オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/trunk/1.8.x/ccs-patch/patches/ccs-patch-2.4.37.diff

Diff of /trunk/1.8.x/ccs-patch/patches/ccs-patch-2.4.37.diff

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 2279 by kumaneko, Wed Mar 18 09:16:37 2009 UTC revision 2282 by kumaneko, Thu Mar 19 04:46:42 2009 UTC
# Line 35  Source code for this patch is http://www Line 35  Source code for this patch is http://www
35   fs/open.c                    |   29 +++++++++   fs/open.c                    |   29 +++++++++
36   fs/proc/Makefile             |    4 +   fs/proc/Makefile             |    4 +
37   fs/proc/proc_misc.c          |    5 +   fs/proc/proc_misc.c          |    5 +
38   include/linux/sched.h        |   13 ++++   include/linux/sched.h        |   12 ++++
39   kernel/kmod.c                |    5 +   kernel/kmod.c                |    5 +
40   kernel/module.c              |   15 +++++   kernel/module.c              |   15 +++++
41   kernel/sched.c               |    7 ++   kernel/sched.c               |    7 ++
# Line 50  Source code for this patch is http://www Line 50  Source code for this patch is http://www
50   net/ipv6/udp.c               |   11 +++   net/ipv6/udp.c               |   11 +++
51   net/socket.c                 |   40 ++++++++++++-   net/socket.c                 |   40 ++++++++++++-
52   net/unix/af_unix.c           |   15 +++++   net/unix/af_unix.c           |   15 +++++
53   48 files changed, 823 insertions(+), 6 deletions(-)   48 files changed, 822 insertions(+), 6 deletions(-)
54    
55  --- linux-2.4.37.orig/Documentation/Configure.help  --- linux-2.4.37.orig/Documentation/Configure.help
56  +++ linux-2.4.37/Documentation/Configure.help  +++ linux-2.4.37/Documentation/Configure.help
# Line 164  Source code for this patch is http://www Line 164  Source code for this patch is http://www
164          struct task_struct *child;          struct task_struct *child;
165          long ret;          long ret;
166  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
167  +       if (!ccs_capable(TOMOYO_SYS_PTRACE))  +       if (!ccs_capable(CCS_SYS_PTRACE))
168  +               return -EPERM;  +               return -EPERM;
169  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
170    
# Line 187  Source code for this patch is http://www Line 187  Source code for this patch is http://www
187          struct task_struct *child;          struct task_struct *child;
188          int ret;          int ret;
189  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
190  +       if (!ccs_capable(TOMOYO_SYS_PTRACE))  +       if (!ccs_capable(CCS_SYS_PTRACE))
191  +               return -EPERM;  +               return -EPERM;
192  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
193    
# Line 210  Source code for this patch is http://www Line 210  Source code for this patch is http://www
210          struct task_struct *child;          struct task_struct *child;
211          int ret;          int ret;
212  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
213  +       if (!ccs_capable(TOMOYO_SYS_PTRACE))  +       if (!ccs_capable(CCS_SYS_PTRACE))
214  +               return -EPERM;  +               return -EPERM;
215  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
216    
# Line 233  Source code for this patch is http://www Line 233  Source code for this patch is http://www
233          struct user * dummy = NULL;          struct user * dummy = NULL;
234          int i, ret;          int i, ret;
235  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
236  +       if (!ccs_capable(TOMOYO_SYS_PTRACE))  +       if (!ccs_capable(CCS_SYS_PTRACE))
237  +               return -EPERM;  +               return -EPERM;
238  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
239    
# Line 256  Source code for this patch is http://www Line 256  Source code for this patch is http://www
256          unsigned int value, tmp;          unsigned int value, tmp;
257          long i, ret;          long i, ret;
258  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
259  +       if (!ccs_capable(TOMOYO_SYS_PTRACE))  +       if (!ccs_capable(CCS_SYS_PTRACE))
260  +               return -EPERM;  +               return -EPERM;
261  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
262    
# Line 279  Source code for this patch is http://www Line 279  Source code for this patch is http://www
279          struct switch_stack *sw;          struct switch_stack *sw;
280          long ret;          long ret;
281  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
282  +       if (!ccs_capable(TOMOYO_SYS_PTRACE))  +       if (!ccs_capable(CCS_SYS_PTRACE))
283  +               return -EPERM;  +               return -EPERM;
