オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/trunk/ccs-patch/ccs-patch-2.6.19.txt

Contents of /trunk/ccs-patch/ccs-patch-2.6.19.txt

Parent Directory Parent Directory | Revision Log Revision Log

Revision 212 - (show annotations) (download)
Mon May 14 13:52:27 2007 UTC (17 years ago) by kumaneko
File MIME type: text/plain
File size: 43187 byte(s) 
Typo fix
1 diff -ubBpEr linux-2.6.19/Makefile linux-2.6.19-ccs/Makefile
2 --- linux-2.6.19/Makefile 2007-03-03 10:49:57.000000000 +0900
3 +++ linux-2.6.19-ccs/Makefile 2007-03-03 10:55:25.000000000 +0900
4 @@ -1,7 +1,7 @@
5 VERSION = 2
6 PATCHLEVEL = 6
7 SUBLEVEL = 19
8 -EXTRAVERSION =
9 +EXTRAVERSION = -ccs
10 NAME=Avast! A bilge rat!
11
12 # *DOCUMENTATION*
13 diff -ubBpEr linux-2.6.19/fs/Kconfig linux-2.6.19-ccs/fs/Kconfig
14 --- linux-2.6.19/fs/Kconfig 2007-03-03 10:49:57.000000000 +0900
15 +++ linux-2.6.19-ccs/fs/Kconfig 2007-03-03 10:55:25.000000000 +0900
16 @@ -2098,5 +2098,7 @@ endif
17 source "fs/nls/Kconfig"
18 source "fs/dlm/Kconfig"
19
20 +source "fs/Kconfig.ccs"
21 +
22 endmenu
23
24 diff -ubBpEr linux-2.6.19/fs/Makefile linux-2.6.19-ccs/fs/Makefile
25 --- linux-2.6.19/fs/Makefile 2007-03-03 10:49:57.000000000 +0900
26 +++ linux-2.6.19-ccs/fs/Makefile 2007-03-03 10:55:25.000000000 +0900
27 @@ -114,3 +114,5 @@ obj-$(CONFIG_HPPFS) += hppfs/
28 obj-$(CONFIG_DEBUG_FS) += debugfs/
29 obj-$(CONFIG_OCFS2_FS) += ocfs2/
30 obj-$(CONFIG_GFS2_FS) += gfs2/
31 +
32 +include $(srctree)/fs/Makefile-2.6.ccs
33 diff -ubBpEr linux-2.6.19/fs/attr.c linux-2.6.19-ccs/fs/attr.c
34 --- linux-2.6.19/fs/attr.c 2007-03-03 11:38:54.000000000 +0900
35 +++ linux-2.6.19-ccs/fs/attr.c 2007-03-03 11:38:54.000000000 +0900
36 @@ -15,6 +15,9 @@
37 #include <linux/fcntl.h>
38 #include <linux/quotaops.h>
39 #include <linux/security.h>
40 +/***** TOMOYO Linux start. *****/
41 +#include <linux/tomoyo.h>
42 +/***** TOMOYO Linux end. *****/
43
44 /* Taken over from the old code... */
45
46 @@ -145,12 +148,20 @@ int notify_change(struct dentry * dentry
47
48 if (inode->i_op && inode->i_op->setattr) {
49 error = security_inode_setattr(dentry, attr);
50 + /***** TOMOYO Linux start. *****/
51 + if (!error && (ia_valid & ATTR_MODE)) error = CheckCapabilityACL(TOMOYO_SYS_CHMOD);
52 + if (!error && (ia_valid & (ATTR_UID | ATTR_GID))) error = CheckCapabilityACL(TOMOYO_SYS_CHOWN);
53 + /***** TOMOYO Linux end. *****/
54 if (!error)
55 error = inode->i_op->setattr(dentry, attr);
56 } else {
57 error = inode_change_ok(inode, attr);
58 if (!error)
59 error = security_inode_setattr(dentry, attr);
60 + /***** TOMOYO Linux start. *****/
61 + if (!error && (ia_valid & ATTR_MODE)) error = CheckCapabilityACL(TOMOYO_SYS_CHMOD);
62 + if (!error && (ia_valid & (ATTR_UID | ATTR_GID))) error = CheckCapabilityACL(TOMOYO_SYS_CHOWN);
63 + /***** TOMOYO Linux end. *****/
64 if (!error) {
65 if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) ||
66 (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid))
67 diff -ubBpEr linux-2.6.19/fs/compat.c linux-2.6.19-ccs/fs/compat.c
68 --- linux-2.6.19/fs/compat.c 2007-03-03 11:38:54.000000000 +0900
69 +++ linux-2.6.19-ccs/fs/compat.c 2007-03-03 11:38:54.000000000 +0900
70 @@ -53,6 +53,9 @@
71 #include <asm/mmu_context.h>
72 #include <asm/ioctls.h>
73 #include "internal.h"
74 +/***** TOMOYO Linux start. *****/
75 +#include <linux/tomoyo.h>
76 +/***** TOMOYO Linux end. *****/
77
78 int compat_log = 1;
79
80 @@ -419,6 +422,9 @@ asmlinkage long compat_sys_ioctl(unsigne
81 /*FALL THROUGH*/
82
83 default:
84 + /***** TOMOYO Linux start. *****/
85 + if ((error = CheckCapabilityACL(TOMOYO_SYS_IOCTL)) < 0) goto out_fput;
86 + /***** TOMOYO Linux end. *****/
87 if (filp->f_op && filp->f_op->compat_ioctl) {
88 error = filp->f_op->compat_ioctl(filp, cmd, arg);
89 if (error != -ENOIOCTLCMD)
90 @@ -1547,7 +1553,7 @@ int compat_do_execve(char * filename,
91 if (retval < 0)
92 goto out;
93
94 - retval = search_binary_handler(bprm, regs);
95 + retval = search_binary_handler_with_transition(bprm, regs);
96 if (retval >= 0) {
97 free_arg_pages(bprm);
98
99 diff -ubBpEr linux-2.6.19/fs/exec.c linux-2.6.19-ccs/fs/exec.c
100 --- linux-2.6.19/fs/exec.c 2007-03-03 11:38:54.000000000 +0900
101 +++ linux-2.6.19-ccs/fs/exec.c 2007-03-06 10:04:16.000000000 +0900
102 @@ -57,6 +57,10 @@
103 #include <linux/kmod.h>
104 #endif
105
106 +/***** TOMOYO Linux start. *****/
107 +#include <linux/tomoyo.h>
108 +/***** TOMOYO Linux end. *****/
109 +
110 int core_uses_pid;
111 char core_pattern[128] = "core";
112 int suid_dumpable = 0;
113 @@ -139,6 +143,11 @@ asmlinkage long sys_uselib(const char __
114 if (error)
115 goto exit;
116
117 + /***** TOMOYO Linux start. *****/
118 + error = CheckOpenPermission(nd.dentry, nd.mnt, 01); /* 01 means "read". */
119 + if (error) goto exit;
120 + /***** TOMOYO Linux end. *****/
121 +
122 file = nameidata_to_filp(&nd, O_RDONLY);
123 error = PTR_ERR(file);
124 if (IS_ERR(file))
125 @@ -486,6 +495,9 @@ struct file *open_exec(const char *name)
126 if (!(nd.mnt->mnt_flags & MNT_NOEXEC) &&
127 S_ISREG(inode->i_mode)) {
128 int err = vfs_permission(&nd, MAY_EXEC);
129 + /***** TOMOYO Linux start. *****/
130 + if (!err && (current->tomoyo_flags & TOMOYO_CHECK_READ_FOR_OPEN_EXEC)) err = CheckOpenPermission(nd.dentry, nd.mnt, 01); /* 01 means "read". */
131 + /***** TOMOYO Linux end. *****/
132 file = ERR_PTR(err);
133 if (!err) {
134 file = nameidata_to_filp(&nd, O_RDONLY);
135 @@ -1184,7 +1196,8 @@ int do_execve(char * filename,
136 if (retval < 0)
137 goto out;
138
139 - retval = search_binary_handler(bprm,regs);
140 + retval = search_binary_handler_with_transition(bprm,regs);
141 +
142 if (retval >= 0) {
143 free_arg_pages(bprm);
144
145 diff -ubBpEr linux-2.6.19/fs/fcntl.c linux-2.6.19-ccs/fs/fcntl.c
146 --- linux-2.6.19/fs/fcntl.c 2007-03-03 11:38:54.000000000 +0900
147 +++ linux-2.6.19-ccs/fs/fcntl.c 2007-03-03 11:38:54.000000000 +0900
148 @@ -22,6 +22,9 @@
149 #include <asm/poll.h>
150 #include <asm/siginfo.h>
151 #include <asm/uaccess.h>
152 +/***** TOMOYO Linux start. *****/
