Diff of /trunk/1.7.x/ccs-patch/patches/ccs-patch-2.6.15-ubuntu-6.06.diff

TOMOYO

 Subversion リポジトリの参照



/[tomoyo]/trunk/1.7.x/ccs-patch/patches/ccs-patch-2.6.15-ubuntu-6.06.diff




Diff of /trunk/1.7.x/ccs-patch/patches/ccs-patch-2.6.15-ubuntu-6.06.diff



 Parent Directory

|  Revision Log



|  Patch














revision 2279 by kumaneko,
Wed Mar 18 09:16:37 2009 UTC




revision 2282 by kumaneko,
Thu Mar 19 04:46:42 2009 UTC






#

Line 25 
 Source code for this patch is "apt-get i


Line 25 
 Source code for this patch is "apt-get i












25
  fs/proc/Makefile                |    3 +
  fs/proc/Makefile                |    3 +

















26
  fs/proc/proc_misc.c             |    5 +
  fs/proc/proc_misc.c             |    5 +

















27
  include/linux/init_task.h       |    4 +
  include/linux/init_task.h       |    4 +















28


  include/linux/sched.h           |    9 +++


  include/linux/sched.h           |    8 ++















29
  kernel/compat.c                 |    7 ++
  kernel/compat.c                 |    7 ++

















30
  kernel/kexec.c                  |    7 ++
  kernel/kexec.c                  |    7 ++

















31
  kernel/kmod.c                   |    5 +
  kernel/kmod.c                   |    5 +











#

Line 44 
 Source code for this patch is "apt-get i


Line 44 
 Source code for this patch is "apt-get i












44
  net/ipv6/udp.c                  |   11 +++
  net/ipv6/udp.c                  |   11 +++

















45
  net/socket.c                    |   43 +++++++++++++-
  net/socket.c                    |   43 +++++++++++++-

















46
  net/unix/af_unix.c              |   15 +++++
  net/unix/af_unix.c              |   15 +++++















47


  42 files changed, 691 insertions(+), 9 deletions(-)


  42 files changed, 690 insertions(+), 9 deletions(-)















48
 
 

















49
 --- linux-2.6.15-53.75.orig/arch/alpha/kernel/ptrace.c
 --- linux-2.6.15-53.75.orig/arch/alpha/kernel/ptrace.c

















50
 +++ linux-2.6.15-53.75/arch/alpha/kernel/ptrace.c
 +++ linux-2.6.15-53.75/arch/alpha/kernel/ptrace.c











#

Line 63 
 Source code for this patch is "apt-get i


Line 63 
 Source code for this patch is "apt-get i












63
         size_t copied;
         size_t copied;

















64
         long ret;
         long ret;

















65
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















66


 +       if (!ccs_capable(TOMOYO_SYS_PTRACE))


 +       if (!ccs_capable(CCS_SYS_PTRACE))















67
 +               return -EPERM;
 +               return -EPERM;

















68
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















69
  
  











#

Line 86 
 Source code for this patch is "apt-get i


Line 86 
 Source code for this patch is "apt-get i












86
         unsigned int value, tmp;
         unsigned int value, tmp;

















87
         long i, ret;
         long i, ret;

















88
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















89


 +       if (!ccs_capable(TOMOYO_SYS_PTRACE))


 +       if (!ccs_capable(CCS_SYS_PTRACE))















90
 +               return -EPERM;
 +               return -EPERM;

















91
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















92
  
  











#

Line 109 
 Source code for this patch is "apt-get i


Line 109 
 Source code for this patch is "apt-get i












109
         struct switch_stack *sw;
         struct switch_stack *sw;

















110
         long ret;
         long ret;

















111
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















112


 +       if (!ccs_capable(TOMOYO_SYS_PTRACE))


 +       if (!ccs_capable(CCS_SYS_PTRACE))















113
 +               return -EPERM;
 +               return -EPERM;

















114
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















115
  
  











#

Line 132 
 Source code for this patch is "apt-get i


Line 132 
 Source code for this patch is "apt-get i












132
         struct task_struct *child;
         struct task_struct *child;

















133
         int ret;
         int ret;

















134
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















135


 +       if (!ccs_capable(TOMOYO_SYS_PTRACE))


 +       if (!ccs_capable(CCS_SYS_PTRACE))















136
 +               return -EPERM;
 +               return -EPERM;

















137
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















138
  
  











#

Line 155 
 Source code for this patch is "apt-get i


Line 155 
 Source code for this patch is "apt-get i












155
         struct task_struct *child;
         struct task_struct *child;

















156
         int ret;
         int ret;

















157
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















158


 +       if (!ccs_capable(TOMOYO_SYS_PTRACE))


 +       if (!ccs_capable(CCS_SYS_PTRACE))















159
 +               return -EPERM;
 +               return -EPERM;

















160
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















161
  
  











#

Line 178 
 Source code for this patch is "apt-get i


Line 178 
 Source code for this patch is "apt-get i












178
         struct task_struct *child;
         struct task_struct *child;

















179
         int ret = -EPERM;
         int ret = -EPERM;

















180
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















181


 +       if (!ccs_capable(TOMOYO_SYS_PTRACE))


 +       if (!ccs_capable(CCS_SYS_PTRACE))















182
 +               return -EPERM;
 +               return -EPERM;

















183
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















184
  
  











#

Line 201 
 Source code for this patch is "apt-get i


Line 201 
 Source code for this patch is "apt-get i












201
         int ret;
         int ret;

















202
  
  

















203
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















204


 +       if (!ccs_capable(TOMOYO_SYS_PTRACE))


 +       if (!ccs_capable(CCS_SYS_PTRACE))















205
 +               return -EPERM;
 +               return -EPERM;

















206
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















207
         lock_kernel();
         lock_kernel();











#

Line 224 
 Source code for this patch is "apt-get i


Line 224 
 Source code for this patch is "apt-get i












224
         struct task_struct *child;
         struct task_struct *child;

















225
         int ret;
         int ret;

















226
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















227


 +       if (!ccs_capable(TOMOYO_SYS_PTRACE)) {


 +       if (!ccs_capable(CCS_SYS_PTRACE)) {















228
 +               pt_error_return(regs, EPERM);
 +               pt_error_return(regs, EPERM);

















229
 +               return;
 +               return;

















230
 +       }
 +       }











#

Line 249 
 Source code for this patch is "apt-get i


Line 249 
 Source code for this patch is "apt-get i












249
         struct task_struct *child;
         struct task_struct *child;

















250
         int ret;
         int ret;

















251
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















252


 +       if (!ccs_capable(TOMOYO_SYS_PTRACE)) {


 +       if (!ccs_capable(CCS_SYS_PTRACE)) {















253
 +               pt_error_return(regs, EPERM);
 +               pt_error_return(regs, EPERM);

















254
 +               return;
 +               return;

