284  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
285    
# Line 302  Source code for this patch is http://www Line 302  Source code for this patch is http://www
302          struct task_struct *child;          struct task_struct *child;
303          int ret;          int ret;
304  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
305  +       if (!ccs_capable(TOMOYO_SYS_PTRACE))  +       if (!ccs_capable(CCS_SYS_PTRACE))
306  +               return -EPERM;  +               return -EPERM;
307  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
308    
# Line 325  Source code for this patch is http://www Line 325  Source code for this patch is http://www
325          struct task_struct *child;          struct task_struct *child;
326          int ret;          int ret;
327  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
328  +       if (!ccs_capable(TOMOYO_SYS_PTRACE))  +       if (!ccs_capable(CCS_SYS_PTRACE))
329  +               return -EPERM;  +               return -EPERM;
330  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
331    
# Line 348  Source code for this patch is http://www Line 348  Source code for this patch is http://www
348          struct task_struct *child;          struct task_struct *child;
349          int ret;          int ret;
350  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
351  +       if (!ccs_capable(TOMOYO_SYS_PTRACE))  +       if (!ccs_capable(CCS_SYS_PTRACE))
352  +               return -EPERM;  +               return -EPERM;
353  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
354    
# Line 359  Source code for this patch is http://www Line 359  Source code for this patch is http://www
359          struct task_struct *child;          struct task_struct *child;
360          int ret;          int ret;
361  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
362  +       if (!ccs_capable(TOMOYO_SYS_PTRACE))  +       if (!ccs_capable(CCS_SYS_PTRACE))
363  +               return -EPERM;  +               return -EPERM;
364  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
365    
# Line 382  Source code for this patch is http://www Line 382  Source code for this patch is http://www
382          long oaddr=addr, odata=data;          long oaddr=addr, odata=data;
383   #endif   #endif
384  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
385  +       if (!ccs_capable(TOMOYO_SYS_PTRACE))  +       if (!ccs_capable(CCS_SYS_PTRACE))
386  +               return -EPERM;  +               return -EPERM;
387  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
388    
# Line 405  Source code for this patch is http://www Line 405  Source code for this patch is http://www
405          struct task_struct *child;          struct task_struct *child;
406          int ret = -EPERM;          int ret = -EPERM;
407  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
408  +       if (!ccs_capable(TOMOYO_SYS_PTRACE))  +       if (!ccs_capable(CCS_SYS_PTRACE))
409  +               return -EPERM;  +               return -EPERM;
410  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
411    
# Line 428  Source code for this patch is http://www Line 428  Source code for this patch is http://www
428          struct task_struct *child;          struct task_struct *child;
429          int ret = -EPERM;          int ret = -EPERM;
430  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
431  +       if (!ccs_capable(TOMOYO_SYS_PTRACE))  +       if (!ccs_capable(CCS_SYS_PTRACE))
432  +               return -EPERM;  +               return -EPERM;
433  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
434    
# Line 451  Source code for this patch is http://www Line 451  Source code for this patch is http://www
451          struct task_struct *child;          struct task_struct *child;
452          int ret = -EPERM;          int ret = -EPERM;
453  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
454  +       if (!ccs_capable(TOMOYO_SYS_PTRACE))  +       if (!ccs_capable(CCS_SYS_PTRACE))
455  +               return -EPERM;  +               return -EPERM;
456  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
457    
# Line 474  Source code for this patch is http://www Line 474  Source code for this patch is http://www
474          int copied;          int copied;
475          ptrace_area   parea;          ptrace_area   parea;
476  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
477  +       if (!ccs_capable(TOMOYO_SYS_PTRACE))  +       if (!ccs_capable(CCS_SYS_PTRACE))
478  +               return -EPERM;  +               return -EPERM;
479  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
480    
# Line 497  Source code for this patch is http://www Line 497  Source code for this patch is http://www
497   #define dataptr (u8 *)&data   #define dataptr (u8 *)&data
