15 |
fs/Kconfig | 2 |
fs/Kconfig | 2 |
16 |
fs/Makefile | 2 |
fs/Makefile | 2 |
17 |
fs/attr.c | 19 ++++++ |
fs/attr.c | 19 ++++++ |
18 |
fs/compat.c | 15 ++++- |
fs/compat.c | 15 +++++ |
19 |
fs/exec.c | 21 ++++++- |
fs/exec.c | 21 +++++++ |
20 |
fs/fcntl.c | 8 ++ |
fs/fcntl.c | 8 ++ |
21 |
fs/ioctl.c | 11 +++ |
fs/ioctl.c | 11 +++ |
22 |
fs/namei.c | 118 ++++++++++++++++++++++++++++++++++++++++ |
fs/namei.c | 60 +++++++++++++++++++++ |
23 |
fs/namespace.c | 50 ++++++++++++++++ |
fs/namespace.c | 50 +++++++++++++++++- |
24 |
fs/open.c | 29 +++++++++ |
fs/open.c | 30 ++++++++++ |
25 |
fs/proc/Makefile | 3 + |
fs/proc/Makefile | 3 + |
26 |
fs/proc/proc_misc.c | 5 + |
fs/proc/proc_misc.c | 5 + |
27 |
include/linux/init_task.h | 4 + |
include/linux/init_task.h | 4 + |
34 |
kernel/sched.c | 7 ++ |
kernel/sched.c | 7 ++ |
35 |
kernel/signal.c | 21 +++++++ |
kernel/signal.c | 21 +++++++ |
36 |
kernel/sys.c | 21 +++++++ |
kernel/sys.c | 21 +++++++ |
37 |
kernel/sysctl.c | 111 +++++++++++++++++++++++++++++++++++++ |
kernel/sysctl.c | 111 ++++++++++++++++++++++++++++++++++++++++ |
38 |
kernel/time.c | 15 +++++ |
kernel/time.c | 15 +++++ |
39 |
net/core/datagram.c | 11 +++ |
net/core/datagram.c | 11 +++ |
40 |
net/ipv4/inet_connection_sock.c | 7 ++ |
net/ipv4/inet_connection_sock.c | 7 ++ |
42 |
net/ipv4/udp.c | 11 +++ |
net/ipv4/udp.c | 11 +++ |
43 |
net/ipv6/tcp_ipv6.c | 11 +++ |
net/ipv6/tcp_ipv6.c | 11 +++ |
44 |
net/ipv6/udp.c | 11 +++ |
net/ipv6/udp.c | 11 +++ |
45 |
net/socket.c | 43 +++++++++++++- |
net/socket.c | 43 ++++++++++++++- |
46 |
net/unix/af_unix.c | 15 +++++ |
net/unix/af_unix.c | 8 ++ |
47 |
42 files changed, 690 insertions(+), 9 deletions(-) |
42 files changed, 626 insertions(+), 9 deletions(-) |
48 |
|
|
49 |
--- linux-2.6.15-53.75.orig/arch/alpha/kernel/ptrace.c |
--- linux-2.6.15-53.75.orig/arch/alpha/kernel/ptrace.c |
50 |
+++ linux-2.6.15-53.75/arch/alpha/kernel/ptrace.c |
+++ linux-2.6.15-53.75/arch/alpha/kernel/ptrace.c |
506 |
/* [Feb-1997 T. Schoebel-Theuer] |
/* [Feb-1997 T. Schoebel-Theuer] |
507 |
* Fundamental changes in the pathname lookup mechanisms (namei) |
* Fundamental changes in the pathname lookup mechanisms (namei) |
508 |
* were necessary because of omirr. The reason is that omirr needs |
* were necessary because of omirr. The reason is that omirr needs |
509 |
@@ -1433,6 +1437,13 @@ int vfs_create(struct inode *dir, struct |
@@ -1488,6 +1492,13 @@ int may_open(struct nameidata *nd, int a |
|
error = security_inode_create(dir, dentry, mode); |
|
|
if (error) |
|
|
return error; |
|
|
+ /***** TOMOYO Linux start. *****/ |
|
|
+ if (nd) { |
|
|
+ error = ccs_check_1path_perm(TYPE_CREATE_ACL, dentry, nd->mnt); |
|
|
+ if (error) |
|
|
+ return error; |
|
|
+ } |
|
|
+ /***** TOMOYO Linux end. *****/ |
|
|
DQUOT_INIT(dir); |
|
|
