オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/trunk/1.8.x/ccs-patch/patches/ccs-patch-2.6.25-suse-11.0.diff

Diff of /trunk/1.8.x/ccs-patch/patches/ccs-patch-2.6.25-suse-11.0.diff

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 2858 by kumaneko, Thu Aug 6 06:53:20 2009 UTC revision 2859 by kumaneko, Thu Aug 6 07:51:05 2009 UTC
# Line 13  Source code for this patch is http://dow Line 13  Source code for this patch is http://dow
13   fs/fcntl.c                      |    5 +++++   fs/fcntl.c                      |    5 +++++
14   fs/ioctl.c                      |    5 +++++   fs/ioctl.c                      |    5 +++++
15   fs/namei.c                      |   35 +++++++++++++++++++++++++++++++++++   fs/namei.c                      |   35 +++++++++++++++++++++++++++++++++++
16   fs/namespace.c                  |   27 +++++++++++++++++++++++++++   fs/namespace.c                  |   26 ++++++++++++++++++++++++++
17   fs/open.c                       |   16 ++++++++++++++++   fs/open.c                       |   15 +++++++++++++++
18   fs/proc/proc_misc.c             |    1 +   fs/proc/proc_misc.c             |    1 +
19   include/linux/init_task.h       |    2 ++   include/linux/init_task.h       |    2 ++
20   include/linux/sched.h           |    4 ++++   include/linux/sched.h           |    4 ++++
# Line 32  Source code for this patch is http://dow Line 32  Source code for this patch is http://dow
32   net/ipv4/inet_connection_sock.c |    3 +++   net/ipv4/inet_connection_sock.c |    3 +++
33   net/ipv4/inet_hashtables.c      |    3 +++   net/ipv4/inet_hashtables.c      |    3 +++
34   net/ipv4/raw.c                  |    4 ++++   net/ipv4/raw.c                  |    4 ++++
35   net/ipv4/udp.c                  |    8 ++++++++   net/ipv4/udp.c                  |    7 +++++++
36   net/ipv6/raw.c                  |    4 ++++   net/ipv6/raw.c                  |    4 ++++
37   net/ipv6/udp.c                  |    4 ++++   net/ipv6/udp.c                  |    4 ++++
38   net/socket.c                    |   24 ++++++++++++++++++++++++   net/socket.c                    |   23 +++++++++++++++++++++++
39   net/unix/af_unix.c              |    4 ++++   net/unix/af_unix.c              |    4 ++++
40   security/Kconfig                |    2 ++   security/Kconfig                |    2 ++
41   security/Makefile               |    3 +++   security/Makefile               |    3 +++
42   37 files changed, 244 insertions(+), 2 deletions(-)   37 files changed, 240 insertions(+), 2 deletions(-)
43    
44  --- linux-2.6.25.20-0.4.orig/arch/ia64/ia32/sys_ia32.c  --- linux-2.6.25.20-0.4.orig/arch/ia64/ia32/sys_ia32.c
45  +++ linux-2.6.25.20-0.4/arch/ia64/ia32/sys_ia32.c  +++ linux-2.6.25.20-0.4/arch/ia64/ia32/sys_ia32.c
# Line 47  Source code for this patch is http://dow Line 47  Source code for this patch is http://dow
47   #include <asm/types.h>   #include <asm/types.h>
48   #include <asm/uaccess.h>   #include <asm/uaccess.h>
49   #include <asm/unistd.h>   #include <asm/unistd.h>
50  +#include <linux/tomoyo.h>  +#include <linux/ccsecurity.h>
51    
52   #include "ia32priv.h"   #include "ia32priv.h"
53    
# Line 66  Source code for this patch is http://dow Line 66  Source code for this patch is http://dow
66   #include <asm/system.h>   #include <asm/system.h>
67   #include <asm/uaccess.h>   #include <asm/uaccess.h>
68   #include <asm/bootinfo.h>   #include <asm/bootinfo.h>
69  +#include <linux/tomoyo.h>  +#include <linux/ccsecurity.h>
70    
71   int ptrace_getregs(struct task_struct *child, __s64 __user *data);   int ptrace_getregs(struct task_struct *child, __s64 __user *data);
72   int ptrace_setregs(struct task_struct *child, __s64 __user *data);   int ptrace_setregs(struct task_struct *child, __s64 __user *data);
# Line 85  Source code for this patch is http://dow Line 85  Source code for this patch is http://dow
85   #include <asm/system.h>   #include <asm/system.h>
