| 2 |
|
|
| 3 |
Source code for this patch is "apt-get install linux-source-2.6.15" |
Source code for this patch is "apt-get install linux-source-2.6.15" |
| 4 |
--- |
--- |
| 5 |
arch/alpha/kernel/ptrace.c | 7 ++ |
arch/alpha/kernel/ptrace.c | 7 ++++ |
| 6 |
arch/ia64/ia32/sys_ia32.c | 7 ++ |
arch/ia64/ia32/sys_ia32.c | 7 ++++ |
| 7 |
arch/ia64/kernel/ptrace.c | 7 ++ |
arch/ia64/kernel/ptrace.c | 7 ++++ |
| 8 |
arch/m32r/kernel/ptrace.c | 7 ++ |
arch/m32r/kernel/ptrace.c | 7 ++++ |
| 9 |
arch/mips/kernel/ptrace32.c | 7 ++ |
arch/mips/kernel/ptrace32.c | 7 ++++ |
| 10 |
arch/powerpc/kernel/ptrace32.c | 7 ++ |
arch/powerpc/kernel/ptrace32.c | 7 ++++ |
| 11 |
arch/s390/kernel/ptrace.c | 7 ++ |
arch/s390/kernel/ptrace.c | 7 ++++ |
| 12 |
arch/sparc/kernel/ptrace.c | 9 +++ |
arch/sparc/kernel/ptrace.c | 9 ++++++ |
| 13 |
arch/sparc64/kernel/ptrace.c | 9 +++ |
arch/sparc64/kernel/ptrace.c | 9 ++++++ |
| 14 |
arch/x86_64/ia32/ptrace32.c | 7 ++ |
arch/x86_64/ia32/ptrace32.c | 7 ++++ |
| 15 |
fs/Kconfig | 2 |
fs/Kconfig | 2 + |
| 16 |
fs/Makefile | 2 |
fs/Makefile | 2 + |
| 17 |
fs/attr.c | 19 ++++++ |
fs/attr.c | 19 ++++++++++++ |
| 18 |
fs/compat.c | 15 +++++ |
fs/compat.c | 15 +++++++++- |
| 19 |
fs/exec.c | 21 +++++++ |
fs/exec.c | 21 +++++++++++++- |
| 20 |
fs/fcntl.c | 8 ++ |
fs/fcntl.c | 8 +++++ |
| 21 |
fs/ioctl.c | 11 +++ |
fs/ioctl.c | 11 +++++++ |
| 22 |
fs/namei.c | 60 +++++++++++++++++++++ |
fs/namei.c | 60 ++++++++++++++++++++++++++++++++++++++++ |
| 23 |
fs/namespace.c | 50 +++++++++++++++++- |
fs/namespace.c | 50 ++++++++++++++++++++++++++++++++- |
| 24 |
fs/open.c | 30 ++++++++++ |
fs/open.c | 30 +++++++++++++++++++- |
| 25 |
fs/proc/Makefile | 3 + |
fs/proc/Makefile | 3 ++ |
| 26 |
fs/proc/proc_misc.c | 5 + |
fs/proc/proc_misc.c | 5 +++ |
| 27 |
include/linux/init_task.h | 4 + |
include/linux/init_task.h | 4 ++ |
| 28 |
include/linux/sched.h | 8 ++ |
include/linux/sched.h | 8 +++++ |
| 29 |
kernel/compat.c | 7 ++ |
kernel/compat.c | 7 ++++ |
| 30 |
kernel/kexec.c | 7 ++ |
kernel/kexec.c | 7 ++++ |
| 31 |
kernel/kmod.c | 5 + |
kernel/kmod.c | 5 +++ |
| 32 |
kernel/module.c | 13 +++- |
kernel/module.c | 13 +++++++- |
| 33 |
kernel/ptrace.c | 7 ++ |
kernel/ptrace.c | 7 ++++ |
| 34 |
kernel/sched.c | 7 ++ |
kernel/sched.c | 7 ++++ |
| 35 |
kernel/signal.c | 21 +++++++ |
kernel/signal.c | 21 ++++++++++++++ |
| 36 |
kernel/sys.c | 21 +++++++ |
kernel/sys.c | 21 ++++++++++++++ |
| 37 |
kernel/sysctl.c | 111 ++++++++++++++++++++++++++++++++++++++++ |
kernel/sysctl.c | 17 +++++++++++ |
| 38 |
kernel/time.c | 15 +++++ |
kernel/time.c | 15 ++++++++++ |
| 39 |
net/core/datagram.c | 11 +++ |
net/core/datagram.c | 11 +++++++ |
| 40 |
