オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/trunk/1.8.x/ccs-patch/patches/ccs-patch-2.6.25-suse-11.0.diff

Contents of /trunk/1.8.x/ccs-patch/patches/ccs-patch-2.6.25-suse-11.0.diff

Parent Directory Parent Directory | Revision Log Revision Log

Revision 2278 - (show annotations) (download) (as text)
Wed Mar 18 08:12:58 2009 UTC (15 years, 2 months ago) by kumaneko
Original Path: trunk/1.6.x/ccs-patch/patches/ccs-patch-2.6.25-suse-11.0.diff
File MIME type: text/x-diff
File size: 45099 byte(s) 
Remove '#ifdef TOMOYO_SYS_PTRACE'
1 This is TOMOYO Linux patch for openSUSE 11.0.
2
3 Source code for this patch is http://download.opensuse.org/update/11.0/rpm/i586/kernel-source-2.6.25.20-0.1.i586.rpm
4 ---
5 arch/ia64/ia32/sys_ia32.c | 7 ++
6 arch/mips/kernel/ptrace32.c | 7 ++
7 arch/s390/kernel/ptrace.c | 7 ++
8 arch/x86/kernel/ptrace.c | 7 ++
9 fs/Kconfig | 2
10 fs/Makefile | 2
11 fs/attr.c | 19 ++++++
12 fs/compat.c | 5 +
13 fs/compat_ioctl.c | 9 ++
14 fs/exec.c | 20 ++++++
15 fs/fcntl.c | 9 ++
16 fs/ioctl.c | 7 ++
17 fs/namei.c | 122 ++++++++++++++++++++++++++++++++++++++++
18 fs/namespace.c | 49 ++++++++++++++++
19 fs/open.c | 29 +++++++++
20 fs/proc/Makefile | 3
21 fs/proc/proc_misc.c | 5 +
22 include/linux/init_task.h | 4 +
23 include/linux/sched.h | 9 ++
24 kernel/compat.c | 7 ++
25 kernel/kexec.c | 7 ++
26 kernel/kmod.c | 5 +
27 kernel/module.c | 11 +++
28 kernel/ptrace.c | 11 +++
29 kernel/sched.c | 7 ++
30 kernel/signal.c | 21 ++++++
31 kernel/sys.c | 21 ++++++
32 kernel/sysctl.c | 95 +++++++++++++++++++++++++++++++
33 kernel/time.c | 11 +++
34 kernel/time/ntp.c | 7 ++
35 net/core/datagram.c | 11 +++
36 net/ipv4/inet_connection_sock.c | 7 ++
37 net/ipv4/inet_hashtables.c | 7 ++
38 net/ipv4/udp.c | 10 +++
39 net/socket.c | 41 +++++++++++++
40 net/unix/af_unix.c | 15 ++++
41 36 files changed, 614 insertions(+), 2 deletions(-)
42
43 --- linux-2.6.25.20-0.1.orig/arch/ia64/ia32/sys_ia32.c
44 +++ linux-2.6.25.20-0.1/arch/ia64/ia32/sys_ia32.c
45 @@ -50,6 +50,9 @@
46 #include <asm/types.h>
47 #include <asm/uaccess.h>
48 #include <asm/unistd.h>
49 +/***** TOMOYO Linux start. *****/
50 +#include <linux/tomoyo.h>
51 +/***** TOMOYO Linux end. *****/
52
53 #include "ia32priv.h"
54
55 @@ -1753,6 +1756,10 @@ sys32_ptrace (int request, pid_t pid, un
56 struct task_struct *child;
57 unsigned int value, tmp;
58 long i, ret;
59 + /***** TOMOYO Linux start. *****/
60 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
61 + return -EPERM;
62 + /***** TOMOYO Linux end. *****/
63
64 lock_kernel();
65 if (request == PTRACE_TRACEME) {
66 --- linux-2.6.25.20-0.1.orig/arch/mips/kernel/ptrace32.c
67 +++ linux-2.6.25.20-0.1/arch/mips/kernel/ptrace32.c
68 @@ -35,6 +35,9 @@
69 #include <asm/system.h>
70 #include <asm/uaccess.h>
71 #include <asm/bootinfo.h>
72 +/***** TOMOYO Linux start. *****/
73 +#include <linux/tomoyo.h>
74 +/***** TOMOYO Linux end. *****/
75
76 int ptrace_getregs(struct task_struct *child, __s64 __user *data);
77 int ptrace_setregs(struct task_struct *child, __s64 __user *data);
78 @@ -50,6 +53,10 @@ asmlinkage int sys32_ptrace(int request,
79 {
80 struct task_struct *child;
81 int ret;
82 + /***** TOMOYO Linux start. *****/
83 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
84 + return -EPERM;
85 + /***** TOMOYO Linux end. *****/
86
87 #if 0
88 printk("ptrace(r=%d,pid=%d,addr=%08lx,data=%08lx)\n",
89 --- linux-2.6.25.20-0.1.orig/arch/s390/kernel/ptrace.c
90 +++ linux-2.6.25.20-0.1/arch/s390/kernel/ptrace.c
91 @@ -41,6 +41,9 @@
92 #include <asm/system.h>
93 #include <asm/uaccess.h>
94 #include <asm/unistd.h>
95 +/***** TOMOYO Linux start. *****/
96 +#include <linux/tomoyo.h>
97 +/***** TOMOYO Linux end. *****/
98
99 #ifdef CONFIG_COMPAT
100 #include "compat_ptrace.h"
101 @@ -698,6 +701,10 @@ sys_ptrace(long request, long pid, long
102 struct task_struct *child;
103 int ret;
104
105 + /***** TOMOYO Linux start. *****/
106 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
107 + return -EPERM;
108 + /***** TOMOYO Linux end. *****/
109 lock_kernel();
110 if (request == PTRACE_TRACEME) {
111 ret = ptrace_traceme();
112 --- linux-2.6.25.20-0.1.orig/arch/x86/kernel/ptrace.c
113 +++ linux-2.6.25.20-0.1/arch/x86/kernel/ptrace.c
114 @@ -32,6 +32,9 @@
115 #include <asm/prctl.h>
116 #include <asm/proto.h>
117 #include <asm/ds.h>
118 +/***** TOMOYO Linux start. *****/
119 +#include <linux/tomoyo.h>
120 +/***** TOMOYO Linux end. *****/
121
122 #include "tls.h"
123
124 @@ -1240,6 +1243,10 @@ asmlinkage long sys32_ptrace(long reques
125 void __user *datap = compat_ptr(data);
126 int ret;
127 __u32 val;
128 + /***** TOMOYO Linux start. *****/
129 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
130 + return -EPERM;
131 + /***** TOMOYO Linux end. *****/
132
133 switch (request) {
134 case PTRACE_TRACEME:
135 --- linux-2.6.25.20-0.1.orig/fs/Kconfig
136 +++ linux-2.6.25.20-0.1/fs/Kconfig
137 @@ -2187,4 +2187,6 @@ endif
138 source "fs/nls/Kconfig"
139 source "fs/dlm/Kconfig"
140
141 +source "fs/Kconfig.ccs"
142 +
143 endmenu
144 --- linux-2.6.25.20-0.1.orig/fs/Makefile
145 +++ linux-2.6.25.20-0.1/fs/Makefile
146 @@ -125,3 +125,5 @@ obj-$(CONFIG_OCFS2_FS) += ocfs2/
147 obj-$(CONFIG_GFS2_FS) += gfs2/
148 obj-$(CONFIG_NOVFS) += novfs/
149 obj-$(CONFIG_SQUASHFS) += squashfs/
150 +
151 +include $(srctree)/fs/Makefile-2.6.ccs
152 --- linux-2.6.25.20-0.1.orig/fs/attr.c
153 +++ linux-2.6.25.20-0.1/fs/attr.c
154 @@ -14,6 +14,9 @@
155 #include <linux/fcntl.h>
156 #include <linux/quotaops.h>
157 #include <linux/security.h>
158 +/***** TOMOYO Linux start. *****/
159 +#include <linux/tomoyo.h>
160 +/***** TOMOYO Linux end. *****/
161
162 /* Taken over from the old code... */
163
164 @@ -160,6 +163,14 @@ int fnotify_change(struct dentry *dentry
165
166 if (inode->i_op && inode->i_op->setattr) {
167 error = security_inode_setattr(dentry, mnt, attr);
168 + /***** TOMOYO Linux start. *****/
169 + if (!error && (ia_valid & ATTR_MODE) &&
170 + !ccs_capable(TOMOYO_SYS_CHMOD))
171 + error = -EPERM;
172 + if (!error && (ia_valid & (ATTR_UID | ATTR_GID)) &&
173 + !ccs_capable(TOMOYO_SYS_CHOWN))
174 + error = -EPERM;
175 + /***** TOMOYO Linux end. *****/
176 if (!error) {
177 if (file && file->f_op && file->f_op->fsetattr)
178 error = file->f_op->fsetattr(file, attr);
179 @@ -181,6 +192,14 @@ int fnotify_change(struct dentry *dentry
180 error = inode_change_ok(inode, attr);
181 if (!error)
182 error = security_inode_setattr(dentry, mnt, attr);
183 + /***** TOMOYO Linux start. *****/
