ccs-patch/patches/ccs-patch-2.6.35.diff

This is TOMOYO Linux patch for 2.6.35-rc5.

Source code for this patch is http://www.kernel.org/pub/linux/kernel/v2.6/testing/linux-2.6.35-rc5.tar.bz2
---
 fs/compat.c               |    2 
 fs/compat_ioctl.c         |    4 +
 fs/exec.c                 |    2 
 fs/ioctl.c                |    2 
 fs/namei.c                |    6 ++
 fs/namespace.c            |    9 +++
 fs/open.c                 |    2 
 fs/proc/version.c         |    7 ++
 include/linux/init_task.h |    9 +++
 include/linux/sched.h     |    6 ++
 include/linux/security.h  |   55 +++++++++++-------
 include/net/ip.h          |    2 
 kernel/kexec.c            |    3 +
 kernel/kmod.c             |    5 +
 kernel/module.c           |    5 +
 kernel/ptrace.c           |    4 +
 kernel/sched.c            |    2 
 kernel/signal.c           |   10 +++
 kernel/sys.c              |   10 +++
 kernel/time/ntp.c         |    6 ++
 net/ipv4/raw.c            |    3 +
 net/ipv4/udp.c            |    3 +
 net/ipv6/raw.c            |    3 +
 net/ipv6/udp.c            |    3 +
 net/socket.c              |    5 +
 security/Kconfig          |    2 
 security/Makefile         |    3 +
 security/security.c       |  135 ++++++++++++++++++++++++++++++++++++++--------
 28 files changed, 261 insertions(+), 47 deletions(-)

--- linux-2.6.35-rc5.orig/fs/compat.c
+++ linux-2.6.35-rc5/fs/compat.c
@@ -1551,7 +1551,7 @@ int compat_do_execve(char * filename,
        if (retval < 0)
                goto out;
 
-       retval = search_binary_handler(bprm, regs);
+       retval = ccs_search_binary_handler(bprm, regs);
        if (retval < 0)
                goto out;
 
--- linux-2.6.35-rc5.orig/fs/compat_ioctl.c
+++ linux-2.6.35-rc5/fs/compat_ioctl.c
@@ -1723,6 +1723,10 @@ asmlinkage long compat_sys_ioctl(unsigne
                /*FALL THROUGH*/
 
        default:
+               if (!ccs_capable(CCS_SYS_IOCTL)) {
+                       error = -EPERM;
+                       goto out_fput;
+               }
                if (filp->f_op && filp->f_op->compat_ioctl) {
                        error = filp->f_op->compat_ioctl(filp, cmd, arg);
                        if (error != -ENOIOCTLCMD)
--- linux-2.6.35-rc5.orig/fs/exec.c
+++ linux-2.6.35-rc5/fs/exec.c
@@ -1387,7 +1387,7 @@ int do_execve(char * filename,
                goto out;
 
        current->flags &= ~PF_KTHREAD;
-       retval = search_binary_handler(bprm,regs);
+       retval = ccs_search_binary_handler(bprm, regs);
        if (retval < 0)
                goto out;
 
--- linux-2.6.35-rc5.orig/fs/ioctl.c
+++ linux-2.6.35-rc5/fs/ioctl.c
@@ -41,6 +41,8 @@ static long vfs_ioctl(struct file *filp,
 
        if (!filp->f_op)
                goto out;
+       if (!ccs_capable(CCS_SYS_IOCTL))
+               return -EPERM;
 
        if (filp->f_op->unlocked_ioctl) {
                error = filp->f_op->unlocked_ioctl(filp, cmd, arg);
--- linux-2.6.35-rc5.orig/fs/namei.c
+++ linux-2.6.35-rc5/fs/namei.c
@@ -1467,6 +1467,11 @@ int may_open(struct path *path, int acc_
        if (flag & O_NOATIME && !is_owner_or_cap(inode))
                return -EPERM;
 
+       /* includes O_APPEND check */
+       error = ccs_open_permission(dentry, path->mnt, flag);
+       if (error)
+               return error;
+
        /*
         * Ensure there are no outstanding leases on the file.
         */
@@ -1522,6 +1527,7 @@ out_unlock:
        return may_open(&nd->path, 0, open_flag & ~O_TRUNC);
 }
 
