オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/trunk/1.8.x/ccs-patch/patches/ccs-patch-2.4.37.diff

Annotation of /trunk/1.8.x/ccs-patch/patches/ccs-patch-2.4.37.diff

Parent Directory Parent Directory | Revision Log Revision Log

Revision 3141 - (hide annotations) (download) (as text)
Thu Nov 5 06:51:09 2009 UTC (14 years, 6 months ago) by kumaneko
Original Path: trunk/1.7.x/ccs-patch/patches/ccs-patch-2.4.37.diff
File MIME type: text/x-diff
File size: 41769 byte(s) 
Don't expose 'struct ccs_domain_info' to userspace.
1 kumaneko 3028 This is TOMOYO Linux patch for kernel 2.4.37.6.
2 kumaneko 1603
3 kumaneko 3028 Source code for this patch is http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.37.6.tar.bz2
4 kumaneko 1603 ---
5 kumaneko 2922 arch/alpha/kernel/ptrace.c | 3 +++
6     arch/arm/kernel/ptrace.c | 3 +++
7     arch/cris/kernel/ptrace.c | 3 +++
8     arch/i386/kernel/ptrace.c | 3 +++
9     arch/ia64/ia32/sys_ia32.c | 3 +++
10     arch/ia64/kernel/ptrace.c | 3 +++
11     arch/m68k/kernel/ptrace.c | 3 +++
12     arch/mips/kernel/ptrace.c | 3 +++
13     arch/mips64/kernel/ptrace.c | 5 +++++
14     arch/parisc/kernel/ptrace.c | 3 +++
15     arch/ppc/kernel/ptrace.c | 3 +++
16     arch/ppc64/kernel/ptrace.c | 3 +++
17     arch/ppc64/kernel/ptrace32.c | 3 +++
18     arch/s390/kernel/ptrace.c | 3 +++
19     arch/s390x/kernel/ptrace.c | 3 +++
20     arch/sh/kernel/ptrace.c | 3 +++
21     arch/sh64/kernel/ptrace.c | 3 +++
22     arch/sparc/kernel/ptrace.c | 5 +++++
23     arch/sparc64/kernel/ptrace.c | 5 +++++
24     arch/x86_64/ia32/ptrace32.c | 3 +++
25     arch/x86_64/kernel/ptrace.c | 3 +++
26     fs/Config.in | 3 +++
27     fs/Makefile | 2 ++
28     fs/exec.c | 12 +++++++++++-
29     fs/fcntl.c | 4 ++++
30     fs/ioctl.c | 10 ++++++++++
31     fs/namei.c | 40 ++++++++++++++++++++++++++++++++++++++++
32 kumaneko 3052 fs/namespace.c | 34 +++++++++++++++++++++++++++++++++-
33 kumaneko 2950 fs/open.c | 29 +++++++++++++++++++++++++++++
34 kumaneko 2922 fs/proc/proc_misc.c | 1 +
35 kumaneko 2926 include/linux/sched.h | 14 ++++++++++++++
36     kernel/kmod.c | 5 +++++
37 kumaneko 2922 kernel/module.c | 7 +++++++
38     kernel/sched.c | 3 +++
39     kernel/signal.c | 7 +++++++
40     kernel/sys.c | 9 +++++++++
41     kernel/sysctl.c | 13 ++++++++++++-
42     kernel/time.c | 7 +++++++
43     net/ipv4/raw.c | 4 ++++
44     net/ipv4/tcp_ipv4.c | 5 +++++
45     net/ipv4/udp.c | 8 ++++++++
46     net/ipv6/raw.c | 4 ++++
47     net/ipv6/tcp_ipv6.c | 3 +++
48     net/ipv6/udp.c | 8 ++++++++
49 kumaneko 3075 net/socket.c | 23 +++++++++++++++++++++--
50 kumaneko 2922 net/unix/af_unix.c | 4 ++++
51 kumaneko 3075 46 files changed, 323 insertions(+), 5 deletions(-)
52 kumaneko 1603
53 kumaneko 3028 --- linux-2.4.37.6.orig/arch/alpha/kernel/ptrace.c
54     +++ linux-2.4.37.6/arch/alpha/kernel/ptrace.c
55 kumaneko 2796 @@ -18,6 +18,7 @@
56 kumaneko 1603 #include <asm/pgtable.h>
57     #include <asm/system.h>
58     #include <asm/fpu.h>
59 kumaneko 2859 +#include <linux/ccsecurity.h>
60 kumaneko 1603
61     #include "proto.h"
62    
63 kumaneko 2796 @@ -251,6 +252,8 @@ sys_ptrace(long request, long pid, long
64 kumaneko 1603 {
65     struct task_struct *child;
66     long ret;
67 kumaneko 3111 + if (ccs_ptrace_permission(request, pid))
68 kumaneko 1603 + return -EPERM;
69    
70     lock_kernel();
71     DBG(DBG_MEM, ("request=%ld pid=%ld addr=0x%lx data=0x%lx\n",
72 kumaneko 3028 --- linux-2.4.37.6.orig/arch/arm/kernel/ptrace.c
73     +++ linux-2.4.37.6/arch/arm/kernel/ptrace.c
74 kumaneko 2796 @@ -22,6 +22,7 @@
75 kumaneko 1603 #include <asm/uaccess.h>
76     #include <asm/pgtable.h>
77     #include <asm/system.h>
78 kumaneko 2859 +#include <linux/ccsecurity.h>
79 kumaneko 1603
80     #include "ptrace.h"
81    
82 kumaneko 2796 @@ -695,6 +696,8 @@ asmlinkage int sys_ptrace(long request,
83 kumaneko 1603 {
84     struct task_struct *child;
85     int ret;
86 kumaneko 3111 + if (ccs_ptrace_permission(request, pid))
87 kumaneko 1603 + return -EPERM;
88    
89     lock_kernel();
90     ret = -EPERM;
91 kumaneko 3028 --- linux-2.4.37.6.orig/arch/cris/kernel/ptrace.c
92     +++ linux-2.4.37.6/arch/cris/kernel/ptrace.c
93 kumaneko 2796 @@ -48,6 +48,7 @@
94 kumaneko 1603 #include <asm/pgtable.h>
95     #include <asm/system.h>
96     #include <asm/processor.h>
97 kumaneko 2859 +#include <linux/ccsecurity.h>
98 kumaneko 1603
99     /*
100     * does not yet catch signals sent when the child dies.
101 kumaneko 2796 @@ -104,6 +105,8 @@ asmlinkage int sys_ptrace(long request,
102 kumaneko 1603 {
103     struct task_struct *child;
104     int ret;
105 kumaneko 3111 + if (ccs_ptrace_permission(request, pid))
106 kumaneko 1603 + return -EPERM;
107    
108     lock_kernel();
109     ret = -EPERM;
110 kumaneko 3028 --- linux-2.4.37.6.orig/arch/i386/kernel/ptrace.c
111     +++ linux-2.4.37.6/arch/i386/kernel/ptrace.c
112 kumaneko 2796 @@ -20,6 +20,7 @@
113 kumaneko 1603 #include <asm/processor.h>
114     #include <asm/i387.h>
115     #include <asm/debugreg.h>
116 kumaneko 2859 +#include <linux/ccsecurity.h>
117 kumaneko 1603
118     /*
119     * does not yet catch signals sent when the child dies.
120 kumaneko 2796 @@ -152,6 +153,8 @@ asmlinkage int sys_ptrace(long request,
121 kumaneko 1603 struct task_struct *child;
122     struct user * dummy = NULL;
123     int i, ret;
124 kumaneko 3111 + if (ccs_ptrace_permission(request, pid))
125 kumaneko 1603 + return -EPERM;
126    
127     lock_kernel();
128     ret = -EPERM;
129 kumaneko 3028 --- linux-2.4.37.6.orig/arch/ia64/ia32/sys_ia32.c
130     +++ linux-2.4.37.6/arch/ia64/ia32/sys_ia32.c
131 kumaneko 2796 @@ -57,6 +57,7 @@
132 kumaneko 1603 #include <net/scm.h>
133     #include <net/sock.h>
134     #include <asm/ia32.h>
135 kumaneko 2859 +#include <linux/ccsecurity.h>
136 kumaneko 1603
137     #define DEBUG 0
138    
139 kumaneko 2796 @@ -3131,6 +3132,8 @@ sys32_ptrace (int request, pid_t pid, un
140 kumaneko 1603 struct task_struct *child;
141     unsigned int value, tmp;
142     long i, ret;
143 kumaneko 3111 + if (ccs_ptrace_permission(request, pid))
144 kumaneko 1603 + return -EPERM;
145    
146     lock_kernel();
147     if (request == PTRACE_TRACEME) {
148 kumaneko 3028 --- linux-2.4.37.6.orig/arch/ia64/kernel/ptrace.c
149     +++ linux-2.4.37.6/arch/ia64/kernel/ptrace.c
150 kumaneko 2796 @@ -27,6 +27,7 @@
151 kumaneko 1603 #ifdef CONFIG_PERFMON
152     #include <asm/perfmon.h>
153     #endif
154 kumaneko 2859 +#include <linux/ccsecurity.h>
155 kumaneko 1603
156     #define offsetof(type,field) ((unsigned long) &((type *) 0)->field)
157    
158 kumaneko 2796 @@ -1273,6 +1274,8 @@ sys_ptrace (long request, pid_t pid, uns
159 kumaneko 1603 struct task_struct *child;
160     struct switch_stack *sw;
161     long ret;
162 kumaneko 3111 + if (ccs_ptrace_permission(request, pid))
163 kumaneko 1603 + return -EPERM;
164    
165     lock_kernel();
166     ret = -EPERM;
167 kumaneko 3028 --- linux-2.4.37.6.orig/arch/m68k/kernel/ptrace.c
168     +++ linux-2.4.37.6/arch/m68k/kernel/ptrace.c
169 kumaneko 2796 @@ -25,6 +25,7 @@
170 kumaneko 1603 #include <asm/pgtable.h>
171     #include <asm/system.h>
172     #include <asm/processor.h>
173 kumaneko 2859 +#include <linux/ccsecurity.h>
174 kumaneko 1603
175     /*
176     * does not yet catch signals sent when the child dies.