error = dir->i_op->create(dir, dentry, mode, nd); |
|
|
if (!error) |
|
|
@@ -1488,6 +1499,13 @@ int may_open(struct nameidata *nd, int a |
|
510 |
if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) |
if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) |
511 |
return -EPERM; |
return -EPERM; |
512 |
|
|
520 |
/* |
/* |
521 |
* Ensure there are no outstanding leases on the file. |
* Ensure there are no outstanding leases on the file. |
522 |
*/ |
*/ |
523 |
@@ -1519,6 +1537,9 @@ int may_open(struct nameidata *nd, int a |
@@ -1519,6 +1530,9 @@ int may_open(struct nameidata *nd, int a |
524 |
return 0; |
return 0; |
525 |
} |
} |
526 |
|
|
530 |
/* |
/* |
531 |
* open_namei() |
* open_namei() |
532 |
* |
* |
533 |
@@ -1768,6 +1789,16 @@ asmlinkage long sys_mknod(const char __u |
@@ -1594,6 +1608,11 @@ do_last: |
534 |
|
if (!path.dentry->d_inode) { |
535 |
if (S_ISDIR(mode)) |
if (!IS_POSIXACL(dir->d_inode)) |
536 |
return -EPERM; |
mode &= ~current->fs->umask; |
537 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
538 |
+ if (S_ISCHR(mode) && !ccs_capable(CCS_CREATE_CHAR_DEV)) |
+ error = ccs_check_mknod_permission(dir->d_inode, path.dentry, |
539 |
+ return -EPERM; |
+ nd->path.mnt, mode, 0); |
540 |
+ if (S_ISBLK(mode) && !ccs_capable(CCS_CREATE_BLOCK_DEV)) |
+ if (!error) |
541 |
+ return -EPERM; |
+ /***** TOMOYO Linux end. *****/ |
542 |
+ if (S_ISFIFO(mode) && !ccs_capable(CCS_CREATE_FIFO)) |
error = vfs_create(dir->d_inode, path.dentry, mode, nd); |
543 |
+ return -EPERM; |
up(&dir->d_inode->i_sem); |
544 |
+ if (S_ISSOCK(mode) && !ccs_capable(CCS_CREATE_UNIX_SOCKET)) |
dput(nd->dentry); |
545 |
+ return -EPERM; |
@@ -1781,6 +1800,12 @@ asmlinkage long sys_mknod(const char __u |
546 |
+ /***** TOMOYO Linux end. *****/ |
if (!IS_POSIXACL(nd.dentry->d_inode)) |
547 |
tmp = getname(filename); |
mode &= ~current->fs->umask; |
548 |
if (IS_ERR(tmp)) |
if (!IS_ERR(dentry)) { |
549 |
return PTR_ERR(tmp); |
+ /***** TOMOYO Linux start. *****/ |
550 |
@@ -1786,10 +1817,32 @@ asmlinkage long sys_mknod(const char __u |
+ error = ccs_check_mknod_permission(nd.path.dentry->d_inode, |
551 |
|
+ dentry, nd.path.mnt, mode, |
552 |
|
+ new_decode_dev(dev)); |
553 |
|
+ if (!error) |
554 |
|
+ /***** TOMOYO Linux end. *****/ |
555 |
|
switch (mode & S_IFMT) { |
556 |
|
case 0: case S_IFREG: |
557 |
error = vfs_create(nd.dentry->d_inode,dentry,mode,&nd); |
error = vfs_create(nd.dentry->d_inode,dentry,mode,&nd); |
558 |
break; |
@@ -1849,6 +1874,12 @@ asmlinkage long sys_mkdir(const char __u |
|
case S_IFCHR: case S_IFBLK: |
|
|
+ /***** TOMOYO Linux start. *****/ |
|
|
+ error = pre_vfs_mknod(nd.dentry->d_inode, dentry, mode); |
|
|
+ if (error) |
|
|
+ break; |
|
|
+ error = ccs_check_1path_perm(S_ISCHR(mode) ? |
|
|
+ TYPE_MKCHAR_ACL : |
|
|
+ TYPE_MKBLOCK_ACL, |
|
|
+ dentry, nd.mnt); |