153 +#include <linux/tomoyo.h>
154 +/***** TOMOYO Linux end. *****/
155
156 void fastcall set_close_on_exec(unsigned int fd, int flag)
157 {
158 @@ -214,6 +217,10 @@ static int setfl(int fd, struct file * f
159 if (((arg ^ filp->f_flags) & O_APPEND) && IS_APPEND(inode))
160 return -EPERM;
161
162 + /***** TOMOYO Linux start. *****/
163 + if (!(arg & O_APPEND) && CheckReWritePermission(filp)) return -EPERM;
164 + /***** TOMOYO Linux end. *****/
165 +
166 /* O_NOATIME can only be set by the owner or superuser */
167 if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME))
168 if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER))
169 diff -ubBpEr linux-2.6.19/fs/ioctl.c linux-2.6.19-ccs/fs/ioctl.c
170 --- linux-2.6.19/fs/ioctl.c 2007-03-03 11:38:54.000000000 +0900
171 +++ linux-2.6.19-ccs/fs/ioctl.c 2007-03-03 11:38:54.000000000 +0900
172 @@ -15,6 +15,9 @@
173
174 #include <asm/uaccess.h>
175 #include <asm/ioctls.h>
176 +/***** TOMOYO Linux start. *****/
177 +#include <linux/tomoyo.h>
178 +/***** TOMOYO Linux end. *****/
179
180 static long do_ioctl(struct file *filp, unsigned int cmd,
181 unsigned long arg)
182 @@ -23,6 +26,9 @@ static long do_ioctl(struct file *filp,
183
184 if (!filp->f_op)
185 goto out;
186 + /***** TOMOYO Linux start. *****/
187 + if (CheckCapabilityACL(TOMOYO_SYS_IOCTL) < 0) return -EPERM;
188 + /***** TOMOYO Linux end. *****/
189
190 if (filp->f_op->unlocked_ioctl) {
191 error = filp->f_op->unlocked_ioctl(filp, cmd, arg);
192 diff -ubBpEr linux-2.6.19/fs/namei.c linux-2.6.19-ccs/fs/namei.c
193 --- linux-2.6.19/fs/namei.c 2007-03-03 11:38:54.000000000 +0900
194 +++ linux-2.6.19-ccs/fs/namei.c 2007-03-03 11:41:23.000000000 +0900
195 @@ -37,6 +37,10 @@
196
197 #define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE])
198
199 +/***** TOMOYO Linux start. *****/
200 +#include <linux/tomoyo.h>
201 +/***** TOMOYO Linux end. *****/
202 +
203 /* [Feb-1997 T. Schoebel-Theuer]
204 * Fundamental changes in the pathname lookup mechanisms (namei)
205 * were necessary because of omirr. The reason is that omirr needs
206 @@ -1509,6 +1513,9 @@ int vfs_create(struct inode *dir, struct
207 error = security_inode_create(dir, dentry, mode);
208 if (error)
209 return error;
210 + /***** TOMOYO Linux start. *****/
211 + if (nd && (error = CheckSingleWritePermission(TYPE_CREATE_ACL, dentry, nd->mnt)) < 0) return error;
212 + /***** TOMOYO Linux end. *****/
213 DQUOT_INIT(dir);
214 error = dir->i_op->create(dir, dentry, mode, nd);
215 if (!error)
216 @@ -1564,6 +1571,11 @@ int may_open(struct nameidata *nd, int a
217 if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER))
218 return -EPERM;
219
220 + /***** TOMOYO Linux start. *****/
221 + error = CheckOpenPermission(dentry, nd->mnt, flag); /* includes O_APPEND and O_TRUNC checks */
222 + if (error) return error;
223 + /***** TOMOYO Linux end. *****/
224 +
225 /*
226 * Ensure there are no outstanding leases on the file.
227 */
228 @@ -1613,6 +1625,9 @@ static int open_namei_create(struct name
229 return may_open(nd, 0, flag & ~O_TRUNC);
230 }
231
232 +/***** TOMOYO Linux start. *****/
233 +#include <linux/tomoyo_vfs.h>
234 +/***** TOMOYO Linux end. *****/
235 /*
236 * open_namei()
237 *
238 @@ -1873,6 +1888,12 @@ asmlinkage long sys_mknodat(int dfd, con
239
240 if (S_ISDIR(mode))
241 return -EPERM;
242 + /***** TOMOYO Linux start. *****/
243 + if (S_ISCHR(mode) && CheckCapabilityACL(TOMOYO_CREATE_CHAR_DEV)) return -EPERM;
244 + if (S_ISBLK(mode) && CheckCapabilityACL(TOMOYO_CREATE_BLOCK_DEV)) return -EPERM;
245 + if (S_ISFIFO(mode) && CheckCapabilityACL(TOMOYO_CREATE_FIFO)) return -EPERM;
246 + if (S_ISSOCK(mode) && CheckCapabilityACL(TOMOYO_CREATE_UNIX_SOCKET)) return -EPERM;
247 + /***** TOMOYO Linux end. *****/
248 tmp = getname(filename);
249 if (IS_ERR(tmp))
250 return PTR_ERR(tmp);
251 @@ -1891,10 +1912,16 @@ asmlinkage long sys_mknodat(int dfd, con
252 error = vfs_create(nd.dentry->d_inode,dentry,mode,&nd);
253 break;
254 case S_IFCHR: case S_IFBLK:
255 + /***** TOMOYO Linux start. *****/
256 + if ((error = pre_vfs_mknod(nd.dentry->d_inode, dentry, mode)) == 0 && (error = CheckSingleWritePermission(S_ISCHR(mode) ? TYPE_MKCHAR_ACL : TYPE_MKBLOCK_ACL, dentry, nd.mnt)) == 0)
257 + /***** TOMOYO Linux end. *****/
258 error = vfs_mknod(nd.dentry->d_inode,dentry,mode,
259 new_decode_dev(dev));
260 break;
261 case S_IFIFO: case S_IFSOCK:
262 + /***** TOMOYO Linux start. *****/
263 + if ((error = pre_vfs_mknod(nd.dentry->d_inode, dentry, mode)) == 0 && (error = CheckSingleWritePermission(S_ISFIFO(mode) ? TYPE_MKFIFO_ACL : TYPE_MKSOCK_ACL, dentry, nd.mnt)) == 0)
264 + /***** TOMOYO Linux end. *****/
265 error = vfs_mknod(nd.dentry->d_inode,dentry,mode,0);
266 break;
267 case S_IFDIR:
268 @@ -1962,6 +1989,9 @@ asmlinkage long sys_mkdirat(int dfd, con
269
270 if (!IS_POSIXACL(nd.dentry->d_inode))
271 mode &= ~current->fs->umask;
272 + /***** TOMOYO Linux start. *****/
273 + if ((error = pre_vfs_mkdir(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_MKDIR_ACL, dentry, nd.mnt)) == 0)
274 + /***** TOMOYO Linux end. *****/
275 error = vfs_mkdir(nd.dentry->d_inode, dentry, mode);
276 dput(dentry);
277 out_unlock:
278 @@ -2070,6 +2100,9 @@ static long do_rmdir(int dfd, const char
279 error = PTR_ERR(dentry);
280 if (IS_ERR(dentry))
281 goto exit2;
282 + /***** TOMOYO Linux start. *****/
283 + if ((error = pre_vfs_rmdir(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_RMDIR_ACL, dentry, nd.mnt)) == 0)
284 + /***** TOMOYO Linux end. *****/
285 error = vfs_rmdir(nd.dentry->d_inode, dentry);
286 dput(dentry);
287 exit2:
288 @@ -2129,6 +2162,9 @@ static long do_unlinkat(int dfd, const c
289 struct dentry *dentry;
290 struct nameidata nd;
291 struct inode *inode = NULL;
292 + /***** TOMOYO Linux start. *****/
293 + if (CheckCapabilityACL(TOMOYO_SYS_UNLINK)) return -EPERM;
294 + /***** TOMOYO Linux end. *****/
295
296 name = getname(pathname);
297 if(IS_ERR(name))
298 @@ -2150,6 +2186,9 @@ static long do_unlinkat(int dfd, const c
299 inode = dentry->d_inode;
300 if (inode)
