Open-Source-Software-Entwicklung und Downloads

TOMOYO

Browse Subversion Repository

/[tomoyo]/trunk/1.8.x/ccs-patch/patches/ccs-patch-2.6.35.diff

Contents of /trunk/1.8.x/ccs-patch/patches/ccs-patch-2.6.35.diff

Parent Directory Parent Directory | Revision Log Revision Log

Revision 5915 - (show annotations) (download) (as text)
Thu Mar 8 06:10:35 2012 UTC (12 years, 2 months ago) by kumaneko
File MIME type: text/x-diff
File size: 28491 byte(s) 
Allow returning other errors when ptrace permission cannot be checked.
1 This is TOMOYO Linux patch for kernel 2.6.35.14.
2
3 Source code for this patch is http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.35/linux-2.6.35.14.tar.bz2
4 ---
5 fs/compat.c | 2
6 fs/exec.c | 2
7 fs/open.c | 2
8 fs/proc/version.c | 7 ++
9 include/linux/init_task.h | 9 +++
10 include/linux/sched.h | 6 ++
11 include/linux/security.h | 52 +++++++++--------
12 include/net/ip.h | 2
13 kernel/fork.c | 5 +
14 kernel/kexec.c | 3 +
15 kernel/module.c | 5 +
16 kernel/ptrace.c | 10 +++
17 kernel/sched.c | 2
18 kernel/signal.c | 10 +++
19 kernel/sys.c | 10 +++
20 kernel/time/ntp.c | 6 ++
21 net/ipv4/raw.c | 4 +
22 net/ipv4/udp.c | 4 +
23 net/ipv6/raw.c | 4 +
24 net/ipv6/udp.c | 4 +
25 net/socket.c | 4 +
26 net/unix/af_unix.c | 4 +
27 security/Kconfig | 2
28 security/Makefile | 3 +
29 security/security.c | 137 +++++++++++++++++++++++++++++++++++++---------
30 25 files changed, 248 insertions(+), 51 deletions(-)
31
32 --- linux-2.6.35.14.orig/fs/compat.c
33 +++ linux-2.6.35.14/fs/compat.c
34 @@ -1551,7 +1551,7 @@ int compat_do_execve(char * filename,
35 if (retval < 0)
36 goto out;
37
38 - retval = search_binary_handler(bprm, regs);
39 + retval = ccs_search_binary_handler(bprm, regs);
40 if (retval < 0)
41 goto out;
42
43 --- linux-2.6.35.14.orig/fs/exec.c
44 +++ linux-2.6.35.14/fs/exec.c
45 @@ -1425,7 +1425,7 @@ int do_execve(char * filename,
46 goto out;
47
48 current->flags &= ~PF_KTHREAD;
49 - retval = search_binary_handler(bprm,regs);
50 + retval = ccs_search_binary_handler(bprm, regs);
51 if (retval < 0)
52 goto out;
53
54 --- linux-2.6.35.14.orig/fs/open.c
55 +++ linux-2.6.35.14/fs/open.c
56 @@ -1007,6 +1007,8 @@ EXPORT_SYMBOL(sys_close);
57 */
58 SYSCALL_DEFINE0(vhangup)
59 {
60 + if (!ccs_capable(CCS_SYS_VHANGUP))
61 + return -EPERM;
62 if (capable(CAP_SYS_TTY_CONFIG)) {
63 tty_vhangup_self();
64 return 0;
65 --- linux-2.6.35.14.orig/fs/proc/version.c
66 +++ linux-2.6.35.14/fs/proc/version.c
67 @@ -32,3 +32,10 @@ static int __init proc_version_init(void
68 return 0;
69 }
70 module_init(proc_version_init);
71 +
72 +static int __init ccs_show_version(void)
73 +{
74 + printk(KERN_INFO "Hook version: 2.6.35.14 2012/03/08\n");
75 + return 0;
76 +}
77 +module_init(ccs_show_version);
78 --- linux-2.6.35.14.orig/include/linux/init_task.h
79 +++ linux-2.6.35.14/include/linux/init_task.h
80 @@ -102,6 +102,14 @@ extern struct cred init_cred;
81 # define INIT_PERF_EVENTS(tsk)
82 #endif
83
84 +#if defined(CONFIG_CCSECURITY) && !defined(CONFIG_CCSECURITY_USE_EXTERNAL_TASK_SECURITY)
85 +#define INIT_CCSECURITY \
86 + .ccs_domain_info = NULL, \
87 + .ccs_flags = 0,
88 +#else
89 +#define INIT_CCSECURITY
90 +#endif
91 +
92 /*
93 * INIT_TASK is used to set up the first task table, touch at
94 * your own risk!. Base=0, limit=0x1fffff (=2MB)
95 @@ -172,6 +180,7 @@ extern struct cred init_cred;
96 INIT_FTRACE_GRAPH \
97 INIT_TRACE_RECURSION \
98 INIT_TASK_RCU_PREEMPT(tsk) \
99 + INIT_CCSECURITY \
100 }
101
102
103 --- linux-2.6.35.14.orig/include/linux/sched.h
104 +++ linux-2.6.35.14/include/linux/sched.h
