13 |
fs/fcntl.c | 5 +++++ |
fs/fcntl.c | 5 +++++ |
14 |
fs/ioctl.c | 5 +++++ |
fs/ioctl.c | 5 +++++ |
15 |
fs/namei.c | 35 +++++++++++++++++++++++++++++++++++ |
fs/namei.c | 35 +++++++++++++++++++++++++++++++++++ |
16 |
fs/namespace.c | 27 +++++++++++++++++++++++++++ |
fs/namespace.c | 26 ++++++++++++++++++++++++++ |
17 |
fs/open.c | 16 ++++++++++++++++ |
fs/open.c | 15 +++++++++++++++ |
18 |
fs/proc/proc_misc.c | 1 + |
fs/proc/proc_misc.c | 1 + |
19 |
include/linux/init_task.h | 2 ++ |
include/linux/init_task.h | 2 ++ |
20 |
include/linux/sched.h | 4 ++++ |
include/linux/sched.h | 4 ++++ |
32 |
net/ipv4/inet_connection_sock.c | 3 +++ |
net/ipv4/inet_connection_sock.c | 3 +++ |
33 |
net/ipv4/inet_hashtables.c | 3 +++ |
net/ipv4/inet_hashtables.c | 3 +++ |
34 |
net/ipv4/raw.c | 4 ++++ |
net/ipv4/raw.c | 4 ++++ |
35 |
net/ipv4/udp.c | 8 ++++++++ |
net/ipv4/udp.c | 7 +++++++ |
36 |
net/ipv6/raw.c | 4 ++++ |
net/ipv6/raw.c | 4 ++++ |
37 |
net/ipv6/udp.c | 4 ++++ |
net/ipv6/udp.c | 4 ++++ |
38 |
net/socket.c | 24 ++++++++++++++++++++++++ |
net/socket.c | 23 +++++++++++++++++++++++ |
39 |
net/unix/af_unix.c | 4 ++++ |
net/unix/af_unix.c | 4 ++++ |
40 |
security/Kconfig | 2 ++ |
security/Kconfig | 2 ++ |
41 |
security/Makefile | 3 +++ |
security/Makefile | 3 +++ |
42 |
37 files changed, 244 insertions(+), 2 deletions(-) |
37 files changed, 240 insertions(+), 2 deletions(-) |
43 |
|
|
44 |
--- linux-2.6.25.20-0.4.orig/arch/ia64/ia32/sys_ia32.c |
--- linux-2.6.25.20-0.4.orig/arch/ia64/ia32/sys_ia32.c |
45 |
+++ linux-2.6.25.20-0.4/arch/ia64/ia32/sys_ia32.c |
+++ linux-2.6.25.20-0.4/arch/ia64/ia32/sys_ia32.c |
47 |
#include <asm/types.h> |
#include <asm/types.h> |
48 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
49 |
#include <asm/unistd.h> |
#include <asm/unistd.h> |
50 |
+#include <linux/tomoyo.h> |
+#include <linux/ccsecurity.h> |
51 |
|
|
52 |
#include "ia32priv.h" |
#include "ia32priv.h" |
53 |
|
|
66 |
#include <asm/system.h> |
#include <asm/system.h> |
67 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
68 |
#include <asm/bootinfo.h> |
#include <asm/bootinfo.h> |
69 |
+#include <linux/tomoyo.h> |
+#include <linux/ccsecurity.h> |
70 |
|
|
71 |
int ptrace_getregs(struct task_struct *child, __s64 __user *data); |
int ptrace_getregs(struct task_struct *child, __s64 __user *data); |
72 |
int ptrace_setregs(struct task_struct *child, __s64 __user *data); |
int ptrace_setregs(struct task_struct *child, __s64 __user *data); |
85 |
#include <asm/system.h> |
#include <asm/system.h> |
86 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
87 |
#include <asm/unistd.h> |
#include <asm/unistd.h> |
88 |
+#include <linux/tomoyo.h> |
+#include <linux/ccsecurity.h> |
89 |
|
|
90 |
#ifdef CONFIG_COMPAT |
#ifdef CONFIG_COMPAT |
91 |
#include "compat_ptrace.h" |
#include "compat_ptrace.h" |
104 |
#include <asm/prctl.h> |
#include <asm/prctl.h> |
105 |
#include <asm/proto.h> |
#include <asm/proto.h> |
106 |
#include <asm/ds.h> |
#include <asm/ds.h> |
107 |
+#include <linux/tomoyo.h> |