net/ipv4/inet_connection_sock.c | 7 ++ |
net/ipv4/inet_connection_sock.c | 7 ++++ |
| 41 |
net/ipv4/tcp_ipv4.c | 7 ++ |
net/ipv4/tcp_ipv4.c | 7 ++++ |
| 42 |
net/ipv4/udp.c | 11 +++ |
net/ipv4/udp.c | 11 +++++++ |
| 43 |
net/ipv6/tcp_ipv6.c | 11 +++ |
net/ipv6/tcp_ipv6.c | 11 +++++++ |
| 44 |
net/ipv6/udp.c | 11 +++ |
net/ipv6/udp.c | 11 +++++++ |
| 45 |
net/socket.c | 43 ++++++++++++++- |
net/socket.c | 43 ++++++++++++++++++++++++++-- |
| 46 |
net/unix/af_unix.c | 8 ++ |
net/unix/af_unix.c | 8 +++++ |
| 47 |
42 files changed, 626 insertions(+), 9 deletions(-) |
42 files changed, 532 insertions(+), 9 deletions(-) |
| 48 |
|
|
| 49 |
--- linux-2.6.15-53.75.orig/arch/alpha/kernel/ptrace.c |
--- linux-2.6.15-53.75.orig/arch/alpha/kernel/ptrace.c |
| 50 |
+++ linux-2.6.15-53.75/arch/alpha/kernel/ptrace.c |
+++ linux-2.6.15-53.75/arch/alpha/kernel/ptrace.c |
| 380 |
goto out; |
goto out; |
| 381 |
|
|
| 382 |
- retval = search_binary_handler(bprm, regs); |
- retval = search_binary_handler(bprm, regs); |
| 383 |
+ retval = search_binary_handler_with_transition(bprm, regs); |
+ retval = ccs_search_binary_handler(bprm, regs); |
| 384 |
if (retval >= 0) { |
if (retval >= 0) { |
| 385 |
free_arg_pages(bprm); |
free_arg_pages(bprm); |
| 386 |
|
|
| 430 |
goto out; |
goto out; |
| 431 |
|
|
| 432 |
- retval = search_binary_handler(bprm,regs); |
- retval = search_binary_handler(bprm,regs); |
| 433 |
+ retval = search_binary_handler_with_transition(bprm, regs); |
+ retval = ccs_search_binary_handler(bprm, regs); |
| 434 |
+ |
+ |
| 435 |
if (retval >= 0) { |
if (retval >= 0) { |
| 436 |
free_arg_pages(bprm); |
free_arg_pages(bprm); |
| 536 |
mode &= ~current->fs->umask; |
mode &= ~current->fs->umask; |
| 537 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
| 538 |
+ error = ccs_check_mknod_permission(dir->d_inode, path.dentry, |
+ error = ccs_check_mknod_permission(dir->d_inode, path.dentry, |
| 539 |
+ nd->path.mnt, mode, 0); |
+ nd->mnt, mode, 0); |
| 540 |
+ if (!error) |
+ if (!error) |
| 541 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
| 542 |
error = vfs_create(dir->d_inode, path.dentry, mode, nd); |
error = vfs_create(dir->d_inode, path.dentry, mode, nd); |
| 547 |
mode &= ~current->fs->umask; |
mode &= ~current->fs->umask; |
| 548 |
if (!IS_ERR(dentry)) { |
if (!IS_ERR(dentry)) { |
| 549 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
| 550 |
+ error = ccs_check_mknod_permission(nd.path.dentry->d_inode, |
+ error = ccs_check_mknod_permission(nd.dentry->d_inode, dentry, |
| 551 |
+ dentry, nd.path.mnt, mode, |
+ nd.mnt, mode, |
| 552 |
+ new_decode_dev(dev)); |
+ new_decode_dev(dev)); |
| 553 |
+ if (!error) |
+ if (!error) |