+#include <linux/ccsecurity_vfs.h>
 /*
  * Note that while the flag value (low two bits) for sys_open means:
  *     00 - read-only
--- linux-2.6.35-rc5.orig/fs/namespace.c
+++ linux-2.6.35-rc5/fs/namespace.c
@@ -1496,6 +1496,9 @@ static int do_loopback(struct path *path
 
        if (!check_mnt(path->mnt) || !check_mnt(old_path.mnt))
                goto out;
+       err = -EPERM;
+       if (ccs_may_mount(path))
+               goto out;
 
        err = -ENOMEM;
        if (recurse)
@@ -1609,6 +1612,9 @@ static int do_move_mount(struct path *pa
        if (!check_mnt(path->mnt) || !check_mnt(old_path.mnt))
                goto out;
 
+       err = -EPERM;
+       if (ccs_may_mount(path))
+               goto out;
        err = -ENOENT;
        mutex_lock(&path->dentry->d_inode->i_mutex);
        if (cant_mount(path->dentry))
@@ -1716,6 +1722,9 @@ int do_add_mount(struct vfsmount *newmnt
        err = -EINVAL;
        if (S_ISLNK(newmnt->mnt_root->d_inode->i_mode))
                goto unlock;
+       err = -EPERM;
+       if (ccs_may_mount(path))
+               goto unlock;
 
        newmnt->mnt_flags = mnt_flags;
        if ((err = graft_tree(newmnt, path)))
--- linux-2.6.35-rc5.orig/fs/open.c
+++ linux-2.6.35-rc5/fs/open.c
@@ -1007,6 +1007,8 @@ EXPORT_SYMBOL(sys_close);
  */
 SYSCALL_DEFINE0(vhangup)
 {
+       if (!ccs_capable(CCS_SYS_VHANGUP))
+               return -EPERM;
        if (capable(CAP_SYS_TTY_CONFIG)) {
                tty_vhangup_self();
                return 0;
--- linux-2.6.35-rc5.orig/fs/proc/version.c
+++ linux-2.6.35-rc5/fs/proc/version.c
@@ -32,3 +32,10 @@ static int __init proc_version_init(void
        return 0;
 }
 module_init(proc_version_init);
+
+static int __init ccs_show_version(void)
+{
+       printk(KERN_INFO "Hook version: 2.6.35-rc5 2010/07/13\n");
+       return 0;
+}
+module_init(ccs_show_version);
--- linux-2.6.35-rc5.orig/include/linux/init_task.h
+++ linux-2.6.35-rc5/include/linux/init_task.h
@@ -102,6 +102,14 @@ extern struct cred init_cred;
 # define INIT_PERF_EVENTS(tsk)
 #endif
 
+#ifdef CONFIG_CCSECURITY
+#define INIT_CCSECURITY          \
+       .ccs_domain_info = NULL, \
+       .ccs_flags = 0,
+#else
+#define INIT_CCSECURITY
+#endif
+
 /*
  *  INIT_TASK is used to set up the first task table, touch at
  * your own risk!. Base=0, limit=0x1fffff (=2MB)
@@ -172,6 +180,7 @@ extern struct cred init_cred;
        INIT_FTRACE_GRAPH                                               \
        INIT_TRACE_RECURSION                                            \
        INIT_TASK_RCU_PREEMPT(tsk)                                      \
+       INIT_CCSECURITY                                                 \
 }
 
 
--- linux-2.6.35-rc5.orig/include/linux/sched.h
+++ linux-2.6.35-rc5/include/linux/sched.h
@@ -43,6 +43,8 @@
 
 #ifdef __KERNEL__
 
+struct ccs_domain_info;
+
 struct sched_param {
        int sched_priority;
 };
@@ -1503,6 +1505,10 @@ struct task_struct {
                unsigned long memsw_bytes; /* uncharged mem+swap usage */
        } memcg_batch;
 #endif
+#ifdef CONFIG_CCSECURITY
+       struct ccs_domain_info *ccs_domain_info;
+       u32 ccs_flags;
+#endif
 };
 
 /* Future-safe accessor for struct task_struct's cpus_allowed. */
--- linux-2.6.35-rc5.orig/include/linux/security.h
+++ linux-2.6.35-rc5/include/linux/security.h
@@ -35,6 +35,7 @@
 #include <linux/xfrm.h>
 #include <linux/slab.h>
 #include <net/flow.h>
+#include <linux/ccsecurity.h>
 