301 atomic_inc(&inode->i_count);
302 + /***** TOMOYO Linux start. *****/
303 + if ((error = pre_vfs_unlink(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_UNLINK_ACL, dentry, nd.mnt)) == 0)
304 + /***** TOMOYO Linux end. *****/
305 error = vfs_unlink(nd.dentry->d_inode, dentry);
306 exit2:
307 dput(dentry);
308 @@ -2214,6 +2253,9 @@ asmlinkage long sys_symlinkat(const char
309 char * to;
310 struct dentry *dentry;
311 struct nameidata nd;
312 + /***** TOMOYO Linux start. *****/
313 + if (CheckCapabilityACL(TOMOYO_SYS_SYMLINK)) return -EPERM;
314 + /***** TOMOYO Linux end. *****/
315
316 from = getname(oldname);
317 if(IS_ERR(from))
318 @@ -2231,6 +2273,9 @@ asmlinkage long sys_symlinkat(const char
319 if (IS_ERR(dentry))
320 goto out_unlock;
321
322 + /***** TOMOYO Linux start. *****/
323 + if ((error = pre_vfs_symlink(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_SYMLINK_ACL, dentry, nd.mnt)) == 0)
324 + /***** TOMOYO Linux end. *****/
325 error = vfs_symlink(nd.dentry->d_inode, dentry, from, S_IALLUGO);
326 dput(dentry);
327 out_unlock:
328 @@ -2303,6 +2348,9 @@ asmlinkage long sys_linkat(int olddfd, c
329 struct nameidata nd, old_nd;
330 int error;
331 char * to;
332 + /***** TOMOYO Linux start. *****/
333 + if (CheckCapabilityACL(TOMOYO_SYS_LINK)) return -EPERM;
334 + /***** TOMOYO Linux end. *****/
335
336 if ((flags & ~AT_SYMLINK_FOLLOW) != 0)
337 return -EINVAL;
338 @@ -2326,6 +2374,9 @@ asmlinkage long sys_linkat(int olddfd, c
339 error = PTR_ERR(new_dentry);
340 if (IS_ERR(new_dentry))
341 goto out_unlock;
342 + /***** TOMOYO Linux start. *****/
343 + if ((error = pre_vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry)) == 0 && (error = CheckDoubleWritePermission(TYPE_LINK_ACL, old_nd.dentry, old_nd.mnt, new_dentry, nd.mnt)) == 0)
344 + /***** TOMOYO Linux end. *****/
345 error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
346 dput(new_dentry);
347 out_unlock:
348 @@ -2551,6 +2602,12 @@ static int do_rename(int olddfd, const c
349 error = -ENOTEMPTY;
350 if (new_dentry == trap)
351 goto exit5;
352 + /***** TOMOYO Linux start. *****/
353 + if ((error = pre_vfs_rename(old_dir->d_inode, old_dentry, new_dir->d_inode, new_dentry)) < 0 ||
354 + (error = CheckDoubleWritePermission(TYPE_RENAME_ACL, old_dentry, oldnd.mnt, new_dentry, newnd.mnt)) < 0) {
355 + goto exit5;
356 + }
357 + /***** TOMOYO Linux end. *****/
358
359 error = vfs_rename(old_dir->d_inode, old_dentry,
360 new_dir->d_inode, new_dentry);
361 @@ -2574,6 +2631,9 @@ asmlinkage long sys_renameat(int olddfd,
362 int error;
363 char * from;
364 char * to;
365 + /***** TOMOYO Linux start. *****/
366 + if (CheckCapabilityACL(TOMOYO_SYS_RENAME)) return -EPERM;
367 + /***** TOMOYO Linux end. *****/
368
369 from = getname(oldname);
370 if(IS_ERR(from))
371 diff -ubBpEr linux-2.6.19/fs/namespace.c linux-2.6.19-ccs/fs/namespace.c
372 --- linux-2.6.19/fs/namespace.c 2007-03-03 11:38:54.000000000 +0900
373 +++ linux-2.6.19-ccs/fs/namespace.c 2007-03-19 09:27:10.000000000 +0900
374 @@ -28,6 +28,12 @@
375 #include <asm/uaccess.h>
376 #include <asm/unistd.h>
377 #include "pnode.h"
378 +/***** SAKURA Linux start. *****/
379 +#include <linux/sakura.h>
380 +/***** SAKURA Linux end. *****/
381 +/***** TOMOYO Linux start. *****/
382 +#include <linux/tomoyo.h>
383 +/***** TOMOYO Linux end. *****/
384
385 /* spinlock for vfsmount related operations, inplace of dcache_lock */
386 __cacheline_aligned_in_smp DEFINE_SPINLOCK(vfsmount_lock);
387 @@ -545,6 +551,10 @@ static int do_umount(struct vfsmount *mn
388 if (retval)
389 return retval;
390
391 + /***** SAKURA Linux start. *****/
392 + if (SAKURA_MayUmount(mnt) < 0) return -EPERM;
393 + /***** SAKURA Linux end. *****/
394 +
395 /*
396 * Allow userspace to request a mountpoint be expired rather than
397 * unmounting unconditionally. Unmount only happens if:
398 @@ -633,6 +643,9 @@ asmlinkage long sys_umount(char __user *
399 {
400 struct nameidata nd;
401 int retval;
402 + /***** TOMOYO Linux start. *****/
403 + if (CheckCapabilityACL(TOMOYO_SYS_UMOUNT)) return -EPERM;
404 + /***** TOMOYO Linux end. *****/
405
406 retval = __user_walk(name, LOOKUP_FOLLOW, &nd);
407 if (retval)
408 @@ -917,6 +930,10 @@ static int do_loopback(struct nameidata
409
410 if (!check_mnt(nd->mnt) || !check_mnt(old_nd.mnt))
411 goto out;
412 + /***** SAKURA Linux start. *****/
413 + err = -EPERM;
414 + if (SAKURA_MayMount(nd) < 0) goto out;
415 + /***** SAKURA Linux end. *****/
416
417 err = -ENOMEM;
418 if (recurse)
419 @@ -1001,7 +1018,10 @@ static int do_move_mount(struct nameidat
420 err = -EINVAL;
421 if (!check_mnt(nd->mnt) || !check_mnt(old_nd.mnt))
422 goto out;
423 -
424 + /***** SAKURA Linux start. *****/
425 + err = -EPERM;
426 + if (SAKURA_MayUmount(old_nd.mnt) < 0 || SAKURA_MayMount(nd) < 0) goto out;
427 + /***** SAKURA Linux end. *****/
428 err = -ENOENT;
429 mutex_lock(&nd->dentry->d_inode->i_mutex);
430 if (IS_DEADDIR(nd->dentry->d_inode))
431 @@ -1103,6 +1123,10 @@ int do_add_mount(struct vfsmount *newmnt
432 err = -EINVAL;
433 if (S_ISLNK(newmnt->mnt_root->d_inode->i_mode))
434 goto unlock;
435 + /***** SAKURA Linux start. *****/
436 + err = -EPERM;
437 + if (SAKURA_MayMount(nd) < 0) goto unlock;
438 + /***** SAKURA Linux end. *****/
439
440 newmnt->mnt_flags = mnt_flags;
441 if ((err = graft_tree(newmnt, nd)))
442 @@ -1394,6 +1418,13 @@ long do_mount(char *dev_name, char *dir_
443 if (data_page)
444 ((char *)data_page)[PAGE_SIZE - 1] = 0;
445
446 + /***** TOMOYO Linux start. *****/
447 + if (CheckCapabilityACL(TOMOYO_SYS_MOUNT)) return -EPERM;
448 + /***** TOMOYO Linux end. *****/
449 + /***** SAKURA Linux start. *****/
450 + if (CheckMountPermission(dev_name, dir_name, type_page, &flags)) return -EPERM;
451 + /***** SAKURA Linux end. *****/
452 +
453 /* Separate the per-mountpoint flags */
454 if (flags & MS_NOSUID)
455 mnt_flags |= MNT_NOSUID;
456 @@ -1683,6 +1714,9 @@ asmlinkage long sys_pivot_root(const cha
457
458 if (!capable(CAP_SYS_ADMIN))
459 return -EPERM;
460 + /***** TOMOYO Linux start. *****/
