16 |
fs/Makefile | 2 + |
fs/Makefile | 2 + |
17 |
fs/attr.c | 19 ++++++++++++ |
fs/attr.c | 19 ++++++++++++ |
18 |
fs/compat.c | 15 +++++++++- |
fs/compat.c | 15 +++++++++- |
19 |
fs/exec.c | 21 +++++++++++++- |
fs/exec.c | 18 +++++++++++- |
20 |
fs/fcntl.c | 8 +++++ |
fs/fcntl.c | 8 +++++ |
21 |
fs/ioctl.c | 11 +++++++ |
fs/ioctl.c | 11 +++++++ |
22 |
fs/namei.c | 60 ++++++++++++++++++++++++++++++++++++++++ |
fs/namei.c | 60 ++++++++++++++++++++++++++++++++++++++++ |
44 |
net/ipv6/udp.c | 11 +++++++ |
net/ipv6/udp.c | 11 +++++++ |
45 |
net/socket.c | 43 ++++++++++++++++++++++++++-- |
net/socket.c | 43 ++++++++++++++++++++++++++-- |
46 |
net/unix/af_unix.c | 8 +++++ |
net/unix/af_unix.c | 8 +++++ |
47 |
42 files changed, 532 insertions(+), 9 deletions(-) |
42 files changed, 529 insertions(+), 9 deletions(-) |
48 |
|
|
49 |
--- linux-2.6.15-53.75.orig/arch/alpha/kernel/ptrace.c |
--- linux-2.6.15-53.75.orig/arch/alpha/kernel/ptrace.c |
50 |
+++ linux-2.6.15-53.75/arch/alpha/kernel/ptrace.c |
+++ linux-2.6.15-53.75/arch/alpha/kernel/ptrace.c |
397 |
int core_uses_pid; |
int core_uses_pid; |
398 |
char core_pattern[65] = "core"; |
char core_pattern[65] = "core"; |
399 |
int suid_dumpable = 0; |
int suid_dumpable = 0; |
400 |
@@ -139,6 +143,13 @@ asmlinkage long sys_uselib(const char __ |
@@ -139,6 +143,12 @@ asmlinkage long sys_uselib(const char __ |
401 |
if (error) |
if (error) |
402 |
goto exit; |
goto exit; |
403 |
|
|
404 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
405 |
+ /* 01 means "read". */ |
+ error = ccs_check_uselib_permission(nd.dentry, nd.mnt); |
|
+ error = ccs_check_open_permission(nd.dentry, nd.mnt, 01); |
|
406 |
+ if (error) |
+ if (error) |
407 |
+ goto exit; |
+ goto exit; |
408 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
410 |
file = nameidata_to_filp(&nd, O_RDONLY); |
file = nameidata_to_filp(&nd, O_RDONLY); |
411 |
error = PTR_ERR(file); |
error = PTR_ERR(file); |
412 |
if (IS_ERR(file)) |
if (IS_ERR(file)) |
413 |
@@ -488,6 +499,13 @@ struct file *open_exec(const char *name) |
@@ -488,6 +498,11 @@ struct file *open_exec(const char *name) |
414 |
int err = vfs_permission(&nd, MAY_EXEC); |
int err = vfs_permission(&nd, MAY_EXEC); |
415 |
if (!err && !(inode->i_mode & 0111)) |
if (!err && !(inode->i_mode & 0111)) |
416 |
err = -EACCES; |
err = -EACCES; |
417 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
418 |
+ if (!err && (current->ccs_flags & |
+ if (!err) |
419 |
+ CCS_CHECK_READ_FOR_OPEN_EXEC)) |
+ err = ccs_check_open_exec_permission(nd.dentry, |
420 |
+ /* 01 means "read". */ |
+ nd.mnt); |
|
+ err = ccs_check_open_permission(nd.dentry, |
|
|
+ nd.mnt, 01); |
|
421 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
422 |
file = ERR_PTR(err); |
file = ERR_PTR(err); |
423 |
if (!err) { |
if (!err) { |
424 |
file = nameidata_to_filp(&nd, O_RDONLY); |
file = nameidata_to_filp(&nd, O_RDONLY); |
425 |
@@ -1197,7 +1215,8 @@ int do_execve(char * filename, |
@@ -1197,7 +1212,8 @@ int do_execve(char * filename, |
426 |
if (retval < 0) |
if (retval < 0) |
427 |
goto out; |
goto out; |
428 |
|
|
828 |
#endif |
#endif |
829 |
+ /***** CCS start. *****/ |
+ /***** CCS start. *****/ |
830 |
+#if defined(CONFIG_SAKURA) || defined(CONFIG_TOMOYO) |
+#if defined(CONFIG_SAKURA) || defined(CONFIG_TOMOYO) |
831 |
+ printk(KERN_INFO "Hook version: 2.6.15-53.75 2009/03/18\n"); |
+ printk(KERN_INFO "Hook version: 2.6.15-53.75 2009/03/24\n"); |
832 |
+#endif |
+#endif |
833 |
+ /***** CCS end. *****/ |
+ /***** CCS end. *****/ |
834 |
} |
} |