32 |
kernel/sysctl.c | 9 ++++++ |
kernel/sysctl.c | 9 ++++++ |
33 |
kernel/time.c | 11 +++++++ |
kernel/time.c | 11 +++++++ |
34 |
kernel/time/ntp.c | 7 ++++ |
kernel/time/ntp.c | 7 ++++ |
|
net/core/datagram.c | 11 +++++++ |
|
35 |
net/ipv4/inet_connection_sock.c | 7 ++++ |
net/ipv4/inet_connection_sock.c | 7 ++++ |
36 |
net/ipv4/inet_hashtables.c | 7 ++++ |
net/ipv4/inet_hashtables.c | 7 ++++ |
37 |
net/ipv4/udp.c | 10 +++++++ |
net/ipv4/raw.c | 8 +++++ |
38 |
|
net/ipv4/udp.c | 18 ++++++++++++ |
39 |
|
net/ipv6/raw.c | 8 +++++ |
40 |
|
net/ipv6/udp.c | 8 +++++ |
41 |
net/socket.c | 41 ++++++++++++++++++++++++++++ |
net/socket.c | 41 ++++++++++++++++++++++++++++ |
42 |
net/unix/af_unix.c | 8 +++++ |
net/unix/af_unix.c | 8 +++++ |
43 |
36 files changed, 462 insertions(+), 2 deletions(-) |
38 files changed, 483 insertions(+), 2 deletions(-) |
44 |
|
|
45 |
--- linux-2.6.25.20-0.1.orig/arch/ia64/ia32/sys_ia32.c |
--- linux-2.6.25.20-0.1.orig/arch/ia64/ia32/sys_ia32.c |
46 |
+++ linux-2.6.25.20-0.1/arch/ia64/ia32/sys_ia32.c |
+++ linux-2.6.25.20-0.1/arch/ia64/ia32/sys_ia32.c |
691 |
#endif |
#endif |
692 |
+ /***** CCS start. *****/ |
+ /***** CCS start. *****/ |
693 |
+#if defined(CONFIG_SAKURA) || defined(CONFIG_TOMOYO) |
+#if defined(CONFIG_SAKURA) || defined(CONFIG_TOMOYO) |
694 |
+ printk(KERN_INFO "Hook version: 2.6.25.20-0.1 2009/03/24\n"); |
+ printk(KERN_INFO "Hook version: 2.6.25.20-0.1 2009/04/20\n"); |
695 |
+#endif |
+#endif |
696 |
+ /***** CCS end. *****/ |
+ /***** CCS end. *****/ |
697 |
} |
} |
1081 |
|
|
1082 |
/* Now we validate the data before disabling interrupts */ |
/* Now we validate the data before disabling interrupts */ |
1083 |
|
|
|
--- linux-2.6.25.20-0.1.orig/net/core/datagram.c |
|
|
+++ linux-2.6.25.20-0.1/net/core/datagram.c |
|
|
@@ -56,6 +56,11 @@ |
|
|
#include <net/sock.h> |
|
|
#include <net/tcp_states.h> |
|
|
|
|
|
+/***** TOMOYO Linux start. *****/ |
|
|
+#include <linux/tomoyo.h> |
|
|
+#include <linux/tomoyo_socket.h> |
|
|
+/***** TOMOYO Linux end. *****/ |
|
|
+ |
|
|
/* |
|
|
* Is a socket 'connection oriented' ? |
|
|
*/ |
|
|
@@ -179,6 +184,12 @@ struct sk_buff *__skb_recv_datagram(stru |
|
|
} |
|
|
spin_unlock_irqrestore(&sk->sk_receive_queue.lock, cpu_flags); |
|
|
|
|
|
+ /***** TOMOYO Linux start. *****/ |
|
|
+ error = ccs_socket_recv_datagram_permission(sk, skb, flags); |
|
|
+ if (error) |
|
|
+ goto no_packet; |
|
|
+ /***** TOMOYO Linux end. *****/ |
|
|
+ |
|
|
if (skb) |
|
|
return skb; |
|
|
|
|
1084 |
--- linux-2.6.25.20-0.1.orig/net/ipv4/inet_connection_sock.c |
--- linux-2.6.25.20-0.1.orig/net/ipv4/inet_connection_sock.c |
1085 |
+++ linux-2.6.25.20-0.1/net/ipv4/inet_connection_sock.c |
+++ linux-2.6.25.20-0.1/net/ipv4/inet_connection_sock.c |
1086 |
@@ -23,6 +23,9 @@ |
@@ -23,6 +23,9 @@ |
1127 |