+#include <linux/ccsecurity.h> |
108 |
|
|
109 |
#include "tls.h" |
#include "tls.h" |
110 |
|
|
123 |
#include <linux/fcntl.h> |
#include <linux/fcntl.h> |
124 |
#include <linux/quotaops.h> |
#include <linux/quotaops.h> |
125 |
#include <linux/security.h> |
#include <linux/security.h> |
126 |
+#include <linux/tomoyo.h> |
+#include <linux/ccsecurity.h> |
127 |
|
|
128 |
/* Taken over from the old code... */ |
/* Taken over from the old code... */ |
129 |
|
|
151 |
#include <asm/mmu_context.h> |
#include <asm/mmu_context.h> |
152 |
#include <asm/ioctls.h> |
#include <asm/ioctls.h> |
153 |
#include "internal.h" |
#include "internal.h" |
154 |
+#include <linux/tomoyo.h> |
+#include <linux/ccsecurity.h> |
155 |
|
|
156 |
int compat_log = 1; |
int compat_log = 1; |
157 |
|
|
170 |
#include <xen/public/privcmd.h> |
#include <xen/public/privcmd.h> |
171 |
#include <xen/compat_ioctl.h> |
#include <xen/compat_ioctl.h> |
172 |
#endif |
#endif |
173 |
+#include <linux/tomoyo.h> |
+#include <linux/ccsecurity.h> |
174 |
|
|
175 |
static int do_ioctl32_pointer(unsigned int fd, unsigned int cmd, |
static int do_ioctl32_pointer(unsigned int fd, unsigned int cmd, |
176 |
unsigned long arg, struct file *f) |
unsigned long arg, struct file *f) |
200 |
#include <linux/kmod.h> |
#include <linux/kmod.h> |
201 |
#endif |
#endif |
202 |
|
|
203 |
+#include <linux/tomoyo.h> |
+#include <linux/ccsecurity.h> |
204 |
+ |
+ |
205 |
int core_uses_pid; |
int core_uses_pid; |
206 |
char core_pattern[CORENAME_MAX_SIZE] = "core"; |
char core_pattern[CORENAME_MAX_SIZE] = "core"; |
242 |
#include <asm/poll.h> |
#include <asm/poll.h> |
243 |
#include <asm/siginfo.h> |
#include <asm/siginfo.h> |
244 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
245 |
+#include <linux/tomoyo.h> |
+#include <linux/ccsecurity.h> |
246 |
|
|
247 |
void set_close_on_exec(unsigned int fd, int flag) |
void set_close_on_exec(unsigned int fd, int flag) |
248 |
{ |
{ |
263 |
#include <linux/uaccess.h> |
#include <linux/uaccess.h> |
264 |
|
|
265 |
#include <asm/ioctls.h> |
#include <asm/ioctls.h> |
266 |
+#include <linux/tomoyo.h> |
+#include <linux/ccsecurity.h> |
267 |
|
|
268 |
/** |
/** |
269 |
* vfs_ioctl - call filesystem specific ioctl methods |
* vfs_ioctl - call filesystem specific ioctl methods |
291 |
|
|
292 |
#define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE]) |
#define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE]) |
293 |
|
|
294 |
+#include <linux/tomoyo.h> |
+#include <linux/ccsecurity.h> |
295 |
+ |
+ |
296 |
/* [Feb-1997 T. Schoebel-Theuer] |
/* [Feb-1997 T. Schoebel-Theuer] |
297 |
* Fundamental changes in the pathname lookup mechanisms (namei) |
* Fundamental changes in the pathname lookup mechanisms (namei) |
322 |
return may_open(nd, 0, flag & ~O_TRUNC); |
return may_open(nd, 0, flag & ~O_TRUNC); |
323 |
} |
} |
324 |
|
|
325 |
+#include <linux/tomoyo_vfs.h> |
+#include <linux/ccsecurity_vfs.h> |
326 |
/* |
/* |
327 |
* open_namei() |
* open_namei() |
328 |
* |
* |
401 |
