オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/trunk/1.8.x/ccs-patch/patches/ccs-patch-2.4.37.diff

Contents of /trunk/1.8.x/ccs-patch/patches/ccs-patch-2.4.37.diff

Parent Directory Parent Directory | Revision Log Revision Log

Revision 2278 - (show annotations) (download) (as text)
Wed Mar 18 08:12:58 2009 UTC (15 years, 2 months ago) by kumaneko
Original Path: trunk/1.6.x/ccs-patch/patches/ccs-patch-2.4.37.diff
File MIME type: text/x-diff
File size: 56837 byte(s) 
Remove '#ifdef TOMOYO_SYS_PTRACE'
1 This is TOMOYO Linux patch for kernel 2.4.37.
2
3 Source code for this patch is http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.37.tar.bz2
4 ---
5 Documentation/Configure.help | 86 +++++++++++++++++++++++++++++
6 arch/alpha/kernel/ptrace.c | 7 ++
7 arch/arm/kernel/ptrace.c | 7 ++
8 arch/cris/kernel/ptrace.c | 7 ++
9 arch/i386/kernel/ptrace.c | 7 ++
10 arch/ia64/ia32/sys_ia32.c | 7 ++
11 arch/ia64/kernel/ptrace.c | 7 ++
12 arch/m68k/kernel/ptrace.c | 7 ++
13 arch/mips/kernel/ptrace.c | 7 ++
14 arch/mips64/kernel/ptrace.c | 11 +++
15 arch/parisc/kernel/ptrace.c | 7 ++
16 arch/ppc/kernel/ptrace.c | 7 ++
17 arch/ppc64/kernel/ptrace.c | 7 ++
18 arch/ppc64/kernel/ptrace32.c | 7 ++
19 arch/s390/kernel/ptrace.c | 7 ++
20 arch/s390x/kernel/ptrace.c | 7 ++
21 arch/sh/kernel/ptrace.c | 7 ++
22 arch/sh64/kernel/ptrace.c | 7 ++
23 arch/sparc/kernel/ptrace.c | 9 +++
24 arch/sparc64/kernel/ptrace.c | 9 +++
25 arch/x86_64/ia32/ptrace32.c | 7 ++
26 arch/x86_64/kernel/ptrace.c | 7 ++
27 fs/Config.in | 3 +
28 fs/Makefile | 2
29 fs/attr.c | 10 +++
30 fs/exec.c | 21 ++++++-
31 fs/fcntl.c | 8 ++
32 fs/ioctl.c | 9 +++
33 fs/namei.c | 127 +++++++++++++++++++++++++++++++++++++++++++
34 fs/namespace.c | 58 +++++++++++++++++++
35 fs/open.c | 29 +++++++++
36 fs/proc/Makefile | 4 +
37 fs/proc/proc_misc.c | 5 +
38 include/linux/sched.h | 13 ++++
39 kernel/kmod.c | 5 +
40 kernel/module.c | 15 +++++
41 kernel/sched.c | 7 ++
42 kernel/signal.c | 15 +++++
43 kernel/sys.c | 19 ++++++
44 kernel/sysctl.c | 113 +++++++++++++++++++++++++++++++++++++-
45 kernel/time.c | 15 +++++
46 net/core/datagram.c | 10 +++
47 net/ipv4/tcp_ipv4.c | 11 +++
48 net/ipv4/udp.c | 11 +++
49 net/ipv6/tcp_ipv6.c | 7 ++
50 net/ipv6/udp.c | 11 +++
51 net/socket.c | 40 ++++++++++++-
52 net/unix/af_unix.c | 15 +++++
53 48 files changed, 818 insertions(+), 6 deletions(-)
54
55 --- linux-2.4.37.orig/Documentation/Configure.help
56 +++ linux-2.4.37/Documentation/Configure.help
57 @@ -29158,6 +29158,92 @@ CONFIG_SOUND_WM97XX
58
59 If unsure, say N.
60
61 +CONFIG_SAKURA
62 + Say Y here to support the Domain-Free Mandatory Access Control.
63 +
64 + SAKURA stands for
65 + "Security Advancement Know-how Upon Read-only Approach".
66 + As the name shows, SAKURA was originally a methodology to make
67 + root fs read-only to avoid tampering the system files.
68 + But now, SAKURA is not only a methodology but also a kernel patch
69 + that improves the system security with less effort.
70 +
71 + SAKURA can restrict operations that affect systemwide.
72 +
73 +CONFIG_TOMOYO
74 + Say Y here to support the Domain-Based Mandatory Access Control.
75 +
76 + TOMOYO stands for "Task Oriented Management Obviates Your Onus".
77 + TOMOYO is intended to provide the Domain-Based MAC
78 + utilizing task_struct.
79 +
80 + The word "domain" in TOMOYO is a class that a process
81 + (i.e. task_struct) belong to.
82 + The domain of a process changes whenever the process
83 + executes a program.
84 + This allows you to classify at the finest level.
85 + The access permission is granted to domains, not to processes.
86 + Policy is defined as "Which domain can access to which resource.".
87 +
88 + The biggest feature of TOMOYO is that TOMOYO has "learning mode".
89 + The learning mode can automatically generate policy definition,
90 + and dramatically reduces the policy definition labors.
91 +
92 + TOMOYO is applicable to figuring out the system's behavior, for
93 + TOMOYO uses the canonicalized absolute pathnames and
94 + TreeView style domain transitions.
95 +
96 + You can make custom root fs with minimum files
97 + to run minimum applications with TOMOYO.
98 +
99 +CONFIG_TOMOYO_MAX_ACCEPT_ENTRY
100 + This is the default value for maximal ACL entries
101 + that are automatically appended into policy at "learning mode".
102 + Some programs access thousands of objects, so running
103 + such programs in "learning mode" dulls the system response
104 + and consumes much memory.
105 + This is the safeguard for such programs.
106 +
107 +CONFIG_TOMOYO_MAX_GRANT_LOG
108 + This is the default value for maximal entries for
109 + access grant logs that the kernel can hold on memory.
110 + You can read the log via /proc/ccs/grant_log.
111 + If you don't need access grant logs,
112 + you may set this value to 0.
113 +
114 +CONFIG_TOMOYO_MAX_REJECT_LOG
115 + This is the default value for maximal entries for
116 + access reject logs that the kernel can hold on memory.
117 + You can read the log via /proc/ccs/reject_log.
118 + If you don't need access reject logs,
119 + you may set this value to 0.
120 +
121 +CONFIG_SYAORAN
122 + Say Y or M here to support the Tamper-Proof Device Filesystem.
123 +
124 + SYAORAN stands for
125 + "Simple Yet All-important Object Realizing Abiding Nexus".
126 + SYAORAN is a filesystem for /dev with Mandatory Access Control.
127 +
128 + SAKURA can make root fs read-only, but the system can't work
129 + if /dev is read-only. Therefore you need to mount a writable
130 + filesystem (such as tmpfs) for /dev if root fs is read-only.
131 +
132 + But the writable /dev means that files on /dev might be tampered.
133 + For example, if /dev/null is deleted and re-created as a symbolic
134 + link to /dev/hda by an attacker, the contents of the IDE HDD
135 + will be destroyed at a blow.
136 +
137 + Also, TOMOYO controls file access by pathnames,
138 + not by security labels.
139 + Therefore /dev/null, for example, might be tampered
140 + if a process have write permission to /dev/null .
141 +
142 + SYAORAN can ensure /dev/null is a character device file
143 + with major=1 minor=3.
144 +
145 + You can use SAKURA to make /dev not unmountable.
146 +
147 #
148 # A couple of things I keep forgetting:
149 # capitalize: AppleTalk, Ethernet, DOS, DMA, FAT, FTP, Internet,
150 --- linux-2.4.37.orig/arch/alpha/kernel/ptrace.c
151 +++ linux-2.4.37/arch/alpha/kernel/ptrace.c
152 @@ -18,6 +18,9 @@
153 #include <asm/pgtable.h>
154 #include <asm/system.h>
155 #include <asm/fpu.h>
156 +/***** TOMOYO Linux start. *****/
157 +#include <linux/tomoyo.h>
158 +/***** TOMOYO Linux end. *****/
159
160 #include "proto.h"
161
162 @@ -251,6 +254,10 @@ sys_ptrace(long request, long pid, long
163 {
164 struct task_struct *child;
165 long ret;
166 + /***** TOMOYO Linux start. *****/
167 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
168 + return -EPERM;
169 + /***** TOMOYO Linux end. *****/
170
171 lock_kernel();
172 DBG(DBG_MEM, ("request=%ld pid=%ld addr=0x%lx data=0x%lx\n",
173 --- linux-2.4.37.orig/arch/arm/kernel/ptrace.c
174 +++ linux-2.4.37/arch/arm/kernel/ptrace.c
175 @@ -22,6 +22,9 @@
176 #include <asm/uaccess.h>
177 #include <asm/pgtable.h>
178 #include <asm/system.h>
179 +/***** TOMOYO Linux start. *****/
180 +#include <linux/tomoyo.h>
181 +/***** TOMOYO Linux end. *****/
182
183 #include "ptrace.h"
184
185 @@ -695,6 +698,10 @@ asmlinkage int sys_ptrace(long request,
186 {
187 struct task_struct *child;
188 int ret;
189 + /***** TOMOYO Linux start. *****/
190 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
191 + return -EPERM;
192 + /***** TOMOYO Linux end. *****/
193
194 lock_kernel();
195 ret = -EPERM;
196 --- linux-2.4.37.orig/arch/cris/kernel/ptrace.c
197 +++ linux-2.4.37/arch/cris/kernel/ptrace.c
198 @@ -48,6 +48,9 @@
199 #include <asm/pgtable.h>
200 #include <asm/system.h>
201 #include <asm/processor.h>
202 +/***** TOMOYO Linux start. *****/
203 +#include <linux/tomoyo.h>
204 +/***** TOMOYO Linux end. *****/
205
206 /*
207 * does not yet catch signals sent when the child dies.
208 @@ -104,6 +107,10 @@ asmlinkage int sys_ptrace(long request,
209 {
210 struct task_struct *child;
211 int ret;
212 + /***** TOMOYO Linux start. *****/
213 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
214 + return -EPERM;
215 + /***** TOMOYO Linux end. *****/
216
217 lock_kernel();
218 ret = -EPERM;
219 --- linux-2.4.37.orig/arch/i386/kernel/ptrace.c
220 +++ linux-2.4.37/arch/i386/kernel/ptrace.c
221 @@ -20,6 +20,9 @@
222 #include <asm/processor.h>
223 #include <asm/i387.h>
224 #include <asm/debugreg.h>
225 +/***** TOMOYO Linux start. *****/
226 +#include <linux/tomoyo.h>
227 +/***** TOMOYO Linux end. *****/
228
229 /*
230 * does not yet catch signals sent when the child dies.