head = &hinfo->bhash[inet_bhashfn(port, hinfo->bhash_size)]; |
head = &hinfo->bhash[inet_bhashfn(port, hinfo->bhash_size)]; |
1128 |
spin_lock(&head->lock); |
spin_lock(&head->lock); |
1129 |
|
|
1130 |
|
--- linux-2.6.25.20-0.1.orig/net/ipv4/raw.c |
1131 |
|
+++ linux-2.6.25.20-0.1/net/ipv4/raw.c |
1132 |
|
@@ -79,6 +79,9 @@ |
1133 |
|
#include <linux/seq_file.h> |
1134 |
|
#include <linux/netfilter.h> |
1135 |
|
#include <linux/netfilter_ipv4.h> |
1136 |
|
+/***** TOMOYO Linux start. *****/ |
1137 |
|
+#include <linux/tomoyo_socket.h> |
1138 |
|
+/***** TOMOYO Linux end. *****/ |
1139 |
|
|
1140 |
|
static struct raw_hashinfo raw_v4_hashinfo = { |
1141 |
|
.lock = __RW_LOCK_UNLOCKED(), |
1142 |
|
@@ -668,6 +671,11 @@ static int raw_recvmsg(struct kiocb *ioc |
1143 |
|
skb = skb_recv_datagram(sk, flags, noblock, &err); |
1144 |
|
if (!skb) |
1145 |
|
goto out; |
1146 |
|
+ /***** TOMOYO Linux start. *****/ |
1147 |
|
+ err = ccs_socket_recvmsg_permission(sk, skb, flags); |
1148 |
|
+ if (err) |
1149 |
|
+ goto out; |
1150 |
|
+ /***** TOMOYO Linux end. *****/ |
1151 |
|
|
1152 |
|
copied = skb->len; |
1153 |
|
if (len < copied) { |
1154 |
--- linux-2.6.25.20-0.1.orig/net/ipv4/udp.c |
--- linux-2.6.25.20-0.1.orig/net/ipv4/udp.c |
1155 |
+++ linux-2.6.25.20-0.1/net/ipv4/udp.c |
+++ linux-2.6.25.20-0.1/net/ipv4/udp.c |
1156 |
@@ -105,6 +105,9 @@ |
@@ -105,6 +105,12 @@ |
1157 |
#include <net/checksum.h> |
#include <net/checksum.h> |
1158 |
#include <net/xfrm.h> |
#include <net/xfrm.h> |
1159 |
#include "udp_impl.h" |
#include "udp_impl.h" |
1160 |
+/***** SAKURA Linux start. *****/ |
+/***** SAKURA Linux start. *****/ |
1161 |
+#include <linux/sakura.h> |
+#include <linux/sakura.h> |
1162 |
+/***** SAKURA Linux end. *****/ |
+/***** SAKURA Linux end. *****/ |
1163 |
|
+/***** TOMOYO Linux start. *****/ |
1164 |
|
+#include <linux/tomoyo_socket.h> |
1165 |
|
+/***** TOMOYO Linux end. *****/ |
1166 |
|
|
1167 |
/* |
/* |
1168 |
* Snmp MIB for the UDP layer |
* Snmp MIB for the UDP layer |
1169 |
@@ -176,6 +179,10 @@ int __udp_lib_get_port(struct sock *sk, |
@@ -176,6 +182,10 @@ int __udp_lib_get_port(struct sock *sk, |
1170 |
/* 1st pass: look for empty (or shortest) hash chain */ |
/* 1st pass: look for empty (or shortest) hash chain */ |
1171 |
for (i = 0; i < UDP_HTABLE_SIZE; i++) { |
for (i = 0; i < UDP_HTABLE_SIZE; i++) { |
1172 |
int size = 0; |
int size = 0; |
1177 |
|
|
1178 |
head = &udptable[rover & (UDP_HTABLE_SIZE - 1)]; |
head = &udptable[rover & (UDP_HTABLE_SIZE - 1)]; |
1179 |
if (hlist_empty(head)) |
if (hlist_empty(head)) |
1180 |
@@ -199,6 +206,9 @@ int __udp_lib_get_port(struct sock *sk, |
@@ -199,6 +209,9 @@ int __udp_lib_get_port(struct sock *sk, |
1181 |
/* 2nd pass: find hole in shortest hash chain */ |
/* 2nd pass: find hole in shortest hash chain */ |