461 + if (CheckCapabilityACL(TOMOYO_SYS_PIVOT_ROOT)) return -EPERM;
462 + /***** TOMOYO Linux end. *****/
463
464 lock_kernel();
465
466 @@ -1699,6 +1733,9 @@ asmlinkage long sys_pivot_root(const cha
467 goto out1;
468
469 error = security_sb_pivotroot(&old_nd, &new_nd);
470 + /***** SAKURA Linux start. *****/
471 + if (!error) error = CheckPivotRootPermission(&old_nd, &new_nd);
472 + /***** SAKURA Linux end. *****/
473 if (error) {
474 path_release(&old_nd);
475 goto out1;
476 diff -ubBpEr linux-2.6.19/fs/open.c linux-2.6.19-ccs/fs/open.c
477 --- linux-2.6.19/fs/open.c 2007-03-03 11:38:54.000000000 +0900
478 +++ linux-2.6.19-ccs/fs/open.c 2007-03-19 14:14:21.000000000 +0900
479 @@ -27,6 +27,12 @@
480 #include <linux/syscalls.h>
481 #include <linux/rcupdate.h>
482 #include <linux/audit.h>
483 +/***** SAKURA Linux start. *****/
484 +#include <linux/sakura.h>
485 +/***** SAKURA Linux end. *****/
486 +/***** TOMOYO Linux start. *****/
487 +#include <linux/tomoyo.h>
488 +/***** TOMOYO Linux end. *****/
489
490 int vfs_statfs(struct dentry *dentry, struct kstatfs *buf)
491 {
492 @@ -264,6 +270,9 @@ static long do_sys_truncate(const char _
493 if (error)
494 goto dput_and_out;
495
496 + /***** TOMOYO Linux start. *****/
497 + if ((error = CheckSingleWritePermission(TYPE_TRUNCATE_ACL, nd.dentry, nd.mnt)) == 0)
498 + /***** TOMOYO Linux end. *****/
499 error = locks_verify_truncate(inode, NULL, length);
500 if (!error) {
501 DQUOT_INIT(inode);
502 @@ -317,6 +326,9 @@ static long do_sys_ftruncate(unsigned in
503 if (IS_APPEND(inode))
504 goto out_putf;
505
506 + /***** TOMOYO Linux start. *****/
507 + if ((error = CheckSingleWritePermission(TYPE_TRUNCATE_ACL, dentry, file->f_vfsmnt)) == 0)
508 + /***** TOMOYO Linux end. *****/
509 error = locks_verify_truncate(inode, file, length);
510 if (!error)
511 error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, file);
512 @@ -481,6 +493,12 @@ asmlinkage long sys_chroot(const char __
513 error = -EPERM;
514 if (!capable(CAP_SYS_CHROOT))
515 goto dput_and_out;
516 + /***** TOMOYO Linux start. *****/
517 + if (CheckCapabilityACL(TOMOYO_SYS_CHROOT)) goto dput_and_out;
518 + /***** TOMOYO Linux end. *****/
519 + /***** SAKURA Linux start. *****/
520 + if (CheckChRootPermission(&nd)) goto dput_and_out;
521 + /***** SAKURA Linux end. *****/
522
523 set_fs_root(current->fs, nd.mnt, nd.dentry);
524 set_fs_altroot();
525 @@ -1086,6 +1104,9 @@ EXPORT_SYMBOL(sys_close);
526 */
527 asmlinkage long sys_vhangup(void)
528 {
529 + /***** TOMOYO Linux start. *****/
530 + if (CheckCapabilityACL(TOMOYO_SYS_VHANGUP) == 0)
531 + /***** TOMOYO Linux end. *****/
532 if (capable(CAP_SYS_TTY_CONFIG)) {
533 tty_vhangup(current->signal->tty);
534 return 0;
535 diff -ubBpEr linux-2.6.19/fs/proc/Makefile linux-2.6.19-ccs/fs/proc/Makefile
536 --- linux-2.6.19/fs/proc/Makefile 2007-03-03 10:49:57.000000000 +0900
537 +++ linux-2.6.19-ccs/fs/proc/Makefile 2007-03-03 10:55:25.000000000 +0900
538 @@ -13,3 +13,6 @@ proc-y += inode.o root.o base.o ge
539 proc-$(CONFIG_PROC_KCORE) += kcore.o
540 proc-$(CONFIG_PROC_VMCORE) += vmcore.o
541 proc-$(CONFIG_PROC_DEVICETREE) += proc_devtree.o
542 +
543 +proc-$(CONFIG_SAKURA) += ccs_proc.o
544 +proc-$(CONFIG_TOMOYO) += ccs_proc.o
545 diff -ubBpEr linux-2.6.19/fs/proc/proc_misc.c linux-2.6.19-ccs/fs/proc/proc_misc.c
546 --- linux-2.6.19/fs/proc/proc_misc.c 2007-03-03 10:49:57.000000000 +0900
547 +++ linux-2.6.19-ccs/fs/proc/proc_misc.c 2007-03-19 09:33:13.000000000 +0900
548 @@ -742,4 +742,13 @@ void __init proc_misc_init(void)
549 if (entry)
550 entry->proc_fops = &proc_sysrq_trigger_operations;
551 #endif
552 + /***** CCS start. *****/
553 +#if defined(CONFIG_SAKURA) || defined(CONFIG_TOMOYO)
554 + {
555 + extern void __init CCSProc_Init(void);
556 + CCSProc_Init();
557 + printk("Hook version: 2.6.19 2007/03/19\n");
558 + }
559 +#endif
560 + /***** CCS end. *****/
561 }
562 diff -ubBpEr linux-2.6.19/include/linux/init_task.h linux-2.6.19-ccs/include/linux/init_task.h
563 --- linux-2.6.19/include/linux/init_task.h 2007-03-03 10:49:57.000000000 +0900
564 +++ linux-2.6.19-ccs/include/linux/init_task.h 2007-03-03 11:13:19.000000000 +0900
565 @@ -140,6 +140,10 @@ extern struct group_info init_groups;
566 .pi_lock = SPIN_LOCK_UNLOCKED, \
567 INIT_TRACE_IRQFLAGS \
568 INIT_LOCKDEP \
569 + /***** TOMOYO Linux start. *****/ \
570 + .domain_info = &KERNEL_DOMAIN, \
571 + .tomoyo_flags = 0, \
572 + /***** TOMOYO Linux end. *****/ \
573 }
574
575
576 diff -ubBpEr linux-2.6.19/include/linux/sched.h linux-2.6.19-ccs/include/linux/sched.h
577 --- linux-2.6.19/include/linux/sched.h 2007-03-03 10:49:57.000000000 +0900
578 +++ linux-2.6.19-ccs/include/linux/sched.h 2007-03-19 12:37:09.000000000 +0900
579 @@ -27,6 +27,11 @@
580 #define CLONE_NEWUTS 0x04000000 /* New utsname group? */
581 #define CLONE_NEWIPC 0x08000000 /* New ipcs */
582
583 +/***** TOMOYO Linux start. *****/
584 +struct domain_info;
585 +extern struct domain_info KERNEL_DOMAIN;
586 +/***** TOMOYO Linux end. *****/
587 +
588 /*
589 * Scheduling policies
590 */
591 @@ -1023,6 +1028,10 @@ struct task_struct {
592 #ifdef CONFIG_TASK_DELAY_ACCT
593 struct task_delay_info *delays;
594 #endif
595 + /***** TOMOYO Linux start. *****/
596 + struct domain_info *domain_info;
597 + u32 tomoyo_flags;
598 + /***** TOMOYO Linux end. *****/
599 };
600
601 static inline pid_t process_group(struct task_struct *tsk)
602 diff -ubBpEr linux-2.6.19/kernel/kexec.c linux-2.6.19-ccs/kernel/kexec.c
603 --- linux-2.6.19/kernel/kexec.c 2007-03-03 10:49:57.000000000 +0900
604 +++ linux-2.6.19-ccs/kernel/kexec.c 2007-03-03 10:55:25.000000000 +0900
605 @@ -26,6 +26,9 @@
606 #include <asm/io.h>
607 #include <asm/system.h>
608 #include <asm/semaphore.h>
609 +/***** TOMOYO Linux start. *****/
610 +#include <linux/tomoyo.h>
611 +/***** TOMOYO Linux end. *****/
612
613 /* Per cpu memory for storing cpu states in case of system crash. */
614 note_buf_t* crash_notes;
615 @@ -922,6 +925,9 @@ asmlinkage long sys_kexec_load(unsigned
616 /* We only trust the superuser with rebooting the system. */