231 @@ -152,6 +155,10 @@ asmlinkage int sys_ptrace(long request,
232 struct task_struct *child;
233 struct user * dummy = NULL;
234 int i, ret;
235 + /***** TOMOYO Linux start. *****/
236 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
237 + return -EPERM;
238 + /***** TOMOYO Linux end. *****/
239
240 lock_kernel();
241 ret = -EPERM;
242 --- linux-2.4.37.orig/arch/ia64/ia32/sys_ia32.c
243 +++ linux-2.4.37/arch/ia64/ia32/sys_ia32.c
244 @@ -57,6 +57,9 @@
245 #include <net/scm.h>
246 #include <net/sock.h>
247 #include <asm/ia32.h>
248 +/***** TOMOYO Linux start. *****/
249 +#include <linux/tomoyo.h>
250 +/***** TOMOYO Linux end. *****/
251
252 #define DEBUG 0
253
254 @@ -3131,6 +3134,10 @@ sys32_ptrace (int request, pid_t pid, un
255 struct task_struct *child;
256 unsigned int value, tmp;
257 long i, ret;
258 + /***** TOMOYO Linux start. *****/
259 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
260 + return -EPERM;
261 + /***** TOMOYO Linux end. *****/
262
263 lock_kernel();
264 if (request == PTRACE_TRACEME) {
265 --- linux-2.4.37.orig/arch/ia64/kernel/ptrace.c
266 +++ linux-2.4.37/arch/ia64/kernel/ptrace.c
267 @@ -27,6 +27,9 @@
268 #ifdef CONFIG_PERFMON
269 #include <asm/perfmon.h>
270 #endif
271 +/***** TOMOYO Linux start. *****/
272 +#include <linux/tomoyo.h>
273 +/***** TOMOYO Linux end. *****/
274
275 #define offsetof(type,field) ((unsigned long) &((type *) 0)->field)
276
277 @@ -1273,6 +1276,10 @@ sys_ptrace (long request, pid_t pid, uns
278 struct task_struct *child;
279 struct switch_stack *sw;
280 long ret;
281 + /***** TOMOYO Linux start. *****/
282 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
283 + return -EPERM;
284 + /***** TOMOYO Linux end. *****/
285
286 lock_kernel();
287 ret = -EPERM;
288 --- linux-2.4.37.orig/arch/m68k/kernel/ptrace.c
289 +++ linux-2.4.37/arch/m68k/kernel/ptrace.c
290 @@ -25,6 +25,9 @@
291 #include <asm/pgtable.h>
292 #include <asm/system.h>
293 #include <asm/processor.h>
294 +/***** TOMOYO Linux start. *****/
295 +#include <linux/tomoyo.h>
296 +/***** TOMOYO Linux end. *****/
297
298 /*
299 * does not yet catch signals sent when the child dies.
300 @@ -104,6 +107,10 @@ asmlinkage int sys_ptrace(long request,
301 {
302 struct task_struct *child;
303 int ret;
304 + /***** TOMOYO Linux start. *****/
305 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
306 + return -EPERM;
307 + /***** TOMOYO Linux end. *****/
308
309 lock_kernel();
310 ret = -EPERM;
311 --- linux-2.4.37.orig/arch/mips/kernel/ptrace.c
312 +++ linux-2.4.37/arch/mips/kernel/ptrace.c
313 @@ -28,6 +28,9 @@
314 #include <asm/bootinfo.h>
315 #include <asm/cpu.h>
316 #include <asm/fpu.h>
317 +/***** TOMOYO Linux start. *****/
318 +#include <linux/tomoyo.h>
319 +/***** TOMOYO Linux end. *****/
320
321 /*
322 * Called by kernel/ptrace.c when detaching..
323 @@ -43,6 +46,10 @@ asmlinkage int sys_ptrace(long request,
324 {
325 struct task_struct *child;
326 int ret;
327 + /***** TOMOYO Linux start. *****/
328 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
329 + return -EPERM;
330 + /***** TOMOYO Linux end. *****/
331
332 lock_kernel();
333 #if 0
334 --- linux-2.4.37.orig/arch/mips64/kernel/ptrace.c
335 +++ linux-2.4.37/arch/mips64/kernel/ptrace.c
336 @@ -30,6 +30,9 @@
337 #include <asm/system.h>
338 #include <asm/uaccess.h>
339 #include <asm/bootinfo.h>
340 +/***** TOMOYO Linux start. *****/
341 +#include <linux/tomoyo.h>
342 +/***** TOMOYO Linux end. *****/
343
344 /*
345 * Called by kernel/ptrace.c when detaching..
346 @@ -49,6 +52,10 @@ asmlinkage int sys32_ptrace(int request,
347 {
348 struct task_struct *child;
349 int ret;
350 + /***** TOMOYO Linux start. *****/
351 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
352 + return -EPERM;
353 + /***** TOMOYO Linux end. *****/
354
355 lock_kernel();
356 ret = -EPERM;
357 @@ -288,6 +295,10 @@ asmlinkage int sys_ptrace(long request,
358 {
359 struct task_struct *child;
360 int ret;
361 + /***** TOMOYO Linux start. *****/
362 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
363 + return -EPERM;
364 + /***** TOMOYO Linux end. *****/
365
366 lock_kernel();
367 #if 0
368 --- linux-2.4.37.orig/arch/parisc/kernel/ptrace.c
369 +++ linux-2.4.37/arch/parisc/kernel/ptrace.c
370 @@ -21,6 +21,9 @@
371 #include <asm/system.h>
372 #include <asm/processor.h>
373 #include <asm/offset.h>
374 +/***** TOMOYO Linux start. *****/
375 +#include <linux/tomoyo.h>
376 +/***** TOMOYO Linux end. *****/
377
378 /* These are used in entry.S, syscall_restore_rfi. We need to record the
379 * current stepping mode somewhere other than in PSW, because there is no
380 @@ -94,6 +97,10 @@ long sys_ptrace(long request, pid_t pid,
381 #ifdef DEBUG_PTRACE
382 long oaddr=addr, odata=data;
383 #endif
384 + /***** TOMOYO Linux start. *****/
385 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
386 + return -EPERM;
387 + /***** TOMOYO Linux end. *****/
388
389 lock_kernel();
390 ret = -EPERM;
391 --- linux-2.4.37.orig/arch/ppc/kernel/ptrace.c
392 +++ linux-2.4.37/arch/ppc/kernel/ptrace.c
393 @@ -29,6 +29,9 @@
394 #include <asm/page.h>
395 #include <asm/pgtable.h>
396 #include <asm/system.h>
397 +/***** TOMOYO Linux start. *****/
398 +#include <linux/tomoyo.h>
399 +/***** TOMOYO Linux end. *****/
400
401 /*
402 * Set of msr bits that gdb can change on behalf of a process.
403 @@ -171,6 +174,10 @@ int sys_ptrace(long request, long pid, l
404 {
405 struct task_struct *child;
406 int ret = -EPERM;
407 + /***** TOMOYO Linux start. *****/
408 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
409 + return -EPERM;
410 + /***** TOMOYO Linux end. *****/
411
412 lock_kernel();
413 if (request == PTRACE_TRACEME) {
414 --- linux-2.4.37.orig/arch/ppc64/kernel/ptrace.c
415 +++ linux-2.4.37/arch/ppc64/kernel/ptrace.c
416 @@ -30,6 +30,9 @@
417 #include <asm/page.h>
418 #include <asm/pgtable.h>
419 #include <asm/system.h>
420 +/***** TOMOYO Linux start. *****/
421 +#include <linux/tomoyo.h>
422 +/***** TOMOYO Linux end. *****/
423
424 /*
425 * Set of msr bits that gdb can change on behalf of a process.
426 @@ -120,6 +123,10 @@ int sys_ptrace(long request, long pid, l
427 {
428 struct task_struct *child;
429 int ret = -EPERM;
430 + /***** TOMOYO Linux start. *****/
431 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
432 + return -EPERM;
433 + /***** TOMOYO Linux end. *****/
434
435 lock_kernel();
436 if (request == PTRACE_TRACEME) {
437 --- linux-2.4.37.orig/arch/ppc64/kernel/ptrace32.c
438 +++ linux-2.4.37/arch/ppc64/kernel/ptrace32.c
439 @@ -30,6 +30,9 @@
440 #include <asm/page.h>
441 #include <asm/pgtable.h>
442 #include <asm/system.h>
443 +/***** TOMOYO Linux start. *****/
444 +#include <linux/tomoyo.h>
445 +/***** TOMOYO Linux end. *****/
446
447 #ifdef CONFIG_ALTIVEC
448 /*
449 @@ -121,6 +124,10 @@ int sys32_ptrace(long request, long pid,
450 {
451 struct task_struct *child;
452 int ret = -EPERM;
453 + /***** TOMOYO Linux start. *****/
454 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
455 + return -EPERM;
456 + /***** TOMOYO Linux end. *****/
457
458 lock_kernel();
459 if (request == PTRACE_TRACEME) {
460 --- linux-2.4.37.orig/arch/s390/kernel/ptrace.c
461 +++ linux-2.4.37/arch/s390/kernel/ptrace.c
462 @@ -37,6 +37,9 @@
463 #include <asm/pgalloc.h>
464 #include <asm/system.h>
465 #include <asm/uaccess.h>
466 +/***** TOMOYO Linux start. *****/
467 +#include <linux/tomoyo.h>
468 +/***** TOMOYO Linux end. *****/
469
470
471 void FixPerRegisters(struct task_struct *task)
472 @@ -221,6 +224,10 @@ asmlinkage int sys_ptrace(long request,
473 unsigned long tmp;
474 int copied;
475 ptrace_area parea;
476 + /***** TOMOYO Linux start. *****/
477 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
478 + return -EPERM;
479 + /***** TOMOYO Linux end. *****/
480
481 lock_kernel();
482 if (request == PTRACE_TRACEME)
483 --- linux-2.4.37.orig/arch/s390x/kernel/ptrace.c
484 +++ linux-2.4.37/arch/s390x/kernel/ptrace.c
485 @@ -43,6 +43,9 @@
486 #else
487 #define parent_31bit 0
488 #endif
489 +/***** TOMOYO Linux start. *****/
490 +#include <linux/tomoyo.h>
491 +/***** TOMOYO Linux end. *****/
492
493
494 void FixPerRegisters(struct task_struct *task)
495 @@ -431,6 +434,10 @@ asmlinkage int sys_ptrace(long request,
496 #define sizeof_parent_long 8
497 #define dataptr (u8 *)&data
498 #endif
499 + /***** TOMOYO Linux start. *****/
500 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
501 + return -EPERM;
502 + /***** TOMOYO Linux end. *****/
503 lock_kernel();
504 if (request == PTRACE_TRACEME)
505 {
506 --- linux-2.4.37.orig/arch/sh/kernel/ptrace.c
507 +++ linux-2.4.37/arch/sh/kernel/ptrace.c
508 @@ -26,6 +26,9 @@
509 #include <asm/system.h>
510 #include <asm/processor.h>
511 #include <asm/mmu_context.h>
512 +/***** TOMOYO Linux start. *****/
513 +#include <linux/tomoyo.h>
514 +/***** TOMOYO Linux end. *****/
515
516 /*
517 * does not yet catch signals sent when the child dies.
