Open-Source-Software-Entwicklung und Downloads

TOMOYO

Browse Subversion Repository

/[tomoyo]/trunk/1.5.x/ccs-patch/patches/ccs-patch-2.4.32.diff

Contents of /trunk/1.5.x/ccs-patch/patches/ccs-patch-2.4.32.diff

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1498 - (show annotations) (download) (as text)
Fri Aug 29 12:08:57 2008 UTC (15 years, 9 months ago) by kumaneko
File MIME type: text/x-diff
File size: 57884 byte(s) 
1.5.5-rc/1.6.4-rc
1 This is TOMOYO Linux patch for kernel 2.4.32.
2
3 Source code for this patch is http://www.kernel.org/pub/linux/kernel/v2.4/linux-2.4.32.tar.bz2
4 ---
5 Documentation/Configure.help | 89 ++++++++++++++++++++++++++++++
6 arch/alpha/kernel/ptrace.c | 9 +++
7 arch/arm/kernel/ptrace.c | 9 +++
8 arch/cris/kernel/ptrace.c | 9 +++
9 arch/i386/kernel/ptrace.c | 9 +++
10 arch/ia64/ia32/sys_ia32.c | 9 +++
11 arch/ia64/kernel/ptrace.c | 9 +++
12 arch/m68k/kernel/ptrace.c | 9 +++
13 arch/mips/kernel/ptrace.c | 9 +++
14 arch/mips64/kernel/ptrace.c | 15 +++++
15 arch/parisc/kernel/ptrace.c | 9 +++
16 arch/ppc/kernel/ptrace.c | 9 +++
17 arch/ppc64/kernel/ptrace.c | 9 +++
18 arch/ppc64/kernel/ptrace32.c | 9 +++
19 arch/s390/kernel/ptrace.c | 9 +++
20 arch/s390x/kernel/ptrace.c | 9 +++
21 arch/sh/kernel/ptrace.c | 9 +++
22 arch/sh64/kernel/ptrace.c | 9 +++
23 arch/sparc/kernel/ptrace.c | 11 +++
24 arch/sparc64/kernel/ptrace.c | 11 +++
25 arch/x86_64/ia32/ptrace32.c | 9 +++
26 arch/x86_64/kernel/ptrace.c | 9 +++
27 fs/Config.in | 3 +
28 fs/Makefile | 2
29 fs/attr.c | 10 +++
30 fs/exec.c | 21 ++++++-
31 fs/fcntl.c | 8 ++
32 fs/ioctl.c | 9 +++
33 fs/namei.c | 127 +++++++++++++++++++++++++++++++++++++++++++
34 fs/namespace.c | 58 +++++++++++++++++++
35 fs/open.c | 29 +++++++++
36 fs/proc/Makefile | 4 +
37 fs/proc/proc_misc.c | 5 +
38 include/linux/sched.h | 13 ++++
39 kernel/kmod.c | 5 +
40 kernel/module.c | 15 +++++
41 kernel/sched.c | 7 ++
42 kernel/signal.c | 15 +++++
43 kernel/sys.c | 19 ++++++
44 kernel/sysctl.c | 116 ++++++++++++++++++++++++++++++++++++++-
45 kernel/time.c | 15 +++++
46 net/core/datagram.c | 10 +++
47 net/ipv4/tcp_ipv4.c | 11 +++
48 net/ipv4/udp.c | 11 +++
49 net/ipv6/tcp_ipv6.c | 7 ++
50 net/ipv6/udp.c | 11 +++
51 net/socket.c | 40 ++++++++++++-
52 net/unix/af_unix.c | 15 +++++
53 48 files changed, 867 insertions(+), 7 deletions(-)
54
55 --- linux-2.4.32.orig/Documentation/Configure.help
56 +++ linux-2.4.32/Documentation/Configure.help
57 @@ -29057,6 +29057,95 @@ CONFIG_SOUND_WM97XX
58
59 If unsure, say N.
60
61 +CONFIG_SAKURA
62 + Say Y here to support the Domain-Free Mandatory Access Control.
63 +
64 + SAKURA stands for
65 + "Security Advancement Know-how Upon Read-only Approach".
66 + As the name shows, SAKURA was originally a methodology to make
67 + root fs read-only to avoid tampering the system files.
68 + But now, SAKURA is not only a methodology but also a kernel patch
69 + that improves the system security with less effort.
70 +
71 + SAKURA can restrict operations that affect systemwide.
72 +
73 +CONFIG_TOMOYO
74 + Say Y here to support the Domain-Based Mandatory Access Control.
75 +
76 + TOMOYO stands for "Task Oriented Management Obviates Your Onus".
77 + TOMOYO is intended to provide the Domain-Based MAC
78 + utilizing task_struct.
79 +
80 + The word "domain" in TOMOYO is a class that a process
81 + (i.e. task_struct) belong to.
82 + The domain of a process changes whenever the process
83 + executes a program.
84 + This allows you to classify at the finest level.
85 + The access permission is granted to domains, not to processes.
86 + Policy is defined as "Which domain can access to which resource.".
87 + There is no concept of "user id" nor "role" like RBAC.
88 +
89 + The biggest feature of TOMOYO is that TOMOYO has "learning mode".
90 + The learning mode can automatically generate policy definition,
91 + and dramatically reduces the policy definition labors.
92 +
93 + TOMOYO is much simpler and easier than SELinux.
94 +
95 + TOMOYO is applicable to figuring out the system's behavior, for
96 + TOMOYO uses the canonicalized absolute pathnames and
97 + TreeView style domain transitions.
98 +
99 + You can make custom root fs with minimum files
100 + to run minimum applications with TOMOYO.
101 +
102 +CONFIG_TOMOYO_MAX_ACCEPT_ENTRY
103 + This is the default value for maximal ACL entries
104 + that are automatically appended into policy at "learning mode".
105 + Some programs access thousands of objects, so running
106 + such programs in "learning mode" dulls the system response
107 + and consumes much memory.
108 + This is the safeguard for such programs.
109 +
110 +CONFIG_TOMOYO_MAX_GRANT_LOG
111 + This is the default value for maximal entries for
112 + access grant logs that the kernel can hold on memory.
113 + You can read the log via /proc/ccs/grant_log.
114 + If you don't need access grant logs,
115 + you may set this value to 0.
116 +
117 +CONFIG_TOMOYO_MAX_REJECT_LOG
118 + This is the default value for maximal entries for
119 + access reject logs that the kernel can hold on memory.
120 + You can read the log via /proc/ccs/reject_log.
121 + If you don't need access reject logs,
122 + you may set this value to 0.
123 +
124 +CONFIG_SYAORAN
125 + Say Y or M here to support the Tamper-Proof Device Filesystem.
126 +
127 + SYAORAN stands for
128 + "Simple Yet All-important Object Realizing Abiding Nexus".
129 + SYAORAN is a filesystem for /dev with Mandatory Access Control.
130 +
131 + SAKURA can make root fs read-only, but the system can't work
132 + if /dev is read-only. Therefore you need to mount a writable
133 + filesystem (such as tmpfs) for /dev if root fs is read-only.
134 +
135 + But the writable /dev means that files on /dev might be tampered.
136 + For example, if /dev/null is deleted and re-created as a symbolic
137 + link to /dev/hda by an attacker, the contents of the IDE HDD
138 + will be destroyed at a blow.
139 +
140 + Also, TOMOYO controls file access by pathnames,
141 + not by security labels.
142 + Therefore /dev/null, for example, might be tampered
143 + if a process have write permission to /dev/null .
144 +
145 + SYAORAN can ensure /dev/null is a character device file
146 + with major=1 minor=3.
147 +
148 + You can use SAKURA to make /dev not unmountable.
149 +
150 #
151 # A couple of things I keep forgetting:
152 # capitalize: AppleTalk, Ethernet, DOS, DMA, FAT, FTP, Internet,
153 --- linux-2.4.32.orig/arch/alpha/kernel/ptrace.c
154 +++ linux-2.4.32/arch/alpha/kernel/ptrace.c
155 @@ -18,6 +18,9 @@
156 #include <asm/pgtable.h>
157 #include <asm/system.h>
158 #include <asm/fpu.h>
159 +/***** TOMOYO Linux start. *****/
160 +#include <linux/tomoyo.h>
161 +/***** TOMOYO Linux end. *****/
162
163 #include "proto.h"
164
165 @@ -251,6 +254,12 @@ sys_ptrace(long request, long pid, long
166 {
167 struct task_struct *child;
168 long ret;
169 + /***** TOMOYO Linux start. *****/
170 +#ifdef TOMOYO_SYS_PTRACE
171 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
172 + return -EPERM;
173 +#endif
174 + /***** TOMOYO Linux end. *****/
175
176 lock_kernel();
177 DBG(DBG_MEM, ("request=%ld pid=%ld addr=0x%lx data=0x%lx\n",
178 --- linux-2.4.32.orig/arch/arm/kernel/ptrace.c
179 +++ linux-2.4.32/arch/arm/kernel/ptrace.c
180 @@ -22,6 +22,9 @@
181 #include <asm/uaccess.h>
182 #include <asm/pgtable.h>
183 #include <asm/system.h>
184 +/***** TOMOYO Linux start. *****/
185 +#include <linux/tomoyo.h>
186 +/***** TOMOYO Linux end. *****/
187
188 #include "ptrace.h"
189
190 @@ -695,6 +698,12 @@ asmlinkage int sys_ptrace(long request,
191 {
192 struct task_struct *child;
193 int ret;
194 + /***** TOMOYO Linux start. *****/
195 +#ifdef TOMOYO_SYS_PTRACE
196 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
197 + return -EPERM;
198 +#endif
199 + /***** TOMOYO Linux end. *****/
200
201 lock_kernel();
202 ret = -EPERM;
203 --- linux-2.4.32.orig/arch/cris/kernel/ptrace.c
204 +++ linux-2.4.32/arch/cris/kernel/ptrace.c
205 @@ -48,6 +48,9 @@
206 #include <asm/pgtable.h>
207 #include <asm/system.h>
208 #include <asm/processor.h>
209 +/***** TOMOYO Linux start. *****/
210 +#include <linux/tomoyo.h>
211 +/***** TOMOYO Linux end. *****/
212
213 /*
214 * does not yet catch signals sent when the child dies.
215 @@ -104,6 +107,12 @@ asmlinkage int sys_ptrace(long request,
216 {
217 struct task_struct *child;
218 int ret;
219 + /***** TOMOYO Linux start. *****/
220 +#ifdef TOMOYO_SYS_PTRACE
221 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
222 + return -EPERM;
223 +#endif
224 + /***** TOMOYO Linux end. *****/
225
226 lock_kernel();
227 ret = -EPERM;
228 --- linux-2.4.32.orig/arch/i386/kernel/ptrace.c
229 +++ linux-2.4.32/arch/i386/kernel/ptrace.c
230 @@ -20,6 +20,9 @@
231 #include <asm/processor.h>
232 #include <asm/i387.h>
233 #include <asm/debugreg.h>
234 +/***** TOMOYO Linux start. *****/
235 +#include <linux/tomoyo.h>
236 +/***** TOMOYO Linux end. *****/
237
238 /*
239 * does not yet catch signals sent when the child dies.