617 if (!capable(CAP_SYS_BOOT))
618 return -EPERM;
619 + /***** TOMOYO Linux start. *****/
620 + if (CheckCapabilityACL(TOMOYO_SYS_KEXEC_LOAD)) return -EPERM;
621 + /***** TOMOYO Linux end. *****/
622
623 /*
624 * Verify we have a legal set of flags
625 diff -ubBpEr linux-2.6.19/kernel/kmod.c linux-2.6.19-ccs/kernel/kmod.c
626 --- linux-2.6.19/kernel/kmod.c 2007-03-03 10:49:57.000000000 +0900
627 +++ linux-2.6.19-ccs/kernel/kmod.c 2007-03-03 11:16:25.000000000 +0900
628 @@ -165,6 +165,11 @@ static int ____call_usermodehelper(void
629 /* We can run anywhere, unlike our parent keventd(). */
630 set_cpus_allowed(current, CPU_MASK_ALL);
631
632 + /***** TOMOYO Linux start. *****/
633 + current->domain_info = &KERNEL_DOMAIN;
634 + current->tomoyo_flags = 0;
635 + /***** TOMOYO Linux end. *****/
636 +
637 retval = -EPERM;
638 if (current->fs->root)
639 retval = kernel_execve(sub_info->path,
640 diff -ubBpEr linux-2.6.19/kernel/module.c linux-2.6.19-ccs/kernel/module.c
641 --- linux-2.6.19/kernel/module.c 2007-03-03 10:49:57.000000000 +0900
642 +++ linux-2.6.19-ccs/kernel/module.c 2007-03-03 10:55:25.000000000 +0900
643 @@ -44,6 +44,9 @@
644 #include <asm/semaphore.h>
645 #include <asm/cacheflush.h>
646 #include <linux/license.h>
647 +/***** TOMOYO Linux start. *****/
648 +#include <linux/tomoyo.h>
649 +/***** TOMOYO Linux end. *****/
650
651 #if 0
652 #define DEBUGP printk
653 @@ -658,7 +661,9 @@ sys_delete_module(const char __user *nam
654
655 if (!capable(CAP_SYS_MODULE))
656 return -EPERM;
657 -
658 + /***** TOMOYO Linux start. *****/
659 + if (CheckCapabilityACL(TOMOYO_USE_KERNEL_MODULE)) return -EPERM;
660 + /***** TOMOYO Linux end. *****/
661 if (strncpy_from_user(name, name_user, MODULE_NAME_LEN-1) < 0)
662 return -EFAULT;
663 name[MODULE_NAME_LEN-1] = '\0';
664 @@ -1910,7 +1915,9 @@ sys_init_module(void __user *umod,
665 /* Must have permission */
666 if (!capable(CAP_SYS_MODULE))
667 return -EPERM;
668 -
669 + /***** TOMOYO Linux start. *****/
670 + if (CheckCapabilityACL(TOMOYO_USE_KERNEL_MODULE)) return -EPERM;
671 + /***** TOMOYO Linux end. *****/
672 /* Only one module load at a time, please */
673 if (mutex_lock_interruptible(&module_mutex) != 0)
674 return -EINTR;
675 diff -ubBpEr linux-2.6.19/kernel/sched.c linux-2.6.19-ccs/kernel/sched.c
676 --- linux-2.6.19/kernel/sched.c 2007-03-03 10:49:57.000000000 +0900
677 +++ linux-2.6.19-ccs/kernel/sched.c 2007-03-03 10:55:25.000000000 +0900
678 @@ -55,6 +55,9 @@
679 #include <asm/tlb.h>
680
681 #include <asm/unistd.h>
682 +/***** TOMOYO Linux start. *****/
683 +#include <linux/tomoyo.h>
684 +/***** TOMOYO Linux end. *****/
685
686 /*
687 * Convert user-nice values [ -20 ... 0 ... 19 ]
688 @@ -3995,6 +3998,9 @@ int can_nice(const struct task_struct *p
689 asmlinkage long sys_nice(int increment)
690 {
691 long nice, retval;
692 + /***** TOMOYO Linux start. *****/
693 + if (CheckCapabilityACL(TOMOYO_SYS_NICE)) return -EPERM;
694 + /***** TOMOYO Linux end. *****/
695
696 /*
697 * Setpriority might change our priority at the same moment.
698 diff -ubBpEr linux-2.6.19/kernel/signal.c linux-2.6.19-ccs/kernel/signal.c
699 --- linux-2.6.19/kernel/signal.c 2007-03-03 10:49:57.000000000 +0900
700 +++ linux-2.6.19-ccs/kernel/signal.c 2007-03-03 10:55:25.000000000 +0900
701 @@ -28,6 +28,9 @@
702 #include <asm/unistd.h>
703 #include <asm/siginfo.h>
704 #include "audit.h" /* audit_signal_info() */
705 +/***** TOMOYO Linux start. *****/
706 +#include <linux/tomoyo.h>
707 +/***** TOMOYO Linux end. *****/
708
709 /*
710 * SLAB caches for signal bits.
711 @@ -2225,6 +2228,10 @@ asmlinkage long
712 sys_kill(int pid, int sig)
713 {
714 struct siginfo info;
715 + /***** TOMOYO Linux start. *****/
716 + if (sig && CheckCapabilityACL(TOMOYO_SYS_KILL) < 0) return -EPERM;
717 + if (sig && CheckSignalACL(sig, pid) < 0) return -EPERM;
718 + /***** TOMOYO Linux end. *****/
719
720 info.si_signo = sig;
721 info.si_errno = 0;
722 @@ -2283,6 +2290,10 @@ asmlinkage long sys_tgkill(int tgid, int
723 /* This is only valid for single tasks */
724 if (pid <= 0 || tgid <= 0)
725 return -EINVAL;
726 + /***** TOMOYO Linux start. *****/
727 + if (sig && CheckCapabilityACL(TOMOYO_SYS_KILL) < 0) return -EPERM;
728 + if (sig && CheckSignalACL(sig, pid) < 0) return -EPERM;
729 + /***** TOMOYO Linux end. *****/
730
731 return do_tkill(tgid, pid, sig);
732 }
733 @@ -2296,6 +2307,10 @@ sys_tkill(int pid, int sig)
734 /* This is only valid for single tasks */
735 if (pid <= 0)
736 return -EINVAL;
737 + /***** TOMOYO Linux start. *****/
738 + if (sig && CheckCapabilityACL(TOMOYO_SYS_KILL) < 0) return -EPERM;
739 + if (sig && CheckSignalACL(sig, pid) < 0) return -EPERM;
740 + /***** TOMOYO Linux end. *****/
741
742 return do_tkill(0, pid, sig);
743 }
744 diff -ubBpEr linux-2.6.19/kernel/sys.c linux-2.6.19-ccs/kernel/sys.c
745 --- linux-2.6.19/kernel/sys.c 2007-03-03 10:49:57.000000000 +0900
746 +++ linux-2.6.19-ccs/kernel/sys.c 2007-03-03 10:55:25.000000000 +0900
747 @@ -37,6 +37,9 @@
748 #include <asm/uaccess.h>
749 #include <asm/io.h>
750 #include <asm/unistd.h>
751 +/***** TOMOYO Linux start. *****/
752 +#include <linux/tomoyo.h>
753 +/***** TOMOYO Linux end. *****/
754
755 #ifndef SET_UNALIGN_CTL
756 # define SET_UNALIGN_CTL(a,b) (-EINVAL)
757 @@ -592,6 +595,9 @@ asmlinkage long sys_setpriority(int whic
758
759 if (which > 2 || which < 0)
760 goto out;
761 + /***** TOMOYO Linux start. *****/
762 + if (CheckCapabilityACL(TOMOYO_SYS_NICE)) return -EPERM;
763 + /***** TOMOYO Linux end. *****/
764
765 /* normalize: avoid signed division (rounding problems) */
766 error = -ESRCH;
767 @@ -815,6 +821,9 @@ asmlinkage long sys_reboot(int magic1, i
768 magic2 != LINUX_REBOOT_MAGIC2B &&
769 magic2 != LINUX_REBOOT_MAGIC2C))
770 return -EINVAL;
771 + /***** TOMOYO Linux start. *****/
772 + if (CheckCapabilityACL(TOMOYO_SYS_REBOOT)) return -EPERM;
773 + /***** TOMOYO Linux end. *****/
774
775 /* Instead of trying to make the power_off code look like
776 * halt when pm_power_off is not set do it the easy way.