184 + if (!error && (ia_valid & ATTR_MODE) &&
185 + !ccs_capable(TOMOYO_SYS_CHMOD))
186 + error = -EPERM;
187 + if (!error && (ia_valid & (ATTR_UID | ATTR_GID)) &&
188 + !ccs_capable(TOMOYO_SYS_CHOWN))
189 + error = -EPERM;
190 + /***** TOMOYO Linux end. *****/
191 if (!error) {
192 if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) ||
193 (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid))
194 --- linux-2.6.25.20-0.1.orig/fs/compat.c
195 +++ linux-2.6.25.20-0.1/fs/compat.c
196 @@ -55,6 +55,9 @@
197 #include <asm/mmu_context.h>
198 #include <asm/ioctls.h>
199 #include "internal.h"
200 +/***** TOMOYO Linux start. *****/
201 +#include <linux/tomoyo.h>
202 +/***** TOMOYO Linux end. *****/
203
204 int compat_log = 1;
205
206 @@ -1399,7 +1402,7 @@ int compat_do_execve(char * filename,
207 if (retval < 0)
208 goto out;
209
210 - retval = search_binary_handler(bprm, regs);
211 + retval = search_binary_handler_with_transition(bprm, regs);
212 if (retval >= 0) {
213 /* execve success */
214 security_bprm_free(bprm);
215 --- linux-2.6.25.20-0.1.orig/fs/compat_ioctl.c
216 +++ linux-2.6.25.20-0.1/fs/compat_ioctl.c
217 @@ -120,6 +120,9 @@
218 #include <xen/public/privcmd.h>
219 #include <xen/compat_ioctl.h>
220 #endif
221 +/***** TOMOYO Linux start. *****/
222 +#include <linux/tomoyo.h>
223 +/***** TOMOYO Linux end. *****/
224
225 static int do_ioctl32_pointer(unsigned int fd, unsigned int cmd,
226 unsigned long arg, struct file *f)
227 @@ -2930,6 +2933,12 @@ asmlinkage long compat_sys_ioctl(unsigne
228 /*FALL THROUGH*/
229
230 default:
231 + /***** TOMOYO Linux start. *****/
232 + if (!ccs_capable(TOMOYO_SYS_IOCTL)) {
233 + error = -EPERM;
234 + goto out_fput;
235 + }
236 + /***** TOMOYO Linux end. *****/
237 if (filp->f_op && filp->f_op->compat_ioctl) {
238 error = filp->f_op->compat_ioctl(filp, cmd, arg);
239 if (error != -ENOIOCTLCMD)
240 --- linux-2.6.25.20-0.1.orig/fs/exec.c
241 +++ linux-2.6.25.20-0.1/fs/exec.c
242 @@ -60,6 +60,10 @@
243 #include <linux/kmod.h>
244 #endif
245
246 +/***** TOMOYO Linux start. *****/
247 +#include <linux/tomoyo.h>
248 +/***** TOMOYO Linux end. *****/
249 +
250 int core_uses_pid;
251 char core_pattern[CORENAME_MAX_SIZE] = "core";
252 int suid_dumpable = 0;
253 @@ -118,6 +122,12 @@ asmlinkage long sys_uselib(const char __
254 error = vfs_permission(&nd, MAY_READ | MAY_EXEC);
255 if (error)
256 goto exit;
257 + /***** TOMOYO Linux start. *****/
258 + /* 01 means "read". */
259 + error = ccs_check_open_permission(nd.path.dentry, nd.path.mnt, 01);
260 + if (error)
261 + goto exit;
262 + /***** TOMOYO Linux end. *****/
263
264 file = nameidata_to_filp(&nd, O_RDONLY|O_LARGEFILE);
265 error = PTR_ERR(file);
266 @@ -664,6 +674,14 @@ struct file *open_exec(const char *name)
267 file = ERR_PTR(-EACCES);
268 if (S_ISREG(inode->i_mode)) {
269 int err = vfs_permission(&nd, MAY_EXEC);
270 + /***** TOMOYO Linux start. *****/
271 + if (!err && (current->tomoyo_flags &
272 + TOMOYO_CHECK_READ_FOR_OPEN_EXEC))
273 + /* 01 means "read". */
274 + err = ccs_check_open_permission(nd.path.dentry,
275 + nd.path.mnt,
276 + 01);
277 + /***** TOMOYO Linux end. *****/
278 file = ERR_PTR(err);
279 if (!err) {
280 file = nameidata_to_filp(&nd,
281 @@ -1336,7 +1354,7 @@ int do_execve(char * filename,
282 goto out;
283 bprm->argv_len = env_p - bprm->p;
284
285 - retval = search_binary_handler(bprm,regs);
286 + retval = search_binary_handler_with_transition(bprm, regs);
287 if (retval >= 0) {
288 /* execve success */
289 free_arg_pages(bprm);
290 --- linux-2.6.25.20-0.1.orig/fs/fcntl.c
291 +++ linux-2.6.25.20-0.1/fs/fcntl.c
292 @@ -23,6 +23,9 @@
293 #include <asm/poll.h>
294 #include <asm/siginfo.h>
295 #include <asm/uaccess.h>
296 +/***** TOMOYO Linux start. *****/
297 +#include <linux/tomoyo.h>
298 +/***** TOMOYO Linux end. *****/
299
300 void set_close_on_exec(unsigned int fd, int flag)
301 {
302 @@ -217,6 +220,12 @@ static int setfl(int fd, struct file * f
303 if (((arg ^ filp->f_flags) & O_APPEND) && IS_APPEND(inode))
304 return -EPERM;
305
306 + /***** TOMOYO Linux start. *****/
307 + if (((arg ^ filp->f_flags) & O_APPEND) &&
308 + ccs_check_rewrite_permission(filp))
309 + return -EPERM;
310 + /***** TOMOYO Linux end. *****/
311 +
312 /* O_NOATIME can only be set by the owner or superuser */
313 if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME))
314 if (!is_owner_or_cap(inode))
315 --- linux-2.6.25.20-0.1.orig/fs/ioctl.c
316 +++ linux-2.6.25.20-0.1/fs/ioctl.c
317 @@ -15,6 +15,9 @@
318 #include <linux/uaccess.h>
319
320 #include <asm/ioctls.h>
321 +/***** TOMOYO Linux start. *****/
322 +#include <linux/tomoyo.h>
323 +/***** TOMOYO Linux end. *****/
324
325 /**
326 * vfs_ioctl - call filesystem specific ioctl methods
327 @@ -35,6 +38,10 @@ long vfs_ioctl(struct file *filp, unsign
328
329 if (!filp->f_op)
330 goto out;
331 + /***** TOMOYO Linux start. *****/
332 + if (!ccs_capable(TOMOYO_SYS_IOCTL))
333 + return -EPERM;
334 + /***** TOMOYO Linux end. *****/
335
336 if (filp->f_op->unlocked_ioctl) {
337 error = filp->f_op->unlocked_ioctl(filp, cmd, arg);
338 --- linux-2.6.25.20-0.1.orig/fs/namei.c
339 +++ linux-2.6.25.20-0.1/fs/namei.c
340 @@ -35,6 +35,10 @@
341
342 #define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE])
343
344 +/***** TOMOYO Linux start. *****/
345 +#include <linux/tomoyo.h>
346 +/***** TOMOYO Linux end. *****/
347 +
348 /* [Feb-1997 T. Schoebel-Theuer]
349 * Fundamental changes in the pathname lookup mechanisms (namei)
350 * were necessary because of omirr. The reason is that omirr needs
351 @@ -1635,6 +1639,14 @@ int vfs_create(struct inode *dir, struct
352 error = security_inode_create(dir, dentry, nd ? nd->path.mnt : NULL, mode);
353 if (error)
354 return error;
355 + /***** TOMOYO Linux start. *****/
356 + if (nd) {
357 + error = ccs_check_1path_perm(TYPE_CREATE_ACL, dentry,
358 + nd->path.mnt);
359 + if (error)
360 + return error;
361 + }
362 + /***** TOMOYO Linux end. *****/
363 DQUOT_INIT(dir);
364 error = dir->i_op->create(dir, dentry, mode, nd);
365 if (!error)
366 @@ -1690,6 +1702,13 @@ int may_open(struct nameidata *nd, int a
367 if (!is_owner_or_cap(inode))
368 return -EPERM;
369
370 + /***** TOMOYO Linux start. *****/
371 + /* includes O_APPEND and O_TRUNC checks */
372 + error = ccs_check_open_permission(dentry, nd->path.mnt, flag);
373 + if (error)
374 + return error;
375 + /***** TOMOYO Linux end. *****/
376 +
377 /*
378 * Ensure there are no outstanding leases on the file.