240 @@ -152,6 +155,12 @@ asmlinkage int sys_ptrace(long request,
241 struct task_struct *child;
242 struct user * dummy = NULL;
243 int i, ret;
244 + /***** TOMOYO Linux start. *****/
245 +#ifdef TOMOYO_SYS_PTRACE
246 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
247 + return -EPERM;
248 +#endif
249 + /***** TOMOYO Linux end. *****/
250
251 lock_kernel();
252 ret = -EPERM;
253 --- linux-2.4.32.orig/arch/ia64/ia32/sys_ia32.c
254 +++ linux-2.4.32/arch/ia64/ia32/sys_ia32.c
255 @@ -57,6 +57,9 @@
256 #include <net/scm.h>
257 #include <net/sock.h>
258 #include <asm/ia32.h>
259 +/***** TOMOYO Linux start. *****/
260 +#include <linux/tomoyo.h>
261 +/***** TOMOYO Linux end. *****/
262
263 #define DEBUG 0
264
265 @@ -3130,6 +3133,12 @@ sys32_ptrace (int request, pid_t pid, un
266 struct task_struct *child;
267 unsigned int value, tmp;
268 long i, ret;
269 + /***** TOMOYO Linux start. *****/
270 +#ifdef TOMOYO_SYS_PTRACE
271 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
272 + return -EPERM;
273 +#endif
274 + /***** TOMOYO Linux end. *****/
275
276 lock_kernel();
277 if (request == PTRACE_TRACEME) {
278 --- linux-2.4.32.orig/arch/ia64/kernel/ptrace.c
279 +++ linux-2.4.32/arch/ia64/kernel/ptrace.c
280 @@ -27,6 +27,9 @@
281 #ifdef CONFIG_PERFMON
282 #include <asm/perfmon.h>
283 #endif
284 +/***** TOMOYO Linux start. *****/
285 +#include <linux/tomoyo.h>
286 +/***** TOMOYO Linux end. *****/
287
288 #define offsetof(type,field) ((unsigned long) &((type *) 0)->field)
289
290 @@ -1273,6 +1276,12 @@ sys_ptrace (long request, pid_t pid, uns
291 struct task_struct *child;
292 struct switch_stack *sw;
293 long ret;
294 + /***** TOMOYO Linux start. *****/
295 +#ifdef TOMOYO_SYS_PTRACE
296 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
297 + return -EPERM;
298 +#endif
299 + /***** TOMOYO Linux end. *****/
300
301 lock_kernel();
302 ret = -EPERM;
303 --- linux-2.4.32.orig/arch/m68k/kernel/ptrace.c
304 +++ linux-2.4.32/arch/m68k/kernel/ptrace.c
305 @@ -25,6 +25,9 @@
306 #include <asm/pgtable.h>
307 #include <asm/system.h>
308 #include <asm/processor.h>
309 +/***** TOMOYO Linux start. *****/
310 +#include <linux/tomoyo.h>
311 +/***** TOMOYO Linux end. *****/
312
313 /*
314 * does not yet catch signals sent when the child dies.
315 @@ -104,6 +107,12 @@ asmlinkage int sys_ptrace(long request,
316 {
317 struct task_struct *child;
318 int ret;
319 + /***** TOMOYO Linux start. *****/
320 +#ifdef TOMOYO_SYS_PTRACE
321 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
322 + return -EPERM;
323 +#endif
324 + /***** TOMOYO Linux end. *****/
325
326 lock_kernel();
327 ret = -EPERM;
328 --- linux-2.4.32.orig/arch/mips/kernel/ptrace.c
329 +++ linux-2.4.32/arch/mips/kernel/ptrace.c
330 @@ -28,6 +28,9 @@
331 #include <asm/bootinfo.h>
332 #include <asm/cpu.h>
333 #include <asm/fpu.h>
334 +/***** TOMOYO Linux start. *****/
335 +#include <linux/tomoyo.h>
336 +/***** TOMOYO Linux end. *****/
337
338 /*
339 * Called by kernel/ptrace.c when detaching..
340 @@ -43,6 +46,12 @@ asmlinkage int sys_ptrace(long request,
341 {
342 struct task_struct *child;
343 int ret;
344 + /***** TOMOYO Linux start. *****/
345 +#ifdef TOMOYO_SYS_PTRACE
346 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
347 + return -EPERM;
348 +#endif
349 + /***** TOMOYO Linux end. *****/
350
351 lock_kernel();
352 #if 0
353 --- linux-2.4.32.orig/arch/mips64/kernel/ptrace.c
354 +++ linux-2.4.32/arch/mips64/kernel/ptrace.c
355 @@ -30,6 +30,9 @@
356 #include <asm/system.h>
357 #include <asm/uaccess.h>
358 #include <asm/bootinfo.h>
359 +/***** TOMOYO Linux start. *****/
360 +#include <linux/tomoyo.h>
361 +/***** TOMOYO Linux end. *****/
362
363 /*
364 * Called by kernel/ptrace.c when detaching..
365 @@ -49,6 +52,12 @@ asmlinkage int sys32_ptrace(int request,
366 {
367 struct task_struct *child;
368 int ret;
369 + /***** TOMOYO Linux start. *****/
370 +#ifdef TOMOYO_SYS_PTRACE
371 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
372 + return -EPERM;
373 +#endif
374 + /***** TOMOYO Linux end. *****/
375
376 lock_kernel();
377 ret = -EPERM;
378 @@ -288,6 +297,12 @@ asmlinkage int sys_ptrace(long request,
379 {
380 struct task_struct *child;
381 int ret;
382 + /***** TOMOYO Linux start. *****/
383 +#ifdef TOMOYO_SYS_PTRACE
384 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
385 + return -EPERM;
386 +#endif
387 + /***** TOMOYO Linux end. *****/
388
389 lock_kernel();
390 #if 0
391 --- linux-2.4.32.orig/arch/parisc/kernel/ptrace.c
392 +++ linux-2.4.32/arch/parisc/kernel/ptrace.c
393 @@ -21,6 +21,9 @@
394 #include <asm/system.h>
395 #include <asm/processor.h>
396 #include <asm/offset.h>
397 +/***** TOMOYO Linux start. *****/
398 +#include <linux/tomoyo.h>
399 +/***** TOMOYO Linux end. *****/
400
401 /* These are used in entry.S, syscall_restore_rfi. We need to record the
402 * current stepping mode somewhere other than in PSW, because there is no
403 @@ -94,6 +97,12 @@ long sys_ptrace(long request, pid_t pid,
404 #ifdef DEBUG_PTRACE
405 long oaddr=addr, odata=data;
406 #endif
407 + /***** TOMOYO Linux start. *****/
408 +#ifdef TOMOYO_SYS_PTRACE
409 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
410 + return -EPERM;
411 +#endif
412 + /***** TOMOYO Linux end. *****/
413
414 lock_kernel();
415 ret = -EPERM;
416 --- linux-2.4.32.orig/arch/ppc/kernel/ptrace.c
417 +++ linux-2.4.32/arch/ppc/kernel/ptrace.c
418 @@ -29,6 +29,9 @@
419 #include <asm/page.h>
420 #include <asm/pgtable.h>
421 #include <asm/system.h>
422 +/***** TOMOYO Linux start. *****/
423 +#include <linux/tomoyo.h>
424 +/***** TOMOYO Linux end. *****/
425
426 /*
427 * Set of msr bits that gdb can change on behalf of a process.
428 @@ -171,6 +174,12 @@ int sys_ptrace(long request, long pid, l
429 {
430 struct task_struct *child;
431 int ret = -EPERM;
432 + /***** TOMOYO Linux start. *****/
433 +#ifdef TOMOYO_SYS_PTRACE
434 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
435 + return -EPERM;
436 +#endif
437 + /***** TOMOYO Linux end. *****/
438
439 lock_kernel();
440 if (request == PTRACE_TRACEME) {
441 --- linux-2.4.32.orig/arch/ppc64/kernel/ptrace.c
442 +++ linux-2.4.32/arch/ppc64/kernel/ptrace.c
443 @@ -30,6 +30,9 @@
444 #include <asm/page.h>
445 #include <asm/pgtable.h>
446 #include <asm/system.h>
447 +/***** TOMOYO Linux start. *****/
448 +#include <linux/tomoyo.h>
449 +/***** TOMOYO Linux end. *****/
450
451 /*
452 * Set of msr bits that gdb can change on behalf of a process.
453 @@ -120,6 +123,12 @@ int sys_ptrace(long request, long pid, l
454 {
455 struct task_struct *child;
456 int ret = -EPERM;
457 + /***** TOMOYO Linux start. *****/
458 +#ifdef TOMOYO_SYS_PTRACE
459 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
460 + return -EPERM;
461 +#endif
462 + /***** TOMOYO Linux end. *****/
463
464 lock_kernel();
465 if (request == PTRACE_TRACEME) {
466 --- linux-2.4.32.orig/arch/ppc64/kernel/ptrace32.c
467 +++ linux-2.4.32/arch/ppc64/kernel/ptrace32.c
468 @@ -30,6 +30,9 @@
469 #include <asm/page.h>
470 #include <asm/pgtable.h>
471 #include <asm/system.h>
472 +/***** TOMOYO Linux start. *****/
473 +#include <linux/tomoyo.h>
474 +/***** TOMOYO Linux end. *****/
475
476 #ifdef CONFIG_ALTIVEC
477 /*
478 @@ -121,6 +124,12 @@ int sys32_ptrace(long request, long pid,
479 {
480 struct task_struct *child;
481 int ret = -EPERM;
482 + /***** TOMOYO Linux start. *****/
483 +#ifdef TOMOYO_SYS_PTRACE
484 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
485 + return -EPERM;
486 +#endif
487 + /***** TOMOYO Linux end. *****/
488
489 lock_kernel();
490 if (request == PTRACE_TRACEME) {
491 --- linux-2.4.32.orig/arch/s390/kernel/ptrace.c
492 +++ linux-2.4.32/arch/s390/kernel/ptrace.c
493 @@ -37,6 +37,9 @@
494 #include <asm/pgalloc.h>
495 #include <asm/system.h>
496 #include <asm/uaccess.h>
497 +/***** TOMOYO Linux start. *****/
498 +#include <linux/tomoyo.h>
499 +/***** TOMOYO Linux end. *****/
500
501
502 void FixPerRegisters(struct task_struct *task)
503 @@ -221,6 +224,12 @@ asmlinkage int sys_ptrace(long request,
504 unsigned long tmp;
505 int copied;
506 ptrace_area parea;
507 + /***** TOMOYO Linux start. *****/
508 +#ifdef TOMOYO_SYS_PTRACE
509 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
510 + return -EPERM;
511 +#endif
512 + /***** TOMOYO Linux end. *****/
513
514 lock_kernel();
515 if (request == PTRACE_TRACEME)
516 --- linux-2.4.32.orig/arch/s390x/kernel/ptrace.c
517 +++ linux-2.4.32/arch/s390x/kernel/ptrace.c
518 @@ -43,6 +43,9 @@
519 #else
520 #define parent_31bit 0
521 #endif
522 +/***** TOMOYO Linux start. *****/
523 +#include <linux/tomoyo.h>
524 +/***** TOMOYO Linux end. *****/
525
526
527 void FixPerRegisters(struct task_struct *task)
528 @@ -431,6 +434,12 @@ asmlinkage int sys_ptrace(long request,
529 #define sizeof_parent_long 8
530 #define dataptr (u8 *)&data
531 #endif
532 + /***** TOMOYO Linux start. *****/
533 +#ifdef TOMOYO_SYS_PTRACE
534 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
535 + return -EPERM;
536 +#endif
537 + /***** TOMOYO Linux end. *****/
538 lock_kernel();
539 if (request == PTRACE_TRACEME)
540 {
541 --- linux-2.4.32.orig/arch/sh/kernel/ptrace.c
542 +++ linux-2.4.32/arch/sh/kernel/ptrace.c
543 @@ -26,6 +26,9 @@
544 #include <asm/system.h>
545 #include <asm/processor.h>
546 #include <asm/mmu_context.h>
547 +/***** TOMOYO Linux start. *****/
548 +#include <linux/tomoyo.h>
549 +/***** TOMOYO Linux end. *****/
550
551 /*
552 * does not yet catch signals sent when the child dies.