498   #endif   #endif
499  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
500  +       if (!ccs_capable(TOMOYO_SYS_PTRACE))  +       if (!ccs_capable(CCS_SYS_PTRACE))
501  +               return -EPERM;  +               return -EPERM;
502  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
503          lock_kernel();          lock_kernel();
# Line 520  Source code for this patch is http://www Line 520  Source code for this patch is http://www
520          struct user * dummy = NULL;          struct user * dummy = NULL;
521          int ret;          int ret;
522  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
523  +       if (!ccs_capable(TOMOYO_SYS_PTRACE))  +       if (!ccs_capable(CCS_SYS_PTRACE))
524  +               return -EPERM;  +               return -EPERM;
525  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
526    
# Line 543  Source code for this patch is http://www Line 543  Source code for this patch is http://www
543          struct task_struct *child, *tsk = current;          struct task_struct *child, *tsk = current;
544          int ret;          int ret;
545  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
546  +       if (!ccs_capable(TOMOYO_SYS_PTRACE))  +       if (!ccs_capable(CCS_SYS_PTRACE))
547  +               return -EPERM;  +               return -EPERM;
548  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
549    
# Line 566  Source code for this patch is http://www Line 566  Source code for this patch is http://www
566          unsigned long addr2 = regs->u_regs[UREG_I4];          unsigned long addr2 = regs->u_regs[UREG_I4];
567          struct task_struct *child;          struct task_struct *child;
568  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
569  +       if (!ccs_capable(TOMOYO_SYS_PTRACE)) {  +       if (!ccs_capable(CCS_SYS_PTRACE)) {
570  +               pt_error_return(regs, EPERM);  +               pt_error_return(regs, EPERM);
571  +               return;  +               return;
572  +       }  +       }
# Line 591  Source code for this patch is http://www Line 591  Source code for this patch is http://www
591          unsigned long addr2 = regs->u_regs[UREG_I4];          unsigned long addr2 = regs->u_regs[UREG_I4];
592          struct task_struct *child;          struct task_struct *child;
593  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
594  +       if (!ccs_capable(TOMOYO_SYS_PTRACE)) {  +       if (!ccs_capable(CCS_SYS_PTRACE)) {
595  +               pt_error_return(regs, EPERM);  +               pt_error_return(regs, EPERM);
596  +               return;  +               return;
597  +       }  +       }
# Line 616  Source code for this patch is http://www Line 616  Source code for this patch is http://www
616          int ret;          int ret;
617          __u32 val;          __u32 val;
618  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
619  +       if (!ccs_capable(TOMOYO_SYS_PTRACE))  +       if (!ccs_capable(CCS_SYS_PTRACE))
620  +               return -EPERM;  +               return -EPERM;
621  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
622    
# Line 639  Source code for this patch is http://www Line 639  Source code for this patch is http://www
639          struct user * dummy = NULL;          struct user * dummy = NULL;
640          long i, ret;          long i, ret;
641  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
642  +       if (!ccs_capable(TOMOYO_SYS_PTRACE))  +       if (!ccs_capable(CCS_SYS_PTRACE))
643  +               return -EPERM;  +               return -EPERM;
644  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
645    
# Line 681  Source code for this patch is http://www Line 681  Source code for this patch is http://www
681          if (!(ia_valid & ATTR_MTIME_SET))          if (!(ia_valid & ATTR_MTIME_SET))
682                  attr->ia_mtime = now;                  attr->ia_mtime = now;
683  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
684  +       if ((ia_valid & ATTR_MODE) && !ccs_capable(TOMOYO_SYS_CHMOD))  +       if ((ia_valid & ATTR_MODE) && !ccs_capable(CCS_SYS_CHMOD))
685  +               return -EPERM;  +               return -EPERM;
686  +       if ((ia_valid & (ATTR_UID | ATTR_GID)) &&  +       if ((ia_valid & (ATTR_UID | ATTR_GID)) &&
687  +           !ccs_capable(TOMOYO_SYS_CHOWN))  +           !ccs_capable(CCS_SYS_CHOWN))
688  +               return -EPERM;  +               return -EPERM;
689  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
690    
# Line 722  Source code for this patch is http://www Line 722  Source code for this patch is http://www
722                          if (!err && !(inode->i_mode & 0111))                          if (!err && !(inode->i_mode & 0111))