177 kumaneko 2796 @@ -104,6 +105,8 @@ asmlinkage int sys_ptrace(long request,
178 kumaneko 1603 {
179     struct task_struct *child;
180     int ret;
181 kumaneko 3111 + if (ccs_ptrace_permission(request, pid))
182 kumaneko 1603 + return -EPERM;
183    
184     lock_kernel();
185     ret = -EPERM;
186 kumaneko 3028 --- linux-2.4.37.6.orig/arch/mips/kernel/ptrace.c
187     +++ linux-2.4.37.6/arch/mips/kernel/ptrace.c
188 kumaneko 2796 @@ -28,6 +28,7 @@
189 kumaneko 1603 #include <asm/bootinfo.h>
190     #include <asm/cpu.h>
191     #include <asm/fpu.h>
192 kumaneko 2859 +#include <linux/ccsecurity.h>
193 kumaneko 1603
194     /*
195     * Called by kernel/ptrace.c when detaching..
196 kumaneko 2796 @@ -43,6 +44,8 @@ asmlinkage int sys_ptrace(long request,
197 kumaneko 1603 {
198     struct task_struct *child;
199     int ret;
200 kumaneko 3111 + if (ccs_ptrace_permission(request, pid))
201 kumaneko 1603 + return -EPERM;
202    
203     lock_kernel();
204     #if 0
205 kumaneko 3028 --- linux-2.4.37.6.orig/arch/mips64/kernel/ptrace.c
206     +++ linux-2.4.37.6/arch/mips64/kernel/ptrace.c
207 kumaneko 2796 @@ -30,6 +30,7 @@
208 kumaneko 1603 #include <asm/system.h>
209     #include <asm/uaccess.h>
210     #include <asm/bootinfo.h>
211 kumaneko 2859 +#include <linux/ccsecurity.h>
212 kumaneko 1603
213     /*
214     * Called by kernel/ptrace.c when detaching..
215 kumaneko 2796 @@ -49,6 +50,8 @@ asmlinkage int sys32_ptrace(int request,
216 kumaneko 1603 {
217     struct task_struct *child;
218     int ret;
219 kumaneko 3111 + if (ccs_ptrace_permission(request, pid))
220 kumaneko 1603 + return -EPERM;
221    
222     lock_kernel();
223     ret = -EPERM;
224 kumaneko 2796 @@ -288,6 +291,8 @@ asmlinkage int sys_ptrace(long request,
225 kumaneko 1603 {
226     struct task_struct *child;
227     int ret;
228 kumaneko 3111 + if (ccs_ptrace_permission(request, pid))
229 kumaneko 1603 + return -EPERM;
230    
231     lock_kernel();
232     #if 0
233 kumaneko 3028 --- linux-2.4.37.6.orig/arch/parisc/kernel/ptrace.c
234     +++ linux-2.4.37.6/arch/parisc/kernel/ptrace.c
235 kumaneko 2796 @@ -21,6 +21,7 @@
236 kumaneko 1603 #include <asm/system.h>
237     #include <asm/processor.h>
238     #include <asm/offset.h>
239 kumaneko 2859 +#include <linux/ccsecurity.h>
240 kumaneko 1603
241     /* These are used in entry.S, syscall_restore_rfi. We need to record the
242     * current stepping mode somewhere other than in PSW, because there is no
243 kumaneko 2796 @@ -94,6 +95,8 @@ long sys_ptrace(long request, pid_t pid,
244 kumaneko 1603 #ifdef DEBUG_PTRACE
245     long oaddr=addr, odata=data;
246     #endif
247 kumaneko 3111 + if (ccs_ptrace_permission(request, pid))
248 kumaneko 1603 + return -EPERM;
249    
250     lock_kernel();
251     ret = -EPERM;
252 kumaneko 3028 --- linux-2.4.37.6.orig/arch/ppc/kernel/ptrace.c
253     +++ linux-2.4.37.6/arch/ppc/kernel/ptrace.c
254 kumaneko 2796 @@ -29,6 +29,7 @@
255 kumaneko 1603 #include <asm/page.h>
256     #include <asm/pgtable.h>
257     #include <asm/system.h>
258 kumaneko 2859 +#include <linux/ccsecurity.h>
259 kumaneko 1603
260     /*
261     * Set of msr bits that gdb can change on behalf of a process.
262 kumaneko 2796 @@ -171,6 +172,8 @@ int sys_ptrace(long request, long pid, l
263 kumaneko 1603 {
264     struct task_struct *child;
265     int ret = -EPERM;
266 kumaneko 3111 + if (ccs_ptrace_permission(request, pid))
267 kumaneko 1603 + return -EPERM;
268    
269     lock_kernel();
270     if (request == PTRACE_TRACEME) {
271 kumaneko 3028 --- linux-2.4.37.6.orig/arch/ppc64/kernel/ptrace.c
272     +++ linux-2.4.37.6/arch/ppc64/kernel/ptrace.c
273 kumaneko 2796 @@ -30,6 +30,7 @@
274 kumaneko 1603 #include <asm/page.h>
275     #include <asm/pgtable.h>
276     #include <asm/system.h>
277 kumaneko 2859 +#include <linux/ccsecurity.h>
278 kumaneko 1603
279     /*
280     * Set of msr bits that gdb can change on behalf of a process.
281 kumaneko 2796 @@ -120,6 +121,8 @@ int sys_ptrace(long request, long pid, l
282 kumaneko 1603 {
283     struct task_struct *child;
284     int ret = -EPERM;
285 kumaneko 3111 + if (ccs_ptrace_permission(request, pid))
286 kumaneko 1603 + return -EPERM;
287    
288     lock_kernel();
289     if (request == PTRACE_TRACEME) {
290 kumaneko 3028 --- linux-2.4.37.6.orig/arch/ppc64/kernel/ptrace32.c
291     +++ linux-2.4.37.6/arch/ppc64/kernel/ptrace32.c
292 kumaneko 2796 @@ -30,6 +30,7 @@
293 kumaneko 1603 #include <asm/page.h>
294     #include <asm/pgtable.h>
295     #include <asm/system.h>
296 kumaneko 2859 +#include <linux/ccsecurity.h>
297 kumaneko 1603
298     #ifdef CONFIG_ALTIVEC
299     /*
300 kumaneko 2796 @@ -121,6 +122,8 @@ int sys32_ptrace(long request, long pid,
301 kumaneko 1603 {
302     struct task_struct *child;
303     int ret = -EPERM;
304 kumaneko 3111 + if (ccs_ptrace_permission(request, pid))
305 kumaneko 1603 + return -EPERM;
306    
307     lock_kernel();
308     if (request == PTRACE_TRACEME) {
309 kumaneko 3028 --- linux-2.4.37.6.orig/arch/s390/kernel/ptrace.c
310     +++ linux-2.4.37.6/arch/s390/kernel/ptrace.c
311 kumaneko 2796 @@ -37,6 +37,7 @@
312 kumaneko 1603 #include <asm/pgalloc.h>
313     #include <asm/system.h>
314     #include <asm/uaccess.h>
315 kumaneko 2859 +#include <linux/ccsecurity.h>
316 kumaneko 1603
317    
318     void FixPerRegisters(struct task_struct *task)
319 kumaneko 2796 @@ -221,6 +222,8 @@ asmlinkage int sys_ptrace(long request,
320 kumaneko 1603 unsigned long tmp;
321     int copied;
322     ptrace_area parea;
323 kumaneko 3111 + if (ccs_ptrace_permission(request, pid))
324 kumaneko 1603 + return -EPERM;
325    
326     lock_kernel();
327     if (request == PTRACE_TRACEME)
328 kumaneko 3028 --- linux-2.4.37.6.orig/arch/s390x/kernel/ptrace.c
329     +++ linux-2.4.37.6/arch/s390x/kernel/ptrace.c
330 kumaneko 2796 @@ -43,6 +43,7 @@
331 kumaneko 1603 #else
332     #define parent_31bit 0
333     #endif
334 kumaneko 2859 +#include <linux/ccsecurity.h>
335 kumaneko 1603
336    
337     void FixPerRegisters(struct task_struct *task)
338 kumaneko 2796 @@ -431,6 +432,8 @@ asmlinkage int sys_ptrace(long request,
339 kumaneko 1603 #define sizeof_parent_long 8
340     #define dataptr (u8 *)&data
341     #endif
342 kumaneko 3111 + if (ccs_ptrace_permission(request, pid))
343 kumaneko 1603 + return -EPERM;
344     lock_kernel();
345     if (request == PTRACE_TRACEME)
346     {
347 kumaneko 3028 --- linux-2.4.37.6.orig/arch/sh/kernel/ptrace.c
348     +++ linux-2.4.37.6/arch/sh/kernel/ptrace.c
349 kumaneko 2796 @@ -26,6 +26,7 @@
350 kumaneko 1603 #include <asm/system.h>
351     #include <asm/processor.h>
352     #include <asm/mmu_context.h>
353 kumaneko 2859 +#include <linux/ccsecurity.h>
354 kumaneko 1603
355     /*
356     * does not yet catch signals sent when the child dies.