379 */
380 @@ -1741,6 +1760,9 @@ static int open_namei_create(struct name
381 return may_open(nd, 0, flag & ~O_TRUNC);
382 }
383
384 +/***** TOMOYO Linux start. *****/
385 +#include <linux/tomoyo_vfs.h>
386 +/***** TOMOYO Linux end. *****/
387 /*
388 * open_namei()
389 *
390 @@ -2006,6 +2028,16 @@ asmlinkage long sys_mknodat(int dfd, con
391
392 if (S_ISDIR(mode))
393 return -EPERM;
394 + /***** TOMOYO Linux start. *****/
395 + if (S_ISCHR(mode) && !ccs_capable(TOMOYO_CREATE_CHAR_DEV))
396 + return -EPERM;
397 + if (S_ISBLK(mode) && !ccs_capable(TOMOYO_CREATE_BLOCK_DEV))
398 + return -EPERM;
399 + if (S_ISFIFO(mode) && !ccs_capable(TOMOYO_CREATE_FIFO))
400 + return -EPERM;
401 + if (S_ISSOCK(mode) && !ccs_capable(TOMOYO_CREATE_UNIX_SOCKET))
402 + return -EPERM;
403 + /***** TOMOYO Linux end. *****/
404 tmp = getname(filename);
405 if (IS_ERR(tmp))
406 return PTR_ERR(tmp);
407 @@ -2024,10 +2056,34 @@ asmlinkage long sys_mknodat(int dfd, con
408 error = vfs_create(nd.path.dentry->d_inode,dentry,mode,&nd);
409 break;
410 case S_IFCHR: case S_IFBLK:
411 + /***** TOMOYO Linux start. *****/
412 + error = pre_vfs_mknod(nd.path.dentry->d_inode, dentry,
413 + mode);
414 + if (error)
415 + break;
416 + error = ccs_check_1path_perm(S_ISCHR(mode) ?
417 + TYPE_MKCHAR_ACL :
418 + TYPE_MKBLOCK_ACL,
419 + dentry, nd.path.mnt);
420 + if (error)
421 + break;
422 + /***** TOMOYO Linux end. *****/
423 error = vfs_mknod(nd.path.dentry->d_inode, dentry,
424 nd.path.mnt, mode, new_decode_dev(dev));
425 break;
426 case S_IFIFO: case S_IFSOCK:
427 + /***** TOMOYO Linux start. *****/
428 + error = pre_vfs_mknod(nd.path.dentry->d_inode, dentry,
429 + mode);
430 + if (error)
431 + break;
432 + error = ccs_check_1path_perm(S_ISFIFO(mode) ?
433 + TYPE_MKFIFO_ACL :
434 + TYPE_MKSOCK_ACL,
435 + dentry, nd.path.mnt);
436 + if (error)
437 + break;
438 + /***** TOMOYO Linux end. *****/
439 error = vfs_mknod(nd.path.dentry->d_inode, dentry,
440 nd.path.mnt, mode, 0);
441 break;
442 @@ -2097,6 +2153,13 @@ asmlinkage long sys_mkdirat(int dfd, con
443
444 if (!IS_POSIXACL(nd.path.dentry->d_inode))
445 mode &= ~current->fs->umask;
446 + /***** TOMOYO Linux start. *****/
447 + error = pre_vfs_mkdir(nd.path.dentry->d_inode, dentry);
448 + if (!error)
449 + error = ccs_check_1path_perm(TYPE_MKDIR_ACL, dentry,
450 + nd.path.mnt);
451 + if (!error)
452 + /***** TOMOYO Linux end. *****/
453 error = vfs_mkdir(nd.path.dentry->d_inode, dentry, nd.path.mnt, mode);
454 dput(dentry);
455 out_unlock:
456 @@ -2205,6 +2268,13 @@ static long do_rmdir(int dfd, const char
457 error = PTR_ERR(dentry);
458 if (IS_ERR(dentry))
459 goto exit2;
460 + /***** TOMOYO Linux start. *****/
461 + error = pre_vfs_rmdir(nd.path.dentry->d_inode, dentry);
462 + if (!error)
463 + error = ccs_check_1path_perm(TYPE_RMDIR_ACL, dentry,
464 + nd.path.mnt);
465 + if (!error)
466 + /***** TOMOYO Linux end. *****/
467 error = vfs_rmdir(nd.path.dentry->d_inode, dentry, nd.path.mnt);
468 dput(dentry);
469 exit2:
470 @@ -2265,6 +2335,10 @@ static long do_unlinkat(int dfd, const c
471 struct dentry *dentry;
472 struct nameidata nd;
473 struct inode *inode = NULL;
474 + /***** TOMOYO Linux start. *****/
475 + if (!ccs_capable(TOMOYO_SYS_UNLINK))
476 + return -EPERM;
477 + /***** TOMOYO Linux end. *****/
478
479 name = getname(pathname);
480 if(IS_ERR(name))
481 @@ -2286,6 +2360,15 @@ static long do_unlinkat(int dfd, const c
482 inode = dentry->d_inode;
483 if (inode)
484 atomic_inc(&inode->i_count);
485 + /***** TOMOYO Linux start. *****/
486 + error = pre_vfs_unlink(nd.path.dentry->d_inode, dentry);
487 + if (error)
488 + goto exit2;
489 + error = ccs_check_1path_perm(TYPE_UNLINK_ACL, dentry,
490 + nd.path.mnt);
491 + if (error)
492 + goto exit2;
493 + /***** TOMOYO Linux end. *****/
494 error = vfs_unlink(nd.path.dentry->d_inode, dentry, nd.path.mnt);
495 exit2:
496 dput(dentry);
497 @@ -2351,6 +2434,10 @@ asmlinkage long sys_symlinkat(const char
498 char * to;
499 struct dentry *dentry;
500 struct nameidata nd;
501 + /***** TOMOYO Linux start. *****/
502 + if (!ccs_capable(TOMOYO_SYS_SYMLINK))
503 + return -EPERM;
504 + /***** TOMOYO Linux end. *****/
505
506 from = getname(oldname);
507 if(IS_ERR(from))
508 @@ -2368,6 +2455,13 @@ asmlinkage long sys_symlinkat(const char
509 if (IS_ERR(dentry))
510 goto out_unlock;
511
512 + /***** TOMOYO Linux start. *****/
513 + error = pre_vfs_symlink(nd.path.dentry->d_inode, dentry);
514 + if (!error)
515 + error = ccs_check_1path_perm(TYPE_SYMLINK_ACL, dentry,
516 + nd.path.mnt);
517 + if (!error)
518 + /***** TOMOYO Linux end. *****/
519 error = vfs_symlink(nd.path.dentry->d_inode, dentry, nd.path.mnt, from,
520 S_IALLUGO);
521 dput(dentry);
522 @@ -2442,6 +2536,10 @@ asmlinkage long sys_linkat(int olddfd, c
523 struct nameidata nd, old_nd;
524 int error;
525 char * to;
526 + /***** TOMOYO Linux start. *****/
527 + if (!ccs_capable(TOMOYO_SYS_LINK))
528 + return -EPERM;
529 + /***** TOMOYO Linux end. *****/
530
531 if ((flags & ~AT_SYMLINK_FOLLOW) != 0)
532 return -EINVAL;
533 @@ -2465,6 +2563,15 @@ asmlinkage long sys_linkat(int olddfd, c
534 error = PTR_ERR(new_dentry);
535 if (IS_ERR(new_dentry))
536 goto out_unlock;
537 + /***** TOMOYO Linux start. *****/
538 + error = pre_vfs_link(old_nd.path.dentry, nd.path.dentry->d_inode,
539 + new_dentry);
540 + if (!error)
541 + error = ccs_check_2path_perm(TYPE_LINK_ACL, old_nd.path.dentry,
542 + old_nd.path.mnt, new_dentry,
543 + nd.path.mnt);
544 + if (!error)
545 + /***** TOMOYO Linux end. *****/
546 error = vfs_link(old_nd.path.dentry, old_nd.path.mnt, nd.path.dentry->d_inode,
547 new_dentry, nd.path.mnt);
548 dput(new_dentry);
549 @@ -2698,6 +2805,17 @@ static int do_rename(int olddfd, const c
550 error = -ENOTEMPTY;
551 if (new_dentry == trap)
552 goto exit5;
553 + /***** TOMOYO Linux start. *****/
554 + error = pre_vfs_rename(old_dir->d_inode, old_dentry,
555 + new_dir->d_inode, new_dentry);
556 + if (error)
557 + goto exit5;
558 + error = ccs_check_2path_perm(TYPE_RENAME_ACL, old_dentry,
559 + oldnd.path.mnt, new_dentry,
560 + newnd.path.mnt);
561 + if (error)
562 + goto exit5;
563 + /***** TOMOYO Linux end. *****/
564
565 error = vfs_rename(old_dir->d_inode, old_dentry, oldnd.path.mnt,
566 new_dir->d_inode, new_dentry, newnd.path.mnt);
567 @@ -2721,6 +2839,10 @@ asmlinkage long sys_renameat(int olddfd,
