ccs-patch/patches/ccs-patch-2.4.37.diff

This is TOMOYO Linux patch for kernel 2.4.37.5.

Source code for this patch is http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.37.5.tar.bz2
---
 arch/alpha/kernel/ptrace.c   |    3 ++
 arch/arm/kernel/ptrace.c     |    3 ++
 arch/cris/kernel/ptrace.c    |    3 ++
 arch/i386/kernel/ptrace.c    |    3 ++
 arch/ia64/ia32/sys_ia32.c    |    3 ++
 arch/ia64/kernel/ptrace.c    |    3 ++
 arch/m68k/kernel/ptrace.c    |    3 ++
 arch/mips/kernel/ptrace.c    |    3 ++
 arch/mips64/kernel/ptrace.c  |    5 ++++
 arch/parisc/kernel/ptrace.c  |    3 ++
 arch/ppc/kernel/ptrace.c     |    3 ++
 arch/ppc64/kernel/ptrace.c   |    3 ++
 arch/ppc64/kernel/ptrace32.c |    3 ++
 arch/s390/kernel/ptrace.c    |    3 ++
 arch/s390x/kernel/ptrace.c   |    3 ++
 arch/sh/kernel/ptrace.c      |    3 ++
 arch/sh64/kernel/ptrace.c    |    3 ++
 arch/sparc/kernel/ptrace.c   |    5 ++++
 arch/sparc64/kernel/ptrace.c |    5 ++++
 arch/x86_64/ia32/ptrace32.c  |    3 ++
 arch/x86_64/kernel/ptrace.c  |    3 ++
 fs/Config.in                 |    3 ++
 fs/Makefile                  |    2 +
 fs/attr.c                    |    4 +++
 fs/exec.c                    |   12 ++++++++++-
 fs/fcntl.c                   |    4 +++
 fs/ioctl.c                   |   10 +++++++++
 fs/namei.c                   |   45 +++++++++++++++++++++++++++++++++++++++++++
 fs/namespace.c               |   31 ++++++++++++++++++++++++++++-
 fs/open.c                    |   28 ++++++++++++++++++++++++++
 fs/proc/proc_misc.c          |    1 
 include/linux/sched.h        |    6 +++++
 kernel/kmod.c                |    3 ++
 kernel/module.c              |    7 ++++++
 kernel/sched.c               |    3 ++
 kernel/signal.c              |    7 ++++++
 kernel/sys.c                 |    9 ++++++++
 kernel/sysctl.c              |   13 +++++++++++-
 kernel/time.c                |    7 ++++++
 net/ipv4/raw.c               |    4 +++
 net/ipv4/tcp_ipv4.c          |    5 ++++
 net/ipv4/udp.c               |    8 +++++++
 net/ipv6/raw.c               |    4 +++
 net/ipv6/tcp_ipv6.c          |    3 ++
 net/ipv6/udp.c               |    8 +++++++
 net/socket.c                 |   25 +++++++++++++++++++++--
 net/unix/af_unix.c           |    4 +++
 47 files changed, 320 insertions(+), 5 deletions(-)

--- linux-2.4.37.5.orig/arch/alpha/kernel/ptrace.c
+++ linux-2.4.37.5/arch/alpha/kernel/ptrace.c
@@ -18,6 +18,7 @@
 #include <asm/pgtable.h>
 #include <asm/system.h>
 #include <asm/fpu.h>
+#include <linux/ccsecurity.h>
 
 #include "proto.h"
 
@@ -251,6 +252,8 @@ sys_ptrace(long request, long pid, long 
 {
        struct task_struct *child;
        long ret;
+       if (!ccs_capable(CCS_SYS_PTRACE))
+               return -EPERM;
 
        lock_kernel();
        DBG(DBG_MEM, ("request=%ld pid=%ld addr=0x%lx data=0x%lx\n",
--- linux-2.4.37.5.orig/arch/arm/kernel/ptrace.c
+++ linux-2.4.37.5/arch/arm/kernel/ptrace.c
@@ -22,6 +22,7 @@
 #include <asm/uaccess.h>
 #include <asm/pgtable.h>
 #include <asm/system.h>
+#include <linux/ccsecurity.h>
 
 #include "ptrace.h"
 
@@ -695,6 +696,8 @@ asmlinkage int sys_ptrace(long request, 
 {
        struct task_struct *child;
        int ret;
+       if (!ccs_capable(CCS_SYS_PTRACE))
+               return -EPERM;
 
        lock_kernel();
        ret = -EPERM;
--- linux-2.4.37.5.orig/arch/cris/kernel/ptrace.c
+++ linux-2.4.37.5/arch/cris/kernel/ptrace.c
@@ -48,6 +48,7 @@
 #include <asm/pgtable.h>
 #include <asm/system.h>
 #include <asm/processor.h>
+#include <linux/ccsecurity.h>
 
 /*
  * does not yet catch signals sent when the child dies.
@@ -104,6 +105,8 @@ asmlinkage int sys_ptrace(long request, 
 {
        struct task_struct *child;
        int ret;
+       if (!ccs_capable(CCS_SYS_PTRACE))
+               return -EPERM;
 
        lock_kernel();
        ret = -EPERM;
--- linux-2.4.37.5.orig/arch/i386/kernel/ptrace.c
+++ linux-2.4.37.5/arch/i386/kernel/ptrace.c
@@ -20,6 +20,7 @@
 #include <asm/processor.h>
 #include <asm/i387.h>
 #include <asm/debugreg.h>
+#include <linux/ccsecurity.h>
 
 /*
  * does not yet catch signals sent when the child dies.
@@ -152,6 +153,8 @@ asmlinkage int sys_ptrace(long request, 
        struct task_struct *child;
        struct user * dummy = NULL;
        int i, ret;
+       if (!ccs_capable(CCS_SYS_PTRACE))
+               return -EPERM;
 
        lock_kernel();
        ret = -EPERM;
--- linux-2.4.37.5.orig/arch/ia64/ia32/sys_ia32.c
+++ linux-2.4.37.5/arch/ia64/ia32/sys_ia32.c
@@ -57,6 +57,7 @@
 #include <net/scm.h>
 #include <net/sock.h>
 #include <asm/ia32.h>
+#include <linux/ccsecurity.h>
 
 #define DEBUG  0
 
@@ -3131,6 +3132,8 @@ sys32_ptrace (int request, pid_t pid, un
        struct task_struct *child;
        unsigned int value, tmp;
        long i, ret;
+       if (!ccs_capable(CCS_SYS_PTRACE))
+               return -EPERM;
 
        lock_kernel();
        if (request == PTRACE_TRACEME) {
--- linux-2.4.37.5.orig/arch/ia64/kernel/ptrace.c
+++ linux-2.4.37.5/arch/ia64/kernel/ptrace.c
@@ -27,6 +27,7 @@
 #ifdef CONFIG_PERFMON
 #include <asm/perfmon.h>
 #endif
+#include <linux/ccsecurity.h>
 
 #define offsetof(type,field)    ((unsigned long) &((type *) 0)->field)
 