105 @@ -43,6 +43,8 @@
106
107 #ifdef __KERNEL__
108
109 +struct ccs_domain_info;
110 +
111 struct sched_param {
112 int sched_priority;
113 };
114 @@ -1499,6 +1501,10 @@ struct task_struct {
115 unsigned long memsw_bytes; /* uncharged mem+swap usage */
116 } memcg_batch;
117 #endif
118 +#if defined(CONFIG_CCSECURITY) && !defined(CONFIG_CCSECURITY_USE_EXTERNAL_TASK_SECURITY)
119 + struct ccs_domain_info *ccs_domain_info;
120 + u32 ccs_flags;
121 +#endif
122 };
123
124 /* Future-safe accessor for struct task_struct's cpus_allowed. */
125 --- linux-2.6.35.14.orig/include/linux/security.h
126 +++ linux-2.6.35.14/include/linux/security.h
127 @@ -35,6 +35,7 @@
128 #include <linux/xfrm.h>
129 #include <linux/slab.h>
130 #include <net/flow.h>
131 +#include <linux/ccsecurity.h>
132
133 /* Maximum number of letters for an LSM name string */
134 #define SECURITY_NAME_MAX 10
135 @@ -1897,7 +1898,10 @@ static inline int security_syslog(int ty
136
137 static inline int security_settime(struct timespec *ts, struct timezone *tz)
138 {
139 - return cap_settime(ts, tz);
140 + int error = cap_settime(ts, tz);
141 + if (!error && !ccs_capable(CCS_SYS_SETTIME))
142 + error = -EPERM;
143 + return error;
144 }
145
146 static inline int security_vm_enough_memory(long pages)
147 @@ -1975,18 +1979,18 @@ static inline int security_sb_mount(char
148 char *type, unsigned long flags,
149 void *data)
150 {
151 - return 0;
152 + return ccs_mount_permission(dev_name, path, type, flags, data);
153 }
154
155 static inline int security_sb_umount(struct vfsmount *mnt, int flags)
156 {
157 - return 0;
158 + return ccs_umount_permission(mnt, flags);
159 }
160
161 static inline int security_sb_pivotroot(struct path *old_path,
162 struct path *new_path)
163 {
164 - return 0;
165 + return ccs_pivot_root_permission(old_path, new_path);
166 }
167
168 static inline int security_sb_set_mnt_opts(struct super_block *sb,
169 @@ -2101,7 +2105,7 @@ static inline int security_inode_setattr
170 static inline int security_inode_getattr(struct vfsmount *mnt,
171 struct dentry *dentry)
172 {
173 - return 0;
174 + return ccs_getattr_permission(mnt, dentry);
175 }
176
177 static inline int security_inode_setxattr(struct dentry *dentry,
178 @@ -2177,7 +2181,7 @@ static inline void security_file_free(st
179 static inline int security_file_ioctl(struct file *file, unsigned int cmd,
180 unsigned long arg)
181 {
182 - return 0;
183 + return ccs_ioctl_permission(file, cmd, arg);
184 }
185
186 static inline int security_file_mmap(struct file *file, unsigned long reqprot,
187 @@ -2204,7 +2208,7 @@ static inline int security_file_lock(str
188 static inline int security_file_fcntl(struct file *file, unsigned int cmd,
189 unsigned long arg)
190 {
191 - return 0;
192 + return ccs_fcntl_permission(file, cmd, arg);
193 }
194
195 static inline int security_file_set_fowner(struct file *file)
196 @@ -2227,7 +2231,7 @@ static inline int security_file_receive(
197 static inline int security_dentry_open(struct file *file,
198 const struct cred *cred)
199 {
200 - return 0;
201 + return ccs_open_permission(file);
202 }
203
204 static inline int security_task_create(unsigned long clone_flags)
205 @@ -2571,7 +2575,7 @@ static inline int security_unix_may_send
206 static inline int security_socket_create(int family, int type,
207 int protocol, int kern)
208 {
209 - return 0;
210 + return ccs_socket_create_permission(family, type, protocol);
211 }
212
213 static inline int security_socket_post_create(struct socket *sock,
214 @@ -2586,19 +2590,19 @@ static inline int security_socket_bind(s
