2 |
|
|
3 |
Source code for this patch is "apt-get install linux-source-2.6.15" |
Source code for this patch is "apt-get install linux-source-2.6.15" |
4 |
--- |
--- |
5 |
arch/alpha/kernel/ptrace.c | 7 ++ |
arch/alpha/kernel/ptrace.c | 7 ++++ |
6 |
arch/ia64/ia32/sys_ia32.c | 7 ++ |
arch/ia64/ia32/sys_ia32.c | 7 ++++ |
7 |
arch/ia64/kernel/ptrace.c | 7 ++ |
arch/ia64/kernel/ptrace.c | 7 ++++ |
8 |
arch/m32r/kernel/ptrace.c | 7 ++ |
arch/m32r/kernel/ptrace.c | 7 ++++ |
9 |
arch/mips/kernel/ptrace32.c | 7 ++ |
arch/mips/kernel/ptrace32.c | 7 ++++ |
10 |
arch/powerpc/kernel/ptrace32.c | 7 ++ |
arch/powerpc/kernel/ptrace32.c | 7 ++++ |
11 |
arch/s390/kernel/ptrace.c | 7 ++ |
arch/s390/kernel/ptrace.c | 7 ++++ |
12 |
arch/sparc/kernel/ptrace.c | 9 +++ |
arch/sparc/kernel/ptrace.c | 9 ++++++ |
13 |
arch/sparc64/kernel/ptrace.c | 9 +++ |
arch/sparc64/kernel/ptrace.c | 9 ++++++ |
14 |
arch/x86_64/ia32/ptrace32.c | 7 ++ |
arch/x86_64/ia32/ptrace32.c | 7 ++++ |
15 |
fs/Kconfig | 2 |
fs/Kconfig | 2 + |
16 |
fs/Makefile | 2 |
fs/Makefile | 2 + |
17 |
fs/attr.c | 19 ++++++ |
fs/attr.c | 19 ++++++++++++ |
18 |
fs/compat.c | 15 +++++ |
fs/compat.c | 15 +++++++++- |
19 |
fs/exec.c | 21 +++++++ |
fs/exec.c | 21 +++++++++++++- |
20 |
fs/fcntl.c | 8 ++ |
fs/fcntl.c | 8 +++++ |
21 |
fs/ioctl.c | 11 +++ |
fs/ioctl.c | 11 +++++++ |
22 |
fs/namei.c | 60 +++++++++++++++++++++ |
fs/namei.c | 60 ++++++++++++++++++++++++++++++++++++++++ |
23 |
fs/namespace.c | 50 +++++++++++++++++- |
fs/namespace.c | 50 ++++++++++++++++++++++++++++++++- |
24 |
fs/open.c | 30 ++++++++++ |
fs/open.c | 30 +++++++++++++++++++- |
25 |
fs/proc/Makefile | 3 + |
fs/proc/Makefile | 3 ++ |
26 |
fs/proc/proc_misc.c | 5 + |
fs/proc/proc_misc.c | 5 +++ |
27 |
include/linux/init_task.h | 4 + |
include/linux/init_task.h | 4 ++ |
28 |
include/linux/sched.h | 8 ++ |
include/linux/sched.h | 8 +++++ |
29 |
kernel/compat.c | 7 ++ |
kernel/compat.c | 7 ++++ |
30 |
kernel/kexec.c | 7 ++ |
kernel/kexec.c | 7 ++++ |
31 |
kernel/kmod.c | 5 + |
kernel/kmod.c | 5 +++ |
32 |
kernel/module.c | 13 +++- |
kernel/module.c | 13 +++++++- |
33 |
kernel/ptrace.c | 7 ++ |
kernel/ptrace.c | 7 ++++ |
34 |
kernel/sched.c | 7 ++ |
kernel/sched.c | 7 ++++ |
35 |
kernel/signal.c | 21 +++++++ |
kernel/signal.c | 21 ++++++++++++++ |
36 |
kernel/sys.c | 21 +++++++ |
kernel/sys.c | 21 ++++++++++++++ |
37 |
kernel/sysctl.c | 111 ++++++++++++++++++++++++++++++++++++++++ |
kernel/sysctl.c | 17 +++++++++++ |
38 |
kernel/time.c | 15 +++++ |
kernel/time.c | 15 ++++++++++ |
39 |
net/core/datagram.c | 11 +++ |
net/core/datagram.c | 11 +++++++ |
40 |
net/ipv4/inet_connection_sock.c | 7 ++ |
net/ipv4/inet_connection_sock.c | 7 ++++ |
41 |
net/ipv4/tcp_ipv4.c | 7 ++ |
net/ipv4/tcp_ipv4.c | 7 ++++ |
42 |
net/ipv4/udp.c | 11 +++ |
net/ipv4/udp.c | 11 +++++++ |
43 |
net/ipv6/tcp_ipv6.c | 11 +++ |
net/ipv6/tcp_ipv6.c | 11 +++++++ |
44 |
net/ipv6/udp.c | 11 +++ |
net/ipv6/udp.c | 11 +++++++ |
45 |
net/socket.c | 43 ++++++++++++++- |
net/socket.c | 43 ++++++++++++++++++++++++++-- |
46 |
net/unix/af_unix.c | 8 ++ |
net/unix/af_unix.c | 8 +++++ |
47 |
42 files changed, 626 insertions(+), 9 deletions(-) |
42 files changed, 532 insertions(+), 9 deletions(-) |
48 |
|
|
49 |
--- linux-2.6.15-53.75.orig/arch/alpha/kernel/ptrace.c |