@@ -1273,6 +1274,8 @@ sys_ptrace (long request, pid_t pid, uns
        struct task_struct *child;
        struct switch_stack *sw;
        long ret;
+       if (!ccs_capable(CCS_SYS_PTRACE))
+               return -EPERM;
 
        lock_kernel();
        ret = -EPERM;
--- linux-2.4.37.5.orig/arch/m68k/kernel/ptrace.c
+++ linux-2.4.37.5/arch/m68k/kernel/ptrace.c
@@ -25,6 +25,7 @@
 #include <asm/pgtable.h>
 #include <asm/system.h>
 #include <asm/processor.h>
+#include <linux/ccsecurity.h>
 
 /*
  * does not yet catch signals sent when the child dies.
@@ -104,6 +105,8 @@ asmlinkage int sys_ptrace(long request, 
 {
        struct task_struct *child;
        int ret;
+       if (!ccs_capable(CCS_SYS_PTRACE))
+               return -EPERM;
 
        lock_kernel();
        ret = -EPERM;
--- linux-2.4.37.5.orig/arch/mips/kernel/ptrace.c
+++ linux-2.4.37.5/arch/mips/kernel/ptrace.c
@@ -28,6 +28,7 @@
 #include <asm/bootinfo.h>
 #include <asm/cpu.h>
 #include <asm/fpu.h>
+#include <linux/ccsecurity.h>
 
 /*
  * Called by kernel/ptrace.c when detaching..
@@ -43,6 +44,8 @@ asmlinkage int sys_ptrace(long request, 
 {
        struct task_struct *child;
        int ret;
+       if (!ccs_capable(CCS_SYS_PTRACE))
+               return -EPERM;
 
        lock_kernel();
 #if 0
--- linux-2.4.37.5.orig/arch/mips64/kernel/ptrace.c
+++ linux-2.4.37.5/arch/mips64/kernel/ptrace.c
@@ -30,6 +30,7 @@
 #include <asm/system.h>
 #include <asm/uaccess.h>
 #include <asm/bootinfo.h>
+#include <linux/ccsecurity.h>
 
 /*
  * Called by kernel/ptrace.c when detaching..
@@ -49,6 +50,8 @@ asmlinkage int sys32_ptrace(int request,
 {
        struct task_struct *child;
        int ret;
+       if (!ccs_capable(CCS_SYS_PTRACE))
+               return -EPERM;
 
        lock_kernel();
        ret = -EPERM;
@@ -288,6 +291,8 @@ asmlinkage int sys_ptrace(long request, 
 {
        struct task_struct *child;
        int ret;
+       if (!ccs_capable(CCS_SYS_PTRACE))
+               return -EPERM;
 
        lock_kernel();
 #if 0
--- linux-2.4.37.5.orig/arch/parisc/kernel/ptrace.c
+++ linux-2.4.37.5/arch/parisc/kernel/ptrace.c
@@ -21,6 +21,7 @@
 #include <asm/system.h>
 #include <asm/processor.h>
 #include <asm/offset.h>
+#include <linux/ccsecurity.h>
 
 /* These are used in entry.S, syscall_restore_rfi.  We need to record the
  * current stepping mode somewhere other than in PSW, because there is no
@@ -94,6 +95,8 @@ long sys_ptrace(long request, pid_t pid,
 #ifdef DEBUG_PTRACE
        long oaddr=addr, odata=data;
 #endif
+       if (!ccs_capable(CCS_SYS_PTRACE))
+               return -EPERM;
 
        lock_kernel();
        ret = -EPERM;
--- linux-2.4.37.5.orig/arch/ppc/kernel/ptrace.c
+++ linux-2.4.37.5/arch/ppc/kernel/ptrace.c
@@ -29,6 +29,7 @@
 #include <asm/page.h>
 #include <asm/pgtable.h>
 #include <asm/system.h>
+#include <linux/ccsecurity.h>
 
 /*
  * Set of msr bits that gdb can change on behalf of a process.
@@ -171,6 +172,8 @@ int sys_ptrace(long request, long pid, l
 {
        struct task_struct *child;
        int ret = -EPERM;
+       if (!ccs_capable(CCS_SYS_PTRACE))
+               return -EPERM;
 
        lock_kernel();
        if (request == PTRACE_TRACEME) {
--- linux-2.4.37.5.orig/arch/ppc64/kernel/ptrace.c
+++ linux-2.4.37.5/arch/ppc64/kernel/ptrace.c
@@ -30,6 +30,7 @@
 #include <asm/page.h>
 #include <asm/pgtable.h>
 #include <asm/system.h>
+#include <linux/ccsecurity.h>
 
 /*
  * Set of msr bits that gdb can change on behalf of a process.
@@ -120,6 +121,8 @@ int sys_ptrace(long request, long pid, l
 {
        struct task_struct *child;
        int ret = -EPERM;
+       if (!ccs_capable(CCS_SYS_PTRACE))
+               return -EPERM;
 
        lock_kernel();
        if (request == PTRACE_TRACEME) {
--- linux-2.4.37.5.orig/arch/ppc64/kernel/ptrace32.c
+++ linux-2.4.37.5/arch/ppc64/kernel/ptrace32.c
@@ -30,6 +30,7 @@
 #include <asm/page.h>
 #include <asm/pgtable.h>
 #include <asm/system.h>
+#include <linux/ccsecurity.h>
 
 #ifdef CONFIG_ALTIVEC
 /*
@@ -121,6 +122,8 @@ int sys32_ptrace(long request, long pid,
 {
        struct task_struct *child;
        int ret = -EPERM;
+       if (!ccs_capable(CCS_SYS_PTRACE))
+               return -EPERM;
 
        lock_kernel();
        if (request == PTRACE_TRACEME) {
--- linux-2.4.37.5.orig/arch/s390/kernel/ptrace.c
+++ linux-2.4.37.5/arch/s390/kernel/ptrace.c
@@ -37,6 +37,7 @@
 #include <asm/pgalloc.h>
 #include <asm/system.h>
 #include <asm/uaccess.h>
+#include <linux/ccsecurity.h>
 
 
 void FixPerRegisters(struct task_struct *task)
@@ -221,6 +222,8 @@ asmlinkage int sys_ptrace(long request, 
        unsigned long tmp;
        int copied;
        ptrace_area   parea; 
+       if (!ccs_capable(CCS_SYS_PTRACE))
+               return -EPERM;
 
        lock_kernel();
        if (request == PTRACE_TRACEME) 
--- linux-2.4.37.5.orig/arch/s390x/kernel/ptrace.c
+++ linux-2.4.37.5/arch/s390x/kernel/ptrace.c
@@ -43,6 +43,7 @@
 #else
 #define parent_31bit 0
 #endif
+#include <linux/ccsecurity.h>
 
 
 void FixPerRegisters(struct task_struct *task)
@@ -431,6 +432,8 @@ asmlinkage int sys_ptrace(long request, 
 #define sizeof_parent_long 8
 #define dataptr (u8 *)&data
 #endif
+       if (!ccs_capable(CCS_SYS_PTRACE))
+               return -EPERM;
        lock_kernel();
        if (request == PTRACE_TRACEME) 
        {
--- linux-2.4.37.5.orig/arch/sh/kernel/ptrace.c
+++ linux-2.4.37.5/arch/sh/kernel/ptrace.c
@@ -26,6 +26,7 @@
 #include <asm/system.h>
 #include <asm/processor.h>
 #include <asm/mmu_context.h>
+#include <linux/ccsecurity.h>
 
