36 |
kernel/sys.c | 21 ++++++++++++++ |
kernel/sys.c | 21 ++++++++++++++ |
37 |
kernel/sysctl.c | 17 +++++++++++ |
kernel/sysctl.c | 17 +++++++++++ |
38 |
kernel/time.c | 15 ++++++++++ |
kernel/time.c | 15 ++++++++++ |
|
net/core/datagram.c | 11 +++++++ |
|
39 |
net/ipv4/inet_connection_sock.c | 7 ++++ |
net/ipv4/inet_connection_sock.c | 7 ++++ |
40 |
net/ipv4/inet_hashtables.c | 7 ++++ |
net/ipv4/inet_hashtables.c | 7 ++++ |
41 |
net/ipv4/udp.c | 11 +++++++ |
net/ipv4/raw.c | 8 +++++ |
42 |
|
net/ipv4/udp.c | 21 +++++++++++++- |
43 |
net/ipv6/inet6_hashtables.c | 9 +++++- |
net/ipv6/inet6_hashtables.c | 9 +++++- |
44 |
net/ipv6/udp.c | 11 +++++++ |
net/ipv6/raw.c | 8 +++++ |
45 |
|
net/ipv6/udp.c | 19 ++++++++++++ |
46 |
net/socket.c | 43 ++++++++++++++++++++++++++-- |
net/socket.c | 43 ++++++++++++++++++++++++++-- |
47 |
net/unix/af_unix.c | 8 +++++ |
net/unix/af_unix.c | 8 +++++ |
48 |
42 files changed, 527 insertions(+), 10 deletions(-) |
43 files changed, 549 insertions(+), 11 deletions(-) |
49 |
|
|
50 |
--- linux-2.6.16-76.47vl4.orig/arch/alpha/kernel/ptrace.c |
--- linux-2.6.16-76.47vl4.orig/arch/alpha/kernel/ptrace.c |
51 |
+++ linux-2.6.16-76.47vl4/arch/alpha/kernel/ptrace.c |
+++ linux-2.6.16-76.47vl4/arch/alpha/kernel/ptrace.c |
830 |
#endif |
#endif |
831 |
+ /***** CCS start. *****/ |
+ /***** CCS start. *****/ |
832 |
+#if defined(CONFIG_SAKURA) || defined(CONFIG_TOMOYO) |
+#if defined(CONFIG_SAKURA) || defined(CONFIG_TOMOYO) |
833 |
+ printk(KERN_INFO "Hook version: 2.6.16-76.47vl4 2009/04/08\n"); |
+ printk(KERN_INFO "Hook version: 2.6.16-76.47vl4 2009/04/20\n"); |
834 |
+#endif |
+#endif |
835 |
+ /***** CCS end. *****/ |
+ /***** CCS end. *****/ |
836 |
} |
} |
1207 |
|
|
1208 |
/* Now we validate the data before disabling interrupts */ |
/* Now we validate the data before disabling interrupts */ |
1209 |
|
|
|
--- linux-2.6.16-76.47vl4.orig/net/core/datagram.c |
|
|
+++ linux-2.6.16-76.47vl4/net/core/datagram.c |
|
|
@@ -56,6 +56,11 @@ |
|
|
#include <net/sock.h> |
|
|
#include <net/tcp_states.h> |
|
|
|
|
|
+/***** TOMOYO Linux start. *****/ |
|
|
+#include <linux/tomoyo.h> |
|
|
+#include <linux/tomoyo_socket.h> |
|
|
+/***** TOMOYO Linux end. *****/ |
|
|
+ |
|
|
/* |
|
|
* Is a socket 'connection oriented' ? |
|
|
*/ |
|
|
@@ -178,6 +183,12 @@ struct sk_buff *skb_recv_datagram(struct |
|
|
} else |
|
|
skb = skb_dequeue(&sk->sk_receive_queue); |
|
|
|
|
|
+ /***** TOMOYO Linux start. *****/ |
|
|
+ error = ccs_socket_recv_datagram_permission(sk, skb, flags); |
|
|
+ if (error) |
|
|
+ goto no_packet; |
|
|
+ /***** TOMOYO Linux end. *****/ |
