netfilter: xt_qtaguid: report only uid tags to non-privileged processes

In the past, a process could only see its own stats (uid-based summary, and details). Now we allow any process to see other UIDs uid-based stats, but still hide the detailed stats. Change-Id: I7666961ed244ac1d9359c339b048799e5db9facc Signed-off-by: JP Abgrall <jpa@google.com>
author: JP Abgrall <jpa@google.com> 2012-08-28 16:53:32 -0700
committer: John Stultz <john.stultz@linaro.org> 2012-12-04 20:15:42 -0500
commit: 3df85ebe5dad05e7aa171ab9f7420185b37c0c92 (patch)
tree: fbb47fc52e2f747797b98c0b42ad9f1d2d5b62b5
parent: ff704cafc26b0c8d0c3b7231e54d6e0a48881f79 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/net/netfilter/xt_qtaguid.c b/net/netfilter/xt_qtaguid.c
index f6d4cfc05f3c..ea716b31e2af 100644
--- a/net/netfilter/xt_qtaguid.c
+++ b/net/netfilter/xt_qtaguid.c
@@ -2588,8 +2588,9 @@ static int pp_stats_line(struct proc_print_info *ppi, int cnt_set)
 	} else {
 		tag_t tag = ppi->ts_entry->tn.tag;
 		uid_t stat_uid = get_uid_from_tag(tag);
-
-		if (!can_read_other_uid_stats(stat_uid)) {
+		/* Detailed tags are not available to everybody */
+		if (get_atag_from_tag(tag)
+		    && !can_read_other_uid_stats(stat_uid)) {
 			CT_DEBUG("qtaguid: stats line: "
 				 "%s 0x%llx %u: insufficient priv "
 				 "from pid=%u tgid=%u uid=%u\n",
author	JP Abgrall <jpa@google.com>	2012-08-28 16:53:32 -0700
committer	John Stultz <john.stultz@linaro.org>	2012-12-04 20:15:42 -0500
commit	3df85ebe5dad05e7aa171ab9f7420185b37c0c92 (patch)
tree	fbb47fc52e2f747797b98c0b42ad9f1d2d5b62b5
parent	ff704cafc26b0c8d0c3b7231e54d6e0a48881f79 (diff)