357 kumaneko 2796 @@ -144,6 +145,8 @@ asmlinkage int sys_ptrace(long request,
358 kumaneko 1603 struct task_struct *child, *tsk = current;
359     struct user * dummy = NULL;
360     int ret;
361 kumaneko 3111 + if (ccs_ptrace_permission(request, pid))
362 kumaneko 1603 + return -EPERM;
363    
364     lock_kernel();
365     ret = -EPERM;
366 kumaneko 3028 --- linux-2.4.37.6.orig/arch/sh64/kernel/ptrace.c
367     +++ linux-2.4.37.6/arch/sh64/kernel/ptrace.c
368 kumaneko 2796 @@ -32,6 +32,7 @@
369 kumaneko 1603 #include <asm/system.h>
370     #include <asm/processor.h>
371     #include <asm/mmu_context.h>
372 kumaneko 2859 +#include <linux/ccsecurity.h>
373 kumaneko 1603
374     /* This mask defines the bits of the SR which the user is not allowed to
375     change, which are everything except S, Q, M, PR, SZ, FR. */
376 kumaneko 2796 @@ -122,6 +123,8 @@ asmlinkage int sys_ptrace(long request,
377 kumaneko 1603 {
378     struct task_struct *child, *tsk = current;
379     int ret;
380 kumaneko 3111 + if (ccs_ptrace_permission(request, pid))
381 kumaneko 1603 + return -EPERM;
382    
383     lock_kernel();
384     ret = -EPERM;
385 kumaneko 3028 --- linux-2.4.37.6.orig/arch/sparc/kernel/ptrace.c
386     +++ linux-2.4.37.6/arch/sparc/kernel/ptrace.c
387 kumaneko 2796 @@ -21,6 +21,7 @@
388 kumaneko 1603 #include <asm/pgtable.h>
389     #include <asm/system.h>
390     #include <asm/uaccess.h>
391 kumaneko 2859 +#include <linux/ccsecurity.h>
392 kumaneko 1603
393     #define MAGIC_CONSTANT 0x80000000
394    
395 kumaneko 2796 @@ -262,6 +263,10 @@ asmlinkage void do_ptrace(struct pt_regs
396 kumaneko 1603 unsigned long data = regs->u_regs[UREG_I3];
397     unsigned long addr2 = regs->u_regs[UREG_I4];
398     struct task_struct *child;
399 kumaneko 3111 + if (ccs_ptrace_permission(request, pid)) {
400 kumaneko 1603 + pt_error_return(regs, EPERM);
401     + return;
402     + }
403    
404     lock_kernel();
405     #ifdef DEBUG_PTRACE
406 kumaneko 3028 --- linux-2.4.37.6.orig/arch/sparc64/kernel/ptrace.c
407     +++ linux-2.4.37.6/arch/sparc64/kernel/ptrace.c
408 kumaneko 2796 @@ -26,6 +26,7 @@
409 kumaneko 1603 #include <asm/psrcompat.h>
410     #include <asm/visasm.h>
411     #include <asm/spitfire.h>
412 kumaneko 2859 +#include <linux/ccsecurity.h>
413 kumaneko 1603
414     #define MAGIC_CONSTANT 0x80000000
415    
416 kumaneko 2796 @@ -108,6 +109,10 @@ asmlinkage void do_ptrace(struct pt_regs
417 kumaneko 1603 unsigned long data = regs->u_regs[UREG_I3];
418     unsigned long addr2 = regs->u_regs[UREG_I4];
419     struct task_struct *child;
420 kumaneko 3111 + if (ccs_ptrace_permission(request, pid)) {
421 kumaneko 1603 + pt_error_return(regs, EPERM);
422     + return;
423     + }
424    
425     if (current->thread.flags & SPARC_FLAG_32BIT) {
426     addr &= 0xffffffffUL;
427 kumaneko 3028 --- linux-2.4.37.6.orig/arch/x86_64/ia32/ptrace32.c
428     +++ linux-2.4.37.6/arch/x86_64/ia32/ptrace32.c
429 kumaneko 2796 @@ -24,6 +24,7 @@
430 kumaneko 1603 #include <asm/i387.h>
431     #include <asm/fpu32.h>
432     #include <linux/mm.h>
433 kumaneko 2859 +#include <linux/ccsecurity.h>
434 kumaneko 1603
435     /* determines which flags the user has access to. */
436     /* 1 = access 0 = no access */
437 kumaneko 2796 @@ -203,6 +204,8 @@ asmlinkage long sys32_ptrace(long reques
438 kumaneko 1603 struct pt_regs *childregs;
439     int ret;
440     __u32 val;
441 kumaneko 3111 + if (ccs_ptrace_permission(request, pid))
442 kumaneko 1603 + return -EPERM;
443    
444     switch (request) {
445     case PTRACE_TRACEME:
446 kumaneko 3028 --- linux-2.4.37.6.orig/arch/x86_64/kernel/ptrace.c
447     +++ linux-2.4.37.6/arch/x86_64/kernel/ptrace.c
448 kumaneko 2796 @@ -22,6 +22,7 @@
449 kumaneko 1603 #include <asm/processor.h>
450     #include <asm/i387.h>
451     #include <asm/debugreg.h>
452 kumaneko 2859 +#include <linux/ccsecurity.h>
453 kumaneko 1603
454     /*
455     * does not yet catch signals sent when the child dies.
456 kumaneko 2796 @@ -180,6 +181,8 @@ asmlinkage long sys_ptrace(long request,
457 kumaneko 1603 struct task_struct *child;
458     struct user * dummy = NULL;
459     long i, ret;
460 kumaneko 3111 + if (ccs_ptrace_permission(request, pid))
461 kumaneko 1603 + return -EPERM;
462    
463     /* This lock_kernel fixes a subtle race with suid exec */
464     lock_kernel();
465 kumaneko 3028 --- linux-2.4.37.6.orig/fs/Config.in
466     +++ linux-2.4.37.6/fs/Config.in
467 kumaneko 1603 @@ -176,4 +176,7 @@ comment 'Partition Types'
468     source fs/partitions/Config.in
469     endmenu
470     source fs/nls/Config.in
471     +
472 kumaneko 2886 endmenu
473     +
474 kumaneko 2858 +source security/ccsecurity/Config.in
475 kumaneko 3028 --- linux-2.4.37.6.orig/fs/Makefile
476     +++ linux-2.4.37.6/fs/Makefile
477 kumaneko 2921 @@ -80,5 +80,7 @@ obj-$(CONFIG_BINFMT_ELF) += binfmt_elf.o
478 kumaneko 1603 # persistent filesystems
479     obj-y += $(join $(subdir-y),$(subdir-y:%=/%.o))
480    
481 kumaneko 2921 +subdir-$(CONFIG_CCSECURITY) += ../security/ccsecurity
482     +obj-$(CONFIG_CCSECURITY) += ../security/ccsecurity/ccsecurity.o
483    
484     include $(TOPDIR)/Rules.make
485 kumaneko 3028 --- linux-2.4.37.6.orig/fs/exec.c
486     +++ linux-2.4.37.6/fs/exec.c
487 kumaneko 2796 @@ -48,6 +48,8 @@
488 kumaneko 1603 #include <linux/kmod.h>
489     #endif
490    
491 kumaneko 2859 +#include <linux/ccsecurity.h>
492 kumaneko 1603 +
493     int core_uses_pid;
494     char core_pattern[65] = "core";
495     int core_setuid_ok = 0;
496 kumaneko 2796 @@ -125,6 +127,10 @@ asmlinkage long sys_uselib(const char *
497 kumaneko 1603 if (error)
498     goto exit;
499    
500 kumaneko 2922 + error = ccs_uselib_permission(nd.dentry, nd.mnt);
501 kumaneko 1603 + if (error)
502     + goto exit;
503     +
504     file = dentry_open(nd.dentry, nd.mnt, O_RDONLY);
505     error = PTR_ERR(file);
506     if (IS_ERR(file))
507 kumaneko 2796 @@ -389,6 +395,9 @@ struct file *open_exec(const char *name)
508 kumaneko 1603 int err = permission(inode, MAY_EXEC);
509     if (!err && !(inode->i_mode & 0111))
510     err = -EACCES;
511 kumaneko 2306 + if (!err)
512 kumaneko 2922 + err = ccs_open_exec_permission(nd.dentry,
513 kumaneko 2306 + nd.mnt);
514 kumaneko 1603 file = ERR_PTR(err);
515     if (!err) {
516     file = dentry_open(nd.dentry, nd.mnt, O_RDONLY);
517 kumaneko 2822 @@ -989,7 +998,8 @@ int do_execve(char * filename, char ** a
518 kumaneko 1603 if (retval < 0)
519     goto out;
520    
521     - retval = search_binary_handler(&bprm,regs);
522 kumaneko 2300 + retval = ccs_search_binary_handler(&bprm, regs);
523 kumaneko 1603 +
524     if (retval >= 0)
525     /* execve success */
526     return retval;
527 kumaneko 3028 --- linux-2.4.37.6.orig/fs/fcntl.c
528     +++ linux-2.4.37.6/fs/fcntl.c
529 kumaneko 2796 @@ -16,6 +16,7 @@