723                                  err = -EACCES;                                  err = -EACCES;
724  +                       /***** TOMOYO Linux start. *****/  +                       /***** TOMOYO Linux start. *****/
725  +                       if (!err && (current->tomoyo_flags &  +                       if (!err && (current->ccs_flags &
726  +                                    TOMOYO_CHECK_READ_FOR_OPEN_EXEC))  +                                    CCS_CHECK_READ_FOR_OPEN_EXEC))
727  +                               /* 01 means "read". */  +                               /* 01 means "read". */
728  +                               err = ccs_check_open_permission(nd.dentry,  +                               err = ccs_check_open_permission(nd.dentry,
729  +                                                               nd.mnt, 01);  +                                                               nd.mnt, 01);
# Line 794  Source code for this patch is http://www Line 794  Source code for this patch is http://www
794                          break;                          break;
795                  default:                  default:
796  +                       /***** TOMOYO Linux start. *****/  +                       /***** TOMOYO Linux start. *****/
797  +                       if (!ccs_capable(TOMOYO_SYS_IOCTL)) {  +                       if (!ccs_capable(CCS_SYS_IOCTL)) {
798  +                               error = -EPERM;  +                               error = -EPERM;
799  +                               break;  +                               break;
800  +                       }  +                       }
# Line 859  Source code for this patch is http://www Line 859  Source code for this patch is http://www
859          if (S_ISDIR(mode))          if (S_ISDIR(mode))
860                  return -EPERM;                  return -EPERM;
861  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
862  +       if (S_ISCHR(mode) && !ccs_capable(TOMOYO_CREATE_CHAR_DEV))  +       if (S_ISCHR(mode) && !ccs_capable(CCS_CREATE_CHAR_DEV))
863  +               return -EPERM;  +               return -EPERM;
864  +       if (S_ISBLK(mode) && !ccs_capable(TOMOYO_CREATE_BLOCK_DEV))  +       if (S_ISBLK(mode) && !ccs_capable(CCS_CREATE_BLOCK_DEV))
865  +               return -EPERM;  +               return -EPERM;
866  +       if (S_ISFIFO(mode) && !ccs_capable(TOMOYO_CREATE_FIFO))  +       if (S_ISFIFO(mode) && !ccs_capable(CCS_CREATE_FIFO))
867  +               return -EPERM;  +               return -EPERM;
868  +       if (S_ISSOCK(mode) && !ccs_capable(TOMOYO_CREATE_UNIX_SOCKET))  +       if (S_ISSOCK(mode) && !ccs_capable(CCS_CREATE_UNIX_SOCKET))
869  +               return -EPERM;  +               return -EPERM;
870  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
871  +  +
# Line 939  Source code for this patch is http://www Line 939  Source code for this patch is http://www
939          struct dentry *dentry;          struct dentry *dentry;
940          struct nameidata nd;          struct nameidata nd;
941  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
942  +       if (!ccs_capable(TOMOYO_SYS_UNLINK))  +       if (!ccs_capable(CCS_SYS_UNLINK))
943  +               return -EPERM;  +               return -EPERM;
944  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
945    
# Line 965  Source code for this patch is http://www Line 965  Source code for this patch is http://www
965          char * from;          char * from;
966          char * to;          char * to;
967  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
968  +       if (!ccs_capable(TOMOYO_SYS_SYMLINK))  +       if (!ccs_capable(CCS_SYS_SYMLINK))
969  +               return -EPERM;  +               return -EPERM;
970  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
971    
# Line 990  Source code for this patch is http://www Line 990  Source code for this patch is http://www
990          int error;          int error;
991          char * to;          char * to;
992  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
993  +       if (!ccs_capable(TOMOYO_SYS_LINK))  +       if (!ccs_capable(CCS_SYS_LINK))
994  +               return -EPERM;  +               return -EPERM;
995  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
996    
# Line 1040  Source code for this patch is http://www Line 1040  Source code for this patch is http://www
1040          char * from;          char * from;
1041          char * to;          char * to;
1042  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
1043  +       if (!ccs_capable(TOMOYO_SYS_RENAME))  +       if (!ccs_capable(CCS_SYS_RENAME))