86   #include <asm/uaccess.h>   #include <asm/uaccess.h>
87   #include <asm/unistd.h>   #include <asm/unistd.h>
88  +#include <linux/tomoyo.h>  +#include <linux/ccsecurity.h>
89    
90   #ifdef CONFIG_COMPAT   #ifdef CONFIG_COMPAT
91   #include "compat_ptrace.h"   #include "compat_ptrace.h"
# Line 104  Source code for this patch is http://dow Line 104  Source code for this patch is http://dow
104   #include <asm/prctl.h>   #include <asm/prctl.h>
105   #include <asm/proto.h>   #include <asm/proto.h>
106   #include <asm/ds.h>   #include <asm/ds.h>
107  +#include <linux/tomoyo.h>  +#include <linux/ccsecurity.h>
108    
109   #include "tls.h"   #include "tls.h"
110    
# Line 123  Source code for this patch is http://dow Line 123  Source code for this patch is http://dow
123   #include <linux/fcntl.h>   #include <linux/fcntl.h>
124   #include <linux/quotaops.h>   #include <linux/quotaops.h>
125   #include <linux/security.h>   #include <linux/security.h>
126  +#include <linux/tomoyo.h>  +#include <linux/ccsecurity.h>
127    
128   /* Taken over from the old code... */   /* Taken over from the old code... */
129    
# Line 151  Source code for this patch is http://dow Line 151  Source code for this patch is http://dow
151   #include <asm/mmu_context.h>   #include <asm/mmu_context.h>
152   #include <asm/ioctls.h>   #include <asm/ioctls.h>
153   #include "internal.h"   #include "internal.h"
154  +#include <linux/tomoyo.h>  +#include <linux/ccsecurity.h>
155    
156   int compat_log = 1;   int compat_log = 1;
157    
# Line 170  Source code for this patch is http://dow Line 170  Source code for this patch is http://dow
170   #include <xen/public/privcmd.h>   #include <xen/public/privcmd.h>
171   #include <xen/compat_ioctl.h>   #include <xen/compat_ioctl.h>
172   #endif   #endif
173  +#include <linux/tomoyo.h>  +#include <linux/ccsecurity.h>
174    
175   static int do_ioctl32_pointer(unsigned int fd, unsigned int cmd,   static int do_ioctl32_pointer(unsigned int fd, unsigned int cmd,
176                                unsigned long arg, struct file *f)                                unsigned long arg, struct file *f)
# Line 200  Source code for this patch is http://dow Line 200  Source code for this patch is http://dow
200   #include <linux/kmod.h>   #include <linux/kmod.h>
201   #endif   #endif
202    
203  +#include <linux/tomoyo.h>  +#include <linux/ccsecurity.h>
204  +  +
205   int core_uses_pid;   int core_uses_pid;
206   char core_pattern[CORENAME_MAX_SIZE] = "core";   char core_pattern[CORENAME_MAX_SIZE] = "core";
# Line 242  Source code for this patch is http://dow Line 242  Source code for this patch is http://dow
242   #include <asm/poll.h>   #include <asm/poll.h>
243   #include <asm/siginfo.h>   #include <asm/siginfo.h>
244   #include <asm/uaccess.h>   #include <asm/uaccess.h>
245  +#include <linux/tomoyo.h>  +#include <linux/ccsecurity.h>
246    
247   void set_close_on_exec(unsigned int fd, int flag)   void set_close_on_exec(unsigned int fd, int flag)
248   {   {
# Line 263  Source code for this patch is http://dow Line 263  Source code for this patch is http://dow
263   #include <linux/uaccess.h>   #include <linux/uaccess.h>
264    
265   #include <asm/ioctls.h>   #include <asm/ioctls.h>
266  +#include <linux/tomoyo.h>  +#include <linux/ccsecurity.h>
267    
268   /**   /**
269    * vfs_ioctl - call filesystem specific ioctl methods    * vfs_ioctl - call filesystem specific ioctl methods
# Line 291  Source code for this patch is http://dow Line 291  Source code for this patch is http://dow
291    
292   #define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE])   #define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE])
293    
294  +#include <linux/tomoyo.h>  +#include <linux/ccsecurity.h>
295  +  +
296   /* [Feb-1997 T. Schoebel-Theuer]   /* [Feb-1997 T. Schoebel-Theuer]
297    * Fundamental changes in the pathname lookup mechanisms (namei)    * Fundamental changes in the pathname lookup mechanisms (namei)
