diff options
| author | JP Abgrall <jpa@google.com> | 2011-07-17 16:07:23 -0700 |
|---|---|---|
| committer | JP Abgrall <jpa@google.com> | 2011-07-21 18:04:46 -0700 |
| commit | 0b893f0f37736c1e26655f04d51706dfba417171 (patch) | |
| tree | 05cb4754030b59b9ed6a72843b830098ae8f056c /include/linux/android_aid.h | |
| parent | c477e60b6689d36121f7cabaea449c4014705078 (diff) | |
| download | kernel_samsung_tuna-0b893f0f37736c1e26655f04d51706dfba417171.zip kernel_samsung_tuna-0b893f0f37736c1e26655f04d51706dfba417171.tar.gz kernel_samsung_tuna-0b893f0f37736c1e26655f04d51706dfba417171.tar.bz2 | |
netfilter: xt_qtaguid: add uid permission checks during ctrl/stats access
* uid handling
- Limit UID impersonation to processes with a gid in AID_NET_BW_ACCT.
This affects socket tagging, and data removal.
- Limit stats lookup to own uid or the process gid is in AID_NET_BW_STATS.
This affects stats lookup.
* allow pacifying the module
Setting passive to Y/y will make the module return immediately on
external stimulus.
No more stats and silent success on ctrl writes.
Mainly used when one suspects this module of misbehaving.
Change-Id: I83990862d52a9b0922aca103a0f61375cddeb7c4
Signed-off-by: JP Abgrall <jpa@google.com>
Diffstat (limited to 'include/linux/android_aid.h')
| -rw-r--r-- | include/linux/android_aid.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/include/linux/android_aid.h b/include/linux/android_aid.h index 7f16a14..0f904b3 100644 --- a/include/linux/android_aid.h +++ b/include/linux/android_aid.h @@ -22,5 +22,7 @@ #define AID_INET 3003 #define AID_NET_RAW 3004 #define AID_NET_ADMIN 3005 +#define AID_NET_BW_STATS 3006 /* read bandwidth statistics */ +#define AID_NET_BW_ACCT 3007 /* change bandwidth statistics accounting */ #endif |