255
 +       }
 +       }











#

Line 274 
 Source code for this patch is "apt-get i


Line 274 
 Source code for this patch is "apt-get i












274
         int ret;
         int ret;

















275
         __u32 val;
         __u32 val;

















276
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















277


 +       if (!ccs_capable(TOMOYO_SYS_PTRACE))


 +       if (!ccs_capable(CCS_SYS_PTRACE))















278
 +               return -EPERM;
 +               return -EPERM;

















279
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















280
  
  











#

Line 316 
 Source code for this patch is "apt-get i


Line 316 
 Source code for this patch is "apt-get i












316
                 error = security_inode_setattr(dentry, attr);
                 error = security_inode_setattr(dentry, attr);

















317
 +               /***** TOMOYO Linux start. *****/
 +               /***** TOMOYO Linux start. *****/

















318
 +               if (!error && (ia_valid & ATTR_MODE) &&
 +               if (!error && (ia_valid & ATTR_MODE) &&















319


 +                   !ccs_capable(TOMOYO_SYS_CHMOD))


 +                   !ccs_capable(CCS_SYS_CHMOD))















320
 +                       error = -EPERM;
 +                       error = -EPERM;

















321
 +               if (!error && (ia_valid & (ATTR_UID | ATTR_GID)) &&
 +               if (!error && (ia_valid & (ATTR_UID | ATTR_GID)) &&















322


 +                   !ccs_capable(TOMOYO_SYS_CHOWN))


 +                   !ccs_capable(CCS_SYS_CHOWN))















323
 +                       error = -EPERM;
 +                       error = -EPERM;

















324
 +               /***** TOMOYO Linux end. *****/
 +               /***** TOMOYO Linux end. *****/

















325
                 if (!error)
                 if (!error)











#

Line 330 
 Source code for this patch is "apt-get i


Line 330 
 Source code for this patch is "apt-get i












330
                         error = security_inode_setattr(dentry, attr);
                         error = security_inode_setattr(dentry, attr);

















331
 +               /***** TOMOYO Linux start. *****/
 +               /***** TOMOYO Linux start. *****/

















332
 +               if (!error && (ia_valid & ATTR_MODE) &&
 +               if (!error && (ia_valid & ATTR_MODE) &&















333


 +                   !ccs_capable(TOMOYO_SYS_CHMOD))


 +                   !ccs_capable(CCS_SYS_CHMOD))















334
 +                       error = -EPERM;
 +                       error = -EPERM;

















335
 +               if (!error && (ia_valid & (ATTR_UID | ATTR_GID)) &&
 +               if (!error && (ia_valid & (ATTR_UID | ATTR_GID)) &&















336


 +                   !ccs_capable(TOMOYO_SYS_CHOWN))


 +                   !ccs_capable(CCS_SYS_CHOWN))















337
 +                       error = -EPERM;
 +                       error = -EPERM;

















338
 +               /***** TOMOYO Linux end. *****/
 +               /***** TOMOYO Linux end. *****/

















339
                 if (!error) {
                 if (!error) {











#

Line 367 
 Source code for this patch is "apt-get i


Line 367 
 Source code for this patch is "apt-get i












367
  
  

















368
         default:
         default:

















369
 +               /***** TOMOYO Linux start. *****/
 +               /***** TOMOYO Linux start. *****/















370


 +               if (!ccs_capable(TOMOYO_SYS_IOCTL)) {


 +               if (!ccs_capable(CCS_SYS_IOCTL)) {















371
 +                       error = -EPERM;
 +                       error = -EPERM;

















372
 +                       goto out_fput;
 +                       goto out_fput;

















373
 +               }
 +               }











#

Line 416 
 Source code for this patch is "apt-get i


Line 416 
 Source code for this patch is "apt-get i












416
                         if (!err && !(inode->i_mode & 0111))
                         if (!err && !(inode->i_mode & 0111))

















417
                                 err = -EACCES;
                                 err = -EACCES;

















418
 +                       /***** TOMOYO Linux start. *****/
 +                       /***** TOMOYO Linux start. *****/















419


 +                       if (!err && (current->tomoyo_flags &


 +                       if (!err && (current->ccs_flags &













420


 +                                    TOMOYO_CHECK_READ_FOR_OPEN_EXEC))


 +                                    CCS_CHECK_READ_FOR_OPEN_EXEC))















421
 +                               /* 01 means "read". */
 +                               /* 01 means "read". */

















422
 +                               err = ccs_check_open_permission(nd.dentry,
 +                               err = ccs_check_open_permission(nd.dentry,

















423
 +                                                               nd.mnt, 01);
 +                                                               nd.mnt, 01);











#

Line 476 
 Source code for this patch is "apt-get i


Line 476 
 Source code for this patch is "apt-get i












476
         if (!filp->f_op)
         if (!filp->f_op)

















477
                 goto out;
                 goto out;

















478
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















479


 +       if (!ccs_capable(TOMOYO_SYS_IOCTL))


 +       if (!ccs_capable(CCS_SYS_IOCTL))















480
 +               return -EPERM;
 +               return -EPERM;

















481
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















482
  
  











#

Line 549 
 Source code for this patch is "apt-get i


Line 549 
 Source code for this patch is "apt-get i












549
         if (S_ISDIR(mode))
         if (S_ISDIR(mode))

















550
                 return -EPERM;
                 return -EPERM;

















551
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















552


 +       if (S_ISCHR(mode) && !ccs_capable(TOMOYO_CREATE_CHAR_DEV))


 +       if (S_ISCHR(mode) && !ccs_capable(CCS_CREATE_CHAR_DEV))















553
 +               return -EPERM;
 +               return -EPERM;















554


 +       if (S_ISBLK(mode) && !ccs_capable(TOMOYO_CREATE_BLOCK_DEV))


 +       if (S_ISBLK(mode) && !ccs_capable(CCS_CREATE_BLOCK_DEV))















555
 +               return -EPERM;
 +               return -EPERM;















556


 +       if (S_ISFIFO(mode) && !ccs_capable(TOMOYO_CREATE_FIFO))


 +       if (S_ISFIFO(mode) && !ccs_capable(CCS_CREATE_FIFO))















557
 +               return -EPERM;
 +               return -EPERM;















558


 +       if (S_ISSOCK(mode) && !ccs_capable(TOMOYO_CREATE_UNIX_SOCKET))


 +       if (S_ISSOCK(mode) && !ccs_capable(CCS_CREATE_UNIX_SOCKET))















559
 +               return -EPERM;
 +               return -EPERM;

















560
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















561
         tmp = getname(filename);
         tmp = getname(filename);











#

Line 627 
 Source code for this patch is "apt-get i


Line 627 
 Source code for this patch is "apt-get i












627
         struct nameidata nd;
         struct nameidata nd;

















628
         struct inode *inode = NULL;
         struct inode *inode = NULL;

















629
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















630


 +       if (!ccs_capable(TOMOYO_SYS_UNLINK))


 +       if (!ccs_capable(CCS_SYS_UNLINK))