new_dir->d_inode, new_dentry, newnd.path.mnt); |
new_dir->d_inode, new_dentry, newnd.path.mnt); |
402 |
--- linux-2.6.25.20-0.4.orig/fs/namespace.c |
--- linux-2.6.25.20-0.4.orig/fs/namespace.c |
403 |
+++ linux-2.6.25.20-0.4/fs/namespace.c |
+++ linux-2.6.25.20-0.4/fs/namespace.c |
404 |
@@ -30,6 +30,8 @@ |
@@ -30,6 +30,7 @@ |
405 |
#include <asm/unistd.h> |
#include <asm/unistd.h> |
406 |
#include "pnode.h" |
#include "pnode.h" |
407 |
#include "internal.h" |
#include "internal.h" |
408 |
+#include <linux/sakura.h> |
+#include <linux/ccsecurity.h> |
|
+#include <linux/tomoyo.h> |
|
409 |
|
|
410 |
#define HASH_SHIFT ilog2(PAGE_SIZE / sizeof(struct list_head)) |
#define HASH_SHIFT ilog2(PAGE_SIZE / sizeof(struct list_head)) |
411 |
#define HASH_SIZE (1UL << HASH_SHIFT) |
#define HASH_SIZE (1UL << HASH_SHIFT) |
412 |
@@ -591,6 +593,9 @@ static int do_umount(struct vfsmount *mn |
@@ -591,6 +592,9 @@ static int do_umount(struct vfsmount *mn |
413 |
if (retval) |
if (retval) |
414 |
return retval; |
return retval; |
415 |
|
|
419 |
/* |
/* |
420 |
* Allow userspace to request a mountpoint be expired rather than |
* Allow userspace to request a mountpoint be expired rather than |
421 |
* unmounting unconditionally. Unmount only happens if: |
* unmounting unconditionally. Unmount only happens if: |
422 |
@@ -682,6 +687,8 @@ asmlinkage long sys_umount(char __user * |
@@ -682,6 +686,8 @@ asmlinkage long sys_umount(char __user * |
423 |
{ |
{ |
424 |
struct nameidata nd; |
struct nameidata nd; |
425 |
int retval; |
int retval; |
428 |
|
|
429 |
retval = __user_walk(name, LOOKUP_FOLLOW, &nd); |
retval = __user_walk(name, LOOKUP_FOLLOW, &nd); |
430 |
if (retval) |
if (retval) |
431 |
@@ -991,6 +998,9 @@ static noinline int do_loopback(struct n |
@@ -991,6 +997,9 @@ static noinline int do_loopback(struct n |
432 |
err = -EINVAL; |
err = -EINVAL; |
433 |
if (IS_MNT_UNBINDABLE(old_nd.path.mnt)) |
if (IS_MNT_UNBINDABLE(old_nd.path.mnt)) |
434 |
goto out; |
goto out; |
438 |
|
|
439 |
if (!check_mnt(nd->path.mnt) || !check_mnt(old_nd.path.mnt)) |
if (!check_mnt(nd->path.mnt) || !check_mnt(old_nd.path.mnt)) |
440 |
goto out; |
goto out; |
441 |
@@ -1085,6 +1095,9 @@ static noinline int do_move_mount(struct |
@@ -1085,6 +1094,9 @@ static noinline int do_move_mount(struct |
442 |
if (!check_mnt(nd->path.mnt) || !check_mnt(old_nd.path.mnt)) |
if (!check_mnt(nd->path.mnt) || !check_mnt(old_nd.path.mnt)) |
443 |
goto out; |
goto out; |
444 |
|
|
448 |
err = -ENOENT; |
err = -ENOENT; |
449 |
mutex_lock(&nd->path.dentry->d_inode->i_mutex); |
mutex_lock(&nd->path.dentry->d_inode->i_mutex); |
450 |
if (IS_DEADDIR(nd->path.dentry->d_inode)) |
if (IS_DEADDIR(nd->path.dentry->d_inode)) |
451 |
@@ -1189,6 +1202,9 @@ int do_add_mount(struct vfsmount *newmnt |
@@ -1189,6 +1201,9 @@ int do_add_mount(struct vfsmount *newmnt |
452 |
err = -EINVAL; |
err = -EINVAL; |
453 |
if (S_ISLNK(newmnt->mnt_root->d_inode->i_mode)) |
if (S_ISLNK(newmnt->mnt_root->d_inode->i_mode)) |
454 |
goto unlock; |
goto unlock; |
458 |
|
|