568 int error;
569 char * from;
570 char * to;
571 + /***** TOMOYO Linux start. *****/
572 + if (!ccs_capable(TOMOYO_SYS_RENAME))
573 + return -EPERM;
574 + /***** TOMOYO Linux end. *****/
575
576 from = getname(oldname);
577 if(IS_ERR(from))
578 --- linux-2.6.25.20-0.1.orig/fs/namespace.c
579 +++ linux-2.6.25.20-0.1/fs/namespace.c
580 @@ -30,6 +30,12 @@
581 #include <asm/unistd.h>
582 #include "pnode.h"
583 #include "internal.h"
584 +/***** SAKURA Linux start. *****/
585 +#include <linux/sakura.h>
586 +/***** SAKURA Linux end. *****/
587 +/***** TOMOYO Linux start. *****/
588 +#include <linux/tomoyo.h>
589 +/***** TOMOYO Linux end. *****/
590
591 #define HASH_SHIFT ilog2(PAGE_SIZE / sizeof(struct list_head))
592 #define HASH_SIZE (1UL << HASH_SHIFT)
593 @@ -591,6 +597,11 @@ static int do_umount(struct vfsmount *mn
594 if (retval)
595 return retval;
596
597 + /***** SAKURA Linux start. *****/
598 + if (ccs_may_umount(mnt))
599 + return -EPERM;
600 + /***** SAKURA Linux end. *****/
601 +
602 /*
603 * Allow userspace to request a mountpoint be expired rather than
604 * unmounting unconditionally. Unmount only happens if:
605 @@ -682,6 +693,10 @@ asmlinkage long sys_umount(char __user *
606 {
607 struct nameidata nd;
608 int retval;
609 + /***** TOMOYO Linux start. *****/
610 + if (!ccs_capable(TOMOYO_SYS_UMOUNT))
611 + return -EPERM;
612 + /***** TOMOYO Linux end. *****/
613
614 retval = __user_walk(name, LOOKUP_FOLLOW, &nd);
615 if (retval)
616 @@ -991,6 +1006,11 @@ static noinline int do_loopback(struct n
617 err = -EINVAL;
618 if (IS_MNT_UNBINDABLE(old_nd.path.mnt))
619 goto out;
620 + /***** SAKURA Linux start. *****/
621 + err = -EPERM;
622 + if (ccs_may_mount(nd))
623 + goto out;
624 + /***** SAKURA Linux end. *****/
625
626 if (!check_mnt(nd->path.mnt) || !check_mnt(old_nd.path.mnt))
627 goto out;
628 @@ -1085,6 +1105,11 @@ static noinline int do_move_mount(struct
629 if (!check_mnt(nd->path.mnt) || !check_mnt(old_nd.path.mnt))
630 goto out;
631
632 + /***** SAKURA Linux start. *****/
633 + err = -EPERM;
634 + if (ccs_may_umount(old_nd.path.mnt) || ccs_may_mount(nd))
635 + goto out;
636 + /***** SAKURA Linux end. *****/
637 err = -ENOENT;
638 mutex_lock(&nd->path.dentry->d_inode->i_mutex);
639 if (IS_DEADDIR(nd->path.dentry->d_inode))
640 @@ -1189,6 +1214,11 @@ int do_add_mount(struct vfsmount *newmnt
641 err = -EINVAL;
642 if (S_ISLNK(newmnt->mnt_root->d_inode->i_mode))
643 goto unlock;
644 + /***** SAKURA Linux start. *****/
645 + err = -EPERM;
646 + if (ccs_may_mount(nd))
647 + goto unlock;
648 + /***** SAKURA Linux end. *****/
649
650 newmnt->mnt_flags = mnt_flags;
651 if ((err = graft_tree(newmnt, nd)))
652 @@ -1412,6 +1442,17 @@ long do_mount(char *dev_name, char *dir_
653 if (data_page)
654 ((char *)data_page)[PAGE_SIZE - 1] = 0;
655
656 + /***** TOMOYO Linux start. *****/
657 + if (!ccs_capable(TOMOYO_SYS_MOUNT))
658 + return -EPERM;
659 + /***** TOMOYO Linux end. *****/
660 + /***** SAKURA Linux start. *****/
661 + retval = ccs_check_mount_permission(dev_name, dir_name, type_page,
662 + &flags);
663 + if (retval)
664 + return retval;
665 + /***** SAKURA Linux end. *****/
666 +
667 /* Separate the per-mountpoint flags */
668 if (flags & MS_NOSUID)
669 mnt_flags |= MNT_NOSUID;
670 @@ -1680,6 +1721,10 @@ asmlinkage long sys_pivot_root(const cha
671
672 if (!capable(CAP_SYS_ADMIN))
673 return -EPERM;
674 + /***** TOMOYO Linux start. *****/
675 + if (!ccs_capable(TOMOYO_SYS_PIVOT_ROOT))
676 + return -EPERM;
677 + /***** TOMOYO Linux end. *****/
678
679 lock_kernel();
680
681 @@ -1696,6 +1741,10 @@ asmlinkage long sys_pivot_root(const cha
682 goto out1;
683
684 error = security_sb_pivotroot(&old_nd, &new_nd);
685 + /***** SAKURA Linux start. *****/
686 + if (!error)
687 + error = ccs_check_pivot_root_permission(&old_nd, &new_nd);
688 + /***** SAKURA Linux end. *****/
689 if (error) {
690 path_put(&old_nd.path);
691 goto out1;
692 --- linux-2.6.25.20-0.1.orig/fs/open.c
693 +++ linux-2.6.25.20-0.1/fs/open.c
694 @@ -27,6 +27,12 @@
695 #include <linux/rcupdate.h>
696 #include <linux/audit.h>
697 #include <linux/falloc.h>
698 +/***** SAKURA Linux start. *****/
699 +#include <linux/sakura.h>
700 +/***** SAKURA Linux end. *****/
701 +/***** TOMOYO Linux start. *****/
702 +#include <linux/tomoyo.h>
703 +/***** TOMOYO Linux end. *****/
704
705 int vfs_statfs(struct dentry *dentry, struct kstatfs *buf)
706 {
707 @@ -267,6 +273,12 @@ static long do_sys_truncate(const char _
708 if (error)
709 goto put_write_and_out;
710
711 + /***** TOMOYO Linux start. *****/
712 + error = ccs_check_1path_perm(TYPE_TRUNCATE_ACL, nd.path.dentry,
713 + nd.path.mnt);
714 + if (error)
715 + goto put_write_and_out;
716 + /***** TOMOYO Linux end. *****/
717 error = locks_verify_truncate(inode, NULL, length);
718 if (!error) {
719 DQUOT_INIT(inode);
720 @@ -321,6 +333,11 @@ static long do_sys_ftruncate(unsigned in
721 if (IS_APPEND(inode))
722 goto out_putf;
723
724 + /***** TOMOYO Linux start. *****/
725 + error = ccs_check_1path_perm(TYPE_TRUNCATE_ACL, dentry, file->f_vfsmnt);
726 + if (error)
727 + goto out_putf;
728 + /***** TOMOYO Linux end. *****/
729 error = locks_verify_truncate(inode, file, length);
730 if (!error)
731 error = do_truncate(dentry, file->f_path.mnt, length,
732 @@ -539,6 +556,14 @@ asmlinkage long sys_chroot(const char __
733 error = -EPERM;
734 if (!capable(CAP_SYS_CHROOT))
735 goto dput_and_out;
736 + /***** TOMOYO Linux start. *****/
737 + if (!ccs_capable(TOMOYO_SYS_CHROOT))
738 + goto dput_and_out;
739 + /***** TOMOYO Linux end. *****/
740 + /***** SAKURA Linux start. *****/
741 + if (ccs_check_chroot_permission(&nd))
742 + goto dput_and_out;
743 + /***** SAKURA Linux end. *****/
744
745 set_fs_root(current->fs, &nd.path);
746 set_fs_altroot();
747 @@ -1172,6 +1197,10 @@ EXPORT_SYMBOL(sys_close);
748 */
749 asmlinkage long sys_vhangup(void)
750 {
751 + /***** TOMOYO Linux start. *****/
752 + if (!ccs_capable(TOMOYO_SYS_VHANGUP))
753 + return -EPERM;
754 + /***** TOMOYO Linux end. *****/
755 if (capable(CAP_SYS_TTY_CONFIG)) {
756 /* XXX: this needs locking */
757 tty_vhangup(current->signal->tty);
758 --- linux-2.6.25.20-0.1.orig/fs/proc/Makefile
759 +++ linux-2.6.25.20-0.1/fs/proc/Makefile
760 @@ -16,3 +16,6 @@ proc-$(CONFIG_PROC_KCORE) += kcore.o