518 @@ -144,6 +147,10 @@ asmlinkage int sys_ptrace(long request,
519 struct task_struct *child, *tsk = current;
520 struct user * dummy = NULL;
521 int ret;
522 + /***** TOMOYO Linux start. *****/
523 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
524 + return -EPERM;
525 + /***** TOMOYO Linux end. *****/
526
527 lock_kernel();
528 ret = -EPERM;
529 --- linux-2.4.37.orig/arch/sh64/kernel/ptrace.c
530 +++ linux-2.4.37/arch/sh64/kernel/ptrace.c
531 @@ -32,6 +32,9 @@
532 #include <asm/system.h>
533 #include <asm/processor.h>
534 #include <asm/mmu_context.h>
535 +/***** TOMOYO Linux start. *****/
536 +#include <linux/tomoyo.h>
537 +/***** TOMOYO Linux end. *****/
538
539 /* This mask defines the bits of the SR which the user is not allowed to
540 change, which are everything except S, Q, M, PR, SZ, FR. */
541 @@ -122,6 +125,10 @@ asmlinkage int sys_ptrace(long request,
542 {
543 struct task_struct *child, *tsk = current;
544 int ret;
545 + /***** TOMOYO Linux start. *****/
546 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
547 + return -EPERM;
548 + /***** TOMOYO Linux end. *****/
549
550 lock_kernel();
551 ret = -EPERM;
552 --- linux-2.4.37.orig/arch/sparc/kernel/ptrace.c
553 +++ linux-2.4.37/arch/sparc/kernel/ptrace.c
554 @@ -21,6 +21,9 @@
555 #include <asm/pgtable.h>
556 #include <asm/system.h>
557 #include <asm/uaccess.h>
558 +/***** TOMOYO Linux start. *****/
559 +#include <linux/tomoyo.h>
560 +/***** TOMOYO Linux end. *****/
561
562 #define MAGIC_CONSTANT 0x80000000
563
564 @@ -262,6 +265,12 @@ asmlinkage void do_ptrace(struct pt_regs
565 unsigned long data = regs->u_regs[UREG_I3];
566 unsigned long addr2 = regs->u_regs[UREG_I4];
567 struct task_struct *child;
568 + /***** TOMOYO Linux start. *****/
569 + if (!ccs_capable(TOMOYO_SYS_PTRACE)) {
570 + pt_error_return(regs, EPERM);
571 + return;
572 + }
573 + /***** TOMOYO Linux end. *****/
574
575 lock_kernel();
576 #ifdef DEBUG_PTRACE
577 --- linux-2.4.37.orig/arch/sparc64/kernel/ptrace.c
578 +++ linux-2.4.37/arch/sparc64/kernel/ptrace.c
579 @@ -26,6 +26,9 @@
580 #include <asm/psrcompat.h>
581 #include <asm/visasm.h>
582 #include <asm/spitfire.h>
583 +/***** TOMOYO Linux start. *****/
584 +#include <linux/tomoyo.h>
585 +/***** TOMOYO Linux end. *****/
586
587 #define MAGIC_CONSTANT 0x80000000
588
589 @@ -108,6 +111,12 @@ asmlinkage void do_ptrace(struct pt_regs
590 unsigned long data = regs->u_regs[UREG_I3];
591 unsigned long addr2 = regs->u_regs[UREG_I4];
592 struct task_struct *child;
593 + /***** TOMOYO Linux start. *****/
594 + if (!ccs_capable(TOMOYO_SYS_PTRACE)) {
595 + pt_error_return(regs, EPERM);
596 + return;
597 + }
598 + /***** TOMOYO Linux end. *****/
599
600 if (current->thread.flags & SPARC_FLAG_32BIT) {
601 addr &= 0xffffffffUL;
602 --- linux-2.4.37.orig/arch/x86_64/ia32/ptrace32.c
603 +++ linux-2.4.37/arch/x86_64/ia32/ptrace32.c
604 @@ -24,6 +24,9 @@
605 #include <asm/i387.h>
606 #include <asm/fpu32.h>
607 #include <linux/mm.h>
608 +/***** TOMOYO Linux start. *****/
609 +#include <linux/tomoyo.h>
610 +/***** TOMOYO Linux end. *****/
611
612 /* determines which flags the user has access to. */
613 /* 1 = access 0 = no access */
614 @@ -203,6 +206,10 @@ asmlinkage long sys32_ptrace(long reques
615 struct pt_regs *childregs;
616 int ret;
617 __u32 val;
618 + /***** TOMOYO Linux start. *****/
619 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
620 + return -EPERM;
621 + /***** TOMOYO Linux end. *****/
622
623 switch (request) {
624 case PTRACE_TRACEME:
625 --- linux-2.4.37.orig/arch/x86_64/kernel/ptrace.c
626 +++ linux-2.4.37/arch/x86_64/kernel/ptrace.c
627 @@ -22,6 +22,9 @@
628 #include <asm/processor.h>
629 #include <asm/i387.h>
630 #include <asm/debugreg.h>
631 +/***** TOMOYO Linux start. *****/
632 +#include <linux/tomoyo.h>
633 +/***** TOMOYO Linux end. *****/
634
635 /*
636 * does not yet catch signals sent when the child dies.
637 @@ -180,6 +183,10 @@ asmlinkage long sys_ptrace(long request,
638 struct task_struct *child;
639 struct user * dummy = NULL;
640 long i, ret;
641 + /***** TOMOYO Linux start. *****/
642 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
643 + return -EPERM;
644 + /***** TOMOYO Linux end. *****/
645
646 /* This lock_kernel fixes a subtle race with suid exec */
647 lock_kernel();
648 --- linux-2.4.37.orig/fs/Config.in
649 +++ linux-2.4.37/fs/Config.in
650 @@ -176,4 +176,7 @@ comment 'Partition Types'
651 source fs/partitions/Config.in
652 endmenu
653 source fs/nls/Config.in
654 +
655 +source fs/Config.ccs.in
656 +
657 endmenu
658 --- linux-2.4.37.orig/fs/Makefile
659 +++ linux-2.4.37/fs/Makefile
660 @@ -80,5 +80,5 @@ obj-$(CONFIG_BINFMT_ELF) += binfmt_elf.o
661 # persistent filesystems
662 obj-y += $(join $(subdir-y),$(subdir-y:%=/%.o))
663
664 -
665 +include Makefile-2.4.ccs
666 include $(TOPDIR)/Rules.make
667 --- linux-2.4.37.orig/fs/attr.c
668 +++ linux-2.4.37/fs/attr.c
669 @@ -12,6 +12,9 @@
670 #include <linux/dnotify.h>
671 #include <linux/fcntl.h>
672 #include <linux/quotaops.h>
673 +/***** TOMOYO Linux start. *****/
674 +#include <linux/tomoyo.h>
675 +/***** TOMOYO Linux end. *****/
676
677 /* Taken over from the old code... */
678
679 @@ -127,6 +130,13 @@ int notify_change(struct dentry * dentry
680 attr->ia_atime = now;
681 if (!(ia_valid & ATTR_MTIME_SET))
682 attr->ia_mtime = now;
683 + /***** TOMOYO Linux start. *****/
684 + if ((ia_valid & ATTR_MODE) && !ccs_capable(TOMOYO_SYS_CHMOD))
685 + return -EPERM;
686 + if ((ia_valid & (ATTR_UID | ATTR_GID)) &&
687 + !ccs_capable(TOMOYO_SYS_CHOWN))
688 + return -EPERM;
689 + /***** TOMOYO Linux end. *****/
690
691 lock_kernel();
692 if (inode->i_op && inode->i_op->setattr)
693 --- linux-2.4.37.orig/fs/exec.c
694 +++ linux-2.4.37/fs/exec.c
695 @@ -48,6 +48,10 @@
696 #include <linux/kmod.h>
697 #endif
698
699 +/***** TOMOYO Linux start. *****/
700 +#include <linux/tomoyo.h>
701 +/***** TOMOYO Linux end. *****/
702 +
703 int core_uses_pid;
704 char core_pattern[65] = "core";
705 int core_setuid_ok = 0;
706 @@ -125,6 +129,13 @@ asmlinkage long sys_uselib(const char *
707 if (error)
708 goto exit;
709
710 + /***** TOMOYO Linux start. *****/
711 + /* 01 means "read". */
712 + error = ccs_check_open_permission(nd.dentry, nd.mnt, 01);
713 + if (error)
714 + goto exit;
715 + /***** TOMOYO Linux end. *****/
716 +
717 file = dentry_open(nd.dentry, nd.mnt, O_RDONLY);
718 error = PTR_ERR(file);
719 if (IS_ERR(file))
720 @@ -389,6 +400,13 @@ struct file *open_exec(const char *name)
721 int err = permission(inode, MAY_EXEC);
722 if (!err && !(inode->i_mode & 0111))
723 err = -EACCES;
724 + /***** TOMOYO Linux start. *****/
725 + if (!err && (current->tomoyo_flags &
726 + TOMOYO_CHECK_READ_FOR_OPEN_EXEC))
727 + /* 01 means "read". */
728 + err = ccs_check_open_permission(nd.dentry,
729 + nd.mnt, 01);
730 + /***** TOMOYO Linux end. *****/
731 file = ERR_PTR(err);
732 if (!err) {
733 file = dentry_open(nd.dentry, nd.mnt, O_RDONLY);
734 @@ -986,7 +1004,8 @@ int do_execve(char * filename, char ** a
735 if (retval < 0)
736 goto out;
737
738 - retval = search_binary_handler(&bprm,regs);
739 + retval = search_binary_handler_with_transition(&bprm, regs);
740 +
741 if (retval >= 0)
742 /* execve success */
743 return retval;
744 --- linux-2.4.37.orig/fs/fcntl.c