553 @@ -144,6 +147,12 @@ asmlinkage int sys_ptrace(long request,
554 struct task_struct *child, *tsk = current;
555 struct user * dummy = NULL;
556 int ret;
557 + /***** TOMOYO Linux start. *****/
558 +#ifdef TOMOYO_SYS_PTRACE
559 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
560 + return -EPERM;
561 +#endif
562 + /***** TOMOYO Linux end. *****/
563
564 lock_kernel();
565 ret = -EPERM;
566 --- linux-2.4.32.orig/arch/sh64/kernel/ptrace.c
567 +++ linux-2.4.32/arch/sh64/kernel/ptrace.c
568 @@ -32,6 +32,9 @@
569 #include <asm/system.h>
570 #include <asm/processor.h>
571 #include <asm/mmu_context.h>
572 +/***** TOMOYO Linux start. *****/
573 +#include <linux/tomoyo.h>
574 +/***** TOMOYO Linux end. *****/
575
576 /* This mask defines the bits of the SR which the user is not allowed to
577 change, which are everything except S, Q, M, PR, SZ, FR. */
578 @@ -122,6 +125,12 @@ asmlinkage int sys_ptrace(long request,
579 {
580 struct task_struct *child, *tsk = current;
581 int ret;
582 + /***** TOMOYO Linux start. *****/
583 +#ifdef TOMOYO_SYS_PTRACE
584 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
585 + return -EPERM;
586 +#endif
587 + /***** TOMOYO Linux end. *****/
588
589 lock_kernel();
590 ret = -EPERM;
591 --- linux-2.4.32.orig/arch/sparc/kernel/ptrace.c
592 +++ linux-2.4.32/arch/sparc/kernel/ptrace.c
593 @@ -21,6 +21,9 @@
594 #include <asm/pgtable.h>
595 #include <asm/system.h>
596 #include <asm/uaccess.h>
597 +/***** TOMOYO Linux start. *****/
598 +#include <linux/tomoyo.h>
599 +/***** TOMOYO Linux end. *****/
600
601 #define MAGIC_CONSTANT 0x80000000
602
603 @@ -262,6 +265,14 @@ asmlinkage void do_ptrace(struct pt_regs
604 unsigned long data = regs->u_regs[UREG_I3];
605 unsigned long addr2 = regs->u_regs[UREG_I4];
606 struct task_struct *child;
607 + /***** TOMOYO Linux start. *****/
608 +#ifdef TOMOYO_SYS_PTRACE
609 + if (!ccs_capable(TOMOYO_SYS_PTRACE)) {
610 + pt_error_return(regs, EPERM);
611 + return;
612 + }
613 +#endif
614 + /***** TOMOYO Linux end. *****/
615
616 lock_kernel();
617 #ifdef DEBUG_PTRACE
618 --- linux-2.4.32.orig/arch/sparc64/kernel/ptrace.c
619 +++ linux-2.4.32/arch/sparc64/kernel/ptrace.c
620 @@ -26,6 +26,9 @@
621 #include <asm/psrcompat.h>
622 #include <asm/visasm.h>
623 #include <asm/spitfire.h>
624 +/***** TOMOYO Linux start. *****/
625 +#include <linux/tomoyo.h>
626 +/***** TOMOYO Linux end. *****/
627
628 #define MAGIC_CONSTANT 0x80000000
629
630 @@ -108,6 +111,14 @@ asmlinkage void do_ptrace(struct pt_regs
631 unsigned long data = regs->u_regs[UREG_I3];
632 unsigned long addr2 = regs->u_regs[UREG_I4];
633 struct task_struct *child;
634 + /***** TOMOYO Linux start. *****/
635 +#ifdef TOMOYO_SYS_PTRACE
636 + if (!ccs_capable(TOMOYO_SYS_PTRACE)) {
637 + pt_error_return(regs, EPERM);
638 + return;
639 + }
640 +#endif
641 + /***** TOMOYO Linux end. *****/
642
643 if (current->thread.flags & SPARC_FLAG_32BIT) {
644 addr &= 0xffffffffUL;
645 --- linux-2.4.32.orig/arch/x86_64/ia32/ptrace32.c
646 +++ linux-2.4.32/arch/x86_64/ia32/ptrace32.c
647 @@ -24,6 +24,9 @@
648 #include <asm/i387.h>
649 #include <asm/fpu32.h>
650 #include <linux/mm.h>
651 +/***** TOMOYO Linux start. *****/
652 +#include <linux/tomoyo.h>
653 +/***** TOMOYO Linux end. *****/
654
655 /* determines which flags the user has access to. */
656 /* 1 = access 0 = no access */
657 @@ -203,6 +206,12 @@ asmlinkage long sys32_ptrace(long reques
658 struct pt_regs *childregs;
659 int ret;
660 __u32 val;
661 + /***** TOMOYO Linux start. *****/
662 +#ifdef TOMOYO_SYS_PTRACE
663 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
664 + return -EPERM;
665 +#endif
666 + /***** TOMOYO Linux end. *****/
667
668 switch (request) {
669 case PTRACE_TRACEME:
670 --- linux-2.4.32.orig/arch/x86_64/kernel/ptrace.c
671 +++ linux-2.4.32/arch/x86_64/kernel/ptrace.c
672 @@ -22,6 +22,9 @@
673 #include <asm/processor.h>
674 #include <asm/i387.h>
675 #include <asm/debugreg.h>
676 +/***** TOMOYO Linux start. *****/
677 +#include <linux/tomoyo.h>
678 +/***** TOMOYO Linux end. *****/
679
680 /*
681 * does not yet catch signals sent when the child dies.
682 @@ -180,6 +183,12 @@ asmlinkage long sys_ptrace(long request,
683 struct task_struct *child;
684 struct user * dummy = NULL;
685 long i, ret;
686 + /***** TOMOYO Linux start. *****/
687 +#ifdef TOMOYO_SYS_PTRACE
688 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
689 + return -EPERM;
690 +#endif
691 + /***** TOMOYO Linux end. *****/
692
693 /* This lock_kernel fixes a subtle race with suid exec */
694 lock_kernel();
695 --- linux-2.4.32.orig/fs/Config.in
696 +++ linux-2.4.32/fs/Config.in
697 @@ -176,4 +176,7 @@ comment 'Partition Types'
698 source fs/partitions/Config.in
699 endmenu
700 source fs/nls/Config.in
701 +
702 +source fs/Config.ccs.in
703 +
704 endmenu
705 --- linux-2.4.32.orig/fs/Makefile
706 +++ linux-2.4.32/fs/Makefile
707 @@ -80,5 +80,5 @@ obj-$(CONFIG_BINFMT_ELF) += binfmt_elf.o
708 # persistent filesystems
709 obj-y += $(join $(subdir-y),$(subdir-y:%=/%.o))
710
711 -
712 +include Makefile-2.4.ccs
713 include $(TOPDIR)/Rules.make
714 --- linux-2.4.32.orig/fs/attr.c
715 +++ linux-2.4.32/fs/attr.c
716 @@ -12,6 +12,9 @@
717 #include <linux/dnotify.h>
718 #include <linux/fcntl.h>
719 #include <linux/quotaops.h>
720 +/***** TOMOYO Linux start. *****/
721 +#include <linux/tomoyo.h>
722 +/***** TOMOYO Linux end. *****/
723
724 /* Taken over from the old code... */
725
726 @@ -127,6 +130,13 @@ int notify_change(struct dentry * dentry
727 attr->ia_atime = now;
728 if (!(ia_valid & ATTR_MTIME_SET))
729 attr->ia_mtime = now;
730 + /***** TOMOYO Linux start. *****/
731 + if ((ia_valid & ATTR_MODE) && !ccs_capable(TOMOYO_SYS_CHMOD))
732 + return -EPERM;
733 + if ((ia_valid & (ATTR_UID | ATTR_GID)) &&
734 + !ccs_capable(TOMOYO_SYS_CHOWN))
735 + return -EPERM;
736 + /***** TOMOYO Linux end. *****/
737
738 lock_kernel();
739 if (inode->i_op && inode->i_op->setattr)
740 --- linux-2.4.32.orig/fs/exec.c
741 +++ linux-2.4.32/fs/exec.c
742 @@ -48,6 +48,10 @@
743 #include <linux/kmod.h>
744 #endif
745
746 +/***** TOMOYO Linux start. *****/
747 +#include <linux/tomoyo.h>
748 +/***** TOMOYO Linux end. *****/
749 +
750 int core_uses_pid;
751 char core_pattern[65] = "core";
752 int core_setuid_ok = 0;
753 @@ -125,6 +129,13 @@ asmlinkage long sys_uselib(const char *
754 if (error)
755 goto exit;
756
757 + /***** TOMOYO Linux start. *****/
758 + /* 01 means "read". */
759 + error = ccs_check_open_permission(nd.dentry, nd.mnt, 01);
760 + if (error)
761 + goto exit;
762 + /***** TOMOYO Linux end. *****/
763 +
764 file = dentry_open(nd.dentry, nd.mnt, O_RDONLY);
765 error = PTR_ERR(file);
766 if (IS_ERR(file))
767 @@ -389,6 +400,13 @@ struct file *open_exec(const char *name)
768 int err = permission(inode, MAY_EXEC);
769 if (!err && !(inode->i_mode & 0111))
770 err = -EACCES;
771 + /***** TOMOYO Linux start. *****/
772 + if (!err && (current->tomoyo_flags &
773 + TOMOYO_CHECK_READ_FOR_OPEN_EXEC))
774 + /* 01 means "read". */
775 + err = ccs_check_open_permission(nd.dentry,
