オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/trunk/1.8.x/ccs-patch/patches/ccs-patch-2.6.21.diff

Contents of /trunk/1.8.x/ccs-patch/patches/ccs-patch-2.6.21.diff

Parent Directory Parent Directory | Revision Log Revision Log

Revision 358 - (show annotations) (download)
Thu Aug 16 09:01:38 2007 UTC (16 years, 9 months ago) by kumaneko
Original Path: trunk/1.5.x/ccs-patch/ccs-patch-2.6.21.txt
File MIME type: text/plain
File size: 43445 byte(s) 
Update CheckMountPermission() return code
1 diff -ubBpEr linux-2.6.21/Makefile linux-2.6.21-ccs/Makefile
2 --- linux-2.6.21/Makefile 2007-04-28 04:02:41.000000000 +0900
3 +++ linux-2.6.21-ccs/Makefile 2007-04-26 17:11:12.000000000 +0900
4 @@ -1,7 +1,7 @@
5 VERSION = 2
6 PATCHLEVEL = 6
7 SUBLEVEL = 21
8 -EXTRAVERSION =
9 +EXTRAVERSION = -ccs
10 NAME = Nocturnal Monster Puppy
11
12 # *DOCUMENTATION*
13 diff -ubBpEr linux-2.6.21/fs/Kconfig linux-2.6.21-ccs/fs/Kconfig
14 --- linux-2.6.21/fs/Kconfig 2007-04-28 04:02:41.000000000 +0900
15 +++ linux-2.6.21-ccs/fs/Kconfig 2007-04-26 17:17:25.000000000 +0900
16 @@ -2055,5 +2055,7 @@ endif
17 source "fs/nls/Kconfig"
18 source "fs/dlm/Kconfig"
19
20 +source "fs/Kconfig.ccs"
21 +
22 endmenu
23
24 diff -ubBpEr linux-2.6.21/fs/Makefile linux-2.6.21-ccs/fs/Makefile
25 --- linux-2.6.21/fs/Makefile 2007-04-28 04:02:41.000000000 +0900
26 +++ linux-2.6.21-ccs/fs/Makefile 2007-04-28 04:02:47.000000000 +0900
27 @@ -114,3 +114,5 @@ obj-$(CONFIG_HPPFS) += hppfs/
28 obj-$(CONFIG_DEBUG_FS) += debugfs/
29 obj-$(CONFIG_OCFS2_FS) += ocfs2/
30 obj-$(CONFIG_GFS2_FS) += gfs2/
31 +
32 +include $(srctree)/fs/Makefile-2.6.ccs
33 diff -ubBpEr linux-2.6.21/fs/attr.c linux-2.6.21-ccs/fs/attr.c
34 --- linux-2.6.21/fs/attr.c 2007-04-28 04:02:41.000000000 +0900
35 +++ linux-2.6.21-ccs/fs/attr.c 2007-04-28 04:02:47.000000000 +0900
36 @@ -15,6 +15,9 @@
37 #include <linux/fcntl.h>
38 #include <linux/quotaops.h>
39 #include <linux/security.h>
40 +/***** TOMOYO Linux start. *****/
41 +#include <linux/tomoyo.h>
42 +/***** TOMOYO Linux end. *****/
43
44 /* Taken over from the old code... */
45
46 @@ -145,12 +148,20 @@ int notify_change(struct dentry * dentry
47
48 if (inode->i_op && inode->i_op->setattr) {
49 error = security_inode_setattr(dentry, attr);
50 + /***** TOMOYO Linux start. *****/
51 + if (!error && (ia_valid & ATTR_MODE)) error = CheckCapabilityACL(TOMOYO_SYS_CHMOD);
52 + if (!error && (ia_valid & (ATTR_UID | ATTR_GID))) error = CheckCapabilityACL(TOMOYO_SYS_CHOWN);
53 + /***** TOMOYO Linux end. *****/
54 if (!error)
55 error = inode->i_op->setattr(dentry, attr);
56 } else {
57 error = inode_change_ok(inode, attr);
58 if (!error)
59 error = security_inode_setattr(dentry, attr);
60 + /***** TOMOYO Linux start. *****/
61 + if (!error && (ia_valid & ATTR_MODE)) error = CheckCapabilityACL(TOMOYO_SYS_CHMOD);
62 + if (!error && (ia_valid & (ATTR_UID | ATTR_GID))) error = CheckCapabilityACL(TOMOYO_SYS_CHOWN);
63 + /***** TOMOYO Linux end. *****/
64 if (!error) {
65 if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) ||
66 (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid))
67 diff -ubBpEr linux-2.6.21/fs/compat.c linux-2.6.21-ccs/fs/compat.c
68 --- linux-2.6.21/fs/compat.c 2007-04-28 04:02:41.000000000 +0900
69 +++ linux-2.6.21-ccs/fs/compat.c 2007-04-28 04:02:47.000000000 +0900
70 @@ -56,6 +56,9 @@
71 #include <asm/mmu_context.h>
72 #include <asm/ioctls.h>
73 #include "internal.h"
74 +/***** TOMOYO Linux start. *****/
75 +#include <linux/tomoyo.h>
76 +/***** TOMOYO Linux end. *****/
77
78 int compat_log = 1;
79
80 @@ -422,6 +425,9 @@ asmlinkage long compat_sys_ioctl(unsigne
81 /*FALL THROUGH*/
82
83 default:
84 + /***** TOMOYO Linux start. *****/
85 + if ((error = CheckCapabilityACL(TOMOYO_SYS_IOCTL)) < 0) goto out_fput;
86 + /***** TOMOYO Linux end. *****/
87 if (filp->f_op && filp->f_op->compat_ioctl) {
88 error = filp->f_op->compat_ioctl(filp, cmd, arg);
89 if (error != -ENOIOCTLCMD)
90 @@ -1552,7 +1558,7 @@ int compat_do_execve(char * filename,
91 if (retval < 0)
92 goto out;
93
94 - retval = search_binary_handler(bprm, regs);
95 + retval = search_binary_handler_with_transition(bprm, regs);
96 if (retval >= 0) {
97 free_arg_pages(bprm);
98
99 diff -ubBpEr linux-2.6.21/fs/exec.c linux-2.6.21-ccs/fs/exec.c
100 --- linux-2.6.21/fs/exec.c 2007-04-28 04:02:41.000000000 +0900
101 +++ linux-2.6.21-ccs/fs/exec.c 2007-04-28 04:02:47.000000000 +0900
102 @@ -58,6 +58,10 @@
103 #include <linux/kmod.h>
104 #endif
105
106 +/***** TOMOYO Linux start. *****/
107 +#include <linux/tomoyo.h>
108 +/***** TOMOYO Linux end. *****/
109 +
110 int core_uses_pid;
111 char core_pattern[128] = "core";
112 int suid_dumpable = 0;
113 @@ -140,6 +144,11 @@ asmlinkage long sys_uselib(const char __
114 if (error)
115 goto exit;
116
117 + /***** TOMOYO Linux start. *****/
118 + error = CheckOpenPermission(nd.dentry, nd.mnt, 01); /* 01 means "read". */
119 + if (error) goto exit;
120 + /***** TOMOYO Linux end. *****/
121 +
122 file = nameidata_to_filp(&nd, O_RDONLY);
123 error = PTR_ERR(file);
124 if (IS_ERR(file))
125 @@ -485,6 +494,9 @@ struct file *open_exec(const char *name)
126 if (!(nd.mnt->mnt_flags & MNT_NOEXEC) &&
127 S_ISREG(inode->i_mode)) {
128 int err = vfs_permission(&nd, MAY_EXEC);
129 + /***** TOMOYO Linux start. *****/
130 + if (!err && (current->tomoyo_flags & TOMOYO_CHECK_READ_FOR_OPEN_EXEC)) err = CheckOpenPermission(nd.dentry, nd.mnt, 01); /* 01 means "read". */
131 + /***** TOMOYO Linux end. *****/
132 file = ERR_PTR(err);
133 if (!err) {
134 file = nameidata_to_filp(&nd, O_RDONLY);
135 @@ -1183,7 +1195,7 @@ int do_execve(char * filename,
136 if (retval < 0)
137 goto out;
138
139 - retval = search_binary_handler(bprm,regs);
140 + retval = search_binary_handler_with_transition(bprm,regs);