745 +++ linux-2.4.37/fs/fcntl.c
746 @@ -16,6 +16,9 @@
747 #include <asm/poll.h>
748 #include <asm/siginfo.h>
749 #include <asm/uaccess.h>
750 +/***** TOMOYO Linux start. *****/
751 +#include <linux/tomoyo.h>
752 +/***** TOMOYO Linux end. *****/
753
754 extern int sock_fcntl (struct file *, unsigned int cmd, unsigned long arg);
755 extern int fcntl_setlease(unsigned int fd, struct file *filp, long arg);
756 @@ -214,6 +217,11 @@ static int setfl(int fd, struct file * f
757 if (!(arg & O_APPEND) && IS_APPEND(inode))
758 return -EPERM;
759
760 + /***** TOMOYO Linux start. *****/
761 + if (!(arg & O_APPEND) && ccs_check_rewrite_permission(filp))
762 + return -EPERM;
763 + /***** TOMOYO Linux end. *****/
764 +
765 /* Did FASYNC state change? */
766 if ((arg ^ filp->f_flags) & FASYNC) {
767 if (filp->f_op && filp->f_op->fasync) {
768 --- linux-2.4.37.orig/fs/ioctl.c
769 +++ linux-2.4.37/fs/ioctl.c
770 @@ -10,6 +10,9 @@
771
772 #include <asm/uaccess.h>
773 #include <asm/ioctls.h>
774 +/***** TOMOYO Linux start. *****/
775 +#include <linux/tomoyo.h>
776 +/***** TOMOYO Linux end. *****/
777
778 static int file_ioctl(struct file *filp,unsigned int cmd,unsigned long arg)
779 {
780 @@ -112,6 +115,12 @@ asmlinkage long sys_ioctl(unsigned int f
781 error = -ENOTTY;
782 break;
783 default:
784 + /***** TOMOYO Linux start. *****/
785 + if (!ccs_capable(TOMOYO_SYS_IOCTL)) {
786 + error = -EPERM;
787 + break;
788 + }
789 + /***** TOMOYO Linux end. *****/
790 error = -ENOTTY;
791 if (S_ISREG(filp->f_dentry->d_inode->i_mode))
792 error = file_ioctl(filp, cmd, arg);
793 --- linux-2.4.37.orig/fs/namei.c
794 +++ linux-2.4.37/fs/namei.c
795 @@ -28,6 +28,11 @@
796
797 #define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE])
798
799 +/***** TOMOYO Linux start. *****/
800 +#include <linux/tomoyo.h>
801 +#include <linux/module.h>
802 +/***** TOMOYO Linux end. *****/
803 +
804 /* [Feb-1997 T. Schoebel-Theuer]
805 * Fundamental changes in the pathname lookup mechanisms (namei)
806 * were necessary because of omirr. The reason is that omirr needs
807 @@ -1003,6 +1008,9 @@ exit_lock:
808 return error;
809 }
810
811 +/***** TOMOYO Linux start. *****/
812 +#include <linux/tomoyo_vfs.h>
813 +/***** TOMOYO Linux end. *****/
814 /*
815 * open_namei()
816 *
817 @@ -1068,6 +1076,13 @@ do_last:
818
819 /* Negative dentry, just create the file */
820 if (!dentry->d_inode) {
821 + /***** TOMOYO Linux start. *****/
822 + error = pre_vfs_create(dir->d_inode, dentry);
823 + if (!error)
824 + error = ccs_check_1path_perm(TYPE_CREATE_ACL, dentry,
825 + nd->mnt);
826 + if (!error)
827 + /***** TOMOYO Linux end. *****/
828 error = vfs_create(dir->d_inode, dentry,
829 mode & ~current->fs->umask);
830 up(&dir->d_inode->i_sem);
831 @@ -1154,6 +1169,13 @@ ok:
832 goto exit;
833 }
834
835 + /***** TOMOYO Linux start. *****/
836 + /* includes O_APPEND and O_TRUNC checks */
837 + error = ccs_check_open_permission(dentry, nd->mnt, flag);
838 + if (error)
839 + goto exit;
840 + /***** TOMOYO Linux end. *****/
841 +
842 /*
843 * Ensure there are no outstanding leases on the file.
844 */
845 @@ -1292,6 +1314,17 @@ asmlinkage long sys_mknod(const char * f
846
847 if (S_ISDIR(mode))
848 return -EPERM;
849 + /***** TOMOYO Linux start. *****/
850 + if (S_ISCHR(mode) && !ccs_capable(TOMOYO_CREATE_CHAR_DEV))
851 + return -EPERM;
852 + if (S_ISBLK(mode) && !ccs_capable(TOMOYO_CREATE_BLOCK_DEV))
853 + return -EPERM;
854 + if (S_ISFIFO(mode) && !ccs_capable(TOMOYO_CREATE_FIFO))
855 + return -EPERM;
856 + if (S_ISSOCK(mode) && !ccs_capable(TOMOYO_CREATE_UNIX_SOCKET))
857 + return -EPERM;
858 + /***** TOMOYO Linux end. *****/
859 +
860 tmp = getname(filename);
861 if (IS_ERR(tmp))
862 return PTR_ERR(tmp);
863 @@ -1306,9 +1339,33 @@ asmlinkage long sys_mknod(const char * f
864 if (!IS_ERR(dentry)) {
865 switch (mode & S_IFMT) {
866 case 0: case S_IFREG:
867 + /***** TOMOYO Linux start. *****/
868 + error = pre_vfs_create(nd.dentry->d_inode, dentry);
869 + if (error)
870 + break;
871 + error = ccs_check_1path_perm(TYPE_CREATE_ACL, dentry,
872 + nd.mnt);
873 + if (error)
874 + break;
875 + /***** TOMOYO Linux end. *****/
876 error = vfs_create(nd.dentry->d_inode,dentry,mode);
877 break;
878 case S_IFCHR: case S_IFBLK: case S_IFIFO: case S_IFSOCK:
879 + /***** TOMOYO Linux start. *****/
880 + error = pre_vfs_mknod(nd.dentry->d_inode, dentry);
881 + if (error)
882 + break;
883 + error = ccs_check_1path_perm(S_ISCHR(mode) ?
884 + TYPE_MKCHAR_ACL :
885 + S_ISBLK(mode) ?
886 + TYPE_MKBLOCK_ACL :
887 + S_ISFIFO(mode) ?
888 + TYPE_MKFIFO_ACL :
889 + TYPE_MKSOCK_ACL,
890 + dentry, nd.mnt);
891 + if (error)
892 + break;
893 + /***** TOMOYO Linux end. *****/
894 error = vfs_mknod(nd.dentry->d_inode,dentry,mode,dev);
895 break;
896 case S_IFDIR:
897 @@ -1370,6 +1427,13 @@ asmlinkage long sys_mkdir(const char * p
898 dentry = lookup_create(&nd, 1);
899 error = PTR_ERR(dentry);
900 if (!IS_ERR(dentry)) {
901 + /***** TOMOYO Linux start. *****/
902 + error = pre_vfs_mkdir(nd.dentry->d_inode, dentry);
903 + if (!error)
904 + error = ccs_check_1path_perm(TYPE_MKDIR_ACL,
905 + dentry, nd.mnt);
906 + if (!error)
907 + /***** TOMOYO Linux end. *****/
908 error = vfs_mkdir(nd.dentry->d_inode, dentry,
909 mode & ~current->fs->umask);
910 dput(dentry);
911 @@ -1479,6 +1543,13 @@ asmlinkage long sys_rmdir(const char * p
912 dentry = lookup_hash(&nd.last, nd.dentry);
913 error = PTR_ERR(dentry);
914 if (!IS_ERR(dentry)) {
915 + /***** TOMOYO Linux start. *****/
916 + error = pre_vfs_rmdir(nd.dentry->d_inode, dentry);
917 + if (!error)
918 + error = ccs_check_1path_perm(TYPE_RMDIR_ACL, dentry,
919 + nd.mnt);
920 + if (!error)
921 + /***** TOMOYO Linux end. *****/
922 error = vfs_rmdir(nd.dentry->d_inode, dentry);
923 dput(dentry);
924 }
925 @@ -1530,6 +1601,10 @@ asmlinkage long sys_unlink(const char *
926 char * name;
927 struct dentry *dentry;
928 struct nameidata nd;
929 + /***** TOMOYO Linux start. *****/
930 + if (!ccs_capable(TOMOYO_SYS_UNLINK))
931 + return -EPERM;
932 + /***** TOMOYO Linux end. *****/
933
934 name = getname(pathname);
935 if(IS_ERR(name))
936 @@ -1548,6 +1623,14 @@ asmlinkage long sys_unlink(const char *
937 /* Why not before? Because we want correct error value */
938 if (nd.last.name[nd.last.len])
939 goto slashes;
940 + /***** TOMOYO Linux start. *****/
941 + error = pre_vfs_unlink(nd.dentry->d_inode, dentry);
942 + if (error)
943 + goto exit2;
944 + error = ccs_check_1path_perm(TYPE_UNLINK_ACL, dentry, nd.mnt);
945 + if (error)
946 + goto exit2;
947 + /***** TOMOYO Linux end. *****/
948 error = vfs_unlink(nd.dentry->d_inode, dentry);
949 exit2:
950 dput(dentry);
951 @@ -1596,6 +1679,10 @@ asmlinkage long sys_symlink(const char *
952 int error = 0;
953 char * from;
954 char * to;
955 + /***** TOMOYO Linux start. *****/
956 + if (!ccs_capable(TOMOYO_SYS_SYMLINK))
957 + return -EPERM;
958 + /***** TOMOYO Linux end. *****/
959
960 from = getname(oldname);
961 if(IS_ERR(from))
962 @@ -1612,6 +1699,13 @@ asmlinkage long sys_symlink(const char *
963 dentry = lookup_create(&nd, 0);
964 error = PTR_ERR(dentry);
965 if (!IS_ERR(dentry)) {
966 + /***** TOMOYO Linux start. *****/
967 + error = pre_vfs_symlink(nd.dentry->d_inode, dentry);
968 + if (!error)