776 + nd.mnt, 01);
777 + /***** TOMOYO Linux end. *****/
778 file = ERR_PTR(err);
779 if (!err) {
780 file = dentry_open(nd.dentry, nd.mnt, O_RDONLY);
781 @@ -978,7 +996,8 @@ int do_execve(char * filename, char ** a
782 if (retval < 0)
783 goto out;
784
785 - retval = search_binary_handler(&bprm,regs);
786 + retval = search_binary_handler_with_transition(&bprm, regs);
787 +
788 if (retval >= 0)
789 /* execve success */
790 return retval;
791 --- linux-2.4.32.orig/fs/fcntl.c
792 +++ linux-2.4.32/fs/fcntl.c
793 @@ -16,6 +16,9 @@
794 #include <asm/poll.h>
795 #include <asm/siginfo.h>
796 #include <asm/uaccess.h>
797 +/***** TOMOYO Linux start. *****/
798 +#include <linux/tomoyo.h>
799 +/***** TOMOYO Linux end. *****/
800
801 extern int sock_fcntl (struct file *, unsigned int cmd, unsigned long arg);
802 extern int fcntl_setlease(unsigned int fd, struct file *filp, long arg);
803 @@ -214,6 +217,11 @@ static int setfl(int fd, struct file * f
804 if (!(arg & O_APPEND) && IS_APPEND(inode))
805 return -EPERM;
806
807 + /***** TOMOYO Linux start. *****/
808 + if (!(arg & O_APPEND) && ccs_check_rewrite_permission(filp))
809 + return -EPERM;
810 + /***** TOMOYO Linux end. *****/
811 +
812 /* Did FASYNC state change? */
813 if ((arg ^ filp->f_flags) & FASYNC) {
814 if (filp->f_op && filp->f_op->fasync) {
815 --- linux-2.4.32.orig/fs/ioctl.c
816 +++ linux-2.4.32/fs/ioctl.c
817 @@ -10,6 +10,9 @@
818
819 #include <asm/uaccess.h>
820 #include <asm/ioctls.h>
821 +/***** TOMOYO Linux start. *****/
822 +#include <linux/tomoyo.h>
823 +/***** TOMOYO Linux end. *****/
824
825 static int file_ioctl(struct file *filp,unsigned int cmd,unsigned long arg)
826 {
827 @@ -112,6 +115,12 @@ asmlinkage long sys_ioctl(unsigned int f
828 error = -ENOTTY;
829 break;
830 default:
831 + /***** TOMOYO Linux start. *****/
832 + if (!ccs_capable(TOMOYO_SYS_IOCTL)) {
833 + error = -EPERM;
834 + break;
835 + }
836 + /***** TOMOYO Linux end. *****/
837 error = -ENOTTY;
838 if (S_ISREG(filp->f_dentry->d_inode->i_mode))
839 error = file_ioctl(filp, cmd, arg);
840 --- linux-2.4.32.orig/fs/namei.c
841 +++ linux-2.4.32/fs/namei.c
842 @@ -28,6 +28,11 @@
843
844 #define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE])
845
846 +/***** TOMOYO Linux start. *****/
847 +#include <linux/tomoyo.h>
848 +#include <linux/module.h>
849 +/***** TOMOYO Linux end. *****/
850 +
851 /* [Feb-1997 T. Schoebel-Theuer]
852 * Fundamental changes in the pathname lookup mechanisms (namei)
853 * were necessary because of omirr. The reason is that omirr needs
854 @@ -988,6 +993,9 @@ exit_lock:
855 return error;
856 }
857
858 +/***** TOMOYO Linux start. *****/
859 +#include <linux/tomoyo_vfs.h>
860 +/***** TOMOYO Linux end. *****/
861 /*
862 * open_namei()
863 *
864 @@ -1053,6 +1061,13 @@ do_last:
865
866 /* Negative dentry, just create the file */
867 if (!dentry->d_inode) {
868 + /***** TOMOYO Linux start. *****/
869 + error = pre_vfs_create(dir->d_inode, dentry);
870 + if (!error)
871 + error = ccs_check_1path_perm(TYPE_CREATE_ACL, dentry,
872 + nd->mnt);
873 + if (!error)
874 + /***** TOMOYO Linux end. *****/
875 error = vfs_create(dir->d_inode, dentry,
876 mode & ~current->fs->umask);
877 up(&dir->d_inode->i_sem);
878 @@ -1139,6 +1154,13 @@ ok:
879 goto exit;
880 }
881
882 + /***** TOMOYO Linux start. *****/
883 + /* includes O_APPEND and O_TRUNC checks */
884 + error = ccs_check_open_permission(dentry, nd->mnt, flag);
885 + if (error)
886 + goto exit;
887 + /***** TOMOYO Linux end. *****/
888 +
889 /*
890 * Ensure there are no outstanding leases on the file.
891 */
892 @@ -1277,6 +1299,17 @@ asmlinkage long sys_mknod(const char * f
893
894 if (S_ISDIR(mode))
895 return -EPERM;
896 + /***** TOMOYO Linux start. *****/
897 + if (S_ISCHR(mode) && !ccs_capable(TOMOYO_CREATE_CHAR_DEV))
898 + return -EPERM;
899 + if (S_ISBLK(mode) && !ccs_capable(TOMOYO_CREATE_BLOCK_DEV))
900 + return -EPERM;
901 + if (S_ISFIFO(mode) && !ccs_capable(TOMOYO_CREATE_FIFO))
902 + return -EPERM;
903 + if (S_ISSOCK(mode) && !ccs_capable(TOMOYO_CREATE_UNIX_SOCKET))
904 + return -EPERM;
905 + /***** TOMOYO Linux end. *****/
906 +
907 tmp = getname(filename);
908 if (IS_ERR(tmp))
909 return PTR_ERR(tmp);
910 @@ -1291,9 +1324,33 @@ asmlinkage long sys_mknod(const char * f
911 if (!IS_ERR(dentry)) {
912 switch (mode & S_IFMT) {
913 case 0: case S_IFREG:
914 + /***** TOMOYO Linux start. *****/
915 + error = pre_vfs_create(nd.dentry->d_inode, dentry);
916 + if (error)
917 + break;
918 + error = ccs_check_1path_perm(TYPE_CREATE_ACL, dentry,
919 + nd.mnt);
920 + if (error)
921 + break;
922 + /***** TOMOYO Linux end. *****/
923 error = vfs_create(nd.dentry->d_inode,dentry,mode);
924 break;
925 case S_IFCHR: case S_IFBLK: case S_IFIFO: case S_IFSOCK:
926 + /***** TOMOYO Linux start. *****/
927 + error = pre_vfs_mknod(nd.dentry->d_inode, dentry);
928 + if (error)
929 + break;
930 + error = ccs_check_1path_perm(S_ISCHR(mode) ?
931 + TYPE_MKCHAR_ACL :
932 + S_ISBLK(mode) ?
933 + TYPE_MKBLOCK_ACL :
934 + S_ISFIFO(mode) ?
935 + TYPE_MKFIFO_ACL :
936 + TYPE_MKSOCK_ACL,
937 + dentry, nd.mnt);
938 + if (error)
939 + break;
940 + /***** TOMOYO Linux end. *****/
941 error = vfs_mknod(nd.dentry->d_inode,dentry,mode,dev);
942 break;
943 case S_IFDIR:
944 @@ -1355,6 +1412,13 @@ asmlinkage long sys_mkdir(const char * p
945 dentry = lookup_create(&nd, 1);
946 error = PTR_ERR(dentry);
947 if (!IS_ERR(dentry)) {
948 + /***** TOMOYO Linux start. *****/
949 + error = pre_vfs_mkdir(nd.dentry->d_inode, dentry);
950 + if (!error)
951 + error = ccs_check_1path_perm(TYPE_MKDIR_ACL,
952 + dentry, nd.mnt);
953 + if (!error)
954 + /***** TOMOYO Linux end. *****/
955 error = vfs_mkdir(nd.dentry->d_inode, dentry,
956 mode & ~current->fs->umask);
957 dput(dentry);
958 @@ -1464,6 +1528,13 @@ asmlinkage long sys_rmdir(const char * p
959 dentry = lookup_hash(&nd.last, nd.dentry);
960 error = PTR_ERR(dentry);
961 if (!IS_ERR(dentry)) {
962 + /***** TOMOYO Linux start. *****/
963 + error = pre_vfs_rmdir(nd.dentry->d_inode, dentry);
964 + if (!error)
965 + error = ccs_check_1path_perm(TYPE_RMDIR_ACL, dentry,
966 + nd.mnt);
967 + if (!error)
968 + /***** TOMOYO Linux end. *****/
969 error = vfs_rmdir(nd.dentry->d_inode, dentry);
970 dput(dentry);
971 }
972 @@ -1508,6 +1579,10 @@ asmlinkage long sys_unlink(const char *
973 char * name;
974 struct dentry *dentry;
975 struct nameidata nd;
976 + /***** TOMOYO Linux start. *****/
977 + if (!ccs_capable(TOMOYO_SYS_UNLINK))
978 + return -EPERM;
979 + /***** TOMOYO Linux end. *****/
980
981 name = getname(pathname);
982 if(IS_ERR(name))
983 @@ -1526,6 +1601,14 @@ asmlinkage long sys_unlink(const char *
984 /* Why not before? Because we want correct error value */
985 if (nd.last.name[nd.last.len])
986 goto slashes;
987 + /***** TOMOYO Linux start. *****/
988 + error = pre_vfs_unlink(nd.dentry->d_inode, dentry);
989 + if (error)
990 + goto exit2;
991 + error = ccs_check_1path_perm(TYPE_UNLINK_ACL, dentry, nd.mnt);
992 + if (error)