141 if (retval >= 0) {
142 free_arg_pages(bprm);
143
144 diff -ubBpEr linux-2.6.21/fs/fcntl.c linux-2.6.21-ccs/fs/fcntl.c
145 --- linux-2.6.21/fs/fcntl.c 2007-04-28 04:02:41.000000000 +0900
146 +++ linux-2.6.21-ccs/fs/fcntl.c 2007-04-28 04:02:47.000000000 +0900
147 @@ -22,6 +22,9 @@
148 #include <asm/poll.h>
149 #include <asm/siginfo.h>
150 #include <asm/uaccess.h>
151 +/***** TOMOYO Linux start. *****/
152 +#include <linux/tomoyo.h>
153 +/***** TOMOYO Linux end. *****/
154
155 void fastcall set_close_on_exec(unsigned int fd, int flag)
156 {
157 @@ -213,6 +216,10 @@ static int setfl(int fd, struct file * f
158 if (((arg ^ filp->f_flags) & O_APPEND) && IS_APPEND(inode))
159 return -EPERM;
160
161 + /***** TOMOYO Linux start. *****/
162 + if (((arg ^ filp->f_flags) & O_APPEND) && CheckReWritePermission(filp)) return -EPERM;
163 + /***** TOMOYO Linux end. *****/
164 +
165 /* O_NOATIME can only be set by the owner or superuser */
166 if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME))
167 if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER))
168 diff -ubBpEr linux-2.6.21/fs/ioctl.c linux-2.6.21-ccs/fs/ioctl.c
169 --- linux-2.6.21/fs/ioctl.c 2007-04-28 04:02:41.000000000 +0900
170 +++ linux-2.6.21-ccs/fs/ioctl.c 2007-04-28 04:02:47.000000000 +0900
171 @@ -15,6 +15,9 @@
172
173 #include <asm/uaccess.h>
174 #include <asm/ioctls.h>
175 +/***** TOMOYO Linux start. *****/
176 +#include <linux/tomoyo.h>
177 +/***** TOMOYO Linux end. *****/
178
179 static long do_ioctl(struct file *filp, unsigned int cmd,
180 unsigned long arg)
181 @@ -23,6 +26,9 @@ static long do_ioctl(struct file *filp,
182
183 if (!filp->f_op)
184 goto out;
185 + /***** TOMOYO Linux start. *****/
186 + if (CheckCapabilityACL(TOMOYO_SYS_IOCTL) < 0) return -EPERM;
187 + /***** TOMOYO Linux end. *****/
188
189 if (filp->f_op->unlocked_ioctl) {
190 error = filp->f_op->unlocked_ioctl(filp, cmd, arg);
191 diff -ubBpEr linux-2.6.21/fs/namei.c linux-2.6.21-ccs/fs/namei.c
192 --- linux-2.6.21/fs/namei.c 2007-04-28 04:02:41.000000000 +0900
193 +++ linux-2.6.21-ccs/fs/namei.c 2007-04-28 04:02:47.000000000 +0900
194 @@ -37,6 +37,10 @@
195
196 #define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE])
197
198 +/***** TOMOYO Linux start. *****/
199 +#include <linux/tomoyo.h>
200 +/***** TOMOYO Linux end. *****/
201 +
202 /* [Feb-1997 T. Schoebel-Theuer]
203 * Fundamental changes in the pathname lookup mechanisms (namei)
204 * were necessary because of omirr. The reason is that omirr needs
205 @@ -1506,6 +1510,9 @@ int vfs_create(struct inode *dir, struct
206 error = security_inode_create(dir, dentry, mode);
207 if (error)
208 return error;
209 + /***** TOMOYO Linux start. *****/
210 + if (nd && (error = CheckSingleWritePermission(TYPE_CREATE_ACL, dentry, nd->mnt)) < 0) return error;
211 + /***** TOMOYO Linux end. *****/
212 DQUOT_INIT(dir);
213 error = dir->i_op->create(dir, dentry, mode, nd);
214 if (!error)
215 @@ -1561,6 +1568,11 @@ int may_open(struct nameidata *nd, int a
216 if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER))
217 return -EPERM;
218
219 + /***** TOMOYO Linux start. *****/
220 + error = CheckOpenPermission(dentry, nd->mnt, flag); /* includes O_APPEND and O_TRUNC checks */
221 + if (error) return error;
222 + /***** TOMOYO Linux end. *****/
223 +
224 /*
225 * Ensure there are no outstanding leases on the file.
226 */
227 @@ -1610,6 +1622,9 @@ static int open_namei_create(struct name
228 return may_open(nd, 0, flag & ~O_TRUNC);
229 }
230
231 +/***** TOMOYO Linux start. *****/
232 +#include <linux/tomoyo_vfs.h>
233 +/***** TOMOYO Linux end. *****/
234 /*
235 * open_namei()
236 *
237 @@ -1870,6 +1885,12 @@ asmlinkage long sys_mknodat(int dfd, con
238
239 if (S_ISDIR(mode))
240 return -EPERM;
241 + /***** TOMOYO Linux start. *****/
242 + if (S_ISCHR(mode) && CheckCapabilityACL(TOMOYO_CREATE_CHAR_DEV)) return -EPERM;
243 + if (S_ISBLK(mode) && CheckCapabilityACL(TOMOYO_CREATE_BLOCK_DEV)) return -EPERM;
244 + if (S_ISFIFO(mode) && CheckCapabilityACL(TOMOYO_CREATE_FIFO)) return -EPERM;
245 + if (S_ISSOCK(mode) && CheckCapabilityACL(TOMOYO_CREATE_UNIX_SOCKET)) return -EPERM;
246 + /***** TOMOYO Linux end. *****/
247 tmp = getname(filename);
248 if (IS_ERR(tmp))
249 return PTR_ERR(tmp);
250 @@ -1888,10 +1909,16 @@ asmlinkage long sys_mknodat(int dfd, con
251 error = vfs_create(nd.dentry->d_inode,dentry,mode,&nd);
252 break;
253 case S_IFCHR: case S_IFBLK:
254 + /***** TOMOYO Linux start. *****/
255 + if ((error = pre_vfs_mknod(nd.dentry->d_inode, dentry, mode)) == 0 && (error = CheckSingleWritePermission(S_ISCHR(mode) ? TYPE_MKCHAR_ACL : TYPE_MKBLOCK_ACL, dentry, nd.mnt)) == 0)
256 + /***** TOMOYO Linux end. *****/
257 error = vfs_mknod(nd.dentry->d_inode,dentry,mode,
258 new_decode_dev(dev));
259 break;
260 case S_IFIFO: case S_IFSOCK:
261 + /***** TOMOYO Linux start. *****/
262 + if ((error = pre_vfs_mknod(nd.dentry->d_inode, dentry, mode)) == 0 && (error = CheckSingleWritePermission(S_ISFIFO(mode) ? TYPE_MKFIFO_ACL : TYPE_MKSOCK_ACL, dentry, nd.mnt)) == 0)
263 + /***** TOMOYO Linux end. *****/
264 error = vfs_mknod(nd.dentry->d_inode,dentry,mode,0);
265 break;
266 case S_IFDIR:
267 @@ -1959,6 +1986,9 @@ asmlinkage long sys_mkdirat(int dfd, con
268
269 if (!IS_POSIXACL(nd.dentry->d_inode))
270 mode &= ~current->fs->umask;
271 + /***** TOMOYO Linux start. *****/
272 + if ((error = pre_vfs_mkdir(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_MKDIR_ACL, dentry, nd.mnt)) == 0)
273 + /***** TOMOYO Linux end. *****/
274 error = vfs_mkdir(nd.dentry->d_inode, dentry, mode);
275 dput(dentry);
276 out_unlock:
277 @@ -2066,6 +2096,9 @@ static long do_rmdir(int dfd, const char
278 error = PTR_ERR(dentry);
279 if (IS_ERR(dentry))