969 + error = ccs_check_1path_perm(TYPE_SYMLINK_ACL,
970 + dentry, nd.mnt);
971 + if (!error)
972 + /***** TOMOYO Linux end. *****/
973 error = vfs_symlink(nd.dentry->d_inode, dentry, from);
974 dput(dentry);
975 }
976 @@ -1679,6 +1773,10 @@ asmlinkage long sys_link(const char * ol
977 {
978 int error;
979 char * to;
980 + /***** TOMOYO Linux start. *****/
981 + if (!ccs_capable(TOMOYO_SYS_LINK))
982 + return -EPERM;
983 + /***** TOMOYO Linux end. *****/
984
985 to = getname(newname);
986 error = PTR_ERR(to);
987 @@ -1698,6 +1796,17 @@ asmlinkage long sys_link(const char * ol
988 new_dentry = lookup_create(&nd, 0);
989 error = PTR_ERR(new_dentry);
990 if (!IS_ERR(new_dentry)) {
991 + /***** TOMOYO Linux start. *****/
992 + error = pre_vfs_link(old_nd.dentry, nd.dentry->d_inode,
993 + new_dentry);
994 + if (!error)
995 + error = ccs_check_2path_perm(TYPE_LINK_ACL,
996 + old_nd.dentry,
997 + old_nd.mnt,
998 + new_dentry,
999 + nd.mnt);
1000 + if (!error)
1001 + /***** TOMOYO Linux end. *****/
1002 error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
1003 dput(new_dentry);
1004 }
1005 @@ -1928,6 +2037,20 @@ static inline int do_rename(const char *
1006 error = PTR_ERR(new_dentry);
1007 if (IS_ERR(new_dentry))
1008 goto exit4;
1009 + /***** TOMOYO Linux start. *****/
1010 + error = pre_vfs_rename(old_dir->d_inode, old_dentry,
1011 + new_dir->d_inode, new_dentry);
1012 + if (error) {
1013 + dput(new_dentry);
1014 + goto exit4;
1015 + }
1016 + error = ccs_check_2path_perm(TYPE_RENAME_ACL, old_dentry, oldnd.mnt,
1017 + new_dentry, newnd.mnt);
1018 + if (error) {
1019 + dput(new_dentry);
1020 + goto exit4;
1021 + }
1022 + /***** TOMOYO Linux end. *****/
1023
1024 lock_kernel();
1025 error = vfs_rename(old_dir->d_inode, old_dentry,
1026 @@ -1952,6 +2075,10 @@ asmlinkage long sys_rename(const char *
1027 int error;
1028 char * from;
1029 char * to;
1030 + /***** TOMOYO Linux start. *****/
1031 + if (!ccs_capable(TOMOYO_SYS_RENAME))
1032 + return -EPERM;
1033 + /***** TOMOYO Linux end. *****/
1034
1035 from = getname(oldname);
1036 if(IS_ERR(from))
1037 --- linux-2.4.37.orig/fs/namespace.c
1038 +++ linux-2.4.37/fs/namespace.c
1039 @@ -21,6 +21,13 @@
1040 #include <linux/seq_file.h>
1041 #include <linux/namespace.h>
1042
1043 +/***** SAKURA Linux start. *****/
1044 +#include <linux/sakura.h>
1045 +/***** SAKURA Linux end. *****/
1046 +/***** TOMOYO Linux start. *****/
1047 +#include <linux/tomoyo.h>
1048 +/***** TOMOYO Linux end. *****/
1049 +
1050 struct vfsmount *do_kern_mount(const char *type, int flags, char *name, void *data);
1051 int do_remount_sb(struct super_block *sb, int flags, void * data);
1052 void kill_super(struct super_block *sb);
1053 @@ -290,6 +297,10 @@ static int do_umount(struct vfsmount *mn
1054 {
1055 struct super_block * sb = mnt->mnt_sb;
1056 int retval = 0;
1057 + /***** SAKURA Linux start. *****/
1058 + if (ccs_may_umount(mnt))
1059 + return -EPERM;
1060 + /***** SAKURA Linux end. *****/
1061
1062 /*
1063 * If we may have to abort operations to get out of this
1064 @@ -365,6 +376,10 @@ asmlinkage long sys_umount(char * name,
1065 {
1066 struct nameidata nd;
1067 int retval;
1068 + /***** TOMOYO Linux start. *****/
1069 + if (!ccs_capable(TOMOYO_SYS_UMOUNT))
1070 + return -EPERM;
1071 + /***** TOMOYO Linux end. *****/
1072
1073 retval = __user_walk(name, LOOKUP_POSITIVE|LOOKUP_FOLLOW, &nd);
1074 if (retval)
1075 @@ -500,6 +515,11 @@ static int do_loopback(struct nameidata
1076 down_write(&current->namespace->sem);
1077 err = -EINVAL;
1078 if (check_mnt(nd->mnt) && (!recurse || check_mnt(old_nd.mnt))) {
1079 + /***** SAKURA Linux start. *****/
1080 + err = -EPERM;
1081 + if (ccs_may_mount(nd))
1082 + goto out;
1083 + /***** SAKURA Linux end. *****/
1084 err = -ENOMEM;
1085 if (recurse)
1086 mnt = copy_tree(old_nd.mnt, old_nd.dentry);
1087 @@ -516,7 +536,9 @@ static int do_loopback(struct nameidata
1088 } else
1089 mntput(mnt);
1090 }
1091 -
1092 + /***** SAKURA Linux start. *****/
1093 + out:
1094 + /***** SAKURA Linux end. *****/
1095 up_write(&current->namespace->sem);
1096 path_release(&old_nd);
1097 return err;
1098 @@ -570,6 +592,12 @@ static int do_move_mount(struct nameidat
1099 if (!check_mnt(nd->mnt) || !check_mnt(old_nd.mnt))
1100 goto out;
1101
1102 + /***** SAKURA Linux start. *****/
1103 + err = -EPERM;
1104 + if (ccs_may_umount(old_nd.mnt) || ccs_may_mount(nd))
1105 + goto out;
1106 + /***** SAKURA Linux end. *****/
1107 +
1108 err = -ENOENT;
1109 down(&nd->dentry->d_inode->i_zombie);
1110 if (IS_DEADDIR(nd->dentry->d_inode))
1111 @@ -641,6 +669,12 @@ static int do_add_mount(struct nameidata
1112 if (nd->mnt->mnt_sb == mnt->mnt_sb && nd->mnt->mnt_root == nd->dentry)
1113 goto unlock;
1114
1115 + /***** SAKURA Linux start. *****/
1116 + err = -EPERM;
1117 + if (ccs_may_mount(nd))
1118 + goto unlock;
1119 + /***** SAKURA Linux end. *****/
1120 +
1121 mnt->mnt_flags = mnt_flags;
1122 err = graft_tree(mnt, nd);
1123 unlock:
1124 @@ -718,6 +752,17 @@ long do_mount(char * dev_name, char * di
1125 if (data_page)
1126 ((char *)data_page)[PAGE_SIZE - 1] = 0;
1127
1128 + /***** TOMOYO Linux start. *****/
1129 + if (!ccs_capable(TOMOYO_SYS_MOUNT))
1130 + return -EPERM;
1131 + /***** TOMOYO Linux end. *****/
1132 + /***** SAKURA Linux start. *****/
1133 + retval = ccs_check_mount_permission(dev_name, dir_name, type_page,
1134 + &flags);
1135 + if (retval)
1136 + return retval;
1137 + /***** SAKURA Linux end. *****/
1138 +
1139 /* Separate the per-mountpoint flags */
1140 if (flags & MS_NOSUID)
1141 mnt_flags |= MNT_NOSUID;
1142 @@ -911,6 +956,10 @@ asmlinkage long sys_pivot_root(const cha
1143
1144 if (!capable(CAP_SYS_ADMIN))
1145 return -EPERM;
1146 + /***** TOMOYO Linux start. *****/
1147 + if (!ccs_capable(TOMOYO_SYS_PIVOT_ROOT))
1148 + return -EPERM;
1149 + /***** TOMOYO Linux end. *****/
1150
1151 lock_kernel();
1152
1153 @@ -925,6 +974,13 @@ asmlinkage long sys_pivot_root(const cha
1154 if (error)
1155 goto out1;
1156
1157 + /***** SAKURA Linux start. *****/
1158 + error = ccs_check_pivot_root_permission(&old_nd, &new_nd);
1159 + if (error) {
1160 + path_release(&old_nd);
1161 + goto out1;
1162 + }
1163 + /***** SAKURA Linux end. *****/
1164 read_lock(&current->fs->lock);
1165 user_nd.mnt = mntget(current->fs->rootmnt);
1166 user_nd.dentry = dget(current->fs->root);
1167 --- linux-2.4.37.orig/fs/open.c
1168 +++ linux-2.4.37/fs/open.c
1169 @@ -20,6 +20,13 @@
1170
1171 #define special_file(m) (S_ISCHR(m)||S_ISBLK(m)||S_ISFIFO(m)||S_ISSOCK(m))
1172
1173 +/***** SAKURA Linux start. *****/
1174 +#include <linux/sakura.h>
1175 +/***** SAKURA Linux end. *****/
1176 +/***** TOMOYO Linux start. *****/
1177 +#include <linux/tomoyo.h>
1178 +/***** TOMOYO Linux end. *****/
1179 +
1180 int vfs_statfs(struct super_block *sb, struct statfs *buf)
1181 {
1182 int retval = -ENODEV;
1183 @@ -164,6 +171,11 @@ static inline long do_sys_truncate(const
1184 if (error)
1185 goto dput_and_out;
1186
1187 + /***** TOMOYO Linux start. *****/
1188 + error = ccs_check_1path_perm(TYPE_TRUNCATE_ACL, nd.dentry, nd.mnt);
1189 + if (!error)
1190 + /***** TOMOYO Linux end. *****/
1191 +
1192 error = locks_verify_truncate(inode, NULL, length);
1193 if (!error) {
1194 DQUOT_INIT(inode);
1195 @@ -217,6 +229,11 @@ static inline long do_sys_ftruncate(unsi