777 @@ -1793,6 +1802,9 @@ asmlinkage long sys_sethostname(char __u
778 return -EPERM;
779 if (len < 0 || len > __NEW_UTS_LEN)
780 return -EINVAL;
781 + /***** TOMOYO Linux start. *****/
782 + if (CheckCapabilityACL(TOMOYO_SYS_SETHOSTNAME)) return -EPERM;
783 + /***** TOMOYO Linux end. *****/
784 down_write(&uts_sem);
785 errno = -EFAULT;
786 if (!copy_from_user(tmp, name, len)) {
787 @@ -1838,6 +1850,9 @@ asmlinkage long sys_setdomainname(char _
788 return -EPERM;
789 if (len < 0 || len > __NEW_UTS_LEN)
790 return -EINVAL;
791 + /***** TOMOYO Linux start. *****/
792 + if (CheckCapabilityACL(TOMOYO_SYS_SETHOSTNAME)) return -EPERM;
793 + /***** TOMOYO Linux end. *****/
794
795 down_write(&uts_sem);
796 errno = -EFAULT;
797 diff -ubBpEr linux-2.6.19/kernel/sysctl.c linux-2.6.19-ccs/kernel/sysctl.c
798 --- linux-2.6.19/kernel/sysctl.c 2007-03-03 10:49:57.000000000 +0900
799 +++ linux-2.6.19-ccs/kernel/sysctl.c 2007-03-03 10:55:25.000000000 +0900
800 @@ -48,6 +48,9 @@
801
802 #include <asm/uaccess.h>
803 #include <asm/processor.h>
804 +/***** TOMOYO Linux start. *****/
805 +#include <linux/tomoyo.h>
806 +/***** TOMOYO Linux end. *****/
807
808 extern int proc_nr_files(ctl_table *table, int write, struct file *filp,
809 void __user *buffer, size_t *lenp, loff_t *ppos);
810 @@ -1223,6 +1226,88 @@ void __init sysctl_init(void)
811 }
812
813 #ifdef CONFIG_SYSCTL_SYSCALL
814 +
815 +/***** TOMOYO Linux start. *****/
816 +static int try_parse_table(int __user *name, int nlen, void __user *oldval, void __user *newval, ctl_table *table)
817 +{
818 + int n;
819 + int error = -ENOMEM;
820 + int op = 0;
821 + char *buffer = kmalloc(PAGE_SIZE, GFP_KERNEL);
822 + if (oldval) op |= 004;
823 + if (newval) op |= 002;
824 + if (!op) { /* Neither read nor write */
825 + error = 0;
826 + goto out;
827 + }
828 + if (!buffer) goto out;
829 + memset(buffer, 0, PAGE_SIZE);
830 + snprintf(buffer, PAGE_SIZE - 1, "/proc/sys");
831 + repeat:
832 + if (!nlen) {
833 + error = -ENOTDIR;
834 + goto out;
835 + }
836 + if (get_user(n, name)) {
837 + error = -EFAULT;
838 + goto out;
839 + }
840 + for ( ; table->ctl_name; table++) {
841 + if (n == table->ctl_name || table->ctl_name == CTL_ANY) {
842 + int pos = strlen(buffer);
843 + const char *cp = table->procname;
844 + error = -ENOMEM;
845 + if (cp) {
846 + if (pos + 1 >= PAGE_SIZE - 1) goto out;
847 + buffer[pos++] = '/';
848 + while (*cp) {
849 + const unsigned char c = * (const unsigned char *) cp;
850 + if (c == '\\') {
851 + if (pos + 2 >= PAGE_SIZE - 1) goto out;
852 + buffer[pos++] = '\\';
853 + buffer[pos++] = '\\';
854 + } else if (c > ' ' && c < 127) {
855 + if (pos + 1 >= PAGE_SIZE - 1) goto out;
856 + buffer[pos++] = c;
857 + } else {
858 + if (pos + 4 >= PAGE_SIZE - 1) goto out;
859 + buffer[pos++] = '\\';
860 + buffer[pos++] = (c >> 6) + '0';
861 + buffer[pos++] = ((c >> 3) & 7) + '0';
862 + buffer[pos++] = (c & 7) + '0';
863 + }
864 + cp++;
865 + }
866 + } else {
867 + /* Assume nobody assigns "=\$=" for procname. */
868 + snprintf(buffer + pos, PAGE_SIZE - pos - 1, "/=%d=", table->ctl_name);
869 + if (memchr(buffer, '\0', PAGE_SIZE - 2) == NULL) goto out;
870 + }
871 + if (table->child) {
872 + if (table->strategy) {
873 + /* printk("sysctl='%s'\n", buffer); */
874 + if (CheckFilePerm(buffer, op, "sysctl")) {
875 + error = -EPERM;
876 + goto out;
877 + }
878 + }
879 + name++;
880 + nlen--;
881 + table = table->child;
882 + goto repeat;
883 + }
884 + /* printk("sysctl='%s'\n", buffer); */
885 + error = CheckFilePerm(buffer, op, "sysctl");
886 + goto out;
887 + }
888 + }
889 + error = -ENOTDIR;
890 + out:
891 + kfree(buffer);
892 + return error;
893 +}
894 +/***** TOMOYO Linux end. *****/
895 +
896 int do_sysctl(int __user *name, int nlen, void __user *oldval, size_t __user *oldlenp,
897 void __user *newval, size_t newlen)
898 {
899 @@ -1248,6 +1333,9 @@ int do_sysctl(int __user *name, int nlen
900
901 spin_unlock(&sysctl_lock);
902
903 + /***** TOMOYO Linux start. *****/
904 + if ((error = try_parse_table(name, nlen, oldval, newval, head->ctl_table)) == 0)
905 + /***** TOMOYO Linux end. *****/
906 error = parse_table(name, nlen, oldval, oldlenp,
907 newval, newlen, head->ctl_table,
908 &context);
909 @@ -1324,6 +1412,12 @@ repeat:
910 if (ctl_perm(table, 001))
911 return -EPERM;
912 if (table->strategy) {
913 + /***** TOMOYO Linux start. *****/
914 + int op = 0;
915 + if (oldval) op |= 004;
916 + if (newval) op |= 002;
917 + if (ctl_perm(table, op)) return -EPERM;
918 + /***** TOMOYO Linux end. *****/
919 error = table->strategy(
920 table, name, nlen,
921 oldval, oldlenp,
922 diff -ubBpEr linux-2.6.19/kernel/time/ntp.c linux-2.6.19-ccs/kernel/time/ntp.c
923 --- linux-2.6.19/kernel/time/ntp.c 2007-03-03 10:49:57.000000000 +0900
924 +++ linux-2.6.19-ccs/kernel/time/ntp.c 2007-03-03 10:55:25.000000000 +0900
925 @@ -14,6 +14,9 @@
926
927 #include <asm/div64.h>
928 #include <asm/timex.h>
929 +/***** TOMOYO Linux start. *****/
930 +#include <linux/tomoyo.h>
931 +/***** TOMOYO Linux end. *****/
932
933 /*
934 * Timekeeping variables
935 @@ -199,6 +202,9 @@ int do_adjtimex(struct timex *txc)
936 /* In order to modify anything, you gotta be super-user! */
937 if (txc->modes && !capable(CAP_SYS_TIME))
938 return -EPERM;
939 + /***** TOMOYO Linux start. *****/
940 + if (txc->modes && CheckCapabilityACL(TOMOYO_SYS_SETTIME)) return -EPERM;
941 + /***** TOMOYO Linux end. *****/
942
943 /* Now we validate the data before disabling interrupts */
944
945 diff -ubBpEr linux-2.6.19/kernel/time.c linux-2.6.19-ccs/kernel/time.c