|
|
+ if (error) |
|
|
+ break; |
|
|
+ /***** TOMOYO Linux end. *****/ |
|
|
error = vfs_mknod(nd.dentry->d_inode,dentry,mode, |
|
|
new_decode_dev(dev)); |
|
|
break; |
|
|
case S_IFIFO: case S_IFSOCK: |
|
|
+ /***** TOMOYO Linux start. *****/ |
|
|
+ error = pre_vfs_mknod(nd.dentry->d_inode, dentry, mode); |
|
|
+ if (error) |
|
|
+ break; |
|
|
+ error = ccs_check_1path_perm(S_ISFIFO(mode) ? |
|
|
+ TYPE_MKFIFO_ACL : |
|
|
+ TYPE_MKSOCK_ACL, |
|
|
+ dentry, nd.mnt); |
|
|
+ if (error) |
|
|
+ break; |
|
|
+ /***** TOMOYO Linux end. *****/ |
|
|
error = vfs_mknod(nd.dentry->d_inode,dentry,mode,0); |
|
|
break; |
|
|
case S_IFDIR: |
|
|
@@ -1849,6 +1902,13 @@ asmlinkage long sys_mkdir(const char __u |
|
559 |
if (!IS_ERR(dentry)) { |
if (!IS_ERR(dentry)) { |
560 |
if (!IS_POSIXACL(nd.dentry->d_inode)) |
if (!IS_POSIXACL(nd.dentry->d_inode)) |
561 |
mode &= ~current->fs->umask; |
mode &= ~current->fs->umask; |
562 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
563 |
+ error = pre_vfs_mkdir(nd.dentry->d_inode, dentry); |
+ error = ccs_check_mkdir_permission(nd.dentry->d_inode, |
564 |
+ if (!error) |
+ dentry, nd.mnt, |
565 |
+ error = ccs_check_1path_perm(TYPE_MKDIR_ACL, |
+ mode); |
|
+ dentry, nd.mnt); |
|
566 |
+ if (!error) |
+ if (!error) |
567 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
568 |
error = vfs_mkdir(nd.dentry->d_inode, dentry, mode); |
error = vfs_mkdir(nd.dentry->d_inode, dentry, mode); |
569 |
dput(dentry); |
dput(dentry); |
570 |
} |
} |
571 |
@@ -1952,6 +2012,13 @@ asmlinkage long sys_rmdir(const char __u |
@@ -1952,6 +1983,11 @@ asmlinkage long sys_rmdir(const char __u |
572 |
dentry = lookup_hash(&nd); |
dentry = lookup_hash(&nd); |
573 |
error = PTR_ERR(dentry); |
error = PTR_ERR(dentry); |
574 |
if (!IS_ERR(dentry)) { |
if (!IS_ERR(dentry)) { |
575 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
576 |
+ error = pre_vfs_rmdir(nd.dentry->d_inode, dentry); |
+ error = ccs_check_rmdir_permission(nd.dentry->d_inode, dentry, |
577 |
+ if (!error) |
+ nd.mnt); |
|
+ error = ccs_check_1path_perm(TYPE_RMDIR_ACL, dentry, |
|
|
+ nd.mnt); |
|
578 |
+ if (!error) |
+ if (!error) |
579 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
580 |
error = vfs_rmdir(nd.dentry->d_inode, dentry); |
error = vfs_rmdir(nd.dentry->d_inode, dentry); |
581 |
dput(dentry); |
dput(dentry); |
582 |
} |
} |
583 |
@@ -2006,6 +2073,10 @@ asmlinkage long sys_unlink(const char __ |
@@ -2027,6 +2063,11 @@ asmlinkage long sys_unlink(const char __ |
|
struct dentry *dentry; |
|
|
struct nameidata nd; |
|
|
struct inode *inode = NULL; |
|
|
+ /***** TOMOYO Linux start. *****/ |
|
|
+ if (!ccs_capable(CCS_SYS_UNLINK)) |
|
|
+ return -EPERM; |
|
|
+ /***** TOMOYO Linux end. *****/ |
|
|
|
|
|
name = getname(pathname); |
|
|
if(IS_ERR(name)) |
|
|
