staging: android: logger: enforce GID and CAP check on log flush

Restrict log flushing to those in the logs group, or
anyone with CAP_SYSLOG.

Cc: Android Kernel Team <kernel-team@android.com>
Cc: Charndeep Grewal <csgrewa@tycho.ncsc.mil>
Signed-off-by: Charndeep Grewal <csgrewa@tycho.ncsc.mil>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

1 files changed, 5 insertions, 0 deletions

diff --git a/drivers/staging/android/logger.c b/drivers/staging/android/logger.c
index cfa606110cc2..b14a55742559 100644
--- a/drivers/staging/android/logger.c
+++ b/drivers/staging/android/logger.c
@@ -695,6 +695,11 @@ static long logger_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 			ret = -EBADF;
 			break;
 		}
+		if (!(in_egroup_p(file->f_dentry->d_inode->i_gid) ||
+				capable(CAP_SYSLOG))) {
+			ret = -EPERM;
+			break;
+		}
 		list_for_each_entry(reader, &log->readers, list)
 			reader->r_off = log->w_off;
 		log->head = log->w_off;