459 |
newmnt->mnt_flags = mnt_flags; |
newmnt->mnt_flags = mnt_flags; |
460 |
if ((err = graft_tree(newmnt, nd))) |
if ((err = graft_tree(newmnt, nd))) |
461 |
@@ -1412,6 +1428,13 @@ long do_mount(char *dev_name, char *dir_ |
@@ -1412,6 +1427,13 @@ long do_mount(char *dev_name, char *dir_ |
462 |
if (data_page) |
if (data_page) |
463 |
((char *)data_page)[PAGE_SIZE - 1] = 0; |
((char *)data_page)[PAGE_SIZE - 1] = 0; |
464 |
|
|
472 |
/* Separate the per-mountpoint flags */ |
/* Separate the per-mountpoint flags */ |
473 |
if (flags & MS_NOSUID) |
if (flags & MS_NOSUID) |
474 |
mnt_flags |= MNT_NOSUID; |
mnt_flags |= MNT_NOSUID; |
475 |
@@ -1680,6 +1703,8 @@ asmlinkage long sys_pivot_root(const cha |
@@ -1680,6 +1702,8 @@ asmlinkage long sys_pivot_root(const cha |
476 |
|
|
477 |
if (!capable(CAP_SYS_ADMIN)) |
if (!capable(CAP_SYS_ADMIN)) |
478 |
return -EPERM; |
return -EPERM; |
481 |
|
|
482 |
lock_kernel(); |
lock_kernel(); |
483 |
|
|
484 |
@@ -1696,6 +1721,8 @@ asmlinkage long sys_pivot_root(const cha |
@@ -1696,6 +1720,8 @@ asmlinkage long sys_pivot_root(const cha |
485 |
goto out1; |
goto out1; |
486 |
|
|
487 |
error = security_sb_pivotroot(&old_nd, &new_nd); |
error = security_sb_pivotroot(&old_nd, &new_nd); |
492 |
goto out1; |
goto out1; |
493 |
--- linux-2.6.25.20-0.4.orig/fs/open.c |
--- linux-2.6.25.20-0.4.orig/fs/open.c |
494 |
+++ linux-2.6.25.20-0.4/fs/open.c |
+++ linux-2.6.25.20-0.4/fs/open.c |
495 |
@@ -27,6 +27,8 @@ |
@@ -27,6 +27,7 @@ |
496 |
#include <linux/rcupdate.h> |
#include <linux/rcupdate.h> |
497 |
#include <linux/audit.h> |
#include <linux/audit.h> |
498 |
#include <linux/falloc.h> |
#include <linux/falloc.h> |
499 |
+#include <linux/sakura.h> |
+#include <linux/ccsecurity.h> |
|
+#include <linux/tomoyo.h> |
|
500 |
|
|
501 |
int vfs_statfs(struct dentry *dentry, struct kstatfs *buf) |
int vfs_statfs(struct dentry *dentry, struct kstatfs *buf) |
502 |
{ |
{ |
503 |
@@ -267,6 +269,10 @@ static long do_sys_truncate(const char _ |
@@ -267,6 +268,10 @@ static long do_sys_truncate(const char _ |
504 |
if (error) |
if (error) |
505 |
goto put_write_and_out; |
goto put_write_and_out; |
506 |
|
|
511 |
error = locks_verify_truncate(inode, NULL, length); |
error = locks_verify_truncate(inode, NULL, length); |
512 |
if (!error) { |
if (!error) { |
513 |
DQUOT_INIT(inode); |
DQUOT_INIT(inode); |
514 |
@@ -321,6 +327,10 @@ static long do_sys_ftruncate(unsigned in |
@@ -321,6 +326,10 @@ static long do_sys_ftruncate(unsigned in |
515 |
if (IS_APPEND(inode)) |
if (IS_APPEND(inode)) |
516 |
goto out_putf; |
goto out_putf; |
517 |
|
|
522 |
error = locks_verify_truncate(inode, file, length); |
error = locks_verify_truncate(inode, file, length); |
523 |
if (!error) |
if (!error) |
524 |
error = do_truncate(dentry, file->f_path.mnt, length, |
error = do_truncate(dentry, file->f_path.mnt, length, |
525 |
@@ -539,6 +549,10 @@ asmlinkage long sys_chroot(const char __ |
@@ -539,6 +548,10 @@ asmlinkage long sys_chroot(const char __ |
526 |
error = -EPERM; |
error = -EPERM; |
