netfilter: xt_qtaguid: report only uid tags to non-privileged processes

In the past, a process could only see its own stats (uid-based summary, and details). Now we allow any process to see other UIDs uid-based stats, but still hide the detailed stats. Change-Id: I7666961ed244ac1d9359c339b048799e5db9facc Signed-off-by: JP Abgrall <jpa@google.com>
author: JP Abgrall <jpa@google.com> 2012-08-28 16:53:32 -0700
committer: Arve Hjønnevåg <arve@android.com> 2013-07-01 14:16:05 -0700
commit: c33bcd377203feb708cb02673731e70c14ef8c91 (patch)
tree: 3f9a37b0d8bb283be11669a7de6ee4fdb37756ef /net/netfilter
parent: d351ae74c3c7c27b960fd03ebc955f99ac76a897 (diff)
download: qcom-msm-v3.10-c33bcd377203feb708cb02673731e70c14ef8c91.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/net/netfilter/xt_qtaguid.c b/net/netfilter/xt_qtaguid.c
index 9fd0ffa6c36..14b003da142 100644
--- a/net/netfilter/xt_qtaguid.c
+++ b/net/netfilter/xt_qtaguid.c
@@ -2588,8 +2588,9 @@ static int pp_stats_line(struct proc_print_info *ppi, int cnt_set)
 	} else {
 		tag_t tag = ppi->ts_entry->tn.tag;
 		uid_t stat_uid = get_uid_from_tag(tag);
-
-		if (!can_read_other_uid_stats(stat_uid)) {
+		/* Detailed tags are not available to everybody */
+		if (get_atag_from_tag(tag)
+		    && !can_read_other_uid_stats(stat_uid)) {
 			CT_DEBUG("qtaguid: stats line: "
 				 "%s 0x%llx %u: insufficient priv "
 				 "from pid=%u tgid=%u uid=%u\n",
author	JP Abgrall <jpa@google.com>	2012-08-28 16:53:32 -0700
committer	Arve Hjønnevåg <arve@android.com>	2013-07-01 14:16:05 -0700
commit	c33bcd377203feb708cb02673731e70c14ef8c91 (patch)
tree	3f9a37b0d8bb283be11669a7de6ee4fdb37756ef /net/netfilter
parent	d351ae74c3c7c27b960fd03ebc955f99ac76a897 (diff)
download	qcom-msm-v3.10-c33bcd377203feb708cb02673731e70c14ef8c91.tar.gz