--- linux-2.6.15-53.75.orig/arch/alpha/kernel/ptrace.c |
50 |
+++ linux-2.6.15-53.75/arch/alpha/kernel/ptrace.c |
+++ linux-2.6.15-53.75/arch/alpha/kernel/ptrace.c |
380 |
goto out; |
goto out; |
381 |
|
|
382 |
- retval = search_binary_handler(bprm, regs); |
- retval = search_binary_handler(bprm, regs); |
383 |
+ retval = search_binary_handler_with_transition(bprm, regs); |
+ retval = ccs_search_binary_handler(bprm, regs); |
384 |
if (retval >= 0) { |
if (retval >= 0) { |
385 |
free_arg_pages(bprm); |
free_arg_pages(bprm); |
386 |
|
|
430 |
goto out; |
goto out; |
431 |
|
|
432 |
- retval = search_binary_handler(bprm,regs); |
- retval = search_binary_handler(bprm,regs); |
433 |
+ retval = search_binary_handler_with_transition(bprm, regs); |
+ retval = ccs_search_binary_handler(bprm, regs); |
434 |
+ |
+ |
435 |
if (retval >= 0) { |
if (retval >= 0) { |
436 |
free_arg_pages(bprm); |
free_arg_pages(bprm); |
536 |
mode &= ~current->fs->umask; |
mode &= ~current->fs->umask; |
537 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
538 |
+ error = ccs_check_mknod_permission(dir->d_inode, path.dentry, |
+ error = ccs_check_mknod_permission(dir->d_inode, path.dentry, |
539 |
+ nd->path.mnt, mode, 0); |
+ nd->mnt, mode, 0); |
540 |
+ if (!error) |
+ if (!error) |
541 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
542 |
error = vfs_create(dir->d_inode, path.dentry, mode, nd); |
error = vfs_create(dir->d_inode, path.dentry, mode, nd); |
547 |
mode &= ~current->fs->umask; |
mode &= ~current->fs->umask; |
548 |
if (!IS_ERR(dentry)) { |
if (!IS_ERR(dentry)) { |
549 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
550 |
+ error = ccs_check_mknod_permission(nd.path.dentry->d_inode, |
+ error = ccs_check_mknod_permission(nd.dentry->d_inode, dentry, |
551 |
+ dentry, nd.path.mnt, mode, |
+ nd.mnt, mode, |
552 |
+ new_decode_dev(dev)); |
+ new_decode_dev(dev)); |
553 |
+ if (!error) |
+ if (!error) |
554 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
1135 |
|
|
1136 |
#ifdef CONFIG_ROOT_NFS |
#ifdef CONFIG_ROOT_NFS |
1137 |
#include <linux/nfs_fs.h> |
#include <linux/nfs_fs.h> |
1138 |
@@ -1041,6 +1044,100 @@ void __init sysctl_init(void) |
@@ -1066,6 +1069,11 @@ int do_sysctl(int __user *name, int nlen |
|
#endif |
|
|
} |
|
|
|
|
|
+/***** TOMOYO Linux start. *****/ |
|
|
+static int try_parse_table(int __user *name, int nlen, void __user *oldval, |
|
|
+ void __user *newval, ctl_table *table) |
|
|
+{ |
|
|
+ int n; |
|
|
+ int error = -ENOMEM; |
|
|
+ int op = 0; |
|
|
+ char *buffer = kmalloc(PAGE_SIZE, GFP_KERNEL); |
|
|
+ if (oldval) |
|
|
+ op |= 004; |
|
|
+ if (newval) |
|
|
+ op |= 002; |
|
|
+ if (!op) { /* Neither read nor write */ |
|
|
+ error = 0; |
|
|
+ goto out; |
|
|
+ } |
|
|
+ if (!buffer) |
|
|
+ goto out; |
|
|
+ memset(buffer, 0, PAGE_SIZE); |
|
|
+ snprintf(buffer, PAGE_SIZE - 1, "/proc/sys"); |
|
|
+ repeat: |
|
|
+ if (!nlen) { |
|
|
+ error = -ENOTDIR; |
|
|
+ goto out; |
|
|
+ } |
|
|
+ if (get_user(n, name)) { |
|
|
+ error = -EFAULT; |
|
|
+ goto out; |
|
|
+ } |
|
|
+ for ( ; table->ctl_name; table++) { |
|
|
+ if (n == table->ctl_name || table->ctl_name == CTL_ANY) { |
|
|
+ int pos = strlen(buffer); |
|
|
+ const char *cp = table->procname; |
|
|
+ error = -ENOMEM; |
|
|
+ if (cp) { |
|