527 |
if (!capable(CAP_SYS_CHROOT)) |
if (!capable(CAP_SYS_CHROOT)) |
528 |
goto dput_and_out; |
goto dput_and_out; |
533 |
|
|
534 |
set_fs_root(current->fs, &nd.path); |
set_fs_root(current->fs, &nd.path); |
535 |
set_fs_altroot(); |
set_fs_altroot(); |
536 |
@@ -1172,6 +1186,8 @@ EXPORT_SYMBOL(sys_close); |
@@ -1172,6 +1185,8 @@ EXPORT_SYMBOL(sys_close); |
537 |
*/ |
*/ |
538 |
asmlinkage long sys_vhangup(void) |
asmlinkage long sys_vhangup(void) |
539 |
{ |
{ |
587 |
#include <linux/posix-timers.h> |
#include <linux/posix-timers.h> |
588 |
|
|
589 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
590 |
+#include <linux/tomoyo.h> |
+#include <linux/ccsecurity.h> |
591 |
|
|
592 |
int get_compat_timespec(struct timespec *ts, const struct compat_timespec __user *cts) |
int get_compat_timespec(struct timespec *ts, const struct compat_timespec __user *cts) |
593 |
{ |
{ |
606 |
#include <asm/system.h> |
#include <asm/system.h> |
607 |
#include <asm/semaphore.h> |
#include <asm/semaphore.h> |
608 |
#include <asm/sections.h> |
#include <asm/sections.h> |
609 |
+#include <linux/tomoyo.h> |
+#include <linux/ccsecurity.h> |
610 |
|
|
611 |
/* Per cpu memory for storing cpu states in case of system crash. */ |
/* Per cpu memory for storing cpu states in case of system crash. */ |
612 |
note_buf_t* crash_notes; |
note_buf_t* crash_notes; |
637 |
#include <asm/cacheflush.h> |
#include <asm/cacheflush.h> |
638 |
#include <linux/license.h> |
#include <linux/license.h> |
639 |
#include <asm/sections.h> |
#include <asm/sections.h> |
640 |
+#include <linux/tomoyo.h> |
+#include <linux/ccsecurity.h> |
641 |
|
|
642 |
#if 0 |
#if 0 |
643 |
#define DEBUGP printk |
#define DEBUGP printk |
665 |
|
|
666 |
#include <asm/pgtable.h> |
#include <asm/pgtable.h> |
667 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
668 |
+#include <linux/tomoyo.h> |
+#include <linux/ccsecurity.h> |
669 |
|
|
670 |
/* |
/* |
671 |
* ptrace a task: make the debugger its new parent and |
* ptrace a task: make the debugger its new parent and |
693 |
|
|
694 |
#include <asm/tlb.h> |
#include <asm/tlb.h> |
695 |
#include <asm/irq_regs.h> |
#include <asm/irq_regs.h> |
696 |
+#include <linux/tomoyo.h> |
+#include <linux/ccsecurity.h> |
697 |
|
|
698 |
/* |
/* |
699 |
* Scheduler clock - returns current time in nanosec units. |
* Scheduler clock - returns current time in nanosec units. |
712 |
#include <asm/unistd.h> |
#include <asm/unistd.h> |
713 |
#include <asm/siginfo.h> |
#include <asm/siginfo.h> |
714 |
#include "audit.h" /* audit_signal_info() */ |
#include "audit.h" /* audit_signal_info() */ |
715 |
+#include <linux/tomoyo.h> |
+#include <linux/ccsecurity.h> |
716 |
|
|
717 |
/* |
/* |
718 |
* SLAB caches for signal bits. |
* SLAB caches for signal bits. |
749 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
750 |
#include <asm/io.h> |
#include <asm/io.h> |
751 |
#include <asm/unistd.h> |
#include <asm/unistd.h> |
752 |
+#include <linux/tomoyo.h> |
+#include <linux/ccsecurity.h> |
753 |
|
|