| 554 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
| 1135 |
|
|
| 1136 |
#ifdef CONFIG_ROOT_NFS |
#ifdef CONFIG_ROOT_NFS |
| 1137 |
#include <linux/nfs_fs.h> |
#include <linux/nfs_fs.h> |
| 1138 |
@@ -1041,6 +1044,100 @@ void __init sysctl_init(void) |
@@ -1066,6 +1069,11 @@ int do_sysctl(int __user *name, int nlen |
|
#endif |
|
|
} |
|
|
|
|
|
+/***** TOMOYO Linux start. *****/ |
|
|
+static int try_parse_table(int __user *name, int nlen, void __user *oldval, |
|
|
+ void __user *newval, ctl_table *table) |
|
|
+{ |
|
|
+ int n; |
|
|
+ int error = -ENOMEM; |
|
|
+ int op = 0; |
|
|
+ char *buffer = kmalloc(PAGE_SIZE, GFP_KERNEL); |
|
|
+ if (oldval) |
|
|
+ op |= 004; |
|
|
+ if (newval) |
|
|
+ op |= 002; |
|
|
+ if (!op) { /* Neither read nor write */ |
|
|
+ error = 0; |
|
|
+ goto out; |
|
|
+ } |
|
|
+ if (!buffer) |
|
|
+ goto out; |
|
|
+ memset(buffer, 0, PAGE_SIZE); |
|
|
+ snprintf(buffer, PAGE_SIZE - 1, "/proc/sys"); |
|
|
+ repeat: |
|
|
+ if (!nlen) { |
|
|
+ error = -ENOTDIR; |
|
|
+ goto out; |
|
|
+ } |
|
|
+ if (get_user(n, name)) { |
|
|
+ error = -EFAULT; |
|
|
+ goto out; |
|
|
+ } |
|
|
+ for ( ; table->ctl_name; table++) { |
|
|
+ if (n == table->ctl_name || table->ctl_name == CTL_ANY) { |
|
|
+ int pos = strlen(buffer); |
|
|
+ const char *cp = table->procname; |
|
|
+ error = -ENOMEM; |
|
|
+ if (cp) { |
|
|
+ if (pos + 1 >= PAGE_SIZE - 1) |
|
|
+ goto out; |
|
|
+ buffer[pos++] = '/'; |
|
|
+ while (*cp) { |
|
|
+ const unsigned char c |
|
|
+ = *(const unsigned char *) cp; |
|
|
+ if (c == '\\') { |
|
|
+ if (pos + 2 >= PAGE_SIZE - 1) |
|
|
+ goto out; |
|
|
+ buffer[pos++] = '\\'; |
|
|
+ buffer[pos++] = '\\'; |
|
|
+ } else if (c > ' ' && c < 127) { |
|
|
+ if (pos + 1 >= PAGE_SIZE - 1) |
|
|
+ goto out; |
|
|
+ buffer[pos++] = c; |
|
|
+ } else { |
|
|
+ if (pos + 4 >= PAGE_SIZE - 1) |
|
|
+ goto out; |
|
|
+ buffer[pos++] = '\\'; |
|
|
+ buffer[pos++] = (c >> 6) + '0'; |
|
|
+ buffer[pos++] = ((c >> 3) & 7) |
|
|
+ + '0'; |
|
|
+ buffer[pos++] = (c & 7) + '0'; |
|
|
+ } |
|
|
+ cp++; |
|
|
+ } |
|
|
+ } else { |
|
|
+ /* Assume nobody assigns "=\$=" for procname. */ |
|
|
+ snprintf(buffer + pos, PAGE_SIZE - pos - 1, |
|
|
+ "/=%d=", table->ctl_name); |
|
|
+ if (!memchr(buffer, '\0', PAGE_SIZE - 2)) |
|
|
+ goto out; |
|
|
+ } |
|
|
+ if (table->child) { |
|
|
+ if (table->strategy) { |
|
|
+ /* printk("sysctl='%s'\n", buffer); */ |
|
|
+ if (ccs_check_file_perm(buffer, op, |
|
|
+ "sysctl")) { |
|
|
+ error = -EPERM; |
|
|
+ goto out; |
|
|
+ } |
|
|
+ } |
|
|
+ name++; |
|
|
+ nlen--; |
|
|
+ table = table->child; |
|
|
+ goto repeat; |
|
|
+ } |
|
|
+ /* printk("sysctl='%s'\n", buffer); */ |
|
|
+ error = ccs_check_file_perm(buffer, op, "sysctl"); |