# Line 322  Source code for this patch is http://dow Line 322  Source code for this patch is http://dow
322          return may_open(nd, 0, flag & ~O_TRUNC);          return may_open(nd, 0, flag & ~O_TRUNC);
323   }   }
324    
325  +#include <linux/tomoyo_vfs.h>  +#include <linux/ccsecurity_vfs.h>
326   /*   /*
327    *     open_namei()    *     open_namei()
328    *    *
# Line 401  Source code for this patch is http://dow Line 401  Source code for this patch is http://dow
401                             new_dir->d_inode, new_dentry, newnd.path.mnt);                             new_dir->d_inode, new_dentry, newnd.path.mnt);
402  --- linux-2.6.25.20-0.4.orig/fs/namespace.c  --- linux-2.6.25.20-0.4.orig/fs/namespace.c
403  +++ linux-2.6.25.20-0.4/fs/namespace.c  +++ linux-2.6.25.20-0.4/fs/namespace.c
404  @@ -30,6 +30,8 @@  @@ -30,6 +30,7 @@
405   #include <asm/unistd.h>   #include <asm/unistd.h>
406   #include "pnode.h"   #include "pnode.h"
407   #include "internal.h"   #include "internal.h"
408  +#include <linux/sakura.h>  +#include <linux/ccsecurity.h>
 +#include <linux/tomoyo.h>  
409    
410   #define HASH_SHIFT ilog2(PAGE_SIZE / sizeof(struct list_head))   #define HASH_SHIFT ilog2(PAGE_SIZE / sizeof(struct list_head))
411   #define HASH_SIZE (1UL << HASH_SHIFT)   #define HASH_SIZE (1UL << HASH_SHIFT)
412  @@ -591,6 +593,9 @@ static int do_umount(struct vfsmount *mn  @@ -591,6 +592,9 @@ static int do_umount(struct vfsmount *mn
413          if (retval)          if (retval)
414                  return retval;                  return retval;
415    
# Line 420  Source code for this patch is http://dow Line 419  Source code for this patch is http://dow
419          /*          /*
420           * Allow userspace to request a mountpoint be expired rather than           * Allow userspace to request a mountpoint be expired rather than
421           * unmounting unconditionally. Unmount only happens if:           * unmounting unconditionally. Unmount only happens if:
422  @@ -682,6 +687,8 @@ asmlinkage long sys_umount(char __user *  @@ -682,6 +686,8 @@ asmlinkage long sys_umount(char __user *
423   {   {
424          struct nameidata nd;          struct nameidata nd;
425          int retval;          int retval;
# Line 429  Source code for this patch is http://dow Line 428  Source code for this patch is http://dow
428    
429          retval = __user_walk(name, LOOKUP_FOLLOW, &nd);          retval = __user_walk(name, LOOKUP_FOLLOW, &nd);
430          if (retval)          if (retval)
431  @@ -991,6 +998,9 @@ static noinline int do_loopback(struct n  @@ -991,6 +997,9 @@ static noinline int do_loopback(struct n
432          err = -EINVAL;          err = -EINVAL;
433          if (IS_MNT_UNBINDABLE(old_nd.path.mnt))          if (IS_MNT_UNBINDABLE(old_nd.path.mnt))
434                  goto out;                  goto out;
# Line 439  Source code for this patch is http://dow Line 438  Source code for this patch is http://dow
438    
439          if (!check_mnt(nd->path.mnt) || !check_mnt(old_nd.path.mnt))          if (!check_mnt(nd->path.mnt) || !check_mnt(old_nd.path.mnt))
440                  goto out;                  goto out;
441  @@ -1085,6 +1095,9 @@ static noinline int do_move_mount(struct  @@ -1085,6 +1094,9 @@ static noinline int do_move_mount(struct
442          if (!check_mnt(nd->path.mnt) || !check_mnt(old_nd.path.mnt))          if (!check_mnt(nd->path.mnt) || !check_mnt(old_nd.path.mnt))
443                  goto out;                  goto out;
444    
# Line 449  Source code for this patch is http://dow Line 448  Source code for this patch is http://dow
448          err = -ENOENT;          err = -ENOENT;
449          mutex_lock(&nd->path.dentry->d_inode->i_mutex);          mutex_lock(&nd->path.dentry->d_inode->i_mutex);
450          if (IS_DEADDIR(nd->path.dentry->d_inode))          if (IS_DEADDIR(nd->path.dentry->d_inode))