@@ -2027,6 +2098,14 @@ asmlinkage long sys_unlink(const char __ |
|
584 |
inode = dentry->d_inode; |
inode = dentry->d_inode; |
585 |
if (inode) |
if (inode) |
586 |
atomic_inc(&inode->i_count); |
atomic_inc(&inode->i_count); |
587 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
588 |
+ error = pre_vfs_unlink(nd.dentry->d_inode, dentry); |
+ error = ccs_check_unlink_permission(nd.dentry->d_inode, dentry, |
589 |
+ if (error) |
+ nd.mnt); |
590 |
+ goto exit2; |
+ if (!error) |
|
+ error = ccs_check_1path_perm(TYPE_UNLINK_ACL, dentry, nd.mnt); |
|
|
+ if (error) |
|
|
+ goto exit2; |
|
591 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
592 |
error = vfs_unlink(nd.dentry->d_inode, dentry); |
error = vfs_unlink(nd.dentry->d_inode, dentry); |
593 |
exit2: |
exit2: |
594 |
dput(dentry); |
dput(dentry); |
595 |
@@ -2072,6 +2151,10 @@ asmlinkage long sys_symlink(const char _ |
@@ -2088,6 +2129,12 @@ asmlinkage long sys_symlink(const char _ |
|
int error = 0; |
|
|
char * from; |
|
|
char * to; |
|
|
+ /***** TOMOYO Linux start. *****/ |
|
|
+ if (!ccs_capable(CCS_SYS_SYMLINK)) |
|
|
+ return -EPERM; |
|
|
+ /***** TOMOYO Linux end. *****/ |
|
|
|
|
|
from = getname(oldname); |
|
|
if(IS_ERR(from)) |
|
|
@@ -2088,6 +2171,13 @@ asmlinkage long sys_symlink(const char _ |
|
596 |
dentry = lookup_create(&nd, 0); |
dentry = lookup_create(&nd, 0); |
597 |
error = PTR_ERR(dentry); |
error = PTR_ERR(dentry); |
598 |
if (!IS_ERR(dentry)) { |
if (!IS_ERR(dentry)) { |
599 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
600 |
+ error = pre_vfs_symlink(nd.dentry->d_inode, dentry); |
+ error = ccs_check_symlink_permission(nd.dentry->d_inode, |
601 |
+ if (!error) |
+ dentry, nd.mnt, |
602 |
+ error = ccs_check_1path_perm(TYPE_SYMLINK_ACL, |
+ from); |
|
+ dentry, nd.mnt); |
|
603 |
+ if (!error) |
+ if (!error) |
604 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
605 |
error = vfs_symlink(nd.dentry->d_inode, dentry, from, S_IALLUGO); |
error = vfs_symlink(nd.dentry->d_inode, dentry, from, S_IALLUGO); |
606 |
dput(dentry); |
dput(dentry); |
607 |
} |
} |
608 |
@@ -2153,6 +2243,10 @@ asmlinkage long sys_link(const char __us |
@@ -2170,6 +2217,12 @@ asmlinkage long sys_link(const char __us |
|
struct nameidata nd, old_nd; |
|
|
int error; |
|
|
char * to; |
|
|
+ /***** TOMOYO Linux start. *****/ |
|
|
+ if (!ccs_capable(CCS_SYS_LINK)) |
|
|
+ return -EPERM; |
|
|
+ /***** TOMOYO Linux end. *****/ |
|
|
|
|
|
to = getname(newname); |
|
|
if (IS_ERR(to)) |
|
|
@@ -2170,6 +2264,15 @@ asmlinkage long sys_link(const char __us |
|
609 |
new_dentry = lookup_create(&nd, 0); |
new_dentry = lookup_create(&nd, 0); |
610 |
error = PTR_ERR(new_dentry); |
error = PTR_ERR(new_dentry); |
611 |
if (!IS_ERR(new_dentry)) { |
if (!IS_ERR(new_dentry)) { |
612 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