761 proc-$(CONFIG_PROC_VMCORE) += vmcore.o
762 proc-$(CONFIG_PROC_DEVICETREE) += proc_devtree.o
763 proc-$(CONFIG_PRINTK) += kmsg.o
764 +
765 +proc-$(CONFIG_SAKURA) += ccs_proc.o
766 +proc-$(CONFIG_TOMOYO) += ccs_proc.o
767 --- linux-2.6.25.20-0.1.orig/fs/proc/proc_misc.c
768 +++ linux-2.6.25.20-0.1/fs/proc/proc_misc.c
769 @@ -1021,4 +1021,9 @@ void __init proc_misc_init(void)
770 entry->proc_fops = &proc_sysrq_trigger_operations;
771 }
772 #endif
773 + /***** CCS start. *****/
774 +#if defined(CONFIG_SAKURA) || defined(CONFIG_TOMOYO)
775 + printk(KERN_INFO "Hook version: 2.6.25.20-0.1 2009/01/25\n");
776 +#endif
777 + /***** CCS end. *****/
778 }
779 --- linux-2.6.25.20-0.1.orig/include/linux/init_task.h
780 +++ linux-2.6.25.20-0.1/include/linux/init_task.h
781 @@ -196,6 +196,10 @@ extern struct group_info init_groups;
782 INIT_IDS \
783 INIT_TRACE_IRQFLAGS \
784 INIT_LOCKDEP \
785 + /***** TOMOYO Linux start. *****/ \
786 + .domain_info = &KERNEL_DOMAIN, \
787 + .tomoyo_flags = 0, \
788 + /***** TOMOYO Linux end. *****/ \
789 }
790
791
792 --- linux-2.6.25.20-0.1.orig/include/linux/sched.h
793 +++ linux-2.6.25.20-0.1/include/linux/sched.h
794 @@ -29,6 +29,11 @@
795 #define CLONE_NEWNET 0x40000000 /* New network namespace */
796 #define CLONE_IO 0x80000000 /* Clone io context */
797
798 +/***** TOMOYO Linux start. *****/
799 +struct domain_info;
800 +extern struct domain_info KERNEL_DOMAIN;
801 +/***** TOMOYO Linux end. *****/
802 +
803 /*
804 * Scheduling policies
805 */
806 @@ -1274,6 +1279,10 @@ struct task_struct {
807 #ifndef __GENKSYMS__
808 struct list_head *scm_work_list;
809 #endif
810 + /***** TOMOYO Linux start. *****/
811 + struct domain_info *domain_info;
812 + u32 tomoyo_flags;
813 + /***** TOMOYO Linux end. *****/
814 };
815
816 /*
817 --- linux-2.6.25.20-0.1.orig/kernel/compat.c
818 +++ linux-2.6.25.20-0.1/kernel/compat.c
819 @@ -25,6 +25,9 @@
820 #include <linux/posix-timers.h>
821
822 #include <asm/uaccess.h>
823 +/***** TOMOYO Linux start. *****/
824 +#include <linux/tomoyo.h>
825 +/***** TOMOYO Linux end. *****/
826
827 int get_compat_timespec(struct timespec *ts, const struct compat_timespec __user *cts)
828 {
829 @@ -869,6 +872,10 @@ asmlinkage long compat_sys_stime(compat_
830 err = security_settime(&tv, NULL);
831 if (err)
832 return err;
833 + /***** TOMOYO Linux start. *****/
834 + if (!ccs_capable(TOMOYO_SYS_SETTIME))
835 + return -EPERM;
836 + /***** TOMOYO Linux end. *****/
837
838 do_settimeofday(&tv);
839 return 0;
840 --- linux-2.6.25.20-0.1.orig/kernel/kexec.c
841 +++ linux-2.6.25.20-0.1/kernel/kexec.c
842 @@ -31,6 +31,9 @@
843 #include <asm/system.h>
844 #include <asm/semaphore.h>
845 #include <asm/sections.h>
846 +/***** TOMOYO Linux start. *****/
847 +#include <linux/tomoyo.h>
848 +/***** TOMOYO Linux end. *****/
849
850 /* Per cpu memory for storing cpu states in case of system crash. */
851 note_buf_t* crash_notes;
852 @@ -969,6 +972,10 @@ asmlinkage long sys_kexec_load(unsigned
853 /* We only trust the superuser with rebooting the system. */
854 if (!capable(CAP_SYS_BOOT))
855 return -EPERM;
856 + /***** TOMOYO Linux start. *****/
857 + if (!ccs_capable(TOMOYO_SYS_KEXEC_LOAD))
858 + return -EPERM;
859 + /***** TOMOYO Linux end. *****/
860
861 /*
862 * Verify we have a legal set of flags
863 --- linux-2.6.25.20-0.1.orig/kernel/kmod.c
864 +++ linux-2.6.25.20-0.1/kernel/kmod.c
865 @@ -173,6 +173,11 @@ static int ____call_usermodehelper(void
866 */
867 set_user_nice(current, 0);
868
869 + /***** TOMOYO Linux start. *****/
870 + current->domain_info = &KERNEL_DOMAIN;
871 + current->tomoyo_flags = 0;
872 + /***** TOMOYO Linux end. *****/
873 +
874 retval = kernel_execve(sub_info->path, sub_info->argv, sub_info->envp);
875
876 /* Exec failed? */
877 --- linux-2.6.25.20-0.1.orig/kernel/module.c
878 +++ linux-2.6.25.20-0.1/kernel/module.c
879 @@ -47,6 +47,9 @@
880 #include <asm/cacheflush.h>
881 #include <linux/license.h>
882 #include <asm/sections.h>
883 +/***** TOMOYO Linux start. *****/
884 +#include <linux/tomoyo.h>
885 +/***** TOMOYO Linux end. *****/
886
887 #if 0
888 #define DEBUGP printk
889 @@ -700,6 +703,10 @@ sys_delete_module(const char __user *nam
890
891 if (!capable(CAP_SYS_MODULE))
892 return -EPERM;
893 + /***** TOMOYO Linux start. *****/
894 + if (!ccs_capable(TOMOYO_USE_KERNEL_MODULE))
895 + return -EPERM;
896 + /***** TOMOYO Linux end. *****/
897
898 if (strncpy_from_user(name, name_user, MODULE_NAME_LEN-1) < 0)
899 return -EFAULT;
900 @@ -2181,6 +2188,10 @@ sys_init_module(void __user *umod,
901 /* Must have permission */
902 if (!capable(CAP_SYS_MODULE))
903 return -EPERM;
904 + /***** TOMOYO Linux start. *****/
905 + if (!ccs_capable(TOMOYO_USE_KERNEL_MODULE))
906 + return -EPERM;
907 + /***** TOMOYO Linux end. *****/
908
909 /* Only one module load at a time, please */
910 if (mutex_lock_interruptible(&module_mutex) != 0)
911 --- linux-2.6.25.20-0.1.orig/kernel/ptrace.c
912 +++ linux-2.6.25.20-0.1/kernel/ptrace.c
913 @@ -24,6 +24,9 @@
914
915 #include <asm/pgtable.h>
916 #include <asm/uaccess.h>
917 +/***** TOMOYO Linux start. *****/
918 +#include <linux/tomoyo.h>
919 +/***** TOMOYO Linux end. *****/
920
921 /*
922 * ptrace a task: make the debugger its new parent and
923 @@ -548,6 +551,10 @@ asmlinkage long sys_ptrace(long request,
924 /*
925 * This lock_kernel fixes a subtle race with suid exec
926 */
927 + /***** TOMOYO Linux start. *****/
928 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
929 + return -EPERM;
930 + /***** TOMOYO Linux end. *****/
931 lock_kernel();
932 if (request == PTRACE_TRACEME) {
933 ret = ptrace_traceme();
934 @@ -655,6 +662,10 @@ asmlinkage long compat_sys_ptrace(compat
935 /*
936 * This lock_kernel fixes a subtle race with suid exec
937 */
938 + /***** TOMOYO Linux start. *****/
939 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
940 + return -EPERM;
941 + /***** TOMOYO Linux end. *****/
942 lock_kernel();
943 if (request == PTRACE_TRACEME) {
944 ret = ptrace_traceme();
945 --- linux-2.6.25.20-0.1.orig/kernel/sched.c
946 +++ linux-2.6.25.20-0.1/kernel/sched.c
947 @@ -69,6 +69,9 @@
948
949 #include <asm/tlb.h>
950 #include <asm/irq_regs.h>
951 +/***** TOMOYO Linux start. *****/
952 +#include <linux/tomoyo.h>
953 +/***** TOMOYO Linux end. *****/
954
955 /*
956 * Scheduler clock - returns current time in nanosec units.