451  @@ -1189,6 +1202,9 @@ int do_add_mount(struct vfsmount *newmnt  @@ -1189,6 +1201,9 @@ int do_add_mount(struct vfsmount *newmnt
452          err = -EINVAL;          err = -EINVAL;
453          if (S_ISLNK(newmnt->mnt_root->d_inode->i_mode))          if (S_ISLNK(newmnt->mnt_root->d_inode->i_mode))
454                  goto unlock;                  goto unlock;
# Line 459  Source code for this patch is http://dow Line 458  Source code for this patch is http://dow
458    
459          newmnt->mnt_flags = mnt_flags;          newmnt->mnt_flags = mnt_flags;
460          if ((err = graft_tree(newmnt, nd)))          if ((err = graft_tree(newmnt, nd)))
461  @@ -1412,6 +1428,13 @@ long do_mount(char *dev_name, char *dir_  @@ -1412,6 +1427,13 @@ long do_mount(char *dev_name, char *dir_
462          if (data_page)          if (data_page)
463                  ((char *)data_page)[PAGE_SIZE - 1] = 0;                  ((char *)data_page)[PAGE_SIZE - 1] = 0;
464    
# Line 473  Source code for this patch is http://dow Line 472  Source code for this patch is http://dow
472          /* Separate the per-mountpoint flags */          /* Separate the per-mountpoint flags */
473          if (flags & MS_NOSUID)          if (flags & MS_NOSUID)
474                  mnt_flags |= MNT_NOSUID;                  mnt_flags |= MNT_NOSUID;
475  @@ -1680,6 +1703,8 @@ asmlinkage long sys_pivot_root(const cha  @@ -1680,6 +1702,8 @@ asmlinkage long sys_pivot_root(const cha
476    
477          if (!capable(CAP_SYS_ADMIN))          if (!capable(CAP_SYS_ADMIN))
478                  return -EPERM;                  return -EPERM;
# Line 482  Source code for this patch is http://dow Line 481  Source code for this patch is http://dow
481    
482          lock_kernel();          lock_kernel();
483    
484  @@ -1696,6 +1721,8 @@ asmlinkage long sys_pivot_root(const cha  @@ -1696,6 +1720,8 @@ asmlinkage long sys_pivot_root(const cha
485                  goto out1;                  goto out1;
486    
487          error = security_sb_pivotroot(&old_nd, &new_nd);          error = security_sb_pivotroot(&old_nd, &new_nd);
# Line 493  Source code for this patch is http://dow Line 492  Source code for this patch is http://dow
492                  goto out1;                  goto out1;
493  --- linux-2.6.25.20-0.4.orig/fs/open.c  --- linux-2.6.25.20-0.4.orig/fs/open.c
494  +++ linux-2.6.25.20-0.4/fs/open.c  +++ linux-2.6.25.20-0.4/fs/open.c
495  @@ -27,6 +27,8 @@  @@ -27,6 +27,7 @@
496   #include <linux/rcupdate.h>   #include <linux/rcupdate.h>
497   #include <linux/audit.h>   #include <linux/audit.h>
498   #include <linux/falloc.h>   #include <linux/falloc.h>
499  +#include <linux/sakura.h>  +#include <linux/ccsecurity.h>
 +#include <linux/tomoyo.h>  
500    
501   int vfs_statfs(struct dentry *dentry, struct kstatfs *buf)   int vfs_statfs(struct dentry *dentry, struct kstatfs *buf)
502   {   {
503  @@ -267,6 +269,10 @@ static long do_sys_truncate(const char _  @@ -267,6 +268,10 @@ static long do_sys_truncate(const char _
504          if (error)          if (error)
505                  goto put_write_and_out;                  goto put_write_and_out;
506    
# Line 513  Source code for this patch is http://dow Line 511  Source code for this patch is http://dow
511          error = locks_verify_truncate(inode, NULL, length);          error = locks_verify_truncate(inode, NULL, length);
512          if (!error) {          if (!error) {
513                  DQUOT_INIT(inode);                  DQUOT_INIT(inode);
514  @@ -321,6 +327,10 @@ static long do_sys_ftruncate(unsigned in  @@ -321,6 +326,10 @@ static long do_sys_ftruncate(unsigned in
515          if (IS_APPEND(inode))          if (IS_APPEND(inode))
516                  goto out_putf;                  goto out_putf;
517    
# Line 524  Source code for this patch is http://dow Line 522  Source code for this patch is http://dow
522          error = locks_verify_truncate(inode, file, length);          error = locks_verify_truncate(inode, file, length);