1196 if (IS_APPEND(inode))
1197 goto out_putf;
1198
1199 + /***** TOMOYO Linux start. *****/
1200 + error = ccs_check_1path_perm(TYPE_TRUNCATE_ACL, dentry, file->f_vfsmnt);
1201 + if (error)
1202 + goto out_putf;
1203 + /***** TOMOYO Linux end. *****/
1204 error = locks_verify_truncate(inode, file, length);
1205 if (!error)
1206 error = do_truncate(dentry, length);
1207 @@ -466,6 +483,14 @@ asmlinkage long sys_chroot(const char *
1208 error = -EPERM;
1209 if (!capable(CAP_SYS_CHROOT))
1210 goto dput_and_out;
1211 + /***** TOMOYO Linux start. *****/
1212 + if (!ccs_capable(TOMOYO_SYS_CHROOT))
1213 + goto dput_and_out;
1214 + /***** TOMOYO Linux end. *****/
1215 + /***** SAKURA Linux start. *****/
1216 + if (ccs_check_chroot_permission(&nd))
1217 + goto dput_and_out;
1218 + /***** SAKURA Linux end. *****/
1219
1220 set_fs_root(current->fs, nd.mnt, nd.dentry);
1221 set_fs_altroot();
1222 @@ -897,6 +922,10 @@ out_unlock:
1223 */
1224 asmlinkage long sys_vhangup(void)
1225 {
1226 + /***** TOMOYO Linux start. *****/
1227 + if (!ccs_capable(TOMOYO_SYS_VHANGUP))
1228 + return -EPERM;
1229 + /***** TOMOYO Linux end. *****/
1230 if (capable(CAP_SYS_TTY_CONFIG)) {
1231 tty_vhangup(current->tty);
1232 return 0;
1233 --- linux-2.4.37.orig/fs/proc/Makefile
1234 +++ linux-2.4.37/fs/proc/Makefile
1235 @@ -18,4 +18,8 @@ ifeq ($(CONFIG_PROC_DEVICETREE),y)
1236 obj-y += proc_devtree.o
1237 endif
1238
1239 +export-objs += ccs_proc.o
1240 +obj-$(CONFIG_SAKURA) += ccs_proc.o
1241 +obj-$(CONFIG_TOMOYO) += ccs_proc.o
1242 +
1243 include $(TOPDIR)/Rules.make
1244 --- linux-2.4.37.orig/fs/proc/proc_misc.c
1245 +++ linux-2.4.37/fs/proc/proc_misc.c
1246 @@ -670,4 +670,9 @@ void __init proc_misc_init(void)
1247 entry->proc_fops = &ppc_htab_operations;
1248 }
1249 #endif
1250 + /***** CCS start. *****/
1251 +#if defined(CONFIG_SAKURA) || defined(CONFIG_TOMOYO)
1252 + printk(KERN_INFO "Hook version: 2.4.37 2008/12/03\n");
1253 +#endif
1254 + /***** CCS end. *****/
1255 }
1256 --- linux-2.4.37.orig/include/linux/sched.h
1257 +++ linux-2.4.37/include/linux/sched.h
1258 @@ -29,6 +29,11 @@ extern unsigned long event;
1259
1260 struct exec_domain;
1261
1262 +/***** TOMOYO Linux start. *****/
1263 +struct domain_info;
1264 +extern struct domain_info KERNEL_DOMAIN;
1265 +/***** TOMOYO Linux end. *****/
1266 +
1267 /*
1268 * cloning flags:
1269 */
1270 @@ -417,6 +422,10 @@ struct task_struct {
1271 void *journal_info;
1272
1273 struct list_head *scm_work_list;
1274 + /***** TOMOYO Linux start. *****/
1275 + struct domain_info *domain_info;
1276 + u32 tomoyo_flags;
1277 + /***** TOMOYO Linux end. *****/
1278 };
1279
1280 /*
1281 @@ -512,6 +521,10 @@ extern struct exec_domain default_exec_d
1282 blocked: {{0}}, \
1283 alloc_lock: SPIN_LOCK_UNLOCKED, \
1284 journal_info: NULL, \
1285 + /***** TOMOYO Linux start. *****/ \
1286 + domain_info: &KERNEL_DOMAIN, \
1287 + tomoyo_flags: 0 \
1288 + /***** TOMOYO Linux end. *****/ \
1289 }
1290
1291
1292 --- linux-2.4.37.orig/kernel/kmod.c
1293 +++ linux-2.4.37/kernel/kmod.c
1294 @@ -134,6 +134,11 @@ int exec_usermodehelper(char *program_pa
1295 /* Allow execve args to be in kernel space. */
1296 set_fs(KERNEL_DS);
1297
1298 + /***** TOMOYO Linux start. *****/
1299 + current->domain_info = &KERNEL_DOMAIN;
1300 + current->tomoyo_flags = 0;
1301 + /***** TOMOYO Linux end. *****/
1302 +
1303 /* Go, go, go... */
1304 if (execve(program_path, argv, envp) < 0)
1305 return -errno;
1306 --- linux-2.4.37.orig/kernel/module.c
1307 +++ linux-2.4.37/kernel/module.c
1308 @@ -10,6 +10,9 @@
1309 #include <linux/slab.h>
1310 #include <linux/kmod.h>
1311 #include <linux/seq_file.h>
1312 +/***** TOMOYO Linux start. *****/
1313 +#include <linux/tomoyo.h>
1314 +/***** TOMOYO Linux end. *****/
1315
1316 /*
1317 * Originally by Anonymous (as far as I know...)
1318 @@ -298,6 +301,10 @@ sys_create_module(const char *name_user,
1319
1320 if (!capable(CAP_SYS_MODULE))
1321 return -EPERM;
1322 + /***** TOMOYO Linux start. *****/
1323 + if (!ccs_capable(TOMOYO_USE_KERNEL_MODULE))
1324 + return -EPERM;
1325 + /***** TOMOYO Linux end. *****/
1326 lock_kernel();
1327 if ((namelen = get_mod_name(name_user, &name)) < 0) {
1328 error = namelen;
1329 @@ -353,6 +360,10 @@ sys_init_module(const char *name_user, s
1330
1331 if (!capable(CAP_SYS_MODULE))
1332 return -EPERM;
1333 + /***** TOMOYO Linux start. *****/
1334 + if (!ccs_capable(TOMOYO_USE_KERNEL_MODULE))
1335 + return -EPERM;
1336 + /***** TOMOYO Linux end. *****/
1337 lock_kernel();
1338 if ((namelen = get_mod_name(name_user, &name)) < 0) {
1339 error = namelen;
1340 @@ -614,6 +625,10 @@ sys_delete_module(const char *name_user)
1341
1342 if (!capable(CAP_SYS_MODULE))
1343 return -EPERM;
1344 + /***** TOMOYO Linux start. *****/
1345 + if (!ccs_capable(TOMOYO_USE_KERNEL_MODULE))
1346 + return -EPERM;
1347 + /***** TOMOYO Linux end. *****/
1348
1349 lock_kernel();
1350 if (name_user) {
1351 --- linux-2.4.37.orig/kernel/sched.c
1352 +++ linux-2.4.37/kernel/sched.c
1353 @@ -32,6 +32,9 @@
1354
1355 #include <asm/uaccess.h>
1356 #include <asm/mmu_context.h>
1357 +/***** TOMOYO Linux start. *****/
1358 +#include <linux/tomoyo.h>
1359 +/***** TOMOYO Linux end. *****/
1360
1361 extern void timer_bh(void);
1362 extern void tqueue_bh(void);
1363 @@ -899,6 +902,10 @@ void set_cpus_allowed(struct task_struct
1364 asmlinkage long sys_nice(int increment)
1365 {
1366 long newprio;
1367 + /***** TOMOYO Linux start. *****/
1368 + if (!ccs_capable(TOMOYO_SYS_NICE))
1369 + return -EPERM;
1370 + /***** TOMOYO Linux end. *****/
1371
1372 /*
1373 * Setpriority might change our priority at the same moment.
1374 --- linux-2.4.37.orig/kernel/signal.c
1375 +++ linux-2.4.37/kernel/signal.c
1376 @@ -15,6 +15,9 @@
1377 #include <linux/sched.h>
1378
1379 #include <asm/uaccess.h>
1380 +/***** TOMOYO Linux start. *****/
1381 +#include <linux/tomoyo.h>
1382 +/***** TOMOYO Linux end. *****/
1383
1384 /*
1385 * SLAB caches for signal bits.
1386 @@ -1025,6 +1028,12 @@ asmlinkage long
1387 sys_kill(int pid, int sig)
1388 {
1389 struct siginfo info;
1390 + /***** TOMOYO Linux start. *****/
1391 + if (sig && !ccs_capable(TOMOYO_SYS_KILL))
1392 + return -EPERM;
1393 + if (sig && ccs_check_signal_acl(sig, pid))
1394 + return -EPERM;
1395 + /***** TOMOYO Linux end. *****/
1396
1397 info.si_signo = sig;
1398 info.si_errno = 0;
1399 @@ -1049,6 +1058,12 @@ sys_tkill(int pid, int sig)
1400 if (pid <= 0)
1401 return -EINVAL;
1402
1403 + /***** TOMOYO Linux start. *****/
1404 + if (sig && !ccs_capable(TOMOYO_SYS_KILL))
1405 + return -EPERM;
1406 + if (sig && ccs_check_signal_acl(sig, pid))
1407 + return -EPERM;
1408 + /***** TOMOYO Linux end. *****/
1409 info.si_signo = sig;
1410 info.si_errno = 0;
1411 info.si_code = SI_TKILL;
1412 --- linux-2.4.37.orig/kernel/sys.c
1413 +++ linux-2.4.37/kernel/sys.c
1414 @@ -17,6 +17,9 @@
1415
1416 #include <asm/uaccess.h>
1417 #include <asm/io.h>
1418 +/***** TOMOYO Linux start. *****/
1419 +#include <linux/tomoyo.h>
1420 +/***** TOMOYO Linux end. *****/
1421
1422 #ifndef SET_UNALIGN_CTL
1423 # define SET_UNALIGN_CTL(a,b) (-EINVAL)
1424 @@ -220,6 +223,10 @@ asmlinkage long sys_setpriority(int whic
1425
1426 if (which > 2 || which < 0)
1427 return -EINVAL;