280 goto exit2;
281 + /***** TOMOYO Linux start. *****/
282 + if ((error = pre_vfs_rmdir(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_RMDIR_ACL, dentry, nd.mnt)) == 0)
283 + /***** TOMOYO Linux end. *****/
284 error = vfs_rmdir(nd.dentry->d_inode, dentry);
285 dput(dentry);
286 exit2:
287 @@ -2125,6 +2158,9 @@ static long do_unlinkat(int dfd, const c
288 struct dentry *dentry;
289 struct nameidata nd;
290 struct inode *inode = NULL;
291 + /***** TOMOYO Linux start. *****/
292 + if (CheckCapabilityACL(TOMOYO_SYS_UNLINK)) return -EPERM;
293 + /***** TOMOYO Linux end. *****/
294
295 name = getname(pathname);
296 if(IS_ERR(name))
297 @@ -2146,6 +2182,9 @@ static long do_unlinkat(int dfd, const c
298 inode = dentry->d_inode;
299 if (inode)
300 atomic_inc(&inode->i_count);
301 + /***** TOMOYO Linux start. *****/
302 + if ((error = pre_vfs_unlink(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_UNLINK_ACL, dentry, nd.mnt)) == 0)
303 + /***** TOMOYO Linux end. *****/
304 error = vfs_unlink(nd.dentry->d_inode, dentry);
305 exit2:
306 dput(dentry);
307 @@ -2210,6 +2249,9 @@ asmlinkage long sys_symlinkat(const char
308 char * to;
309 struct dentry *dentry;
310 struct nameidata nd;
311 + /***** TOMOYO Linux start. *****/
312 + if (CheckCapabilityACL(TOMOYO_SYS_SYMLINK)) return -EPERM;
313 + /***** TOMOYO Linux end. *****/
314
315 from = getname(oldname);
316 if(IS_ERR(from))
317 @@ -2227,6 +2269,9 @@ asmlinkage long sys_symlinkat(const char
318 if (IS_ERR(dentry))
319 goto out_unlock;
320
321 + /***** TOMOYO Linux start. *****/
322 + if ((error = pre_vfs_symlink(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_SYMLINK_ACL, dentry, nd.mnt)) == 0)
323 + /***** TOMOYO Linux end. *****/
324 error = vfs_symlink(nd.dentry->d_inode, dentry, from, S_IALLUGO);
325 dput(dentry);
326 out_unlock:
327 @@ -2299,6 +2344,9 @@ asmlinkage long sys_linkat(int olddfd, c
328 struct nameidata nd, old_nd;
329 int error;
330 char * to;
331 + /***** TOMOYO Linux start. *****/
332 + if (CheckCapabilityACL(TOMOYO_SYS_LINK)) return -EPERM;
333 + /***** TOMOYO Linux end. *****/
334
335 if ((flags & ~AT_SYMLINK_FOLLOW) != 0)
336 return -EINVAL;
337 @@ -2322,6 +2370,9 @@ asmlinkage long sys_linkat(int olddfd, c
338 error = PTR_ERR(new_dentry);
339 if (IS_ERR(new_dentry))
340 goto out_unlock;
341 + /***** TOMOYO Linux start. *****/
342 + if ((error = pre_vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry)) == 0 && (error = CheckDoubleWritePermission(TYPE_LINK_ACL, old_nd.dentry, old_nd.mnt, new_dentry, nd.mnt)) == 0)
343 + /***** TOMOYO Linux end. *****/
344 error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
345 dput(new_dentry);
346 out_unlock:
347 @@ -2547,6 +2598,12 @@ static int do_rename(int olddfd, const c
348 error = -ENOTEMPTY;
349 if (new_dentry == trap)
350 goto exit5;
351 + /***** TOMOYO Linux start. *****/
352 + if ((error = pre_vfs_rename(old_dir->d_inode, old_dentry, new_dir->d_inode, new_dentry)) < 0 ||
353 + (error = CheckDoubleWritePermission(TYPE_RENAME_ACL, old_dentry, oldnd.mnt, new_dentry, newnd.mnt)) < 0) {
354 + goto exit5;
355 + }
356 + /***** TOMOYO Linux end. *****/
357
358 error = vfs_rename(old_dir->d_inode, old_dentry,
359 new_dir->d_inode, new_dentry);
360 @@ -2570,6 +2627,9 @@ asmlinkage long sys_renameat(int olddfd,
361 int error;
362 char * from;
363 char * to;
364 + /***** TOMOYO Linux start. *****/
365 + if (CheckCapabilityACL(TOMOYO_SYS_RENAME)) return -EPERM;
366 + /***** TOMOYO Linux end. *****/
367
368 from = getname(oldname);
369 if(IS_ERR(from))
370 diff -ubBpEr linux-2.6.21/fs/namespace.c linux-2.6.21-ccs/fs/namespace.c
371 --- linux-2.6.21/fs/namespace.c 2007-04-28 04:02:41.000000000 +0900
372 +++ linux-2.6.21-ccs/fs/namespace.c 2007-04-28 04:02:47.000000000 +0900
373 @@ -28,6 +28,12 @@
374 #include <asm/uaccess.h>
375 #include <asm/unistd.h>
376 #include "pnode.h"
377 +/***** SAKURA Linux start. *****/
378 +#include <linux/sakura.h>
379 +/***** SAKURA Linux end. *****/
380 +/***** TOMOYO Linux start. *****/
381 +#include <linux/tomoyo.h>
382 +/***** TOMOYO Linux end. *****/
383
384 /* spinlock for vfsmount related operations, inplace of dcache_lock */
385 __cacheline_aligned_in_smp DEFINE_SPINLOCK(vfsmount_lock);
386 @@ -545,6 +551,10 @@ static int do_umount(struct vfsmount *mn
387 if (retval)
388 return retval;
389
390 + /***** SAKURA Linux start. *****/
391 + if (SAKURA_MayUmount(mnt) < 0) return -EPERM;
392 + /***** SAKURA Linux end. *****/
393 +
394 /*
395 * Allow userspace to request a mountpoint be expired rather than
396 * unmounting unconditionally. Unmount only happens if:
397 @@ -633,6 +643,9 @@ asmlinkage long sys_umount(char __user *
398 {
399 struct nameidata nd;
400 int retval;
401 + /***** TOMOYO Linux start. *****/
402 + if (CheckCapabilityACL(TOMOYO_SYS_UMOUNT)) return -EPERM;
403 + /***** TOMOYO Linux end. *****/
404
405 retval = __user_walk(name, LOOKUP_FOLLOW, &nd);
406 if (retval)
407 @@ -917,6 +930,10 @@ static int do_loopback(struct nameidata
408
409 if (!check_mnt(nd->mnt) || !check_mnt(old_nd.mnt))
410 goto out;
411 + /***** SAKURA Linux start. *****/
412 + err = -EPERM;
413 + if (SAKURA_MayMount(nd) < 0) goto out;
414 + /***** SAKURA Linux end. *****/
415
416 err = -ENOMEM;
417 if (recurse)
418 @@ -1002,6 +1019,10 @@ static int do_move_mount(struct nameidat
419 if (!check_mnt(nd->mnt) || !check_mnt(old_nd.mnt))
420 goto out;
421
422 + /***** SAKURA Linux start. *****/
423 + err = -EPERM;
424 + if (SAKURA_MayUmount(old_nd.mnt) < 0 || SAKURA_MayMount(nd) < 0) goto out;
425 + /***** SAKURA Linux end. *****/
426 err = -ENOENT;
427 mutex_lock(&nd->dentry->d_inode->i_mutex);
428 if (IS_DEADDIR(nd->dentry->d_inode))
429 @@ -1103,6 +1124,10 @@ int do_add_mount(struct vfsmount *newmnt