523          if (!error)          if (!error)
524                  error = do_truncate(dentry, file->f_path.mnt, length,                  error = do_truncate(dentry, file->f_path.mnt, length,
525  @@ -539,6 +549,10 @@ asmlinkage long sys_chroot(const char __  @@ -539,6 +548,10 @@ asmlinkage long sys_chroot(const char __
526          error = -EPERM;          error = -EPERM;
527          if (!capable(CAP_SYS_CHROOT))          if (!capable(CAP_SYS_CHROOT))
528                  goto dput_and_out;                  goto dput_and_out;
# Line 535  Source code for this patch is http://dow Line 533  Source code for this patch is http://dow
533    
534          set_fs_root(current->fs, &nd.path);          set_fs_root(current->fs, &nd.path);
535          set_fs_altroot();          set_fs_altroot();
536  @@ -1172,6 +1186,8 @@ EXPORT_SYMBOL(sys_close);  @@ -1172,6 +1185,8 @@ EXPORT_SYMBOL(sys_close);
537    */    */
538   asmlinkage long sys_vhangup(void)   asmlinkage long sys_vhangup(void)
539   {   {
# Line 589  Source code for this patch is http://dow Line 587  Source code for this patch is http://dow
587   #include <linux/posix-timers.h>   #include <linux/posix-timers.h>
588    
589   #include <asm/uaccess.h>   #include <asm/uaccess.h>
590  +#include <linux/tomoyo.h>  +#include <linux/ccsecurity.h>
591    
592   int get_compat_timespec(struct timespec *ts, const struct compat_timespec __user *cts)   int get_compat_timespec(struct timespec *ts, const struct compat_timespec __user *cts)
593   {   {
# Line 608  Source code for this patch is http://dow Line 606  Source code for this patch is http://dow
606   #include <asm/system.h>   #include <asm/system.h>
607   #include <asm/semaphore.h>   #include <asm/semaphore.h>
608   #include <asm/sections.h>   #include <asm/sections.h>
609  +#include <linux/tomoyo.h>  +#include <linux/ccsecurity.h>
610    
611   /* Per cpu memory for storing cpu states in case of system crash. */   /* Per cpu memory for storing cpu states in case of system crash. */
612   note_buf_t* crash_notes;   note_buf_t* crash_notes;
# Line 639  Source code for this patch is http://dow Line 637  Source code for this patch is http://dow
637   #include <asm/cacheflush.h>   #include <asm/cacheflush.h>
638   #include <linux/license.h>   #include <linux/license.h>
639   #include <asm/sections.h>   #include <asm/sections.h>
640  +#include <linux/tomoyo.h>  +#include <linux/ccsecurity.h>
641    
642   #if 0   #if 0
643   #define DEBUGP printk   #define DEBUGP printk
# Line 667  Source code for this patch is http://dow Line 665  Source code for this patch is http://dow
665    
666   #include <asm/pgtable.h>   #include <asm/pgtable.h>
667   #include <asm/uaccess.h>   #include <asm/uaccess.h>
668  +#include <linux/tomoyo.h>  +#include <linux/ccsecurity.h>
669    
670   /*   /*
671    * ptrace a task: make the debugger its new parent and    * ptrace a task: make the debugger its new parent and
# Line 695  Source code for this patch is http://dow Line 693  Source code for this patch is http://dow
693    
694   #include <asm/tlb.h>   #include <asm/tlb.h>
695   #include <asm/irq_regs.h>   #include <asm/irq_regs.h>
696  +#include <linux/tomoyo.h>  +#include <linux/ccsecurity.h>
697    
698   /*   /*
699    * Scheduler clock - returns current time in nanosec units.    * Scheduler clock - returns current time in nanosec units.
# Line 714  Source code for this patch is http://dow Line 712  Source code for this patch is http://dow
712   #include <asm/unistd.h>   #include <asm/unistd.h>
713   #include <asm/siginfo.h>   #include <asm/siginfo.h>
714   #include "audit.h"     /* audit_signal_info() */   #include "audit.h"     /* audit_signal_info() */
715  +#include <linux/tomoyo.h>  +#include <linux/ccsecurity.h>
716    
717   /*   /*
718    * SLAB caches for signal bits.    * SLAB caches for signal bits.
