Open-Source-Software-Entwicklung und Downloads

TOMOYO

Browse Subversion Repository

/[tomoyo]/trunk/1.5.x/ccs-patch/patches/ccs-patch-2.6.24-ubuntu-8.04.diff

Contents of /trunk/1.5.x/ccs-patch/patches/ccs-patch-2.6.24-ubuntu-8.04.diff

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1498 - (show annotations) (download) (as text)
Fri Aug 29 12:08:57 2008 UTC (15 years, 9 months ago) by kumaneko
File MIME type: text/x-diff
File size: 49189 byte(s) 
1.5.5-rc/1.6.4-rc
1 This is TOMOYO Linux patch for Ubuntu 8.04.
2
3 Source code for this patch is "apt-get install linux-source-2.6.24"
4 ---
5 arch/ia64/ia32/sys_ia32.c | 9 +++
6 arch/ia64/kernel/ptrace.c | 9 +++
7 arch/mips/kernel/ptrace32.c | 9 +++
8 arch/powerpc/kernel/ptrace32.c | 9 +++
9 arch/s390/kernel/ptrace.c | 9 +++
10 arch/sh64/kernel/ptrace.c | 9 +++
11 arch/sparc/kernel/ptrace.c | 11 +++
12 arch/sparc64/kernel/ptrace.c | 11 +++
13 arch/x86/ia32/ptrace32.c | 9 +++
14 fs/Kconfig | 2
15 fs/Makefile | 2
16 fs/attr.c | 19 ++++++
17 fs/compat.c | 5 +
18 fs/compat_ioctl.c | 9 +++
19 fs/exec.c | 20 ++++++-
20 fs/fcntl.c | 9 +++
21 fs/ioctl.c | 7 ++
22 fs/namei.c | 112 ++++++++++++++++++++++++++++++++++++++++
23 fs/namespace.c | 49 +++++++++++++++++
24 fs/open.c | 28 ++++++++++
25 fs/proc/Makefile | 3 +
26 fs/proc/proc_misc.c | 5 +
27 include/linux/init_task.h | 4 +
28 include/linux/sched.h | 9 +++
29 kernel/compat.c | 7 ++
30 kernel/kexec.c | 7 ++
31 kernel/kmod.c | 5 +
32 kernel/module.c | 11 +++
33 kernel/ptrace.c | 9 +++
34 kernel/sched.c | 7 ++
35 kernel/signal.c | 21 +++++++
36 kernel/sys.c | 21 +++++++
37 kernel/sysctl.c | 95 +++++++++++++++++++++++++++++++++
38 kernel/time.c | 11 +++
39 kernel/time/ntp.c | 7 ++
40 net/core/datagram.c | 11 +++
41 net/ipv4/inet_connection_sock.c | 7 ++
42 net/ipv4/inet_hashtables.c | 7 ++
43 net/ipv4/udp.c | 10 +++
44 net/ipv6/inet6_hashtables.c | 7 ++
45 net/socket.c | 41 ++++++++++++++
46 net/unix/af_unix.c | 15 +++++
47 42 files changed, 665 insertions(+), 2 deletions(-)
48
49 --- linux-2.6.24-19.41.orig/arch/ia64/ia32/sys_ia32.c
50 +++ linux-2.6.24-19.41/arch/ia64/ia32/sys_ia32.c
51 @@ -55,6 +55,9 @@
52 #include <asm/types.h>
53 #include <asm/uaccess.h>
54 #include <asm/unistd.h>
55 +/***** TOMOYO Linux start. *****/
56 +#include <linux/tomoyo.h>
57 +/***** TOMOYO Linux end. *****/
58
59 #include "ia32priv.h"
60
61 @@ -1758,6 +1761,12 @@ sys32_ptrace (int request, pid_t pid, un
62 struct task_struct *child;
63 unsigned int value, tmp;
64 long i, ret;
65 + /***** TOMOYO Linux start. *****/
66 +#ifdef TOMOYO_SYS_PTRACE
67 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
68 + return -EPERM;
69 +#endif
70 + /***** TOMOYO Linux end. *****/
71
72 lock_kernel();
73 if (request == PTRACE_TRACEME) {
74 --- linux-2.6.24-19.41.orig/arch/ia64/kernel/ptrace.c
75 +++ linux-2.6.24-19.41/arch/ia64/kernel/ptrace.c
76 @@ -28,6 +28,9 @@
77 #ifdef CONFIG_PERFMON
78 #include <asm/perfmon.h>
79 #endif
80 +/***** TOMOYO Linux start. *****/
81 +#include <linux/tomoyo.h>
82 +/***** TOMOYO Linux end. *****/
83
84 #include "entry.h"
85
86 @@ -1422,6 +1425,12 @@ sys_ptrace (long request, pid_t pid, uns
87 struct task_struct *child;
88 struct switch_stack *sw;
89 long ret;
90 + /***** TOMOYO Linux start. *****/
91 +#ifdef TOMOYO_SYS_PTRACE
92 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
93 + return -EPERM;
94 +#endif
95 + /***** TOMOYO Linux end. *****/
96
97 lock_kernel();
98 ret = -EPERM;
99 --- linux-2.6.24-19.41.orig/arch/mips/kernel/ptrace32.c
100 +++ linux-2.6.24-19.41/arch/mips/kernel/ptrace32.c
101 @@ -35,6 +35,9 @@
102 #include <asm/system.h>
103 #include <asm/uaccess.h>
104 #include <asm/bootinfo.h>
105 +/***** TOMOYO Linux start. *****/
106 +#include <linux/tomoyo.h>
107 +/***** TOMOYO Linux end. *****/
108
109 int ptrace_getregs(struct task_struct *child, __s64 __user *data);
110 int ptrace_setregs(struct task_struct *child, __s64 __user *data);
111 @@ -50,6 +53,12 @@ asmlinkage int sys32_ptrace(int request,
112 {
113 struct task_struct *child;
114 int ret;
115 + /***** TOMOYO Linux start. *****/
116 +#ifdef TOMOYO_SYS_PTRACE
117 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
118 + return -EPERM;
119 +#endif
120 + /***** TOMOYO Linux end. *****/
121
122 #if 0
123 printk("ptrace(r=%d,pid=%d,addr=%08lx,data=%08lx)\n",
124 --- linux-2.6.24-19.41.orig/arch/powerpc/kernel/ptrace32.c
125 +++ linux-2.6.24-19.41/arch/powerpc/kernel/ptrace32.c
126 @@ -32,6 +32,9 @@
127 #include <asm/page.h>
128 #include <asm/pgtable.h>
129 #include <asm/system.h>
130 +/***** TOMOYO Linux start. *****/
131 +#include <linux/tomoyo.h>
132 +/***** TOMOYO Linux end. *****/
133
134 /*
135 * does not yet catch signals sent when the child dies.