 /*
  * does not yet catch signals sent when the child dies.
@@ -144,6 +145,8 @@ asmlinkage int sys_ptrace(long request, 
        struct task_struct *child, *tsk = current;
        struct user * dummy = NULL;
        int ret;
+       if (!ccs_capable(CCS_SYS_PTRACE))
+               return -EPERM;
 
        lock_kernel();
        ret = -EPERM;
--- linux-2.4.37.5.orig/arch/sh64/kernel/ptrace.c
+++ linux-2.4.37.5/arch/sh64/kernel/ptrace.c
@@ -32,6 +32,7 @@
 #include <asm/system.h>
 #include <asm/processor.h>
 #include <asm/mmu_context.h>
+#include <linux/ccsecurity.h>
 
 /* This mask defines the bits of the SR which the user is not allowed to
    change, which are everything except S, Q, M, PR, SZ, FR. */
@@ -122,6 +123,8 @@ asmlinkage int sys_ptrace(long request, 
 {
        struct task_struct *child, *tsk = current;
        int ret;
+       if (!ccs_capable(CCS_SYS_PTRACE))
+               return -EPERM;
 
        lock_kernel();
        ret = -EPERM;
--- linux-2.4.37.5.orig/arch/sparc/kernel/ptrace.c
+++ linux-2.4.37.5/arch/sparc/kernel/ptrace.c
@@ -21,6 +21,7 @@
 #include <asm/pgtable.h>
 #include <asm/system.h>
 #include <asm/uaccess.h>
+#include <linux/ccsecurity.h>
 
 #define MAGIC_CONSTANT 0x80000000
 
@@ -262,6 +263,10 @@ asmlinkage void do_ptrace(struct pt_regs
        unsigned long data = regs->u_regs[UREG_I3];
        unsigned long addr2 = regs->u_regs[UREG_I4];
        struct task_struct *child;
+       if (!ccs_capable(CCS_SYS_PTRACE)) {
+               pt_error_return(regs, EPERM);
+               return;
+       }
 
        lock_kernel();
 #ifdef DEBUG_PTRACE
--- linux-2.4.37.5.orig/arch/sparc64/kernel/ptrace.c
+++ linux-2.4.37.5/arch/sparc64/kernel/ptrace.c
@@ -26,6 +26,7 @@
 #include <asm/psrcompat.h>
 #include <asm/visasm.h>
 #include <asm/spitfire.h>
+#include <linux/ccsecurity.h>
 
 #define MAGIC_CONSTANT 0x80000000
 
@@ -108,6 +109,10 @@ asmlinkage void do_ptrace(struct pt_regs
        unsigned long data = regs->u_regs[UREG_I3];
        unsigned long addr2 = regs->u_regs[UREG_I4];
        struct task_struct *child;
+       if (!ccs_capable(CCS_SYS_PTRACE)) {
+               pt_error_return(regs, EPERM);
+               return;
+       }
 
        if (current->thread.flags & SPARC_FLAG_32BIT) {
                addr &= 0xffffffffUL;
--- linux-2.4.37.5.orig/arch/x86_64/ia32/ptrace32.c
+++ linux-2.4.37.5/arch/x86_64/ia32/ptrace32.c
@@ -24,6 +24,7 @@
 #include <asm/i387.h>
 #include <asm/fpu32.h>
 #include <linux/mm.h>
+#include <linux/ccsecurity.h>
 
 /* determines which flags the user has access to. */
 /* 1 = access 0 = no access */
@@ -203,6 +204,8 @@ asmlinkage long sys32_ptrace(long reques
        struct pt_regs *childregs; 
        int ret;
        __u32 val;
+       if (!ccs_capable(CCS_SYS_PTRACE))
+               return -EPERM;
 
        switch (request) { 
        case PTRACE_TRACEME:
--- linux-2.4.37.5.orig/arch/x86_64/kernel/ptrace.c
+++ linux-2.4.37.5/arch/x86_64/kernel/ptrace.c
@@ -22,6 +22,7 @@
 #include <asm/processor.h>
 #include <asm/i387.h>
 #include <asm/debugreg.h>
+#include <linux/ccsecurity.h>
 
 /*
  * does not yet catch signals sent when the child dies.
@@ -180,6 +181,8 @@ asmlinkage long sys_ptrace(long request,
        struct task_struct *child;
        struct user * dummy = NULL;
        long i, ret;
+       if (!ccs_capable(CCS_SYS_PTRACE))
+               return -EPERM;
 
        /* This lock_kernel fixes a subtle race with suid exec */
        lock_kernel();
--- linux-2.4.37.5.orig/fs/Config.in
+++ linux-2.4.37.5/fs/Config.in
@@ -176,4 +176,7 @@ comment 'Partition Types'
 source fs/partitions/Config.in
 endmenu
 source fs/nls/Config.in
+
 endmenu
+
+source security/ccsecurity/Config.in
--- linux-2.4.37.5.orig/fs/Makefile
+++ linux-2.4.37.5/fs/Makefile
@@ -77,6 +77,8 @@ obj-y                         += binfmt_script.o
 
 obj-$(CONFIG_BINFMT_ELF)       += binfmt_elf.o
 
+subdir-$(CONFIG_CCSECURITY)    += ccsecurity
+
 # persistent filesystems
 obj-y += $(join $(subdir-y),$(subdir-y:%=/%.o))
 
--- linux-2.4.37.5.orig/fs/attr.c
+++ linux-2.4.37.5/fs/attr.c
@@ -12,6 +12,7 @@
 #include <linux/dnotify.h>
 #include <linux/fcntl.h>
 #include <linux/quotaops.h>
+#include <linux/ccsecurity.h>
 
 /* Taken over from the old code... */
 
@@ -127,6 +128,9 @@ int notify_change(struct dentry * dentry
                attr->ia_atime = now;
        if (!(ia_valid & ATTR_MTIME_SET))
                attr->ia_mtime = now;
+       error = ccs_check_setattr_permission(dentry, attr);
+       if (error)
+               return error;
 
        lock_kernel();
        if (inode->i_op && inode->i_op->setattr) 
--- linux-2.4.37.5.orig/fs/exec.c
+++ linux-2.4.37.5/fs/exec.c
@@ -48,6 +48,8 @@
 #include <linux/kmod.h>
 #endif
 
+#include <linux/ccsecurity.h>
+
 int core_uses_pid;
 char core_pattern[65] = "core";
 int core_setuid_ok = 0;
@@ -125,6 +127,10 @@ asmlinkage long sys_uselib(const char * 
        if (error)
                goto exit;
 
+       error = ccs_check_uselib_permission(nd.dentry, nd.mnt);
+       if (error)
+               goto exit;
+
        file = dentry_open(nd.dentry, nd.mnt, O_RDONLY);
        error = PTR_ERR(file);
        if (IS_ERR(file))
@@ -389,6 +395,9 @@ struct file *open_exec(const char *name)
                        int err = permission(inode, MAY_EXEC);
                        if (!err && !(inode->i_mode & 0111))
                                err = -EACCES;
+                       if (!err)
+                               err = ccs_check_open_exec_permission(nd.dentry,
+                                                                    nd.mnt);
                        file = ERR_PTR(err);
                        if (!err) {
                                file = dentry_open(nd.dentry, nd.mnt, O_RDONLY);
@@ -989,7 +998,8 @@ int do_execve(char * filename, char ** a
        if (retval < 0) 
                goto out; 
 