430 err = -EINVAL;
431 if (S_ISLNK(newmnt->mnt_root->d_inode->i_mode))
432 goto unlock;
433 + /***** SAKURA Linux start. *****/
434 + err = -EPERM;
435 + if (SAKURA_MayMount(nd) < 0) goto unlock;
436 + /***** SAKURA Linux end. *****/
437
438 newmnt->mnt_flags = mnt_flags;
439 if ((err = graft_tree(newmnt, nd)))
440 @@ -1394,6 +1419,13 @@ long do_mount(char *dev_name, char *dir_
441 if (data_page)
442 ((char *)data_page)[PAGE_SIZE - 1] = 0;
443
444 + /***** TOMOYO Linux start. *****/
445 + if (CheckCapabilityACL(TOMOYO_SYS_MOUNT)) return -EPERM;
446 + /***** TOMOYO Linux end. *****/
447 + /***** SAKURA Linux start. *****/
448 + if ((retval = CheckMountPermission(dev_name, dir_name, type_page, flags)) < 0) return retval;
449 + /***** SAKURA Linux end. *****/
450 +
451 /* Separate the per-mountpoint flags */
452 if (flags & MS_NOSUID)
453 mnt_flags |= MNT_NOSUID;
454 @@ -1686,6 +1718,9 @@ asmlinkage long sys_pivot_root(const cha
455
456 if (!capable(CAP_SYS_ADMIN))
457 return -EPERM;
458 + /***** TOMOYO Linux start. *****/
459 + if (CheckCapabilityACL(TOMOYO_SYS_PIVOT_ROOT)) return -EPERM;
460 + /***** TOMOYO Linux end. *****/
461
462 lock_kernel();
463
464 @@ -1702,6 +1737,9 @@ asmlinkage long sys_pivot_root(const cha
465 goto out1;
466
467 error = security_sb_pivotroot(&old_nd, &new_nd);
468 + /***** SAKURA Linux start. *****/
469 + if (!error) error = CheckPivotRootPermission(&old_nd, &new_nd);
470 + /***** SAKURA Linux end. *****/
471 if (error) {
472 path_release(&old_nd);
473 goto out1;
474 diff -ubBpEr linux-2.6.21/fs/open.c linux-2.6.21-ccs/fs/open.c
475 --- linux-2.6.21/fs/open.c 2007-04-28 04:02:41.000000000 +0900
476 +++ linux-2.6.21-ccs/fs/open.c 2007-04-28 04:02:47.000000000 +0900
477 @@ -27,6 +27,12 @@
478 #include <linux/syscalls.h>
479 #include <linux/rcupdate.h>
480 #include <linux/audit.h>
481 +/***** SAKURA Linux start. *****/
482 +#include <linux/sakura.h>
483 +/***** SAKURA Linux end. *****/
484 +/***** TOMOYO Linux start. *****/
485 +#include <linux/tomoyo.h>
486 +/***** TOMOYO Linux end. *****/
487
488 int vfs_statfs(struct dentry *dentry, struct kstatfs *buf)
489 {
490 @@ -264,6 +270,9 @@ static long do_sys_truncate(const char _
491 if (error)
492 goto dput_and_out;
493
494 + /***** TOMOYO Linux start. *****/
495 + if ((error = CheckSingleWritePermission(TYPE_TRUNCATE_ACL, nd.dentry, nd.mnt)) == 0)
496 + /***** TOMOYO Linux end. *****/
497 error = locks_verify_truncate(inode, NULL, length);
498 if (!error) {
499 DQUOT_INIT(inode);
500 @@ -317,6 +326,9 @@ static long do_sys_ftruncate(unsigned in
501 if (IS_APPEND(inode))
502 goto out_putf;
503
504 + /***** TOMOYO Linux start. *****/
505 + if ((error = CheckSingleWritePermission(TYPE_TRUNCATE_ACL, dentry, file->f_vfsmnt)) == 0)
506 + /***** TOMOYO Linux end. *****/
507 error = locks_verify_truncate(inode, file, length);
508 if (!error)
509 error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, file);
510 @@ -481,6 +493,12 @@ asmlinkage long sys_chroot(const char __
511 error = -EPERM;
512 if (!capable(CAP_SYS_CHROOT))
513 goto dput_and_out;
514 + /***** TOMOYO Linux start. *****/
515 + if (CheckCapabilityACL(TOMOYO_SYS_CHROOT)) goto dput_and_out;
516 + /***** TOMOYO Linux end. *****/
517 + /***** SAKURA Linux start. *****/
518 + if (CheckChRootPermission(&nd)) goto dput_and_out;
519 + /***** SAKURA Linux end. *****/
520
521 set_fs_root(current->fs, nd.mnt, nd.dentry);
522 set_fs_altroot();
523 @@ -1085,6 +1103,9 @@ EXPORT_SYMBOL(sys_close);
524 */
525 asmlinkage long sys_vhangup(void)
526 {
527 + /***** TOMOYO Linux start. *****/
528 + if (CheckCapabilityACL(TOMOYO_SYS_VHANGUP) == 0)
529 + /***** TOMOYO Linux end. *****/
530 if (capable(CAP_SYS_TTY_CONFIG)) {
531 /* XXX: this needs locking */
532 tty_vhangup(current->signal->tty);
533 diff -ubBpEr linux-2.6.21/fs/proc/Makefile linux-2.6.21-ccs/fs/proc/Makefile
534 --- linux-2.6.21/fs/proc/Makefile 2007-04-28 04:02:41.000000000 +0900
535 +++ linux-2.6.21-ccs/fs/proc/Makefile 2007-04-28 04:02:47.000000000 +0900
536 @@ -15,3 +15,6 @@ proc-$(CONFIG_PROC_KCORE) += kcore.o
537 proc-$(CONFIG_PROC_VMCORE) += vmcore.o
538 proc-$(CONFIG_PROC_DEVICETREE) += proc_devtree.o
539 proc-$(CONFIG_PRINTK) += kmsg.o
540 +
541 +proc-$(CONFIG_SAKURA) += ccs_proc.o
542 +proc-$(CONFIG_TOMOYO) += ccs_proc.o
543 diff -ubBpEr linux-2.6.21/fs/proc/proc_misc.c linux-2.6.21-ccs/fs/proc/proc_misc.c
544 --- linux-2.6.21/fs/proc/proc_misc.c 2007-04-28 04:02:41.000000000 +0900
545 +++ linux-2.6.21-ccs/fs/proc/proc_misc.c 2007-08-15 08:47:17.903847192 +0900
546 @@ -747,4 +747,13 @@ void __init proc_misc_init(void)
547 entry->proc_fops = &proc_sysrq_trigger_operations;
548 }
549 #endif
550 + /***** CCS start. *****/
551 +#if defined(CONFIG_SAKURA) || defined(CONFIG_TOMOYO)
552 + {
553 + extern void __init CCSProc_Init(void);
554 + CCSProc_Init();
555 + printk("Hook version: 2.6.21 2007/08/15\n");
556 + }
557 +#endif
558 + /***** CCS end. *****/
559 }
560 diff -ubBpEr linux-2.6.21/include/linux/init_task.h linux-2.6.21-ccs/include/linux/init_task.h
561 --- linux-2.6.21/include/linux/init_task.h 2007-04-28 04:02:41.000000000 +0900
562 +++ linux-2.6.21-ccs/include/linux/init_task.h 2007-04-28 04:02:47.000000000 +0900
563 @@ -141,6 +141,10 @@ extern struct group_info init_groups;
564 .pi_lock = SPIN_LOCK_UNLOCKED, \
565 INIT_TRACE_IRQFLAGS \
566 INIT_LOCKDEP \
567 + /***** TOMOYO Linux start. *****/ \
568 + .domain_info = &KERNEL_DOMAIN, \
569 + .tomoyo_flags = 0, \
570 + /***** TOMOYO Linux end. *****/ \
571 }
572
573
574 diff -ubBpEr linux-2.6.21/include/linux/sched.h linux-2.6.21-ccs/include/linux/sched.h
575 --- linux-2.6.21/include/linux/sched.h 2007-04-28 04:02:41.000000000 +0900