1182 |
rover = best; |
rover = best; |
1183 |
for (i = 0; i < (1 << 16) / UDP_HTABLE_SIZE; i++) { |
for (i = 0; i < (1 << 16) / UDP_HTABLE_SIZE; i++) { |
1187 |
if (! __udp_lib_lport_inuse(net, rover, udptable)) |
if (! __udp_lib_lport_inuse(net, rover, udptable)) |
1188 |
goto gotit; |
goto gotit; |
1189 |
rover += UDP_HTABLE_SIZE; |
rover += UDP_HTABLE_SIZE; |
1190 |
|
@@ -863,6 +876,11 @@ try_again: |
1191 |
|
&peeked, &err); |
1192 |
|
if (!skb) |
1193 |
|
goto out; |
1194 |
|
+ /***** TOMOYO Linux start. *****/ |
1195 |
|
+ err = ccs_socket_recvmsg_permission(sk, skb, flags); |
1196 |
|
+ if (err) |
1197 |
|
+ goto out; |
1198 |
|
+ /***** TOMOYO Linux end. *****/ |
1199 |
|
|
1200 |
|
ulen = skb->len - sizeof(struct udphdr); |
1201 |
|
copied = len; |
1202 |
|
--- linux-2.6.25.20-0.1.orig/net/ipv6/raw.c |
1203 |
|
+++ linux-2.6.25.20-0.1/net/ipv6/raw.c |
1204 |
|
@@ -60,6 +60,9 @@ |
1205 |
|
|
1206 |
|
#include <linux/proc_fs.h> |
1207 |
|
#include <linux/seq_file.h> |
1208 |
|
+/***** TOMOYO Linux start. *****/ |
1209 |
|
+#include <linux/tomoyo_socket.h> |
1210 |
|
+/***** TOMOYO Linux end. *****/ |
1211 |
|
|
1212 |
|
static struct raw_hashinfo raw_v6_hashinfo = { |
1213 |
|
.lock = __RW_LOCK_UNLOCKED(), |
1214 |
|
@@ -482,6 +485,11 @@ static int rawv6_recvmsg(struct kiocb *i |
1215 |
|
skb = skb_recv_datagram(sk, flags, noblock, &err); |
1216 |
|
if (!skb) |
1217 |
|
goto out; |
1218 |
|
+ /***** TOMOYO Linux start. *****/ |
1219 |
|
+ err = ccs_socket_recvmsg_permission(sk, skb, flags); |
1220 |
|
+ if (err) |
1221 |
|
+ goto out; |
1222 |
|
+ /***** TOMOYO Linux end. *****/ |
1223 |
|
|
1224 |
|
copied = skb->len; |
1225 |
|
if (copied > len) { |
1226 |
|
--- linux-2.6.25.20-0.1.orig/net/ipv6/udp.c |
1227 |
|
+++ linux-2.6.25.20-0.1/net/ipv6/udp.c |
1228 |
|
@@ -50,6 +50,9 @@ |
1229 |
|
#include <linux/proc_fs.h> |
1230 |
|
#include <linux/seq_file.h> |
1231 |
|
#include "udp_impl.h" |
1232 |
|
+/***** TOMOYO Linux start. *****/ |
1233 |
|
+#include <linux/tomoyo_socket.h> |
1234 |
|
+/***** TOMOYO Linux end. *****/ |
1235 |
|
|
1236 |
|
static inline int udp_v6_get_port(struct sock *sk, unsigned short snum) |
1237 |
|
{ |
1238 |
|
@@ -137,6 +140,11 @@ try_again: |
1239 |
|
&peeked, &err); |
1240 |
|
if (!skb) |
1241 |
|
goto out; |
1242 |
|
+ /***** TOMOYO Linux start. *****/ |
1243 |
|
+ err = ccs_socket_recvmsg_permission(sk, skb, flags); |
1244 |
|
+ if (err) |
1245 |
|
+ goto out; |
1246 |
|
+ /***** TOMOYO Linux end. *****/ |
1247 |
|
|
1248 |
|
ulen = skb->len - sizeof(struct udphdr); |
1249 |
|
copied = len; |
1250 |
--- linux-2.6.25.20-0.1.orig/net/socket.c |
--- linux-2.6.25.20-0.1.orig/net/socket.c |
1251 |
+++ linux-2.6.25.20-0.1/net/socket.c |
+++ linux-2.6.25.20-0.1/net/socket.c |
1252 |
@@ -94,6 +94,11 @@ |
@@ -94,6 +94,11 @@ |