| 16 |
fs/Makefile | 2 + |
fs/Makefile | 2 + |
| 17 |
fs/attr.c | 19 +++++++++++++ |
fs/attr.c | 19 +++++++++++++ |
| 18 |
fs/compat.c | 15 ++++++++++ |
fs/compat.c | 15 ++++++++++ |
| 19 |
fs/exec.c | 20 +++++++++++++- |
fs/exec.c | 17 +++++++++++- |
| 20 |
fs/fcntl.c | 9 ++++++ |
fs/fcntl.c | 9 ++++++ |
| 21 |
fs/ioctl.c | 11 ++++++++ |
fs/ioctl.c | 11 ++++++++ |
| 22 |
fs/namei.c | 55 ++++++++++++++++++++++++++++++++++++++++ |
fs/namei.c | 55 ++++++++++++++++++++++++++++++++++++++++ |
| 44 |
net/ipv6/inet6_hashtables.c | 7 +++++ |
net/ipv6/inet6_hashtables.c | 7 +++++ |
| 45 |
net/socket.c | 41 +++++++++++++++++++++++++++++ |
net/socket.c | 41 +++++++++++++++++++++++++++++ |
| 46 |
net/unix/af_unix.c | 8 +++++ |
net/unix/af_unix.c | 8 +++++ |
| 47 |
42 files changed, 507 insertions(+), 2 deletions(-) |
42 files changed, 504 insertions(+), 2 deletions(-) |
| 48 |
|
|
| 49 |
--- linux-2.6.21.7.orig/arch/alpha/kernel/ptrace.c |
--- linux-2.6.21.7.orig/arch/alpha/kernel/ptrace.c |
| 50 |
+++ linux-2.6.21.7/arch/alpha/kernel/ptrace.c |
+++ linux-2.6.21.7/arch/alpha/kernel/ptrace.c |
| 397 |
int core_uses_pid; |
int core_uses_pid; |
| 398 |
char core_pattern[128] = "core"; |
char core_pattern[128] = "core"; |
| 399 |
int suid_dumpable = 0; |
int suid_dumpable = 0; |
| 400 |
@@ -140,6 +144,13 @@ asmlinkage long sys_uselib(const char __ |
@@ -140,6 +144,12 @@ asmlinkage long sys_uselib(const char __ |
| 401 |
if (error) |
if (error) |
| 402 |
goto exit; |
goto exit; |
| 403 |
|
|
| 404 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
| 405 |
+ /* 01 means "read". */ |
+ error = ccs_check_uselib_permission(nd.dentry, nd.mnt); |
|
+ error = ccs_check_open_permission(nd.dentry, nd.mnt, 01); |
|
| 406 |
+ if (error) |
+ if (error) |
| 407 |
+ goto exit; |
+ goto exit; |
| 408 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
| 410 |
file = nameidata_to_filp(&nd, O_RDONLY); |
file = nameidata_to_filp(&nd, O_RDONLY); |
| 411 |
error = PTR_ERR(file); |
error = PTR_ERR(file); |
| 412 |
if (IS_ERR(file)) |
if (IS_ERR(file)) |
| 413 |
@@ -485,6 +496,13 @@ struct file *open_exec(const char *name) |
@@ -485,6 +495,11 @@ struct file *open_exec(const char *name) |
| 414 |
if (!(nd.mnt->mnt_flags & MNT_NOEXEC) && |
if (!(nd.mnt->mnt_flags & MNT_NOEXEC) && |
| 415 |
S_ISREG(inode->i_mode)) { |
S_ISREG(inode->i_mode)) { |
| 416 |
int err = vfs_permission(&nd, MAY_EXEC); |
int err = vfs_permission(&nd, MAY_EXEC); |
| 417 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
| 418 |
+ if (!err && (current->ccs_flags & |
+ if (!err) |
| 419 |
+ CCS_CHECK_READ_FOR_OPEN_EXEC)) |
+ err = ccs_check_open_exec_permission(nd.dentry, |
| 420 |
+ /* 01 means "read". */ |
+ nd.mnt); |
|
+ err = ccs_check_open_permission(nd.dentry, |
|
|
+ nd.mnt, 01); |
|
| 421 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
| 422 |
file = ERR_PTR(err); |
file = ERR_PTR(err); |
| 423 |
if (!err) { |
if (!err) { |
| 424 |
file = nameidata_to_filp(&nd, O_RDONLY); |
file = nameidata_to_filp(&nd, O_RDONLY); |
| 425 |
@@ -1183,7 +1201,7 @@ int do_execve(char * filename, |
@@ -1183,7 +1198,7 @@ int do_execve(char * filename, |
| 426 |
if (retval < 0) |
if (retval < 0) |
| 427 |
goto out; |
goto out; |
| 428 |
|
|
| 820 |
#endif |
#endif |
| 821 |
+ /***** CCS start. *****/ |
+ /***** CCS start. *****/ |
| 822 |
+#if defined(CONFIG_SAKURA) || defined(CONFIG_TOMOYO) |
+#if defined(CONFIG_SAKURA) || defined(CONFIG_TOMOYO) |
| 823 |
+ printk(KERN_INFO "Hook version: 2.6.21.7 2009/03/18\n"); |
+ printk(KERN_INFO "Hook version: 2.6.21.7 2009/03/24\n"); |
| 824 |
+#endif |
+#endif |
| 825 |
+ /***** CCS end. *****/ |
+ /***** CCS end. *****/ |
| 826 |
} |
} |
TOMOYO
Parent Directory
Revision Log
Patch