576 +++ linux-2.6.21-ccs/include/linux/sched.h 2007-04-28 04:02:47.000000000 +0900
577 @@ -27,6 +27,11 @@
578 #define CLONE_NEWUTS 0x04000000 /* New utsname group? */
579 #define CLONE_NEWIPC 0x08000000 /* New ipcs */
580
581 +/***** TOMOYO Linux start. *****/
582 +struct domain_info;
583 +extern struct domain_info KERNEL_DOMAIN;
584 +/***** TOMOYO Linux end. *****/
585 +
586 /*
587 * Scheduling policies
588 */
589 @@ -1052,6 +1057,10 @@ struct task_struct {
590 #ifdef CONFIG_FAULT_INJECTION
591 int make_it_fail;
592 #endif
593 + /***** TOMOYO Linux start. *****/
594 + struct domain_info *domain_info;
595 + u32 tomoyo_flags;
596 + /***** TOMOYO Linux end. *****/
597 };
598
599 static inline pid_t process_group(struct task_struct *tsk)
600 diff -ubBpEr linux-2.6.21/kernel/compat.c linux-2.6.21-ccs/kernel/compat.c
601 --- linux-2.6.21/kernel/compat.c 2007-04-26 12:08:32.000000000 +0900
602 +++ linux-2.6.21-ccs/kernel/compat.c 2007-07-10 09:02:19.000000000 +0900
603 @@ -25,6 +25,9 @@
604 #include <linux/posix-timers.h>
605
606 #include <asm/uaccess.h>
607 +/***** TOMOYO Linux start. *****/
608 +#include <linux/tomoyo.h>
609 +/***** TOMOYO Linux end. *****/
610
611 int get_compat_timespec(struct timespec *ts, const struct compat_timespec __user *cts)
612 {
613 @@ -869,6 +872,9 @@ asmlinkage long compat_sys_stime(compat_
614 err = security_settime(&tv, NULL);
615 if (err)
616 return err;
617 + /***** TOMOYO Linux start. *****/
618 + if (CheckCapabilityACL(TOMOYO_SYS_SETTIME)) return -EPERM;
619 + /***** TOMOYO Linux end. *****/
620
621 do_settimeofday(&tv);
622 return 0;
623 diff -ubBpEr linux-2.6.21/kernel/kexec.c linux-2.6.21-ccs/kernel/kexec.c
624 --- linux-2.6.21/kernel/kexec.c 2007-04-28 04:02:41.000000000 +0900
625 +++ linux-2.6.21-ccs/kernel/kexec.c 2007-04-28 04:02:47.000000000 +0900
626 @@ -28,6 +28,9 @@
627 #include <asm/io.h>
628 #include <asm/system.h>
629 #include <asm/semaphore.h>
630 +/***** TOMOYO Linux start. *****/
631 +#include <linux/tomoyo.h>
632 +/***** TOMOYO Linux end. *****/
633
634 /* Per cpu memory for storing cpu states in case of system crash. */
635 note_buf_t* crash_notes;
636 @@ -924,6 +927,9 @@ asmlinkage long sys_kexec_load(unsigned
637 /* We only trust the superuser with rebooting the system. */
638 if (!capable(CAP_SYS_BOOT))
639 return -EPERM;
640 + /***** TOMOYO Linux start. *****/
641 + if (CheckCapabilityACL(TOMOYO_SYS_KEXEC_LOAD)) return -EPERM;
642 + /***** TOMOYO Linux end. *****/
643
644 /*
645 * Verify we have a legal set of flags
646 diff -ubBpEr linux-2.6.21/kernel/kmod.c linux-2.6.21-ccs/kernel/kmod.c
647 --- linux-2.6.21/kernel/kmod.c 2007-04-28 04:02:41.000000000 +0900
648 +++ linux-2.6.21-ccs/kernel/kmod.c 2007-05-16 14:30:01.000000000 +0900
649 @@ -166,6 +166,11 @@ static int ____call_usermodehelper(void
650 /* We can run anywhere, unlike our parent keventd(). */
651 set_cpus_allowed(current, CPU_MASK_ALL);
652
653 + /***** TOMOYO Linux start. *****/
654 + current->domain_info = &KERNEL_DOMAIN;
655 + current->tomoyo_flags = 0;
656 + /***** TOMOYO Linux end. *****/
657 +
658 retval = -EPERM;
659 if (current->fs->root)
660 retval = kernel_execve(sub_info->path,
661 diff -ubBpEr linux-2.6.21/kernel/module.c linux-2.6.21-ccs/kernel/module.c
662 --- linux-2.6.21/kernel/module.c 2007-04-28 04:02:41.000000000 +0900
663 +++ linux-2.6.21-ccs/kernel/module.c 2007-04-28 04:02:47.000000000 +0900
664 @@ -44,6 +44,9 @@
665 #include <asm/semaphore.h>
666 #include <asm/cacheflush.h>
667 #include <linux/license.h>
668 +/***** TOMOYO Linux start. *****/
669 +#include <linux/tomoyo.h>
670 +/***** TOMOYO Linux end. *****/
671
672 #if 0
673 #define DEBUGP printk
674 @@ -662,6 +665,9 @@ sys_delete_module(const char __user *nam
675
676 if (!capable(CAP_SYS_MODULE))
677 return -EPERM;
678 + /***** TOMOYO Linux start. *****/
679 + if (CheckCapabilityACL(TOMOYO_USE_KERNEL_MODULE)) return -EPERM;
680 + /***** TOMOYO Linux end. *****/
681
682 if (strncpy_from_user(name, name_user, MODULE_NAME_LEN-1) < 0)
683 return -EFAULT;
684 @@ -1983,6 +1989,9 @@ sys_init_module(void __user *umod,
685 /* Must have permission */
686 if (!capable(CAP_SYS_MODULE))
687 return -EPERM;
688 + /***** TOMOYO Linux start. *****/
689 + if (CheckCapabilityACL(TOMOYO_USE_KERNEL_MODULE)) return -EPERM;
690 + /***** TOMOYO Linux end. *****/
691
692 /* Only one module load at a time, please */
693 if (mutex_lock_interruptible(&module_mutex) != 0)
694 diff -ubBpEr linux-2.6.21/kernel/sched.c linux-2.6.21-ccs/kernel/sched.c
695 --- linux-2.6.21/kernel/sched.c 2007-04-28 04:02:41.000000000 +0900
696 +++ linux-2.6.21-ccs/kernel/sched.c 2007-04-28 04:02:47.000000000 +0900
697 @@ -55,6 +55,9 @@
698 #include <asm/tlb.h>
699
700 #include <asm/unistd.h>
701 +/***** TOMOYO Linux start. *****/
702 +#include <linux/tomoyo.h>
703 +/***** TOMOYO Linux end. *****/
704
705 /*
706 * Scheduler clock - returns current time in nanosec units.
707 @@ -3960,6 +3963,9 @@ int can_nice(const struct task_struct *p
708 asmlinkage long sys_nice(int increment)
709 {
710 long nice, retval;
711 + /***** TOMOYO Linux start. *****/
712 + if (CheckCapabilityACL(TOMOYO_SYS_NICE)) return -EPERM;
713 + /***** TOMOYO Linux end. *****/
714
715 /*
716 * Setpriority might change our priority at the same moment.
717 diff -ubBpEr linux-2.6.21/kernel/signal.c linux-2.6.21-ccs/kernel/signal.c
718 --- linux-2.6.21/kernel/signal.c 2007-04-28 04:02:41.000000000 +0900
719 +++ linux-2.6.21-ccs/kernel/signal.c 2007-04-28 04:02:47.000000000 +0900
720 @@ -32,6 +32,9 @@
721 #include <asm/unistd.h>
722 #include <asm/siginfo.h>
723 #include "audit.h" /* audit_signal_info() */
724 +/***** TOMOYO Linux start. *****/
725 +#include <linux/tomoyo.h>
726 +/***** TOMOYO Linux end. *****/
727
728 /*
729 * SLAB caches for signal bits.