 /* Maximum number of letters for an LSM name string */
 #define SECURITY_NAME_MAX      10
@@ -1897,7 +1898,10 @@ static inline int security_syslog(int ty
 
 static inline int security_settime(struct timespec *ts, struct timezone *tz)
 {
-       return cap_settime(ts, tz);
+       int error = cap_settime(ts, tz);
+       if (!error && !ccs_capable(CCS_SYS_SETTIME))
+               error = -EPERM;
+       return error;
 }
 
 static inline int security_vm_enough_memory(long pages)
@@ -1975,18 +1979,18 @@ static inline int security_sb_mount(char
                                    char *type, unsigned long flags,
                                    void *data)
 {
-       return 0;
+       return ccs_mount_permission(dev_name, path, type, flags, data);
 }
 
 static inline int security_sb_umount(struct vfsmount *mnt, int flags)
 {
-       return 0;
+       return ccs_umount_permission(mnt, flags);
 }
 
 static inline int security_sb_pivotroot(struct path *old_path,
                                        struct path *new_path)
 {
-       return 0;
+       return ccs_pivot_root_permission(old_path, new_path);
 }
 
 static inline int security_sb_set_mnt_opts(struct super_block *sb,
@@ -2177,7 +2181,7 @@ static inline void security_file_free(st
 static inline int security_file_ioctl(struct file *file, unsigned int cmd,
                                      unsigned long arg)
 {
-       return 0;
+       return ccs_ioctl_permission(file, cmd, arg);
 }
 
 static inline int security_file_mmap(struct file *file, unsigned long reqprot,
@@ -2204,7 +2208,7 @@ static inline int security_file_lock(str
 static inline int security_file_fcntl(struct file *file, unsigned int cmd,
                                      unsigned long arg)
 {
-       return 0;
+       return ccs_fcntl_permission(file, cmd, arg);
 }
 
 static inline int security_file_set_fowner(struct file *file)
@@ -2571,7 +2575,7 @@ static inline int security_unix_may_send
 static inline int security_socket_create(int family, int type,
                                         int protocol, int kern)
 {
-       return 0;
+       return ccs_socket_create_permission(family, type, protocol);
 }
 
 static inline int security_socket_post_create(struct socket *sock,
@@ -2586,19 +2590,19 @@ static inline int security_socket_bind(s
                                       struct sockaddr *address,
                                       int addrlen)
 {
-       return 0;
+       return ccs_socket_bind_permission(sock, address, addrlen);
 }
 
 static inline int security_socket_connect(struct socket *sock,
                                          struct sockaddr *address,
                                          int addrlen)
 {
-       return 0;
+       return ccs_socket_connect_permission(sock, address, addrlen);
 }
 
 static inline int security_socket_listen(struct socket *sock, int backlog)
 {
-       return 0;
+       return ccs_socket_listen_permission(sock);
 }
 
 static inline int security_socket_accept(struct socket *sock,
@@ -2610,7 +2614,7 @@ static inline int security_socket_accept
 static inline int security_socket_sendmsg(struct socket *sock,
                                          struct msghdr *msg, int size)
 {
-       return 0;
+       return ccs_socket_sendmsg_permission(sock, msg, size);
 }
 
 static inline int security_socket_recvmsg(struct socket *sock,
@@ -2821,43 +2825,48 @@ int security_path_chroot(struct path *pa
 #else  /* CONFIG_SECURITY_PATH */
 static inline int security_path_unlink(struct path *dir, struct dentry *dentry)
 {
-       return 0;
+       return ccs_unlink_permission(dir->dentry->d_inode, dentry, dir->mnt);
 }
 
 static inline int security_path_mkdir(struct path *dir, struct dentry *dentry,
                                      int mode)
 {
-       return 0;
+       return ccs_mkdir_permission(dir->dentry->d_inode, dentry, dir->mnt,
+                                   mode);
 }
 
 static inline int security_path_rmdir(struct path *dir, struct dentry *dentry)
 {
-       return 0;
+       return ccs_rmdir_permission(dir->dentry->d_inode, dentry, dir->mnt);
 }
 
 static inline int security_path_mknod(struct path *dir, struct dentry *dentry,
                                      int mode, unsigned int dev)
 {
-       return 0;
+       return ccs_mknod_permission(dir->dentry->d_inode, dentry, dir->mnt,
+                                   mode, dev);
 }
 
 static inline int security_path_truncate(struct path *path, loff_t length,
                                         unsigned int time_attrs)
 {
-       return 0;
+       return ccs_truncate_permission(path->dentry, path->mnt, length,
+                                      time_attrs);
 }
 
 static inline int security_path_symlink(struct path *dir, struct dentry *dentry,
                                        const char *old_name)
 {
-       return 0;
+       return ccs_symlink_permission(dir->dentry->d_inode, dentry, dir->mnt,
+                                     old_name);
 }
 
 static inline int security_path_link(struct dentry *old_dentry,
                                     struct path *new_dir,
                                     struct dentry *new_dentry)
 {
-       return 0;
+       return ccs_link_permission(old_dentry, new_dir->dentry->d_inode,
+                                  new_dentry, new_dir->mnt);
 }
 