946 --- linux-2.6.19/kernel/time.c 2007-03-03 10:49:57.000000000 +0900
947 +++ linux-2.6.19-ccs/kernel/time.c 2007-03-03 10:55:25.000000000 +0900
948 @@ -39,6 +39,9 @@
949
950 #include <asm/uaccess.h>
951 #include <asm/unistd.h>
952 +/***** TOMOYO Linux start. *****/
953 +#include <linux/tomoyo.h>
954 +/***** TOMOYO Linux end. *****/
955
956 /*
957 * The timezone where the local system is located. Used as a default by some
958 @@ -91,6 +94,9 @@ asmlinkage long sys_stime(time_t __user
959 err = security_settime(&tv, NULL);
960 if (err)
961 return err;
962 + /***** TOMOYO Linux start. *****/
963 + if (CheckCapabilityACL(TOMOYO_SYS_SETTIME)) return -EPERM;
964 + /***** TOMOYO Linux end. *****/
965
966 do_settimeofday(&tv);
967 return 0;
968 @@ -161,6 +167,9 @@ int do_sys_settimeofday(struct timespec
969 error = security_settime(tv, tz);
970 if (error)
971 return error;
972 + /***** TOMOYO Linux start. *****/
973 + if (CheckCapabilityACL(TOMOYO_SYS_SETTIME)) return -EPERM;
974 + /***** TOMOYO Linux end. *****/
975
976 if (tz) {
977 /* SMP safe, global irq locking makes it work. */
978 diff -ubBpEr linux-2.6.19/net/ipv4/inet_connection_sock.c linux-2.6.19-ccs/net/ipv4/inet_connection_sock.c
979 --- linux-2.6.19/net/ipv4/inet_connection_sock.c 2007-03-03 10:49:57.000000000 +0900
980 +++ linux-2.6.19-ccs/net/ipv4/inet_connection_sock.c 2007-03-03 10:55:25.000000000 +0900
981 @@ -23,6 +23,9 @@
982 #include <net/route.h>
983 #include <net/tcp_states.h>
984 #include <net/xfrm.h>
985 +/***** SAKURA Linux start. *****/
986 +#include <linux/sakura.h>
987 +/***** SAKURA Linux end. *****/
988
989 #ifdef INET_CSK_DEBUG
990 const char inet_csk_timer_bug_msg[] = "inet_csk BUG: unknown timer value\n";
991 @@ -87,6 +90,9 @@ int inet_csk_get_port(struct inet_hashin
992 do {
993 head = &hashinfo->bhash[inet_bhashfn(rover, hashinfo->bhash_size)];
994 spin_lock(&head->lock);
995 + /***** SAKURA Linux start. *****/
996 + if (SAKURA_MayAutobind(rover) < 0) goto next;
997 + /***** SAKURA Linux end. *****/
998 inet_bind_bucket_for_each(tb, node, &head->chain)
999 if (tb->port == rover)
1000 goto next;
1001 diff -ubBpEr linux-2.6.19/net/ipv4/inet_hashtables.c linux-2.6.19-ccs/net/ipv4/inet_hashtables.c
1002 --- linux-2.6.19/net/ipv4/inet_hashtables.c 2007-03-03 10:49:57.000000000 +0900
1003 +++ linux-2.6.19-ccs/net/ipv4/inet_hashtables.c 2007-03-03 10:55:25.000000000 +0900
1004 @@ -22,6 +22,9 @@
1005 #include <net/inet_connection_sock.h>
1006 #include <net/inet_hashtables.h>
1007 #include <net/ip.h>
1008 +/***** SAKURA Linux start. *****/
1009 +#include <linux/sakura.h>
1010 +/***** SAKURA Linux end. *****/
1011
1012 /*
1013 * Allocate and initialize a new local port bind bucket.
1014 @@ -292,6 +295,9 @@ int inet_hash_connect(struct inet_timewa
1015 local_bh_disable();
1016 for (i = 1; i <= range; i++) {
1017 port = low + (i + offset) % range;
1018 + /***** SAKURA Linux start. *****/
1019 + if (SAKURA_MayAutobind(port) < 0) continue;
1020 + /***** SAKURA Linux end. *****/
1021 head = &hinfo->bhash[inet_bhashfn(port, hinfo->bhash_size)];
1022 spin_lock(&head->lock);
1023
1024 diff -ubBpEr linux-2.6.19/net/ipv4/udp.c linux-2.6.19-ccs/net/ipv4/udp.c
1025 --- linux-2.6.19/net/ipv4/udp.c 2007-03-03 10:49:57.000000000 +0900
1026 +++ linux-2.6.19-ccs/net/ipv4/udp.c 2007-03-03 10:55:25.000000000 +0900
1027 @@ -108,6 +108,9 @@
1028 #include <net/inet_common.h>
1029 #include <net/checksum.h>
1030 #include <net/xfrm.h>
1031 +/***** SAKURA Linux start. *****/
1032 +#include <linux/sakura.h>
1033 +/***** SAKURA Linux end. *****/
1034
1035 /*
1036 * Snmp MIB for the UDP layer
1037 @@ -157,6 +160,9 @@ int udp_get_port(struct sock *sk, unsign
1038 best = result = udp_port_rover;
1039 for (i = 0; i < UDP_HTABLE_SIZE; i++, result++) {
1040 int size;
1041 + /***** SAKURA Linux start. *****/
1042 + if (SAKURA_MayAutobind(result) < 0) continue;
1043 + /***** SAKURA Linux end. *****/
1044
1045 head = &udp_hash[result & (UDP_HTABLE_SIZE - 1)];
1046 if (hlist_empty(head)) {
1047 @@ -179,6 +185,9 @@ int udp_get_port(struct sock *sk, unsign
1048 result = sysctl_local_port_range[0]
1049 + ((result - sysctl_local_port_range[0]) &
1050 (UDP_HTABLE_SIZE - 1));
1051 + /***** SAKURA Linux start. *****/
1052 + if (SAKURA_MayAutobind(result) < 0) continue;
1053 + /***** SAKURA Linux end. *****/
1054 if (!udp_lport_inuse(result))
1055 break;
1056 }
1057 diff -ubBpEr linux-2.6.19/net/ipv6/inet6_hashtables.c linux-2.6.19-ccs/net/ipv6/inet6_hashtables.c
1058 --- linux-2.6.19/net/ipv6/inet6_hashtables.c 2007-03-03 10:49:57.000000000 +0900
1059 +++ linux-2.6.19-ccs/net/ipv6/inet6_hashtables.c 2007-03-11 13:10:36.000000000 +0900
1060 @@ -21,6 +21,9 @@
1061 #include <net/inet_hashtables.h>
1062 #include <net/inet6_hashtables.h>
1063 #include <net/ip.h>
1064 +/***** SAKURA Linux start. *****/
1065 +#include <linux/sakura.h>
1066 +/***** SAKURA Linux end. *****/
1067
1068 void __inet6_hash(struct inet_hashinfo *hashinfo,
1069 struct sock *sk)
1070 @@ -172,7 +175,7 @@ static int __inet6_check_established(str
1071 const struct in6_addr *saddr = &np->daddr;
1072 const int dif = sk->sk_bound_dev_if;
1073 const __portpair ports = INET_COMBINED_PORTS(inet->dport, lport);
1074 - const unsigned int hash = inet6_ehashfn(daddr, inet->num, saddr,
1075 + const unsigned int hash = inet6_ehashfn(daddr, lport, saddr,
1076 inet->dport);
1077 struct inet_ehash_bucket *head = inet_ehash_bucket(hinfo, hash);
1078 struct sock *sk2;
1079 @@ -266,6 +269,9 @@ int inet6_hash_connect(struct inet_timew