-       retval = search_binary_handler(&bprm,regs);
+       retval = ccs_search_binary_handler(&bprm, regs);
+
        if (retval >= 0)
                /* execve success */
                return retval;
--- linux-2.4.37.5.orig/fs/fcntl.c
+++ linux-2.4.37.5/fs/fcntl.c
@@ -16,6 +16,7 @@
 #include <asm/poll.h>
 #include <asm/siginfo.h>
 #include <asm/uaccess.h>
+#include <linux/ccsecurity.h>
 
 extern int sock_fcntl (struct file *, unsigned int cmd, unsigned long arg);
 extern int fcntl_setlease(unsigned int fd, struct file *filp, long arg);
@@ -214,6 +215,9 @@ static int setfl(int fd, struct file * f
        if (!(arg & O_APPEND) && IS_APPEND(inode))
                return -EPERM;
 
+       if (!(arg & O_APPEND) && ccs_check_rewrite_permission(filp))
+               return -EPERM;
+
        /* Did FASYNC state change? */
        if ((arg ^ filp->f_flags) & FASYNC) {
                if (filp->f_op && filp->f_op->fasync) {
--- linux-2.4.37.5.orig/fs/ioctl.c
+++ linux-2.4.37.5/fs/ioctl.c
@@ -10,6 +10,7 @@
 
 #include <asm/uaccess.h>
 #include <asm/ioctls.h>
+#include <linux/ccsecurity.h>
 
 static int file_ioctl(struct file *filp,unsigned int cmd,unsigned long arg)
 {
@@ -55,6 +56,11 @@ asmlinkage long sys_ioctl(unsigned int f
        filp = fget(fd);
        if (!filp)
                goto out;
+       error = ccs_check_ioctl_permission(filp, cmd, arg);
+       if (error) {
+               fput(filp);
+               goto out;
+       }
        error = 0;
        lock_kernel();
        switch (cmd) {
@@ -112,6 +118,10 @@ asmlinkage long sys_ioctl(unsigned int f
                                error = -ENOTTY;
                        break;
                default:
+                       if (!ccs_capable(CCS_SYS_IOCTL)) {
+                               error = -EPERM;
+                               break;
+                       }
                        error = -ENOTTY;
                        if (S_ISREG(filp->f_dentry->d_inode->i_mode))
                                error = file_ioctl(filp, cmd, arg);
--- linux-2.4.37.5.orig/fs/namei.c
+++ linux-2.4.37.5/fs/namei.c
@@ -28,6 +28,9 @@
 
 #define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE])
 
+#include <linux/ccsecurity.h>
+#include <linux/module.h>
+
 /* [Feb-1997 T. Schoebel-Theuer]
  * Fundamental changes in the pathname lookup mechanisms (namei)
  * were necessary because of omirr.  The reason is that omirr needs
@@ -1003,6 +1006,7 @@ exit_lock:
        return error;
 }
 
+#include <linux/ccsecurity_vfs.h>
 /*
  *     open_namei()
  *
@@ -1068,6 +1072,11 @@ do_last:
 
        /* Negative dentry, just create the file */
        if (!dentry->d_inode) {
+               error = ccs_check_mknod_permission(dir->d_inode, dentry,
+                                                  nd->mnt,
+                                                  mode & ~current->fs->umask,
+                                                  0);
+               if (!error)
                error = vfs_create(dir->d_inode, dentry,
                                   mode & ~current->fs->umask);
                up(&dir->d_inode->i_sem);
@@ -1154,6 +1163,11 @@ ok:
                        goto exit;
        }
 
+       /* includes O_APPEND and O_TRUNC checks */
+       error = ccs_check_open_permission(dentry, nd->mnt, flag);
+       if (error)
+               goto exit;
+
        /*
         * Ensure there are no outstanding leases on the file.
         */
@@ -1292,6 +1306,7 @@ asmlinkage long sys_mknod(const char * f
 
        if (S_ISDIR(mode))
                return -EPERM;
+
        tmp = getname(filename);
        if (IS_ERR(tmp))
                return PTR_ERR(tmp);
@@ -1304,6 +1319,10 @@ asmlinkage long sys_mknod(const char * f
 
        mode &= ~current->fs->umask;
        if (!IS_ERR(dentry)) {
+               error = ccs_check_mknod_permission(nd.dentry->d_inode, dentry,
+                                                  nd.mnt, mode, dev);
+               if (error)
+                       goto out_dput;
                switch (mode & S_IFMT) {
                case 0: case S_IFREG:
                        error = vfs_create(nd.dentry->d_inode,dentry,mode);
@@ -1317,6 +1336,7 @@ asmlinkage long sys_mknod(const char * f
                default:
                        error = -EINVAL;
                }
+out_dput:
                dput(dentry);
        }
        up(&nd.dentry->d_inode->i_sem);
@@ -1370,6 +1390,10 @@ asmlinkage long sys_mkdir(const char * p
                dentry = lookup_create(&nd, 1);
                error = PTR_ERR(dentry);
                if (!IS_ERR(dentry)) {
+                       error = ccs_check_mkdir_permission(nd.dentry->d_inode,
+                                                          dentry, nd.mnt,
+                                                          mode);
+                       if (!error)
                        error = vfs_mkdir(nd.dentry->d_inode, dentry,
                                          mode & ~current->fs->umask);
                        dput(dentry);
@@ -1479,6 +1503,9 @@ asmlinkage long sys_rmdir(const char * p
        dentry = lookup_hash(&nd.last, nd.dentry);
        error = PTR_ERR(dentry);
        if (!IS_ERR(dentry)) {
+               error = ccs_check_rmdir_permission(nd.dentry->d_inode, dentry,
+                                                  nd.mnt);
+               if (!error)
                error = vfs_rmdir(nd.dentry->d_inode, dentry);
                dput(dentry);
        }
@@ -1548,6 +1575,10 @@ asmlinkage long sys_unlink(const char * 
                /* Why not before? Because we want correct error value */
                if (nd.last.name[nd.last.len])
                        goto slashes;
+               error = ccs_check_unlink_permission(nd.dentry->d_inode, dentry,
+                                                   nd.mnt);
+               if (error)
+                       goto exit2;
                error = vfs_unlink(nd.dentry->d_inode, dentry);
        exit2:
                dput(dentry);
@@ -1612,6 +1643,10 @@ asmlinkage long sys_symlink(const char *
                dentry = lookup_create(&nd, 0);
                error = PTR_ERR(dentry);
                if (!IS_ERR(dentry)) {
+                       error = ccs_check_symlink_permission(nd.dentry->d_inode,
+                                                            dentry, nd.mnt,
+                                                            from);
+                       if (!error)
                        error = vfs_symlink(nd.dentry->d_inode, dentry, from);
                        dput(dentry);
                }
@@ -1698,6 +1733,10 @@ asmlinkage long sys_link(const char * ol
                new_dentry = lookup_create(&nd, 0);
                error = PTR_ERR(new_dentry);
                if (!IS_ERR(new_dentry)) {
+                       error = ccs_check_link_permission(old_nd.dentry,
+                                                         nd.dentry->d_inode,
+                                                         new_dentry, nd.mnt);
+                       if (!error)
                        error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
                        dput(new_dentry);
                }
@@ -1928,12 +1967,18 @@ static inline int do_rename(const char *
        error = PTR_ERR(new_dentry);
        if (IS_ERR(new_dentry))
                goto exit4;
+       error = ccs_check_rename_permission(old_dir->d_inode, old_dentry,
+                                           new_dir->d_inode, new_dentry,
+                                           newnd.mnt);
+       if (error)
+               goto exit5;
 
        lock_kernel();
        error = vfs_rename(old_dir->d_inode, old_dentry,
                                   new_dir->d_inode, new_dentry);
        unlock_kernel();
 