613 |
+ error = pre_vfs_link(old_nd.dentry, nd.dentry->d_inode, |
+ error = ccs_check_link_permission(old_nd.dentry, |
614 |
+ new_dentry); |
+ nd.dentry->d_inode, |
615 |
+ if (!error) |
+ new_dentry, nd.mnt); |
|
+ error = ccs_check_2path_perm(TYPE_LINK_ACL, |
|
|
+ old_nd.dentry, old_nd.mnt, |
|
|
+ new_dentry, nd.mnt); |
|
616 |
+ if (!error) |
+ if (!error) |
617 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
618 |
error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry); |
error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry); |
619 |
dput(new_dentry); |
dput(new_dentry); |
620 |
} |
} |
621 |
@@ -2390,6 +2493,17 @@ static inline int do_rename(const char * |
@@ -2390,6 +2443,13 @@ static inline int do_rename(const char * |
622 |
if (new_dentry == trap) |
if (new_dentry == trap) |
623 |
goto exit5; |
goto exit5; |
624 |
|
|
625 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
626 |
+ error = pre_vfs_rename(old_dir->d_inode, old_dentry, |
+ error = ccs_check_rename_permission(old_dir->d_inode, old_dentry, |
627 |
+ new_dir->d_inode, new_dentry); |
+ new_dir->d_inode, new_dentry, |
628 |
+ if (error) |
+ newnd.mnt); |
629 |
+ goto exit5; |
+ if (!error) |
|
+ error = ccs_check_2path_perm(TYPE_RENAME_ACL, old_dentry, oldnd.mnt, |
|
|
+ new_dentry, newnd.mnt); |
|
|
+ if (error) |
|
|
+ goto exit5; |
|
630 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
631 |
+ |
+ |
632 |
error = vfs_rename(old_dir->d_inode, old_dentry, |
error = vfs_rename(old_dir->d_inode, old_dentry, |
633 |
new_dir->d_inode, new_dentry); |
new_dir->d_inode, new_dentry); |
634 |
exit5: |
exit5: |
|
@@ -2411,6 +2525,10 @@ asmlinkage long sys_rename(const char __ |
|
|
int error; |
|
|
char * from; |
|
|
char * to; |
|
|
+ /***** TOMOYO Linux start. *****/ |
|
|
+ if (!ccs_capable(CCS_SYS_RENAME)) |
|
|
+ return -EPERM; |
|
|
+ /***** TOMOYO Linux end. *****/ |
|
|
|
|
|
from = getname(oldname); |
|
|
if(IS_ERR(from)) |
|
635 |
--- linux-2.6.15-53.75.orig/fs/namespace.c |
--- linux-2.6.15-53.75.orig/fs/namespace.c |
636 |
+++ linux-2.6.15-53.75/fs/namespace.c |
+++ linux-2.6.15-53.75/fs/namespace.c |
637 |
@@ -25,6 +25,12 @@ |
@@ -25,6 +25,12 @@ |
768 |
goto dput_and_out; |
goto dput_and_out; |
769 |
|
|
770 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
771 |
+ error = ccs_check_1path_perm(TYPE_TRUNCATE_ACL, nd.dentry, nd.mnt); |
+ error = ccs_check_truncate_permission(nd.dentry, nd.mnt, length, 0); |
772 |
+ if (!error) |
+ if (!error) |
773 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
774 |
error = locks_verify_truncate(inode, NULL, length); |
error = locks_verify_truncate(inode, NULL, length); |
775 |
if (!error) { |
if (!error) { |
776 |
DQUOT_INIT(inode); |
DQUOT_INIT(inode); |
777 |
@@ -337,7 +348,11 @@ static inline long do_sys_ftruncate(unsi |