631
 +               return -EPERM;
 +               return -EPERM;

















632
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















633
  
  











#

Line 653 
 Source code for this patch is "apt-get i


Line 653 
 Source code for this patch is "apt-get i












653
         char * from;
         char * from;

















654
         char * to;
         char * to;

















655
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















656


 +       if (!ccs_capable(TOMOYO_SYS_SYMLINK))


 +       if (!ccs_capable(CCS_SYS_SYMLINK))















657
 +               return -EPERM;
 +               return -EPERM;

















658
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















659
  
  











#

Line 678 
 Source code for this patch is "apt-get i


Line 678 
 Source code for this patch is "apt-get i












678
         int error;
         int error;

















679
         char * to;
         char * to;

















680
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















681


 +       if (!ccs_capable(TOMOYO_SYS_LINK))


 +       if (!ccs_capable(CCS_SYS_LINK))















682
 +               return -EPERM;
 +               return -EPERM;

















683
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















684
  
  











#

Line 723 
 Source code for this patch is "apt-get i


Line 723 
 Source code for this patch is "apt-get i












723
         char * from;
         char * from;

















724
         char * to;
         char * to;

















725
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















726


 +       if (!ccs_capable(TOMOYO_SYS_RENAME))


 +       if (!ccs_capable(CCS_SYS_RENAME))















727
 +               return -EPERM;
 +               return -EPERM;

















728
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















729
  
  











#

Line 761 
 Source code for this patch is "apt-get i


Line 761 
 Source code for this patch is "apt-get i












761
         struct nameidata nd;
         struct nameidata nd;

















762
         int retval;
         int retval;

















763
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















764


 +       if (!ccs_capable(TOMOYO_SYS_UMOUNT))


 +       if (!ccs_capable(CCS_SYS_UMOUNT))















765
 +               return -EPERM;
 +               return -EPERM;

















766
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















767
  
  











#

Line 809 
 Source code for this patch is "apt-get i


Line 809 
 Source code for this patch is "apt-get i












809
                 ((char *)data_page)[PAGE_SIZE - 1] = 0;
                 ((char *)data_page)[PAGE_SIZE - 1] = 0;

















810
  
  

















811
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















812


 +       if (!ccs_capable(TOMOYO_SYS_MOUNT))


 +       if (!ccs_capable(CCS_SYS_MOUNT))















813
 +               return -EPERM;
 +               return -EPERM;

















814
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















815
 +       /***** SAKURA Linux start. *****/
 +       /***** SAKURA Linux start. *****/











#

Line 827 
 Source code for this patch is "apt-get i


Line 827 
 Source code for this patch is "apt-get i












827
         if (!capable(CAP_SYS_ADMIN))
         if (!capable(CAP_SYS_ADMIN))

















828
                 return -EPERM;
                 return -EPERM;

















829
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















830


 +       if (!ccs_capable(TOMOYO_SYS_PIVOT_ROOT))


 +       if (!ccs_capable(CCS_SYS_PIVOT_ROOT))















831
 +               return -EPERM;
 +               return -EPERM;

















832
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















833
  
  











#

Line 889 
 Source code for this patch is "apt-get i


Line 889 
 Source code for this patch is "apt-get i












889
         if (!capable(CAP_SYS_CHROOT))
         if (!capable(CAP_SYS_CHROOT))

















890
                 goto dput_and_out;
                 goto dput_and_out;

















891
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















892


 +       if (!ccs_capable(TOMOYO_SYS_CHROOT))


 +       if (!ccs_capable(CCS_SYS_CHROOT))















893
 +               goto dput_and_out;
 +               goto dput_and_out;

















894
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















895
 +       /***** SAKURA Linux start. *****/
 +       /***** SAKURA Linux start. *****/











#

Line 904 
 Source code for this patch is "apt-get i


Line 904 
 Source code for this patch is "apt-get i












904
  asmlinkage long sys_vhangup(void)
  asmlinkage long sys_vhangup(void)

















905
  {
  {

















906
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















907


 +       if (!ccs_capable(TOMOYO_SYS_VHANGUP))


 +       if (!ccs_capable(CCS_SYS_VHANGUP))















908
 +               return -EPERM;
 +               return -EPERM;

















909
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















910
         if (capable(CAP_SYS_TTY_CONFIG)) {
         if (capable(CAP_SYS_TTY_CONFIG)) {











#

Line 938 
 Source code for this patch is "apt-get i


Line 938 
 Source code for this patch is "apt-get i












938
         .cpu_timers     = INIT_CPU_TIMERS(tsk.cpu_timers),              \
         .cpu_timers     = INIT_CPU_TIMERS(tsk.cpu_timers),              \

















939
         .fs_excl        = ATOMIC_INIT(0),                               \
         .fs_excl        = ATOMIC_INIT(0),                               \

















940
 +       /***** TOMOYO Linux start. *****/        \
 +       /***** TOMOYO Linux start. *****/        \















941


 +       .domain_info = &KERNEL_DOMAIN,           \


 +       .ccs_domain_info = NULL,                 \













942


 +       .tomoyo_flags = 0,                       \


 +       .ccs_flags = 0,                          \















943
 +       /***** TOMOYO Linux end. *****/          \
 +       /***** TOMOYO Linux end. *****/          \

















944
  }
  }

















945
  
  

















946
  
  

















947
 --- linux-2.6.15-53.75.orig/include/linux/sched.h
 --- linux-2.6.15-53.75.orig/include/linux/sched.h

















948
 +++ linux-2.6.15-53.75/include/linux/sched.h
 +++ linux-2.6.15-53.75/include/linux/sched.h















949


 @@ -39,6 +39,11 @@


 @@ -39,6 +39,10 @@















950
  
  

















951
  struct exec_domain;
  struct exec_domain;

















952
  
  

















953
 +/***** TOMOYO Linux start. *****/
 +/***** TOMOYO Linux start. *****/















954


 +struct domain_info;


 +struct ccs_domain_info;
















 +extern struct domain_info KERNEL_DOMAIN;


 















955
 +/***** TOMOYO Linux end. *****/
 +/***** TOMOYO Linux end. *****/

















956
 +
 +

















957
  /*
  /*

















958
   * cloning flags:
   * cloning flags:

















959
   */
   */















960


 @@ -858,6 +863,10 @@ struct task_struct {


 @@ -858,6 +862,10 @@ struct task_struct {















961
  #endif
  #endif

















962
         atomic_t fs_excl;       /* holding fs exclusive resources */
         atomic_t fs_excl;       /* holding fs exclusive resources */

















963
         struct list_head        *scm_work_list;
         struct list_head        *scm_work_list;

















964
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















965


 +       struct domain_info *domain_info;


 +       struct ccs_domain_info *ccs_domain_info;













966


 +       u32 tomoyo_flags;


 +       u32 ccs_flags;















967
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















968
  };
  };

















969
  
  