730 @@ -2235,6 +2238,10 @@ asmlinkage long
731 sys_kill(int pid, int sig)
732 {
733 struct siginfo info;
734 + /***** TOMOYO Linux start. *****/
735 + if (sig && CheckCapabilityACL(TOMOYO_SYS_KILL) < 0) return -EPERM;
736 + if (sig && CheckSignalACL(sig, pid) < 0) return -EPERM;
737 + /***** TOMOYO Linux end. *****/
738
739 info.si_signo = sig;
740 info.si_errno = 0;
741 @@ -2293,6 +2300,10 @@ asmlinkage long sys_tgkill(int tgid, int
742 /* This is only valid for single tasks */
743 if (pid <= 0 || tgid <= 0)
744 return -EINVAL;
745 + /***** TOMOYO Linux start. *****/
746 + if (sig && CheckCapabilityACL(TOMOYO_SYS_KILL) < 0) return -EPERM;
747 + if (sig && CheckSignalACL(sig, pid) < 0) return -EPERM;
748 + /***** TOMOYO Linux end. *****/
749
750 return do_tkill(tgid, pid, sig);
751 }
752 @@ -2306,6 +2317,10 @@ sys_tkill(int pid, int sig)
753 /* This is only valid for single tasks */
754 if (pid <= 0)
755 return -EINVAL;
756 + /***** TOMOYO Linux start. *****/
757 + if (sig && CheckCapabilityACL(TOMOYO_SYS_KILL) < 0) return -EPERM;
758 + if (sig && CheckSignalACL(sig, pid) < 0) return -EPERM;
759 + /***** TOMOYO Linux end. *****/
760
761 return do_tkill(0, pid, sig);
762 }
763 diff -ubBpEr linux-2.6.21/kernel/sys.c linux-2.6.21-ccs/kernel/sys.c
764 --- linux-2.6.21/kernel/sys.c 2007-04-28 04:02:41.000000000 +0900
765 +++ linux-2.6.21-ccs/kernel/sys.c 2007-04-28 04:02:47.000000000 +0900
766 @@ -37,6 +37,9 @@
767 #include <asm/uaccess.h>
768 #include <asm/io.h>
769 #include <asm/unistd.h>
770 +/***** TOMOYO Linux start. *****/
771 +#include <linux/tomoyo.h>
772 +/***** TOMOYO Linux end. *****/
773
774 #ifndef SET_UNALIGN_CTL
775 # define SET_UNALIGN_CTL(a,b) (-EINVAL)
776 @@ -600,6 +603,9 @@ asmlinkage long sys_setpriority(int whic
777
778 if (which > 2 || which < 0)
779 goto out;
780 + /***** TOMOYO Linux start. *****/
781 + if (CheckCapabilityACL(TOMOYO_SYS_NICE)) return -EPERM;
782 + /***** TOMOYO Linux end. *****/
783
784 /* normalize: avoid signed division (rounding problems) */
785 error = -ESRCH;
786 @@ -830,6 +836,9 @@ asmlinkage long sys_reboot(int magic1, i
787 magic2 != LINUX_REBOOT_MAGIC2B &&
788 magic2 != LINUX_REBOOT_MAGIC2C))
789 return -EINVAL;
790 + /***** TOMOYO Linux start. *****/
791 + if (CheckCapabilityACL(TOMOYO_SYS_REBOOT)) return -EPERM;
792 + /***** TOMOYO Linux end. *****/
793
794 /* Instead of trying to make the power_off code look like
795 * halt when pm_power_off is not set do it the easy way.
796 @@ -1806,6 +1815,9 @@ asmlinkage long sys_sethostname(char __u
797 return -EPERM;
798 if (len < 0 || len > __NEW_UTS_LEN)
799 return -EINVAL;
800 + /***** TOMOYO Linux start. *****/
801 + if (CheckCapabilityACL(TOMOYO_SYS_SETHOSTNAME)) return -EPERM;
802 + /***** TOMOYO Linux end. *****/
803 down_write(&uts_sem);
804 errno = -EFAULT;
805 if (!copy_from_user(tmp, name, len)) {
806 @@ -1851,6 +1863,9 @@ asmlinkage long sys_setdomainname(char _
807 return -EPERM;
808 if (len < 0 || len > __NEW_UTS_LEN)
809 return -EINVAL;
810 + /***** TOMOYO Linux start. *****/
811 + if (CheckCapabilityACL(TOMOYO_SYS_SETHOSTNAME)) return -EPERM;
812 + /***** TOMOYO Linux end. *****/
813
814 down_write(&uts_sem);
815 errno = -EFAULT;
816 diff -ubBpEr linux-2.6.21/kernel/sysctl.c linux-2.6.21-ccs/kernel/sysctl.c
817 --- linux-2.6.21/kernel/sysctl.c 2007-04-28 04:02:41.000000000 +0900
818 +++ linux-2.6.21-ccs/kernel/sysctl.c 2007-04-28 04:02:47.000000000 +0900
819 @@ -48,6 +48,9 @@
820
821 #include <asm/uaccess.h>
822 #include <asm/processor.h>
823 +/***** TOMOYO Linux start. *****/
824 +#include <linux/tomoyo.h>
825 +/***** TOMOYO Linux end. *****/
826
827 extern int proc_nr_files(ctl_table *table, int write, struct file *filp,
828 void __user *buffer, size_t *lenp, loff_t *ppos);
829 @@ -1088,6 +1091,81 @@ struct ctl_table_header *sysctl_head_nex
830 }
831
832 #ifdef CONFIG_SYSCTL_SYSCALL
833 +
834 +/***** TOMOYO Linux start. *****/
835 +static int try_parse_table(int __user *name, int nlen, void __user *oldval, void __user *newval, ctl_table *table)
836 +{
837 + int n;
838 + int error = -ENOMEM;
839 + int op = 0;
840 + char *buffer = kmalloc(PAGE_SIZE, GFP_KERNEL);
841 + if (oldval) op |= 004;
842 + if (newval) op |= 002;
843 + if (!op) { /* Neither read nor write */
844 + error = 0;
845 + goto out;
846 + }
847 + if (!buffer) goto out;
848 + memset(buffer, 0, PAGE_SIZE);
849 + snprintf(buffer, PAGE_SIZE - 1, "/proc/sys");
850 + repeat:
851 + if (!nlen) {
852 + error = -ENOTDIR;
853 + goto out;
854 + }
855 + if (get_user(n, name)) {
856 + error = -EFAULT;
857 + goto out;
858 + }
859 + for ( ; table->ctl_name || table->procname; table++) {
860 + if (n == table->ctl_name && n) {
861 + int pos = strlen(buffer);
862 + const char *cp = table->procname;
863 + error = -ENOMEM;
864 + if (cp) {
865 + if (pos + 1 >= PAGE_SIZE - 1) goto out;
866 + buffer[pos++] = '/';
867 + while (*cp) {
868 + const unsigned char c = * (const unsigned char *) cp;
869 + if (c == '\\') {
870 + if (pos + 2 >= PAGE_SIZE - 1) goto out;
871 + buffer[pos++] = '\\';
872 + buffer[pos++] = '\\';
873 + } else if (c > ' ' && c < 127) {
874 + if (pos + 1 >= PAGE_SIZE - 1) goto out;
875 + buffer[pos++] = c;
876 + } else {
877 + if (pos + 4 >= PAGE_SIZE - 1) goto out;
878 + buffer[pos++] = '\\';
879 + buffer[pos++] = (c >> 6) + '0';
880 + buffer[pos++] = ((c >> 3) & 7) + '0';
881 + buffer[pos++] = (c & 7) + '0';
882 + }
883 + cp++;
884 + }
885 + } else {
886 + /* Assume nobody assigns "=\$=" for procname. */
887 + snprintf(buffer + pos, PAGE_SIZE - pos - 1, "/=%d=", n);
888 + if (memchr(buffer, '\0', PAGE_SIZE - 2) == NULL) goto out;