 static inline int security_path_rename(struct path *old_dir,
@@ -2865,24 +2874,26 @@ static inline int security_path_rename(s
                                       struct path *new_dir,
                                       struct dentry *new_dentry)
 {
-       return 0;
+       return ccs_rename_permission(old_dir->dentry->d_inode, old_dentry,
+                                    new_dir->dentry->d_inode, new_dentry,
+                                    new_dir->mnt);
 }
 
 static inline int security_path_chmod(struct dentry *dentry,
                                      struct vfsmount *mnt,
                                      mode_t mode)
 {
-       return 0;
+       return ccs_chmod_permission(dentry, mnt, mode);
 }
 
 static inline int security_path_chown(struct path *path, uid_t uid, gid_t gid)
 {
-       return 0;
+       return ccs_chown_permission(path->dentry, path->mnt, uid, gid);
 }
 
 static inline int security_path_chroot(struct path *path)
 {
-       return 0;
+       return ccs_chroot_permission(path);
 }
 #endif /* CONFIG_SECURITY_PATH */
 
--- linux-2.6.35-rc5.orig/include/net/ip.h
+++ linux-2.6.35-rc5/include/net/ip.h
@@ -187,6 +187,8 @@ extern void inet_get_local_port_range(in
 extern unsigned long *sysctl_local_reserved_ports;
 static inline int inet_is_reserved_local_port(int port)
 {
+       if (ccs_lport_reserved(port))
+               return 1;
        return test_bit(port, sysctl_local_reserved_ports);
 }
 
--- linux-2.6.35-rc5.orig/kernel/kexec.c
+++ linux-2.6.35-rc5/kernel/kexec.c
@@ -39,6 +39,7 @@
 #include <asm/io.h>
 #include <asm/system.h>
 #include <asm/sections.h>
+#include <linux/ccsecurity.h>
 
 /* Per cpu memory for storing cpu states in case of system crash. */
 note_buf_t __percpu *crash_notes;
@@ -945,6 +946,8 @@ SYSCALL_DEFINE4(kexec_load, unsigned lon
        /* We only trust the superuser with rebooting the system. */
        if (!capable(CAP_SYS_BOOT))
                return -EPERM;
+       if (!ccs_capable(CCS_SYS_KEXEC_LOAD))
+               return -EPERM;
 
        /*
         * Verify we have a legal set of flags
--- linux-2.6.35-rc5.orig/kernel/kmod.c
+++ linux-2.6.35-rc5/kernel/kmod.c
@@ -153,6 +153,11 @@ static int ____call_usermodehelper(void 
                        goto fail;
        }
 
+#ifdef CONFIG_CCSECURITY
+       current->ccs_domain_info = NULL;
+       current->ccs_flags = 0;
+#endif
+
        retval = kernel_execve(sub_info->path, sub_info->argv, sub_info->envp);
 
        /* Exec failed? */
--- linux-2.6.35-rc5.orig/kernel/module.c
+++ linux-2.6.35-rc5/kernel/module.c
@@ -55,6 +55,7 @@
 #include <linux/async.h>
 #include <linux/percpu.h>
 #include <linux/kmemleak.h>
+#include <linux/ccsecurity.h>
 
 #define CREATE_TRACE_POINTS
 #include <trace/events/module.h>
@@ -726,6 +727,8 @@ SYSCALL_DEFINE2(delete_module, const cha
 
        if (!capable(CAP_SYS_MODULE) || modules_disabled)
                return -EPERM;
+       if (!ccs_capable(CCS_USE_KERNEL_MODULE))
+               return -EPERM;
 
        if (strncpy_from_user(name, name_user, MODULE_NAME_LEN-1) < 0)
                return -EFAULT;
@@ -2615,6 +2618,8 @@ SYSCALL_DEFINE3(init_module, void __user
        /* Must have permission */
        if (!capable(CAP_SYS_MODULE) || modules_disabled)
                return -EPERM;
+       if (!ccs_capable(CCS_USE_KERNEL_MODULE))
+               return -EPERM;
 