136 @@ -89,6 +92,12 @@ long compat_sys_ptrace(int request, int
137 {
138 struct task_struct *child;
139 int ret;
140 + /***** TOMOYO Linux start. *****/
141 +#ifdef TOMOYO_SYS_PTRACE
142 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
143 + return -EPERM;
144 +#endif
145 + /***** TOMOYO Linux end. *****/
146
147 lock_kernel();
148 if (request == PTRACE_TRACEME) {
149 --- linux-2.6.24-19.41.orig/arch/s390/kernel/ptrace.c
150 +++ linux-2.6.24-19.41/arch/s390/kernel/ptrace.c
151 @@ -41,6 +41,9 @@
152 #include <asm/system.h>
153 #include <asm/uaccess.h>
154 #include <asm/unistd.h>
155 +/***** TOMOYO Linux start. *****/
156 +#include <linux/tomoyo.h>
157 +/***** TOMOYO Linux end. *****/
158
159 #ifdef CONFIG_COMPAT
160 #include "compat_ptrace.h"
161 @@ -701,6 +704,12 @@ sys_ptrace(long request, long pid, long
162 struct task_struct *child;
163 int ret;
164
165 + /***** TOMOYO Linux start. *****/
166 +#ifdef TOMOYO_SYS_PTRACE
167 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
168 + return -EPERM;
169 +#endif
170 + /***** TOMOYO Linux end. *****/
171 lock_kernel();
172 if (request == PTRACE_TRACEME) {
173 ret = ptrace_traceme();
174 --- linux-2.6.24-19.41.orig/arch/sh64/kernel/ptrace.c
175 +++ linux-2.6.24-19.41/arch/sh64/kernel/ptrace.c
176 @@ -35,6 +35,9 @@
177 #include <asm/system.h>
178 #include <asm/processor.h>
179 #include <asm/mmu_context.h>
180 +/***** TOMOYO Linux start. *****/
181 +#include <linux/tomoyo.h>
182 +/***** TOMOYO Linux end. *****/
183
184 /* This mask defines the bits of the SR which the user is not allowed to
185 change, which are everything except S, Q, M, PR, SZ, FR. */
186 @@ -256,6 +259,12 @@ asmlinkage int sh64_ptrace(long request,
187 extern void poke_real_address_q(unsigned long long addr, unsigned long long data);
188 #define WPC_DBRMODE 0x0d104008
189 static int first_call = 1;
190 + /***** TOMOYO Linux start. *****/
191 +#ifdef TOMOYO_SYS_PTRACE
192 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
193 + return -EPERM;
194 +#endif
195 + /***** TOMOYO Linux end. *****/
196
197 lock_kernel();
198 if (first_call) {
199 --- linux-2.6.24-19.41.orig/arch/sparc/kernel/ptrace.c
200 +++ linux-2.6.24-19.41/arch/sparc/kernel/ptrace.c
201 @@ -23,6 +23,9 @@
202 #include <asm/pgtable.h>
203 #include <asm/system.h>
204 #include <asm/uaccess.h>
205 +/***** TOMOYO Linux start. *****/
206 +#include <linux/tomoyo.h>
207 +/***** TOMOYO Linux end. *****/
208
209 #define MAGIC_CONSTANT 0x80000000
210
211 @@ -267,6 +270,14 @@ asmlinkage void do_ptrace(struct pt_regs
212 unsigned long addr2 = regs->u_regs[UREG_I4];
213 struct task_struct *child;
214 int ret;
215 + /***** TOMOYO Linux start. *****/
216 +#ifdef TOMOYO_SYS_PTRACE
217 + if (!ccs_capable(TOMOYO_SYS_PTRACE)) {
218 + pt_error_return(regs, EPERM);
219 + return;
220 + }
221 +#endif
222 + /***** TOMOYO Linux end. *****/
223
224 lock_kernel();
225 #ifdef DEBUG_PTRACE
226 --- linux-2.6.24-19.41.orig/arch/sparc64/kernel/ptrace.c
227 +++ linux-2.6.24-19.41/arch/sparc64/kernel/ptrace.c
228 @@ -32,6 +32,9 @@
229 #include <asm/spitfire.h>
230 #include <asm/page.h>
231 #include <asm/cpudata.h>
232 +/***** TOMOYO Linux start. *****/
233 +#include <linux/tomoyo.h>
234 +/***** TOMOYO Linux end. *****/
235
236 /* Returning from ptrace is a bit tricky because the syscall return
237 * low level code assumes any value returned which is negative and
238 @@ -176,6 +179,14 @@ asmlinkage void do_ptrace(struct pt_regs
239 unsigned long addr2 = regs->u_regs[UREG_I4];
240 struct task_struct *child;
241 int ret;
242 + /***** TOMOYO Linux start. *****/
243 +#ifdef TOMOYO_SYS_PTRACE
244 + if (!ccs_capable(TOMOYO_SYS_PTRACE)) {
245 + pt_error_return(regs, EPERM);
246 + return;
247 + }
248 +#endif
249 + /***** TOMOYO Linux end. *****/
250
251 if (test_thread_flag(TIF_32BIT)) {
252 addr &= 0xffffffffUL;
253 --- linux-2.6.24-19.41.orig/arch/x86/ia32/ptrace32.c
254 +++ linux-2.6.24-19.41/arch/x86/ia32/ptrace32.c
255 @@ -27,6 +27,9 @@
256 #include <asm/i387.h>
257 #include <asm/fpu32.h>
258 #include <asm/ia32.h>
259 +/***** TOMOYO Linux start. *****/
260 +#include <linux/tomoyo.h>
261 +/***** TOMOYO Linux end. *****/
262
263 /*
264 * Determines which flags the user has access to [1 = access, 0 = no access].
265 @@ -235,6 +238,12 @@ asmlinkage long sys32_ptrace(long reques
266 void __user *datap = compat_ptr(data);
267 int ret;
268 __u32 val;
269 + /***** TOMOYO Linux start. *****/
270 +#ifdef TOMOYO_SYS_PTRACE
271 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
272 + return -EPERM;
273 +#endif
274 + /***** TOMOYO Linux end. *****/
275
276 switch (request) {
277 case PTRACE_TRACEME:
278 --- linux-2.6.24-19.41.orig/fs/Kconfig
279 +++ linux-2.6.24-19.41/fs/Kconfig
280 @@ -2152,5 +2152,7 @@ endif
281 source "fs/nls/Kconfig"
282 source "fs/dlm/Kconfig"
283
284 +source "fs/Kconfig.ccs"
285 +
286 endmenu
287
288 --- linux-2.6.24-19.41.orig/fs/Makefile
289 +++ linux-2.6.24-19.41/fs/Makefile
290 @@ -118,3 +118,5 @@ obj-$(CONFIG_HPPFS) += hppfs/
291 obj-$(CONFIG_DEBUG_FS) += debugfs/
292 obj-$(CONFIG_OCFS2_FS) += ocfs2/
293 obj-$(CONFIG_GFS2_FS) += gfs2/
294 +
295 +include $(srctree)/fs/Makefile-2.6.ccs
296 --- linux-2.6.24-19.41.orig/fs/attr.c
297 +++ linux-2.6.24-19.41/fs/attr.c
298 @@ -14,6 +14,9 @@
299 #include <linux/fcntl.h>
300 #include <linux/quotaops.h>
301 #include <linux/security.h>
302 +/***** TOMOYO Linux start. *****/
303 +#include <linux/tomoyo.h>
304 +/***** TOMOYO Linux end. *****/
305
306 /* Taken over from the old code... */
307
308 @@ -160,6 +163,14 @@ int fnotify_change(struct dentry *dentry
309
310 if (inode->i_op && inode->i_op->setattr) {
311 error = security_inode_setattr(dentry, mnt, attr);
312 + /***** TOMOYO Linux start. *****/
313 + if (!error && (ia_valid & ATTR_MODE) &&
314 + !ccs_capable(TOMOYO_SYS_CHMOD))
315 + error = -EPERM;
316 + if (!error && (ia_valid & (ATTR_UID | ATTR_GID)) &&
317 + !ccs_capable(TOMOYO_SYS_CHOWN))
318 + error = -EPERM;
319 + /***** TOMOYO Linux end. *****/
320 if (!error) {
321 if (file && file->f_op && file->f_op->fsetattr)
322 error = file->f_op->fsetattr(file, attr);
323 @@ -170,6 +181,14 @@ int fnotify_change(struct dentry *dentry
324 error = inode_change_ok(inode, attr);
325 if (!error)
326 error = security_inode_setattr(dentry, mnt, attr);
327 + /***** TOMOYO Linux start. *****/
328 + if (!error && (ia_valid & ATTR_MODE) &&
329 + !ccs_capable(TOMOYO_SYS_CHMOD))
330 + error = -EPERM;
331 + if (!error && (ia_valid & (ATTR_UID | ATTR_GID)) &&
332 + !ccs_capable(TOMOYO_SYS_CHOWN))
333 + error = -EPERM;
334 + /***** TOMOYO Linux end. *****/
335 if (!error) {
336 if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) ||
337 (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid))
338 --- linux-2.6.24-19.41.orig/fs/compat.c
339 +++ linux-2.6.24-19.41/fs/compat.c
340 @@ -55,6 +55,9 @@
341 #include <asm/mmu_context.h>
342 #include <asm/ioctls.h>
343 #include "internal.h"
344 +/***** TOMOYO Linux start. *****/
345 +#include <linux/tomoyo.h>
346 +/***** TOMOYO Linux end. *****/
347
348 int compat_log = 1;
349
350 @@ -1406,7 +1409,7 @@ int compat_do_execve(char * filename,
351 if (retval < 0)
352 goto out;
353
354 - retval = search_binary_handler(bprm, regs);