530 kumaneko 1603 #include <asm/poll.h>
531     #include <asm/siginfo.h>
532     #include <asm/uaccess.h>
533 kumaneko 2859 +#include <linux/ccsecurity.h>
534 kumaneko 1603
535     extern int sock_fcntl (struct file *, unsigned int cmd, unsigned long arg);
536     extern int fcntl_setlease(unsigned int fd, struct file *filp, long arg);
537 kumaneko 2796 @@ -214,6 +215,9 @@ static int setfl(int fd, struct file * f
538 kumaneko 1603 if (!(arg & O_APPEND) && IS_APPEND(inode))
539     return -EPERM;
540    
541 kumaneko 2922 + if (!(arg & O_APPEND) && ccs_rewrite_permission(filp))
542 kumaneko 1603 + return -EPERM;
543     +
544     /* Did FASYNC state change? */
545     if ((arg ^ filp->f_flags) & FASYNC) {
546     if (filp->f_op && filp->f_op->fasync) {
547 kumaneko 3028 --- linux-2.4.37.6.orig/fs/ioctl.c
548     +++ linux-2.4.37.6/fs/ioctl.c
549 kumaneko 2796 @@ -10,6 +10,7 @@
550 kumaneko 1603
551     #include <asm/uaccess.h>
552     #include <asm/ioctls.h>
553 kumaneko 2859 +#include <linux/ccsecurity.h>
554 kumaneko 1603
555     static int file_ioctl(struct file *filp,unsigned int cmd,unsigned long arg)
556     {
557 kumaneko 2796 @@ -55,6 +56,11 @@ asmlinkage long sys_ioctl(unsigned int f
558 kumaneko 2279 filp = fget(fd);
559     if (!filp)
560     goto out;
561 kumaneko 2922 + error = ccs_ioctl_permission(filp, cmd, arg);
562 kumaneko 2283 + if (error) {
563     + fput(filp);
564 kumaneko 2279 + goto out;
565 kumaneko 2283 + }
566 kumaneko 2279 error = 0;
567     lock_kernel();
568     switch (cmd) {
569 kumaneko 2796 @@ -112,6 +118,10 @@ asmlinkage long sys_ioctl(unsigned int f
570 kumaneko 1603 error = -ENOTTY;
571     break;
572     default:
573 kumaneko 2282 + if (!ccs_capable(CCS_SYS_IOCTL)) {
574 kumaneko 1603 + error = -EPERM;
575     + break;
576     + }
577     error = -ENOTTY;
578     if (S_ISREG(filp->f_dentry->d_inode->i_mode))
579     error = file_ioctl(filp, cmd, arg);
580 kumaneko 3028 --- linux-2.4.37.6.orig/fs/namei.c
581     +++ linux-2.4.37.6/fs/namei.c
582 kumaneko 2796 @@ -28,6 +28,9 @@
583 kumaneko 1603
584     #define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE])
585    
586 kumaneko 2859 +#include <linux/ccsecurity.h>
587 kumaneko 1603 +#include <linux/module.h>
588     +
589     /* [Feb-1997 T. Schoebel-Theuer]
590     * Fundamental changes in the pathname lookup mechanisms (namei)
591     * were necessary because of omirr. The reason is that omirr needs
592 kumaneko 2796 @@ -1003,6 +1006,7 @@ exit_lock:
593 kumaneko 1603 return error;
594     }
595    
596 kumaneko 2859 +#include <linux/ccsecurity_vfs.h>
597 kumaneko 1603 /*
598     * open_namei()
599     *
600 kumaneko 2922 @@ -1068,6 +1072,9 @@ do_last:
601 kumaneko 1603
602     /* Negative dentry, just create the file */
603     if (!dentry->d_inode) {
604 kumaneko 2922 + error = ccs_mknod_permission(dir->d_inode, dentry, nd->mnt,
605     + mode & ~current->fs->umask, 0);
606 kumaneko 1603 + if (!error)
607     error = vfs_create(dir->d_inode, dentry,
608     mode & ~current->fs->umask);
609     up(&dir->d_inode->i_sem);
610 kumaneko 2922 @@ -1154,6 +1161,11 @@ ok:
611 kumaneko 1603 goto exit;
612     }
613    
614     + /* includes O_APPEND and O_TRUNC checks */
615 kumaneko 2922 + error = ccs_open_permission(dentry, nd->mnt, flag);
616 kumaneko 1603 + if (error)
617     + goto exit;
618     +
619     /*
620     * Ensure there are no outstanding leases on the file.
621     */
622 kumaneko 2922 @@ -1292,6 +1304,7 @@ asmlinkage long sys_mknod(const char * f
623 kumaneko 1603
624     if (S_ISDIR(mode))
625     return -EPERM;
626     +
627     tmp = getname(filename);
628     if (IS_ERR(tmp))
629     return PTR_ERR(tmp);
630 kumaneko 2922 @@ -1304,6 +1317,10 @@ asmlinkage long sys_mknod(const char * f
631 kumaneko 2290
632     mode &= ~current->fs->umask;
633 kumaneko 1603 if (!IS_ERR(dentry)) {
634 kumaneko 2922 + error = ccs_mknod_permission(nd.dentry->d_inode, dentry,
635     + nd.mnt, mode, dev);
636 kumaneko 2297 + if (error)
637     + goto out_dput;
638 kumaneko 1603 switch (mode & S_IFMT) {
639     case 0: case S_IFREG:
640     error = vfs_create(nd.dentry->d_inode,dentry,mode);
641 kumaneko 2922 @@ -1317,6 +1334,7 @@ asmlinkage long sys_mknod(const char * f
642 kumaneko 2297 default:
643     error = -EINVAL;
644     }
645     +out_dput:
646     dput(dentry);
647     }
648     up(&nd.dentry->d_inode->i_sem);
649 kumaneko 2922 @@ -1370,6 +1388,9 @@ asmlinkage long sys_mkdir(const char * p
650 kumaneko 1603 dentry = lookup_create(&nd, 1);
651     error = PTR_ERR(dentry);
652     if (!IS_ERR(dentry)) {
653 kumaneko 2922 + error = ccs_mkdir_permission(nd.dentry->d_inode,
654     + dentry, nd.mnt, mode);
655 kumaneko 1603 + if (!error)
656     error = vfs_mkdir(nd.dentry->d_inode, dentry,
657     mode & ~current->fs->umask);
658     dput(dentry);
659 kumaneko 2922 @@ -1479,6 +1500,9 @@ asmlinkage long sys_rmdir(const char * p
660 kumaneko 1603 dentry = lookup_hash(&nd.last, nd.dentry);
661     error = PTR_ERR(dentry);
662     if (!IS_ERR(dentry)) {
663 kumaneko 2922 + error = ccs_rmdir_permission(nd.dentry->d_inode, dentry,
664     + nd.mnt);
665 kumaneko 1603 + if (!error)
666     error = vfs_rmdir(nd.dentry->d_inode, dentry);
667     dput(dentry);
668     }
669 kumaneko 2922 @@ -1548,6 +1572,10 @@ asmlinkage long sys_unlink(const char *
670 kumaneko 1603 /* Why not before? Because we want correct error value */
671     if (nd.last.name[nd.last.len])
672     goto slashes;
673 kumaneko 2922 + error = ccs_unlink_permission(nd.dentry->d_inode, dentry,
674     + nd.mnt);
675 kumaneko 2297 + if (error)
676     + goto exit2;
677 kumaneko 1603 error = vfs_unlink(nd.dentry->d_inode, dentry);
678     exit2:
679     dput(dentry);
680 kumaneko 2922 @@ -1612,6 +1640,9 @@ asmlinkage long sys_symlink(const char *
681 kumaneko 1603 dentry = lookup_create(&nd, 0);
682     error = PTR_ERR(dentry);
683     if (!IS_ERR(dentry)) {
684 kumaneko 2922 + error = ccs_symlink_permission(nd.dentry->d_inode,
685     + dentry, nd.mnt, from);
686 kumaneko 1603 + if (!error)
687     error = vfs_symlink(nd.dentry->d_inode, dentry, from);
688     dput(dentry);
689     }
690 kumaneko 2922 @@ -1698,6 +1729,10 @@ asmlinkage long sys_link(const char * ol
691 kumaneko 1603 new_dentry = lookup_create(&nd, 0);
692     error = PTR_ERR(new_dentry);
693     if (!IS_ERR(new_dentry)) {
694 kumaneko 2922 + error = ccs_link_permission(old_nd.dentry,
695     + nd.dentry->d_inode,
696     + new_dentry, nd.mnt);
697 kumaneko 1603 + if (!error)
698     error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
699     dput(new_dentry);
700     }
701 kumaneko 2922 @@ -1928,12 +1963,17 @@ static inline int do_rename(const char *
702 kumaneko 1603 error = PTR_ERR(new_dentry);
703     if (IS_ERR(new_dentry))
704     goto exit4;
705 kumaneko 2922 + error = ccs_rename_permission(old_dir->d_inode, old_dentry,
