| 16 |
fs/Makefile | 2 + |
fs/Makefile | 2 + |
| 17 |
fs/attr.c | 19 ++++++++++++ |
fs/attr.c | 19 ++++++++++++ |
| 18 |
fs/compat.c | 15 +++++++++- |
fs/compat.c | 15 +++++++++- |
| 19 |
fs/exec.c | 21 +++++++++++++- |
fs/exec.c | 18 +++++++++++- |
| 20 |
fs/fcntl.c | 8 +++++ |
fs/fcntl.c | 8 +++++ |
| 21 |
fs/ioctl.c | 11 +++++++ |
fs/ioctl.c | 11 +++++++ |
| 22 |
fs/namei.c | 60 ++++++++++++++++++++++++++++++++++++++++ |
fs/namei.c | 60 ++++++++++++++++++++++++++++++++++++++++ |
| 44 |
net/ipv6/udp.c | 11 +++++++ |
net/ipv6/udp.c | 11 +++++++ |
| 45 |
net/socket.c | 43 ++++++++++++++++++++++++++-- |
net/socket.c | 43 ++++++++++++++++++++++++++-- |
| 46 |
net/unix/af_unix.c | 8 +++++ |
net/unix/af_unix.c | 8 +++++ |
| 47 |
42 files changed, 532 insertions(+), 9 deletions(-) |
42 files changed, 529 insertions(+), 9 deletions(-) |
| 48 |
|
|
| 49 |
--- linux-2.6.15-53.75.orig/arch/alpha/kernel/ptrace.c |
--- linux-2.6.15-53.75.orig/arch/alpha/kernel/ptrace.c |
| 50 |
+++ linux-2.6.15-53.75/arch/alpha/kernel/ptrace.c |
+++ linux-2.6.15-53.75/arch/alpha/kernel/ptrace.c |
| 397 |
int core_uses_pid; |
int core_uses_pid; |
| 398 |
char core_pattern[65] = "core"; |
char core_pattern[65] = "core"; |
| 399 |
int suid_dumpable = 0; |
int suid_dumpable = 0; |
| 400 |
@@ -139,6 +143,13 @@ asmlinkage long sys_uselib(const char __ |
@@ -139,6 +143,12 @@ asmlinkage long sys_uselib(const char __ |
| 401 |
if (error) |
if (error) |
| 402 |
goto exit; |
goto exit; |
| 403 |
|
|
| 404 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
| 405 |
+ /* 01 means "read". */ |
+ error = ccs_check_uselib_permission(nd.dentry, nd.mnt); |
|
+ error = ccs_check_open_permission(nd.dentry, nd.mnt, 01); |
|
| 406 |
+ if (error) |
+ if (error) |
| 407 |
+ goto exit; |
+ goto exit; |
| 408 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
| 410 |
file = nameidata_to_filp(&nd, O_RDONLY); |
file = nameidata_to_filp(&nd, O_RDONLY); |
| 411 |
error = PTR_ERR(file); |
error = PTR_ERR(file); |
| 412 |
if (IS_ERR(file)) |
if (IS_ERR(file)) |
| 413 |
@@ -488,6 +499,13 @@ struct file *open_exec(const char *name) |
@@ -488,6 +498,11 @@ struct file *open_exec(const char *name) |
| 414 |
int err = vfs_permission(&nd, MAY_EXEC); |
int err = vfs_permission(&nd, MAY_EXEC); |
| 415 |
if (!err && !(inode->i_mode & 0111)) |
if (!err && !(inode->i_mode & 0111)) |
| 416 |
err = -EACCES; |
err = -EACCES; |
| 417 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
| 418 |
+ if (!err && (current->ccs_flags & |
+ if (!err) |
| 419 |
+ CCS_CHECK_READ_FOR_OPEN_EXEC)) |
+ err = ccs_check_open_exec_permission(nd.dentry, |
| 420 |
+ /* 01 means "read". */ |
+ nd.mnt); |
|
+ err = ccs_check_open_permission(nd.dentry, |
|
|
+ nd.mnt, 01); |
|
| 421 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
| 422 |
file = ERR_PTR(err); |
file = ERR_PTR(err); |
| 423 |
if (!err) { |
if (!err) { |
| 424 |
file = nameidata_to_filp(&nd, O_RDONLY); |
file = nameidata_to_filp(&nd, O_RDONLY); |
| 425 |
@@ -1197,7 +1215,8 @@ int do_execve(char * filename, |
@@ -1197,7 +1212,8 @@ int do_execve(char * filename, |
| 426 |
if (retval < 0) |
if (retval < 0) |
| 427 |
goto out; |
goto out; |
| 428 |
|
|
| 828 |
#endif |
#endif |
| 829 |
+ /***** CCS start. *****/ |
+ /***** CCS start. *****/ |
| 830 |
+#if defined(CONFIG_SAKURA) || defined(CONFIG_TOMOYO) |
+#if defined(CONFIG_SAKURA) || defined(CONFIG_TOMOYO) |
| 831 |
+ printk(KERN_INFO "Hook version: 2.6.15-53.75 2009/03/18\n"); |
+ printk(KERN_INFO "Hook version: 2.6.15-53.75 2009/03/24\n"); |
| 832 |
+#endif |
+#endif |
| 833 |
+ /***** CCS end. *****/ |
+ /***** CCS end. *****/ |
| 834 |
} |
} |
TOMOYO
Parent Directory
Revision Log
Patch