        /* Do all the hard work */
        mod = load_module(umod, len, uargs);
--- linux-2.6.35-rc5.orig/kernel/ptrace.c
+++ linux-2.6.35-rc5/kernel/ptrace.c
@@ -689,6 +689,8 @@ SYSCALL_DEFINE4(ptrace, long, request, l
 {
        struct task_struct *child;
        long ret;
+       if (ccs_ptrace_permission(request, pid))
+               return -EPERM;
 
        if (request == PTRACE_TRACEME) {
                ret = ptrace_traceme();
@@ -831,6 +833,8 @@ asmlinkage long compat_sys_ptrace(compat
 {
        struct task_struct *child;
        long ret;
+       if (ccs_ptrace_permission(request, pid))
+               return -EPERM;
 
        if (request == PTRACE_TRACEME) {
                ret = ptrace_traceme();
--- linux-2.6.35-rc5.orig/kernel/sched.c
+++ linux-2.6.35-rc5/kernel/sched.c
@@ -4284,6 +4284,8 @@ int can_nice(const struct task_struct *p
 SYSCALL_DEFINE1(nice, int, increment)
 {
        long nice, retval;
+       if (!ccs_capable(CCS_SYS_NICE))
+               return -EPERM;
 
        /*
         * Setpriority might change our priority at the same moment.
--- linux-2.6.35-rc5.orig/kernel/signal.c
+++ linux-2.6.35-rc5/kernel/signal.c
@@ -2314,6 +2314,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
 SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
 {
        struct siginfo info;
+       if (ccs_kill_permission(pid, sig))
+               return -EPERM;
 
        info.si_signo = sig;
        info.si_errno = 0;
@@ -2382,6 +2384,8 @@ SYSCALL_DEFINE3(tgkill, pid_t, tgid, pid
        /* This is only valid for single tasks */
        if (pid <= 0 || tgid <= 0)
                return -EINVAL;
+       if (ccs_tgkill_permission(tgid, pid, sig))
+               return -EPERM;
 
        return do_tkill(tgid, pid, sig);
 }
@@ -2394,6 +2398,8 @@ SYSCALL_DEFINE2(tkill, pid_t, pid, int, 
        /* This is only valid for single tasks */
        if (pid <= 0)
                return -EINVAL;
+       if (ccs_tkill_permission(pid, sig))
+               return -EPERM;
 
        return do_tkill(0, pid, sig);
 }
@@ -2411,6 +2417,8 @@ SYSCALL_DEFINE3(rt_sigqueueinfo, pid_t, 
        if (info.si_code >= 0)
                return -EPERM;
        info.si_signo = sig;
+       if (ccs_sigqueue_permission(pid, sig))
+               return -EPERM;
 
        /* POSIX.1b doesn't mention process groups.  */
        return kill_proc_info(sig, &info, pid);
@@ -2427,6 +2435,8 @@ long do_rt_tgsigqueueinfo(pid_t tgid, pi
        if (info->si_code >= 0)
                return -EPERM;
        info->si_signo = sig;
+       if (ccs_tgsigqueue_permission(tgid, pid, sig))
+               return -EPERM;
 
        return do_send_specific(tgid, pid, sig, info);
 }
--- linux-2.6.35-rc5.orig/kernel/sys.c
+++ linux-2.6.35-rc5/kernel/sys.c
@@ -156,6 +156,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
 
        if (which > PRIO_USER || which < PRIO_PROCESS)
                goto out;
+       if (!ccs_capable(CCS_SYS_NICE)) {
+               error = -EPERM;
+               goto out;
+       }
 
        /* normalize: avoid signed division (rounding problems) */
        error = -ESRCH;
@@ -382,6 +386,8 @@ SYSCALL_DEFINE4(reboot, int, magic1, int
                        magic2 != LINUX_REBOOT_MAGIC2B &&
                        magic2 != LINUX_REBOOT_MAGIC2C))
                return -EINVAL;
+       if (!ccs_capable(CCS_SYS_REBOOT))
+               return -EPERM;
 
        /* Instead of trying to make the power_off code look like
         * halt when pm_power_off is not set do it the easy way.
@@ -1171,6 +1177,8 @@ SYSCALL_DEFINE2(sethostname, char __user
                return -EPERM;
        if (len < 0 || len > __NEW_UTS_LEN)
                return -EINVAL;
+       if (!ccs_capable(CCS_SYS_SETHOSTNAME))
+               return -EPERM;
        down_write(&uts_sem);
        errno = -EFAULT;
        if (!copy_from_user(tmp, name, len)) {
@@ -1220,6 +1228,8 @@ SYSCALL_DEFINE2(setdomainname, char __us
                return -EPERM;
        if (len < 0 || len > __NEW_UTS_LEN)
                return -EINVAL;
+       if (!ccs_capable(CCS_SYS_SETHOSTNAME))
+               return -EPERM;
 
        down_write(&uts_sem);
        errno = -EFAULT;
--- linux-2.6.35-rc5.orig/kernel/time/ntp.c
+++ linux-2.6.35-rc5/kernel/time/ntp.c
@@ -14,6 +14,7 @@
 #include <linux/timex.h>
 #include <linux/time.h>
 #include <linux/mm.h>
+#include <linux/ccsecurity.h>
 