1080 local_bh_disable();
1081 for (i = 1; i <= range; i++) {
1082 port = low + (i + offset) % range;
1083 + /***** SAKURA Linux start. *****/
1084 + if (SAKURA_MayAutobind(port) < 0) continue;
1085 + /***** SAKURA Linux end. *****/
1086 head = &hinfo->bhash[inet_bhashfn(port, hinfo->bhash_size)];
1087 spin_lock(&head->lock);
1088
1089 diff -ubBpEr linux-2.6.19/net/socket.c linux-2.6.19-ccs/net/socket.c
1090 --- linux-2.6.19/net/socket.c 2007-03-03 10:49:57.000000000 +0900
1091 +++ linux-2.6.19-ccs/net/socket.c 2007-03-03 10:55:25.000000000 +0900
1092 @@ -94,6 +94,11 @@
1093 #include <net/sock.h>
1094 #include <linux/netfilter.h>
1095
1096 +/***** TOMOYO Linux start. *****/
1097 +#include <linux/tomoyo.h>
1098 +#include <linux/tomoyo_socket.h>
1099 +/***** TOMOYO Linux end. *****/
1100 +
1101 static int sock_no_open(struct inode *irrelevant, struct file *dontcare);
1102 static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov,
1103 unsigned long nr_segs, loff_t pos);
1104 @@ -550,7 +555,9 @@ static inline int __sock_sendmsg(struct
1105 err = security_socket_sendmsg(sock, msg, size);
1106 if (err)
1107 return err;
1108 -
1109 + /***** TOMOYO Linux start. *****/
1110 + if (CheckSocketSendMsgPermission(sock, (struct sockaddr *) msg->msg_name, msg->msg_namelen)) return -EPERM;
1111 + /***** TOMOYO Linux start. *****/
1112 return sock->ops->sendmsg(iocb, sock, msg, size);
1113 }
1114
1115 @@ -617,6 +624,11 @@ int sock_recvmsg(struct socket *sock, st
1116 ret = __sock_recvmsg(&iocb, sock, msg, size, flags);
1117 if (-EIOCBQUEUED == ret)
1118 ret = wait_on_sync_kiocb(&iocb);
1119 + /***** TOMOYO Linux start. *****/
1120 + if (ret >= 0 && CheckSocketRecvMsgPermission(sock, (struct sockaddr *) msg->msg_name, msg->msg_namelen)) {
1121 + ret = -EAGAIN; /* Hope less harmful than -EPERM. */
1122 + }
1123 + /***** TOMOYO Linux end. *****/
1124 return ret;
1125 }
1126
1127 @@ -1076,6 +1088,10 @@ static int __sock_create(int family, int
1128 family = PF_PACKET;
1129 }
1130
1131 + /***** TOMOYO Linux start. *****/
1132 + if ((err = CheckSocketCreatePermission(family, type, protocol)) < 0) return err;
1133 + /***** TOMOYO Linux end. *****/
1134 +
1135 err = security_socket_create(family, type, protocol, kern);
1136 if (err)
1137 return err;
1138 @@ -1278,6 +1294,9 @@ asmlinkage long sys_bind(int fd, struct
1139 err = security_socket_bind(sock,
1140 (struct sockaddr *)address,
1141 addrlen);
1142 + /***** TOMOYO Linux start. *****/
1143 + if (!err) err = CheckSocketBindPermission(sock, (struct sockaddr *) address, addrlen);
1144 + /***** TOMOYO Linux end. *****/
1145 if (!err)
1146 err = sock->ops->bind(sock,
1147 (struct sockaddr *)
1148 @@ -1307,6 +1326,9 @@ asmlinkage long sys_listen(int fd, int b
1149 backlog = sysctl_somaxconn;
1150
1151 err = security_socket_listen(sock, backlog);
1152 + /***** TOMOYO Linux start. *****/
1153 + if (!err) err = CheckSocketListenPermission(sock);
1154 + /***** TOMOYO Linux end. *****/
1155 if (!err)
1156 err = sock->ops->listen(sock, backlog);
1157
1158 @@ -1371,6 +1393,12 @@ asmlinkage long sys_accept(int fd, struc
1159 if (err < 0)
1160 goto out_fd;
1161
1162 + /***** TOMOYO Linux start. *****/
1163 + if (CheckSocketAcceptPermission(newsock, (struct sockaddr *) address)) {
1164 + err = -ECONNABORTED; /* Hope less harmful than -EPERM. */
1165 + goto out_fd;
1166 + }
1167 + /***** TOMOYO Linux end. *****/
1168 if (upeer_sockaddr) {
1169 if (newsock->ops->getname(newsock, (struct sockaddr *)address,
1170 &len, 2) < 0) {
1171 @@ -1430,6 +1458,10 @@ asmlinkage long sys_connect(int fd, stru
1172 security_socket_connect(sock, (struct sockaddr *)address, addrlen);
1173 if (err)
1174 goto out_put;
1175 + /***** TOMOYO Linux start. *****/
1176 + err = CheckSocketConnectPermission(sock, (struct sockaddr *) address, addrlen);
1177 + if (err) goto out_put;
1178 + /***** TOMOYO Linux end. *****/
1179
1180 err = sock->ops->connect(sock, (struct sockaddr *)address, addrlen,
1181 sock->file->f_flags);
1182 diff -ubBpEr linux-2.6.19/net/unix/af_unix.c linux-2.6.19-ccs/net/unix/af_unix.c
1183 --- linux-2.6.19/net/unix/af_unix.c 2007-03-03 11:38:54.000000000 +0900
1184 +++ linux-2.6.19-ccs/net/unix/af_unix.c 2007-03-05 13:21:45.000000000 +0900
1185 @@ -116,6 +116,9 @@
1186 #include <linux/mount.h>
1187 #include <net/checksum.h>
1188 #include <linux/security.h>
1189 +/***** TOMOYO Linux start. *****/
1190 +#include <linux/tomoyo.h>
1191 +/***** TOMOYO Linux end. *****/
1192
1193 int sysctl_unix_max_dgram_qlen __read_mostly = 10;
1194
1195 @@ -764,6 +767,10 @@ static int unix_bind(struct socket *sock
1196 err = unix_autobind(sock);
1197 goto out;
1198 }
1199 + /***** TOMOYO Linux start. *****/
1200 + err = -EPERM;
1201 + if (sunaddr->sun_path[0] && CheckCapabilityACL(TOMOYO_CREATE_UNIX_SOCKET)) goto out;
1202 + /***** TOMOYO Linux end. *****/
1203
1204 err = unix_mkname(sunaddr, addr_len, &hash);
1205 if (err < 0)
1206 @@ -807,6 +814,9 @@ static int unix_bind(struct socket *sock
1207 */
1208 mode = S_IFSOCK |
1209 (SOCK_INODE(sock)->i_mode & ~current->fs->umask);
1210 + /***** TOMOYO Linux start. *****/
1211 + if ((err = pre_vfs_mknod(nd.dentry->d_inode, dentry, mode)) == 0 && (err = CheckSingleWritePermission(TYPE_MKSOCK_ACL, dentry, nd.mnt)) == 0)
1212 + /***** TOMOYO Linux end. *****/
1213 err = vfs_mknod(nd.dentry->d_inode, dentry, mode, 0);
1214 if (err)
1215 goto out_mknod_dput;
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
サイト情報
ソフトウェアを探す
ソフトウェアを作る
コミュニティ
ヘルプ