706     + new_dir->d_inode, new_dentry, newnd.mnt);
707 kumaneko 2290 + if (error)
708     + goto exit5;
709 kumaneko 1603
710     lock_kernel();
711     error = vfs_rename(old_dir->d_inode, old_dentry,
712 kumaneko 2290 new_dir->d_inode, new_dentry);
713     unlock_kernel();
714    
715     +exit5:
716     dput(new_dentry);
717     exit4:
718     dput(old_dentry);
719 kumaneko 3028 --- linux-2.4.37.6.orig/fs/namespace.c
720     +++ linux-2.4.37.6/fs/namespace.c
721 kumaneko 2859 @@ -21,6 +21,8 @@
722 kumaneko 1603 #include <linux/seq_file.h>
723     #include <linux/namespace.h>
724    
725 kumaneko 2859 +#include <linux/ccsecurity.h>
726 kumaneko 1603 +
727     struct vfsmount *do_kern_mount(const char *type, int flags, char *name, void *data);
728     int do_remount_sb(struct super_block *sb, int flags, void * data);
729     void kill_super(struct super_block *sb);
730 kumaneko 3052 @@ -290,6 +292,9 @@ static int do_umount(struct vfsmount *mn
731 kumaneko 1603 {
732     struct super_block * sb = mnt->mnt_sb;
733     int retval = 0;
734 kumaneko 3052 + retval = ccs_umount_permission(mnt, flags);
735     + if (retval)
736     + return retval;
737 kumaneko 1603
738     /*
739     * If we may have to abort operations to get out of this
740 kumaneko 3052 @@ -365,6 +370,8 @@ asmlinkage long sys_umount(char * name,
741 kumaneko 1603 {
742     struct nameidata nd;
743     int retval;
744 kumaneko 2282 + if (!ccs_capable(CCS_SYS_UMOUNT))
745 kumaneko 1603 + return -EPERM;
746    
747     retval = __user_walk(name, LOOKUP_POSITIVE|LOOKUP_FOLLOW, &nd);
748     if (retval)
749 kumaneko 3052 @@ -500,6 +507,9 @@ static int do_loopback(struct nameidata
750 kumaneko 1603 down_write(&current->namespace->sem);
751     err = -EINVAL;
752     if (check_mnt(nd->mnt) && (!recurse || check_mnt(old_nd.mnt))) {
753     + err = -EPERM;
754     + if (ccs_may_mount(nd))
755     + goto out;
756     err = -ENOMEM;
757     if (recurse)
758     mnt = copy_tree(old_nd.mnt, old_nd.dentry);
759 kumaneko 3052 @@ -516,7 +526,7 @@ static int do_loopback(struct nameidata
760 kumaneko 1603 } else
761     mntput(mnt);
762     }
763     -
764     + out:
765     up_write(&current->namespace->sem);
766     path_release(&old_nd);
767     return err;
768 kumaneko 3052 @@ -570,6 +580,10 @@ static int do_move_mount(struct nameidat
769 kumaneko 1603 if (!check_mnt(nd->mnt) || !check_mnt(old_nd.mnt))
770     goto out;
771    
772     + err = -EPERM;
773 kumaneko 3009 + if (ccs_may_mount(nd))
774 kumaneko 1603 + goto out;
775     +
776     err = -ENOENT;
777     down(&nd->dentry->d_inode->i_zombie);
778     if (IS_DEADDIR(nd->dentry->d_inode))
779 kumaneko 3052 @@ -641,6 +655,10 @@ static int do_add_mount(struct nameidata
780 kumaneko 1603 if (nd->mnt->mnt_sb == mnt->mnt_sb && nd->mnt->mnt_root == nd->dentry)
781     goto unlock;
782    
783     + err = -EPERM;
784     + if (ccs_may_mount(nd))
785     + goto unlock;
786     +
787     mnt->mnt_flags = mnt_flags;
788     err = graft_tree(mnt, nd);
789     unlock:
790 kumaneko 3052 @@ -700,6 +718,7 @@ static int copy_mount_options (const voi
791     long do_mount(char * dev_name, char * dir_name, char *type_page,
792     unsigned long flags, void *data_page)
793     {
794     + const unsigned long original_flags = flags;
795     struct nameidata nd;
796     int retval = 0;
797     int mnt_flags = 0;
798     @@ -732,6 +751,11 @@ long do_mount(char * dev_name, char * di
799     if (retval)
800     return retval;
801 kumaneko 1603
802 kumaneko 3052 + retval = ccs_mount_permission(dev_name, &nd, type_page,
803     + original_flags, data_page);
804 kumaneko 1603 + if (retval)
805 kumaneko 3052 + goto out;
806 kumaneko 1603 +
807 kumaneko 3052 if (flags & MS_REMOUNT)
808     retval = do_remount(&nd, flags & ~MS_REMOUNT, mnt_flags,
809     data_page);
810     @@ -742,6 +766,7 @@ long do_mount(char * dev_name, char * di
811     else
812     retval = do_add_mount(&nd, type_page, flags, mnt_flags,
813     dev_name, data_page);
814     + out:
815     path_release(&nd);
816     return retval;
817     }
818     @@ -911,6 +936,8 @@ asmlinkage long sys_pivot_root(const cha
819 kumaneko 1603
820     if (!capable(CAP_SYS_ADMIN))
821     return -EPERM;
822 kumaneko 2282 + if (!ccs_capable(CCS_SYS_PIVOT_ROOT))
823 kumaneko 1603 + return -EPERM;
824    
825     lock_kernel();
826    
827 kumaneko 3052 @@ -925,6 +952,11 @@ asmlinkage long sys_pivot_root(const cha
828 kumaneko 1603 if (error)
829     goto out1;
830    
831 kumaneko 2922 + error = ccs_pivot_root_permission(&old_nd, &new_nd);
832 kumaneko 1603 + if (error) {
833     + path_release(&old_nd);
834     + goto out1;
835     + }
836     read_lock(&current->fs->lock);
837     user_nd.mnt = mntget(current->fs->rootmnt);
838     user_nd.dentry = dget(current->fs->root);
839 kumaneko 3028 --- linux-2.4.37.6.orig/fs/open.c
840     +++ linux-2.4.37.6/fs/open.c
841 kumaneko 2859 @@ -20,6 +20,8 @@
842 kumaneko 1603
843     #define special_file(m) (S_ISCHR(m)||S_ISBLK(m)||S_ISFIFO(m)||S_ISSOCK(m))
844    
845 kumaneko 2859 +#include <linux/ccsecurity.h>
846 kumaneko 1603 +
847     int vfs_statfs(struct super_block *sb, struct statfs *buf)
848     {
849     int retval = -ENODEV;
850 kumaneko 2859 @@ -164,6 +166,9 @@ static inline long do_sys_truncate(const
851 kumaneko 1603 if (error)
852     goto dput_and_out;
853    
854 kumaneko 2922 + error = ccs_truncate_permission(nd.dentry, nd.mnt, length, 0);
855 kumaneko 1603 + if (!error)
856     +
857     error = locks_verify_truncate(inode, NULL, length);
858     if (!error) {
859     DQUOT_INIT(inode);
860 kumaneko 2922 @@ -217,6 +222,9 @@ static inline long do_sys_ftruncate(unsi
861 kumaneko 1603 if (IS_APPEND(inode))
862     goto out_putf;
863    
864 kumaneko 2922 + error = ccs_truncate_permission(dentry, file->f_vfsmnt, length, 0);
865 kumaneko 1603 + if (error)
866     + goto out_putf;
867     error = locks_verify_truncate(inode, file, length);
868     if (!error)
869     error = do_truncate(dentry, length);
870 kumaneko 2922 @@ -466,6 +474,10 @@ asmlinkage long sys_chroot(const char *
871 kumaneko 1603 error = -EPERM;
872     if (!capable(CAP_SYS_CHROOT))
873     goto dput_and_out;
874 kumaneko 2282 + if (!ccs_capable(CCS_SYS_CHROOT))
875 kumaneko 1603 + goto dput_and_out;
876 kumaneko 2922 + if (ccs_chroot_permission(&nd))
877 kumaneko 1603 + goto dput_and_out;
878    
879     set_fs_root(current->fs, nd.mnt, nd.dentry);
880     set_fs_altroot();
881 kumaneko 2922 @@ -497,6 +509,9 @@ asmlinkage long sys_fchmod(unsigned int
882 kumaneko 2869 err = -EPERM;
883     if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
884     goto out_putf;
885     + err = ccs_chmod_permission(dentry, file->f_vfsmnt, mode);
886     + if (err)
887     + goto out_putf;
888     if (mode == (mode_t) -1)
889     mode = inode->i_mode;