1044  +               return -EPERM;  +               return -EPERM;
1045  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
1046    
# Line 1078  Source code for this patch is http://www Line 1078  Source code for this patch is http://www
1078          struct nameidata nd;          struct nameidata nd;
1079          int retval;          int retval;
1080  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
1081  +       if (!ccs_capable(TOMOYO_SYS_UMOUNT))  +       if (!ccs_capable(CCS_SYS_UMOUNT))
1082  +               return -EPERM;  +               return -EPERM;
1083  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
1084    
# Line 1138  Source code for this patch is http://www Line 1138  Source code for this patch is http://www
1138                  ((char *)data_page)[PAGE_SIZE - 1] = 0;                  ((char *)data_page)[PAGE_SIZE - 1] = 0;
1139    
1140  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
1141  +       if (!ccs_capable(TOMOYO_SYS_MOUNT))  +       if (!ccs_capable(CCS_SYS_MOUNT))
1142  +               return -EPERM;  +               return -EPERM;
1143  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
1144  +       /***** SAKURA Linux start. *****/  +       /***** SAKURA Linux start. *****/
# Line 1156  Source code for this patch is http://www Line 1156  Source code for this patch is http://www
1156          if (!capable(CAP_SYS_ADMIN))          if (!capable(CAP_SYS_ADMIN))
1157                  return -EPERM;                  return -EPERM;
1158  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
1159  +       if (!ccs_capable(TOMOYO_SYS_PIVOT_ROOT))  +       if (!ccs_capable(CCS_SYS_PIVOT_ROOT))
1160  +               return -EPERM;  +               return -EPERM;
1161  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
1162    
# Line 1221  Source code for this patch is http://www Line 1221  Source code for this patch is http://www
1221          if (!capable(CAP_SYS_CHROOT))          if (!capable(CAP_SYS_CHROOT))
1222                  goto dput_and_out;                  goto dput_and_out;
1223  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
1224  +       if (!ccs_capable(TOMOYO_SYS_CHROOT))  +       if (!ccs_capable(CCS_SYS_CHROOT))
1225  +               goto dput_and_out;  +               goto dput_and_out;
1226  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
1227  +       /***** SAKURA Linux start. *****/  +       /***** SAKURA Linux start. *****/
# Line 1236  Source code for this patch is http://www Line 1236  Source code for this patch is http://www
1236   asmlinkage long sys_vhangup(void)   asmlinkage long sys_vhangup(void)
1237   {   {
1238  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
1239  +       if (!ccs_capable(TOMOYO_SYS_VHANGUP))  +       if (!ccs_capable(CCS_SYS_VHANGUP))
1240  +               return -EPERM;  +               return -EPERM;
1241  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
1242          if (capable(CAP_SYS_TTY_CONFIG)) {          if (capable(CAP_SYS_TTY_CONFIG)) {
# Line 1267  Source code for this patch is http://www Line 1267  Source code for this patch is http://www
1267   }   }
1268  --- linux-2.4.37.orig/include/linux/sched.h  --- linux-2.4.37.orig/include/linux/sched.h
1269  +++ linux-2.4.37/include/linux/sched.h  +++ linux-2.4.37/include/linux/sched.h
1270  @@ -29,6 +29,11 @@ extern unsigned long event;  @@ -29,6 +29,10 @@ extern unsigned long event;
1271    
1272   struct exec_domain;   struct exec_domain;
1273    
1274  +/***** TOMOYO Linux start. *****/  +/***** TOMOYO Linux start. *****/
1275  +struct domain_info;  +struct ccs_domain_info;
 +extern struct domain_info KERNEL_DOMAIN;  
1276  +/***** TOMOYO Linux end. *****/  +/***** TOMOYO Linux end. *****/
1277  +  +
1278   /*   /*
1279    * cloning flags:    * cloning flags:
1280    */    */
1281  @@ -417,6 +422,10 @@ struct task_struct {  @@ -417,6 +421,10 @@ struct task_struct {
1282          void *journal_info;          void *journal_info;
1283    
1284          struct list_head *scm_work_list;          struct list_head *scm_work_list;
1285  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
1286  +       struct domain_info *domain_info;  +       struct ccs_domain_info *ccs_domain_info;
1287  +       u32 tomoyo_flags;  +       u32 ccs_flags;
1288  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
1289   };   };
1290    
1291   /*   /*
1292  @@ -512,6 +521,10 @@ extern struct exec_domain  default_exec_d  @@ -512,6 +520,10 @@ extern struct exec_domain  default_exec_d
1293       blocked:           {{0}},                                          \       blocked:           {{0}},                                          \
1294       alloc_lock:                SPIN_LOCK_UNLOCKED,                             \       alloc_lock:                SPIN_LOCK_UNLOCKED,                             \