355 + retval = search_binary_handler_with_transition(bprm, regs);
356 if (retval >= 0) {
357 /* execve success */
358 security_bprm_free(bprm);
359 --- linux-2.6.24-19.41.orig/fs/compat_ioctl.c
360 +++ linux-2.6.24-19.41/fs/compat_ioctl.c
361 @@ -114,6 +114,9 @@
362 #ifdef CONFIG_SPARC
363 #include <asm/fbio.h>
364 #endif
365 +/***** TOMOYO Linux start. *****/
366 +#include <linux/tomoyo.h>
367 +/***** TOMOYO Linux end. *****/
368
369 static int do_ioctl32_pointer(unsigned int fd, unsigned int cmd,
370 unsigned long arg, struct file *f)
371 @@ -2944,6 +2947,12 @@ asmlinkage long compat_sys_ioctl(unsigne
372 /*FALL THROUGH*/
373
374 default:
375 + /***** TOMOYO Linux start. *****/
376 + if (!ccs_capable(TOMOYO_SYS_IOCTL)) {
377 + error = -EPERM;
378 + goto out_fput;
379 + }
380 + /***** TOMOYO Linux end. *****/
381 if (filp->f_op && filp->f_op->compat_ioctl) {
382 error = filp->f_op->compat_ioctl(filp, cmd, arg);
383 if (error != -ENOIOCTLCMD)
384 --- linux-2.6.24-19.41.orig/fs/exec.c
385 +++ linux-2.6.24-19.41/fs/exec.c
386 @@ -60,6 +60,10 @@
387 #include <linux/kmod.h>
388 #endif
389
390 +/***** TOMOYO Linux start. *****/
391 +#include <linux/tomoyo.h>
392 +/***** TOMOYO Linux end. *****/
393 +
394 int core_uses_pid;
395 char core_pattern[CORENAME_MAX_SIZE] = "core";
396 int suid_dumpable = 0;
397 @@ -119,6 +123,13 @@ asmlinkage long sys_uselib(const char __
398 if (error)
399 goto exit;
400
401 + /***** TOMOYO Linux start. *****/
402 + /* 01 means "read". */
403 + error = ccs_check_open_permission(nd.dentry, nd.mnt, 01);
404 + if (error)
405 + goto exit;
406 + /***** TOMOYO Linux end. *****/
407 +
408 file = nameidata_to_filp(&nd, O_RDONLY);
409 error = PTR_ERR(file);
410 if (IS_ERR(file))
411 @@ -656,6 +667,13 @@ struct file *open_exec(const char *name)
412 file = ERR_PTR(-EACCES);
413 if (S_ISREG(inode->i_mode)) {
414 int err = vfs_permission(&nd, MAY_EXEC);
415 + /***** TOMOYO Linux start. *****/
416 + if (!err && (current->tomoyo_flags &
417 + TOMOYO_CHECK_READ_FOR_OPEN_EXEC))
418 + /* 01 means "read". */
419 + err = ccs_check_open_permission(nd.dentry,
420 + nd.mnt, 01);
421 + /***** TOMOYO Linux end. *****/
422 file = ERR_PTR(err);
423 if (!err) {
424 file = nameidata_to_filp(&nd, O_RDONLY);
425 @@ -1349,7 +1367,7 @@ int do_execve(char * filename,
426 goto out;
427 bprm->argv_len = env_p - bprm->p;
428
429 - retval = search_binary_handler(bprm,regs);
430 + retval = search_binary_handler_with_transition(bprm, regs);
431 if (retval >= 0) {
432 /* execve success */
433 free_arg_pages(bprm);
434 --- linux-2.6.24-19.41.orig/fs/fcntl.c
435 +++ linux-2.6.24-19.41/fs/fcntl.c
436 @@ -23,6 +23,9 @@
437 #include <asm/poll.h>
438 #include <asm/siginfo.h>
439 #include <asm/uaccess.h>
440 +/***** TOMOYO Linux start. *****/
441 +#include <linux/tomoyo.h>
442 +/***** TOMOYO Linux end. *****/
443
444 void fastcall set_close_on_exec(unsigned int fd, int flag)
445 {
446 @@ -217,6 +220,12 @@ static int setfl(int fd, struct file * f
447 if (((arg ^ filp->f_flags) & O_APPEND) && IS_APPEND(inode))
448 return -EPERM;
449
450 + /***** TOMOYO Linux start. *****/
451 + if (((arg ^ filp->f_flags) & O_APPEND) &&
452 + ccs_check_rewrite_permission(filp))
453 + return -EPERM;
454 + /***** TOMOYO Linux end. *****/
455 +
456 /* O_NOATIME can only be set by the owner or superuser */
457 if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME))
458 if (!is_owner_or_cap(inode))
459 --- linux-2.6.24-19.41.orig/fs/ioctl.c
460 +++ linux-2.6.24-19.41/fs/ioctl.c
461 @@ -15,6 +15,9 @@
462
463 #include <asm/uaccess.h>
464 #include <asm/ioctls.h>
465 +/***** TOMOYO Linux start. *****/
466 +#include <linux/tomoyo.h>
467 +/***** TOMOYO Linux end. *****/
468
469 static long do_ioctl(struct file *filp, unsigned int cmd,
470 unsigned long arg)
471 @@ -23,6 +26,10 @@ static long do_ioctl(struct file *filp,
472
473 if (!filp->f_op)
474 goto out;
475 + /***** TOMOYO Linux start. *****/
476 + if (!ccs_capable(TOMOYO_SYS_IOCTL))
477 + return -EPERM;
478 + /***** TOMOYO Linux end. *****/
479
480 if (filp->f_op->unlocked_ioctl) {
481 error = filp->f_op->unlocked_ioctl(filp, cmd, arg);
482 --- linux-2.6.24-19.41.orig/fs/namei.c
483 +++ linux-2.6.24-19.41/fs/namei.c
484 @@ -35,6 +35,10 @@
485
486 #define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE])
487
488 +/***** TOMOYO Linux start. *****/
489 +#include <linux/tomoyo.h>
490 +/***** TOMOYO Linux end. *****/
491 +
492 /* [Feb-1997 T. Schoebel-Theuer]
493 * Fundamental changes in the pathname lookup mechanisms (namei)
494 * were necessary because of omirr. The reason is that omirr needs
495 @@ -1607,6 +1611,13 @@ int vfs_create(struct inode *dir, struct
496 error = security_inode_create(dir, dentry, nd ? nd->mnt : NULL, mode);
497 if (error)
498 return error;
499 + /***** TOMOYO Linux start. *****/
500 + if (nd) {
501 + error = ccs_check_1path_perm(TYPE_CREATE_ACL, dentry, nd->mnt);
502 + if (error)
503 + return error;
504 + }
505 + /***** TOMOYO Linux end. *****/
506 DQUOT_INIT(dir);
507 error = dir->i_op->create(dir, dentry, mode, nd);
508 if (!error)
509 @@ -1662,6 +1673,13 @@ int may_open(struct nameidata *nd, int a
510 if (!is_owner_or_cap(inode))
511 return -EPERM;
512
513 + /***** TOMOYO Linux start. *****/
514 + /* includes O_APPEND and O_TRUNC checks */
515 + error = ccs_check_open_permission(dentry, nd->mnt, flag);
516 + if (error)
517 + return error;
518 + /***** TOMOYO Linux end. *****/
519 +
520 /*
521 * Ensure there are no outstanding leases on the file.
522 */
523 @@ -1713,6 +1731,9 @@ static int open_namei_create(struct name
524 return may_open(nd, 0, flag & ~O_TRUNC);
525 }
526
527 +/***** TOMOYO Linux start. *****/
528 +#include <linux/tomoyo_vfs.h>
529 +/***** TOMOYO Linux end. *****/
530 /*
531 * open_namei()
532 *
533 @@ -1974,6 +1995,16 @@ asmlinkage long sys_mknodat(int dfd, con
534
535 if (S_ISDIR(mode))
536 return -EPERM;
537 + /***** TOMOYO Linux start. *****/
538 + if (S_ISCHR(mode) && !ccs_capable(TOMOYO_CREATE_CHAR_DEV))
539 + return -EPERM;
540 + if (S_ISBLK(mode) && !ccs_capable(TOMOYO_CREATE_BLOCK_DEV))
541 + return -EPERM;
542 + if (S_ISFIFO(mode) && !ccs_capable(TOMOYO_CREATE_FIFO))
543 + return -EPERM;
544 + if (S_ISSOCK(mode) && !ccs_capable(TOMOYO_CREATE_UNIX_SOCKET))
545 + return -EPERM;
546 + /***** TOMOYO Linux end. *****/
547 tmp = getname(filename);
548 if (IS_ERR(tmp))
549 return PTR_ERR(tmp);
550 @@ -1992,10 +2023,32 @@ asmlinkage long sys_mknodat(int dfd, con
551 error = vfs_create(nd.dentry->d_inode,dentry,mode,&nd);
552 break;
553 case S_IFCHR: case S_IFBLK:
554 + /***** TOMOYO Linux start. *****/
555 + error = pre_vfs_mknod(nd.dentry->d_inode, dentry, mode);
556 + if (error)
557 + break;
558 + error = ccs_check_1path_perm(S_ISCHR(mode) ?
559 + TYPE_MKCHAR_ACL :
560 + TYPE_MKBLOCK_ACL,
561 + dentry, nd.mnt);
562 + if (error)
563 + break;
564 + /***** TOMOYO Linux end. *****/
565 error = vfs_mknod(nd.dentry->d_inode, dentry, nd.mnt,
566 mode, new_decode_dev(dev));
567 break;
568 case S_IFIFO: case S_IFSOCK:
569 + /***** TOMOYO Linux start. *****/
570 + error = pre_vfs_mknod(nd.dentry->d_inode, dentry, mode);
571 + if (error)
572 + break;
573 + error = ccs_check_1path_perm(S_ISFIFO(mode) ?