215 struct sockaddr *address,
216 int addrlen)
217 {
218 - return 0;
219 + return ccs_socket_bind_permission(sock, address, addrlen);
220 }
221
222 static inline int security_socket_connect(struct socket *sock,
223 struct sockaddr *address,
224 int addrlen)
225 {
226 - return 0;
227 + return ccs_socket_connect_permission(sock, address, addrlen);
228 }
229
230 static inline int security_socket_listen(struct socket *sock, int backlog)
231 {
232 - return 0;
233 + return ccs_socket_listen_permission(sock);
234 }
235
236 static inline int security_socket_accept(struct socket *sock,
237 @@ -2610,7 +2614,7 @@ static inline int security_socket_accept
238 static inline int security_socket_sendmsg(struct socket *sock,
239 struct msghdr *msg, int size)
240 {
241 - return 0;
242 + return ccs_socket_sendmsg_permission(sock, msg, size);
243 }
244
245 static inline int security_socket_recvmsg(struct socket *sock,
246 @@ -2821,43 +2825,43 @@ int security_path_chroot(struct path *pa
247 #else /* CONFIG_SECURITY_PATH */
248 static inline int security_path_unlink(struct path *dir, struct dentry *dentry)
249 {
250 - return 0;
251 + return ccs_unlink_permission(dentry, dir->mnt);
252 }
253
254 static inline int security_path_mkdir(struct path *dir, struct dentry *dentry,
255 int mode)
256 {
257 - return 0;
258 + return ccs_mkdir_permission(dentry, dir->mnt, mode);
259 }
260
261 static inline int security_path_rmdir(struct path *dir, struct dentry *dentry)
262 {
263 - return 0;
264 + return ccs_rmdir_permission(dentry, dir->mnt);
265 }
266
267 static inline int security_path_mknod(struct path *dir, struct dentry *dentry,
268 int mode, unsigned int dev)
269 {
270 - return 0;
271 + return ccs_mknod_permission(dentry, dir->mnt, mode, dev);
272 }
273
274 static inline int security_path_truncate(struct path *path, loff_t length,
275 unsigned int time_attrs)
276 {
277 - return 0;
278 + return ccs_truncate_permission(path->dentry, path->mnt);
279 }
280
281 static inline int security_path_symlink(struct path *dir, struct dentry *dentry,
282 const char *old_name)
283 {
284 - return 0;
285 + return ccs_symlink_permission(dentry, dir->mnt, old_name);
286 }
287
288 static inline int security_path_link(struct dentry *old_dentry,
289 struct path *new_dir,
290 struct dentry *new_dentry)
291 {
292 - return 0;
293 + return ccs_link_permission(old_dentry, new_dentry, new_dir->mnt);
294 }
295
296 static inline int security_path_rename(struct path *old_dir,
297 @@ -2865,24 +2869,24 @@ static inline int security_path_rename(s
298 struct path *new_dir,
299 struct dentry *new_dentry)
300 {
301 - return 0;
302 + return ccs_rename_permission(old_dentry, new_dentry, new_dir->mnt);
303 }
304
305 static inline int security_path_chmod(struct dentry *dentry,
306 struct vfsmount *mnt,
307 mode_t mode)
308 {
309 - return 0;
310 + return ccs_chmod_permission(dentry, mnt, mode);
311 }
312
313 static inline int security_path_chown(struct path *path, uid_t uid, gid_t gid)
314 {
315 - return 0;
316 + return ccs_chown_permission(path->dentry, path->mnt, uid, gid);
317 }
318
319 static inline int security_path_chroot(struct path *path)
320 {
321 - return 0;
322 + return ccs_chroot_permission(path);
323 }
324 #endif /* CONFIG_SECURITY_PATH */
325
326 --- linux-2.6.35.14.orig/include/net/ip.h
327 +++ linux-2.6.35.14/include/net/ip.h
328 @@ -187,6 +187,8 @@ extern void inet_get_local_port_range(in
329 extern unsigned long *sysctl_local_reserved_ports;
330 static inline int inet_is_reserved_local_port(int port)
331 {
332 + if (ccs_lport_reserved(port))