|
|
+ |
|
|
if (skb) |
|
|
return skb; |
|
|
|
|
1210 |
--- linux-2.6.16-76.47vl4.orig/net/ipv4/inet_connection_sock.c |
--- linux-2.6.16-76.47vl4.orig/net/ipv4/inet_connection_sock.c |
1211 |
+++ linux-2.6.16-76.47vl4/net/ipv4/inet_connection_sock.c |
+++ linux-2.6.16-76.47vl4/net/ipv4/inet_connection_sock.c |
1212 |
@@ -24,6 +24,9 @@ |
@@ -24,6 +24,9 @@ |
1253 |
head = &hinfo->bhash[inet_bhashfn(port, hinfo->bhash_size)]; |
head = &hinfo->bhash[inet_bhashfn(port, hinfo->bhash_size)]; |
1254 |
spin_lock(&head->lock); |
spin_lock(&head->lock); |
1255 |
|
|
1256 |
|
--- linux-2.6.16-76.47vl4.orig/net/ipv4/raw.c |
1257 |
|
+++ linux-2.6.16-76.47vl4/net/ipv4/raw.c |
1258 |
|
@@ -79,6 +79,9 @@ |
1259 |
|
#include <linux/seq_file.h> |
1260 |
|
#include <linux/netfilter.h> |
1261 |
|
#include <linux/netfilter_ipv4.h> |
1262 |
|
+/***** TOMOYO Linux start. *****/ |
1263 |
|
+#include <linux/tomoyo_socket.h> |
1264 |
|
+/***** TOMOYO Linux end. *****/ |
1265 |
|
|
1266 |
|
struct hlist_head raw_v4_htable[RAWV4_HTABLE_SIZE]; |
1267 |
|
DEFINE_RWLOCK(raw_v4_lock); |
1268 |
|
@@ -592,6 +595,11 @@ static int raw_recvmsg(struct kiocb *ioc |
1269 |
|
skb = skb_recv_datagram(sk, flags, noblock, &err); |
1270 |
|
if (!skb) |
1271 |
|
goto out; |
1272 |
|
+ /***** TOMOYO Linux start. *****/ |
1273 |
|
+ err = ccs_socket_recvmsg_permission(sk, skb, flags); |
1274 |
|
+ if (err) |
1275 |
|
+ goto out; |
1276 |
|
+ /***** TOMOYO Linux end. *****/ |
1277 |
|
|
1278 |
|
copied = skb->len; |
1279 |
|
if (len < copied) { |
1280 |
--- linux-2.6.16-76.47vl4.orig/net/ipv4/udp.c |
--- linux-2.6.16-76.47vl4.orig/net/ipv4/udp.c |
1281 |
+++ linux-2.6.16-76.47vl4/net/ipv4/udp.c |
+++ linux-2.6.16-76.47vl4/net/ipv4/udp.c |
1282 |
@@ -109,6 +109,9 @@ |
@@ -109,6 +109,12 @@ |
1283 |
#include <net/inet_common.h> |
#include <net/inet_common.h> |
1284 |
#include <net/checksum.h> |
#include <net/checksum.h> |
1285 |
#include <net/xfrm.h> |
#include <net/xfrm.h> |
1286 |
+/***** SAKURA Linux start. *****/ |
+/***** SAKURA Linux start. *****/ |
1287 |
+#include <linux/sakura.h> |
+#include <linux/sakura.h> |
1288 |
+/***** SAKURA Linux end. *****/ |
+/***** SAKURA Linux end. *****/ |
1289 |
|
+/***** TOMOYO Linux start. *****/ |
1290 |
|
+#include <linux/tomoyo_socket.h> |
1291 |
|
+/***** TOMOYO Linux end. *****/ |
1292 |
|
|
1293 |
/* |
/* |
1294 |
* Snmp MIB for the UDP layer |
* Snmp MIB for the UDP layer |
1295 |
@@ -147,6 +150,10 @@ static int udp_v4_get_port(struct sock * |
@@ -147,6 +153,10 @@ static int udp_v4_get_port(struct sock * |
1296 |
result = sysctl_local_port_range[0] + |