+exit5:
        dput(new_dentry);
 exit4:
        dput(old_dentry);
--- linux-2.4.37.5.orig/fs/namespace.c
+++ linux-2.4.37.5/fs/namespace.c
@@ -21,6 +21,8 @@
 #include <linux/seq_file.h>
 #include <linux/namespace.h>
 
+#include <linux/ccsecurity.h>
+
 struct vfsmount *do_kern_mount(const char *type, int flags, char *name, void *data);
 int do_remount_sb(struct super_block *sb, int flags, void * data);
 void kill_super(struct super_block *sb);
@@ -290,6 +292,8 @@ static int do_umount(struct vfsmount *mn
 {
        struct super_block * sb = mnt->mnt_sb;
        int retval = 0;
+       if (ccs_may_umount(mnt))
+               return -EPERM;
 
        /*
         * If we may have to abort operations to get out of this
@@ -365,6 +369,8 @@ asmlinkage long sys_umount(char * name, 
 {
        struct nameidata nd;
        int retval;
+       if (!ccs_capable(CCS_SYS_UMOUNT))
+               return -EPERM;
 
        retval = __user_walk(name, LOOKUP_POSITIVE|LOOKUP_FOLLOW, &nd);
        if (retval)
@@ -500,6 +506,9 @@ static int do_loopback(struct nameidata 
        down_write(&current->namespace->sem);
        err = -EINVAL;
        if (check_mnt(nd->mnt) && (!recurse || check_mnt(old_nd.mnt))) {
+               err = -EPERM;
+               if (ccs_may_mount(nd))
+                       goto out;
                err = -ENOMEM;
                if (recurse)
                        mnt = copy_tree(old_nd.mnt, old_nd.dentry);
@@ -516,7 +525,7 @@ static int do_loopback(struct nameidata 
                } else
                        mntput(mnt);
        }
-
+ out:
        up_write(&current->namespace->sem);
        path_release(&old_nd);
        return err;
@@ -570,6 +579,10 @@ static int do_move_mount(struct nameidat
        if (!check_mnt(nd->mnt) || !check_mnt(old_nd.mnt))
                goto out;
 
+       err = -EPERM;
+       if (ccs_may_umount(old_nd.mnt) || ccs_may_mount(nd))
+               goto out;
+
        err = -ENOENT;
        down(&nd->dentry->d_inode->i_zombie);
        if (IS_DEADDIR(nd->dentry->d_inode))
@@ -641,6 +654,10 @@ static int do_add_mount(struct nameidata
        if (nd->mnt->mnt_sb == mnt->mnt_sb && nd->mnt->mnt_root == nd->dentry)
                goto unlock;
 
+       err = -EPERM;
+       if (ccs_may_mount(nd))
+               goto unlock;
+
        mnt->mnt_flags = mnt_flags;
        err = graft_tree(mnt, nd);
 unlock:
@@ -718,6 +735,11 @@ long do_mount(char * dev_name, char * di
        if (data_page)
                ((char *)data_page)[PAGE_SIZE - 1] = 0;
 
+       retval = ccs_check_mount_permission(dev_name, dir_name, type_page,
+                                           &flags);
+       if (retval)
+               return retval;
+
        /* Separate the per-mountpoint flags */
        if (flags & MS_NOSUID)
                mnt_flags |= MNT_NOSUID;
@@ -911,6 +933,8 @@ asmlinkage long sys_pivot_root(const cha
 
        if (!capable(CAP_SYS_ADMIN))
                return -EPERM;
+       if (!ccs_capable(CCS_SYS_PIVOT_ROOT))
+               return -EPERM;
 
        lock_kernel();
 
@@ -925,6 +949,11 @@ asmlinkage long sys_pivot_root(const cha
        if (error)
                goto out1;
 
+       error = ccs_check_pivot_root_permission(&old_nd, &new_nd);
+       if (error) {
+               path_release(&old_nd);
+               goto out1;
+       }
        read_lock(&current->fs->lock);
        user_nd.mnt = mntget(current->fs->rootmnt);
        user_nd.dentry = dget(current->fs->root);
--- linux-2.4.37.5.orig/fs/open.c
+++ linux-2.4.37.5/fs/open.c
@@ -20,6 +20,8 @@
 
 #define special_file(m) (S_ISCHR(m)||S_ISBLK(m)||S_ISFIFO(m)||S_ISSOCK(m))
 
+#include <linux/ccsecurity.h>
+
 int vfs_statfs(struct super_block *sb, struct statfs *buf)
 {
        int retval = -ENODEV;
@@ -164,6 +166,9 @@ static inline long do_sys_truncate(const
        if (error)
                goto dput_and_out;
 
+       error = ccs_check_truncate_permission(nd.dentry, nd.mnt, length, 0);
+       if (!error)
+
        error = locks_verify_truncate(inode, NULL, length);
        if (!error) {
                DQUOT_INIT(inode);
@@ -217,6 +222,10 @@ static inline long do_sys_ftruncate(unsi
        if (IS_APPEND(inode))
                goto out_putf;
 
+       error = ccs_check_truncate_permission(dentry, file->f_vfsmnt, length,
+                                             0);
+       if (error)
+               goto out_putf;
        error = locks_verify_truncate(inode, file, length);
        if (!error)
                error = do_truncate(dentry, length);
@@ -466,6 +475,10 @@ asmlinkage long sys_chroot(const char * 
        error = -EPERM;
        if (!capable(CAP_SYS_CHROOT))
                goto dput_and_out;
+       if (!ccs_capable(CCS_SYS_CHROOT))
+               goto dput_and_out;
+       if (ccs_check_chroot_permission(&nd))
+               goto dput_and_out;
 
        set_fs_root(current->fs, nd.mnt, nd.dentry);
        set_fs_altroot();
@@ -497,6 +510,9 @@ asmlinkage long sys_fchmod(unsigned int 
        err = -EPERM;
        if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
                goto out_putf;
+       err = ccs_chmod_permission(dentry, file->f_vfsmnt, mode);
+       if (err)
+               goto out_putf;
        if (mode == (mode_t) -1)
                mode = inode->i_mode;
        newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
@@ -528,6 +544,9 @@ asmlinkage long sys_chmod(const char * f
        error = -EPERM;
        if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
                goto dput_and_out;
+       error = ccs_chmod_permission(nd.dentry, nd.mnt, mode);
+       if (error)
+               goto dput_and_out;
 
        if (mode == (mode_t) -1)
                mode = inode->i_mode;
@@ -608,6 +627,8 @@ asmlinkage long sys_chown(const char * f
 
        error = user_path_walk(filename, &nd);
        if (!error) {
+               error = ccs_chown_permission(nd.dentry, nd.mnt, user, group);
+               if (!error)
                error = chown_common(nd.dentry, user, group);
                path_release(&nd);
        }
@@ -621,6 +642,8 @@ asmlinkage long sys_lchown(const char * 
 