# Line 751  Source code for this patch is http://dow Line 749  Source code for this patch is http://dow
749   #include <asm/uaccess.h>   #include <asm/uaccess.h>
750   #include <asm/io.h>   #include <asm/io.h>
751   #include <asm/unistd.h>   #include <asm/unistd.h>
752  +#include <linux/tomoyo.h>  +#include <linux/ccsecurity.h>
753    
754   #ifndef SET_UNALIGN_CTL   #ifndef SET_UNALIGN_CTL
755   # define SET_UNALIGN_CTL(a,b)  (-EINVAL)   # define SET_UNALIGN_CTL(a,b)  (-EINVAL)
# Line 799  Source code for this patch is http://dow Line 797  Source code for this patch is http://dow
797    
798   #include <asm/uaccess.h>   #include <asm/uaccess.h>
799   #include <asm/processor.h>   #include <asm/processor.h>
800  +#include <linux/tomoyo.h>  +#include <linux/ccsecurity.h>
801    
802   #ifdef CONFIG_X86   #ifdef CONFIG_X86
803   #include <asm/nmi.h>   #include <asm/nmi.h>
# Line 827  Source code for this patch is http://dow Line 825  Source code for this patch is http://dow
825    
826   #include <asm/uaccess.h>   #include <asm/uaccess.h>
827   #include <asm/unistd.h>   #include <asm/unistd.h>
828  +#include <linux/tomoyo.h>  +#include <linux/ccsecurity.h>
829    
830   #include "timeconst.h"   #include "timeconst.h"
831    
# Line 855  Source code for this patch is http://dow Line 853  Source code for this patch is http://dow
853   #include <linux/capability.h>   #include <linux/capability.h>
854   #include <asm/div64.h>   #include <asm/div64.h>
855   #include <asm/timex.h>   #include <asm/timex.h>
856  +#include <linux/tomoyo.h>  +#include <linux/ccsecurity.h>
857    
858   /*   /*
859    * Timekeeping variables    * Timekeeping variables
# Line 874  Source code for this patch is http://dow Line 872  Source code for this patch is http://dow
872   #include <net/route.h>   #include <net/route.h>
873   #include <net/tcp_states.h>   #include <net/tcp_states.h>
874   #include <net/xfrm.h>   #include <net/xfrm.h>
875  +#include <linux/sakura.h>  +#include <linux/ccsecurity.h>
876    
877   #ifdef INET_CSK_DEBUG   #ifdef INET_CSK_DEBUG
878   const char inet_csk_timer_bug_msg[] = "inet_csk BUG: unknown timer value\n";   const char inet_csk_timer_bug_msg[] = "inet_csk BUG: unknown timer value\n";
# Line 893  Source code for this patch is http://dow Line 891  Source code for this patch is http://dow
891   #include <net/inet_connection_sock.h>   #include <net/inet_connection_sock.h>
892   #include <net/inet_hashtables.h>   #include <net/inet_hashtables.h>
893   #include <net/ip.h>   #include <net/ip.h>
894  +#include <linux/sakura.h>  +#include <linux/ccsecurity.h>
895    
896   /*   /*
897    * Allocate and initialize a new local port bind bucket.    * Allocate and initialize a new local port bind bucket.
# Line 912  Source code for this patch is http://dow Line 910  Source code for this patch is http://dow
910   #include <linux/seq_file.h>   #include <linux/seq_file.h>
911   #include <linux/netfilter.h>   #include <linux/netfilter.h>
912   #include <linux/netfilter_ipv4.h>   #include <linux/netfilter_ipv4.h>
913  +#include <linux/tomoyo_socket.h>  +#include <linux/ccsecurity.h>
914    
915   static struct raw_hashinfo raw_v4_hashinfo = {   static struct raw_hashinfo raw_v4_hashinfo = {
916          .lock = __RW_LOCK_UNLOCKED(),          .lock = __RW_LOCK_UNLOCKED(),
# Line 928  Source code for this patch is http://dow Line 926  Source code for this patch is http://dow
926          if (len < copied) {          if (len < copied) {
927  --- linux-2.6.25.20-0.4.orig/net/ipv4/udp.c  --- linux-2.6.25.20-0.4.orig/net/ipv4/udp.c
928  +++ linux-2.6.25.20-0.4/net/ipv4/udp.c  +++ linux-2.6.25.20-0.4/net/ipv4/udp.c
929  @@ -105,6 +105,8 @@  @@ -105,6 +105,7 @@
930   #include <net/checksum.h>   #include <net/checksum.h>
931   #include <net/xfrm.h>   #include <net/xfrm.h>
932   #include "udp_impl.h"   #include "udp_impl.h"
933  +#include <linux/sakura.h>  +#include <linux/ccsecurity.h>
 +#include <linux/tomoyo_socket.h>  
934    
935   /*   /*
936    *     Snmp MIB for the UDP layer    *     Snmp MIB for the UDP layer
937  @@ -176,6 +178,8 @@ int __udp_lib_get_port(struct sock *sk,  @@ -176,6 +177,8 @@ int __udp_lib_get_port(struct sock *sk,