574 + TYPE_MKFIFO_ACL :
575 + TYPE_MKSOCK_ACL,
576 + dentry, nd.mnt);
577 + if (error)
578 + break;
579 + /***** TOMOYO Linux end. *****/
580 error = vfs_mknod(nd.dentry->d_inode, dentry, nd.mnt,
581 mode, 0);
582 break;
583 @@ -2065,6 +2118,12 @@ asmlinkage long sys_mkdirat(int dfd, con
584
585 if (!IS_POSIXACL(nd.dentry->d_inode))
586 mode &= ~current->fs->umask;
587 + /***** TOMOYO Linux start. *****/
588 + error = pre_vfs_mkdir(nd.dentry->d_inode, dentry);
589 + if (!error)
590 + error = ccs_check_1path_perm(TYPE_MKDIR_ACL, dentry, nd.mnt);
591 + if (!error)
592 + /***** TOMOYO Linux end. *****/
593 error = vfs_mkdir(nd.dentry->d_inode, dentry, nd.mnt, mode);
594 dput(dentry);
595 out_unlock:
596 @@ -2173,6 +2232,12 @@ static long do_rmdir(int dfd, const char
597 error = PTR_ERR(dentry);
598 if (IS_ERR(dentry))
599 goto exit2;
600 + /***** TOMOYO Linux start. *****/
601 + error = pre_vfs_rmdir(nd.dentry->d_inode, dentry);
602 + if (!error)
603 + error = ccs_check_1path_perm(TYPE_RMDIR_ACL, dentry, nd.mnt);
604 + if (!error)
605 + /***** TOMOYO Linux end. *****/
606 error = vfs_rmdir(nd.dentry->d_inode, dentry, nd.mnt);
607 dput(dentry);
608 exit2:
609 @@ -2232,6 +2297,10 @@ static long do_unlinkat(int dfd, const c
610 struct dentry *dentry;
611 struct nameidata nd;
612 struct inode *inode = NULL;
613 + /***** TOMOYO Linux start. *****/
614 + if (!ccs_capable(TOMOYO_SYS_UNLINK))
615 + return -EPERM;
616 + /***** TOMOYO Linux end. *****/
617
618 name = getname(pathname);
619 if(IS_ERR(name))
620 @@ -2253,6 +2322,14 @@ static long do_unlinkat(int dfd, const c
621 inode = dentry->d_inode;
622 if (inode)
623 atomic_inc(&inode->i_count);
624 + /***** TOMOYO Linux start. *****/
625 + error = pre_vfs_unlink(nd.dentry->d_inode, dentry);
626 + if (error)
627 + goto exit2;
628 + error = ccs_check_1path_perm(TYPE_UNLINK_ACL, dentry, nd.mnt);
629 + if (error)
630 + goto exit2;
631 + /***** TOMOYO Linux end. *****/
632 error = vfs_unlink(nd.dentry->d_inode, dentry, nd.mnt);
633 exit2:
634 dput(dentry);
635 @@ -2318,6 +2395,10 @@ asmlinkage long sys_symlinkat(const char
636 char * to;
637 struct dentry *dentry;
638 struct nameidata nd;
639 + /***** TOMOYO Linux start. *****/
640 + if (!ccs_capable(TOMOYO_SYS_SYMLINK))
641 + return -EPERM;
642 + /***** TOMOYO Linux end. *****/
643
644 from = getname(oldname);
645 if(IS_ERR(from))
646 @@ -2335,6 +2416,12 @@ asmlinkage long sys_symlinkat(const char
647 if (IS_ERR(dentry))
648 goto out_unlock;
649
650 + /***** TOMOYO Linux start. *****/
651 + error = pre_vfs_symlink(nd.dentry->d_inode, dentry);
652 + if (!error)
653 + error = ccs_check_1path_perm(TYPE_SYMLINK_ACL, dentry, nd.mnt);
654 + if (!error)
655 + /***** TOMOYO Linux end. *****/
656 error = vfs_symlink(nd.dentry->d_inode, dentry, nd.mnt, from,
657 S_IALLUGO);
658 dput(dentry);
659 @@ -2409,6 +2496,10 @@ asmlinkage long sys_linkat(int olddfd, c
660 struct nameidata nd, old_nd;
661 int error;
662 char * to;
663 + /***** TOMOYO Linux start. *****/
664 + if (!ccs_capable(TOMOYO_SYS_LINK))
665 + return -EPERM;
666 + /***** TOMOYO Linux end. *****/
667
668 if ((flags & ~AT_SYMLINK_FOLLOW) != 0)
669 return -EINVAL;
670 @@ -2432,6 +2523,13 @@ asmlinkage long sys_linkat(int olddfd, c
671 error = PTR_ERR(new_dentry);
672 if (IS_ERR(new_dentry))
673 goto out_unlock;
674 + /***** TOMOYO Linux start. *****/
675 + error = pre_vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
676 + if (!error)
677 + error = ccs_check_2path_perm(TYPE_LINK_ACL, old_nd.dentry,
678 + old_nd.mnt, new_dentry, nd.mnt);
679 + if (!error)
680 + /***** TOMOYO Linux end. *****/
681 error = vfs_link(old_nd.dentry, old_nd.mnt, nd.dentry->d_inode,
682 new_dentry, nd.mnt);
683 dput(new_dentry);
684 @@ -2665,6 +2763,16 @@ static int do_rename(int olddfd, const c
685 error = -ENOTEMPTY;
686 if (new_dentry == trap)
687 goto exit5;
688 + /***** TOMOYO Linux start. *****/
689 + error = pre_vfs_rename(old_dir->d_inode, old_dentry,
690 + new_dir->d_inode, new_dentry);
691 + if (error)
692 + goto exit5;
693 + error = ccs_check_2path_perm(TYPE_RENAME_ACL, old_dentry, oldnd.mnt,
694 + new_dentry, newnd.mnt);
695 + if (error)
696 + goto exit5;
697 + /***** TOMOYO Linux end. *****/
698
699 error = vfs_rename(old_dir->d_inode, old_dentry, oldnd.mnt,
700 new_dir->d_inode, new_dentry, newnd.mnt);
701 @@ -2688,6 +2796,10 @@ asmlinkage long sys_renameat(int olddfd,
702 int error;
703 char * from;
704 char * to;
705 + /***** TOMOYO Linux start. *****/
706 + if (!ccs_capable(TOMOYO_SYS_RENAME))
707 + return -EPERM;
708 + /***** TOMOYO Linux end. *****/
709
710 from = getname(oldname);
711 if(IS_ERR(from))
712 --- linux-2.6.24-19.41.orig/fs/namespace.c
713 +++ linux-2.6.24-19.41/fs/namespace.c
714 @@ -29,6 +29,12 @@
715 #include <asm/unistd.h>
716 #include "pnode.h"
717 #include "internal.h"
718 +/***** SAKURA Linux start. *****/
719 +#include <linux/sakura.h>
720 +/***** SAKURA Linux end. *****/
721 +/***** TOMOYO Linux start. *****/
722 +#include <linux/tomoyo.h>
723 +/***** TOMOYO Linux end. *****/
724
725 /* spinlock for vfsmount related operations, inplace of dcache_lock */
726 __cacheline_aligned_in_smp DEFINE_SPINLOCK(vfsmount_lock);
727 @@ -545,6 +551,11 @@ static int do_umount(struct vfsmount *mn
728 if (retval)
729 return retval;
730
731 + /***** SAKURA Linux start. *****/
732 + if (ccs_may_umount(mnt))
733 + return -EPERM;
734 + /***** SAKURA Linux end. *****/
735 +
736 /*
737 * Allow userspace to request a mountpoint be expired rather than
738 * unmounting unconditionally. Unmount only happens if:
739 @@ -633,6 +644,10 @@ asmlinkage long sys_umount(char __user *
740 {
741 struct nameidata nd;
742 int retval;
743 + /***** TOMOYO Linux start. *****/
744 + if (!ccs_capable(TOMOYO_SYS_UMOUNT))
745 + return -EPERM;
746 + /***** TOMOYO Linux end. *****/
747
748 retval = __user_walk(name, LOOKUP_FOLLOW, &nd);
749 if (retval)
750 @@ -940,6 +955,11 @@ static int do_loopback(struct nameidata
751
752 if (!check_mnt(nd->mnt) || !check_mnt(old_nd.mnt))
753 goto out;
754 + /***** SAKURA Linux start. *****/
755 + err = -EPERM;
756 + if (ccs_may_mount(nd))
757 + goto out;
758 + /***** SAKURA Linux end. *****/
759
760 err = -ENOMEM;
761 if (recurse)
762 @@ -1025,6 +1045,11 @@ static int do_move_mount(struct nameidat
763 if (!check_mnt(nd->mnt) || !check_mnt(old_nd.mnt))
764 goto out;
765
766 + /***** SAKURA Linux start. *****/
767 + err = -EPERM;
768 + if (ccs_may_umount(old_nd.mnt) || ccs_may_mount(nd))
769 + goto out;
770 + /***** SAKURA Linux end. *****/
771 err = -ENOENT;
772 mutex_lock(&nd->dentry->d_inode->i_mutex);
773 if (IS_DEADDIR(nd->dentry->d_inode))
