syslog: distinguish between /proc/kmsg and syscalls

#include <linux/poll.h>

#include <linux/proc_fs.h>

#include <linux/fs.h>

#include <linux/syslog.h>

#include <asm/uaccess.h>

#include <asm/io.h>

extern wait_queue_head_t log_wait;

extern int do_syslog(int type, char __user *bug, int count);

static int kmsg_open(struct inode * inode, struct file * file)

{

	return do_syslog(1,NULL,0);

	return do_syslog(1, NULL, 0, SYSLOG_FROM_FILE);

}

static int kmsg_release(struct inode * inode, struct file * file)

{

	(void) do_syslog(0,NULL,0);

	(void) do_syslog(0, NULL, 0, SYSLOG_FROM_FILE);

	return 0;

}

static ssize_t kmsg_read(struct file *file, char __user *buf,

			 size_t count, loff_t *ppos)

{

	if ((file->f_flags & O_NONBLOCK) && !do_syslog(9, NULL, 0))

	if ((file->f_flags & O_NONBLOCK) &&

	    !do_syslog(9, NULL, 0, SYSLOG_FROM_FILE))

		return -EAGAIN;

	return do_syslog(2, buf, count);

	return do_syslog(2, buf, count, SYSLOG_FROM_FILE);

}

static unsigned int kmsg_poll(struct file *file, poll_table *wait)

{

	poll_wait(file, &log_wait, wait);

	if (do_syslog(9, NULL, 0))

	if (do_syslog(9, NULL, 0, SYSLOG_FROM_FILE))

		return POLLIN | POLLRDNORM;

	return 0;

}

extern int cap_task_setscheduler(struct task_struct *p, int policy, struct sched_param *lp);

extern int cap_task_setioprio(struct task_struct *p, int ioprio);

extern int cap_task_setnice(struct task_struct *p, int nice);

extern int cap_syslog(int type);

extern int cap_syslog(int type, bool from_file);

extern int cap_vm_enough_memory(struct mm_struct *mm, long pages);

struct msghdr;

 *	logging to the console.

 *	See the syslog(2) manual page for an explanation of the @type values.

 *	@type contains the type of action.

 *	@from_file indicates the context of action (if it came from /proc).

 *	Return 0 if permission is granted.

 * @settime:

 *	Check permission to change the system time.

	int (*sysctl) (struct ctl_table *table, int op);

	int (*quotactl) (int cmds, int type, int id, struct super_block *sb);

	int (*quota_on) (struct dentry *dentry);

	int (*syslog) (int type);

	int (*syslog) (int type, bool from_file);

	int (*settime) (struct timespec *ts, struct timezone *tz);

	int (*vm_enough_memory) (struct mm_struct *mm, long pages);

int security_sysctl(struct ctl_table *table, int op);

int security_quotactl(int cmds, int type, int id, struct super_block *sb);

int security_quota_on(struct dentry *dentry);

int security_syslog(int type);

int security_syslog(int type, bool from_file);

int security_settime(struct timespec *ts, struct timezone *tz);

int security_vm_enough_memory(long pages);

int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);

	return 0;

}

static inline int security_syslog(int type)

static inline int security_syslog(int type, bool from_file)

{

	return cap_syslog(type);

	return cap_syslog(type, from_file);

}

static inline int security_settime(struct timespec *ts, struct timezone *tz)

/*  Syslog internals

 *

 *  Copyright 2010 Canonical, Ltd.

 *  Author: Kees Cook <kees.cook@canonical.com>

 *

 *  This program is free software; you can redistribute it and/or modify

 *  it under the terms of the GNU General Public License as published by

 *  the Free Software Foundation; either version 2, or (at your option)

 *  any later version.

 *

 *  This program is distributed in the hope that it will be useful,

 *  but WITHOUT ANY WARRANTY; without even the implied warranty of

 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 *  GNU General Public License for more details.

 *

 *  You should have received a copy of the GNU General Public License

 *  along with this program; see the file COPYING.  If not, write to

 *  the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.

 */

#ifndef _LINUX_SYSLOG_H

#define _LINUX_SYSLOG_H

#define SYSLOG_FROM_CALL 0

#define SYSLOG_FROM_FILE 1

int do_syslog(int type, char __user *buf, int count, bool from_file);

#endif /* _LINUX_SYSLOG_H */

#include <linux/kexec.h>

#include <linux/ratelimit.h>

#include <linux/kmsg_dump.h>

#include <linux/syslog.h>

#include <asm/uaccess.h>

 *	9 -- Return number of unread characters in the log buffer

 *     10 -- Return size of the log buffer

 */

int do_syslog(int type, char __user *buf, int len)

int do_syslog(int type, char __user *buf, int len, bool from_file)

{

	unsigned i, j, limit, count;

	int do_clear = 0;

	char c;

	int error = 0;

	error = security_syslog(type);

	error = security_syslog(type, from_file);

	if (error)

		return error;

SYSCALL_DEFINE3(syslog, int, type, char __user *, buf, int, len)

{

	return do_syslog(type, buf, len);

	return do_syslog(type, buf, len, SYSLOG_FROM_CALL);

}

/*

#include <linux/sched.h>

#include <linux/prctl.h>

#include <linux/securebits.h>

#include <linux/syslog.h>

/*

 * If a non-root user executes a setuid-root binary in

/**

 * cap_syslog - Determine whether syslog function is permitted

 * @type: Function requested

 * @from_file: Whether this request came from an open file (i.e. /proc)

 *

 * Determine whether the current process is permitted to use a particular

 * syslog function, returning 0 if permission is granted, -ve if not.

 */

int cap_syslog(int type)

int cap_syslog(int type, bool from_file)

{

	/* /proc/kmsg can open be opened by CAP_SYS_ADMIN */

	if (type != 1 && from_file)

		return 0;

	if ((type != 3 && type != 10) && !capable(CAP_SYS_ADMIN))

		return -EPERM;

	return 0;