#

Line 986 
 Source code for this patch is "apt-get i


Line 985 
 Source code for this patch is "apt-get i












985
         if (err)
         if (err)

















986
                 return err;
                 return err;

















987
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















988


 +       if (!ccs_capable(TOMOYO_SYS_SETTIME))


 +       if (!ccs_capable(CCS_SYS_SETTIME))















989
 +               return -EPERM;
 +               return -EPERM;

















990
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















991
  
  











#

Line 1009 
 Source code for this patch is "apt-get i


Line 1008 
 Source code for this patch is "apt-get i












1008
         if (!capable(CAP_SYS_BOOT))
         if (!capable(CAP_SYS_BOOT))

















1009
                 return -EPERM;
                 return -EPERM;

















1010
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















1011


 +       if (!ccs_capable(TOMOYO_SYS_KEXEC_LOAD))


 +       if (!ccs_capable(CCS_SYS_KEXEC_LOAD))















1012
 +               return -EPERM;
 +               return -EPERM;

















1013
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















1014
  
  











#

Line 1022 
 Source code for this patch is "apt-get i


Line 1021 
 Source code for this patch is "apt-get i












1021
         set_cpus_allowed(current, CPU_MASK_ALL);
         set_cpus_allowed(current, CPU_MASK_ALL);

















1022
  
  

















1023
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















1024


 +       current->domain_info = &KERNEL_DOMAIN;


 +       current->ccs_domain_info = NULL;













1025


 +       current->tomoyo_flags = 0;


 +       current->ccs_flags = 0;















1026
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















1027
 +
 +

















1028
         retval = -EPERM;
         retval = -EPERM;











#

Line 1047 
 Source code for this patch is "apt-get i


Line 1046 
 Source code for this patch is "apt-get i












1046
                 return -EPERM;
                 return -EPERM;

















1047
 -
 -

















1048
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















1049


 +       if (!ccs_capable(TOMOYO_USE_KERNEL_MODULE))


 +       if (!ccs_capable(CCS_USE_KERNEL_MODULE))















1050
 +               return -EPERM;
 +               return -EPERM;

















1051
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















1052
         if (strncpy_from_user(name, name_user, MODULE_NAME_LEN-1) < 0)
         if (strncpy_from_user(name, name_user, MODULE_NAME_LEN-1) < 0)











#

Line 1059 
 Source code for this patch is "apt-get i


Line 1058 
 Source code for this patch is "apt-get i












1058
                 return -EPERM;
                 return -EPERM;

















1059
 -
 -

















1060
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















1061


 +       if (!ccs_capable(TOMOYO_USE_KERNEL_MODULE))


 +       if (!ccs_capable(CCS_USE_KERNEL_MODULE))















1062
 +               return -EPERM;
 +               return -EPERM;

















1063
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















1064
         /* Only one module load at a time, please */
         /* Only one module load at a time, please */











#

Line 1082 
 Source code for this patch is "apt-get i


Line 1081 
 Source code for this patch is "apt-get i












1081
          * This lock_kernel fixes a subtle race with suid exec
          * This lock_kernel fixes a subtle race with suid exec

















1082
          */
          */

















1083
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















1084


 +       if (!ccs_capable(TOMOYO_SYS_PTRACE))


 +       if (!ccs_capable(CCS_SYS_PTRACE))















1085
 +               return -EPERM;
 +               return -EPERM;

















1086
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















1087
         lock_kernel();
         lock_kernel();











#

Line 1105 
 Source code for this patch is "apt-get i


Line 1104 
 Source code for this patch is "apt-get i












1104
         int retval;
         int retval;

















1105
         long nice;
         long nice;

















1106
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















1107


 +       if (!ccs_capable(TOMOYO_SYS_NICE))


 +       if (!ccs_capable(CCS_SYS_NICE))















1108
 +               return -EPERM;
 +               return -EPERM;

















1109
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















1110
  
  











#

Line 1128 
 Source code for this patch is "apt-get i


Line 1127 
 Source code for this patch is "apt-get i












1127
  {
  {

















1128
         struct siginfo info;
         struct siginfo info;

















1129
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















1130


 +       if (sig && !ccs_capable(TOMOYO_SYS_KILL))


 +       if (sig && !ccs_capable(CCS_SYS_KILL))















1131
 +               return -EPERM;
 +               return -EPERM;

















1132
 +       if (sig && ccs_check_signal_acl(sig, pid))
 +       if (sig && ccs_check_signal_acl(sig, pid))

















1133
 +               return -EPERM;
 +               return -EPERM;











#

Line 1141 
 Source code for this patch is "apt-get i


Line 1140 
 Source code for this patch is "apt-get i












1140
         if (pid <= 0 || tgid <= 0)
         if (pid <= 0 || tgid <= 0)

















1141
                 return -EINVAL;
                 return -EINVAL;

















1142
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















1143


 +       if (sig && !ccs_capable(TOMOYO_SYS_KILL))


 +       if (sig && !ccs_capable(CCS_SYS_KILL))















1144
 +               return -EPERM;
 +               return -EPERM;

















1145
 +       if (sig && ccs_check_signal_acl(sig, pid))
 +       if (sig && ccs_check_signal_acl(sig, pid))

















1146
 +               return -EPERM;
 +               return -EPERM;











#

Line 1154 
 Source code for this patch is "apt-get i


Line 1153 
 Source code for this patch is "apt-get i












1153
         if (pid <= 0)
         if (pid <= 0)

















1154
                 return -EINVAL;
                 return -EINVAL;

















1155
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















1156


 +       if (sig && !ccs_capable(TOMOYO_SYS_KILL))


 +       if (sig && !ccs_capable(CCS_SYS_KILL))















1157
 +               return -EPERM;
 +               return -EPERM;

















1158
 +       if (sig && ccs_check_signal_acl(sig, pid))
 +       if (sig && ccs_check_signal_acl(sig, pid))

















1159
 +               return -EPERM;
 +               return -EPERM;











#

Line 1179 
 Source code for this patch is "apt-get i


Line 1178 
 Source code for this patch is "apt-get i












1178
         if (which > 2 || which < 0)
         if (which > 2 || which < 0)

















1179
                 goto out;
                 goto out;

















1180
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















1181


 +       if (!ccs_capable(TOMOYO_SYS_NICE)) {


 +       if (!ccs_capable(CCS_SYS_NICE)) {















1182
 +               error = -EPERM;
 +               error = -EPERM;

















1183
 +               goto out;
 +               goto out;

















1184
 +       }
 +       }











#

Line 1192 
 Source code for this patch is "apt-get i


Line 1191 
 Source code for this patch is "apt-get i












1191
                         magic2 != LINUX_REBOOT_MAGIC2C))
                         magic2 != LINUX_REBOOT_MAGIC2C))

















1192
                 return -EINVAL;
                 return -EINVAL;

















1193
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















1194


 +       if (!ccs_capable(TOMOYO_SYS_REBOOT))