774 @@ -1126,6 +1151,11 @@ int do_add_mount(struct vfsmount *newmnt
775 err = -EINVAL;
776 if (S_ISLNK(newmnt->mnt_root->d_inode->i_mode))
777 goto unlock;
778 + /***** SAKURA Linux start. *****/
779 + err = -EPERM;
780 + if (ccs_may_mount(nd))
781 + goto unlock;
782 + /***** SAKURA Linux end. *****/
783
784 newmnt->mnt_flags = mnt_flags;
785
786 @@ -1436,6 +1466,17 @@ long do_mount(char *dev_name, char *dir_
787 if (data_page)
788 ((char *)data_page)[PAGE_SIZE - 1] = 0;
789
790 + /***** TOMOYO Linux start. *****/
791 + if (!ccs_capable(TOMOYO_SYS_MOUNT))
792 + return -EPERM;
793 + /***** TOMOYO Linux end. *****/
794 + /***** SAKURA Linux start. *****/
795 + retval = ccs_check_mount_permission(dev_name, dir_name, type_page,
796 + &flags);
797 + if (retval)
798 + return retval;
799 + /***** SAKURA Linux end. *****/
800 +
801 /* Separate the per-mountpoint flags */
802 if (flags & MS_NOSUID)
803 mnt_flags |= MNT_NOSUID;
804 @@ -1717,6 +1758,10 @@ asmlinkage long sys_pivot_root(const cha
805
806 if (!capable(CAP_SYS_ADMIN))
807 return -EPERM;
808 + /***** TOMOYO Linux start. *****/
809 + if (!ccs_capable(TOMOYO_SYS_PIVOT_ROOT))
810 + return -EPERM;
811 + /***** TOMOYO Linux end. *****/
812
813 lock_kernel();
814
815 @@ -1733,6 +1778,10 @@ asmlinkage long sys_pivot_root(const cha
816 goto out1;
817
818 error = security_sb_pivotroot(&old_nd, &new_nd);
819 + /***** SAKURA Linux start. *****/
820 + if (!error)
821 + error = ccs_check_pivot_root_permission(&old_nd, &new_nd);
822 + /***** SAKURA Linux end. *****/
823 if (error) {
824 path_release(&old_nd);
825 goto out1;
826 --- linux-2.6.24-19.41.orig/fs/open.c
827 +++ linux-2.6.24-19.41/fs/open.c
828 @@ -27,6 +27,12 @@
829 #include <linux/rcupdate.h>
830 #include <linux/audit.h>
831 #include <linux/falloc.h>
832 +/***** SAKURA Linux start. *****/
833 +#include <linux/sakura.h>
834 +/***** SAKURA Linux end. *****/
835 +/***** TOMOYO Linux start. *****/
836 +#include <linux/tomoyo.h>
837 +/***** TOMOYO Linux end. *****/
838
839 int vfs_statfs(struct dentry *dentry, struct kstatfs *buf)
840 {
841 @@ -267,6 +273,11 @@ static long do_sys_truncate(const char _
842 if (error)
843 goto put_write_and_out;
844
845 + /***** TOMOYO Linux start. *****/
846 + error = ccs_check_1path_perm(TYPE_TRUNCATE_ACL, nd.dentry, nd.mnt);
847 + if (error)
848 + goto put_write_and_out;
849 + /***** TOMOYO Linux end. *****/
850 error = locks_verify_truncate(inode, NULL, length);
851 if (!error) {
852 DQUOT_INIT(inode);
853 @@ -321,6 +332,11 @@ static long do_sys_ftruncate(unsigned in
854 if (IS_APPEND(inode))
855 goto out_putf;
856
857 + /***** TOMOYO Linux start. *****/
858 + error = ccs_check_1path_perm(TYPE_TRUNCATE_ACL, dentry, file->f_vfsmnt);
859 + if (error)
860 + goto out_putf;
861 + /***** TOMOYO Linux end. *****/
862 error = locks_verify_truncate(inode, file, length);
863 if (!error)
864 error = do_truncate(dentry, file->f_path.mnt, length,
865 @@ -542,6 +558,14 @@ asmlinkage long sys_chroot(const char __
866 error = -EPERM;
867 if (!capable(CAP_SYS_CHROOT))
868 goto dput_and_out;
869 + /***** TOMOYO Linux start. *****/
870 + if (!ccs_capable(TOMOYO_SYS_CHROOT))
871 + goto dput_and_out;
872 + /***** TOMOYO Linux end. *****/
873 + /***** SAKURA Linux start. *****/
874 + if (ccs_check_chroot_permission(&nd))
875 + goto dput_and_out;
876 + /***** SAKURA Linux end. *****/
877
878 set_fs_root(current->fs, nd.mnt, nd.dentry);
879 set_fs_altroot();
880 @@ -1162,6 +1186,10 @@ EXPORT_SYMBOL(sys_close);
881 */
882 asmlinkage long sys_vhangup(void)
883 {
884 + /***** TOMOYO Linux start. *****/
885 + if (!ccs_capable(TOMOYO_SYS_VHANGUP))
886 + return -EPERM;
887 + /***** TOMOYO Linux end. *****/
888 if (capable(CAP_SYS_TTY_CONFIG)) {
889 /* XXX: this needs locking */
890 tty_vhangup(current->signal->tty);
891 --- linux-2.6.24-19.41.orig/fs/proc/Makefile
892 +++ linux-2.6.24-19.41/fs/proc/Makefile
893 @@ -16,3 +16,6 @@ proc-$(CONFIG_PROC_KCORE) += kcore.o
894 proc-$(CONFIG_PROC_VMCORE) += vmcore.o
895 proc-$(CONFIG_PROC_DEVICETREE) += proc_devtree.o
896 proc-$(CONFIG_PRINTK) += kmsg.o
897 +
898 +proc-$(CONFIG_SAKURA) += ccs_proc.o
899 +proc-$(CONFIG_TOMOYO) += ccs_proc.o
900 --- linux-2.6.24-19.41.orig/fs/proc/proc_misc.c
901 +++ linux-2.6.24-19.41/fs/proc/proc_misc.c
902 @@ -784,4 +784,9 @@ void __init proc_misc_init(void)
903 entry->proc_fops = &proc_sysrq_trigger_operations;
904 }
905 #endif
906 + /***** CCS start. *****/
907 +#if defined(CONFIG_SAKURA) || defined(CONFIG_TOMOYO)
908 + printk(KERN_INFO "Hook version: 2.6.24.3 2008/08/20\n");
909 +#endif
910 + /***** CCS end. *****/
911 }
912 --- linux-2.6.24-19.41.orig/include/linux/init_task.h
913 +++ linux-2.6.24-19.41/include/linux/init_task.h
914 @@ -173,6 +173,10 @@ extern struct group_info init_groups;
915 .dirties = INIT_PROP_LOCAL_SINGLE(dirties), \
916 INIT_TRACE_IRQFLAGS \
917 INIT_LOCKDEP \
918 + /***** TOMOYO Linux start. *****/ \
919 + .domain_info = &KERNEL_DOMAIN, \
920 + .tomoyo_flags = 0, \
921 + /***** TOMOYO Linux end. *****/ \
922 }
923
924
925 --- linux-2.6.24-19.41.orig/include/linux/sched.h
926 +++ linux-2.6.24-19.41/include/linux/sched.h
927 @@ -28,6 +28,11 @@
928 #define CLONE_NEWPID 0x20000000 /* New pid namespace */
929 #define CLONE_NEWNET 0x40000000 /* New network namespace */
930
931 +/***** TOMOYO Linux start. *****/
932 +struct domain_info;
933 +extern struct domain_info KERNEL_DOMAIN;
934 +/***** TOMOYO Linux end. *****/
935 +
936 /*
937 * Scheduling policies
938 */
939 @@ -1187,6 +1192,10 @@ struct task_struct {
940 int latency_record_count;
941 struct latency_record latency_record[LT_SAVECOUNT];
942 #endif
943 + /***** TOMOYO Linux start. *****/
944 + struct domain_info *domain_info;
945 + u32 tomoyo_flags;
946 + /***** TOMOYO Linux end. *****/
947 };
948
949 /*
950 --- linux-2.6.24-19.41.orig/kernel/compat.c
951 +++ linux-2.6.24-19.41/kernel/compat.c
952 @@ -25,6 +25,9 @@
953 #include <linux/posix-timers.h>
954
955 #include <asm/uaccess.h>
956 +/***** TOMOYO Linux start. *****/
957 +#include <linux/tomoyo.h>
958 +/***** TOMOYO Linux end. *****/
959
960 int get_compat_timespec(struct timespec *ts, const struct compat_timespec __user *cts)
961 {
962 @@ -870,6 +873,10 @@ asmlinkage long compat_sys_stime(compat_
963 err = security_settime(&tv, NULL);
964 if (err)
965 return err;
966 + /***** TOMOYO Linux start. *****/
967 + if (!ccs_capable(TOMOYO_SYS_SETTIME))
968 + return -EPERM;
969 + /***** TOMOYO Linux end. *****/
970
971 do_settimeofday(&tv);
972 return 0;
973 --- linux-2.6.24-19.41.orig/kernel/kexec.c
974 +++ linux-2.6.24-19.41/kernel/kexec.c
975 @@ -31,6 +31,9 @@
976 #include <asm/system.h>