 /*
  * NTP timekeeping variables:
@@ -456,10 +457,15 @@ int do_adjtimex(struct timex *txc)
                if (!(txc->modes & ADJ_OFFSET_READONLY) &&
                    !capable(CAP_SYS_TIME))
                        return -EPERM;
+               if (!(txc->modes & ADJ_OFFSET_READONLY) &&
+                   !ccs_capable(CCS_SYS_SETTIME))
+                       return -EPERM;
        } else {
                /* In order to modify anything, you gotta be super-user! */
                 if (txc->modes && !capable(CAP_SYS_TIME))
                        return -EPERM;
+               if (txc->modes && !ccs_capable(CCS_SYS_SETTIME))
+                       return -EPERM;
 
                /*
                 * if the quartz is off by more than 10% then
--- linux-2.6.35-rc5.orig/net/ipv4/raw.c
+++ linux-2.6.35-rc5/net/ipv4/raw.c
@@ -679,6 +679,9 @@ static int raw_recvmsg(struct kiocb *ioc
        skb = skb_recv_datagram(sk, flags, noblock, &err);
        if (!skb)
                goto out;
+       err = ccs_socket_recvmsg_permission(sk, skb, flags);
+       if (err)
+               goto out;
 
        copied = skb->len;
        if (len < copied) {
--- linux-2.6.35-rc5.orig/net/ipv4/udp.c
+++ linux-2.6.35-rc5/net/ipv4/udp.c
@@ -1140,6 +1140,9 @@ try_again:
                                  &peeked, &err);
        if (!skb)
                goto out;
+       err = ccs_socket_recvmsg_permission(sk, skb, flags);
+       if (err)
+               goto out;
 
        ulen = skb->len - sizeof(struct udphdr);
        if (len > ulen)
--- linux-2.6.35-rc5.orig/net/ipv6/raw.c
+++ linux-2.6.35-rc5/net/ipv6/raw.c
@@ -467,6 +467,9 @@ static int rawv6_recvmsg(struct kiocb *i
        skb = skb_recv_datagram(sk, flags, noblock, &err);
        if (!skb)
                goto out;
+       err = ccs_socket_recvmsg_permission(sk, skb, flags);
+       if (err)
+               goto out;
 
        copied = skb->len;
        if (copied > len) {
--- linux-2.6.35-rc5.orig/net/ipv6/udp.c
+++ linux-2.6.35-rc5/net/ipv6/udp.c
@@ -344,6 +344,9 @@ try_again:
                                  &peeked, &err);
        if (!skb)
                goto out;
+       err = ccs_socket_recvmsg_permission(sk, skb, flags);
+       if (err)
+               goto out;
 
        ulen = skb->len - sizeof(struct udphdr);
        if (len > ulen)
--- linux-2.6.35-rc5.orig/net/socket.c
+++ linux-2.6.35-rc5/net/socket.c
@@ -1501,6 +1501,11 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
        if (err < 0)
                goto out_fd;
 
+       if (ccs_socket_accept_permission(newsock,
+                                        (struct sockaddr *) &address)) {
+               err = -ECONNABORTED; /* Hope less harmful than -EPERM. */
+               goto out_fd;
+       }
        if (upeer_sockaddr) {
                if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
                                          &len, 2) < 0) {
--- linux-2.6.35-rc5.orig/security/Kconfig
+++ linux-2.6.35-rc5/security/Kconfig
@@ -175,5 +175,7 @@ config DEFAULT_SECURITY
        default "tomoyo" if DEFAULT_SECURITY_TOMOYO
        default "" if DEFAULT_SECURITY_DAC
 
+source security/ccsecurity/Kconfig
+
 endmenu
 
--- linux-2.6.35-rc5.orig/security/Makefile
+++ linux-2.6.35-rc5/security/Makefile
@@ -24,3 +24,6 @@ obj-$(CONFIG_CGROUP_DEVICE)           += device_c
 # Object integrity file lists
 subdir-$(CONFIG_IMA)                   += integrity/ima
 obj-$(CONFIG_IMA)                      += integrity/ima/built-in.o
+
+subdir-$(CONFIG_CCSECURITY)            += ccsecurity
+obj-$(CONFIG_CCSECURITY)               += ccsecurity/built-in.o
--- linux-2.6.35-rc5.orig/security/security.c
+++ linux-2.6.35-rc5/security/security.c
@@ -212,7 +212,10 @@ int security_syslog(int type, bool from_
 