1428 + /***** TOMOYO Linux start. *****/
1429 + if (!ccs_capable(TOMOYO_SYS_NICE))
1430 + return -EPERM;
1431 + /***** TOMOYO Linux end. *****/
1432
1433 /* normalize: avoid signed division (rounding problems) */
1434 error = -ESRCH;
1435 @@ -299,6 +306,10 @@ asmlinkage long sys_reboot(int magic1, i
1436 (magic2 != LINUX_REBOOT_MAGIC2 && magic2 != LINUX_REBOOT_MAGIC2A &&
1437 magic2 != LINUX_REBOOT_MAGIC2B))
1438 return -EINVAL;
1439 + /***** TOMOYO Linux start. *****/
1440 + if (!ccs_capable(TOMOYO_SYS_REBOOT))
1441 + return -EPERM;
1442 + /***** TOMOYO Linux end. *****/
1443
1444 lock_kernel();
1445 switch (cmd) {
1446 @@ -1042,6 +1053,10 @@ asmlinkage long sys_sethostname(char *na
1447 return -EPERM;
1448 if (len < 0 || len > __NEW_UTS_LEN)
1449 return -EINVAL;
1450 + /***** TOMOYO Linux start. *****/
1451 + if (!ccs_capable(TOMOYO_SYS_SETHOSTNAME))
1452 + return -EPERM;
1453 + /***** TOMOYO Linux end. *****/
1454 down_write(&uts_sem);
1455 errno = -EFAULT;
1456 if (!copy_from_user(tmp, name, len)) {
1457 @@ -1083,6 +1098,10 @@ asmlinkage long sys_setdomainname(char *
1458 return -EPERM;
1459 if (len < 0 || len > __NEW_UTS_LEN)
1460 return -EINVAL;
1461 + /***** TOMOYO Linux start. *****/
1462 + if (!ccs_capable(TOMOYO_SYS_SETHOSTNAME))
1463 + return -EPERM;
1464 + /***** TOMOYO Linux end. *****/
1465
1466 down_write(&uts_sem);
1467 errno = -EFAULT;
1468 --- linux-2.4.37.orig/kernel/sysctl.c
1469 +++ linux-2.4.37/kernel/sysctl.c
1470 @@ -33,6 +33,9 @@
1471 #include <linux/swap.h>
1472
1473 #include <asm/uaccess.h>
1474 +/***** TOMOYO Linux start. *****/
1475 +#include <linux/tomoyo.h>
1476 +/***** TOMOYO Linux end. *****/
1477
1478 #ifdef CONFIG_ROOT_NFS
1479 #include <linux/nfs_fs.h>
1480 @@ -411,6 +414,100 @@ void __init sysctl_init(void)
1481 #endif
1482 }
1483
1484 +/***** TOMOYO Linux start. *****/
1485 +static int try_parse_table(int __user *name, int nlen, void __user *oldval,
1486 + void __user *newval, ctl_table *table)
1487 +{
1488 + int n;
1489 + int error = -ENOMEM;
1490 + int op = 0;
1491 + char *buffer = kmalloc(PAGE_SIZE, GFP_KERNEL);
1492 + if (oldval)
1493 + op |= 004;
1494 + if (newval)
1495 + op |= 002;
1496 + if (!op) { /* Neither read nor write */
1497 + error = 0;
1498 + goto out;
1499 + }
1500 + if (!buffer)
1501 + goto out;
1502 + memset(buffer, 0, PAGE_SIZE);
1503 + snprintf(buffer, PAGE_SIZE - 1, "/proc/sys");
1504 + repeat:
1505 + if (!nlen) {
1506 + error = -ENOTDIR;
1507 + goto out;
1508 + }
1509 + if (get_user(n, name)) {
1510 + error = -EFAULT;
1511 + goto out;
1512 + }
1513 + for ( ; table->ctl_name; table++) {
1514 + if (n == table->ctl_name || table->ctl_name == CTL_ANY) {
1515 + int pos = strlen(buffer);
1516 + const char *cp = table->procname;
1517 + error = -ENOMEM;
1518 + if (cp) {
1519 + if (pos + 1 >= PAGE_SIZE - 1)
1520 + goto out;
1521 + buffer[pos++] = '/';
1522 + while (*cp) {
1523 + const unsigned char c
1524 + = *(const unsigned char *) cp;
1525 + if (c == '\\') {
1526 + if (pos + 2 >= PAGE_SIZE - 1)
1527 + goto out;
1528 + buffer[pos++] = '\\';
1529 + buffer[pos++] = '\\';
1530 + } else if (c > ' ' && c < 127) {
1531 + if (pos + 1 >= PAGE_SIZE - 1)
1532 + goto out;
1533 + buffer[pos++] = c;
1534 + } else {
1535 + if (pos + 4 >= PAGE_SIZE - 1)
1536 + goto out;
1537 + buffer[pos++] = '\\';
1538 + buffer[pos++] = (c >> 6) + '0';
1539 + buffer[pos++] = ((c >> 3) & 7)
1540 + + '0';
1541 + buffer[pos++] = (c & 7) + '0';
1542 + }
1543 + cp++;
1544 + }
1545 + } else {
1546 + /* Assume nobody assigns "=\$=" for procname. */
1547 + snprintf(buffer + pos, PAGE_SIZE - pos - 1,
1548 + "/=%d=", table->ctl_name);
1549 + if (!memchr(buffer, '\0', PAGE_SIZE - 2))
1550 + goto out;
1551 + }
1552 + if (table->child) {
1553 + if (table->strategy) {
1554 + /* printk("sysctl='%s'\n", buffer); */
1555 + if (ccs_check_file_perm(buffer, op,
1556 + "sysctl")) {
1557 + error = -EPERM;
1558 + goto out;
1559 + }
1560 + }
1561 + name++;
1562 + nlen--;
1563 + table = table->child;
1564 + goto repeat;
1565 + }
1566 + /* printk("sysctl='%s'\n", buffer); */
1567 + error = ccs_check_file_perm(buffer, op, "sysctl");
1568 + goto out;
1569 + }
1570 + }
1571 + error = -ENOTDIR;
1572 + out:
1573 + kfree(buffer);
1574 + return error;
1575 +}
1576 +/***** TOMOYO Linux end. *****/
1577 +
1578 int do_sysctl(int *name, int nlen, void *oldval, size_t *oldlenp,
1579 void *newval, size_t newlen)
1580 {
1581 @@ -439,6 +536,11 @@ int do_sysctl(int *name, int nlen, void
1582
1583 spin_unlock(&sysctl_lock);
1584
1585 + /***** TOMOYO Linux start. *****/
1586 + error = try_parse_table(name, nlen, oldval, newval,
1587 + head->ctl_table);
1588 + if (!error)
1589 + /***** TOMOYO Linux end. *****/
1590 error = parse_table(name, nlen, oldval, oldlenp,
1591 newval, newlen, head->ctl_table,
1592 &context);
1593 @@ -508,6 +610,15 @@ repeat:
1594 if (ctl_perm(table, 001))
1595 return -EPERM;
1596 if (table->strategy) {
1597 + /***** TOMOYO Linux start. *****/
1598 + int op = 0;
1599 + if (oldval)
1600 + op |= 004;
1601 + if (newval)
1602 + op |= 002;
1603 + if (ctl_perm(table, op))
1604 + return -EPERM;
1605 + /***** TOMOYO Linux end. *****/
1606 error = table->strategy(
1607 table, name, nlen,
1608 oldval, oldlenp,
1609 @@ -1456,7 +1567,7 @@ int sysctl_string(ctl_table *table, int
1610 len--;
1611 ((char *) table->data)[len] = 0;
1612 }
1613 - return 0;
1614 + return 1;
1615 }
1616
1617 /*
1618 --- linux-2.4.37.orig/kernel/time.c
1619 +++ linux-2.4.37/kernel/time.c
1620 @@ -29,6 +29,9 @@
1621 #include <linux/smp_lock.h>
1622
1623 #include <asm/uaccess.h>
1624 +/***** TOMOYO Linux start. *****/
1625 +#include <linux/tomoyo.h>
1626 +/***** TOMOYO Linux end. *****/
1627
1628 /*
1629 * The timezone where the local system is located. Used as a default by some
1630 @@ -77,6 +80,10 @@ asmlinkage long sys_stime(int * tptr)
1631
1632 if (!capable(CAP_SYS_TIME))
1633 return -EPERM;
1634 + /***** TOMOYO Linux start. *****/
1635 + if (!ccs_capable(TOMOYO_SYS_SETTIME))
1636 + return -EPERM;
1637 + /***** TOMOYO Linux end. *****/
1638 if (get_user(value, tptr))
1639 return -EFAULT;
1640 write_lock_irq(&xtime_lock);
1641 @@ -151,6 +158,10 @@ int do_sys_settimeofday(struct timeval *
1642
1643 if (!capable(CAP_SYS_TIME))
1644 return -EPERM;
1645 + /***** TOMOYO Linux start. *****/
1646 + if (!ccs_capable(TOMOYO_SYS_SETTIME))
1647 + return -EPERM;
1648 + /***** TOMOYO Linux end. *****/
1649
1650 if (tz) {
1651 /* SMP safe, global irq locking makes it work. */
1652 @@ -217,6 +228,10 @@ int do_adjtimex(struct timex *txc)
1653 /* In order to modify anything, you gotta be super-user! */
1654 if (txc->modes && !capable(CAP_SYS_TIME))
1655 return -EPERM;
1656 + /***** TOMOYO Linux start. *****/
1657 + if (txc->modes && !ccs_capable(TOMOYO_SYS_SETTIME))
1658 + return -EPERM;
1659 + /***** TOMOYO Linux end. *****/
1660
1661 /* Now we validate the data before disabling interrupts */
1662
1663 --- linux-2.4.37.orig/net/core/datagram.c
1664 +++ linux-2.4.37/net/core/datagram.c
1665 @@ -43,6 +43,10 @@
1666 #include <net/sock.h>
1667 #include <net/checksum.h>
1668
1669 +/***** TOMOYO Linux start. *****/
1670 +#include <linux/tomoyo.h>
1671 +#include <linux/tomoyo_socket.h>
1672 +/***** TOMOYO Linux end. *****/
1673
1674 /*
1675 * Is a socket 'connection oriented' ?