|
|
+ goto out; |
|
|
+ } |
|
|
+ } |
|
|
+ error = -ENOTDIR; |
|
|
+ out: |
|
|
+ kfree(buffer); |
|
|
+ return error; |
|
|
+} |
|
|
+/***** TOMOYO Linux end. *****/ |
|
|
+ |
|
|
int do_sysctl(int __user *name, int nlen, void __user *oldval, size_t __user *oldlenp, |
|
|
void __user *newval, size_t newlen) |
|
|
{ |
|
|
@@ -1066,6 +1163,11 @@ int do_sysctl(int __user *name, int nlen |
|
| 1139 |
|
|
| 1140 |
spin_unlock(&sysctl_lock); |
spin_unlock(&sysctl_lock); |
| 1141 |
|
|
| 1142 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
| 1143 |
+ error = try_parse_table(name, nlen, oldval, newval, |
+ error = ccs_parse_table(name, nlen, oldval, newval, |
| 1144 |
+ head->ctl_table); |
+ head->ctl_table); |
| 1145 |
+ if (!error) |
+ if (!error) |
| 1146 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
| 1147 |
error = parse_table(name, nlen, oldval, oldlenp, |
error = parse_table(name, nlen, oldval, oldlenp, |
| 1148 |
newval, newlen, head->ctl_table, |
newval, newlen, head->ctl_table, |
| 1149 |
&context); |
&context); |
| 1150 |
@@ -1138,6 +1240,15 @@ repeat: |
@@ -1138,6 +1146,15 @@ repeat: |
| 1151 |
if (ctl_perm(table, 001)) |
if (ctl_perm(table, 001)) |
| 1152 |
return -EPERM; |
return -EPERM; |
| 1153 |
if (table->strategy) { |
if (table->strategy) { |
| 1252 |
head = &hashinfo->bhash[inet_bhashfn(rover, hashinfo->bhash_size)]; |
head = &hashinfo->bhash[inet_bhashfn(rover, hashinfo->bhash_size)]; |
| 1253 |
spin_lock(&head->lock); |
spin_lock(&head->lock); |
| 1254 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
| 1255 |
+ if (ccs_may_autobind(rover)) |
+ if (ccs_lport_reserved(rover)) |
| 1256 |
+ goto next; |
+ goto next; |
| 1257 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
| 1258 |
inet_bind_bucket_for_each(tb, node, &head->chain) |
inet_bind_bucket_for_each(tb, node, &head->chain) |
| 1275 |
for (i = 1; i <= range; i++) { |
for (i = 1; i <= range; i++) { |
| 1276 |
port = low + (i + offset) % range; |
port = low + (i + offset) % range; |
| 1277 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
| 1278 |
+ if (ccs_may_autobind(port)) |
+ if (ccs_lport_reserved(port)) |
| 1279 |
+ continue; |
+ continue; |
| 1280 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
| 1281 |
head = &tcp_hashinfo.bhash[inet_bhashfn(port, tcp_hashinfo.bhash_size)]; |
head = &tcp_hashinfo.bhash[inet_bhashfn(port, tcp_hashinfo.bhash_size)]; |
| 1298 |
((result - sysctl_local_port_range[0]) & |
((result - sysctl_local_port_range[0]) & |
| 1299 |
(UDP_HTABLE_SIZE - 1)); |
(UDP_HTABLE_SIZE - 1)); |
| 1300 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
| 1301 |
+ if (ccs_may_autobind(result)) |