333 + return 1;
334 return test_bit(port, sysctl_local_reserved_ports);
335 }
336
337 --- linux-2.6.35.14.orig/kernel/fork.c
338 +++ linux-2.6.35.14/kernel/fork.c
339 @@ -187,6 +187,7 @@ void __put_task_struct(struct task_struc
340 delayacct_tsk_free(tsk);
341 put_signal_struct(tsk->signal);
342
343 + ccs_free_task_security(tsk);
344 if (!profile_handoff_task(tsk))
345 free_task(tsk);
346 }
347 @@ -1132,6 +1133,9 @@ static struct task_struct *copy_process(
348
349 if ((retval = audit_alloc(p)))
350 goto bad_fork_cleanup_policy;
351 + retval = ccs_alloc_task_security(p);
352 + if (retval)
353 + goto bad_fork_cleanup_audit;
354 /* copy all the process information */
355 if ((retval = copy_semundo(clone_flags, p)))
356 goto bad_fork_cleanup_audit;
357 @@ -1314,6 +1318,7 @@ bad_fork_cleanup_semundo:
358 exit_sem(p);
359 bad_fork_cleanup_audit:
360 audit_free(p);
361 + ccs_free_task_security(p);
362 bad_fork_cleanup_policy:
363 perf_event_free_task(p);
364 #ifdef CONFIG_NUMA
365 --- linux-2.6.35.14.orig/kernel/kexec.c
366 +++ linux-2.6.35.14/kernel/kexec.c
367 @@ -39,6 +39,7 @@
368 #include <asm/io.h>
369 #include <asm/system.h>
370 #include <asm/sections.h>
371 +#include <linux/ccsecurity.h>
372
373 /* Per cpu memory for storing cpu states in case of system crash. */
374 note_buf_t __percpu *crash_notes;
375 @@ -945,6 +946,8 @@ SYSCALL_DEFINE4(kexec_load, unsigned lon
376 /* We only trust the superuser with rebooting the system. */
377 if (!capable(CAP_SYS_BOOT))
378 return -EPERM;
379 + if (!ccs_capable(CCS_SYS_KEXEC_LOAD))
380 + return -EPERM;
381
382 /*
383 * Verify we have a legal set of flags
384 --- linux-2.6.35.14.orig/kernel/module.c
385 +++ linux-2.6.35.14/kernel/module.c
386 @@ -55,6 +55,7 @@
387 #include <linux/async.h>
388 #include <linux/percpu.h>
389 #include <linux/kmemleak.h>
390 +#include <linux/ccsecurity.h>
391
392 #define CREATE_TRACE_POINTS
393 #include <trace/events/module.h>
394 @@ -726,6 +727,8 @@ SYSCALL_DEFINE2(delete_module, const cha
395
396 if (!capable(CAP_SYS_MODULE) || modules_disabled)
397 return -EPERM;
398 + if (!ccs_capable(CCS_USE_KERNEL_MODULE))
399 + return -EPERM;
400
401 if (strncpy_from_user(name, name_user, MODULE_NAME_LEN-1) < 0)
402 return -EFAULT;
403 @@ -2617,6 +2620,8 @@ SYSCALL_DEFINE3(init_module, void __user
404 /* Must have permission */
405 if (!capable(CAP_SYS_MODULE) || modules_disabled)
406 return -EPERM;
407 + if (!ccs_capable(CCS_USE_KERNEL_MODULE))
408 + return -EPERM;
409
410 /* Do all the hard work */
411 mod = load_module(umod, len, uargs);
412 --- linux-2.6.35.14.orig/kernel/ptrace.c
413 +++ linux-2.6.35.14/kernel/ptrace.c
414 @@ -689,6 +689,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
415 {
416 struct task_struct *child;
417 long ret;
418 + {
419 + const int rc = ccs_ptrace_permission(request, pid);
420 + if (rc)
421 + return rc;
422 + }
423
424 if (request == PTRACE_TRACEME) {
425 ret = ptrace_traceme();
426 @@ -831,6 +836,11 @@ asmlinkage long compat_sys_ptrace(compat
427 {
428 struct task_struct *child;
429 long ret;
430 + {
431 + const int rc = ccs_ptrace_permission(request, pid);
432 + if (rc)
433 + return rc;
434 + }
435
436 if (request == PTRACE_TRACEME) {
437 ret = ptrace_traceme();
438 --- linux-2.6.35.14.orig/kernel/sched.c
439 +++ linux-2.6.35.14/kernel/sched.c
440 @@ -4516,6 +4516,8 @@ int can_nice(const struct task_struct *p
441 SYSCALL_DEFINE1(nice, int, increment)
442 {
443 long nice, retval;
444 + if (!ccs_capable(CCS_SYS_NICE))
445 + return -EPERM;
446
447 /*
448 * Setpriority might change our priority at the same moment.