result = sysctl_local_port_range[0] + |
1297 |
((result - sysctl_local_port_range[0]) & |
((result - sysctl_local_port_range[0]) & |
1298 |
(UDP_HTABLE_SIZE - 1)); |
(UDP_HTABLE_SIZE - 1)); |
1303 |
goto gotit; |
goto gotit; |
1304 |
} |
} |
1305 |
size = 0; |
size = 0; |
1306 |
@@ -163,6 +170,10 @@ static int udp_v4_get_port(struct sock * |
@@ -163,6 +173,10 @@ static int udp_v4_get_port(struct sock * |
1307 |
result = sysctl_local_port_range[0] |
result = sysctl_local_port_range[0] |
1308 |
+ ((result - sysctl_local_port_range[0]) & |
+ ((result - sysctl_local_port_range[0]) & |
1309 |
(UDP_HTABLE_SIZE - 1)); |
(UDP_HTABLE_SIZE - 1)); |
1314 |
if (!udp_lport_inuse(result)) |
if (!udp_lport_inuse(result)) |
1315 |
break; |
break; |
1316 |
} |
} |
1317 |
|
@@ -797,7 +811,12 @@ try_again: |
1318 |
|
skb = skb_recv_datagram(sk, flags, noblock, &err); |
1319 |
|
if (!skb) |
1320 |
|
goto out; |
1321 |
|
- |
1322 |
|
+ /***** TOMOYO Linux start. *****/ |
1323 |
|
+ err = ccs_socket_recvmsg_permission(sk, skb, flags); |
1324 |
|
+ if (err) |
1325 |
|
+ goto out; |
1326 |
|
+ /***** TOMOYO Linux end. *****/ |
1327 |
|
+ |
1328 |
|
copied = skb->len - sizeof(struct udphdr); |
1329 |
|
if (copied > len) { |
1330 |
|
copied = len; |
1331 |
--- linux-2.6.16-76.47vl4.orig/net/ipv6/inet6_hashtables.c |
--- linux-2.6.16-76.47vl4.orig/net/ipv6/inet6_hashtables.c |
1332 |
+++ linux-2.6.16-76.47vl4/net/ipv6/inet6_hashtables.c |
+++ linux-2.6.16-76.47vl4/net/ipv6/inet6_hashtables.c |
1333 |
@@ -22,6 +22,9 @@ |
@@ -22,6 +22,9 @@ |
1360 |
head = &hinfo->bhash[inet_bhashfn(port, hinfo->bhash_size)]; |
head = &hinfo->bhash[inet_bhashfn(port, hinfo->bhash_size)]; |
1361 |
spin_lock(&head->lock); |
spin_lock(&head->lock); |
1362 |
|
|
1363 |
|
--- linux-2.6.16-76.47vl4.orig/net/ipv6/raw.c |
1364 |
|
+++ linux-2.6.16-76.47vl4/net/ipv6/raw.c |
1365 |
|
@@ -56,6 +56,9 @@ |
1366 |
|
|
1367 |
|
#include <linux/proc_fs.h> |
1368 |
|
#include <linux/seq_file.h> |
1369 |
|
+/***** TOMOYO Linux start. *****/ |
1370 |
|
+#include <linux/tomoyo_socket.h> |
1371 |
|
+/***** TOMOYO Linux end. *****/ |
1372 |
|
|
1373 |
|
struct hlist_head raw_v6_htable[RAWV6_HTABLE_SIZE]; |
1374 |
|
DEFINE_RWLOCK(raw_v6_lock); |
1375 |
|
@@ -387,6 +390,11 @@ static int rawv6_recvmsg(struct kiocb *i |
1376 |
|
skb = skb_recv_datagram(sk, flags, noblock, &err); |
1377 |
|
if (!skb) |
1378 |
|
goto out; |
1379 |
|
+ /***** TOMOYO Linux start. *****/ |
1380 |
|
+ err = ccs_socket_recvmsg_permission(sk, skb, flags); |
1381 |
|
+ if (err) |
1382 |
|
+ goto out; |
1383 |
|
+ /***** TOMOYO Linux end. *****/ |