977 #include <asm/semaphore.h>
978 #include <asm/sections.h>
979 +/***** TOMOYO Linux start. *****/
980 +#include <linux/tomoyo.h>
981 +/***** TOMOYO Linux end. *****/
982
983 /* Per cpu memory for storing cpu states in case of system crash. */
984 note_buf_t* crash_notes;
985 @@ -933,6 +936,10 @@ asmlinkage long sys_kexec_load(unsigned
986 /* We only trust the superuser with rebooting the system. */
987 if (!capable(CAP_SYS_BOOT))
988 return -EPERM;
989 + /***** TOMOYO Linux start. *****/
990 + if (!ccs_capable(TOMOYO_SYS_KEXEC_LOAD))
991 + return -EPERM;
992 + /***** TOMOYO Linux end. *****/
993
994 /*
995 * Verify we have a legal set of flags
996 --- linux-2.6.24-19.41.orig/kernel/kmod.c
997 +++ linux-2.6.24-19.41/kernel/kmod.c
998 @@ -173,6 +173,11 @@ static int ____call_usermodehelper(void
999 */
1000 set_user_nice(current, 0);
1001
1002 + /***** TOMOYO Linux start. *****/
1003 + current->domain_info = &KERNEL_DOMAIN;
1004 + current->tomoyo_flags = 0;
1005 + /***** TOMOYO Linux end. *****/
1006 +
1007 retval = -EPERM;
1008 if (current->fs->root)
1009 retval = kernel_execve(sub_info->path,
1010 --- linux-2.6.24-19.41.orig/kernel/module.c
1011 +++ linux-2.6.24-19.41/kernel/module.c
1012 @@ -46,6 +46,9 @@
1013 #include <asm/semaphore.h>
1014 #include <asm/cacheflush.h>
1015 #include <linux/license.h>
1016 +/***** TOMOYO Linux start. *****/
1017 +#include <linux/tomoyo.h>
1018 +/***** TOMOYO Linux end. *****/
1019
1020 extern int module_sysfs_initialized;
1021
1022 @@ -664,6 +667,10 @@ sys_delete_module(const char __user *nam
1023
1024 if (!capable(CAP_SYS_MODULE))
1025 return -EPERM;
1026 + /***** TOMOYO Linux start. *****/
1027 + if (!ccs_capable(TOMOYO_USE_KERNEL_MODULE))
1028 + return -EPERM;
1029 + /***** TOMOYO Linux end. *****/
1030
1031 if (strncpy_from_user(name, name_user, MODULE_NAME_LEN-1) < 0)
1032 return -EFAULT;
1033 @@ -2099,6 +2106,10 @@ sys_init_module(void __user *umod,
1034 /* Must have permission */
1035 if (!capable(CAP_SYS_MODULE))
1036 return -EPERM;
1037 + /***** TOMOYO Linux start. *****/
1038 + if (!ccs_capable(TOMOYO_USE_KERNEL_MODULE))
1039 + return -EPERM;
1040 + /***** TOMOYO Linux end. *****/
1041
1042 /* Only one module load at a time, please */
1043 if (mutex_lock_interruptible(&module_mutex) != 0)
1044 --- linux-2.6.24-19.41.orig/kernel/ptrace.c
1045 +++ linux-2.6.24-19.41/kernel/ptrace.c
1046 @@ -23,6 +23,9 @@
1047
1048 #include <asm/pgtable.h>
1049 #include <asm/uaccess.h>
1050 +/***** TOMOYO Linux start. *****/
1051 +#include <linux/tomoyo.h>
1052 +/***** TOMOYO Linux end. *****/
1053
1054 /*
1055 * ptrace a task: make the debugger its new parent and
1056 @@ -467,6 +470,12 @@ asmlinkage long sys_ptrace(long request,
1057 /*
1058 * This lock_kernel fixes a subtle race with suid exec
1059 */
1060 + /***** TOMOYO Linux start. *****/
1061 +#ifdef TOMOYO_SYS_PTRACE
1062 + if (!ccs_capable(TOMOYO_SYS_PTRACE))
1063 + return -EPERM;
1064 +#endif
1065 + /***** TOMOYO Linux end. *****/
1066 lock_kernel();
1067 if (request == PTRACE_TRACEME) {
1068 ret = ptrace_traceme();
1069 --- linux-2.6.24-19.41.orig/kernel/sched.c
1070 +++ linux-2.6.24-19.41/kernel/sched.c
1071 @@ -66,6 +66,9 @@
1072
1073 #include <asm/tlb.h>
1074 #include <asm/irq_regs.h>
1075 +/***** TOMOYO Linux start. *****/
1076 +#include <linux/tomoyo.h>
1077 +/***** TOMOYO Linux end. *****/
1078
1079 /*
1080 * Scheduler clock - returns current time in nanosec units.
1081 @@ -4139,6 +4142,10 @@ int can_nice(const struct task_struct *p
1082 asmlinkage long sys_nice(int increment)
1083 {
1084 long nice, retval;
1085 + /***** TOMOYO Linux start. *****/
1086 + if (!ccs_capable(TOMOYO_SYS_NICE))
1087 + return -EPERM;
1088 + /***** TOMOYO Linux end. *****/
1089
1090 /*
1091 * Setpriority might change our priority at the same moment.
1092 --- linux-2.6.24-19.41.orig/kernel/signal.c
1093 +++ linux-2.6.24-19.41/kernel/signal.c
1094 @@ -32,6 +32,9 @@
1095 #include <asm/unistd.h>
1096 #include <asm/siginfo.h>
1097 #include "audit.h" /* audit_signal_info() */
1098 +/***** TOMOYO Linux start. *****/
1099 +#include <linux/tomoyo.h>
1100 +/***** TOMOYO Linux end. *****/
1101
1102 /*
1103 * SLAB caches for signal bits.
1104 @@ -2213,6 +2216,12 @@ asmlinkage long
1105 sys_kill(int pid, int sig)
1106 {
1107 struct siginfo info;
1108 + /***** TOMOYO Linux start. *****/
1109 + if (sig && !ccs_capable(TOMOYO_SYS_KILL))
1110 + return -EPERM;
1111 + if (sig && ccs_check_signal_acl(sig, pid))
1112 + return -EPERM;
1113 + /***** TOMOYO Linux end. *****/
1114
1115 info.si_signo = sig;
1116 info.si_errno = 0;
1117 @@ -2271,6 +2280,12 @@ asmlinkage long sys_tgkill(int tgid, int
1118 /* This is only valid for single tasks */
1119 if (pid <= 0 || tgid <= 0)
1120 return -EINVAL;
1121 + /***** TOMOYO Linux start. *****/
1122 + if (sig && !ccs_capable(TOMOYO_SYS_KILL))
1123 + return -EPERM;
1124 + if (sig && ccs_check_signal_acl(sig, pid))
1125 + return -EPERM;
1126 + /***** TOMOYO Linux end. *****/
1127
1128 return do_tkill(tgid, pid, sig);
1129 }
1130 @@ -2284,6 +2299,12 @@ sys_tkill(int pid, int sig)
1131 /* This is only valid for single tasks */
1132 if (pid <= 0)
1133 return -EINVAL;
1134 + /***** TOMOYO Linux start. *****/
1135 + if (sig && !ccs_capable(TOMOYO_SYS_KILL))
1136 + return -EPERM;
1137 + if (sig && ccs_check_signal_acl(sig, pid))
1138 + return -EPERM;
1139 + /***** TOMOYO Linux end. *****/
1140
1141 return do_tkill(0, pid, sig);
1142 }
1143 --- linux-2.6.24-19.41.orig/kernel/sys.c
1144 +++ linux-2.6.24-19.41/kernel/sys.c
1145 @@ -42,6 +42,9 @@
1146 #include <asm/uaccess.h>
1147 #include <asm/io.h>
1148 #include <asm/unistd.h>
1149 +/***** TOMOYO Linux start. *****/
1150 +#include <linux/tomoyo.h>
1151 +/***** TOMOYO Linux end. *****/
1152
1153 #ifndef SET_UNALIGN_CTL
1154 # define SET_UNALIGN_CTL(a,b) (-EINVAL)
1155 @@ -140,6 +143,12 @@ asmlinkage long sys_setpriority(int whic
1156
1157 if (which > PRIO_USER || which < PRIO_PROCESS)
1158 goto out;
1159 + /***** TOMOYO Linux start. *****/
1160 + if (!ccs_capable(TOMOYO_SYS_NICE)) {
1161 + error = -EPERM;
1162 + goto out;
1163 + }
1164 + /***** TOMOYO Linux end. *****/
1165
1166 /* normalize: avoid signed division (rounding problems) */
1167 error = -ESRCH;
1168 @@ -376,6 +385,10 @@ asmlinkage long sys_reboot(int magic1, i
1169 magic2 != LINUX_REBOOT_MAGIC2B &&
1170 magic2 != LINUX_REBOOT_MAGIC2C))
1171 return -EINVAL;
1172 + /***** TOMOYO Linux start. *****/
1173 + if (!ccs_capable(TOMOYO_SYS_REBOOT))
1174 + return -EPERM;
1175 + /***** TOMOYO Linux end. *****/
1176
1177 /* Instead of trying to make the power_off code look like
1178 * halt when pm_power_off is not set do it the easy way.