1295       journal_info:      NULL,                                           \       journal_info:      NULL,                                           \
1296  +       /***** TOMOYO Linux start. *****/ \  +       /***** TOMOYO Linux start. *****/ \
1297  +       domain_info: &KERNEL_DOMAIN,      \  +       ccs_domain_info: NULL,            \
1298  +       tomoyo_flags: 0                   \  +       ccs_flags: 0                      \
1299  +       /***** TOMOYO Linux end. *****/   \  +       /***** TOMOYO Linux end. *****/   \
1300   }   }
1301    
# Line 1308  Source code for this patch is http://www Line 1307  Source code for this patch is http://www
1307          set_fs(KERNEL_DS);          set_fs(KERNEL_DS);
1308    
1309  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
1310  +       current->domain_info = &KERNEL_DOMAIN;  +       current->ccs_domain_info = NULL;
1311  +       current->tomoyo_flags = 0;  +       current->ccs_flags = 0;
1312  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
1313  +  +
1314          /* Go, go, go... */          /* Go, go, go... */
# Line 1332  Source code for this patch is http://www Line 1331  Source code for this patch is http://www
1331          if (!capable(CAP_SYS_MODULE))          if (!capable(CAP_SYS_MODULE))
1332                  return -EPERM;                  return -EPERM;
1333  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
1334  +       if (!ccs_capable(TOMOYO_USE_KERNEL_MODULE))  +       if (!ccs_capable(CCS_USE_KERNEL_MODULE))
1335  +               return -EPERM;  +               return -EPERM;
1336  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
1337          lock_kernel();          lock_kernel();
# Line 1343  Source code for this patch is http://www Line 1342  Source code for this patch is http://www
1342          if (!capable(CAP_SYS_MODULE))          if (!capable(CAP_SYS_MODULE))
1343                  return -EPERM;                  return -EPERM;
1344  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
1345  +       if (!ccs_capable(TOMOYO_USE_KERNEL_MODULE))  +       if (!ccs_capable(CCS_USE_KERNEL_MODULE))
1346  +               return -EPERM;  +               return -EPERM;
1347  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
1348          lock_kernel();          lock_kernel();
# Line 1354  Source code for this patch is http://www Line 1353  Source code for this patch is http://www
1353          if (!capable(CAP_SYS_MODULE))          if (!capable(CAP_SYS_MODULE))
1354                  return -EPERM;                  return -EPERM;
1355  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
1356  +       if (!ccs_capable(TOMOYO_USE_KERNEL_MODULE))  +       if (!ccs_capable(CCS_USE_KERNEL_MODULE))
1357  +               return -EPERM;  +               return -EPERM;
1358  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
1359    
# Line 1377  Source code for this patch is http://www Line 1376  Source code for this patch is http://www
1376   {   {
1377          long newprio;          long newprio;
1378  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
1379  +       if (!ccs_capable(TOMOYO_SYS_NICE))  +       if (!ccs_capable(CCS_SYS_NICE))
1380  +               return -EPERM;  +               return -EPERM;
1381  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
1382    
# Line 1400  Source code for this patch is http://www Line 1399  Source code for this patch is http://www
1399   {   {
1400          struct siginfo info;          struct siginfo info;
1401  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
1402  +       if (sig && !ccs_capable(TOMOYO_SYS_KILL))  +       if (sig && !ccs_capable(CCS_SYS_KILL))
1403  +               return -EPERM;  +               return -EPERM;
1404  +       if (sig && ccs_check_signal_acl(sig, pid))  +       if (sig && ccs_check_signal_acl(sig, pid))
1405  +               return -EPERM;  +               return -EPERM;
# Line 1413  Source code for this patch is http://www Line 1412  Source code for this patch is http://www
1412              return -EINVAL;              return -EINVAL;
1413    
1414  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
1415  +       if (sig && !ccs_capable(TOMOYO_SYS_KILL))  +       if (sig && !ccs_capable(CCS_SYS_KILL))
1416  +               return -EPERM;  +               return -EPERM;
1417  +       if (sig && ccs_check_signal_acl(sig, pid))  +       if (sig && ccs_check_signal_acl(sig, pid))
1418  +               return -EPERM;  +               return -EPERM;
# Line 1438  Source code for this patch is http://www Line 1437  Source code for this patch is http://www
1437          if (which > 2 || which < 0)          if (which > 2 || which < 0)