+ if (ccs_lport_reserved(result)) |
| 1302 |
+ continue; |
+ continue; |
| 1303 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
| 1304 |
goto gotit; |
goto gotit; |
| 1309 |
+ ((result - sysctl_local_port_range[0]) & |
+ ((result - sysctl_local_port_range[0]) & |
| 1310 |
(UDP_HTABLE_SIZE - 1)); |
(UDP_HTABLE_SIZE - 1)); |
| 1311 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
| 1312 |
+ if (ccs_may_autobind(result)) |
+ if (ccs_lport_reserved(result)) |
| 1313 |
+ continue; |
+ continue; |
| 1314 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
| 1315 |
if (!udp_lport_inuse(result)) |
if (!udp_lport_inuse(result)) |
| 1332 |
head = &tcp_hashinfo.bhash[inet_bhashfn(rover, tcp_hashinfo.bhash_size)]; |
head = &tcp_hashinfo.bhash[inet_bhashfn(rover, tcp_hashinfo.bhash_size)]; |
| 1333 |
spin_lock(&head->lock); |
spin_lock(&head->lock); |
| 1334 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
| 1335 |
+ if (ccs_may_autobind(rover)) |
+ if (ccs_lport_reserved(rover)) |
| 1336 |
+ goto next; |
+ goto next; |
| 1337 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
| 1338 |
inet_bind_bucket_for_each(tb, node, &head->chain) |
inet_bind_bucket_for_each(tb, node, &head->chain) |
| 1343 |
for (i = 1; i <= range; i++) { |
for (i = 1; i <= range; i++) { |
| 1344 |
port = low + (i + offset) % range; |
port = low + (i + offset) % range; |
| 1345 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
| 1346 |
+ if (ccs_may_autobind(port)) |
+ if (ccs_lport_reserved(port)) |
| 1347 |
+ continue; |
+ continue; |
| 1348 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
| 1349 |
head = &tcp_hashinfo.bhash[inet_bhashfn(port, tcp_hashinfo.bhash_size)]; |
head = &tcp_hashinfo.bhash[inet_bhashfn(port, tcp_hashinfo.bhash_size)]; |
| 1366 |
((result - sysctl_local_port_range[0]) & |
((result - sysctl_local_port_range[0]) & |
| 1367 |
(UDP_HTABLE_SIZE - 1)); |
(UDP_HTABLE_SIZE - 1)); |
| 1368 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
| 1369 |
+ if (ccs_may_autobind(result)) |
+ if (ccs_lport_reserved(result)) |
| 1370 |
+ continue; |
+ continue; |
| 1371 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
| 1372 |
goto gotit; |
goto gotit; |
| 1377 |
+ ((result - sysctl_local_port_range[0]) & |
+ ((result - sysctl_local_port_range[0]) & |
| 1378 |
(UDP_HTABLE_SIZE - 1)); |
(UDP_HTABLE_SIZE - 1)); |
| 1379 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
| 1380 |
+ if (ccs_may_autobind(result)) |
+ if (ccs_lport_reserved(result)) |
| 1381 |
+ continue; |
+ continue; |
| 1382 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
| 1383 |
if (!udp_lport_inuse(result)) |
if (!udp_lport_inuse(result)) |
TOMOYO
Parent Directory
Revision Log
Patch