 +       if (!ccs_capable(CCS_SYS_REBOOT))















1195
 +               return -EPERM;
 +               return -EPERM;

















1196
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















1197
  
  











#

Line 1203 
 Source code for this patch is "apt-get i


Line 1202 
 Source code for this patch is "apt-get i












1202
         if (len < 0 || len > __NEW_UTS_LEN)
         if (len < 0 || len > __NEW_UTS_LEN)

















1203
                 return -EINVAL;
                 return -EINVAL;

















1204
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















1205


 +       if (!ccs_capable(TOMOYO_SYS_SETHOSTNAME))


 +       if (!ccs_capable(CCS_SYS_SETHOSTNAME))















1206
 +               return -EPERM;
 +               return -EPERM;

















1207
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















1208
         down_write(&uts_sem);
         down_write(&uts_sem);











#

Line 1214 
 Source code for this patch is "apt-get i


Line 1213 
 Source code for this patch is "apt-get i












1213
         if (len < 0 || len > __NEW_UTS_LEN)
         if (len < 0 || len > __NEW_UTS_LEN)

















1214
                 return -EINVAL;
                 return -EINVAL;

















1215
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















1216


 +       if (!ccs_capable(TOMOYO_SYS_SETHOSTNAME))


 +       if (!ccs_capable(CCS_SYS_SETHOSTNAME))















1217
 +               return -EPERM;
 +               return -EPERM;

















1218
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















1219
  
  











#

Line 1378 
 Source code for this patch is "apt-get i


Line 1377 
 Source code for this patch is "apt-get i












1377
         if (err)
         if (err)

















1378
                 return err;
                 return err;

















1379
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















1380


 +       if (!ccs_capable(TOMOYO_SYS_SETTIME))


 +       if (!ccs_capable(CCS_SYS_SETTIME))















1381
 +               return -EPERM;
 +               return -EPERM;

















1382
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















1383
  
  











#

Line 1389 
 Source code for this patch is "apt-get i


Line 1388 
 Source code for this patch is "apt-get i












1388
         if (error)
         if (error)

















1389
                 return error;
                 return error;

















1390
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















1391


 +       if (!ccs_capable(TOMOYO_SYS_SETTIME))


 +       if (!ccs_capable(CCS_SYS_SETTIME))















1392
 +               return -EPERM;
 +               return -EPERM;

















1393
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















1394
  
  











#

Line 1400 
 Source code for this patch is "apt-get i


Line 1399 
 Source code for this patch is "apt-get i












1399
         if (txc->modes && !capable(CAP_SYS_TIME))
         if (txc->modes && !capable(CAP_SYS_TIME))

















1400
                 return -EPERM;
                 return -EPERM;

















1401
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/















1402


 +       if (txc->modes && !ccs_capable(TOMOYO_SYS_SETTIME))


 +       if (txc->modes && !ccs_capable(CCS_SYS_SETTIME))















1403
 +               return -EPERM;
 +               return -EPERM;

















1404
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















1405
                 
                 











#

Line 1693 
 Source code for this patch is "apt-get i


Line 1692 
 Source code for this patch is "apt-get i












1692
         }
         }

















1693
 +       /***** TOMOYO Linux start. *****/
 +       /***** TOMOYO Linux start. *****/

















1694
 +       err = -EPERM;
 +       err = -EPERM;















1695


 +       if (sunaddr->sun_path[0] && !ccs_capable(TOMOYO_CREATE_UNIX_SOCKET))


 +       if (sunaddr->sun_path[0] && !ccs_capable(CCS_CREATE_UNIX_SOCKET))















1696
 +               goto out;
 +               goto out;

















1697
 +       /***** TOMOYO Linux end. *****/
 +       /***** TOMOYO Linux end. *****/

















1698
  
  





























Legend:



Removed from v.2279
 


changed lines


 
Added in v.2282













Back to OSDN">Back to OSDN
ViewVC Help


Powered by ViewVC 1.1.26
 /[tomoyo]/trunk/1.7.x/ccs-patch/patches/ccs-patch-2.6.15-ubuntu-6.06.diff
-revision 2279 by kumaneko,
Wed Mar 18 09:16:37 2009 UTC
+revision 2282 by kumaneko,
Thu Mar 19 04:46:42 2009 UTC
 Line 25 
 Source code for this patch is "apt-get i
   fs/proc/Makefile                |    3 +
   fs/proc/proc_misc.c             |    5 +
   include/linux/init_task.h       |    4 +
-  include/linux/sched.h           |    9 +++
+  include/linux/sched.h           |    8 ++
   kernel/compat.c                 |    7 ++
   kernel/kexec.c                  |    7 ++
   kernel/kmod.c                   |    5 +
 Line 44 
 Source code for this patch is "apt-get i
   net/ipv6/udp.c                  |   11 +++
   net/socket.c                    |   43 +++++++++++++-
   net/unix/af_unix.c              |   15 +++++
-files changed, 691 insertions(+), 9 deletions(-)
+files changed, 690 insertions(+), 9 deletions(-)
  --- linux-2.6.15-53.75.orig/arch/alpha/kernel/ptrace.c
  +++ linux-2.6.15-53.75/arch/alpha/kernel/ptrace.c
 Line 63 
 Source code for this patch is "apt-get i
          size_t copied;
          long ret;
  +       /***** TOMOYO Linux start. *****/
- +       if (!ccs_capable(TOMOYO_SYS_PTRACE))
+ +       if (!ccs_capable(CCS_SYS_PTRACE))
  +               return -EPERM;
  +       /***** TOMOYO Linux end. *****/
 Line 86 
 Source code for this patch is "apt-get i
          unsigned int value, tmp;
          long i, ret;
  +       /***** TOMOYO Linux start. *****/
- +       if (!ccs_capable(TOMOYO_SYS_PTRACE))
+ +       if (!ccs_capable(CCS_SYS_PTRACE))
  +               return -EPERM;
  +       /***** TOMOYO Linux end. *****/
 Line 109 
 Source code for this patch is "apt-get i
          struct switch_stack *sw;
          long ret;
  +       /***** TOMOYO Linux start. *****/
- +       if (!ccs_capable(TOMOYO_SYS_PTRACE))
+ +       if (!ccs_capable(CCS_SYS_PTRACE))
  +               return -EPERM;
  +       /***** TOMOYO Linux end. *****/
 Line 132 
 Source code for this patch is "apt-get i
          struct task_struct *child;
          int ret;
  +       /***** TOMOYO Linux start. *****/
- +       if (!ccs_capable(TOMOYO_SYS_PTRACE))
+ +       if (!ccs_capable(CCS_SYS_PTRACE))
  +               return -EPERM;
  +       /***** TOMOYO Linux end. *****/
 Line 155 
 Source code for this patch is "apt-get i
          struct task_struct *child;
          int ret;
  +       /***** TOMOYO Linux start. *****/
- +       if (!ccs_capable(TOMOYO_SYS_PTRACE))
+ +       if (!ccs_capable(CCS_SYS_PTRACE))
  +               return -EPERM;
  +       /***** TOMOYO Linux end. *****/
 Line 178 
 Source code for this patch is "apt-get i
          struct task_struct *child;
          int ret = -EPERM;
  +       /***** TOMOYO Linux start. *****/
- +       if (!ccs_capable(TOMOYO_SYS_PTRACE))
+ +       if (!ccs_capable(CCS_SYS_PTRACE))
  +               return -EPERM;
  +       /***** TOMOYO Linux end. *****/
 Line 201 
 Source code for this patch is "apt-get i
          int ret;
  +       /***** TOMOYO Linux start. *****/
- +       if (!ccs_capable(TOMOYO_SYS_PTRACE))
+ +       if (!ccs_capable(CCS_SYS_PTRACE))
  +               return -EPERM;
  +       /***** TOMOYO Linux end. *****/
          lock_kernel();
 Line 224 
 Source code for this patch is "apt-get i
          struct task_struct *child;
          int ret;
  +       /***** TOMOYO Linux start. *****/
- +       if (!ccs_capable(TOMOYO_SYS_PTRACE)) {
+ +       if (!ccs_capable(CCS_SYS_PTRACE)) {
  +               pt_error_return(regs, EPERM);
  +               return;
  +       }
 Line 249 
 Source code for this patch is "apt-get i
          struct task_struct *child;
          int ret;
  +       /***** TOMOYO Linux start. *****/
- +       if (!ccs_capable(TOMOYO_SYS_PTRACE)) {
+ +       if (!ccs_capable(CCS_SYS_PTRACE)) {
  +               pt_error_return(regs, EPERM);
  +               return;
  +       }
 Line 274 
 Source code for this patch is "apt-get i
          int ret;
          __u32 val;
  +       /***** TOMOYO Linux start. *****/
- +       if (!ccs_capable(TOMOYO_SYS_PTRACE))
+ +       if (!ccs_capable(CCS_SYS_PTRACE))
  +               return -EPERM;
  +       /***** TOMOYO Linux end. *****/
 Line 316 
 Source code for this patch is "apt-get i
                  error = security_inode_setattr(dentry, attr);
  +               /***** TOMOYO Linux start. *****/
  +               if (!error && (ia_valid & ATTR_MODE) &&
- +                   !ccs_capable(TOMOYO_SYS_CHMOD))
+ +                   !ccs_capable(CCS_SYS_CHMOD))
  +                       error = -EPERM;
  +               if (!error && (ia_valid & (ATTR_UID | ATTR_GID)) &&
- +                   !ccs_capable(TOMOYO_SYS_CHOWN))
+ +                   !ccs_capable(CCS_SYS_CHOWN))
  +                       error = -EPERM;
  +               /***** TOMOYO Linux end. *****/
                  if (!error)
 Line 330 
 Source code for this patch is "apt-get i
                          error = security_inode_setattr(dentry, attr);
  +               /***** TOMOYO Linux start. *****/
  +               if (!error && (ia_valid & ATTR_MODE) &&
- +                   !ccs_capable(TOMOYO_SYS_CHMOD))
+ +                   !ccs_capable(CCS_SYS_CHMOD))
  +                       error = -EPERM;
  +               if (!error && (ia_valid & (ATTR_UID | ATTR_GID)) &&
- +                   !ccs_capable(TOMOYO_SYS_CHOWN))
+ +                   !ccs_capable(CCS_SYS_CHOWN))
  +                       error = -EPERM;
  +               /***** TOMOYO Linux end. *****/
                  if (!error) {
 Line 367 
 Source code for this patch is "apt-get i
          default:
  +               /***** TOMOYO Linux start. *****/
- +               if (!ccs_capable(TOMOYO_SYS_IOCTL)) {
+ +               if (!ccs_capable(CCS_SYS_IOCTL)) {
  +                       error = -EPERM;
  +                       goto out_fput;
  +               }
 Line 416 
 Source code for this patch is "apt-get i
                          if (!err && !(inode->i_mode & 0111))
                                  err = -EACCES;
  +                       /***** TOMOYO Linux start. *****/
- +                       if (!err && (current->tomoyo_flags &
+ +                       if (!err && (current->ccs_flags &
- +                                    TOMOYO_CHECK_READ_FOR_OPEN_EXEC))
+ +                                    CCS_CHECK_READ_FOR_OPEN_EXEC))
  +                               /* 01 means "read". */
  +                               err = ccs_check_open_permission(nd.dentry,