938                  /* 1st pass: look for empty (or shortest) hash chain */                  /* 1st pass: look for empty (or shortest) hash chain */
939                  for (i = 0; i < UDP_HTABLE_SIZE; i++) {                  for (i = 0; i < UDP_HTABLE_SIZE; i++) {
940                          int size = 0;                          int size = 0;
# Line 946  Source code for this patch is http://dow Line 943  Source code for this patch is http://dow
943    
944                          head = &udptable[rover & (UDP_HTABLE_SIZE - 1)];                          head = &udptable[rover & (UDP_HTABLE_SIZE - 1)];
945                          if (hlist_empty(head))                          if (hlist_empty(head))
946  @@ -199,6 +203,7 @@ int __udp_lib_get_port(struct sock *sk,  @@ -199,6 +202,7 @@ int __udp_lib_get_port(struct sock *sk,
947                  /* 2nd pass: find hole in shortest hash chain */                  /* 2nd pass: find hole in shortest hash chain */
948                  rover = best;                  rover = best;
949                  for (i = 0; i < (1 << 16) / UDP_HTABLE_SIZE; i++) {                  for (i = 0; i < (1 << 16) / UDP_HTABLE_SIZE; i++) {
# Line 954  Source code for this patch is http://dow Line 951  Source code for this patch is http://dow
951                          if (! __udp_lib_lport_inuse(net, rover, udptable))                          if (! __udp_lib_lport_inuse(net, rover, udptable))
952                                  goto gotit;                                  goto gotit;
953                          rover += UDP_HTABLE_SIZE;                          rover += UDP_HTABLE_SIZE;
954  @@ -863,6 +868,9 @@ try_again:  @@ -863,6 +867,9 @@ try_again:
955                                    &peeked, &err);                                    &peeked, &err);
956          if (!skb)          if (!skb)
957                  goto out;                  goto out;
# Line 970  Source code for this patch is http://dow Line 967  Source code for this patch is http://dow
967    
968   #include <linux/proc_fs.h>   #include <linux/proc_fs.h>
969   #include <linux/seq_file.h>   #include <linux/seq_file.h>
970  +#include <linux/tomoyo_socket.h>  +#include <linux/ccsecurity.h>
971    
972   static struct raw_hashinfo raw_v6_hashinfo = {   static struct raw_hashinfo raw_v6_hashinfo = {
973          .lock = __RW_LOCK_UNLOCKED(),          .lock = __RW_LOCK_UNLOCKED(),
# Line 990  Source code for this patch is http://dow Line 987  Source code for this patch is http://dow
987   #include <linux/proc_fs.h>   #include <linux/proc_fs.h>
988   #include <linux/seq_file.h>   #include <linux/seq_file.h>
989   #include "udp_impl.h"   #include "udp_impl.h"
990  +#include <linux/tomoyo_socket.h>  +#include <linux/ccsecurity.h>
991    
992   static inline int udp_v6_get_port(struct sock *sk, unsigned short snum)   static inline int udp_v6_get_port(struct sock *sk, unsigned short snum)
993   {   {
# Line 1006  Source code for this patch is http://dow Line 1003  Source code for this patch is http://dow
1003          copied = len;          copied = len;
1004  --- linux-2.6.25.20-0.4.orig/net/socket.c  --- linux-2.6.25.20-0.4.orig/net/socket.c
1005  +++ linux-2.6.25.20-0.4/net/socket.c  +++ linux-2.6.25.20-0.4/net/socket.c
1006  @@ -94,6 +94,9 @@  @@ -94,6 +94,8 @@
1007   #include <net/sock.h>   #include <net/sock.h>
1008   #include <linux/netfilter.h>   #include <linux/netfilter.h>
1009    
1010  +#include <linux/tomoyo.h>  +#include <linux/ccsecurity.h>
 +#include <linux/tomoyo_socket.h>  
1011  +  +
1012   static int sock_no_open(struct inode *irrelevant, struct file *dontcare);   static int sock_no_open(struct inode *irrelevant, struct file *dontcare);
1013   static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov,   static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov,
1014                           unsigned long nr_segs, loff_t pos);                           unsigned long nr_segs, loff_t pos);
1015  @@ -555,6 +558,10 @@ static inline int __sock_sendmsg(struct  @@ -555,6 +557,10 @@ static inline int __sock_sendmsg(struct
1016          si->size = size;          si->size = size;
1017    
1018          err = security_socket_sendmsg(sock, msg, size);          err = security_socket_sendmsg(sock, msg, size);