993 + goto exit2;
994 + /***** TOMOYO Linux end. *****/
995 error = vfs_unlink(nd.dentry->d_inode, dentry);
996 exit2:
997 dput(dentry);
998 @@ -1574,6 +1657,10 @@ asmlinkage long sys_symlink(const char *
999 int error = 0;
1000 char * from;
1001 char * to;
1002 + /***** TOMOYO Linux start. *****/
1003 + if (!ccs_capable(TOMOYO_SYS_SYMLINK))
1004 + return -EPERM;
1005 + /***** TOMOYO Linux end. *****/
1006
1007 from = getname(oldname);
1008 if(IS_ERR(from))
1009 @@ -1590,6 +1677,13 @@ asmlinkage long sys_symlink(const char *
1010 dentry = lookup_create(&nd, 0);
1011 error = PTR_ERR(dentry);
1012 if (!IS_ERR(dentry)) {
1013 + /***** TOMOYO Linux start. *****/
1014 + error = pre_vfs_symlink(nd.dentry->d_inode, dentry);
1015 + if (!error)
1016 + error = ccs_check_1path_perm(TYPE_SYMLINK_ACL,
1017 + dentry, nd.mnt);
1018 + if (!error)
1019 + /***** TOMOYO Linux end. *****/
1020 error = vfs_symlink(nd.dentry->d_inode, dentry, from);
1021 dput(dentry);
1022 }
1023 @@ -1655,6 +1749,10 @@ asmlinkage long sys_link(const char * ol
1024 {
1025 int error;
1026 char * to;
1027 + /***** TOMOYO Linux start. *****/
1028 + if (!ccs_capable(TOMOYO_SYS_LINK))
1029 + return -EPERM;
1030 + /***** TOMOYO Linux end. *****/
1031
1032 to = getname(newname);
1033 error = PTR_ERR(to);
1034 @@ -1674,6 +1772,17 @@ asmlinkage long sys_link(const char * ol
1035 new_dentry = lookup_create(&nd, 0);
1036 error = PTR_ERR(new_dentry);
1037 if (!IS_ERR(new_dentry)) {
1038 + /***** TOMOYO Linux start. *****/
1039 + error = pre_vfs_link(old_nd.dentry, nd.dentry->d_inode,
1040 + new_dentry);
1041 + if (!error)
1042 + error = ccs_check_2path_perm(TYPE_LINK_ACL,
1043 + old_nd.dentry,
1044 + old_nd.mnt,
1045 + new_dentry,
1046 + nd.mnt);
1047 + if (!error)
1048 + /***** TOMOYO Linux end. *****/
1049 error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
1050 dput(new_dentry);
1051 }
1052 @@ -1904,6 +2013,20 @@ static inline int do_rename(const char *
1053 error = PTR_ERR(new_dentry);
1054 if (IS_ERR(new_dentry))
1055 goto exit4;
1056 + /***** TOMOYO Linux start. *****/
1057 + error = pre_vfs_rename(old_dir->d_inode, old_dentry,
1058 + new_dir->d_inode, new_dentry);
1059 + if (error) {
1060 + dput(new_dentry);
1061 + goto exit4;
1062 + }
1063 + error = ccs_check_2path_perm(TYPE_RENAME_ACL, old_dentry, oldnd.mnt,
1064 + new_dentry, newnd.mnt);
1065 + if (error) {
1066 + dput(new_dentry);
1067 + goto exit4;
1068 + }
1069 + /***** TOMOYO Linux end. *****/
1070
1071 lock_kernel();
1072 error = vfs_rename(old_dir->d_inode, old_dentry,
1073 @@ -1928,6 +2051,10 @@ asmlinkage long sys_rename(const char *
1074 int error;
1075 char * from;
1076 char * to;
1077 + /***** TOMOYO Linux start. *****/
1078 + if (!ccs_capable(TOMOYO_SYS_RENAME))
1079 + return -EPERM;
1080 + /***** TOMOYO Linux end. *****/
1081
1082 from = getname(oldname);
1083 if(IS_ERR(from))
1084 --- linux-2.4.32.orig/fs/namespace.c
1085 +++ linux-2.4.32/fs/namespace.c
1086 @@ -21,6 +21,13 @@
1087 #include <linux/seq_file.h>
1088 #include <linux/namespace.h>
1089
1090 +/***** SAKURA Linux start. *****/
1091 +#include <linux/sakura.h>
1092 +/***** SAKURA Linux end. *****/
1093 +/***** TOMOYO Linux start. *****/
1094 +#include <linux/tomoyo.h>
1095 +/***** TOMOYO Linux end. *****/
1096 +
1097 struct vfsmount *do_kern_mount(const char *type, int flags, char *name, void *data);
1098 int do_remount_sb(struct super_block *sb, int flags, void * data);
1099 void kill_super(struct super_block *sb);
1100 @@ -290,6 +297,10 @@ static int do_umount(struct vfsmount *mn
1101 {
1102 struct super_block * sb = mnt->mnt_sb;
1103 int retval = 0;
1104 + /***** SAKURA Linux start. *****/
1105 + if (ccs_may_umount(mnt))
1106 + return -EPERM;
1107 + /***** SAKURA Linux end. *****/
1108
1109 /*
1110 * If we may have to abort operations to get out of this
1111 @@ -365,6 +376,10 @@ asmlinkage long sys_umount(char * name,
1112 {
1113 struct nameidata nd;
1114 int retval;
1115 + /***** TOMOYO Linux start. *****/
1116 + if (!ccs_capable(TOMOYO_SYS_UMOUNT))
1117 + return -EPERM;
1118 + /***** TOMOYO Linux end. *****/
1119
1120 retval = __user_walk(name, LOOKUP_POSITIVE|LOOKUP_FOLLOW, &nd);
1121 if (retval)
1122 @@ -500,6 +515,11 @@ static int do_loopback(struct nameidata
1123 down_write(&current->namespace->sem);
1124 err = -EINVAL;
1125 if (check_mnt(nd->mnt) && (!recurse || check_mnt(old_nd.mnt))) {
1126 + /***** SAKURA Linux start. *****/
1127 + err = -EPERM;
1128 + if (ccs_may_mount(nd))
1129 + goto out;
1130 + /***** SAKURA Linux end. *****/
1131 err = -ENOMEM;
1132 if (recurse)
1133 mnt = copy_tree(old_nd.mnt, old_nd.dentry);
1134 @@ -516,7 +536,9 @@ static int do_loopback(struct nameidata
1135 } else
1136 mntput(mnt);
1137 }
1138 -
1139 + /***** SAKURA Linux start. *****/
1140 + out:
1141 + /***** SAKURA Linux end. *****/
1142 up_write(&current->namespace->sem);
1143 path_release(&old_nd);
1144 return err;
1145 @@ -570,6 +592,12 @@ static int do_move_mount(struct nameidat
1146 if (!check_mnt(nd->mnt) || !check_mnt(old_nd.mnt))
1147 goto out;
1148
1149 + /***** SAKURA Linux start. *****/
1150 + err = -EPERM;
1151 + if (ccs_may_umount(old_nd.mnt) || ccs_may_mount(nd))
1152 + goto out;
1153 + /***** SAKURA Linux end. *****/
1154 +
1155 err = -ENOENT;
1156 down(&nd->dentry->d_inode->i_zombie);
1157 if (IS_DEADDIR(nd->dentry->d_inode))
1158 @@ -641,6 +669,12 @@ static int do_add_mount(struct nameidata
1159 if (nd->mnt->mnt_sb == mnt->mnt_sb && nd->mnt->mnt_root == nd->dentry)
1160 goto unlock;
1161
1162 + /***** SAKURA Linux start. *****/
1163 + err = -EPERM;
1164 + if (ccs_may_mount(nd))
1165 + goto unlock;
1166 + /***** SAKURA Linux end. *****/
1167 +
1168 mnt->mnt_flags = mnt_flags;
1169 err = graft_tree(mnt, nd);
1170 unlock:
1171 @@ -718,6 +752,17 @@ long do_mount(char * dev_name, char * di
1172 if (data_page)
1173 ((char *)data_page)[PAGE_SIZE - 1] = 0;
1174
1175 + /***** TOMOYO Linux start. *****/
1176 + if (!ccs_capable(TOMOYO_SYS_MOUNT))
1177 + return -EPERM;
1178 + /***** TOMOYO Linux end. *****/
1179 + /***** SAKURA Linux start. *****/
1180 + retval = ccs_check_mount_permission(dev_name, dir_name, type_page,
1181 + &flags);
1182 + if (retval)
1183 + return retval;
1184 + /***** SAKURA Linux end. *****/
1185 +
1186 /* Separate the per-mountpoint flags */
1187 if (flags & MS_NOSUID)
1188 mnt_flags |= MNT_NOSUID;
1189 @@ -911,6 +956,10 @@ asmlinkage long sys_pivot_root(const cha
1190
1191 if (!capable(CAP_SYS_ADMIN))
1192 return -EPERM;
1193 + /***** TOMOYO Linux start. *****/
1194 + if (!ccs_capable(TOMOYO_SYS_PIVOT_ROOT))
1195 + return -EPERM;
1196 + /***** TOMOYO Linux end. *****/
1197
1198 lock_kernel();
1199
1200 @@ -925,6 +974,13 @@ asmlinkage long sys_pivot_root(const cha
1201 if (error)
1202 goto out1;
1203
1204 + /***** SAKURA Linux start. *****/
1205 + error = ccs_check_pivot_root_permission(&old_nd, &new_nd);
1206 + if (error) {
1207 + path_release(&old_nd);
1208 + goto out1;
1209 + }
1210 + /***** SAKURA Linux end. *****/
1211 read_lock(&current->fs->lock);