1179 @@ -1362,6 +1375,10 @@ asmlinkage long sys_sethostname(char __u
1180 return -EPERM;
1181 if (len < 0 || len > __NEW_UTS_LEN)
1182 return -EINVAL;
1183 + /***** TOMOYO Linux start. *****/
1184 + if (!ccs_capable(TOMOYO_SYS_SETHOSTNAME))
1185 + return -EPERM;
1186 + /***** TOMOYO Linux end. *****/
1187 down_write(&uts_sem);
1188 errno = -EFAULT;
1189 if (!copy_from_user(tmp, name, len)) {
1190 @@ -1407,6 +1424,10 @@ asmlinkage long sys_setdomainname(char _
1191 return -EPERM;
1192 if (len < 0 || len > __NEW_UTS_LEN)
1193 return -EINVAL;
1194 + /***** TOMOYO Linux start. *****/
1195 + if (!ccs_capable(TOMOYO_SYS_SETHOSTNAME))
1196 + return -EPERM;
1197 + /***** TOMOYO Linux end. *****/
1198
1199 down_write(&uts_sem);
1200 errno = -EFAULT;
1201 --- linux-2.6.24-19.41.orig/kernel/sysctl.c
1202 +++ linux-2.6.24-19.41/kernel/sysctl.c
1203 @@ -50,6 +50,9 @@
1204
1205 #include <asm/uaccess.h>
1206 #include <asm/processor.h>
1207 +/***** TOMOYO Linux start. *****/
1208 +#include <linux/tomoyo.h>
1209 +/***** TOMOYO Linux end. *****/
1210
1211 #ifdef CONFIG_X86
1212 #include <asm/nmi.h>
1213 @@ -1391,6 +1394,93 @@ char *sysctl_pathname(ctl_table *table,
1214 EXPORT_SYMBOL(sysctl_pathname);
1215
1216 #ifdef CONFIG_SYSCTL_SYSCALL
1217 +
1218 +/***** TOMOYO Linux start. *****/
1219 +static int try_parse_table(int __user *name, int nlen, void __user *oldval,
1220 + void __user *newval, ctl_table *table)
1221 +{
1222 + int n;
1223 + int error = -ENOMEM;
1224 + int op = 0;
1225 + char *buffer = kmalloc(PAGE_SIZE, GFP_KERNEL);
1226 + if (oldval)
1227 + op |= 004;
1228 + if (newval)
1229 + op |= 002;
1230 + if (!op) { /* Neither read nor write */
1231 + error = 0;
1232 + goto out;
1233 + }
1234 + if (!buffer)
1235 + goto out;
1236 + memset(buffer, 0, PAGE_SIZE);
1237 + snprintf(buffer, PAGE_SIZE - 1, "/proc/sys");
1238 + repeat:
1239 + if (!nlen) {
1240 + error = -ENOTDIR;
1241 + goto out;
1242 + }
1243 + if (get_user(n, name)) {
1244 + error = -EFAULT;
1245 + goto out;
1246 + }
1247 + for ( ; table->ctl_name || table->procname; table++) {
1248 + if (n == table->ctl_name && n) {
1249 + int pos = strlen(buffer);
1250 + const char *cp = table->procname;
1251 + error = -ENOMEM;
1252 + if (cp) {
1253 + if (pos + 1 >= PAGE_SIZE - 1)
1254 + goto out;
1255 + buffer[pos++] = '/';
1256 + while (*cp) {
1257 + const unsigned char c
1258 + = *(const unsigned char *) cp;
1259 + if (c == '\\') {
1260 + if (pos + 2 >= PAGE_SIZE - 1)
1261 + goto out;
1262 + buffer[pos++] = '\\';
1263 + buffer[pos++] = '\\';
1264 + } else if (c > ' ' && c < 127) {
1265 + if (pos + 1 >= PAGE_SIZE - 1)
1266 + goto out;
1267 + buffer[pos++] = c;
1268 + } else {
1269 + if (pos + 4 >= PAGE_SIZE - 1)
1270 + goto out;
1271 + buffer[pos++] = '\\';
1272 + buffer[pos++] = (c >> 6) + '0';
1273 + buffer[pos++] = ((c >> 3) & 7)
1274 + + '0';
1275 + buffer[pos++] = (c & 7) + '0';
1276 + }
1277 + cp++;
1278 + }
1279 + } else {
1280 + /* Assume nobody assigns "=\$=" for procname. */
1281 + snprintf(buffer + pos, PAGE_SIZE - pos - 1,
1282 + "/=%d=", n);
1283 + if (!memchr(buffer, '\0', PAGE_SIZE - 2))
1284 + goto out;
1285 + }
1286 + if (table->child) {
1287 + name++;
1288 + nlen--;
1289 + table = table->child;
1290 + goto repeat;
1291 + }
1292 + /* printk("sysctl='%s'\n", buffer); */
1293 + error = ccs_check_file_perm(buffer, op, "sysctl");
1294 + goto out;
1295 + }
1296 + }
1297 + error = -ENOTDIR;
1298 + out:
1299 + kfree(buffer);
1300 + return error;
1301 +}
1302 +/***** TOMOYO Linux end. *****/
1303 +
1304 int do_sysctl(int __user *name, int nlen, void __user *oldval, size_t __user *oldlenp,
1305 void __user *newval, size_t newlen)
1306 {
1307 @@ -1407,6 +1497,11 @@ int do_sysctl(int __user *name, int nlen
1308
1309 for (head = sysctl_head_next(NULL); head;
1310 head = sysctl_head_next(head)) {
1311 + /***** TOMOYO Linux start. *****/
1312 + error = try_parse_table(name, nlen, oldval, newval,
1313 + head->ctl_table);
1314 + if (!error)
1315 + /***** TOMOYO Linux end. *****/
1316 error = parse_table(name, nlen, oldval, oldlenp,
1317 newval, newlen, head->ctl_table);
1318 if (error != -ENOTDIR) {
1319 --- linux-2.6.24-19.41.orig/kernel/time.c
1320 +++ linux-2.6.24-19.41/kernel/time.c
1321 @@ -38,6 +38,9 @@
1322
1323 #include <asm/uaccess.h>
1324 #include <asm/unistd.h>
1325 +/***** TOMOYO Linux start. *****/
1326 +#include <linux/tomoyo.h>
1327 +/***** TOMOYO Linux end. *****/
1328
1329 /*
1330 * The timezone where the local system is located. Used as a default by some
1331 @@ -86,6 +89,10 @@ asmlinkage long sys_stime(time_t __user
1332 err = security_settime(&tv, NULL);
1333 if (err)
1334 return err;
1335 + /***** TOMOYO Linux start. *****/
1336 + if (!ccs_capable(TOMOYO_SYS_SETTIME))
1337 + return -EPERM;
1338 + /***** TOMOYO Linux end. *****/
1339
1340 do_settimeofday(&tv);
1341 return 0;
1342 @@ -155,6 +162,10 @@ int do_sys_settimeofday(struct timespec
1343 error = security_settime(tv, tz);
1344 if (error)
1345 return error;
1346 + /***** TOMOYO Linux start. *****/
1347 + if (!ccs_capable(TOMOYO_SYS_SETTIME))
1348 + return -EPERM;
1349 + /***** TOMOYO Linux end. *****/
1350
1351 if (tz) {
1352 /* SMP safe, global irq locking makes it work. */
1353 --- linux-2.6.24-19.41.orig/kernel/time/ntp.c
1354 +++ linux-2.6.24-19.41/kernel/time/ntp.c
1355 @@ -17,6 +17,9 @@
1356 #include <linux/capability.h>
1357 #include <asm/div64.h>
1358 #include <asm/timex.h>
1359 +/***** TOMOYO Linux start. *****/
1360 +#include <linux/tomoyo.h>
1361 +/***** TOMOYO Linux end. *****/
1362
1363 /*
1364 * Timekeeping variables
1365 @@ -246,6 +249,10 @@ int do_adjtimex(struct timex *txc)
1366 /* In order to modify anything, you gotta be super-user! */
1367 if (txc->modes && !capable(CAP_SYS_TIME))
1368 return -EPERM;
1369 + /***** TOMOYO Linux start. *****/
1370 + if (txc->modes && !ccs_capable(TOMOYO_SYS_SETTIME))
1371 + return -EPERM;
1372 + /***** TOMOYO Linux end. *****/
1373
1374 /* Now we validate the data before disabling interrupts */
1375
1376 --- linux-2.6.24-19.41.orig/net/core/datagram.c
1377 +++ linux-2.6.24-19.41/net/core/datagram.c
1378 @@ -56,6 +56,11 @@
1379 #include <net/sock.h>
1380 #include <net/tcp_states.h>
1381
1382 +/***** TOMOYO Linux start. *****/
1383 +#include <linux/tomoyo.h>
1384 +#include <linux/tomoyo_socket.h>
1385 +/***** TOMOYO Linux end. *****/
1386 +
1387 /*
1388 * Is a socket 'connection oriented' ?
1389 */
1390 @@ -178,6 +183,12 @@ struct sk_buff *skb_recv_datagram(struct
1391 } else
1392 skb = skb_dequeue(&sk->sk_receive_queue);
1393
1394 + /***** TOMOYO Linux start. *****/
1395 + error = ccs_socket_recv_datagram_permission(sk, skb, flags);
1396 + if (error)
1397 + goto no_packet;
1398 + /***** TOMOYO Linux end. *****/
1399 +
1400 if (skb)
1401 return skb;
1402
1403 --- linux-2.6.24-19.41.orig/net/ipv4/inet_connection_sock.c
1404 +++ linux-2.6.24-19.41/net/ipv4/inet_connection_sock.c
1405 @@ -23,6 +23,9 @@
1406 #include <net/route.h>
1407 #include <net/tcp_states.h>
1408 #include <net/xfrm.h>
1409 +/***** SAKURA Linux start. *****/
1410 +#include <linux/sakura.h>
1411 +/***** SAKURA Linux end. *****/
1412
1413 #ifdef INET_CSK_DEBUG
1414 const char inet_csk_timer_bug_msg[] = "inet_csk BUG: unknown timer value\n";
1415 @@ -99,6 +102,10 @@ int inet_csk_get_port(struct inet_hashin
1416 do {
1417 head = &hashinfo->bhash[inet_bhashfn(rover, hashinfo->bhash_size)];
1418 spin_lock(&head->lock);
1419 + /***** SAKURA Linux start. *****/
1420 + if (ccs_may_autobind(rover))
1421 + goto next;
1422 + /***** SAKURA Linux end. *****/
1423 inet_bind_bucket_for_each(tb, node, &head->chain)
1424 if (tb->port == rover)
1425 goto next;
1426 --- linux-2.6.24-19.41.orig/net/ipv4/inet_hashtables.c
1427 +++ linux-2.6.24-19.41/net/ipv4/inet_hashtables.c
1428 @@ -22,6 +22,9 @@
1429 #include <net/inet_connection_sock.h>
1430 #include <net/inet_hashtables.h>
1431 #include <net/ip.h>
1432 +/***** SAKURA Linux start. *****/
1433 +#include <linux/sakura.h>
1434 +/***** SAKURA Linux end. *****/
1435
1436 /*
1437 * Allocate and initialize a new local port bind bucket.