# Line 1027  Source code for this patch is http://dow Line 1023  Source code for this patch is http://dow
1023          if (err)          if (err)
1024                  return err;                  return err;
1025    
1026  @@ -1121,6 +1128,8 @@ static int __sock_create(struct net *net  @@ -1121,6 +1127,8 @@ static int __sock_create(struct net *net
1027          }          }
1028    
1029          err = security_socket_create(family, type, protocol, kern);          err = security_socket_create(family, type, protocol, kern);
# Line 1036  Source code for this patch is http://dow Line 1032  Source code for this patch is http://dow
1032          if (err)          if (err)
1033                  return err;                  return err;
1034    
1035  @@ -1352,6 +1361,11 @@ asmlinkage long sys_bind(int fd, struct  @@ -1352,6 +1360,11 @@ asmlinkage long sys_bind(int fd, struct
1036                                                     (struct sockaddr *)address,                                                     (struct sockaddr *)address,
1037                                                     addrlen);                                                     addrlen);
1038                          if (!err)                          if (!err)
# Line 1048  Source code for this patch is http://dow Line 1044  Source code for this patch is http://dow
1044                                  err = sock->ops->bind(sock,                                  err = sock->ops->bind(sock,
1045                                                        (struct sockaddr *)                                                        (struct sockaddr *)
1046                                                        address, addrlen);                                                        address, addrlen);
1047  @@ -1381,6 +1395,8 @@ asmlinkage long sys_listen(int fd, int b  @@ -1381,6 +1394,8 @@ asmlinkage long sys_listen(int fd, int b
1048    
1049                  err = security_socket_listen(sock, backlog);                  err = security_socket_listen(sock, backlog);
1050                  if (!err)                  if (!err)
# Line 1057  Source code for this patch is http://dow Line 1053  Source code for this patch is http://dow
1053                          err = sock->ops->listen(sock, backlog);                          err = sock->ops->listen(sock, backlog);
1054    
1055                  fput_light(sock->file, fput_needed);                  fput_light(sock->file, fput_needed);
1056  @@ -1444,6 +1460,11 @@ asmlinkage long sys_accept(int fd, struc  @@ -1444,6 +1459,11 @@ asmlinkage long sys_accept(int fd, struc
1057          if (err < 0)          if (err < 0)
1058                  goto out_fd;                  goto out_fd;
1059    
# Line 1069  Source code for this patch is http://dow Line 1065  Source code for this patch is http://dow
1065          if (upeer_sockaddr) {          if (upeer_sockaddr) {
1066                  if (newsock->ops->getname(newsock, (struct sockaddr *)address,                  if (newsock->ops->getname(newsock, (struct sockaddr *)address,
1067                                            &len, 2) < 0) {                                            &len, 2) < 0) {
1068  @@ -1506,6 +1527,9 @@ asmlinkage long sys_connect(int fd, stru  @@ -1506,6 +1526,9 @@ asmlinkage long sys_connect(int fd, stru
1069    
1070          err =          err =
1071              security_socket_connect(sock, (struct sockaddr *)address, addrlen);              security_socket_connect(sock, (struct sockaddr *)address, addrlen);
# Line 1085  Source code for this patch is http://dow Line 1081  Source code for this patch is http://dow
1081   #include <linux/mount.h>   #include <linux/mount.h>
1082   #include <net/checksum.h>   #include <net/checksum.h>
1083   #include <linux/security.h>   #include <linux/security.h>
1084  +#include <linux/tomoyo.h>  +#include <linux/ccsecurity.h>
1085    
1086   static struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1];   static struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1];
1087   static DEFINE_SPINLOCK(unix_table_lock);   static DEFINE_SPINLOCK(unix_table_lock);
Legend:
Removed from v.2858  
changed lines
  Added in v.2859
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
サイト情報
ソフトウェアを探す
ソフトウェアを作る
コミュニティ
ヘルプ