890     newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
891 kumaneko 2922 @@ -528,6 +543,9 @@ asmlinkage long sys_chmod(const char * f
892 kumaneko 2869 error = -EPERM;
893     if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
894     goto dput_and_out;
895     + error = ccs_chmod_permission(nd.dentry, nd.mnt, mode);
896     + if (error)
897     + goto dput_and_out;
898    
899     if (mode == (mode_t) -1)
900     mode = inode->i_mode;
901 kumaneko 2922 @@ -608,6 +626,8 @@ asmlinkage long sys_chown(const char * f
902 kumaneko 2869
903     error = user_path_walk(filename, &nd);
904     if (!error) {
905     + error = ccs_chown_permission(nd.dentry, nd.mnt, user, group);
906     + if (!error)
907     error = chown_common(nd.dentry, user, group);
908     path_release(&nd);
909     }
910 kumaneko 2922 @@ -621,6 +641,8 @@ asmlinkage long sys_lchown(const char *
911 kumaneko 2869
912     error = user_path_walk_link(filename, &nd);
913     if (!error) {
914     + error = ccs_chown_permission(nd.dentry, nd.mnt, user, group);
915     + if (!error)
916     error = chown_common(nd.dentry, user, group);
917     path_release(&nd);
918     }
919 kumaneko 2922 @@ -635,6 +657,9 @@ asmlinkage long sys_fchown(unsigned int
920 kumaneko 2869
921     file = fget(fd);
922     if (file) {
923     + error = ccs_chown_permission(file->f_dentry, file->f_vfsmnt,
924     + user, group);
925     + if (!error)
926     error = chown_common(file->f_dentry, user, group);
927     fput(file);
928     }
929 kumaneko 2950 @@ -666,7 +691,9 @@ struct file *filp_open(const char * file
930     if (namei_flags & O_TRUNC)
931     namei_flags |= 2;
932    
933     + ccs_save_open_mode(flags);
934     error = open_namei(filename, namei_flags, mode, &nd);
935     + ccs_clear_open_mode();
936     if (!error)
937     return dentry_open(nd.dentry, nd.mnt, flags);
938    
939     @@ -897,6 +924,8 @@ out_unlock:
940 kumaneko 1603 */
941     asmlinkage long sys_vhangup(void)
942     {
943 kumaneko 2282 + if (!ccs_capable(CCS_SYS_VHANGUP))
944 kumaneko 1603 + return -EPERM;
945     if (capable(CAP_SYS_TTY_CONFIG)) {
946     tty_vhangup(current->tty);
947     return 0;
948 kumaneko 3028 --- linux-2.4.37.6.orig/fs/proc/proc_misc.c
949     +++ linux-2.4.37.6/fs/proc/proc_misc.c
950 kumaneko 2796 @@ -670,4 +670,5 @@ void __init proc_misc_init(void)
951 kumaneko 1603 entry->proc_fops = &ppc_htab_operations;
952     }
953     #endif
954 kumaneko 3111 + printk(KERN_INFO "Hook version: 2.4.37.6 2009/10/20\n");
955 kumaneko 1603 }
956 kumaneko 3028 --- linux-2.4.37.6.orig/include/linux/sched.h
957     +++ linux-2.4.37.6/include/linux/sched.h
958 kumaneko 3141 @@ -123,6 +123,15 @@ struct completion;
959 kumaneko 1603
960 kumaneko 3141 #ifdef __KERNEL__
961 kumaneko 1603
962 kumaneko 2926 +#ifdef CONFIG_CCSECURITY
963 kumaneko 2282 +struct ccs_domain_info;
964 kumaneko 2926 +#define INIT_CCSECURITY \
965     + .ccs_domain_info = NULL, \
966     + .ccs_flags = 0,
967     +#else
968     +#define INIT_CCSECURITY
969     +#endif
970 kumaneko 1603 +
971 kumaneko 3141 #include <linux/spinlock.h>
972    
973 kumaneko 1603 /*
974 kumaneko 2926 @@ -417,6 +426,10 @@ struct task_struct {
975 kumaneko 1811 void *journal_info;
976 kumaneko 1603
977 kumaneko 1811 struct list_head *scm_work_list;
978 kumaneko 2926 +#ifdef CONFIG_CCSECURITY
979 kumaneko 2282 + struct ccs_domain_info *ccs_domain_info;
980     + u32 ccs_flags;
981 kumaneko 2926 +#endif
982 kumaneko 1603 };
983    
984     /*
985 kumaneko 2926 @@ -512,6 +525,7 @@ extern struct exec_domain default_exec_d
986 kumaneko 1603 blocked: {{0}}, \
987     alloc_lock: SPIN_LOCK_UNLOCKED, \
988     journal_info: NULL, \
989 kumaneko 2926 + INIT_CCSECURITY \
990 kumaneko 1603 }
991    
992    
993 kumaneko 3028 --- linux-2.4.37.6.orig/kernel/kmod.c
994     +++ linux-2.4.37.6/kernel/kmod.c
995 kumaneko 2926 @@ -134,6 +134,11 @@ int exec_usermodehelper(char *program_pa
996 kumaneko 1603 /* Allow execve args to be in kernel space. */
997     set_fs(KERNEL_DS);
998    
999 kumaneko 2926 +#ifdef CONFIG_CCSECURITY
1000 kumaneko 2282 + current->ccs_domain_info = NULL;
1001     + current->ccs_flags = 0;
1002 kumaneko 2926 +#endif
1003 kumaneko 1603 +
1004     /* Go, go, go... */
1005     if (execve(program_path, argv, envp) < 0)
1006     return -errno;
1007 kumaneko 3028 --- linux-2.4.37.6.orig/kernel/module.c
1008     +++ linux-2.4.37.6/kernel/module.c
1009 kumaneko 2796 @@ -10,6 +10,7 @@
1010 kumaneko 1603 #include <linux/slab.h>
1011     #include <linux/kmod.h>
1012     #include <linux/seq_file.h>
1013 kumaneko 2859 +#include <linux/ccsecurity.h>
1014 kumaneko 1603
1015     /*
1016     * Originally by Anonymous (as far as I know...)
1017 kumaneko 2796 @@ -298,6 +299,8 @@ sys_create_module(const char *name_user,
1018 kumaneko 1603
1019     if (!capable(CAP_SYS_MODULE))
1020     return -EPERM;
1021 kumaneko 2282 + if (!ccs_capable(CCS_USE_KERNEL_MODULE))
1022 kumaneko 1603 + return -EPERM;
1023     lock_kernel();
1024     if ((namelen = get_mod_name(name_user, &name)) < 0) {
1025     error = namelen;
1026 kumaneko 2796 @@ -353,6 +356,8 @@ sys_init_module(const char *name_user, s
1027 kumaneko 1603
1028     if (!capable(CAP_SYS_MODULE))
1029     return -EPERM;
1030 kumaneko 2282 + if (!ccs_capable(CCS_USE_KERNEL_MODULE))
1031 kumaneko 1603 + return -EPERM;
1032     lock_kernel();
1033     if ((namelen = get_mod_name(name_user, &name)) < 0) {
1034     error = namelen;
1035 kumaneko 2796 @@ -614,6 +619,8 @@ sys_delete_module(const char *name_user)
1036 kumaneko 1603
1037     if (!capable(CAP_SYS_MODULE))
1038     return -EPERM;
1039 kumaneko 2282 + if (!ccs_capable(CCS_USE_KERNEL_MODULE))
1040 kumaneko 1603 + return -EPERM;
1041    
1042     lock_kernel();
1043     if (name_user) {
1044 kumaneko 3028 --- linux-2.4.37.6.orig/kernel/sched.c
1045     +++ linux-2.4.37.6/kernel/sched.c
1046 kumaneko 2796 @@ -32,6 +32,7 @@
1047 kumaneko 1603
1048     #include <asm/uaccess.h>
1049     #include <asm/mmu_context.h>
1050 kumaneko 2859 +#include <linux/ccsecurity.h>
1051 kumaneko 1603
1052     extern void timer_bh(void);
1053     extern void tqueue_bh(void);
1054 kumaneko 2796 @@ -899,6 +900,8 @@ void set_cpus_allowed(struct task_struct
1055 kumaneko 1603 asmlinkage long sys_nice(int increment)
1056     {
1057     long newprio;
1058 kumaneko 2282 + if (!ccs_capable(CCS_SYS_NICE))
1059 kumaneko 1603 + return -EPERM;
1060    
1061     /*
1062     * Setpriority might change our priority at the same moment.
1063 kumaneko 3028 --- linux-2.4.37.6.orig/kernel/signal.c
1064     +++ linux-2.4.37.6/kernel/signal.c
1065 kumaneko 2796 @@ -15,6 +15,7 @@
1066 kumaneko 1603 #include <linux/sched.h>
1067    
1068     #include <asm/uaccess.h>
1069 kumaneko 2859 +#include <linux/ccsecurity.h>
1070 kumaneko 1603
1071     /*
1072     * SLAB caches for signal bits.