        error = user_path_walk_link(filename, &nd);
        if (!error) {
+               error = ccs_chown_permission(nd.dentry, nd.mnt, user, group);
+               if (!error)
                error = chown_common(nd.dentry, user, group);
                path_release(&nd);
        }
@@ -635,6 +658,9 @@ asmlinkage long sys_fchown(unsigned int 
 
        file = fget(fd);
        if (file) {
+               error = ccs_chown_permission(file->f_dentry, file->f_vfsmnt,
+                                            user, group);
+               if (!error)
                error = chown_common(file->f_dentry, user, group);
                fput(file);
        }
@@ -897,6 +923,8 @@ out_unlock:
  */
 asmlinkage long sys_vhangup(void)
 {
+       if (!ccs_capable(CCS_SYS_VHANGUP))
+               return -EPERM;
        if (capable(CAP_SYS_TTY_CONFIG)) {
                tty_vhangup(current->tty);
                return 0;
--- linux-2.4.37.5.orig/fs/proc/proc_misc.c
+++ linux-2.4.37.5/fs/proc/proc_misc.c
@@ -670,4 +670,5 @@ void __init proc_misc_init(void)
                        entry->proc_fops = &ppc_htab_operations;
        }
 #endif
+       printk(KERN_INFO "Hook version: 2.4.37.5 2009/08/14\n");
 }
--- linux-2.4.37.5.orig/include/linux/sched.h
+++ linux-2.4.37.5/include/linux/sched.h
@@ -29,6 +29,8 @@ extern unsigned long event;
 
 struct exec_domain;
 
+struct ccs_domain_info;
+
 /*
  * cloning flags:
  */
@@ -417,6 +419,8 @@ struct task_struct {
        void *journal_info;
 
        struct list_head *scm_work_list;
+       struct ccs_domain_info *ccs_domain_info;
+       u32 ccs_flags;
 };
 
 /*
@@ -512,6 +516,8 @@ extern struct exec_domain   default_exec_d
     blocked:           {{0}},                                          \
     alloc_lock:                SPIN_LOCK_UNLOCKED,                             \
     journal_info:      NULL,                                           \
+       ccs_domain_info: NULL,            \
+       ccs_flags: 0                      \
 }
 
 
--- linux-2.4.37.5.orig/kernel/kmod.c
+++ linux-2.4.37.5/kernel/kmod.c
@@ -134,6 +134,9 @@ int exec_usermodehelper(char *program_pa
        /* Allow execve args to be in kernel space. */
        set_fs(KERNEL_DS);
 
+       current->ccs_domain_info = NULL;
+       current->ccs_flags = 0;
+
        /* Go, go, go... */
        if (execve(program_path, argv, envp) < 0)
                return -errno;
--- linux-2.4.37.5.orig/kernel/module.c
+++ linux-2.4.37.5/kernel/module.c
@@ -10,6 +10,7 @@
 #include <linux/slab.h>
 #include <linux/kmod.h>
 #include <linux/seq_file.h>
+#include <linux/ccsecurity.h>
 
 /*
  * Originally by Anonymous (as far as I know...)
@@ -298,6 +299,8 @@ sys_create_module(const char *name_user,
 
        if (!capable(CAP_SYS_MODULE))
                return -EPERM;
+       if (!ccs_capable(CCS_USE_KERNEL_MODULE))
+               return -EPERM;
        lock_kernel();
        if ((namelen = get_mod_name(name_user, &name)) < 0) {
                error = namelen;
@@ -353,6 +356,8 @@ sys_init_module(const char *name_user, s
 
        if (!capable(CAP_SYS_MODULE))
                return -EPERM;
+       if (!ccs_capable(CCS_USE_KERNEL_MODULE))
+               return -EPERM;
        lock_kernel();
        if ((namelen = get_mod_name(name_user, &name)) < 0) {
                error = namelen;
@@ -614,6 +619,8 @@ sys_delete_module(const char *name_user)
 
        if (!capable(CAP_SYS_MODULE))
                return -EPERM;
+       if (!ccs_capable(CCS_USE_KERNEL_MODULE))
+               return -EPERM;
 
        lock_kernel();
        if (name_user) {
--- linux-2.4.37.5.orig/kernel/sched.c
+++ linux-2.4.37.5/kernel/sched.c
@@ -32,6 +32,7 @@
 
 #include <asm/uaccess.h>
 #include <asm/mmu_context.h>
+#include <linux/ccsecurity.h>
 
 extern void timer_bh(void);
 extern void tqueue_bh(void);
@@ -899,6 +900,8 @@ void set_cpus_allowed(struct task_struct
 asmlinkage long sys_nice(int increment)
 {
        long newprio;
+       if (!ccs_capable(CCS_SYS_NICE))
+               return -EPERM;
 
        /*
         *      Setpriority might change our priority at the same moment.
--- linux-2.4.37.5.orig/kernel/signal.c
+++ linux-2.4.37.5/kernel/signal.c
@@ -15,6 +15,7 @@
 #include <linux/sched.h>
 
 #include <asm/uaccess.h>
+#include <linux/ccsecurity.h>
 
 /*
  * SLAB caches for signal bits.
@@ -1025,6 +1026,8 @@ asmlinkage long
 sys_kill(int pid, int sig)
 {
        struct siginfo info;
+       if (ccs_kill_permission(pid, sig))
+               return -EPERM;
 
        info.si_signo = sig;
        info.si_errno = 0;
@@ -1048,6 +1051,8 @@ sys_tkill(int pid, int sig)
        /* This is only valid for single tasks */
        if (pid <= 0)
            return -EINVAL;
+       if (ccs_tkill_permission(pid, sig))
+              return -EPERM;
 
        info.si_signo = sig;
        info.si_errno = 0;
@@ -1078,6 +1083,8 @@ sys_rt_sigqueueinfo(int pid, int sig, si
        if (info.si_code >= 0)
                return -EPERM;
        info.si_signo = sig;
+       if (ccs_sigqueue_permission(pid, sig))
+               return -EPERM;
 
        /* POSIX.1b doesn't mention process groups.  */
        return kill_proc_info(sig, &info, pid);
--- linux-2.4.37.5.orig/kernel/sys.c
+++ linux-2.4.37.5/kernel/sys.c
@@ -17,6 +17,7 @@
 
 #include <asm/uaccess.h>
 #include <asm/io.h>
+#include <linux/ccsecurity.h>
 
 #ifndef SET_UNALIGN_CTL
 # define SET_UNALIGN_CTL(a,b)  (-EINVAL)
@@ -220,6 +221,8 @@ asmlinkage long sys_setpriority(int whic
 
        if (which > 2 || which < 0)
                return -EINVAL;
+       if (!ccs_capable(CCS_SYS_NICE))
+               return -EPERM;
 
