diff options
author | JP Abgrall <jpa@google.com> | 2011-07-17 16:07:23 -0700 |
---|---|---|
committer | Nitin Garg <nitin.garg@freescale.com> | 2011-11-22 17:40:53 -0600 |
commit | 38c60ac436b6dc660367026ab5364be81c3ba226 (patch) | |
tree | 892b16247fdcd4088cce1715b52fa4d532da47f3 /include | |
parent | 64df0b7eb5dec11ef1dde2bd37eac60db2d681b0 (diff) |
netfilter: xt_qtaguid: add uid permission checks during ctrl/stats access
(backport from 3.0: I83990862d52a9b0922aca103a0f61375cddeb7c4)
* uid handling
- Limit UID impersonation to processes with a gid in AID_NET_BW_ACCT.
This affects socket tagging, and data removal.
- Limit stats lookup to own uid or the process gid is in AID_NET_BW_STATS.
This affects stats lookup.
* allow pacifying the module
Setting passive to Y/y will make the module return immediately on
external stimulus.
No more stats and silent success on ctrl writes.
Mainly used when one suspects this module of misbehaving.
Change-Id: I83990862d52a9b0922aca103a0f61375cddeb7c4
Signed-off-by: JP Abgrall <jpa@google.com>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/android_aid.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/include/linux/android_aid.h b/include/linux/android_aid.h index 7f16a14c0fe7..0f904b3ba7f0 100644 --- a/include/linux/android_aid.h +++ b/include/linux/android_aid.h @@ -22,5 +22,7 @@ #define AID_INET 3003 #define AID_NET_RAW 3004 #define AID_NET_ADMIN 3005 +#define AID_NET_BW_STATS 3006 /* read bandwidth statistics */ +#define AID_NET_BW_ACCT 3007 /* change bandwidth statistics accounting */ #endif |