449 --- linux-2.6.35.14.orig/kernel/signal.c
450 +++ linux-2.6.35.14/kernel/signal.c
451 @@ -2317,6 +2317,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
452 SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
453 {
454 struct siginfo info;
455 + if (ccs_kill_permission(pid, sig))
456 + return -EPERM;
457
458 info.si_signo = sig;
459 info.si_errno = 0;
460 @@ -2385,6 +2387,8 @@ SYSCALL_DEFINE3(tgkill, pid_t, tgid, pid
461 /* This is only valid for single tasks */
462 if (pid <= 0 || tgid <= 0)
463 return -EINVAL;
464 + if (ccs_tgkill_permission(tgid, pid, sig))
465 + return -EPERM;
466
467 return do_tkill(tgid, pid, sig);
468 }
469 @@ -2397,6 +2401,8 @@ SYSCALL_DEFINE2(tkill, pid_t, pid, int,
470 /* This is only valid for single tasks */
471 if (pid <= 0)
472 return -EINVAL;
473 + if (ccs_tkill_permission(pid, sig))
474 + return -EPERM;
475
476 return do_tkill(0, pid, sig);
477 }
478 @@ -2418,6 +2424,8 @@ SYSCALL_DEFINE3(rt_sigqueueinfo, pid_t,
479 return -EPERM;
480 }
481 info.si_signo = sig;
482 + if (ccs_sigqueue_permission(pid, sig))
483 + return -EPERM;
484
485 /* POSIX.1b doesn't mention process groups. */
486 return kill_proc_info(sig, &info, pid);
487 @@ -2438,6 +2446,8 @@ long do_rt_tgsigqueueinfo(pid_t tgid, pi
488 return -EPERM;
489 }
490 info->si_signo = sig;
491 + if (ccs_tgsigqueue_permission(tgid, pid, sig))
492 + return -EPERM;
493
494 return do_send_specific(tgid, pid, sig, info);
495 }
496 --- linux-2.6.35.14.orig/kernel/sys.c
497 +++ linux-2.6.35.14/kernel/sys.c
498 @@ -156,6 +156,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
499
500 if (which > PRIO_USER || which < PRIO_PROCESS)
501 goto out;
502 + if (!ccs_capable(CCS_SYS_NICE)) {
503 + error = -EPERM;
504 + goto out;
505 + }
506
507 /* normalize: avoid signed division (rounding problems) */
508 error = -ESRCH;
509 @@ -382,6 +386,8 @@ SYSCALL_DEFINE4(reboot, int, magic1, int
510 magic2 != LINUX_REBOOT_MAGIC2B &&
511 magic2 != LINUX_REBOOT_MAGIC2C))
512 return -EINVAL;
513 + if (!ccs_capable(CCS_SYS_REBOOT))
514 + return -EPERM;
515
516 /* Instead of trying to make the power_off code look like
517 * halt when pm_power_off is not set do it the easy way.