1212 user_nd.mnt = mntget(current->fs->rootmnt);
1213 user_nd.dentry = dget(current->fs->root);
1214 --- linux-2.4.32.orig/fs/open.c
1215 +++ linux-2.4.32/fs/open.c
1216 @@ -20,6 +20,13 @@
1217
1218 #define special_file(m) (S_ISCHR(m)||S_ISBLK(m)||S_ISFIFO(m)||S_ISSOCK(m))
1219
1220 +/***** SAKURA Linux start. *****/
1221 +#include <linux/sakura.h>
1222 +/***** SAKURA Linux end. *****/
1223 +/***** TOMOYO Linux start. *****/
1224 +#include <linux/tomoyo.h>
1225 +/***** TOMOYO Linux end. *****/
1226 +
1227 int vfs_statfs(struct super_block *sb, struct statfs *buf)
1228 {
1229 int retval = -ENODEV;
1230 @@ -162,6 +169,11 @@ static inline long do_sys_truncate(const
1231 if (error)
1232 goto dput_and_out;
1233
1234 + /***** TOMOYO Linux start. *****/
1235 + error = ccs_check_1path_perm(TYPE_TRUNCATE_ACL, nd.dentry, nd.mnt);
1236 + if (!error)
1237 + /***** TOMOYO Linux end. *****/
1238 +
1239 error = locks_verify_truncate(inode, NULL, length);
1240 if (!error) {
1241 DQUOT_INIT(inode);
1242 @@ -215,6 +227,11 @@ static inline long do_sys_ftruncate(unsi
1243 if (IS_APPEND(inode))
1244 goto out_putf;
1245
1246 + /***** TOMOYO Linux start. *****/
1247 + error = ccs_check_1path_perm(TYPE_TRUNCATE_ACL, dentry, file->f_vfsmnt);
1248 + if (error)
1249 + goto out_putf;
1250 + /***** TOMOYO Linux end. *****/
1251 error = locks_verify_truncate(inode, file, length);
1252 if (!error)
1253 error = do_truncate(dentry, length);
1254 @@ -464,6 +481,14 @@ asmlinkage long sys_chroot(const char *
1255 error = -EPERM;
1256 if (!capable(CAP_SYS_CHROOT))
1257 goto dput_and_out;
1258 + /***** TOMOYO Linux start. *****/
1259 + if (!ccs_capable(TOMOYO_SYS_CHROOT))
1260 + goto dput_and_out;
1261 + /***** TOMOYO Linux end. *****/
1262 + /***** SAKURA Linux start. *****/
1263 + if (ccs_check_chroot_permission(&nd))
1264 + goto dput_and_out;
1265 + /***** SAKURA Linux end. *****/
1266
1267 set_fs_root(current->fs, nd.mnt, nd.dentry);
1268 set_fs_altroot();
1269 @@ -895,6 +920,10 @@ out_unlock:
1270 */
1271 asmlinkage long sys_vhangup(void)
1272 {
1273 + /***** TOMOYO Linux start. *****/
1274 + if (!ccs_capable(TOMOYO_SYS_VHANGUP))
1275 + return -EPERM;
1276 + /***** TOMOYO Linux end. *****/
1277 if (capable(CAP_SYS_TTY_CONFIG)) {
1278 tty_vhangup(current->tty);
1279 return 0;
1280 --- linux-2.4.32.orig/fs/proc/Makefile
1281 +++ linux-2.4.32/fs/proc/Makefile
1282 @@ -18,4 +18,8 @@ ifeq ($(CONFIG_PROC_DEVICETREE),y)
1283 obj-y += proc_devtree.o
1284 endif
1285
1286 +export-objs += ccs_proc.o
1287 +obj-$(CONFIG_SAKURA) += ccs_proc.o
1288 +obj-$(CONFIG_TOMOYO) += ccs_proc.o
1289 +
1290 include $(TOPDIR)/Rules.make
1291 --- linux-2.4.32.orig/fs/proc/proc_misc.c
1292 +++ linux-2.4.32/fs/proc/proc_misc.c
1293 @@ -670,4 +670,9 @@ void __init proc_misc_init(void)
1294 entry->proc_fops = &ppc_htab_operations;
1295 }
1296 #endif
1297 + /***** CCS start. *****/
1298 +#if defined(CONFIG_SAKURA) || defined(CONFIG_TOMOYO)
1299 + printk(KERN_INFO "Hook version: 2.4.32 2008/04/30\n");
1300 +#endif
1301 + /***** CCS end. *****/
1302 }
1303 --- linux-2.4.32.orig/include/linux/sched.h
1304 +++ linux-2.4.32/include/linux/sched.h
1305 @@ -29,6 +29,11 @@ extern unsigned long event;
1306
1307 struct exec_domain;
1308
1309 +/***** TOMOYO Linux start. *****/
1310 +struct domain_info;
1311 +extern struct domain_info KERNEL_DOMAIN;
1312 +/***** TOMOYO Linux end. *****/
1313 +
1314 /*
1315 * cloning flags:
1316 */
1317 @@ -415,6 +420,10 @@ struct task_struct {
1318
1319 /* journalling filesystem info */
1320 void *journal_info;
1321 + /***** TOMOYO Linux start. *****/
1322 + struct domain_info *domain_info;
1323 + u32 tomoyo_flags;
1324 + /***** TOMOYO Linux end. *****/
1325 };
1326
1327 /*
1328 @@ -510,6 +519,10 @@ extern struct exec_domain default_exec_d
1329 blocked: {{0}}, \
1330 alloc_lock: SPIN_LOCK_UNLOCKED, \
1331 journal_info: NULL, \
1332 + /***** TOMOYO Linux start. *****/ \
1333 + domain_info: &KERNEL_DOMAIN, \
1334 + tomoyo_flags: 0 \
1335 + /***** TOMOYO Linux end. *****/ \
1336 }
1337
1338
1339 --- linux-2.4.32.orig/kernel/kmod.c
1340 +++ linux-2.4.32/kernel/kmod.c
1341 @@ -132,6 +132,11 @@ int exec_usermodehelper(char *program_pa
1342 /* Allow execve args to be in kernel space. */
1343 set_fs(KERNEL_DS);
1344
1345 + /***** TOMOYO Linux start. *****/
1346 + current->domain_info = &KERNEL_DOMAIN;
1347 + current->tomoyo_flags = 0;
1348 + /***** TOMOYO Linux end. *****/
1349 +
1350 /* Go, go, go... */
1351 if (execve(program_path, argv, envp) < 0)
1352 return -errno;
1353 --- linux-2.4.32.orig/kernel/module.c
1354 +++ linux-2.4.32/kernel/module.c
1355 @@ -10,6 +10,9 @@
1356 #include <linux/slab.h>
1357 #include <linux/kmod.h>
1358 #include <linux/seq_file.h>
1359 +/***** TOMOYO Linux start. *****/
1360 +#include <linux/tomoyo.h>
1361 +/***** TOMOYO Linux end. *****/
1362
1363 /*
1364 * Originally by Anonymous (as far as I know...)
1365 @@ -298,6 +301,10 @@ sys_create_module(const char *name_user,
1366
1367 if (!capable(CAP_SYS_MODULE))
1368 return -EPERM;
1369 + /***** TOMOYO Linux start. *****/
1370 + if (!ccs_capable(TOMOYO_USE_KERNEL_MODULE))
1371 + return -EPERM;
1372 + /***** TOMOYO Linux end. *****/
1373 lock_kernel();
1374 if ((namelen = get_mod_name(name_user, &name)) < 0) {
1375 error = namelen;
1376 @@ -353,6 +360,10 @@ sys_init_module(const char *name_user, s
1377
1378 if (!capable(CAP_SYS_MODULE))
1379 return -EPERM;
1380 + /***** TOMOYO Linux start. *****/
1381 + if (!ccs_capable(TOMOYO_USE_KERNEL_MODULE))
1382 + return -EPERM;
1383 + /***** TOMOYO Linux end. *****/
1384 lock_kernel();
1385 if ((namelen = get_mod_name(name_user, &name)) < 0) {
1386 error = namelen;
1387 @@ -614,6 +625,10 @@ sys_delete_module(const char *name_user)
1388
1389 if (!capable(CAP_SYS_MODULE))
1390 return -EPERM;
1391 + /***** TOMOYO Linux start. *****/
1392 + if (!ccs_capable(TOMOYO_USE_KERNEL_MODULE))
1393 + return -EPERM;
1394 + /***** TOMOYO Linux end. *****/
1395
1396 lock_kernel();
1397 if (name_user) {
1398 --- linux-2.4.32.orig/kernel/sched.c
1399 +++ linux-2.4.32/kernel/sched.c
1400 @@ -32,6 +32,9 @@
1401
1402 #include <asm/uaccess.h>
1403 #include <asm/mmu_context.h>
1404 +/***** TOMOYO Linux start. *****/
1405 +#include <linux/tomoyo.h>
1406 +/***** TOMOYO Linux end. *****/
1407
1408 extern void timer_bh(void);
1409 extern void tqueue_bh(void);
1410 @@ -899,6 +902,10 @@ void set_cpus_allowed(struct task_struct
1411 asmlinkage long sys_nice(int increment)
1412 {
1413 long newprio;
1414 + /***** TOMOYO Linux start. *****/
1415 + if (!ccs_capable(TOMOYO_SYS_NICE))
1416 + return -EPERM;
1417 + /***** TOMOYO Linux end. *****/
1418
1419 /*
1420 * Setpriority might change our priority at the same moment.
1421 --- linux-2.4.32.orig/kernel/signal.c
1422 +++ linux-2.4.32/kernel/signal.c
1423 @@ -15,6 +15,9 @@
1424 #include <linux/sched.h>
1425
1426 #include <asm/uaccess.h>
1427 +/***** TOMOYO Linux start. *****/
1428 +#include <linux/tomoyo.h>
1429 +/***** TOMOYO Linux end. *****/
1430
1431 /*
1432 * SLAB caches for signal bits.