1676 @@ -164,6 +168,12 @@ struct sk_buff *skb_recv_datagram(struct
1677 } else
1678 skb = skb_dequeue(&sk->receive_queue);
1679
1680 + /***** TOMOYO Linux start. *****/
1681 + error = ccs_socket_recv_datagram_permission(sk, skb, flags);
1682 + if (error)
1683 + goto no_packet;
1684 + /***** TOMOYO Linux end. *****/
1685 +
1686 if (skb)
1687 return skb;
1688
1689 --- linux-2.4.37.orig/net/ipv4/tcp_ipv4.c
1690 +++ linux-2.4.37/net/ipv4/tcp_ipv4.c
1691 @@ -67,6 +67,9 @@
1692 #include <linux/inet.h>
1693 #include <linux/stddef.h>
1694 #include <linux/ipsec.h>
1695 +/***** SAKURA Linux start. *****/
1696 +#include <linux/sakura.h>
1697 +/***** SAKURA Linux end. *****/
1698
1699 extern int sysctl_ip_dynaddr;
1700 extern int sysctl_ip_default_ttl;
1701 @@ -228,6 +231,10 @@ static int tcp_v4_get_port(struct sock *
1702 rover = low;
1703 head = &tcp_bhash[tcp_bhashfn(rover)];
1704 spin_lock(&head->lock);
1705 + /***** SAKURA Linux start. *****/
1706 + if (ccs_may_autobind(rover))
1707 + goto next;
1708 + /***** SAKURA Linux end. *****/
1709 for (tb = head->chain; tb; tb = tb->next)
1710 if (tb->port == rover)
1711 goto next;
1712 @@ -688,6 +695,10 @@ static int tcp_v4_hash_connect(struct so
1713 rover = low;
1714 head = &tcp_bhash[tcp_bhashfn(rover)];
1715 spin_lock(&head->lock);
1716 + /***** SAKURA Linux start. *****/
1717 + if (ccs_may_autobind(rover))
1718 + goto next_port;
1719 + /***** SAKURA Linux end. *****/
1720
1721 /* Does not bother with rcv_saddr checks,
1722 * because the established check is already
1723 --- linux-2.4.37.orig/net/ipv4/udp.c
1724 +++ linux-2.4.37/net/ipv4/udp.c
1725 @@ -97,6 +97,9 @@
1726 #include <net/route.h>
1727 #include <net/inet_common.h>
1728 #include <net/checksum.h>
1729 +/***** SAKURA Linux start. *****/
1730 +#include <linux/sakura.h>
1731 +/***** SAKURA Linux end. *****/
1732
1733 /*
1734 * Snmp MIB for the UDP layer
1735 @@ -131,6 +134,10 @@ static int udp_v4_get_port(struct sock *
1736 result = sysctl_local_port_range[0] +
1737 ((result - sysctl_local_port_range[0]) &
1738 (UDP_HTABLE_SIZE - 1));
1739 + /***** SAKURA Linux start. *****/
1740 + if (ccs_may_autobind(result))
1741 + continue;
1742 + /***** SAKURA Linux end. *****/
1743 goto gotit;
1744 }
1745 size = 0;
1746 @@ -148,6 +155,10 @@ static int udp_v4_get_port(struct sock *
1747 result = sysctl_local_port_range[0]
1748 + ((result - sysctl_local_port_range[0]) &
1749 (UDP_HTABLE_SIZE - 1));
1750 + /***** SAKURA Linux start. *****/
1751 + if (ccs_may_autobind(result))
1752 + continue;
1753 + /***** SAKURA Linux end. *****/
1754 if (!udp_lport_inuse(result))
1755 break;
1756 }
1757 --- linux-2.4.37.orig/net/ipv6/tcp_ipv6.c
1758 +++ linux-2.4.37/net/ipv6/tcp_ipv6.c
1759 @@ -52,6 +52,9 @@
1760 #include <net/inet_ecn.h>
1761
1762 #include <asm/uaccess.h>
1763 +/***** SAKURA Linux start. *****/
1764 +#include <linux/sakura.h>
1765 +/***** SAKURA Linux end. *****/
1766
1767 static void tcp_v6_send_reset(struct sk_buff *skb);
1768 static void tcp_v6_or_send_ack(struct sk_buff *skb, struct open_request *req);
1769 @@ -110,6 +113,10 @@ static int tcp_v6_get_port(struct sock *
1770 rover = low;
1771 head = &tcp_bhash[tcp_bhashfn(rover)];
1772 spin_lock(&head->lock);
1773 + /***** SAKURA Linux start. *****/
1774 + if (ccs_may_autobind(rover))
1775 + goto next;
1776 + /***** SAKURA Linux end. *****/
1777 for (tb = head->chain; tb; tb = tb->next)
1778 if (tb->port == rover)
1779 goto next;
1780 --- linux-2.4.37.orig/net/ipv6/udp.c
1781 +++ linux-2.4.37/net/ipv6/udp.c
1782 @@ -50,6 +50,9 @@
1783 #include <net/inet_common.h>
1784
1785 #include <net/checksum.h>
1786 +/***** SAKURA Linux start. *****/
1787 +#include <linux/sakura.h>
1788 +/***** SAKURA Linux end. *****/
1789
1790 struct udp_mib udp_stats_in6[NR_CPUS*2];
1791
1792 @@ -77,6 +80,10 @@ static int udp_v6_get_port(struct sock *
1793 result = sysctl_local_port_range[0] +
1794 ((result - sysctl_local_port_range[0]) &
1795 (UDP_HTABLE_SIZE - 1));
1796 + /***** SAKURA Linux start. *****/
1797 + if (ccs_may_autobind(result))
1798 + continue;
1799 + /***** SAKURA Linux end. *****/
1800 goto gotit;
1801 }
1802 size = 0;
1803 @@ -94,6 +101,10 @@ static int udp_v6_get_port(struct sock *
1804 result = sysctl_local_port_range[0]
1805 + ((result - sysctl_local_port_range[0]) &
1806 (UDP_HTABLE_SIZE - 1));
1807 + /***** SAKURA Linux start. *****/
1808 + if (ccs_may_autobind(result))
1809 + continue;
1810 + /***** SAKURA Linux end. *****/
1811 if (!udp_lport_inuse(result))
1812 break;
1813 }
1814 --- linux-2.4.37.orig/net/socket.c
1815 +++ linux-2.4.37/net/socket.c
1816 @@ -84,6 +84,10 @@
1817 #include <net/sock.h>
1818 #include <net/scm.h>
1819 #include <linux/netfilter.h>
1820 +/***** TOMOYO Linux start. *****/
1821 +#include <linux/tomoyo.h>
1822 +#include <linux/tomoyo_socket.h>
1823 +/***** TOMOYO Linux end. *****/
1824
1825 static int sock_no_open(struct inode *irrelevant, struct file *dontcare);
1826 static ssize_t sock_read(struct file *file, char *buf,
1827 @@ -501,7 +505,12 @@ int sock_sendmsg(struct socket *sock, st
1828 {
1829 int err;
1830 struct scm_cookie scm;
1831 -
1832 + /***** TOMOYO Linux start. *****/
1833 + err = ccs_socket_sendmsg_permission(sock,
1834 + (struct sockaddr *) msg->msg_name,
1835 + msg->msg_namelen);
1836 + if (!err)
1837 + /***** TOMOYO Linux end. *****/
1838 err = scm_send(sock, msg, &scm);
1839 if (err >= 0) {
1840 err = sock->ops->sendmsg(sock, msg, size, &scm);
1841 @@ -847,7 +856,11 @@ int sock_create(int family, int type, in
1842 }
1843 family = PF_PACKET;
1844 }
1845 -
1846 + /***** TOMOYO Linux start. *****/
1847 + i = ccs_socket_create_permission(family, type, protocol);
1848 + if (i)
1849 + return i;
1850 + /***** TOMOYO Linux end. *****/
1851 #if defined(CONFIG_KMOD) && defined(CONFIG_NET)
1852 /* Attempt to load a protocol module if the find failed.
1853 *
1854 @@ -1003,6 +1016,12 @@ asmlinkage long sys_bind(int fd, struct
1855 if((sock = sockfd_lookup(fd,&err))!=NULL)
1856 {
1857 if((err=move_addr_to_kernel(umyaddr,addrlen,address))>=0)
1858 + /***** TOMOYO Linux start. *****/
1859 + err = ccs_socket_bind_permission(sock,
1860 + (struct sockaddr *)
1861 + address, addrlen);
1862 + if (!err)
1863 + /***** TOMOYO Linux end. *****/
1864 err = sock->ops->bind(sock, (struct sockaddr *)address, addrlen);
1865 sockfd_put(sock);
1866 }
1867 @@ -1026,6 +1045,10 @@ asmlinkage long sys_listen(int fd, int b
1868 if ((sock = sockfd_lookup(fd, &err)) != NULL) {
1869 if ((unsigned) backlog > sysctl_somaxconn)
1870 backlog = sysctl_somaxconn;
1871 + /***** TOMOYO Linux start. *****/
1872 + err = ccs_socket_listen_permission(sock);
1873 + if (!err)
1874 + /***** TOMOYO Linux end. *****/
1875 err=sock->ops->listen(sock, backlog);
1876 sockfd_put(sock);
1877 }
1878 @@ -1066,6 +1089,13 @@ asmlinkage long sys_accept(int fd, struc
1879 if (err < 0)
1880 goto out_release;
1881
1882 + /***** TOMOYO Linux start. *****/
1883 + if (ccs_socket_accept_permission(newsock,
1884 + (struct sockaddr *) address)) {
1885 + err = -ECONNABORTED; /* Hope less harmful than -EPERM. */
1886 + goto out_release;
1887 + }
1888 + /***** TOMOYO Linux end. *****/
1889 if (upeer_sockaddr) {
1890 if(newsock->ops->getname(newsock, (struct sockaddr *)address, &len, 2)<0) {
1891 err = -ECONNABORTED;
1892 @@ -1116,6 +1146,12 @@ asmlinkage long sys_connect(int fd, stru
1893 err = move_addr_to_kernel(uservaddr, addrlen, address);
1894 if (err < 0)
1895 goto out_put;
1896 + /***** TOMOYO Linux start. *****/
1897 + err = ccs_socket_connect_permission(sock, (struct sockaddr *) address,
1898 + addrlen);
1899 + if (err)
1900 + goto out_put;
1901 + /***** TOMOYO Linux end. *****/
1902 err = sock->ops->connect(sock, (struct sockaddr *) address, addrlen,
1903 sock->file->f_flags);
1904 out_put:
1905 --- linux-2.4.37.orig/net/unix/af_unix.c
1906 +++ linux-2.4.37/net/unix/af_unix.c
1907 @@ -111,6 +111,9 @@
1908 #include <linux/rtnetlink.h>
1909
1910 #include <asm/checksum.h>
1911 +/***** TOMOYO Linux start. *****/
1912 +#include <linux/tomoyo.h>
1913 +/***** TOMOYO Linux end. *****/
1914
1915 int sysctl_unix_max_dgram_qlen = 10;
1916
1917 @@ -645,6 +648,11 @@ static int unix_bind(struct socket *sock
1918 err = unix_autobind(sock);
1919 goto out;
1920 }
1921 + /***** TOMOYO Linux start. *****/
1922 + err = -EPERM;
1923 + if (sunaddr->sun_path[0] && !ccs_capable(TOMOYO_CREATE_UNIX_SOCKET))
1924 + goto out;
1925 + /***** TOMOYO Linux end. *****/
1926
1927 err = unix_mkname(sunaddr, addr_len, &hash);
1928 if (err < 0)
1929 @@ -709,6 +717,13 @@ static int unix_bind(struct socket *sock
1930 * All right, let's create it.
1931 */
1932 mode = S_IFSOCK | (sock->inode->i_mode & ~current->fs->umask);
1933 + /***** TOMOYO Linux start. *****/
1934 + err = pre_vfs_mknod(nd.dentry->d_inode, dentry);
1935 + if (!err)
1936 + err = ccs_check_1path_perm(TYPE_MKSOCK_ACL, dentry,
1937 + nd.mnt);
1938 + if (!err)
1939 + /***** TOMOYO Linux end. *****/
1940 err = vfs_mknod(nd.dentry->d_inode, dentry, mode, 0);
1941 if (err)
1942 goto out_mknod_dput;
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
サイト情報
ソフトウェアを探す
ソフトウェアを作る
コミュニティ
ヘルプ