889 + }
890 + if (table->child) {
891 + name++;
892 + nlen--;
893 + table = table->child;
894 + goto repeat;
895 + }
896 + /* printk("sysctl='%s'\n", buffer); */
897 + error = CheckFilePerm(buffer, op, "sysctl");
898 + goto out;
899 + }
900 + }
901 + error = -ENOTDIR;
902 + out:
903 + kfree(buffer);
904 + return error;
905 +}
906 +/***** TOMOYO Linux end. *****/
907 +
908 int do_sysctl(int __user *name, int nlen, void __user *oldval, size_t __user *oldlenp,
909 void __user *newval, size_t newlen)
910 {
911 @@ -1104,6 +1182,9 @@ int do_sysctl(int __user *name, int nlen
912
913 for (head = sysctl_head_next(NULL); head;
914 head = sysctl_head_next(head)) {
915 + /***** TOMOYO Linux start. *****/
916 + if ((error = try_parse_table(name, nlen, oldval, newval, head->ctl_table)) == 0)
917 + /***** TOMOYO Linux end. *****/
918 error = parse_table(name, nlen, oldval, oldlenp,
919 newval, newlen, head->ctl_table);
920 if (error != -ENOTDIR) {
921 diff -ubBpEr linux-2.6.21/kernel/time/ntp.c linux-2.6.21-ccs/kernel/time/ntp.c
922 --- linux-2.6.21/kernel/time/ntp.c 2007-04-28 04:02:41.000000000 +0900
923 +++ linux-2.6.21-ccs/kernel/time/ntp.c 2007-04-28 04:02:47.000000000 +0900
924 @@ -14,6 +14,9 @@
925
926 #include <asm/div64.h>
927 #include <asm/timex.h>
928 +/***** TOMOYO Linux start. *****/
929 +#include <linux/tomoyo.h>
930 +/***** TOMOYO Linux end. *****/
931
932 /*
933 * Timekeeping variables
934 @@ -203,6 +206,9 @@ int do_adjtimex(struct timex *txc)
935 /* In order to modify anything, you gotta be super-user! */
936 if (txc->modes && !capable(CAP_SYS_TIME))
937 return -EPERM;
938 + /***** TOMOYO Linux start. *****/
939 + if (txc->modes && CheckCapabilityACL(TOMOYO_SYS_SETTIME)) return -EPERM;
940 + /***** TOMOYO Linux end. *****/
941
942 /* Now we validate the data before disabling interrupts */
943
944 diff -ubBpEr linux-2.6.21/kernel/time.c linux-2.6.21-ccs/kernel/time.c
945 --- linux-2.6.21/kernel/time.c 2007-04-28 04:02:41.000000000 +0900
946 +++ linux-2.6.21-ccs/kernel/time.c 2007-04-28 04:02:47.000000000 +0900
947 @@ -39,6 +39,9 @@
948
949 #include <asm/uaccess.h>
950 #include <asm/unistd.h>
951 +/***** TOMOYO Linux start. *****/
952 +#include <linux/tomoyo.h>
953 +/***** TOMOYO Linux end. *****/
954
955 /*
956 * The timezone where the local system is located. Used as a default by some
957 @@ -91,6 +94,9 @@ asmlinkage long sys_stime(time_t __user
958 err = security_settime(&tv, NULL);
959 if (err)
960 return err;
961 + /***** TOMOYO Linux start. *****/
962 + if (CheckCapabilityACL(TOMOYO_SYS_SETTIME)) return -EPERM;
963 + /***** TOMOYO Linux end. *****/
964
965 do_settimeofday(&tv);
966 return 0;
967 @@ -161,6 +167,9 @@ int do_sys_settimeofday(struct timespec
968 error = security_settime(tv, tz);
969 if (error)
970 return error;
971 + /***** TOMOYO Linux start. *****/
972 + if (CheckCapabilityACL(TOMOYO_SYS_SETTIME)) return -EPERM;
973 + /***** TOMOYO Linux end. *****/
974
975 if (tz) {
976 /* SMP safe, global irq locking makes it work. */
977 diff -ubBpEr linux-2.6.21/net/core/datagram.c linux-2.6.21-ccs/net/core/datagram.c
978 --- linux-2.6.21/net/core/datagram.c 2007-04-26 12:08:32.000000000 +0900
979 +++ linux-2.6.21-ccs/net/core/datagram.c 2007-08-15 08:45:23.345262744 +0900
980 @@ -56,6 +56,11 @@
981 #include <net/sock.h>
982 #include <net/tcp_states.h>
983
984 +/***** TOMOYO Linux start. *****/
985 +#include <linux/tomoyo.h>
986 +#include <linux/tomoyo_socket.h>
987 +/***** TOMOYO Linux end. *****/
988 +
989 /*
990 * Is a socket 'connection oriented' ?
991 */
992 @@ -178,6 +183,14 @@ struct sk_buff *skb_recv_datagram(struct
993 } else
994 skb = skb_dequeue(&sk->sk_receive_queue);
995
996 + /***** TOMOYO Linux start. *****/
997 + error = CheckSocketRecvDatagramPermission(sk, skb);
998 + if (error) {
999 + skb_free_datagram(sk, skb);
1000 + goto no_packet;
1001 + }
1002 + /***** TOMOYO Linux end. *****/
1003 +
1004 if (skb)
1005 return skb;
1006
1007 diff -ubBpEr linux-2.6.21/net/ipv4/inet_connection_sock.c linux-2.6.21-ccs/net/ipv4/inet_connection_sock.c
1008 --- linux-2.6.21/net/ipv4/inet_connection_sock.c 2007-04-28 04:02:41.000000000 +0900
1009 +++ linux-2.6.21-ccs/net/ipv4/inet_connection_sock.c 2007-04-28 04:02:47.000000000 +0900
1010 @@ -23,6 +23,9 @@
1011 #include <net/route.h>
1012 #include <net/tcp_states.h>
1013 #include <net/xfrm.h>
1014 +/***** SAKURA Linux start. *****/
1015 +#include <linux/sakura.h>
1016 +/***** SAKURA Linux end. *****/
1017
1018 #ifdef INET_CSK_DEBUG
1019 const char inet_csk_timer_bug_msg[] = "inet_csk BUG: unknown timer value\n";
1020 @@ -87,6 +90,9 @@ int inet_csk_get_port(struct inet_hashin
1021 do {
1022 head = &hashinfo->bhash[inet_bhashfn(rover, hashinfo->bhash_size)];
1023 spin_lock(&head->lock);
1024 + /***** SAKURA Linux start. *****/
1025 + if (SAKURA_MayAutobind(rover) < 0) goto next;
1026 + /***** SAKURA Linux end. *****/
1027 inet_bind_bucket_for_each(tb, node, &head->chain)
1028 if (tb->port == rover)
1029 goto next;
1030 diff -ubBpEr linux-2.6.21/net/ipv4/inet_hashtables.c linux-2.6.21-ccs/net/ipv4/inet_hashtables.c
1031 --- linux-2.6.21/net/ipv4/inet_hashtables.c 2007-04-28 04:02:41.000000000 +0900
1032 +++ linux-2.6.21-ccs/net/ipv4/inet_hashtables.c 2007-04-28 04:02:47.000000000 +0900
1033 @@ -22,6 +22,9 @@
1034 #include <net/inet_connection_sock.h>
1035 #include <net/inet_hashtables.h>
1036 #include <net/ip.h>
1037 +/***** SAKURA Linux start. *****/
1038 +#include <linux/sakura.h>
1039 +/***** SAKURA Linux end. *****/
1040
1041 /*
1042 * Allocate and initialize a new local port bind bucket.