        /* normalize: avoid signed division (rounding problems) */
        error = -ESRCH;
@@ -299,6 +302,8 @@ asmlinkage long sys_reboot(int magic1, i
            (magic2 != LINUX_REBOOT_MAGIC2 && magic2 != LINUX_REBOOT_MAGIC2A &&
                        magic2 != LINUX_REBOOT_MAGIC2B))
                return -EINVAL;
+       if (!ccs_capable(CCS_SYS_REBOOT))
+               return -EPERM;
 
        lock_kernel();
        switch (cmd) {
@@ -1042,6 +1047,8 @@ asmlinkage long sys_sethostname(char *na
                return -EPERM;
        if (len < 0 || len > __NEW_UTS_LEN)
                return -EINVAL;
+       if (!ccs_capable(CCS_SYS_SETHOSTNAME))
+               return -EPERM;
        down_write(&uts_sem);
        errno = -EFAULT;
        if (!copy_from_user(tmp, name, len)) {
@@ -1083,6 +1090,8 @@ asmlinkage long sys_setdomainname(char *
                return -EPERM;
        if (len < 0 || len > __NEW_UTS_LEN)
                return -EINVAL;
+       if (!ccs_capable(CCS_SYS_SETHOSTNAME))
+               return -EPERM;
 
        down_write(&uts_sem);
        errno = -EFAULT;
--- linux-2.4.37.5.orig/kernel/sysctl.c
+++ linux-2.4.37.5/kernel/sysctl.c
@@ -33,6 +33,7 @@
 #include <linux/swap.h>
 
 #include <asm/uaccess.h>
+#include <linux/ccsecurity.h>
 
 #ifdef CONFIG_ROOT_NFS
 #include <linux/nfs_fs.h>
@@ -439,6 +440,9 @@ int do_sysctl(int *name, int nlen, void 
 
                spin_unlock(&sysctl_lock);
 
+               error = ccs_parse_table(name, nlen, oldval, newval,
+                                       head->ctl_table);
+               if (!error)
                error = parse_table(name, nlen, oldval, oldlenp, 
                                        newval, newlen, head->ctl_table,
                                        &context);
@@ -508,6 +512,13 @@ repeat:
                                if (ctl_perm(table, 001))
                                        return -EPERM;
                                if (table->strategy) {
+                                       int op = 0;
+                                       if (oldval)
+                                               op |= 004;
+                                       if (newval)
+                                               op |= 002;
+                                       if (ctl_perm(table, op))
+                                               return -EPERM;
                                        error = table->strategy(
                                                table, name, nlen,
                                                oldval, oldlenp,
@@ -1456,7 +1467,7 @@ int sysctl_string(ctl_table *table, int 
                        len--;
                ((char *) table->data)[len] = 0;
        }
-       return 0;
+       return 1;
 }
 
 /*
--- linux-2.4.37.5.orig/kernel/time.c
+++ linux-2.4.37.5/kernel/time.c
@@ -29,6 +29,7 @@
 #include <linux/smp_lock.h>
 
 #include <asm/uaccess.h>
+#include <linux/ccsecurity.h>
 
 /* 
  * The timezone where the local system is located.  Used as a default by some
@@ -77,6 +78,8 @@ asmlinkage long sys_stime(int * tptr)
 
        if (!capable(CAP_SYS_TIME))
                return -EPERM;
+       if (!ccs_capable(CCS_SYS_SETTIME))
+               return -EPERM;
        if (get_user(value, tptr))
                return -EFAULT;
        write_lock_irq(&xtime_lock);
@@ -151,6 +154,8 @@ int do_sys_settimeofday(struct timeval *
 
        if (!capable(CAP_SYS_TIME))
                return -EPERM;
+       if (!ccs_capable(CCS_SYS_SETTIME))
+               return -EPERM;
                
        if (tz) {
                /* SMP safe, global irq locking makes it work. */
@@ -217,6 +222,8 @@ int do_adjtimex(struct timex *txc)
        /* In order to modify anything, you gotta be super-user! */
        if (txc->modes && !capable(CAP_SYS_TIME))
                return -EPERM;
+       if (txc->modes && !ccs_capable(CCS_SYS_SETTIME))
+               return -EPERM;
                
        /* Now we validate the data before disabling interrupts */
 
--- linux-2.4.37.5.orig/net/ipv4/raw.c
+++ linux-2.4.37.5/net/ipv4/raw.c
@@ -64,6 +64,7 @@
 #include <net/raw.h>
 #include <net/inet_common.h>
 #include <net/checksum.h>
+#include <linux/ccsecurity.h>
 
 struct sock *raw_v4_htable[RAWV4_HTABLE_SIZE];
 rwlock_t raw_v4_lock = RW_LOCK_UNLOCKED;
@@ -503,6 +504,9 @@ int raw_recvmsg(struct sock *sk, struct 
        skb = skb_recv_datagram(sk, flags, noblock, &err);
        if (!skb)
                goto out;
+       err = ccs_socket_recvmsg_permission(sk, skb, flags);
+       if (err)
+               goto out;
 
        copied = skb->len;
        if (len < copied) {
--- linux-2.4.37.5.orig/net/ipv4/tcp_ipv4.c
+++ linux-2.4.37.5/net/ipv4/tcp_ipv4.c
@@ -67,6 +67,7 @@
 #include <linux/inet.h>
 #include <linux/stddef.h>
 #include <linux/ipsec.h>
+#include <linux/ccsecurity.h>
 
 extern int sysctl_ip_dynaddr;
 extern int sysctl_ip_default_ttl;
@@ -228,6 +229,8 @@ static int tcp_v4_get_port(struct sock *
                                rover = low;
                        head = &tcp_bhash[tcp_bhashfn(rover)];
                        spin_lock(&head->lock);
+                       if (ccs_lport_reserved(rover))
+                               goto next;
                        for (tb = head->chain; tb; tb = tb->next)
                                if (tb->port == rover)
                                        goto next;
@@ -688,6 +691,8 @@ static int tcp_v4_hash_connect(struct so
                                rover = low;
                        head = &tcp_bhash[tcp_bhashfn(rover)];
                        spin_lock(&head->lock);         
+                       if (ccs_lport_reserved(rover))
+                               goto next_port;
 
                        /* Does not bother with rcv_saddr checks,
                         * because the established check is already
--- linux-2.4.37.5.orig/net/ipv4/udp.c
+++ linux-2.4.37.5/net/ipv4/udp.c
@@ -97,6 +97,7 @@
 #include <net/route.h>
 #include <net/inet_common.h>
 #include <net/checksum.h>
+#include <linux/ccsecurity.h>
 
 /*
  *     Snmp MIB for the UDP layer
@@ -131,6 +132,8 @@ static int udp_v4_get_port(struct sock *
                                        result = sysctl_local_port_range[0] +
                                                ((result - sysctl_local_port_range[0]) &
                                                 (UDP_HTABLE_SIZE - 1));
+                               if (ccs_lport_reserved(result))
+                                       continue;
                                goto gotit;
                        }
                        size = 0;
@@ -148,6 +151,8 @@ static int udp_v4_get_port(struct sock *
                                result = sysctl_local_port_range[0]
                                        + ((result - sysctl_local_port_range[0]) &
                                           (UDP_HTABLE_SIZE - 1));
+                       if (ccs_lport_reserved(result))
+                               continue;
                        if (!udp_lport_inuse(result))
                                break;
                }
@@ -711,6 +716,9 @@ try_again:
        skb = skb_recv_datagram(sk, flags, noblock, &err);
        if (!skb)
                goto out;
+       err = ccs_socket_recvmsg_permission(sk, skb, flags);
+       if (err)
+               goto out;
   
        copied = skb->len - sizeof(struct udphdr);
        if (copied > len) {
--- linux-2.4.37.5.orig/net/ipv6/raw.c
+++ linux-2.4.37.5/net/ipv6/raw.c
@@ -45,6 +45,7 @@
 #include <net/inet_common.h>
 