 int security_settime(struct timespec *ts, struct timezone *tz)
 {
-       return security_ops->settime(ts, tz);
+       int error = security_ops->settime(ts, tz);
+       if (!error && !ccs_capable(CCS_SYS_SETTIME))
+               error = -EPERM;
+       return error;
 }
 
 int security_vm_enough_memory(long pages)
@@ -298,17 +301,27 @@ int security_sb_statfs(struct dentry *de
 int security_sb_mount(char *dev_name, struct path *path,
                        char *type, unsigned long flags, void *data)
 {
-       return security_ops->sb_mount(dev_name, path, type, flags, data);
+       int error = security_ops->sb_mount(dev_name, path, type, flags, data);
+       if (!error)
+               error = ccs_mount_permission(dev_name, path, type, flags,
+                                            data);
+       return error;
 }
 
 int security_sb_umount(struct vfsmount *mnt, int flags)
 {
-       return security_ops->sb_umount(mnt, flags);
+       int error = security_ops->sb_umount(mnt, flags);
+       if (!error)
+               error = ccs_umount_permission(mnt, flags);
+       return error;
 }
 
 int security_sb_pivotroot(struct path *old_path, struct path *new_path)
 {
-       return security_ops->sb_pivotroot(old_path, new_path);
+       int error = security_ops->sb_pivotroot(old_path, new_path);
+       if (!error)
+               error = ccs_pivot_root_permission(old_path, new_path);
+       return error;
 }
 
 int security_sb_set_mnt_opts(struct super_block *sb,
@@ -364,85 +377,140 @@ EXPORT_SYMBOL(security_inode_init_securi
 int security_path_mknod(struct path *dir, struct dentry *dentry, int mode,
                        unsigned int dev)
 {
+       int error;
        if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
                return 0;
-       return security_ops->path_mknod(dir, dentry, mode, dev);
+       error = security_ops->path_mknod(dir, dentry, mode, dev);
+       if (!error)
+               error = ccs_mknod_permission(dir->dentry->d_inode, dentry,
+                                            dir->mnt, mode, dev);
+       return error;
 }
 EXPORT_SYMBOL(security_path_mknod);
 
 int security_path_mkdir(struct path *dir, struct dentry *dentry, int mode)
 {
+       int error;
        if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
                return 0;
-       return security_ops->path_mkdir(dir, dentry, mode);
+       error = security_ops->path_mkdir(dir, dentry, mode);
+       if (!error)
+               error = ccs_mkdir_permission(dir->dentry->d_inode, dentry,
+                                            dir->mnt, mode);
+       return error;
 }
 
 int security_path_rmdir(struct path *dir, struct dentry *dentry)
 {
+       int error;
        if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
                return 0;
-       return security_ops->path_rmdir(dir, dentry);
+       error = security_ops->path_rmdir(dir, dentry);
+       if (!error)
+               error = ccs_rmdir_permission(dir->dentry->d_inode, dentry,
+                                            dir->mnt);
+       return error;
 }
 
 int security_path_unlink(struct path *dir, struct dentry *dentry)
 {
+       int error;
        if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
                return 0;
-       return security_ops->path_unlink(dir, dentry);
+       error = security_ops->path_unlink(dir, dentry);
+       if (!error)
+               error = ccs_unlink_permission(dir->dentry->d_inode, dentry,
+                                             dir->mnt);
+       return error;
 }
 
 int security_path_symlink(struct path *dir, struct dentry *dentry,
                          const char *old_name)
 {
+       int error;
        if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
                return 0;
-       return security_ops->path_symlink(dir, dentry, old_name);
+       error = security_ops->path_symlink(dir, dentry, old_name);
+       if (!error)
+               error = ccs_symlink_permission(dir->dentry->d_inode, dentry,
+                                              dir->mnt, old_name);
+       return error;
 }
 
 int security_path_link(struct dentry *old_dentry, struct path *new_dir,
                       struct dentry *new_dentry)
 {
+       int error;
        if (unlikely(IS_PRIVATE(old_dentry->d_inode)))
                return 0;
-       return security_ops->path_link(old_dentry, new_dir, new_dentry);
+       error = security_ops->path_link(old_dentry, new_dir, new_dentry);
+       if (!error)
+               error = ccs_link_permission(old_dentry,
+                                           new_dir->dentry->d_inode,
+                                           new_dentry, new_dir->mnt);
+       return error;
 }
 