754 |
#ifndef SET_UNALIGN_CTL |
#ifndef SET_UNALIGN_CTL |
755 |
# define SET_UNALIGN_CTL(a,b) (-EINVAL) |
# define SET_UNALIGN_CTL(a,b) (-EINVAL) |
797 |
|
|
798 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
799 |
#include <asm/processor.h> |
#include <asm/processor.h> |
800 |
+#include <linux/tomoyo.h> |
+#include <linux/ccsecurity.h> |
801 |
|
|
802 |
#ifdef CONFIG_X86 |
#ifdef CONFIG_X86 |
803 |
#include <asm/nmi.h> |
#include <asm/nmi.h> |
825 |
|
|
826 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
827 |
#include <asm/unistd.h> |
#include <asm/unistd.h> |
828 |
+#include <linux/tomoyo.h> |
+#include <linux/ccsecurity.h> |
829 |
|
|
830 |
#include "timeconst.h" |
#include "timeconst.h" |
831 |
|
|
853 |
#include <linux/capability.h> |
#include <linux/capability.h> |
854 |
#include <asm/div64.h> |
#include <asm/div64.h> |
855 |
#include <asm/timex.h> |
#include <asm/timex.h> |
856 |
+#include <linux/tomoyo.h> |
+#include <linux/ccsecurity.h> |
857 |
|
|
858 |
/* |
/* |
859 |
* Timekeeping variables |
* Timekeeping variables |
872 |
#include <net/route.h> |
#include <net/route.h> |
873 |
#include <net/tcp_states.h> |
#include <net/tcp_states.h> |
874 |
#include <net/xfrm.h> |
#include <net/xfrm.h> |
875 |
+#include <linux/sakura.h> |
+#include <linux/ccsecurity.h> |
876 |
|
|
877 |
#ifdef INET_CSK_DEBUG |
#ifdef INET_CSK_DEBUG |
878 |
const char inet_csk_timer_bug_msg[] = "inet_csk BUG: unknown timer value\n"; |
const char inet_csk_timer_bug_msg[] = "inet_csk BUG: unknown timer value\n"; |
891 |
#include <net/inet_connection_sock.h> |
#include <net/inet_connection_sock.h> |
892 |
#include <net/inet_hashtables.h> |
#include <net/inet_hashtables.h> |
893 |
#include <net/ip.h> |
#include <net/ip.h> |
894 |
+#include <linux/sakura.h> |
+#include <linux/ccsecurity.h> |
895 |
|
|
896 |
/* |
/* |
897 |
* Allocate and initialize a new local port bind bucket. |
* Allocate and initialize a new local port bind bucket. |
910 |
#include <linux/seq_file.h> |
#include <linux/seq_file.h> |
911 |
#include <linux/netfilter.h> |
#include <linux/netfilter.h> |
912 |
#include <linux/netfilter_ipv4.h> |
#include <linux/netfilter_ipv4.h> |
913 |
+#include <linux/tomoyo_socket.h> |
+#include <linux/ccsecurity.h> |
914 |
|
|
915 |
static struct raw_hashinfo raw_v4_hashinfo = { |
static struct raw_hashinfo raw_v4_hashinfo = { |
916 |
.lock = __RW_LOCK_UNLOCKED(), |
.lock = __RW_LOCK_UNLOCKED(), |
926 |
if (len < copied) { |
if (len < copied) { |
927 |
--- linux-2.6.25.20-0.4.orig/net/ipv4/udp.c |
--- linux-2.6.25.20-0.4.orig/net/ipv4/udp.c |
928 |
+++ linux-2.6.25.20-0.4/net/ipv4/udp.c |
+++ linux-2.6.25.20-0.4/net/ipv4/udp.c |
929 |
@@ -105,6 +105,8 @@ |
@@ -105,6 +105,7 @@ |
930 |
#include <net/checksum.h> |
#include <net/checksum.h> |
931 |
#include <net/xfrm.h> |
#include <net/xfrm.h> |
932 |
#include "udp_impl.h" |
#include "udp_impl.h" |
933 |
+#include <linux/sakura.h> |
+#include <linux/ccsecurity.h> |
|
+#include <linux/tomoyo_socket.h> |
|
934 |
|
|
935 |
/* |
/* |
936 |