1433 @@ -1014,6 +1017,12 @@ asmlinkage long
1434 sys_kill(int pid, int sig)
1435 {
1436 struct siginfo info;
1437 + /***** TOMOYO Linux start. *****/
1438 + if (sig && !ccs_capable(TOMOYO_SYS_KILL))
1439 + return -EPERM;
1440 + if (sig && ccs_check_signal_acl(sig, pid))
1441 + return -EPERM;
1442 + /***** TOMOYO Linux end. *****/
1443
1444 info.si_signo = sig;
1445 info.si_errno = 0;
1446 @@ -1038,6 +1047,12 @@ sys_tkill(int pid, int sig)
1447 if (pid <= 0)
1448 return -EINVAL;
1449
1450 + /***** TOMOYO Linux start. *****/
1451 + if (sig && !ccs_capable(TOMOYO_SYS_KILL))
1452 + return -EPERM;
1453 + if (sig && ccs_check_signal_acl(sig, pid))
1454 + return -EPERM;
1455 + /***** TOMOYO Linux end. *****/
1456 info.si_signo = sig;
1457 info.si_errno = 0;
1458 info.si_code = SI_TKILL;
1459 --- linux-2.4.32.orig/kernel/sys.c
1460 +++ linux-2.4.32/kernel/sys.c
1461 @@ -17,6 +17,9 @@
1462
1463 #include <asm/uaccess.h>
1464 #include <asm/io.h>
1465 +/***** TOMOYO Linux start. *****/
1466 +#include <linux/tomoyo.h>
1467 +/***** TOMOYO Linux end. *****/
1468
1469 #ifndef SET_UNALIGN_CTL
1470 # define SET_UNALIGN_CTL(a,b) (-EINVAL)
1471 @@ -220,6 +223,10 @@ asmlinkage long sys_setpriority(int whic
1472
1473 if (which > 2 || which < 0)
1474 return -EINVAL;
1475 + /***** TOMOYO Linux start. *****/
1476 + if (!ccs_capable(TOMOYO_SYS_NICE))
1477 + return -EPERM;
1478 + /***** TOMOYO Linux end. *****/
1479
1480 /* normalize: avoid signed division (rounding problems) */
1481 error = -ESRCH;
1482 @@ -299,6 +306,10 @@ asmlinkage long sys_reboot(int magic1, i
1483 (magic2 != LINUX_REBOOT_MAGIC2 && magic2 != LINUX_REBOOT_MAGIC2A &&
1484 magic2 != LINUX_REBOOT_MAGIC2B))
1485 return -EINVAL;
1486 + /***** TOMOYO Linux start. *****/
1487 + if (!ccs_capable(TOMOYO_SYS_REBOOT))
1488 + return -EPERM;
1489 + /***** TOMOYO Linux end. *****/
1490
1491 lock_kernel();
1492 switch (cmd) {
1493 @@ -1042,6 +1053,10 @@ asmlinkage long sys_sethostname(char *na
1494 return -EPERM;
1495 if (len < 0 || len > __NEW_UTS_LEN)
1496 return -EINVAL;
1497 + /***** TOMOYO Linux start. *****/
1498 + if (!ccs_capable(TOMOYO_SYS_SETHOSTNAME))
1499 + return -EPERM;
1500 + /***** TOMOYO Linux end. *****/
1501 down_write(&uts_sem);
1502 errno = -EFAULT;
1503 if (!copy_from_user(tmp, name, len)) {
1504 @@ -1083,6 +1098,10 @@ asmlinkage long sys_setdomainname(char *
1505 return -EPERM;
1506 if (len < 0 || len > __NEW_UTS_LEN)
1507 return -EINVAL;
1508 + /***** TOMOYO Linux start. *****/
1509 + if (!ccs_capable(TOMOYO_SYS_SETHOSTNAME))
1510 + return -EPERM;
1511 + /***** TOMOYO Linux end. *****/
1512
1513 down_write(&uts_sem);
1514 errno = -EFAULT;
1515 --- linux-2.4.32.orig/kernel/sysctl.c
1516 +++ linux-2.4.32/kernel/sysctl.c
1517 @@ -33,6 +33,9 @@
1518 #include <linux/swap.h>
1519
1520 #include <asm/uaccess.h>
1521 +/***** TOMOYO Linux start. *****/
1522 +#include <linux/tomoyo.h>
1523 +/***** TOMOYO Linux end. *****/
1524
1525 #ifdef CONFIG_ROOT_NFS
1526 #include <linux/nfs_fs.h>
1527 @@ -368,6 +371,100 @@ void __init sysctl_init(void)
1528 #endif
1529 }
1530
1531 +/***** TOMOYO Linux start. *****/
1532 +static int try_parse_table(int __user *name, int nlen, void __user *oldval,
1533 + void __user *newval, ctl_table *table)
1534 +{
1535 + int n;
1536 + int error = -ENOMEM;
1537 + int op = 0;
1538 + char *buffer = kmalloc(PAGE_SIZE, GFP_KERNEL);
1539 + if (oldval)
1540 + op |= 004;
1541 + if (newval)
1542 + op |= 002;
1543 + if (!op) { /* Neither read nor write */
1544 + error = 0;
1545 + goto out;
1546 + }
1547 + if (!buffer)
1548 + goto out;
1549 + memset(buffer, 0, PAGE_SIZE);
1550 + snprintf(buffer, PAGE_SIZE - 1, "/proc/sys");
1551 + repeat:
1552 + if (!nlen) {
1553 + error = -ENOTDIR;
1554 + goto out;
1555 + }
1556 + if (get_user(n, name)) {
1557 + error = -EFAULT;
1558 + goto out;
1559 + }
1560 + for ( ; table->ctl_name; table++) {
1561 + if (n == table->ctl_name || table->ctl_name == CTL_ANY) {
1562 + int pos = strlen(buffer);
1563 + const char *cp = table->procname;
1564 + error = -ENOMEM;
1565 + if (cp) {
1566 + if (pos + 1 >= PAGE_SIZE - 1)
1567 + goto out;
1568 + buffer[pos++] = '/';
1569 + while (*cp) {
1570 + const unsigned char c
1571 + = *(const unsigned char *) cp;
1572 + if (c == '\\') {
1573 + if (pos + 2 >= PAGE_SIZE - 1)
1574 + goto out;
1575 + buffer[pos++] = '\\';
1576 + buffer[pos++] = '\\';
1577 + } else if (c > ' ' && c < 127) {
1578 + if (pos + 1 >= PAGE_SIZE - 1)
1579 + goto out;
1580 + buffer[pos++] = c;
1581 + } else {
1582 + if (pos + 4 >= PAGE_SIZE - 1)
1583 + goto out;
1584 + buffer[pos++] = '\\';
1585 + buffer[pos++] = (c >> 6) + '0';
1586 + buffer[pos++] = ((c >> 3) & 7)
1587 + + '0';
1588 + buffer[pos++] = (c & 7) + '0';
1589 + }
1590 + cp++;
1591 + }
1592 + } else {
1593 + /* Assume nobody assigns "=\$=" for procname. */
1594 + snprintf(buffer + pos, PAGE_SIZE - pos - 1,
1595 + "/=%d=", table->ctl_name);
1596 + if (!memchr(buffer, '\0', PAGE_SIZE - 2))
1597 + goto out;
1598 + }
1599 + if (table->child) {
1600 + if (table->strategy) {
1601 + /* printk("sysctl='%s'\n", buffer); */
1602 + if (ccs_check_file_perm(buffer, op,
1603 + "sysctl")) {
1604 + error = -EPERM;
1605 + goto out;
1606 + }
1607 + }
1608 + name++;
1609 + nlen--;
1610 + table = table->child;
1611 + goto repeat;
1612 + }
1613 + /* printk("sysctl='%s'\n", buffer); */
1614 + error = ccs_check_file_perm(buffer, op, "sysctl");
1615 + goto out;
1616 + }
1617 + }
1618 + error = -ENOTDIR;
1619 + out:
1620 + kfree(buffer);
1621 + return error;
1622 +}
1623 +/***** TOMOYO Linux end. *****/
1624 +
1625 int do_sysctl(int *name, int nlen, void *oldval, size_t *oldlenp,
1626 void *newval, size_t newlen)
1627 {
1628 @@ -388,7 +485,13 @@ int do_sysctl(int *name, int nlen, void
1629 struct ctl_table_header *head =
1630 list_entry(tmp, struct ctl_table_header, ctl_entry);
1631 void *context = NULL;
1632 - int error = parse_table(name, nlen, oldval, oldlenp,
1633 + int error;
1634 + /***** TOMOYO Linux start. *****/
1635 + error = try_parse_table(name, nlen, oldval, newval,
1636 + head->ctl_table);
1637 + if (!error)
1638 + /***** TOMOYO Linux end. *****/
1639 + error = parse_table(name, nlen, oldval, oldlenp,
1640 newval, newlen, head->ctl_table,
1641 &context);
1642 if (context)
1643 @@ -454,6 +557,15 @@ repeat:
1644 if (ctl_perm(table, 001))
1645 return -EPERM;
1646 if (table->strategy) {
1647 + /***** TOMOYO Linux start. *****/
1648 + int op = 0;
1649 + if (oldval)
1650 + op |= 004;
1651 + if (newval)
1652 + op |= 002;
1653 + if (ctl_perm(table, op))
1654 + return -EPERM;
1655 + /***** TOMOYO Linux end. *****/
1656 error = table->strategy(
1657 table, name, nlen,
1658 oldval, oldlenp,
1659 @@ -1375,7 +1487,7 @@ int sysctl_string(ctl_table *table, int
1660 len--;
1661 ((char *) table->data)[len] = 0;
1662 }
1663 - return 0;
1664 + return 1;
1665 }
1666
1667 /*
1668 --- linux-2.4.32.orig/kernel/time.c
1669 +++ linux-2.4.32/kernel/time.c
1670 @@ -29,6 +29,9 @@
1671 #include <linux/smp_lock.h>
1672
1673 #include <asm/uaccess.h>
1674 +/***** TOMOYO Linux start. *****/
1675 +#include <linux/tomoyo.h>
1676 +/***** TOMOYO Linux end. *****/
1677
1678 /*
1679 * The timezone where the local system is located. Used as a default by some
1680 @@ -77,6 +80,10 @@ asmlinkage long sys_stime(int * tptr)
1681
1682 if (!capable(CAP_SYS_TIME))
1683 return -EPERM;
1684 + /***** TOMOYO Linux start. *****/
1685 + if (!ccs_capable(TOMOYO_SYS_SETTIME))
1686 + return -EPERM;
1687 + /***** TOMOYO Linux end. *****/
1688 if (get_user(value, tptr))
1689 return -EFAULT;
1690 write_lock_irq(&xtime_lock);
1691 @@ -151,6 +158,10 @@ int do_sys_settimeofday(struct timeval *
1692
1693 if (!capable(CAP_SYS_TIME))
1694 return -EPERM;
1695 + /***** TOMOYO Linux start. *****/
1696 + if (!ccs_capable(TOMOYO_SYS_SETTIME))
1697 + return -EPERM;
1698 + /***** TOMOYO Linux end. *****/
1699
1700 if (tz) {
1701 /* SMP safe, global irq locking makes it work. */
1702 @@ -217,6 +228,10 @@ int do_adjtimex(struct timex *txc)
1703 /* In order to modify anything, you gotta be super-user! */
1704 if (txc->modes && !capable(CAP_SYS_TIME))
1705 return -EPERM;
1706 + /***** TOMOYO Linux start. *****/
1707 + if (txc->modes && !ccs_capable(TOMOYO_SYS_SETTIME))
1708 + return -EPERM;
1709 + /***** TOMOYO Linux end. *****/
1710
1711 /* Now we validate the data before disabling interrupts */
1712
1713 --- linux-2.4.32.orig/net/core/datagram.c
1714 +++ linux-2.4.32/net/core/datagram.c
1715 @@ -43,6 +43,10 @@
1716 #include <net/sock.h>
1717 #include <net/checksum.h>
1718
1719 +/***** TOMOYO Linux start. *****/
1720 +#include <linux/tomoyo.h>
1721 +#include <linux/tomoyo_socket.h>
1722 +/***** TOMOYO Linux end. *****/
1723
1724 /*
1725 * Is a socket 'connection oriented' ?