@@ -337,7 +348,12 @@ static inline long do_sys_ftruncate(unsi |
778 |
error = -EPERM; |
error = -EPERM; |
779 |
if (IS_APPEND(inode)) |
if (IS_APPEND(inode)) |
780 |
goto out_putf; |
goto out_putf; |
781 |
- |
- |
782 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
783 |
+ error = ccs_check_1path_perm(TYPE_TRUNCATE_ACL, dentry, file->f_vfsmnt); |
+ error = ccs_check_truncate_permission(dentry, file->f_vfsmnt, length, |
784 |
|
+ 0); |
785 |
+ if (error) |
+ if (error) |
786 |
+ goto out_putf; |
+ goto out_putf; |
787 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
788 |
error = locks_verify_truncate(inode, file, length); |
error = locks_verify_truncate(inode, file, length); |
789 |
if (!error) |
if (!error) |
790 |
error = do_truncate(dentry, length, file); |
error = do_truncate(dentry, length, file); |
791 |
@@ -610,6 +625,14 @@ asmlinkage long sys_chroot(const char __ |
@@ -610,6 +626,14 @@ asmlinkage long sys_chroot(const char __ |
792 |
error = -EPERM; |
error = -EPERM; |
793 |
if (!capable(CAP_SYS_CHROOT)) |
if (!capable(CAP_SYS_CHROOT)) |
794 |
goto dput_and_out; |
goto dput_and_out; |
803 |
|
|
804 |
set_fs_root(current->fs, nd.mnt, nd.dentry); |
set_fs_root(current->fs, nd.mnt, nd.dentry); |
805 |
set_fs_altroot(); |
set_fs_altroot(); |
806 |
@@ -1141,6 +1164,10 @@ EXPORT_SYMBOL(sys_close); |
@@ -1141,6 +1165,10 @@ EXPORT_SYMBOL(sys_close); |
807 |
*/ |
*/ |
808 |
asmlinkage long sys_vhangup(void) |
asmlinkage long sys_vhangup(void) |
809 |
{ |
{ |
1590 |
|
|
1591 |
int sysctl_unix_max_dgram_qlen = 10; |
int sysctl_unix_max_dgram_qlen = 10; |
1592 |
|
|
1593 |
@@ -738,6 +741,11 @@ static int unix_bind(struct socket *sock |
@@ -781,6 +784,11 @@ static int unix_bind(struct socket *sock |
|
err = unix_autobind(sock); |
|
|
goto out; |
|
|
} |
|
|
+ /***** TOMOYO Linux start. *****/ |
|
|
+ err = -EPERM; |
|
|
+ if (sunaddr->sun_path[0] && !ccs_capable(CCS_CREATE_UNIX_SOCKET)) |
|
|
+ goto out; |
|
|
+ /***** TOMOYO Linux end. *****/ |
|
|
|
|
|
err = unix_mkname(sunaddr, addr_len, &hash); |
|
|
if (err < 0) |
|
|
@@ -781,6 +789,13 @@ static int unix_bind(struct socket *sock |
|
1594 |
*/ |
*/ |
1595 |
mode = S_IFSOCK | |
mode = S_IFSOCK | |
1596 |
(SOCK_INODE(sock)->i_mode & ~current->fs->umask); |
(SOCK_INODE(sock)->i_mode & ~current->fs->umask); |
1597 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
1598 |
+ err = pre_vfs_mknod(nd.dentry->d_inode, dentry, mode); |
+ err = ccs_check_mknod_permission(nd.dentry->d_inode, dentry, |
1599 |
+ if (!err) |
+ nd.mnt, mode, 0); |
|
+ err = ccs_check_1path_perm(TYPE_MKSOCK_ACL, dentry, |
|
|
+ nd.mnt); |
|
1600 |
+ if (!err) |
+ if (!err) |
1601 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
1602 |
err = vfs_mknod(nd.dentry->d_inode, dentry, mode, 0); |
err = vfs_mknod(nd.dentry->d_inode, dentry, mode, 0); |