1073 kumaneko 2851 @@ -1025,6 +1026,8 @@ asmlinkage long
1074 kumaneko 1603 sys_kill(int pid, int sig)
1075     {
1076     struct siginfo info;
1077 kumaneko 2851 + if (ccs_kill_permission(pid, sig))
1078 kumaneko 1603 + return -EPERM;
1079    
1080     info.si_signo = sig;
1081     info.si_errno = 0;
1082 kumaneko 2851 @@ -1048,6 +1051,8 @@ sys_tkill(int pid, int sig)
1083     /* This is only valid for single tasks */
1084 kumaneko 1603 if (pid <= 0)
1085     return -EINVAL;
1086 kumaneko 2851 + if (ccs_tkill_permission(pid, sig))
1087     + return -EPERM;
1088 kumaneko 1603
1089     info.si_signo = sig;
1090     info.si_errno = 0;
1091 kumaneko 2869 @@ -1078,6 +1083,8 @@ sys_rt_sigqueueinfo(int pid, int sig, si
1092     if (info.si_code >= 0)
1093     return -EPERM;
1094     info.si_signo = sig;
1095     + if (ccs_sigqueue_permission(pid, sig))
1096     + return -EPERM;
1097    
1098     /* POSIX.1b doesn't mention process groups. */
1099     return kill_proc_info(sig, &info, pid);
1100 kumaneko 3028 --- linux-2.4.37.6.orig/kernel/sys.c
1101     +++ linux-2.4.37.6/kernel/sys.c
1102 kumaneko 2796 @@ -17,6 +17,7 @@
1103 kumaneko 1603
1104     #include <asm/uaccess.h>
1105     #include <asm/io.h>
1106 kumaneko 2859 +#include <linux/ccsecurity.h>
1107 kumaneko 1603
1108     #ifndef SET_UNALIGN_CTL
1109     # define SET_UNALIGN_CTL(a,b) (-EINVAL)
1110 kumaneko 2796 @@ -220,6 +221,8 @@ asmlinkage long sys_setpriority(int whic
1111 kumaneko 1603
1112     if (which > 2 || which < 0)
1113     return -EINVAL;
1114 kumaneko 2282 + if (!ccs_capable(CCS_SYS_NICE))
1115 kumaneko 1603 + return -EPERM;
1116    
1117     /* normalize: avoid signed division (rounding problems) */
1118     error = -ESRCH;
1119 kumaneko 2796 @@ -299,6 +302,8 @@ asmlinkage long sys_reboot(int magic1, i
1120 kumaneko 1603 (magic2 != LINUX_REBOOT_MAGIC2 && magic2 != LINUX_REBOOT_MAGIC2A &&
1121     magic2 != LINUX_REBOOT_MAGIC2B))
1122     return -EINVAL;
1123 kumaneko 2282 + if (!ccs_capable(CCS_SYS_REBOOT))
1124 kumaneko 1603 + return -EPERM;
1125    
1126     lock_kernel();
1127     switch (cmd) {
1128 kumaneko 2796 @@ -1042,6 +1047,8 @@ asmlinkage long sys_sethostname(char *na
1129 kumaneko 1603 return -EPERM;
1130     if (len < 0 || len > __NEW_UTS_LEN)
1131     return -EINVAL;
1132 kumaneko 2282 + if (!ccs_capable(CCS_SYS_SETHOSTNAME))
1133 kumaneko 1603 + return -EPERM;
1134     down_write(&uts_sem);
1135     errno = -EFAULT;
1136     if (!copy_from_user(tmp, name, len)) {
1137 kumaneko 2796 @@ -1083,6 +1090,8 @@ asmlinkage long sys_setdomainname(char *
1138 kumaneko 1603 return -EPERM;
1139     if (len < 0 || len > __NEW_UTS_LEN)
1140     return -EINVAL;
1141 kumaneko 2282 + if (!ccs_capable(CCS_SYS_SETHOSTNAME))
1142 kumaneko 1603 + return -EPERM;
1143    
1144     down_write(&uts_sem);
1145     errno = -EFAULT;
1146 kumaneko 3028 --- linux-2.4.37.6.orig/kernel/sysctl.c
1147     +++ linux-2.4.37.6/kernel/sysctl.c
1148 kumaneko 2796 @@ -33,6 +33,7 @@
1149 kumaneko 1603 #include <linux/swap.h>
1150    
1151     #include <asm/uaccess.h>
1152 kumaneko 2859 +#include <linux/ccsecurity.h>
1153 kumaneko 1603
1154     #ifdef CONFIG_ROOT_NFS
1155     #include <linux/nfs_fs.h>
1156 kumaneko 2796 @@ -439,6 +440,9 @@ int do_sysctl(int *name, int nlen, void
1157 kumaneko 1603
1158     spin_unlock(&sysctl_lock);
1159    
1160 kumaneko 2298 + error = ccs_parse_table(name, nlen, oldval, newval,
1161 kumaneko 1603 + head->ctl_table);
1162     + if (!error)
1163     error = parse_table(name, nlen, oldval, oldlenp,
1164     newval, newlen, head->ctl_table,
1165     &context);
1166 kumaneko 2796 @@ -508,6 +512,13 @@ repeat:
1167 kumaneko 1603 if (ctl_perm(table, 001))
1168     return -EPERM;
1169     if (table->strategy) {
1170     + int op = 0;
1171     + if (oldval)
1172     + op |= 004;
1173     + if (newval)
1174     + op |= 002;
1175     + if (ctl_perm(table, op))
1176     + return -EPERM;
1177     error = table->strategy(
1178     table, name, nlen,
1179     oldval, oldlenp,
1180 kumaneko 2796 @@ -1456,7 +1467,7 @@ int sysctl_string(ctl_table *table, int
1181 kumaneko 1603 len--;
1182     ((char *) table->data)[len] = 0;
1183     }
1184     - return 0;
1185     + return 1;
1186     }
1187    
1188     /*
1189 kumaneko 3028 --- linux-2.4.37.6.orig/kernel/time.c
1190     +++ linux-2.4.37.6/kernel/time.c
1191 kumaneko 2796 @@ -29,6 +29,7 @@
1192 kumaneko 1603 #include <linux/smp_lock.h>
1193    
1194     #include <asm/uaccess.h>
1195 kumaneko 2859 +#include <linux/ccsecurity.h>
1196 kumaneko 1603
1197     /*
1198     * The timezone where the local system is located. Used as a default by some
1199 kumaneko 2796 @@ -77,6 +78,8 @@ asmlinkage long sys_stime(int * tptr)
1200 kumaneko 1603
1201     if (!capable(CAP_SYS_TIME))
1202     return -EPERM;
1203 kumaneko 2282 + if (!ccs_capable(CCS_SYS_SETTIME))
1204 kumaneko 1603 + return -EPERM;
1205     if (get_user(value, tptr))
1206     return -EFAULT;
1207     write_lock_irq(&xtime_lock);
1208 kumaneko 2796 @@ -151,6 +154,8 @@ int do_sys_settimeofday(struct timeval *
1209 kumaneko 1603
1210     if (!capable(CAP_SYS_TIME))
1211     return -EPERM;
1212 kumaneko 2282 + if (!ccs_capable(CCS_SYS_SETTIME))
1213 kumaneko 1603 + return -EPERM;
1214    
1215     if (tz) {
1216     /* SMP safe, global irq locking makes it work. */
1217 kumaneko 2796 @@ -217,6 +222,8 @@ int do_adjtimex(struct timex *txc)
1218 kumaneko 1603 /* In order to modify anything, you gotta be super-user! */
1219     if (txc->modes && !capable(CAP_SYS_TIME))
1220     return -EPERM;
1221 kumaneko 2282 + if (txc->modes && !ccs_capable(CCS_SYS_SETTIME))
1222 kumaneko 1603 + return -EPERM;
1223    
1224     /* Now we validate the data before disabling interrupts */
1225    
1226 kumaneko 3028 --- linux-2.4.37.6.orig/net/ipv4/raw.c
1227     +++ linux-2.4.37.6/net/ipv4/raw.c
1228 kumaneko 2796 @@ -64,6 +64,7 @@
1229 kumaneko 2459 #include <net/raw.h>
1230     #include <net/inet_common.h>
1231 kumaneko 1603 #include <net/checksum.h>
1232 kumaneko 2859 +#include <linux/ccsecurity.h>
1233 kumaneko 1603
1234 kumaneko 2459 struct sock *raw_v4_htable[RAWV4_HTABLE_SIZE];
1235     rwlock_t raw_v4_lock = RW_LOCK_UNLOCKED;
1236 kumaneko 2796 @@ -503,6 +504,9 @@ int raw_recvmsg(struct sock *sk, struct
1237 kumaneko 2459 skb = skb_recv_datagram(sk, flags, noblock, &err);
1238     if (!skb)
1239     goto out;
1240     + err = ccs_socket_recvmsg_permission(sk, skb, flags);
1241     + if (err)
1242     + goto out;
1243 kumaneko 1603
1244 kumaneko 2459 copied = skb->len;
1245     if (len < copied) {
1246 kumaneko 3028 --- linux-2.4.37.6.orig/net/ipv4/tcp_ipv4.c
1247     +++ linux-2.4.37.6/net/ipv4/tcp_ipv4.c
1248 kumaneko 2796 @@ -67,6 +67,7 @@
1249 kumaneko 1603 #include <linux/inet.h>
1250     #include <linux/stddef.h>
1251     #include <linux/ipsec.h>
1252 kumaneko 2859 +#include <linux/ccsecurity.h>
1253 kumaneko 1603
1254     extern int sysctl_ip_dynaddr;
1255     extern int sysctl_ip_default_ttl;
1256 kumaneko 2796 @@ -228,6 +229,8 @@ static int tcp_v4_get_port(struct sock *
1257 kumaneko 1603 rover = low;
1258     head = &tcp_bhash[tcp_bhashfn(rover)];
1259     spin_lock(&head->lock);
1260 kumaneko 2299 + if (ccs_lport_reserved(rover))
1261 kumaneko 1603 + goto next;
1262     for (tb = head->chain; tb; tb = tb->next)
1263     if (tb->port == rover)
1264     goto next;
1265 kumaneko 2796 @@ -688,6 +691,8 @@ static int tcp_v4_hash_connect(struct so
1266 kumaneko 1603 rover = low;
1267     head = &tcp_bhash[tcp_bhashfn(rover)];
1268     spin_lock(&head->lock);
1269 kumaneko 2299 + if (ccs_lport_reserved(rover))
1270 kumaneko 1603 + goto next_port;
1271    
1272     /* Does not bother with rcv_saddr checks,
1273     * because the established check is already
1274 kumaneko 3028 --- linux-2.4.37.6.orig/net/ipv4/udp.c
1275     +++ linux-2.4.37.6/net/ipv4/udp.c
1276 kumaneko 2859 @@ -97,6 +97,7 @@
1277 kumaneko 1603 #include <net/route.h>
1278     #include <net/inet_common.h>
1279     #include <net/checksum.h>
1280 kumaneko 2859 +#include <linux/ccsecurity.h>
1281 kumaneko 1603
1282     /*
1283     * Snmp MIB for the UDP layer