* Snmp MIB for the UDP layer |
* Snmp MIB for the UDP layer |
937 |
@@ -176,6 +178,8 @@ int __udp_lib_get_port(struct sock *sk, |
@@ -176,6 +177,8 @@ int __udp_lib_get_port(struct sock *sk, |
938 |
/* 1st pass: look for empty (or shortest) hash chain */ |
/* 1st pass: look for empty (or shortest) hash chain */ |
939 |
for (i = 0; i < UDP_HTABLE_SIZE; i++) { |
for (i = 0; i < UDP_HTABLE_SIZE; i++) { |
940 |
int size = 0; |
int size = 0; |
943 |
|
|
944 |
head = &udptable[rover & (UDP_HTABLE_SIZE - 1)]; |
head = &udptable[rover & (UDP_HTABLE_SIZE - 1)]; |
945 |
if (hlist_empty(head)) |
if (hlist_empty(head)) |
946 |
@@ -199,6 +203,7 @@ int __udp_lib_get_port(struct sock *sk, |
@@ -199,6 +202,7 @@ int __udp_lib_get_port(struct sock *sk, |
947 |
/* 2nd pass: find hole in shortest hash chain */ |
/* 2nd pass: find hole in shortest hash chain */ |
948 |
rover = best; |
rover = best; |
949 |
for (i = 0; i < (1 << 16) / UDP_HTABLE_SIZE; i++) { |
for (i = 0; i < (1 << 16) / UDP_HTABLE_SIZE; i++) { |
951 |
if (! __udp_lib_lport_inuse(net, rover, udptable)) |
if (! __udp_lib_lport_inuse(net, rover, udptable)) |
952 |
goto gotit; |
goto gotit; |
953 |
rover += UDP_HTABLE_SIZE; |
rover += UDP_HTABLE_SIZE; |
954 |
@@ -863,6 +868,9 @@ try_again: |
@@ -863,6 +867,9 @@ try_again: |
955 |
&peeked, &err); |
&peeked, &err); |
956 |
if (!skb) |
if (!skb) |
957 |
goto out; |
goto out; |
967 |
|
|
968 |
#include <linux/proc_fs.h> |
#include <linux/proc_fs.h> |
969 |
#include <linux/seq_file.h> |
#include <linux/seq_file.h> |
970 |
+#include <linux/tomoyo_socket.h> |
+#include <linux/ccsecurity.h> |
971 |
|
|
972 |
static struct raw_hashinfo raw_v6_hashinfo = { |
static struct raw_hashinfo raw_v6_hashinfo = { |
973 |
.lock = __RW_LOCK_UNLOCKED(), |
.lock = __RW_LOCK_UNLOCKED(), |
987 |
#include <linux/proc_fs.h> |
#include <linux/proc_fs.h> |
988 |
#include <linux/seq_file.h> |
#include <linux/seq_file.h> |
989 |
#include "udp_impl.h" |
#include "udp_impl.h" |
990 |
+#include <linux/tomoyo_socket.h> |
+#include <linux/ccsecurity.h> |
991 |
|
|
992 |
static inline int udp_v6_get_port(struct sock *sk, unsigned short snum) |
static inline int udp_v6_get_port(struct sock *sk, unsigned short snum) |
993 |
{ |
{ |
1003 |
copied = len; |
copied = len; |
1004 |
--- linux-2.6.25.20-0.4.orig/net/socket.c |
--- linux-2.6.25.20-0.4.orig/net/socket.c |
1005 |
+++ linux-2.6.25.20-0.4/net/socket.c |
+++ linux-2.6.25.20-0.4/net/socket.c |
1006 |
@@ -94,6 +94,9 @@ |
@@ -94,6 +94,8 @@ |
1007 |
#include <net/sock.h> |
#include <net/sock.h> |
1008 |
#include <linux/netfilter.h> |
#include <linux/netfilter.h> |
1009 |
|
|
1010 |
+#include <linux/tomoyo.h> |
+#include <linux/ccsecurity.h> |
|
+#include <linux/tomoyo_socket.h> |
|
1011 |
+ |
+ |
1012 |
static int sock_no_open(struct inode *irrelevant, struct file *dontcare); |
static int sock_no_open(struct inode *irrelevant, struct file *dontcare); |
1013 |
static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov, |
static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov, |