1384 |
|
|
1385 |
|
copied = skb->len; |
1386 |
|
if (copied > len) { |
1387 |
--- linux-2.6.16-76.47vl4.orig/net/ipv6/udp.c |
--- linux-2.6.16-76.47vl4.orig/net/ipv6/udp.c |
1388 |
+++ linux-2.6.16-76.47vl4/net/ipv6/udp.c |
+++ linux-2.6.16-76.47vl4/net/ipv6/udp.c |
1389 |
@@ -59,6 +59,9 @@ |
@@ -59,6 +59,12 @@ |
1390 |
|
|
1391 |
#include <linux/proc_fs.h> |
#include <linux/proc_fs.h> |
1392 |
#include <linux/seq_file.h> |
#include <linux/seq_file.h> |
1393 |
+/***** SAKURA Linux start. *****/ |
+/***** SAKURA Linux start. *****/ |
1394 |
+#include <linux/sakura.h> |
+#include <linux/sakura.h> |
1395 |
+/***** SAKURA Linux end. *****/ |
+/***** SAKURA Linux end. *****/ |
1396 |
|
+/***** TOMOYO Linux start. *****/ |
1397 |
|
+#include <linux/tomoyo_socket.h> |
1398 |
|
+/***** TOMOYO Linux end. *****/ |
1399 |
|
|
1400 |
DEFINE_SNMP_STAT(struct udp_mib, udp_stats_in6) __read_mostly; |
DEFINE_SNMP_STAT(struct udp_mib, udp_stats_in6) __read_mostly; |
1401 |
|
|
1402 |
@@ -89,6 +92,10 @@ static int udp_v6_get_port(struct sock * |
@@ -89,6 +95,10 @@ static int udp_v6_get_port(struct sock * |
1403 |
result = sysctl_local_port_range[0] + |
result = sysctl_local_port_range[0] + |
1404 |
((result - sysctl_local_port_range[0]) & |
((result - sysctl_local_port_range[0]) & |
1405 |
(UDP_HTABLE_SIZE - 1)); |
(UDP_HTABLE_SIZE - 1)); |
1410 |
goto gotit; |
goto gotit; |
1411 |
} |
} |
1412 |
size = 0; |
size = 0; |
1413 |
@@ -105,6 +112,10 @@ static int udp_v6_get_port(struct sock * |
@@ -105,6 +115,10 @@ static int udp_v6_get_port(struct sock * |
1414 |
result = sysctl_local_port_range[0] |
result = sysctl_local_port_range[0] |
1415 |
+ ((result - sysctl_local_port_range[0]) & |
+ ((result - sysctl_local_port_range[0]) & |
1416 |
(UDP_HTABLE_SIZE - 1)); |
(UDP_HTABLE_SIZE - 1)); |
1421 |
if (!udp_lport_inuse(result)) |
if (!udp_lport_inuse(result)) |
1422 |
break; |
break; |
1423 |
} |
} |
1424 |
|
@@ -238,6 +252,11 @@ try_again: |
1425 |
|
skb = skb_recv_datagram(sk, flags, noblock, &err); |
1426 |
|
if (!skb) |
1427 |
|
goto out; |
1428 |
|
+ /***** TOMOYO Linux start. *****/ |
1429 |
|
+ err = ccs_socket_recvmsg_permission(sk, skb, flags); |
1430 |
|
+ if (err) |
1431 |
|
+ goto out; |
1432 |
|
+ /***** TOMOYO Linux end. *****/ |
1433 |
|
|
1434 |
|
copied = skb->len - sizeof(struct udphdr); |
1435 |
|
if (copied > len) { |
1436 |
--- linux-2.6.16-76.47vl4.orig/net/socket.c |
--- linux-2.6.16-76.47vl4.orig/net/socket.c |
1437 |
+++ linux-2.6.16-76.47vl4/net/socket.c |
+++ linux-2.6.16-76.47vl4/net/socket.c |
1438 |
@@ -97,6 +97,11 @@ |
@@ -97,6 +97,11 @@ |