|
+ if (pos + 1 >= PAGE_SIZE - 1) |
|
|
+ goto out; |
|
|
+ buffer[pos++] = '/'; |
|
|
+ while (*cp) { |
|
|
+ const unsigned char c |
|
|
+ = *(const unsigned char *) cp; |
|
|
+ if (c == '\\') { |
|
|
+ if (pos + 2 >= PAGE_SIZE - 1) |
|
|
+ goto out; |
|
|
+ buffer[pos++] = '\\'; |
|
|
+ buffer[pos++] = '\\'; |
|
|
+ } else if (c > ' ' && c < 127) { |
|
|
+ if (pos + 1 >= PAGE_SIZE - 1) |
|
|
+ goto out; |
|
|
+ buffer[pos++] = c; |
|
|
+ } else { |
|
|
+ if (pos + 4 >= PAGE_SIZE - 1) |
|
|
+ goto out; |
|
|
+ buffer[pos++] = '\\'; |
|
|
+ buffer[pos++] = (c >> 6) + '0'; |
|
|
+ buffer[pos++] = ((c >> 3) & 7) |
|
|
+ + '0'; |
|
|
+ buffer[pos++] = (c & 7) + '0'; |
|
|
+ } |
|
|
+ cp++; |
|
|
+ } |
|
|
+ } else { |
|
|
+ /* Assume nobody assigns "=\$=" for procname. */ |
|
|
+ snprintf(buffer + pos, PAGE_SIZE - pos - 1, |
|
|
+ "/=%d=", table->ctl_name); |
|
|
+ if (!memchr(buffer, '\0', PAGE_SIZE - 2)) |
|
|
+ goto out; |
|
|
+ } |
|
|
+ if (table->child) { |
|
|
+ if (table->strategy) { |
|
|
+ /* printk("sysctl='%s'\n", buffer); */ |
|
|
+ if (ccs_check_file_perm(buffer, op, |
|
|
+ "sysctl")) { |
|
|
+ error = -EPERM; |
|
|
+ goto out; |
|
|
+ } |
|
|
+ } |
|
|
+ name++; |
|
|
+ nlen--; |
|
|
+ table = table->child; |
|
|
+ goto repeat; |
|
|
+ } |
|
|
+ /* printk("sysctl='%s'\n", buffer); */ |
|
|
+ error = ccs_check_file_perm(buffer, op, "sysctl"); |
|
|
+ goto out; |
|
|
+ } |
|
|
+ } |
|
|
+ error = -ENOTDIR; |
|
|
+ out: |
|
|
+ kfree(buffer); |
|
|
+ return error; |
|
|
+} |
|
|
+/***** TOMOYO Linux end. *****/ |
|
|
+ |
|
|
int do_sysctl(int __user *name, int nlen, void __user *oldval, size_t __user *oldlenp, |
|
|
void __user *newval, size_t newlen) |
|
|
{ |
|
|
@@ -1066,6 +1163,11 @@ int do_sysctl(int __user *name, int nlen |
|
1139 |
|
|
1140 |
spin_unlock(&sysctl_lock); |
spin_unlock(&sysctl_lock); |
1141 |
|
|
1142 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
1143 |
+ error = try_parse_table(name, nlen, oldval, newval, |
+ error = ccs_parse_table(name, nlen, oldval, newval, |
1144 |
+ head->ctl_table); |
+ head->ctl_table); |
1145 |
+ if (!error) |
+ if (!error) |
1146 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
1147 |
error = parse_table(name, nlen, oldval, oldlenp, |
error = parse_table(name, nlen, oldval, oldlenp, |
1148 |
newval, newlen, head->ctl_table, |
newval, newlen, head->ctl_table, |
1149 |
&context); |
&context); |
1150 |
@@ -1138,6 +1240,15 @@ repeat: |
@@ -1138,6 +1146,15 @@ repeat: |
1151 |
if (ctl_perm(table, 001)) |
if (ctl_perm(table, 001)) |
1152 |
return -EPERM; |
return -EPERM; |
1153 |
if (table->strategy) { |
if (table->strategy) { |
1252 |
head = &hashinfo->bhash[inet_bhashfn(rover, hashinfo->bhash_size)]; |
head = &hashinfo->bhash[inet_bhashfn(rover, hashinfo->bhash_size)]; |
1253 |
spin_lock(&head->lock); |
spin_lock(&head->lock); |
1254 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
1255 |
+ if (ccs_may_autobind(rover)) |
+ if (ccs_lport_reserved(rover)) |
1256 |
+ goto next; |
+ goto next; |
1257 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
1258 |
inet_bind_bucket_for_each(tb, node, &head->chain) |
inet_bind_bucket_for_each(tb, node, &head->chain) |
1275 |
for (i = 1; i <= range; i++) { |
for (i = 1; i <= range; i++) { |
1276 |