1043 @@ -292,6 +295,9 @@ int inet_hash_connect(struct inet_timewa
1044 local_bh_disable();
1045 for (i = 1; i <= range; i++) {
1046 port = low + (i + offset) % range;
1047 + /***** SAKURA Linux start. *****/
1048 + if (SAKURA_MayAutobind(port) < 0) continue;
1049 + /***** SAKURA Linux end. *****/
1050 head = &hinfo->bhash[inet_bhashfn(port, hinfo->bhash_size)];
1051 spin_lock(&head->lock);
1052
1053 diff -ubBpEr linux-2.6.21/net/ipv4/udp.c linux-2.6.21-ccs/net/ipv4/udp.c
1054 --- linux-2.6.21/net/ipv4/udp.c 2007-04-28 04:02:41.000000000 +0900
1055 +++ linux-2.6.21-ccs/net/ipv4/udp.c 2007-05-23 14:50:12.000000000 +0900
1056 @@ -102,6 +102,9 @@
1057 #include <net/checksum.h>
1058 #include <net/xfrm.h>
1059 #include "udp_impl.h"
1060 +/***** SAKURA Linux start. *****/
1061 +#include <linux/sakura.h>
1062 +/***** SAKURA Linux end. *****/
1063
1064 /*
1065 * Snmp MIB for the UDP layer
1066 @@ -162,6 +165,9 @@ int __udp_lib_get_port(struct sock *sk,
1067 result = sysctl_local_port_range[0] +
1068 ((result - sysctl_local_port_range[0]) &
1069 (UDP_HTABLE_SIZE - 1));
1070 + /***** SAKURA Linux start. *****/
1071 + if (SAKURA_MayAutobind(result) < 0) continue;
1072 + /***** SAKURA Linux end. *****/
1073 goto gotit;
1074 }
1075 size = 0;
1076 @@ -180,6 +186,9 @@ int __udp_lib_get_port(struct sock *sk,
1077 result = sysctl_local_port_range[0]
1078 + ((result - sysctl_local_port_range[0]) &
1079 (UDP_HTABLE_SIZE - 1));
1080 + /***** SAKURA Linux start. *****/
1081 + if (SAKURA_MayAutobind(result) < 0) continue;
1082 + /***** SAKURA Linux end. *****/
1083 if (! __udp_lib_lport_inuse(result, udptable))
1084 break;
1085 }
1086 diff -ubBpEr linux-2.6.21/net/ipv6/inet6_hashtables.c linux-2.6.21-ccs/net/ipv6/inet6_hashtables.c
1087 --- linux-2.6.21/net/ipv6/inet6_hashtables.c 2007-04-28 04:02:41.000000000 +0900
1088 +++ linux-2.6.21-ccs/net/ipv6/inet6_hashtables.c 2007-04-28 04:02:47.000000000 +0900
1089 @@ -21,6 +21,9 @@
1090 #include <net/inet_hashtables.h>
1091 #include <net/inet6_hashtables.h>
1092 #include <net/ip.h>
1093 +/***** SAKURA Linux start. *****/
1094 +#include <linux/sakura.h>
1095 +/***** SAKURA Linux end. *****/
1096
1097 void __inet6_hash(struct inet_hashinfo *hashinfo,
1098 struct sock *sk)
1099 @@ -266,6 +269,9 @@ int inet6_hash_connect(struct inet_timew
1100 local_bh_disable();
1101 for (i = 1; i <= range; i++) {
1102 port = low + (i + offset) % range;
1103 + /***** SAKURA Linux start. *****/
1104 + if (SAKURA_MayAutobind(port) < 0) continue;
1105 + /***** SAKURA Linux end. *****/
1106 head = &hinfo->bhash[inet_bhashfn(port, hinfo->bhash_size)];
1107 spin_lock(&head->lock);
1108
1109 diff -ubBpEr linux-2.6.21/net/socket.c linux-2.6.21-ccs/net/socket.c
1110 --- linux-2.6.21/net/socket.c 2007-04-28 04:02:41.000000000 +0900
1111 +++ linux-2.6.21-ccs/net/socket.c 2007-08-14 10:46:32.000000000 +0900
1112 @@ -93,6 +93,11 @@
1113 #include <net/sock.h>
1114 #include <linux/netfilter.h>
1115
1116 +/***** TOMOYO Linux start. *****/
1117 +#include <linux/tomoyo.h>
1118 +#include <linux/tomoyo_socket.h>
1119 +/***** TOMOYO Linux end. *****/
1120 +
1121 static int sock_no_open(struct inode *irrelevant, struct file *dontcare);
1122 static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov,
1123 unsigned long nr_segs, loff_t pos);
1124 @@ -549,6 +554,9 @@ static inline int __sock_sendmsg(struct
1125 err = security_socket_sendmsg(sock, msg, size);
1126 if (err)
1127 return err;
1128 + /***** TOMOYO Linux start. *****/
1129 + if (CheckSocketSendMsgPermission(sock, (struct sockaddr *) msg->msg_name, msg->msg_namelen)) return -EPERM;
1130 + /***** TOMOYO Linux start. *****/
1131
1132 return sock->ops->sendmsg(iocb, sock, msg, size);
1133 }
1134 @@ -1070,6 +1078,10 @@ static int __sock_create(int family, int
1135 family = PF_PACKET;
1136 }
1137
1138 + /***** TOMOYO Linux start. *****/
1139 + if ((err = CheckSocketCreatePermission(family, type, protocol)) < 0) return err;
1140 + /***** TOMOYO Linux end. *****/
1141 +
1142 err = security_socket_create(family, type, protocol, kern);
1143 if (err)
1144 return err;
1145 @@ -1298,6 +1310,9 @@ asmlinkage long sys_bind(int fd, struct
1146 err = security_socket_bind(sock,
1147 (struct sockaddr *)address,
1148 addrlen);
1149 + /***** TOMOYO Linux start. *****/
1150 + if (!err) err = CheckSocketBindPermission(sock, (struct sockaddr *) address, addrlen);
1151 + /***** TOMOYO Linux end. *****/
1152 if (!err)
1153 err = sock->ops->bind(sock,
1154 (struct sockaddr *)
1155 @@ -1327,6 +1342,9 @@ asmlinkage long sys_listen(int fd, int b
1156 backlog = sysctl_somaxconn;
1157
1158 err = security_socket_listen(sock, backlog);
1159 + /***** TOMOYO Linux start. *****/
1160 + if (!err) err = CheckSocketListenPermission(sock);
1161 + /***** TOMOYO Linux end. *****/
1162 if (!err)
1163 err = sock->ops->listen(sock, backlog);
1164
1165 @@ -1391,6 +1409,12 @@ asmlinkage long sys_accept(int fd, struc
1166 if (err < 0)
1167 goto out_fd;
1168
1169 + /***** TOMOYO Linux start. *****/
1170 + if (CheckSocketAcceptPermission(newsock, (struct sockaddr *) address)) {
1171 + err = -ECONNABORTED; /* Hope less harmful than -EPERM. */
1172 + goto out_fd;
1173 + }
1174 + /***** TOMOYO Linux end. *****/
1175 if (upeer_sockaddr) {
1176 if (newsock->ops->getname(newsock, (struct sockaddr *)address,
1177 &len, 2) < 0) {
1178 @@ -1455,6 +1479,10 @@ asmlinkage long sys_connect(int fd, stru
1179 security_socket_connect(sock, (struct sockaddr *)address, addrlen);
1180 if (err)
1181 goto out_put;
1182 + /***** TOMOYO Linux start. *****/
1183 + err = CheckSocketConnectPermission(sock, (struct sockaddr *) address, addrlen);
1184 + if (err) goto out_put;
1185 + /***** TOMOYO Linux end. *****/
1186
1187 err = sock->ops->connect(sock, (struct sockaddr *)address, addrlen,
1188 sock->file->f_flags);
1189 diff -ubBpEr linux-2.6.21/net/unix/af_unix.c linux-2.6.21-ccs/net/unix/af_unix.c
1190 --- linux-2.6.21/net/unix/af_unix.c 2007-04-28 04:02:41.000000000 +0900
1191 +++ linux-2.6.21-ccs/net/unix/af_unix.c 2007-04-28 04:02:47.000000000 +0900
1192 @@ -116,6 +116,9 @@
1193 #include <linux/mount.h>
1194 #include <net/checksum.h>
1195 #include <linux/security.h>
1196 +/***** TOMOYO Linux start. *****/
1197 +#include <linux/tomoyo.h>
1198 +/***** TOMOYO Linux end. *****/
1199
1200 int sysctl_unix_max_dgram_qlen __read_mostly = 10;
1201
1202 @@ -765,6 +768,10 @@ static int unix_bind(struct socket *sock
1203 err = unix_autobind(sock);
1204 goto out;
1205 }
1206 + /***** TOMOYO Linux start. *****/
1207 + err = -EPERM;
1208 + if (sunaddr->sun_path[0] && CheckCapabilityACL(TOMOYO_CREATE_UNIX_SOCKET)) goto out;
1209 + /***** TOMOYO Linux end. *****/
1210
1211 err = unix_mkname(sunaddr, addr_len, &hash);
1212 if (err < 0)
1213 @@ -808,6 +815,9 @@ static int unix_bind(struct socket *sock
1214 */
1215 mode = S_IFSOCK |
1216 (SOCK_INODE(sock)->i_mode & ~current->fs->umask);
1217 + /***** TOMOYO Linux start. *****/
1218 + if ((err = pre_vfs_mknod(nd.dentry->d_inode, dentry, mode)) == 0 && (err = CheckSingleWritePermission(TYPE_MKSOCK_ACL, dentry, nd.mnt)) == 0)
1219 + /***** TOMOYO Linux end. *****/
1220 err = vfs_mknod(nd.dentry->d_inode, dentry, mode, 0);
1221 if (err)
1222 goto out_mknod_dput;
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
サイト情報
ソフトウェアを探す
ソフトウェアを作る
コミュニティ
ヘルプ