1438                  return -EINVAL;                  return -EINVAL;
1439  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
1440  +       if (!ccs_capable(TOMOYO_SYS_NICE))  +       if (!ccs_capable(CCS_SYS_NICE))
1441  +               return -EPERM;  +               return -EPERM;
1442  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
1443    
# Line 1449  Source code for this patch is http://www Line 1448  Source code for this patch is http://www
1448                          magic2 != LINUX_REBOOT_MAGIC2B))                          magic2 != LINUX_REBOOT_MAGIC2B))
1449                  return -EINVAL;                  return -EINVAL;
1450  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
1451  +       if (!ccs_capable(TOMOYO_SYS_REBOOT))  +       if (!ccs_capable(CCS_SYS_REBOOT))
1452  +               return -EPERM;  +               return -EPERM;
1453  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
1454    
# Line 1460  Source code for this patch is http://www Line 1459  Source code for this patch is http://www
1459          if (len < 0 || len > __NEW_UTS_LEN)          if (len < 0 || len > __NEW_UTS_LEN)
1460                  return -EINVAL;                  return -EINVAL;
1461  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
1462  +       if (!ccs_capable(TOMOYO_SYS_SETHOSTNAME))  +       if (!ccs_capable(CCS_SYS_SETHOSTNAME))
1463  +               return -EPERM;  +               return -EPERM;
1464  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
1465          down_write(&uts_sem);          down_write(&uts_sem);
# Line 1471  Source code for this patch is http://www Line 1470  Source code for this patch is http://www
1470          if (len < 0 || len > __NEW_UTS_LEN)          if (len < 0 || len > __NEW_UTS_LEN)
1471                  return -EINVAL;                  return -EINVAL;
1472  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
1473  +       if (!ccs_capable(TOMOYO_SYS_SETHOSTNAME))  +       if (!ccs_capable(CCS_SYS_SETHOSTNAME))
1474  +               return -EPERM;  +               return -EPERM;
1475  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
1476    
# Line 1644  Source code for this patch is http://www Line 1643  Source code for this patch is http://www
1643          if (!capable(CAP_SYS_TIME))          if (!capable(CAP_SYS_TIME))
1644                  return -EPERM;                  return -EPERM;
1645  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
1646  +       if (!ccs_capable(TOMOYO_SYS_SETTIME))  +       if (!ccs_capable(CCS_SYS_SETTIME))
1647  +               return -EPERM;  +               return -EPERM;
1648  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
1649          if (get_user(value, tptr))          if (get_user(value, tptr))
# Line 1655  Source code for this patch is http://www Line 1654  Source code for this patch is http://www
1654          if (!capable(CAP_SYS_TIME))          if (!capable(CAP_SYS_TIME))
1655                  return -EPERM;                  return -EPERM;
1656  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
1657  +       if (!ccs_capable(TOMOYO_SYS_SETTIME))  +       if (!ccs_capable(CCS_SYS_SETTIME))
1658  +               return -EPERM;  +               return -EPERM;
1659  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
1660                                    
# Line 1666  Source code for this patch is http://www Line 1665  Source code for this patch is http://www
1665          if (txc->modes && !capable(CAP_SYS_TIME))          if (txc->modes && !capable(CAP_SYS_TIME))
1666                  return -EPERM;                  return -EPERM;
1667  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
1668  +       if (txc->modes && !ccs_capable(TOMOYO_SYS_SETTIME))  +       if (txc->modes && !ccs_capable(CCS_SYS_SETTIME))
1669  +               return -EPERM;  +               return -EPERM;
1670  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
1671                                    
# Line 1932  Source code for this patch is http://www Line 1931  Source code for this patch is http://www
1931          }          }
1932  +       /***** TOMOYO Linux start. *****/  +       /***** TOMOYO Linux start. *****/
1933  +       err = -EPERM;  +       err = -EPERM;
1934  +       if (sunaddr->sun_path[0] && !ccs_capable(TOMOYO_CREATE_UNIX_SOCKET))  +       if (sunaddr->sun_path[0] && !ccs_capable(CCS_CREATE_UNIX_SOCKET))
1935  +               goto out;  +               goto out;
1936  +       /***** TOMOYO Linux end. *****/  +       /***** TOMOYO Linux end. *****/
1937    
Legend:
Removed from v.2279  
changed lines
  Added in v.2282
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
サイト情報
ソフトウェアを探す
ソフトウェアを作る
コミュニティ
ヘルプ