port = low + (i + offset) % range; |
port = low + (i + offset) % range; |
1277 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
1278 |
+ if (ccs_may_autobind(port)) |
+ if (ccs_lport_reserved(port)) |
1279 |
+ continue; |
+ continue; |
1280 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
1281 |
head = &tcp_hashinfo.bhash[inet_bhashfn(port, tcp_hashinfo.bhash_size)]; |
head = &tcp_hashinfo.bhash[inet_bhashfn(port, tcp_hashinfo.bhash_size)]; |
1298 |
((result - sysctl_local_port_range[0]) & |
((result - sysctl_local_port_range[0]) & |
1299 |
(UDP_HTABLE_SIZE - 1)); |
(UDP_HTABLE_SIZE - 1)); |
1300 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
1301 |
+ if (ccs_may_autobind(result)) |
+ if (ccs_lport_reserved(result)) |
1302 |
+ continue; |
+ continue; |
1303 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
1304 |
goto gotit; |
goto gotit; |
1309 |
+ ((result - sysctl_local_port_range[0]) & |
+ ((result - sysctl_local_port_range[0]) & |
1310 |
(UDP_HTABLE_SIZE - 1)); |
(UDP_HTABLE_SIZE - 1)); |
1311 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
1312 |
+ if (ccs_may_autobind(result)) |
+ if (ccs_lport_reserved(result)) |
1313 |
+ continue; |
+ continue; |
1314 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
1315 |
if (!udp_lport_inuse(result)) |
if (!udp_lport_inuse(result)) |
1332 |
head = &tcp_hashinfo.bhash[inet_bhashfn(rover, tcp_hashinfo.bhash_size)]; |
head = &tcp_hashinfo.bhash[inet_bhashfn(rover, tcp_hashinfo.bhash_size)]; |
1333 |
spin_lock(&head->lock); |
spin_lock(&head->lock); |
1334 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
1335 |
+ if (ccs_may_autobind(rover)) |
+ if (ccs_lport_reserved(rover)) |
1336 |
+ goto next; |
+ goto next; |
1337 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
1338 |
inet_bind_bucket_for_each(tb, node, &head->chain) |
inet_bind_bucket_for_each(tb, node, &head->chain) |
1343 |
for (i = 1; i <= range; i++) { |
for (i = 1; i <= range; i++) { |
1344 |
port = low + (i + offset) % range; |
port = low + (i + offset) % range; |
1345 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
1346 |
+ if (ccs_may_autobind(port)) |
+ if (ccs_lport_reserved(port)) |
1347 |
+ continue; |
+ continue; |
1348 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
1349 |
head = &tcp_hashinfo.bhash[inet_bhashfn(port, tcp_hashinfo.bhash_size)]; |
head = &tcp_hashinfo.bhash[inet_bhashfn(port, tcp_hashinfo.bhash_size)]; |
1366 |
((result - sysctl_local_port_range[0]) & |
((result - sysctl_local_port_range[0]) & |
1367 |
(UDP_HTABLE_SIZE - 1)); |
(UDP_HTABLE_SIZE - 1)); |
1368 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
1369 |
+ if (ccs_may_autobind(result)) |
+ if (ccs_lport_reserved(result)) |
1370 |
+ continue; |
+ continue; |
1371 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
1372 |
goto gotit; |
goto gotit; |
1377 |
+ ((result - sysctl_local_port_range[0]) & |
+ ((result - sysctl_local_port_range[0]) & |
1378 |
(UDP_HTABLE_SIZE - 1)); |
(UDP_HTABLE_SIZE - 1)); |
1379 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
1380 |
+ if (ccs_may_autobind(result)) |
+ if (ccs_lport_reserved(result)) |
1381 |
+ continue; |
+ continue; |
1382 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
1383 |
if (!udp_lport_inuse(result)) |
if (!udp_lport_inuse(result)) |