1284 kumaneko 2859 @@ -131,6 +132,8 @@ static int udp_v4_get_port(struct sock *
1285 kumaneko 1603 result = sysctl_local_port_range[0] +
1286     ((result - sysctl_local_port_range[0]) &
1287     (UDP_HTABLE_SIZE - 1));
1288 kumaneko 2299 + if (ccs_lport_reserved(result))
1289 kumaneko 1603 + continue;
1290     goto gotit;
1291     }
1292     size = 0;
1293 kumaneko 2859 @@ -148,6 +151,8 @@ static int udp_v4_get_port(struct sock *
1294 kumaneko 1603 result = sysctl_local_port_range[0]
1295     + ((result - sysctl_local_port_range[0]) &
1296     (UDP_HTABLE_SIZE - 1));
1297 kumaneko 2299 + if (ccs_lport_reserved(result))
1298 kumaneko 1603 + continue;
1299     if (!udp_lport_inuse(result))
1300     break;
1301     }
1302 kumaneko 2859 @@ -711,6 +716,9 @@ try_again:
1303 kumaneko 2459 skb = skb_recv_datagram(sk, flags, noblock, &err);
1304     if (!skb)
1305     goto out;
1306     + err = ccs_socket_recvmsg_permission(sk, skb, flags);
1307     + if (err)
1308     + goto out;
1309    
1310     copied = skb->len - sizeof(struct udphdr);
1311     if (copied > len) {
1312 kumaneko 3028 --- linux-2.4.37.6.orig/net/ipv6/raw.c
1313     +++ linux-2.4.37.6/net/ipv6/raw.c
1314 kumaneko 2796 @@ -45,6 +45,7 @@
1315 kumaneko 2459 #include <net/inet_common.h>
1316    
1317     #include <net/rawv6.h>
1318 kumaneko 2859 +#include <linux/ccsecurity.h>
1319 kumaneko 2459
1320     struct sock *raw_v6_htable[RAWV6_HTABLE_SIZE];
1321     rwlock_t raw_v6_lock = RW_LOCK_UNLOCKED;
1322 kumaneko 2796 @@ -369,6 +370,9 @@ int rawv6_recvmsg(struct sock *sk, struc
1323 kumaneko 2459 skb = skb_recv_datagram(sk, flags, noblock, &err);
1324     if (!skb)
1325     goto out;
1326     + err = ccs_socket_recvmsg_permission(sk, skb, flags);
1327     + if (err)
1328     + goto out;
1329    
1330     copied = skb->len;
1331     if (copied > len) {
1332 kumaneko 3028 --- linux-2.4.37.6.orig/net/ipv6/tcp_ipv6.c
1333     +++ linux-2.4.37.6/net/ipv6/tcp_ipv6.c
1334 kumaneko 2796 @@ -52,6 +52,7 @@
1335 kumaneko 1603 #include <net/inet_ecn.h>
1336    
1337     #include <asm/uaccess.h>
1338 kumaneko 2859 +#include <linux/ccsecurity.h>
1339 kumaneko 1603
1340     static void tcp_v6_send_reset(struct sk_buff *skb);
1341     static void tcp_v6_or_send_ack(struct sk_buff *skb, struct open_request *req);
1342 kumaneko 2796 @@ -110,6 +111,8 @@ static int tcp_v6_get_port(struct sock *
1343 kumaneko 1603 rover = low;
1344     head = &tcp_bhash[tcp_bhashfn(rover)];
1345     spin_lock(&head->lock);
1346 kumaneko 2299 + if (ccs_lport_reserved(rover))
1347 kumaneko 1603 + goto next;
1348     for (tb = head->chain; tb; tb = tb->next)
1349     if (tb->port == rover)
1350     goto next;
1351 kumaneko 3028 --- linux-2.4.37.6.orig/net/ipv6/udp.c
1352     +++ linux-2.4.37.6/net/ipv6/udp.c
1353 kumaneko 2859 @@ -50,6 +50,7 @@
1354 kumaneko 1603 #include <net/inet_common.h>
1355    
1356     #include <net/checksum.h>
1357 kumaneko 2859 +#include <linux/ccsecurity.h>
1358 kumaneko 1603
1359     struct udp_mib udp_stats_in6[NR_CPUS*2];
1360    
1361 kumaneko 2859 @@ -77,6 +78,8 @@ static int udp_v6_get_port(struct sock *
1362 kumaneko 1603 result = sysctl_local_port_range[0] +
1363     ((result - sysctl_local_port_range[0]) &
1364     (UDP_HTABLE_SIZE - 1));
1365 kumaneko 2299 + if (ccs_lport_reserved(result))
1366 kumaneko 1603 + continue;
1367     goto gotit;
1368     }
1369     size = 0;
1370 kumaneko 2859 @@ -94,6 +97,8 @@ static int udp_v6_get_port(struct sock *
1371 kumaneko 1603 result = sysctl_local_port_range[0]
1372     + ((result - sysctl_local_port_range[0]) &
1373     (UDP_HTABLE_SIZE - 1));
1374 kumaneko 2299 + if (ccs_lport_reserved(result))
1375 kumaneko 1603 + continue;
1376     if (!udp_lport_inuse(result))
1377     break;
1378     }
1379 kumaneko 2859 @@ -406,6 +411,9 @@ try_again:
1380 kumaneko 2459 skb = skb_recv_datagram(sk, flags, noblock, &err);
1381     if (!skb)
1382     goto out;
1383     + err = ccs_socket_recvmsg_permission(sk, skb, flags);
1384     + if (err)
1385     + goto out;
1386    
1387     copied = skb->len - sizeof(struct udphdr);
1388     if (copied > len) {
1389 kumaneko 3028 --- linux-2.4.37.6.orig/net/socket.c
1390     +++ linux-2.4.37.6/net/socket.c
1391 kumaneko 2859 @@ -84,6 +84,7 @@
1392 kumaneko 1603 #include <net/sock.h>
1393     #include <net/scm.h>
1394     #include <linux/netfilter.h>
1395 kumaneko 2859 +#include <linux/ccsecurity.h>
1396 kumaneko 1603
1397     static int sock_no_open(struct inode *irrelevant, struct file *dontcare);
1398     static ssize_t sock_read(struct file *file, char *buf,
1399 kumaneko 3075 @@ -501,7 +502,8 @@ int sock_sendmsg(struct socket *sock, st
1400 kumaneko 1603 {
1401     int err;
1402     struct scm_cookie scm;
1403     -
1404 kumaneko 3075 + err = ccs_socket_sendmsg_permission(sock, msg, size);
1405 kumaneko 1603 + if (!err)
1406     err = scm_send(sock, msg, &scm);
1407     if (err >= 0) {
1408     err = sock->ops->sendmsg(sock, msg, size, &scm);
1409 kumaneko 3075 @@ -850,7 +852,9 @@ int sock_create(int family, int type, in
1410 kumaneko 1603 }
1411     family = PF_PACKET;
1412     }
1413     -
1414     + i = ccs_socket_create_permission(family, type, protocol);
1415     + if (i)
1416     + return i;
1417     #if defined(CONFIG_KMOD) && defined(CONFIG_NET)
1418     /* Attempt to load a protocol module if the find failed.
1419     *
1420 kumaneko 3075 @@ -1006,6 +1010,10 @@ asmlinkage long sys_bind(int fd, struct
1421 kumaneko 1603 if((sock = sockfd_lookup(fd,&err))!=NULL)
1422     {
1423     if((err=move_addr_to_kernel(umyaddr,addrlen,address))>=0)
1424     + err = ccs_socket_bind_permission(sock,
1425     + (struct sockaddr *)
1426     + address, addrlen);
1427     + if (!err)
1428     err = sock->ops->bind(sock, (struct sockaddr *)address, addrlen);
1429     sockfd_put(sock);
1430     }
1431 kumaneko 3075 @@ -1029,6 +1037,8 @@ asmlinkage long sys_listen(int fd, int b
1432 kumaneko 1603 if ((sock = sockfd_lookup(fd, &err)) != NULL) {
1433     if ((unsigned) backlog > sysctl_somaxconn)
1434     backlog = sysctl_somaxconn;
1435     + err = ccs_socket_listen_permission(sock);
1436     + if (!err)
1437     err=sock->ops->listen(sock, backlog);
1438     sockfd_put(sock);
1439     }
1440 kumaneko 3075 @@ -1069,6 +1079,11 @@ asmlinkage long sys_accept(int fd, struc
1441 kumaneko 1603 if (err < 0)
1442     goto out_release;
1443    
1444     + if (ccs_socket_accept_permission(newsock,
1445     + (struct sockaddr *) address)) {
1446     + err = -ECONNABORTED; /* Hope less harmful than -EPERM. */
1447     + goto out_release;
1448     + }
1449     if (upeer_sockaddr) {
1450     if(newsock->ops->getname(newsock, (struct sockaddr *)address, &len, 2)<0) {
1451     err = -ECONNABORTED;
1452 kumaneko 3075 @@ -1119,6 +1134,10 @@ asmlinkage long sys_connect(int fd, stru
1453 kumaneko 1603 err = move_addr_to_kernel(uservaddr, addrlen, address);
1454     if (err < 0)
1455     goto out_put;
1456     + err = ccs_socket_connect_permission(sock, (struct sockaddr *) address,
1457     + addrlen);
1458     + if (err)
1459     + goto out_put;
1460     err = sock->ops->connect(sock, (struct sockaddr *) address, addrlen,
1461     sock->file->f_flags);
1462     out_put:
1463 kumaneko 3028 --- linux-2.4.37.6.orig/net/unix/af_unix.c
1464     +++ linux-2.4.37.6/net/unix/af_unix.c
1465 kumaneko 2796 @@ -111,6 +111,7 @@
1466 kumaneko 1603 #include <linux/rtnetlink.h>
1467    
1468     #include <asm/checksum.h>
1469 kumaneko 2859 +#include <linux/ccsecurity.h>
1470 kumaneko 1603
1471     int sysctl_unix_max_dgram_qlen = 10;
1472    
1473 kumaneko 2796 @@ -710,6 +711,9 @@ static int unix_bind(struct socket *sock
1474 kumaneko 1603 * All right, let's create it.
1475     */
1476     mode = S_IFSOCK | (sock->inode->i_mode & ~current->fs->umask);
1477 kumaneko 2922 + err = ccs_mknod_permission(nd.dentry->d_inode, dentry, nd.mnt,
1478     + mode, 0);
1479 kumaneko 1603 + if (!err)
1480     err = vfs_mknod(nd.dentry->d_inode, dentry, mode, 0);
1481     if (err)
1482     goto out_mknod_dput;
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
サイト情報
ソフトウェアを探す
ソフトウェアを作る
コミュニティ
ヘルプ