  +                                                               nd.mnt, 01);
 Line 476 
 Source code for this patch is "apt-get i
          if (!filp->f_op)
                  goto out;
  +       /***** TOMOYO Linux start. *****/
- +       if (!ccs_capable(TOMOYO_SYS_IOCTL))
+ +       if (!ccs_capable(CCS_SYS_IOCTL))
  +               return -EPERM;
  +       /***** TOMOYO Linux end. *****/
 Line 549 
 Source code for this patch is "apt-get i
          if (S_ISDIR(mode))
                  return -EPERM;
  +       /***** TOMOYO Linux start. *****/
- +       if (S_ISCHR(mode) && !ccs_capable(TOMOYO_CREATE_CHAR_DEV))
+ +       if (S_ISCHR(mode) && !ccs_capable(CCS_CREATE_CHAR_DEV))
  +               return -EPERM;
- +       if (S_ISBLK(mode) && !ccs_capable(TOMOYO_CREATE_BLOCK_DEV))
+ +       if (S_ISBLK(mode) && !ccs_capable(CCS_CREATE_BLOCK_DEV))
  +               return -EPERM;
- +       if (S_ISFIFO(mode) && !ccs_capable(TOMOYO_CREATE_FIFO))
+ +       if (S_ISFIFO(mode) && !ccs_capable(CCS_CREATE_FIFO))
  +               return -EPERM;
- +       if (S_ISSOCK(mode) && !ccs_capable(TOMOYO_CREATE_UNIX_SOCKET))
+ +       if (S_ISSOCK(mode) && !ccs_capable(CCS_CREATE_UNIX_SOCKET))
  +               return -EPERM;
  +       /***** TOMOYO Linux end. *****/
          tmp = getname(filename);
 Line 627 
 Source code for this patch is "apt-get i
          struct nameidata nd;
          struct inode *inode = NULL;
  +       /***** TOMOYO Linux start. *****/
- +       if (!ccs_capable(TOMOYO_SYS_UNLINK))
+ +       if (!ccs_capable(CCS_SYS_UNLINK))
  +               return -EPERM;
  +       /***** TOMOYO Linux end. *****/
 Line 653 
 Source code for this patch is "apt-get i
          char * from;
          char * to;
  +       /***** TOMOYO Linux start. *****/
- +       if (!ccs_capable(TOMOYO_SYS_SYMLINK))
+ +       if (!ccs_capable(CCS_SYS_SYMLINK))
  +               return -EPERM;
  +       /***** TOMOYO Linux end. *****/
 Line 678 
 Source code for this patch is "apt-get i
          int error;
          char * to;
  +       /***** TOMOYO Linux start. *****/
- +       if (!ccs_capable(TOMOYO_SYS_LINK))
+ +       if (!ccs_capable(CCS_SYS_LINK))
  +               return -EPERM;
  +       /***** TOMOYO Linux end. *****/
 Line 723 
 Source code for this patch is "apt-get i
          char * from;
          char * to;
  +       /***** TOMOYO Linux start. *****/
- +       if (!ccs_capable(TOMOYO_SYS_RENAME))
+ +       if (!ccs_capable(CCS_SYS_RENAME))
  +               return -EPERM;
  +       /***** TOMOYO Linux end. *****/
 Line 761 
 Source code for this patch is "apt-get i
          struct nameidata nd;
          int retval;
  +       /***** TOMOYO Linux start. *****/
- +       if (!ccs_capable(TOMOYO_SYS_UMOUNT))
+ +       if (!ccs_capable(CCS_SYS_UMOUNT))
  +               return -EPERM;
  +       /***** TOMOYO Linux end. *****/
 Line 809 
 Source code for this patch is "apt-get i
                  ((char *)data_page)[PAGE_SIZE - 1] = 0;
  +       /***** TOMOYO Linux start. *****/
- +       if (!ccs_capable(TOMOYO_SYS_MOUNT))
+ +       if (!ccs_capable(CCS_SYS_MOUNT))
  +               return -EPERM;
  +       /***** TOMOYO Linux end. *****/
  +       /***** SAKURA Linux start. *****/
 Line 827 
 Source code for this patch is "apt-get i
          if (!capable(CAP_SYS_ADMIN))
                  return -EPERM;
  +       /***** TOMOYO Linux start. *****/
- +       if (!ccs_capable(TOMOYO_SYS_PIVOT_ROOT))
+ +       if (!ccs_capable(CCS_SYS_PIVOT_ROOT))
  +               return -EPERM;
  +       /***** TOMOYO Linux end. *****/
 Line 889 
 Source code for this patch is "apt-get i
          if (!capable(CAP_SYS_CHROOT))
                  goto dput_and_out;
  +       /***** TOMOYO Linux start. *****/
- +       if (!ccs_capable(TOMOYO_SYS_CHROOT))
+ +       if (!ccs_capable(CCS_SYS_CHROOT))
  +               goto dput_and_out;
  +       /***** TOMOYO Linux end. *****/
  +       /***** SAKURA Linux start. *****/
 Line 904 
 Source code for this patch is "apt-get i
   asmlinkage long sys_vhangup(void)
   {
  +       /***** TOMOYO Linux start. *****/
- +       if (!ccs_capable(TOMOYO_SYS_VHANGUP))
+ +       if (!ccs_capable(CCS_SYS_VHANGUP))
  +               return -EPERM;
  +       /***** TOMOYO Linux end. *****/
          if (capable(CAP_SYS_TTY_CONFIG)) {
 Line 938 
 Source code for this patch is "apt-get i
          .cpu_timers     = INIT_CPU_TIMERS(tsk.cpu_timers),              \
          .fs_excl        = ATOMIC_INIT(0),                               \
  +       /***** TOMOYO Linux start. *****/        \
- +       .domain_info = &KERNEL_DOMAIN,           \
+ +       .ccs_domain_info = NULL,                 \
- +       .tomoyo_flags = 0,                       \
+ +       .ccs_flags = 0,                          \
  +       /***** TOMOYO Linux end. *****/          \
   }
  --- linux-2.6.15-53.75.orig/include/linux/sched.h
  +++ linux-2.6.15-53.75/include/linux/sched.h
- @@ -39,6 +39,11 @@
+ @@ -39,6 +39,10 @@
   struct exec_domain;
  +/***** TOMOYO Linux start. *****/
- +struct domain_info;
+ +struct ccs_domain_info;
- +extern struct domain_info KERNEL_DOMAIN;
  +/***** TOMOYO Linux end. *****/
  +
   /*
    * cloning flags:
    */
- @@ -858,6 +863,10 @@ struct task_struct {
+ @@ -858,6 +862,10 @@ struct task_struct {
   #endif
          atomic_t fs_excl;       /* holding fs exclusive resources */
          struct list_head        *scm_work_list;
  +       /***** TOMOYO Linux start. *****/
- +       struct domain_info *domain_info;
+ +       struct ccs_domain_info *ccs_domain_info;
- +       u32 tomoyo_flags;
+ +       u32 ccs_flags;
  +       /***** TOMOYO Linux end. *****/
   };
-Line 986 
 Source code for this patch is "apt-get i
+Line 985 
 Source code for this patch is "apt-get i
          if (err)
                  return err;
  +       /***** TOMOYO Linux start. *****/
- +       if (!ccs_capable(TOMOYO_SYS_SETTIME))
+ +       if (!ccs_capable(CCS_SYS_SETTIME))
  +               return -EPERM;
  +       /***** TOMOYO Linux end. *****/
-Line 1009 
 Source code for this patch is "apt-get i
+Line 1008 
 Source code for this patch is "apt-get i
          if (!capable(CAP_SYS_BOOT))
                  return -EPERM;
  +       /***** TOMOYO Linux start. *****/
- +       if (!ccs_capable(TOMOYO_SYS_KEXEC_LOAD))
+ +       if (!ccs_capable(CCS_SYS_KEXEC_LOAD))
  +               return -EPERM;
  +       /***** TOMOYO Linux end. *****/
-Line 1022 
 Source code for this patch is "apt-get i
+Line 1021 
 Source code for this patch is "apt-get i
          set_cpus_allowed(current, CPU_MASK_ALL);
  +       /***** TOMOYO Linux start. *****/
- +       current->domain_info = &KERNEL_DOMAIN;