957 @@ -4510,6 +4513,10 @@ int can_nice(const struct task_struct *p
958 asmlinkage long sys_nice(int increment)
959 {
960 long nice, retval;
961 + /***** TOMOYO Linux start. *****/
962 + if (!ccs_capable(TOMOYO_SYS_NICE))
963 + return -EPERM;
964 + /***** TOMOYO Linux end. *****/
965
966 /*
967 * Setpriority might change our priority at the same moment.
968 --- linux-2.6.25.20-0.1.orig/kernel/signal.c
969 +++ linux-2.6.25.20-0.1/kernel/signal.c
970 @@ -32,6 +32,9 @@
971 #include <asm/unistd.h>
972 #include <asm/siginfo.h>
973 #include "audit.h" /* audit_signal_info() */
974 +/***** TOMOYO Linux start. *****/
975 +#include <linux/tomoyo.h>
976 +/***** TOMOYO Linux end. *****/
977
978 /*
979 * SLAB caches for signal bits.
980 @@ -2232,6 +2235,12 @@ asmlinkage long
981 sys_kill(int pid, int sig)
982 {
983 struct siginfo info;
984 + /***** TOMOYO Linux start. *****/
985 + if (sig && !ccs_capable(TOMOYO_SYS_KILL))
986 + return -EPERM;
987 + if (sig && ccs_check_signal_acl(sig, pid))
988 + return -EPERM;
989 + /***** TOMOYO Linux end. *****/
990
991 info.si_signo = sig;
992 info.si_errno = 0;
993 @@ -2290,6 +2299,12 @@ asmlinkage long sys_tgkill(int tgid, int
994 /* This is only valid for single tasks */
995 if (pid <= 0 || tgid <= 0)
996 return -EINVAL;
997 + /***** TOMOYO Linux start. *****/
998 + if (sig && !ccs_capable(TOMOYO_SYS_KILL))
999 + return -EPERM;
1000 + if (sig && ccs_check_signal_acl(sig, pid))
1001 + return -EPERM;
1002 + /***** TOMOYO Linux end. *****/
1003
1004 return do_tkill(tgid, pid, sig);
1005 }
1006 @@ -2303,6 +2318,12 @@ sys_tkill(int pid, int sig)
1007 /* This is only valid for single tasks */
1008 if (pid <= 0)
1009 return -EINVAL;
1010 + /***** TOMOYO Linux start. *****/
1011 + if (sig && !ccs_capable(TOMOYO_SYS_KILL))
1012 + return -EPERM;
1013 + if (sig && ccs_check_signal_acl(sig, pid))
1014 + return -EPERM;
1015 + /***** TOMOYO Linux end. *****/
1016
1017 return do_tkill(0, pid, sig);
1018 }
1019 --- linux-2.6.25.20-0.1.orig/kernel/sys.c
1020 +++ linux-2.6.25.20-0.1/kernel/sys.c
1021 @@ -42,6 +42,9 @@
1022 #include <asm/uaccess.h>
1023 #include <asm/io.h>
1024 #include <asm/unistd.h>
1025 +/***** TOMOYO Linux start. *****/
1026 +#include <linux/tomoyo.h>
1027 +/***** TOMOYO Linux end. *****/
1028
1029 #ifndef SET_UNALIGN_CTL
1030 # define SET_UNALIGN_CTL(a,b) (-EINVAL)
1031 @@ -140,6 +143,12 @@ asmlinkage long sys_setpriority(int whic
1032
1033 if (which > PRIO_USER || which < PRIO_PROCESS)
1034 goto out;
1035 + /***** TOMOYO Linux start. *****/
1036 + if (!ccs_capable(TOMOYO_SYS_NICE)) {
1037 + error = -EPERM;
1038 + goto out;
1039 + }
1040 + /***** TOMOYO Linux end. *****/
1041
1042 /* normalize: avoid signed division (rounding problems) */
1043 error = -ESRCH;
1044 @@ -376,6 +385,10 @@ asmlinkage long sys_reboot(int magic1, i
1045 magic2 != LINUX_REBOOT_MAGIC2B &&
1046 magic2 != LINUX_REBOOT_MAGIC2C))
1047 return -EINVAL;
1048 + /***** TOMOYO Linux start. *****/
1049 + if (!ccs_capable(TOMOYO_SYS_REBOOT))
1050 + return -EPERM;
1051 + /***** TOMOYO Linux end. *****/
1052
1053 /* Instead of trying to make the power_off code look like
1054 * halt when pm_power_off is not set do it the easy way.