1014 |
unsigned long nr_segs, loff_t pos); |
unsigned long nr_segs, loff_t pos); |
1015 |
@@ -555,6 +558,10 @@ static inline int __sock_sendmsg(struct |
@@ -555,6 +557,10 @@ static inline int __sock_sendmsg(struct |
1016 |
si->size = size; |
si->size = size; |
1017 |
|
|
1018 |
err = security_socket_sendmsg(sock, msg, size); |
err = security_socket_sendmsg(sock, msg, size); |
1023 |
if (err) |
if (err) |
1024 |
return err; |
return err; |
1025 |
|
|
1026 |
@@ -1121,6 +1128,8 @@ static int __sock_create(struct net *net |
@@ -1121,6 +1127,8 @@ static int __sock_create(struct net *net |
1027 |
} |
} |
1028 |
|
|
1029 |
err = security_socket_create(family, type, protocol, kern); |
err = security_socket_create(family, type, protocol, kern); |
1032 |
if (err) |
if (err) |
1033 |
return err; |
return err; |
1034 |
|
|
1035 |
@@ -1352,6 +1361,11 @@ asmlinkage long sys_bind(int fd, struct |
@@ -1352,6 +1360,11 @@ asmlinkage long sys_bind(int fd, struct |
1036 |
(struct sockaddr *)address, |
(struct sockaddr *)address, |
1037 |
addrlen); |
addrlen); |
1038 |
if (!err) |
if (!err) |
1044 |
err = sock->ops->bind(sock, |
err = sock->ops->bind(sock, |
1045 |
(struct sockaddr *) |
(struct sockaddr *) |
1046 |
address, addrlen); |
address, addrlen); |
1047 |
@@ -1381,6 +1395,8 @@ asmlinkage long sys_listen(int fd, int b |
@@ -1381,6 +1394,8 @@ asmlinkage long sys_listen(int fd, int b |
1048 |
|
|
1049 |
err = security_socket_listen(sock, backlog); |
err = security_socket_listen(sock, backlog); |
1050 |
if (!err) |
if (!err) |
1053 |
err = sock->ops->listen(sock, backlog); |
err = sock->ops->listen(sock, backlog); |
1054 |
|
|
1055 |
fput_light(sock->file, fput_needed); |
fput_light(sock->file, fput_needed); |
1056 |
@@ -1444,6 +1460,11 @@ asmlinkage long sys_accept(int fd, struc |
@@ -1444,6 +1459,11 @@ asmlinkage long sys_accept(int fd, struc |
1057 |
if (err < 0) |
if (err < 0) |
1058 |
goto out_fd; |
goto out_fd; |
1059 |
|
|
1065 |
if (upeer_sockaddr) { |
if (upeer_sockaddr) { |
1066 |
if (newsock->ops->getname(newsock, (struct sockaddr *)address, |
if (newsock->ops->getname(newsock, (struct sockaddr *)address, |
1067 |
&len, 2) < 0) { |
&len, 2) < 0) { |
1068 |
@@ -1506,6 +1527,9 @@ asmlinkage long sys_connect(int fd, stru |
@@ -1506,6 +1526,9 @@ asmlinkage long sys_connect(int fd, stru |
1069 |
|
|
1070 |
err = |
err = |
1071 |
security_socket_connect(sock, (struct sockaddr *)address, addrlen); |
security_socket_connect(sock, (struct sockaddr *)address, addrlen); |
1081 |
#include <linux/mount.h> |
#include <linux/mount.h> |
1082 |
#include <net/checksum.h> |
#include <net/checksum.h> |
1083 |
#include <linux/security.h> |
#include <linux/security.h> |
1084 |
+#include <linux/tomoyo.h> |
+#include <linux/ccsecurity.h> |
1085 |
|
|
1086 |
static struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1]; |
static struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1]; |
1087 |
static DEFINE_SPINLOCK(unix_table_lock); |
static DEFINE_SPINLOCK(unix_table_lock); |