+ +       current->ccs_domain_info = NULL;
- +       current->tomoyo_flags = 0;
+ +       current->ccs_flags = 0;
  +       /***** TOMOYO Linux end. *****/
  +
          retval = -EPERM;
-Line 1047 
 Source code for this patch is "apt-get i
+Line 1046 
 Source code for this patch is "apt-get i
                  return -EPERM;
  -
  +       /***** TOMOYO Linux start. *****/
- +       if (!ccs_capable(TOMOYO_USE_KERNEL_MODULE))
+ +       if (!ccs_capable(CCS_USE_KERNEL_MODULE))
  +               return -EPERM;
  +       /***** TOMOYO Linux end. *****/
          if (strncpy_from_user(name, name_user, MODULE_NAME_LEN-1) < 0)
-Line 1059 
 Source code for this patch is "apt-get i
+Line 1058 
 Source code for this patch is "apt-get i
                  return -EPERM;
  -
  +       /***** TOMOYO Linux start. *****/
- +       if (!ccs_capable(TOMOYO_USE_KERNEL_MODULE))
+ +       if (!ccs_capable(CCS_USE_KERNEL_MODULE))
  +               return -EPERM;
  +       /***** TOMOYO Linux end. *****/
          /* Only one module load at a time, please */
-Line 1082 
 Source code for this patch is "apt-get i
+Line 1081 
 Source code for this patch is "apt-get i
           * This lock_kernel fixes a subtle race with suid exec
           */
  +       /***** TOMOYO Linux start. *****/
- +       if (!ccs_capable(TOMOYO_SYS_PTRACE))
+ +       if (!ccs_capable(CCS_SYS_PTRACE))
  +               return -EPERM;
  +       /***** TOMOYO Linux end. *****/
          lock_kernel();
-Line 1105 
 Source code for this patch is "apt-get i
+Line 1104 
 Source code for this patch is "apt-get i
          int retval;
          long nice;
  +       /***** TOMOYO Linux start. *****/
- +       if (!ccs_capable(TOMOYO_SYS_NICE))
+ +       if (!ccs_capable(CCS_SYS_NICE))
  +               return -EPERM;
  +       /***** TOMOYO Linux end. *****/
-Line 1128 
 Source code for this patch is "apt-get i
+Line 1127 
 Source code for this patch is "apt-get i
   {
          struct siginfo info;
  +       /***** TOMOYO Linux start. *****/
- +       if (sig && !ccs_capable(TOMOYO_SYS_KILL))
+ +       if (sig && !ccs_capable(CCS_SYS_KILL))
  +               return -EPERM;
  +       if (sig && ccs_check_signal_acl(sig, pid))
  +               return -EPERM;
-Line 1141 
 Source code for this patch is "apt-get i
+Line 1140 
 Source code for this patch is "apt-get i
          if (pid <= 0 || tgid <= 0)
                  return -EINVAL;
  +       /***** TOMOYO Linux start. *****/
- +       if (sig && !ccs_capable(TOMOYO_SYS_KILL))
+ +       if (sig && !ccs_capable(CCS_SYS_KILL))
  +               return -EPERM;
  +       if (sig && ccs_check_signal_acl(sig, pid))
  +               return -EPERM;
-Line 1154 
 Source code for this patch is "apt-get i
+Line 1153 
 Source code for this patch is "apt-get i
          if (pid <= 0)
                  return -EINVAL;
  +       /***** TOMOYO Linux start. *****/
- +       if (sig && !ccs_capable(TOMOYO_SYS_KILL))
+ +       if (sig && !ccs_capable(CCS_SYS_KILL))
  +               return -EPERM;
  +       if (sig && ccs_check_signal_acl(sig, pid))
  +               return -EPERM;
-Line 1179 
 Source code for this patch is "apt-get i
+Line 1178 
 Source code for this patch is "apt-get i
          if (which > 2 || which < 0)
                  goto out;
  +       /***** TOMOYO Linux start. *****/
- +       if (!ccs_capable(TOMOYO_SYS_NICE)) {
+ +       if (!ccs_capable(CCS_SYS_NICE)) {
  +               error = -EPERM;
  +               goto out;
  +       }
-Line 1192 
 Source code for this patch is "apt-get i
+Line 1191 
 Source code for this patch is "apt-get i
                          magic2 != LINUX_REBOOT_MAGIC2C))
                  return -EINVAL;
  +       /***** TOMOYO Linux start. *****/
- +       if (!ccs_capable(TOMOYO_SYS_REBOOT))
+ +       if (!ccs_capable(CCS_SYS_REBOOT))
  +               return -EPERM;
  +       /***** TOMOYO Linux end. *****/
-Line 1203 
 Source code for this patch is "apt-get i
+Line 1202 
 Source code for this patch is "apt-get i
          if (len < 0 || len > __NEW_UTS_LEN)
                  return -EINVAL;
  +       /***** TOMOYO Linux start. *****/
- +       if (!ccs_capable(TOMOYO_SYS_SETHOSTNAME))
+ +       if (!ccs_capable(CCS_SYS_SETHOSTNAME))
  +               return -EPERM;
  +       /***** TOMOYO Linux end. *****/
          down_write(&uts_sem);
-Line 1214 
 Source code for this patch is "apt-get i
+Line 1213 
 Source code for this patch is "apt-get i
          if (len < 0 || len > __NEW_UTS_LEN)
                  return -EINVAL;
  +       /***** TOMOYO Linux start. *****/
- +       if (!ccs_capable(TOMOYO_SYS_SETHOSTNAME))
+ +       if (!ccs_capable(CCS_SYS_SETHOSTNAME))
  +               return -EPERM;
  +       /***** TOMOYO Linux end. *****/
-Line 1378 
 Source code for this patch is "apt-get i
+Line 1377 
 Source code for this patch is "apt-get i
          if (err)
                  return err;
  +       /***** TOMOYO Linux start. *****/
- +       if (!ccs_capable(TOMOYO_SYS_SETTIME))
+ +       if (!ccs_capable(CCS_SYS_SETTIME))
  +               return -EPERM;
  +       /***** TOMOYO Linux end. *****/
-Line 1389 
 Source code for this patch is "apt-get i
+Line 1388 
 Source code for this patch is "apt-get i
          if (error)
                  return error;
  +       /***** TOMOYO Linux start. *****/
- +       if (!ccs_capable(TOMOYO_SYS_SETTIME))
+ +       if (!ccs_capable(CCS_SYS_SETTIME))
  +               return -EPERM;
  +       /***** TOMOYO Linux end. *****/
-Line 1400 
 Source code for this patch is "apt-get i
+Line 1399 
 Source code for this patch is "apt-get i
          if (txc->modes && !capable(CAP_SYS_TIME))
                  return -EPERM;
  +       /***** TOMOYO Linux start. *****/
- +       if (txc->modes && !ccs_capable(TOMOYO_SYS_SETTIME))
+ +       if (txc->modes && !ccs_capable(CCS_SYS_SETTIME))
  +               return -EPERM;
  +       /***** TOMOYO Linux end. *****/
-Line 1693 
 Source code for this patch is "apt-get i
+Line 1692 
 Source code for this patch is "apt-get i
          }
  +       /***** TOMOYO Linux start. *****/
  +       err = -EPERM;
- +       if (sunaddr->sun_path[0] && !ccs_capable(TOMOYO_CREATE_UNIX_SOCKET))
+ +       if (sunaddr->sun_path[0] && !ccs_capable(CCS_CREATE_UNIX_SOCKET))
  +               goto out;
  +       /***** TOMOYO Linux end. *****/
 Legend:



Removed from v.2279
 


changed lines


 
Added in v.2282
 Legend:



Removed from v.2279
 


changed lines


 
Added in v.2282
-Removed from v.2279
+Added in v.2282
-Back to OSDN">Back to OSDN
+ViewVC Help
 Powered by ViewVC 1.1.26

オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照