1726 @@ -164,6 +168,12 @@ struct sk_buff *skb_recv_datagram(struct
1727 } else
1728 skb = skb_dequeue(&sk->receive_queue);
1729
1730 + /***** TOMOYO Linux start. *****/
1731 + error = ccs_socket_recv_datagram_permission(sk, skb, flags);
1732 + if (error)
1733 + goto no_packet;
1734 + /***** TOMOYO Linux end. *****/
1735 +
1736 if (skb)
1737 return skb;
1738
1739 --- linux-2.4.32.orig/net/ipv4/tcp_ipv4.c
1740 +++ linux-2.4.32/net/ipv4/tcp_ipv4.c
1741 @@ -67,6 +67,9 @@
1742 #include <linux/inet.h>
1743 #include <linux/stddef.h>
1744 #include <linux/ipsec.h>
1745 +/***** SAKURA Linux start. *****/
1746 +#include <linux/sakura.h>
1747 +/***** SAKURA Linux end. *****/
1748
1749 extern int sysctl_ip_dynaddr;
1750 extern int sysctl_ip_default_ttl;
1751 @@ -228,6 +231,10 @@ static int tcp_v4_get_port(struct sock *
1752 rover = low;
1753 head = &tcp_bhash[tcp_bhashfn(rover)];
1754 spin_lock(&head->lock);
1755 + /***** SAKURA Linux start. *****/
1756 + if (ccs_may_autobind(rover))
1757 + goto next;
1758 + /***** SAKURA Linux end. *****/
1759 for (tb = head->chain; tb; tb = tb->next)
1760 if (tb->port == rover)
1761 goto next;
1762 @@ -688,6 +695,10 @@ static int tcp_v4_hash_connect(struct so
1763 rover = low;
1764 head = &tcp_bhash[tcp_bhashfn(rover)];
1765 spin_lock(&head->lock);
1766 + /***** SAKURA Linux start. *****/
1767 + if (ccs_may_autobind(rover))
1768 + goto next_port;
1769 + /***** SAKURA Linux end. *****/
1770
1771 /* Does not bother with rcv_saddr checks,
1772 * because the established check is already
1773 --- linux-2.4.32.orig/net/ipv4/udp.c
1774 +++ linux-2.4.32/net/ipv4/udp.c
1775 @@ -97,6 +97,9 @@
1776 #include <net/route.h>
1777 #include <net/inet_common.h>
1778 #include <net/checksum.h>
1779 +/***** SAKURA Linux start. *****/
1780 +#include <linux/sakura.h>
1781 +/***** SAKURA Linux end. *****/
1782
1783 /*
1784 * Snmp MIB for the UDP layer
1785 @@ -131,6 +134,10 @@ static int udp_v4_get_port(struct sock *
1786 result = sysctl_local_port_range[0] +
1787 ((result - sysctl_local_port_range[0]) &
1788 (UDP_HTABLE_SIZE - 1));
1789 + /***** SAKURA Linux start. *****/
1790 + if (ccs_may_autobind(result))
1791 + continue;
1792 + /***** SAKURA Linux end. *****/
1793 goto gotit;
1794 }
1795 size = 0;
1796 @@ -148,6 +155,10 @@ static int udp_v4_get_port(struct sock *
1797 result = sysctl_local_port_range[0]
1798 + ((result - sysctl_local_port_range[0]) &
1799 (UDP_HTABLE_SIZE - 1));
1800 + /***** SAKURA Linux start. *****/
1801 + if (ccs_may_autobind(result))
1802 + continue;
1803 + /***** SAKURA Linux end. *****/
1804 if (!udp_lport_inuse(result))
1805 break;
1806 }
1807 --- linux-2.4.32.orig/net/ipv6/tcp_ipv6.c
1808 +++ linux-2.4.32/net/ipv6/tcp_ipv6.c
1809 @@ -52,6 +52,9 @@
1810 #include <net/inet_ecn.h>
1811
1812 #include <asm/uaccess.h>
1813 +/***** SAKURA Linux start. *****/
1814 +#include <linux/sakura.h>
1815 +/***** SAKURA Linux end. *****/
1816
1817 static void tcp_v6_send_reset(struct sk_buff *skb);
1818 static void tcp_v6_or_send_ack(struct sk_buff *skb, struct open_request *req);
1819 @@ -110,6 +113,10 @@ static int tcp_v6_get_port(struct sock *
1820 rover = low;
1821 head = &tcp_bhash[tcp_bhashfn(rover)];
1822 spin_lock(&head->lock);
1823 + /***** SAKURA Linux start. *****/
1824 + if (ccs_may_autobind(rover))
1825 + goto next;
1826 + /***** SAKURA Linux end. *****/
1827 for (tb = head->chain; tb; tb = tb->next)
1828 if (tb->port == rover)
1829 goto next;
1830 --- linux-2.4.32.orig/net/ipv6/udp.c
1831 +++ linux-2.4.32/net/ipv6/udp.c
1832 @@ -50,6 +50,9 @@
1833 #include <net/inet_common.h>
1834
1835 #include <net/checksum.h>
1836 +/***** SAKURA Linux start. *****/
1837 +#include <linux/sakura.h>
1838 +/***** SAKURA Linux end. *****/
1839
1840 struct udp_mib udp_stats_in6[NR_CPUS*2];
1841
1842 @@ -77,6 +80,10 @@ static int udp_v6_get_port(struct sock *
1843 result = sysctl_local_port_range[0] +
1844 ((result - sysctl_local_port_range[0]) &
1845 (UDP_HTABLE_SIZE - 1));
1846 + /***** SAKURA Linux start. *****/
1847 + if (ccs_may_autobind(result))
1848 + continue;
1849 + /***** SAKURA Linux end. *****/
1850 goto gotit;
1851 }
1852 size = 0;
1853 @@ -94,6 +101,10 @@ static int udp_v6_get_port(struct sock *
1854 result = sysctl_local_port_range[0]
1855 + ((result - sysctl_local_port_range[0]) &
1856 (UDP_HTABLE_SIZE - 1));
1857 + /***** SAKURA Linux start. *****/
1858 + if (ccs_may_autobind(result))
1859 + continue;
1860 + /***** SAKURA Linux end. *****/
1861 if (!udp_lport_inuse(result))
1862 break;
1863 }
1864 --- linux-2.4.32.orig/net/socket.c
1865 +++ linux-2.4.32/net/socket.c
1866 @@ -84,6 +84,10 @@
1867 #include <net/sock.h>
1868 #include <net/scm.h>
1869 #include <linux/netfilter.h>
1870 +/***** TOMOYO Linux start. *****/
1871 +#include <linux/tomoyo.h>
1872 +#include <linux/tomoyo_socket.h>
1873 +/***** TOMOYO Linux end. *****/
1874
1875 static int sock_no_open(struct inode *irrelevant, struct file *dontcare);
1876 static ssize_t sock_read(struct file *file, char *buf,
1877 @@ -501,7 +505,12 @@ int sock_sendmsg(struct socket *sock, st
1878 {
1879 int err;
1880 struct scm_cookie scm;
1881 -
1882 + /***** TOMOYO Linux start. *****/
1883 + err = ccs_socket_sendmsg_permission(sock,
1884 + (struct sockaddr *) msg->msg_name,
1885 + msg->msg_namelen);
1886 + if (!err)
1887 + /***** TOMOYO Linux end. *****/
1888 err = scm_send(sock, msg, &scm);
1889 if (err >= 0) {
1890 err = sock->ops->sendmsg(sock, msg, size, &scm);
1891 @@ -847,7 +856,11 @@ int sock_create(int family, int type, in
1892 }
1893 family = PF_PACKET;
1894 }
1895 -
1896 + /***** TOMOYO Linux start. *****/
1897 + i = ccs_socket_create_permission(family, type, protocol);
1898 + if (i)
1899 + return i;
1900 + /***** TOMOYO Linux end. *****/
1901 #if defined(CONFIG_KMOD) && defined(CONFIG_NET)
1902 /* Attempt to load a protocol module if the find failed.
1903 *
1904 @@ -1003,6 +1016,12 @@ asmlinkage long sys_bind(int fd, struct
1905 if((sock = sockfd_lookup(fd,&err))!=NULL)
1906 {
1907 if((err=move_addr_to_kernel(umyaddr,addrlen,address))>=0)
1908 + /***** TOMOYO Linux start. *****/
1909 + err = ccs_socket_bind_permission(sock,
1910 + (struct sockaddr *)
1911 + address, addrlen);
1912 + if (!err)
1913 + /***** TOMOYO Linux end. *****/
1914 err = sock->ops->bind(sock, (struct sockaddr *)address, addrlen);
1915 sockfd_put(sock);
1916 }
1917 @@ -1026,6 +1045,10 @@ asmlinkage long sys_listen(int fd, int b
1918 if ((sock = sockfd_lookup(fd, &err)) != NULL) {
1919 if ((unsigned) backlog > sysctl_somaxconn)
1920 backlog = sysctl_somaxconn;
1921 + /***** TOMOYO Linux start. *****/
1922 + err = ccs_socket_listen_permission(sock);
1923 + if (!err)
1924 + /***** TOMOYO Linux end. *****/
1925 err=sock->ops->listen(sock, backlog);
1926 sockfd_put(sock);
1927 }
1928 @@ -1066,6 +1089,13 @@ asmlinkage long sys_accept(int fd, struc
1929 if (err < 0)
1930 goto out_release;
1931
1932 + /***** TOMOYO Linux start. *****/
1933 + if (ccs_socket_accept_permission(newsock,
1934 + (struct sockaddr *) address)) {
1935 + err = -ECONNABORTED; /* Hope less harmful than -EPERM. */
1936 + goto out_release;
1937 + }
1938 + /***** TOMOYO Linux end. *****/
1939 if (upeer_sockaddr) {
1940 if(newsock->ops->getname(newsock, (struct sockaddr *)address, &len, 2)<0) {
1941 err = -ECONNABORTED;
1942 @@ -1116,6 +1146,12 @@ asmlinkage long sys_connect(int fd, stru
1943 err = move_addr_to_kernel(uservaddr, addrlen, address);
1944 if (err < 0)
1945 goto out_put;
1946 + /***** TOMOYO Linux start. *****/
1947 + err = ccs_socket_connect_permission(sock, (struct sockaddr *) address,
1948 + addrlen);
1949 + if (err)
1950 + goto out_put;
1951 + /***** TOMOYO Linux end. *****/
1952 err = sock->ops->connect(sock, (struct sockaddr *) address, addrlen,
1953 sock->file->f_flags);
1954 out_put:
1955 --- linux-2.4.32.orig/net/unix/af_unix.c
1956 +++ linux-2.4.32/net/unix/af_unix.c
1957 @@ -111,6 +111,9 @@
1958 #include <linux/rtnetlink.h>
1959
1960 #include <asm/checksum.h>
1961 +/***** TOMOYO Linux start. *****/
1962 +#include <linux/tomoyo.h>
1963 +/***** TOMOYO Linux end. *****/
1964
1965 int sysctl_unix_max_dgram_qlen = 10;
1966
1967 @@ -645,6 +648,11 @@ static int unix_bind(struct socket *sock
1968 err = unix_autobind(sock);
1969 goto out;
1970 }
1971 + /***** TOMOYO Linux start. *****/
1972 + err = -EPERM;
1973 + if (sunaddr->sun_path[0] && !ccs_capable(TOMOYO_CREATE_UNIX_SOCKET))
1974 + goto out;
1975 + /***** TOMOYO Linux end. *****/
1976
1977 err = unix_mkname(sunaddr, addr_len, &hash);
1978 if (err < 0)
1979 @@ -709,6 +717,13 @@ static int unix_bind(struct socket *sock
1980 * All right, let's create it.
1981 */
1982 mode = S_IFSOCK | (sock->inode->i_mode & ~current->fs->umask);
1983 + /***** TOMOYO Linux start. *****/
1984 + err = pre_vfs_mknod(nd.dentry->d_inode, dentry);
1985 + if (!err)
1986 + err = ccs_check_1path_perm(TYPE_MKSOCK_ACL, dentry,
1987 + nd.mnt);
1988 + if (!err)
1989 + /***** TOMOYO Linux end. *****/
1990 err = vfs_mknod(nd.dentry->d_inode, dentry, mode, 0);
1991 if (err)
1992 goto out_mknod_dput;
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
Über OSDN
Software suchen
Entwickeln Software
Hilfeseiten