1055 @@ -1347,6 +1360,10 @@ asmlinkage long sys_sethostname(char __u
1056 return -EPERM;
1057 if (len < 0 || len > __NEW_UTS_LEN)
1058 return -EINVAL;
1059 + /***** TOMOYO Linux start. *****/
1060 + if (!ccs_capable(TOMOYO_SYS_SETHOSTNAME))
1061 + return -EPERM;
1062 + /***** TOMOYO Linux end. *****/
1063 down_write(&uts_sem);
1064 errno = -EFAULT;
1065 if (!copy_from_user(tmp, name, len)) {
1066 @@ -1392,6 +1409,10 @@ asmlinkage long sys_setdomainname(char _
1067 return -EPERM;
1068 if (len < 0 || len > __NEW_UTS_LEN)
1069 return -EINVAL;
1070 + /***** TOMOYO Linux start. *****/
1071 + if (!ccs_capable(TOMOYO_SYS_SETHOSTNAME))
1072 + return -EPERM;
1073 + /***** TOMOYO Linux end. *****/
1074
1075 down_write(&uts_sem);
1076 errno = -EFAULT;
1077 --- linux-2.6.25.20-0.1.orig/kernel/sysctl.c
1078 +++ linux-2.6.25.20-0.1/kernel/sysctl.c
1079 @@ -48,6 +48,9 @@
1080
1081 #include <asm/uaccess.h>
1082 #include <asm/processor.h>
1083 +/***** TOMOYO Linux start. *****/
1084 +#include <linux/tomoyo.h>
1085 +/***** TOMOYO Linux end. *****/
1086
1087 #ifdef CONFIG_X86
1088 #include <asm/nmi.h>
1089 @@ -1500,6 +1503,93 @@ char *sysctl_pathname(struct ctl_table *
1090 EXPORT_SYMBOL_GPL(sysctl_pathname);
1091
1092 #ifdef CONFIG_SYSCTL_SYSCALL
1093 +
1094 +/***** TOMOYO Linux start. *****/
1095 +static int try_parse_table(int __user *name, int nlen, void __user *oldval,
1096 + void __user *newval, ctl_table *table)
1097 +{
1098 + int n;
1099 + int error = -ENOMEM;
1100 + int op = 0;
1101 + char *buffer = kmalloc(PAGE_SIZE, GFP_KERNEL);
1102 + if (oldval)
1103 + op |= 004;
1104 + if (newval)
1105 + op |= 002;
1106 + if (!op) { /* Neither read nor write */
1107 + error = 0;
1108 + goto out;
1109 + }
1110 + if (!buffer)
1111 + goto out;
1112 + memset(buffer, 0, PAGE_SIZE);
1113 + snprintf(buffer, PAGE_SIZE - 1, "/proc/sys");
1114 + repeat:
1115 + if (!nlen) {
1116 + error = -ENOTDIR;
1117 + goto out;
1118 + }
1119 + if (get_user(n, name)) {
1120 + error = -EFAULT;
1121 + goto out;
1122 + }
1123 + for ( ; table->ctl_name || table->procname; table++) {
1124 + if (n == table->ctl_name && n) {
1125 + int pos = strlen(buffer);
1126 + const char *cp = table->procname;
1127 + error = -ENOMEM;
1128 + if (cp) {
1129 + if (pos + 1 >= PAGE_SIZE - 1)
1130 + goto out;
1131 + buffer[pos++] = '/';
1132 + while (*cp) {
1133 + const unsigned char c
1134 + = *(const unsigned char *) cp;
1135 + if (c == '\\') {
1136 + if (pos + 2 >= PAGE_SIZE - 1)
1137 + goto out;
1138 + buffer[pos++] = '\\';
1139 + buffer[pos++] = '\\';
1140 + } else if (c > ' ' && c < 127) {
1141 + if (pos + 1 >= PAGE_SIZE - 1)
1142 + goto out;
1143 + buffer[pos++] = c;
1144 + } else {
1145 + if (pos + 4 >= PAGE_SIZE - 1)
1146 + goto out;
1147 + buffer[pos++] = '\\';
1148 + buffer[pos++] = (c >> 6) + '0';
1149 + buffer[pos++] = ((c >> 3) & 7)
1150 + + '0';
1151 + buffer[pos++] = (c & 7) + '0';
1152 + }
1153 + cp++;
1154 + }
1155 + } else {
1156 + /* Assume nobody assigns "=\$=" for procname. */
1157 + snprintf(buffer + pos, PAGE_SIZE - pos - 1,
1158 + "/=%d=", n);
1159 + if (!memchr(buffer, '\0', PAGE_SIZE - 2))
1160 + goto out;
1161 + }
1162 + if (table->child) {
1163 + name++;
1164 + nlen--;
1165 + table = table->child;
1166 + goto repeat;
1167 + }
1168 + /* printk("sysctl='%s'\n", buffer); */
1169 + error = ccs_check_file_perm(buffer, op, "sysctl");
1170 + goto out;
1171 + }
1172 + }
1173 + error = -ENOTDIR;
1174 + out:
1175 + kfree(buffer);
1176 + return error;
1177 +}
1178 +/***** TOMOYO Linux end. *****/
1179 +
1180 int do_sysctl(int __user *name, int nlen, void __user *oldval, size_t __user *oldlenp,
1181 void __user *newval, size_t newlen)
1182 {
1183 @@ -1516,6 +1606,11 @@ int do_sysctl(int __user *name, int nlen
1184
1185 for (head = sysctl_head_next(NULL); head;
1186 head = sysctl_head_next(head)) {
1187 + /***** TOMOYO Linux start. *****/
1188 + error = try_parse_table(name, nlen, oldval, newval,
1189 + head->ctl_table);
1190 + if (!error)
1191 + /***** TOMOYO Linux end. *****/
1192 error = parse_table(name, nlen, oldval, oldlenp,
1193 newval, newlen, head->ctl_table);
1194 if (error != -ENOTDIR) {
1195 --- linux-2.6.25.20-0.1.orig/kernel/time.c
1196 +++ linux-2.6.25.20-0.1/kernel/time.c
1197 @@ -38,6 +38,9 @@
1198
1199 #include <asm/uaccess.h>
1200 #include <asm/unistd.h>
1201 +/***** TOMOYO Linux start. *****/
1202 +#include <linux/tomoyo.h>
1203 +/***** TOMOYO Linux end. *****/
1204
1205 #include "timeconst.h"
1206
1207 @@ -88,6 +91,10 @@ asmlinkage long sys_stime(time_t __user
1208 err = security_settime(&tv, NULL);
1209 if (err)
1210 return err;
1211 + /***** TOMOYO Linux start. *****/
1212 + if (!ccs_capable(TOMOYO_SYS_SETTIME))
1213 + return -EPERM;
1214 + /***** TOMOYO Linux end. *****/
1215
1216 do_settimeofday(&tv);
1217 return 0;
1218 @@ -159,6 +166,10 @@ int do_sys_settimeofday(struct timespec
1219 error = security_settime(tv, tz);
1220 if (error)
1221 return error;
1222 + /***** TOMOYO Linux start. *****/
1223 + if (!ccs_capable(TOMOYO_SYS_SETTIME))
1224 + return -EPERM;
1225 + /***** TOMOYO Linux end. *****/
1226
1227 if (tz) {
1228 /* SMP safe, global irq locking makes it work. */
1229 --- linux-2.6.25.20-0.1.orig/kernel/time/ntp.c
1230 +++ linux-2.6.25.20-0.1/kernel/time/ntp.c
1231 @@ -17,6 +17,9 @@
1232 #include <linux/capability.h>
1233 #include <asm/div64.h>
1234 #include <asm/timex.h>
1235 +/***** TOMOYO Linux start. *****/
1236 +#include <linux/tomoyo.h>
1237 +/***** TOMOYO Linux end. *****/
1238
1239 /*
1240 * Timekeeping variables
1241 @@ -243,6 +246,10 @@ int do_adjtimex(struct timex *txc)
1242 /* In order to modify anything, you gotta be super-user! */
1243 if (txc->modes && !capable(CAP_SYS_TIME))
1244 return -EPERM;
1245 + /***** TOMOYO Linux start. *****/
1246 + if (txc->modes && !ccs_capable(TOMOYO_SYS_SETTIME))
1247 + return -EPERM;
1248 + /***** TOMOYO Linux end. *****/
1249
1250 /* Now we validate the data before disabling interrupts */
1251
1252 --- linux-2.6.25.20-0.1.orig/net/core/datagram.c
1253 +++ linux-2.6.25.20-0.1/net/core/datagram.c
1254 @@ -56,6 +56,11 @@
1255 #include <net/sock.h>
1256 #include <net/tcp_states.h>
1257
1258 +/***** TOMOYO Linux start. *****/
1259 +#include <linux/tomoyo.h>
1260 +#include <linux/tomoyo_socket.h>
1261 +/***** TOMOYO Linux end. *****/
1262 +
1263 /*
1264 * Is a socket 'connection oriented' ?
1265 */
1266 @@ -179,6 +184,12 @@ struct sk_buff *__skb_recv_datagram(stru
1267 }
1268 spin_unlock_irqrestore(&sk->sk_receive_queue.lock, cpu_flags);
1269
1270 + /***** TOMOYO Linux start. *****/
1271 + error = ccs_socket_recv_datagram_permission(sk, skb, flags);
1272 + if (error)
1273 + goto no_packet;
1274 + /***** TOMOYO Linux end. *****/
1275 +
1276 if (skb)
1277 return skb;
1278
1279 --- linux-2.6.25.20-0.1.orig/net/ipv4/inet_connection_sock.c
1280 +++ linux-2.6.25.20-0.1/net/ipv4/inet_connection_sock.c
1281 @@ -23,6 +23,9 @@
1282 #include <net/route.h>
1283 #include <net/tcp_states.h>
1284 #include <net/xfrm.h>
1285 +/***** SAKURA Linux start. *****/
1286 +#include <linux/sakura.h>
1287 +/***** SAKURA Linux end. *****/
1288
1289 #ifdef INET_CSK_DEBUG
1290 const char inet_csk_timer_bug_msg[] = "inet_csk BUG: unknown timer value\n";
1291 @@ -98,6 +101,10 @@ int inet_csk_get_port(struct sock *sk, u
1292 do {
1293 head = &hashinfo->bhash[inet_bhashfn(rover, hashinfo->bhash_size)];
1294 spin_lock(&head->lock);
1295 + /***** SAKURA Linux start. *****/
1296 + if (ccs_may_autobind(rover))
1297 + goto next;
1298 + /***** SAKURA Linux end. *****/
1299 inet_bind_bucket_for_each(tb, node, &head->chain)
1300 if (tb->ib_net == net && tb->port == rover)
1301 goto next;
1302 --- linux-2.6.25.20-0.1.orig/net/ipv4/inet_hashtables.c
1303 +++ linux-2.6.25.20-0.1/net/ipv4/inet_hashtables.c
1304 @@ -22,6 +22,9 @@
1305 #include <net/inet_connection_sock.h>
1306 #include <net/inet_hashtables.h>
1307 #include <net/ip.h>
1308 +/***** SAKURA Linux start. *****/
1309 +#include <linux/sakura.h>
1310 +/***** SAKURA Linux end. *****/
1311
1312 /*
1313 * Allocate and initialize a new local port bind bucket.
