netfilter: xt_qtaguid: add uid permission checks during ctrl/stats access

(backport from 3.0: I83990862d52a9b0922aca103a0f61375cddeb7c4) * uid handling - Limit UID impersonation to processes with a gid in AID_NET_BW_ACCT. This affects socket tagging, and data removal. - Limit stats lookup to own uid or the process gid is in AID_NET_BW_STATS. This affects stats lookup. * allow pacifying the module Setting passive to Y/y will make the module return immediately on external stimulus. No more stats and silent success on ctrl writes. Mainly used when one suspects this module of misbehaving. Change-Id: I83990862d52a9b0922aca103a0f61375cddeb7c4 Signed-off-by: JP Abgrall <jpa@google.com>
author: JP Abgrall <jpa@google.com> 2011-07-17 16:07:23 -0700
committer: Nitin Garg <nitin.garg@freescale.com> 2011-11-22 17:40:53 -0600
commit: 38c60ac436b6dc660367026ab5364be81c3ba226 (patch)
tree: 892b16247fdcd4088cce1715b52fa4d532da47f3 /include
parent: 64df0b7eb5dec11ef1dde2bd37eac60db2d681b0 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/include/linux/android_aid.h b/include/linux/android_aid.h
index 7f16a14c0fe7..0f904b3ba7f0 100644
--- a/include/linux/android_aid.h
+++ b/include/linux/android_aid.h
@@ -22,5 +22,7 @@
 #define AID_INET         3003
 #define AID_NET_RAW      3004
 #define AID_NET_ADMIN    3005
+#define AID_NET_BW_STATS 3006  /* read bandwidth statistics */
+#define AID_NET_BW_ACCT  3007  /* change bandwidth statistics accounting */
 
 #endif
author	JP Abgrall <jpa@google.com>	2011-07-17 16:07:23 -0700
committer	Nitin Garg <nitin.garg@freescale.com>	2011-11-22 17:40:53 -0600
commit	38c60ac436b6dc660367026ab5364be81c3ba226 (patch)
tree	892b16247fdcd4088cce1715b52fa4d532da47f3 /include
parent	64df0b7eb5dec11ef1dde2bd37eac60db2d681b0 (diff)