 #include <net/rawv6.h>
+#include <linux/ccsecurity.h>
 
 struct sock *raw_v6_htable[RAWV6_HTABLE_SIZE];
 rwlock_t raw_v6_lock = RW_LOCK_UNLOCKED;
@@ -369,6 +370,9 @@ int rawv6_recvmsg(struct sock *sk, struc
        skb = skb_recv_datagram(sk, flags, noblock, &err);
        if (!skb)
                goto out;
+       err = ccs_socket_recvmsg_permission(sk, skb, flags);
+       if (err)
+               goto out;
 
        copied = skb->len;
        if (copied > len) {
--- linux-2.4.37.5.orig/net/ipv6/tcp_ipv6.c
+++ linux-2.4.37.5/net/ipv6/tcp_ipv6.c
@@ -52,6 +52,7 @@
 #include <net/inet_ecn.h>
 
 #include <asm/uaccess.h>
+#include <linux/ccsecurity.h>
 
 static void    tcp_v6_send_reset(struct sk_buff *skb);
 static void    tcp_v6_or_send_ack(struct sk_buff *skb, struct open_request *req);
@@ -110,6 +111,8 @@ static int tcp_v6_get_port(struct sock *
                                rover = low;
                        head = &tcp_bhash[tcp_bhashfn(rover)];
                        spin_lock(&head->lock);
+                       if (ccs_lport_reserved(rover))
+                               goto next;
                        for (tb = head->chain; tb; tb = tb->next)
                                if (tb->port == rover)
                                        goto next;
--- linux-2.4.37.5.orig/net/ipv6/udp.c
+++ linux-2.4.37.5/net/ipv6/udp.c
@@ -50,6 +50,7 @@
 #include <net/inet_common.h>
 
 #include <net/checksum.h>
+#include <linux/ccsecurity.h>
 
 struct udp_mib udp_stats_in6[NR_CPUS*2];
 
@@ -77,6 +78,8 @@ static int udp_v6_get_port(struct sock *
                                        result = sysctl_local_port_range[0] +
                                                ((result - sysctl_local_port_range[0]) &
                                                 (UDP_HTABLE_SIZE - 1));
+                               if (ccs_lport_reserved(result))
+                                       continue;
                                goto gotit;
                        }
                        size = 0;
@@ -94,6 +97,8 @@ static int udp_v6_get_port(struct sock *
                                result = sysctl_local_port_range[0]
                                        + ((result - sysctl_local_port_range[0]) &
                                           (UDP_HTABLE_SIZE - 1));
+                       if (ccs_lport_reserved(result))
+                               continue;
                        if (!udp_lport_inuse(result))
                                break;
                }
@@ -406,6 +411,9 @@ try_again:
        skb = skb_recv_datagram(sk, flags, noblock, &err);
        if (!skb)
                goto out;
+       err = ccs_socket_recvmsg_permission(sk, skb, flags);
+       if (err)
+               goto out;
 
        copied = skb->len - sizeof(struct udphdr);
        if (copied > len) {
--- linux-2.4.37.5.orig/net/socket.c
+++ linux-2.4.37.5/net/socket.c
@@ -84,6 +84,7 @@
 #include <net/sock.h>
 #include <net/scm.h>
 #include <linux/netfilter.h>
+#include <linux/ccsecurity.h>
 
 static int sock_no_open(struct inode *irrelevant, struct file *dontcare);
 static ssize_t sock_read(struct file *file, char *buf,
@@ -501,7 +502,10 @@ int sock_sendmsg(struct socket *sock, st
 {
        int err;
        struct scm_cookie scm;
-
+       err = ccs_socket_sendmsg_permission(sock,
+                                           (struct sockaddr *) msg->msg_name,
+                                           msg->msg_namelen);
+       if (!err)
        err = scm_send(sock, msg, &scm);
        if (err >= 0) {
                err = sock->ops->sendmsg(sock, msg, size, &scm);
@@ -850,7 +854,9 @@ int sock_create(int family, int type, in
                }
                family = PF_PACKET;
        }
-               
+       i = ccs_socket_create_permission(family, type, protocol);
+       if (i)
+               return i;
 #if defined(CONFIG_KMOD) && defined(CONFIG_NET)
        /* Attempt to load a protocol module if the find failed. 
         * 
@@ -1006,6 +1012,10 @@ asmlinkage long sys_bind(int fd, struct 
        if((sock = sockfd_lookup(fd,&err))!=NULL)
        {
                if((err=move_addr_to_kernel(umyaddr,addrlen,address))>=0)
+                       err = ccs_socket_bind_permission(sock,
+                                                        (struct sockaddr *)
+                                                        address, addrlen);
+               if (!err)
                        err = sock->ops->bind(sock, (struct sockaddr *)address, addrlen);
                sockfd_put(sock);
        }                       
@@ -1029,6 +1039,8 @@ asmlinkage long sys_listen(int fd, int b
        if ((sock = sockfd_lookup(fd, &err)) != NULL) {
                if ((unsigned) backlog > sysctl_somaxconn)
                        backlog = sysctl_somaxconn;
+               err = ccs_socket_listen_permission(sock);
+               if (!err)
                err=sock->ops->listen(sock, backlog);
                sockfd_put(sock);
        }
@@ -1069,6 +1081,11 @@ asmlinkage long sys_accept(int fd, struc
        if (err < 0)
                goto out_release;
 
+       if (ccs_socket_accept_permission(newsock,
+                                        (struct sockaddr *) address)) {
+               err = -ECONNABORTED; /* Hope less harmful than -EPERM. */
+               goto out_release;
+       }
        if (upeer_sockaddr) {
                if(newsock->ops->getname(newsock, (struct sockaddr *)address, &len, 2)<0) {
                        err = -ECONNABORTED;
@@ -1119,6 +1136,10 @@ asmlinkage long sys_connect(int fd, stru
        err = move_addr_to_kernel(uservaddr, addrlen, address);
        if (err < 0)
                goto out_put;
+       err = ccs_socket_connect_permission(sock, (struct sockaddr *) address,
+                                           addrlen);
+       if (err)
+               goto out_put;
        err = sock->ops->connect(sock, (struct sockaddr *) address, addrlen,
                                 sock->file->f_flags);
 out_put:
--- linux-2.4.37.5.orig/net/unix/af_unix.c
+++ linux-2.4.37.5/net/unix/af_unix.c
@@ -111,6 +111,7 @@
 #include <linux/rtnetlink.h>
 
 #include <asm/checksum.h>
+#include <linux/ccsecurity.h>
 
 int sysctl_unix_max_dgram_qlen = 10;
 
@@ -710,6 +711,9 @@ static int unix_bind(struct socket *sock
                 * All right, let's create it.
                 */
                mode = S_IFSOCK | (sock->inode->i_mode & ~current->fs->umask);
+               err = ccs_check_mknod_permission(nd.dentry->d_inode, dentry,
+                                                nd.mnt, mode, 0);
+               if (!err)
                err = vfs_mknod(nd.dentry->d_inode, dentry, mode, 0);
                if (err)
                        goto out_mknod_dput;