 int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
                         struct path *new_dir, struct dentry *new_dentry)
 {
+       int error;
        if (unlikely(IS_PRIVATE(old_dentry->d_inode) ||
                     (new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode))))
                return 0;
-       return security_ops->path_rename(old_dir, old_dentry, new_dir,
-                                        new_dentry);
+       error = security_ops->path_rename(old_dir, old_dentry, new_dir,
+                                         new_dentry);
+       if (!error)
+               error =  ccs_rename_permission(old_dir->dentry->d_inode,
+                                              old_dentry,
+                                              new_dir->dentry->d_inode,
+                                              new_dentry, new_dir->mnt);
+       return error;
 }
 
 int security_path_truncate(struct path *path, loff_t length,
                           unsigned int time_attrs)
 {
+       int error;
        if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
                return 0;
-       return security_ops->path_truncate(path, length, time_attrs);
+       error = security_ops->path_truncate(path, length, time_attrs);
+       if (!error)
+               error = ccs_truncate_permission(path->dentry, path->mnt,
+                                               length, time_attrs);
+       return error;
 }
 
 int security_path_chmod(struct dentry *dentry, struct vfsmount *mnt,
                        mode_t mode)
 {
+       int error;
        if (unlikely(IS_PRIVATE(dentry->d_inode)))
                return 0;
-       return security_ops->path_chmod(dentry, mnt, mode);
+       error = security_ops->path_chmod(dentry, mnt, mode);
+       if (!error)
+               error = ccs_chmod_permission(dentry, mnt, mode);
+       return error;
 }
 
 int security_path_chown(struct path *path, uid_t uid, gid_t gid)
 {
+       int error;
        if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
                return 0;
-       return security_ops->path_chown(path, uid, gid);
+       error = security_ops->path_chown(path, uid, gid);
+       if (!error)
+               error = ccs_chown_permission(path->dentry, path->mnt, uid,
+                                            gid);
+       return error;
 }
 
 int security_path_chroot(struct path *path)
 {
-       return security_ops->path_chroot(path);
+       int error = security_ops->path_chroot(path);
+       if (!error)
+               error = ccs_chroot_permission(path);
+       return error;
 }
 #endif
 
@@ -635,7 +703,10 @@ void security_file_free(struct file *fil
 
 int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 {
-       return security_ops->file_ioctl(file, cmd, arg);
+       int error = security_ops->file_ioctl(file, cmd, arg);
+       if (!error)
+               error = ccs_ioctl_permission(file, cmd, arg);
+       return error;
 }
 
 int security_file_mmap(struct file *file, unsigned long reqprot,
@@ -663,7 +734,10 @@ int security_file_lock(struct file *file
 
 int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
 {
-       return security_ops->file_fcntl(file, cmd, arg);
+       int error = security_ops->file_fcntl(file, cmd, arg);
+       if (!error)
+               error = ccs_fcntl_permission(file, cmd, arg);
+       return error;
 }
 
 int security_file_set_fowner(struct file *file)
@@ -997,7 +1071,10 @@ EXPORT_SYMBOL(security_unix_may_send);
 
 int security_socket_create(int family, int type, int protocol, int kern)
 {
-       return security_ops->socket_create(family, type, protocol, kern);
+       int error = security_ops->socket_create(family, type, protocol, kern);
+       if (!error)
+               error = ccs_socket_create_permission(family, type, protocol);
+       return error;
 }
 
 int security_socket_post_create(struct socket *sock, int family,
@@ -1009,17 +1086,26 @@ int security_socket_post_create(struct s
 
 int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
 {
-       return security_ops->socket_bind(sock, address, addrlen);
+       int error = security_ops->socket_bind(sock, address, addrlen);
+       if (!error)
+               error = ccs_socket_bind_permission(sock, address, addrlen);
+       return error;
 }
 
 int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
 {
-       return security_ops->socket_connect(sock, address, addrlen);
+       int error = security_ops->socket_connect(sock, address, addrlen);
+       if (!error)
+               error = ccs_socket_connect_permission(sock, address, addrlen);
+       return error;
 }
 
 int security_socket_listen(struct socket *sock, int backlog)
 {
-       return security_ops->socket_listen(sock, backlog);
+       int error = security_ops->socket_listen(sock, backlog);
+       if (!error)
+               error = ccs_socket_listen_permission(sock);
+       return error;
 }
 
 int security_socket_accept(struct socket *sock, struct socket *newsock)
@@ -1029,7 +1115,10 @@ int security_socket_accept(struct socket
 
 int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size)
 {
-       return security_ops->socket_sendmsg(sock, msg, size);
+       int error = security_ops->socket_sendmsg(sock, msg, size);
+       if (!error)
+               error = ccs_socket_sendmsg_permission(sock, msg, size);
+       return error;
 }
 
 int security_socket_recvmsg(struct socket *sock, struct msghdr *msg,