_p(xt_qtaguid_ctrl_file->gid));
|
||||||
if (argc < 4) {
|
if (argc < 4) {
|
||||||
uid = current_fsuid();
|
uid = current_fsuid();
|
||||||
} else if (!can_impersonate_uid(uid)) {
|
} else if (!can_impersonate_uid(uid)) {
|
||||||
@@ -2598,10 +2598,11 @@ static int pp_stats_line(struct proc_print_info *ppi, int cnt_set)
|
|||||||
&& !can_read_other_uid_stats(stat_uid)) {
|
&& !can_read_other_uid_stats(stat_uid)) {
|
||||||
CT_DEBUG("qtaguid: stats line: "
|
CT_DEBUG("qtaguid: stats line: "
|
||||||
"%s 0x%llx %u: insufficient priv "
|
"%s 0x%llx %u: insufficient priv "
|
||||||
"from pid=%u tgid=%u uid=%u\n",
|
"from pid=%u tgid=%u uid=%u stats.gid=%u\n",
|
||||||
ppi->iface_entry->ifname,
|
ppi->iface_entry->ifname,
|
||||||
get_atag_from_tag(tag), stat_uid,
|
get_atag_from_tag(tag), stat_uid,
|
||||||
current->pid, current->tgid, current_fsuid());
|
current->pid, current->tgid, current_fsuid(),
|
||||||
|
xt_qtaguid_stats_file->gid);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
if (ppi->item_index++ < ppi->items_to_skip)
|
if (ppi->item_index++ < ppi->items_to_skip)
|
||||||
|
|||||||
Reference in New Issue
Block a user