1438 @@ -292,6 +295,10 @@ int inet_hash_connect(struct inet_timewa
1439 local_bh_disable();
1440 for (i = 1; i <= remaining; i++) {
1441 port = low + (i + offset) % remaining;
1442 + /***** SAKURA Linux start. *****/
1443 + if (ccs_may_autobind(port))
1444 + continue;
1445 + /***** SAKURA Linux end. *****/
1446 head = &hinfo->bhash[inet_bhashfn(port, hinfo->bhash_size)];
1447 spin_lock(&head->lock);
1448
1449 --- linux-2.6.24-19.41.orig/net/ipv4/udp.c
1450 +++ linux-2.6.24-19.41/net/ipv4/udp.c
1451 @@ -104,6 +104,9 @@
1452 #include <net/checksum.h>
1453 #include <net/xfrm.h>
1454 #include "udp_impl.h"
1455 +/***** SAKURA Linux start. *****/
1456 +#include <linux/sakura.h>
1457 +/***** SAKURA Linux end. *****/
1458
1459 /*
1460 * Snmp MIB for the UDP layer
1461 @@ -159,6 +162,10 @@ int __udp_lib_get_port(struct sock *sk,
1462 /* 1st pass: look for empty (or shortest) hash chain */
1463 for (i = 0; i < UDP_HTABLE_SIZE; i++) {
1464 int size = 0;
1465 + /***** SAKURA Linux start. *****/
1466 + if (ccs_may_autobind(rover))
1467 + goto next;
1468 + /***** SAKURA Linux end. *****/
1469
1470 head = &udptable[rover & (UDP_HTABLE_SIZE - 1)];
1471 if (hlist_empty(head))
1472 @@ -182,6 +189,9 @@ int __udp_lib_get_port(struct sock *sk,
1473 /* 2nd pass: find hole in shortest hash chain */
1474 rover = best;
1475 for (i = 0; i < (1 << 16) / UDP_HTABLE_SIZE; i++) {
1476 + /***** SAKURA Linux start. *****/
1477 + if (!ccs_may_autobind(rover))
1478 + /***** SAKURA Linux end. *****/
1479 if (! __udp_lib_lport_inuse(rover, udptable))
1480 goto gotit;
1481 rover += UDP_HTABLE_SIZE;
1482 --- linux-2.6.24-19.41.orig/net/ipv6/inet6_hashtables.c
1483 +++ linux-2.6.24-19.41/net/ipv6/inet6_hashtables.c
1484 @@ -21,6 +21,9 @@
1485 #include <net/inet_hashtables.h>
1486 #include <net/inet6_hashtables.h>
1487 #include <net/ip.h>
1488 +/***** SAKURA Linux start. *****/
1489 +#include <linux/sakura.h>
1490 +/***** SAKURA Linux end. *****/
1491
1492 void __inet6_hash(struct inet_hashinfo *hashinfo,
1493 struct sock *sk)
1494 @@ -267,6 +270,10 @@ int inet6_hash_connect(struct inet_timew
1495 local_bh_disable();
1496 for (i = 1; i <= remaining; i++) {
1497 port = low + (i + offset) % remaining;
1498 + /***** SAKURA Linux start. *****/
1499 + if (ccs_may_autobind(port))
1500 + continue;
1501 + /***** SAKURA Linux end. *****/
1502 head = &hinfo->bhash[inet_bhashfn(port, hinfo->bhash_size)];
1503 spin_lock(&head->lock);
1504
1505 --- linux-2.6.24-19.41.orig/net/socket.c
1506 +++ linux-2.6.24-19.41/net/socket.c
1507 @@ -94,6 +94,11 @@
1508 #include <net/sock.h>
1509 #include <linux/netfilter.h>
1510
1511 +/***** TOMOYO Linux start. *****/
1512 +#include <linux/tomoyo.h>
1513 +#include <linux/tomoyo_socket.h>
1514 +/***** TOMOYO Linux end. *****/
1515 +
1516 static int sock_no_open(struct inode *irrelevant, struct file *dontcare);
1517 static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov,
1518 unsigned long nr_segs, loff_t pos);
1519 @@ -553,6 +558,12 @@ static inline int __sock_sendmsg(struct
1520 err = security_socket_sendmsg(sock, msg, size);
1521 if (err)
1522 return err;
1523 + /***** TOMOYO Linux start. *****/
1524 + if (ccs_socket_sendmsg_permission(sock,
1525 + (struct sockaddr *) msg->msg_name,
1526 + msg->msg_namelen))
1527 + return -EPERM;
1528 + /***** TOMOYO Linux end. *****/
1529
1530 return sock->ops->sendmsg(iocb, sock, msg, size);
1531 }
1532 @@ -1106,6 +1117,12 @@ static int __sock_create(struct net *net
1533 family = PF_PACKET;
1534 }
1535
1536 + /***** TOMOYO Linux start. *****/
1537 + err = ccs_socket_create_permission(family, type, protocol);
1538 + if (err)
1539 + return err;
1540 + /***** TOMOYO Linux end. *****/
1541 +
1542 err = security_socket_create(family, type, protocol, kern);
1543 if (err)
1544 return err;
1545 @@ -1337,6 +1354,13 @@ asmlinkage long sys_bind(int fd, struct
1546 err = security_socket_bind(sock,
1547 (struct sockaddr *)address,
1548 addrlen);
1549 + /***** TOMOYO Linux start. *****/
1550 + if (!err)
1551 + err = ccs_socket_bind_permission(sock,
1552 + (struct sockaddr *)
1553 + address,
1554 + addrlen);
1555 + /***** TOMOYO Linux end. *****/
1556 if (!err)
1557 err = sock->ops->bind(sock,
1558 (struct sockaddr *)
1559 @@ -1366,6 +1390,10 @@ asmlinkage long sys_listen(int fd, int b
1560 backlog = sysctl_somaxconn;
1561
1562 err = security_socket_listen(sock, backlog);
1563 + /***** TOMOYO Linux start. *****/
1564 + if (!err)
1565 + err = ccs_socket_listen_permission(sock);
1566 + /***** TOMOYO Linux end. *****/
1567 if (!err)
1568 err = sock->ops->listen(sock, backlog);
1569
1570 @@ -1430,6 +1458,13 @@ asmlinkage long sys_accept(int fd, struc
1571 if (err < 0)
1572 goto out_fd;
1573
1574 + /***** TOMOYO Linux start. *****/
1575 + if (ccs_socket_accept_permission(newsock,
1576 + (struct sockaddr *) address)) {
1577 + err = -ECONNABORTED; /* Hope less harmful than -EPERM. */
1578 + goto out_fd;
1579 + }
1580 + /***** TOMOYO Linux end. *****/
1581 if (upeer_sockaddr) {
1582 if (newsock->ops->getname(newsock, (struct sockaddr *)address,
1583 &len, 2) < 0) {
1584 @@ -1494,6 +1529,12 @@ asmlinkage long sys_connect(int fd, stru
1585 security_socket_connect(sock, (struct sockaddr *)address, addrlen);
1586 if (err)
1587 goto out_put;
1588 + /***** TOMOYO Linux start. *****/
1589 + err = ccs_socket_connect_permission(sock, (struct sockaddr *) address,
1590 + addrlen);
1591 + if (err)
1592 + goto out_put;
1593 + /***** TOMOYO Linux end. *****/
1594
1595 err = sock->ops->connect(sock, (struct sockaddr *)address, addrlen,
1596 sock->file->f_flags);
1597 --- linux-2.6.24-19.41.orig/net/unix/af_unix.c
1598 +++ linux-2.6.24-19.41/net/unix/af_unix.c
1599 @@ -116,6 +116,9 @@
1600 #include <linux/mount.h>
1601 #include <net/checksum.h>
1602 #include <linux/security.h>
1603 +/***** TOMOYO Linux start. *****/
1604 +#include <linux/tomoyo.h>
1605 +/***** TOMOYO Linux end. *****/
1606
1607 int sysctl_unix_max_dgram_qlen __read_mostly = 10;
1608
1609 @@ -796,6 +799,11 @@ static int unix_bind(struct socket *sock
1610 err = unix_autobind(sock);
1611 goto out;
1612 }
1613 + /***** TOMOYO Linux start. *****/
1614 + err = -EPERM;
1615 + if (sunaddr->sun_path[0] && !ccs_capable(TOMOYO_CREATE_UNIX_SOCKET))
1616 + goto out;
1617 + /***** TOMOYO Linux end. *****/
1618
1619 err = unix_mkname(sunaddr, addr_len, &hash);
1620 if (err < 0)
1621 @@ -839,6 +847,13 @@ static int unix_bind(struct socket *sock
1622 */
1623 mode = S_IFSOCK |
1624 (SOCK_INODE(sock)->i_mode & ~current->fs->umask);
1625 + /***** TOMOYO Linux start. *****/
1626 + err = pre_vfs_mknod(nd.dentry->d_inode, dentry, mode);
1627 + if (!err)
1628 + err = ccs_check_1path_perm(TYPE_MKSOCK_ACL, dentry,
1629 + nd.mnt);
1630 + if (!err)
1631 + /***** TOMOYO Linux end. *****/
1632 err = vfs_mknod(nd.dentry->d_inode, dentry, nd.mnt, mode, 0);
1633 if (err)
1634 goto out_mknod_dput;
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
Über OSDN
Software suchen
Entwickeln Software
Hilfeseiten