1314 @@ -421,6 +424,10 @@ int __inet_hash_connect(struct inet_time
1315 local_bh_disable();
1316 for (i = 1; i <= remaining; i++) {
1317 port = low + (i + offset) % remaining;
1318 + /***** SAKURA Linux start. *****/
1319 + if (ccs_may_autobind(port))
1320 + continue;
1321 + /***** SAKURA Linux end. *****/
1322 head = &hinfo->bhash[inet_bhashfn(port, hinfo->bhash_size)];
1323 spin_lock(&head->lock);
1324
1325 --- linux-2.6.25.20-0.1.orig/net/ipv4/udp.c
1326 +++ linux-2.6.25.20-0.1/net/ipv4/udp.c
1327 @@ -105,6 +105,9 @@
1328 #include <net/checksum.h>
1329 #include <net/xfrm.h>
1330 #include "udp_impl.h"
1331 +/***** SAKURA Linux start. *****/
1332 +#include <linux/sakura.h>
1333 +/***** SAKURA Linux end. *****/
1334
1335 /*
1336 * Snmp MIB for the UDP layer
1337 @@ -176,6 +179,10 @@ int __udp_lib_get_port(struct sock *sk,
1338 /* 1st pass: look for empty (or shortest) hash chain */
1339 for (i = 0; i < UDP_HTABLE_SIZE; i++) {
1340 int size = 0;
1341 + /***** SAKURA Linux start. *****/
1342 + if (ccs_may_autobind(rover))
1343 + goto next;
1344 + /***** SAKURA Linux end. *****/
1345
1346 head = &udptable[rover & (UDP_HTABLE_SIZE - 1)];
1347 if (hlist_empty(head))
1348 @@ -199,6 +206,9 @@ int __udp_lib_get_port(struct sock *sk,
1349 /* 2nd pass: find hole in shortest hash chain */
1350 rover = best;
1351 for (i = 0; i < (1 << 16) / UDP_HTABLE_SIZE; i++) {
1352 + /***** SAKURA Linux start. *****/
1353 + if (!ccs_may_autobind(rover))
1354 + /***** SAKURA Linux end. *****/
1355 if (! __udp_lib_lport_inuse(net, rover, udptable))
1356 goto gotit;
1357 rover += UDP_HTABLE_SIZE;
1358 --- linux-2.6.25.20-0.1.orig/net/socket.c
1359 +++ linux-2.6.25.20-0.1/net/socket.c
1360 @@ -94,6 +94,11 @@
1361 #include <net/sock.h>
1362 #include <linux/netfilter.h>
1363
1364 +/***** TOMOYO Linux start. *****/
1365 +#include <linux/tomoyo.h>
1366 +#include <linux/tomoyo_socket.h>
1367 +/***** TOMOYO Linux end. *****/
1368 +
1369 static int sock_no_open(struct inode *irrelevant, struct file *dontcare);
1370 static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov,
1371 unsigned long nr_segs, loff_t pos);
1372 @@ -557,6 +562,12 @@ static inline int __sock_sendmsg(struct
1373 err = security_socket_sendmsg(sock, msg, size);
1374 if (err)
1375 return err;
1376 + /***** TOMOYO Linux start. *****/
1377 + if (ccs_socket_sendmsg_permission(sock,
1378 + (struct sockaddr *) msg->msg_name,
1379 + msg->msg_namelen))
1380 + return -EPERM;
1381 + /***** TOMOYO Linux end. *****/
1382
1383 return sock->ops->sendmsg(iocb, sock, msg, size);
1384 }
1385 @@ -1120,6 +1131,12 @@ static int __sock_create(struct net *net
1386 family = PF_PACKET;
1387 }
1388
1389 + /***** TOMOYO Linux start. *****/
1390 + err = ccs_socket_create_permission(family, type, protocol);
1391 + if (err)
1392 + return err;
1393 + /***** TOMOYO Linux end. *****/
1394 +
1395 err = security_socket_create(family, type, protocol, kern);
1396 if (err)
1397 return err;
1398 @@ -1351,6 +1368,13 @@ asmlinkage long sys_bind(int fd, struct
1399 err = security_socket_bind(sock,
1400 (struct sockaddr *)address,
1401 addrlen);
1402 + /***** TOMOYO Linux start. *****/
1403 + if (!err)
1404 + err = ccs_socket_bind_permission(sock,
1405 + (struct sockaddr *)
1406 + address,
1407 + addrlen);
1408 + /***** TOMOYO Linux end. *****/
1409 if (!err)
1410 err = sock->ops->bind(sock,
1411 (struct sockaddr *)
1412 @@ -1380,6 +1404,10 @@ asmlinkage long sys_listen(int fd, int b
1413 backlog = somaxconn;
1414
1415 err = security_socket_listen(sock, backlog);
1416 + /***** TOMOYO Linux start. *****/
1417 + if (!err)
1418 + err = ccs_socket_listen_permission(sock);
1419 + /***** TOMOYO Linux end. *****/
1420 if (!err)
1421 err = sock->ops->listen(sock, backlog);
1422
1423 @@ -1444,6 +1472,13 @@ asmlinkage long sys_accept(int fd, struc
1424 if (err < 0)
1425 goto out_fd;
1426
1427 + /***** TOMOYO Linux start. *****/
1428 + if (ccs_socket_accept_permission(newsock,
1429 + (struct sockaddr *) address)) {
1430 + err = -ECONNABORTED; /* Hope less harmful than -EPERM. */
1431 + goto out_fd;
1432 + }
1433 + /***** TOMOYO Linux end. *****/
1434 if (upeer_sockaddr) {
1435 if (newsock->ops->getname(newsock, (struct sockaddr *)address,
1436 &len, 2) < 0) {
1437 @@ -1508,6 +1543,12 @@ asmlinkage long sys_connect(int fd, stru
1438 security_socket_connect(sock, (struct sockaddr *)address, addrlen);
1439 if (err)
1440 goto out_put;
1441 + /***** TOMOYO Linux start. *****/
1442 + err = ccs_socket_connect_permission(sock, (struct sockaddr *) address,
1443 + addrlen);
1444 + if (err)
1445 + goto out_put;
1446 + /***** TOMOYO Linux end. *****/
1447
1448 err = sock->ops->connect(sock, (struct sockaddr *)address, addrlen,
1449 sock->file->f_flags);
1450 --- linux-2.6.25.20-0.1.orig/net/unix/af_unix.c
1451 +++ linux-2.6.25.20-0.1/net/unix/af_unix.c
1452 @@ -116,6 +116,9 @@
1453 #include <linux/mount.h>
1454 #include <net/checksum.h>
1455 #include <linux/security.h>
1456 +/***** TOMOYO Linux start. *****/
1457 +#include <linux/tomoyo.h>
1458 +/***** TOMOYO Linux end. *****/
1459
1460 static struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1];
1461 static DEFINE_SPINLOCK(unix_table_lock);
1462 @@ -776,6 +779,11 @@ static int unix_bind(struct socket *sock
1463 err = unix_autobind(sock);
1464 goto out;
1465 }
1466 + /***** TOMOYO Linux start. *****/
1467 + err = -EPERM;
1468 + if (sunaddr->sun_path[0] && !ccs_capable(TOMOYO_CREATE_UNIX_SOCKET))
1469 + goto out;
1470 + /***** TOMOYO Linux end. *****/
1471
1472 err = unix_mkname(sunaddr, addr_len, &hash);
1473 if (err < 0)
1474 @@ -819,6 +827,13 @@ static int unix_bind(struct socket *sock
1475 */
1476 mode = S_IFSOCK |
1477 (SOCK_INODE(sock)->i_mode & ~current->fs->umask);
1478 + /***** TOMOYO Linux start. *****/
1479 + err = pre_vfs_mknod(nd.path.dentry->d_inode, dentry, mode);
1480 + if (!err)
1481 + err = ccs_check_1path_perm(TYPE_MKSOCK_ACL, dentry,
1482 + nd.path.mnt);
1483 + if (!err)
1484 + /***** TOMOYO Linux end. *****/
1485 err = vfs_mknod(nd.path.dentry->d_inode, dentry, nd.path.mnt,
1486 mode, 0);
1487 if (err)
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
サイト情報
ソフトウェアを探す
ソフトウェアを作る
コミュニティ
ヘルプ