518 @@ -1173,6 +1179,8 @@ SYSCALL_DEFINE2(sethostname, char __user
519 return -EPERM;
520 if (len < 0 || len > __NEW_UTS_LEN)
521 return -EINVAL;
522 + if (!ccs_capable(CCS_SYS_SETHOSTNAME))
523 + return -EPERM;
524 down_write(&uts_sem);
525 errno = -EFAULT;
526 if (!copy_from_user(tmp, name, len)) {
527 @@ -1222,6 +1230,8 @@ SYSCALL_DEFINE2(setdomainname, char __us
528 return -EPERM;
529 if (len < 0 || len > __NEW_UTS_LEN)
530 return -EINVAL;
531 + if (!ccs_capable(CCS_SYS_SETHOSTNAME))
532 + return -EPERM;
533
534 down_write(&uts_sem);
535 errno = -EFAULT;
536 --- linux-2.6.35.14.orig/kernel/time/ntp.c
537 +++ linux-2.6.35.14/kernel/time/ntp.c
538 @@ -14,6 +14,7 @@
539 #include <linux/timex.h>
540 #include <linux/time.h>
541 #include <linux/mm.h>
542 +#include <linux/ccsecurity.h>
543
544 /*
545 * NTP timekeeping variables:
546 @@ -456,10 +457,15 @@ int do_adjtimex(struct timex *txc)
547 if (!(txc->modes & ADJ_OFFSET_READONLY) &&
548 !capable(CAP_SYS_TIME))
549 return -EPERM;
550 + if (!(txc->modes & ADJ_OFFSET_READONLY) &&
551 + !ccs_capable(CCS_SYS_SETTIME))
552 + return -EPERM;
553 } else {
554 /* In order to modify anything, you gotta be super-user! */
555 if (txc->modes && !capable(CAP_SYS_TIME))
556 return -EPERM;
557 + if (txc->modes && !ccs_capable(CCS_SYS_SETTIME))
558 + return -EPERM;
559
560 /*
561 * if the quartz is off by more than 10% then
562 --- linux-2.6.35.14.orig/net/ipv4/raw.c
563 +++ linux-2.6.35.14/net/ipv4/raw.c
564 @@ -679,6 +679,10 @@ static int raw_recvmsg(struct kiocb *ioc
565 skb = skb_recv_datagram(sk, flags, noblock, &err);
566 if (!skb)
567 goto out;
568 + if (ccs_socket_post_recvmsg_permission(sk, skb, flags)) {
569 + err = -EAGAIN; /* Hope less harmful than -EPERM. */
570 + goto out;
571 + }
572
573 copied = skb->len;
574 if (len < copied) {
575 --- linux-2.6.35.14.orig/net/ipv4/udp.c
576 +++ linux-2.6.35.14/net/ipv4/udp.c
577 @@ -1140,6 +1140,10 @@ try_again:
578 &peeked, &err);
579 if (!skb)
580 goto out;
581 + if (ccs_socket_post_recvmsg_permission(sk, skb, flags)) {
582 + err = -EAGAIN; /* Hope less harmful than -EPERM. */
583 + goto out;
584 + }
585
586 ulen = skb->len - sizeof(struct udphdr);
587 if (len > ulen)
588 --- linux-2.6.35.14.orig/net/ipv6/raw.c
589 +++ linux-2.6.35.14/net/ipv6/raw.c
590 @@ -467,6 +467,10 @@ static int rawv6_recvmsg(struct kiocb *i
591 skb = skb_recv_datagram(sk, flags, noblock, &err);
592 if (!skb)
593 goto out;
594 + if (ccs_socket_post_recvmsg_permission(sk, skb, flags)) {
595 + err = -EAGAIN; /* Hope less harmful than -EPERM. */
596 + goto out;
597 + }
598
599 copied = skb->len;
600 if (copied > len) {
601 --- linux-2.6.35.14.orig/net/ipv6/udp.c
602 +++ linux-2.6.35.14/net/ipv6/udp.c
603 @@ -353,6 +353,10 @@ try_again:
604 &peeked, &err);
605 if (!skb)
606 goto out;
607 + if (ccs_socket_post_recvmsg_permission(sk, skb, flags)) {
608 + err = -EAGAIN; /* Hope less harmful than -EPERM. */
609 + goto out;
610 + }
611
612 ulen = skb->len - sizeof(struct udphdr);
613 if (len > ulen)
614 --- linux-2.6.35.14.orig/net/socket.c
615 +++ linux-2.6.35.14/net/socket.c
616 @@ -1501,6 +1501,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
617 if (err < 0)
618 goto out_fd;
619
620 + if (ccs_socket_post_accept_permission(sock, newsock)) {
621 + err = -EAGAIN; /* Hope less harmful than -EPERM. */
622 + goto out_fd;
623 + }
624 if (upeer_sockaddr) {
625 if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
626 &len, 2) < 0) {
627 --- linux-2.6.35.14.orig/net/unix/af_unix.c
628 +++ linux-2.6.35.14/net/unix/af_unix.c
629 @@ -1720,6 +1720,10 @@ static int unix_dgram_recvmsg(struct kio
630
631 wake_up_interruptible_sync(&u->peer_wait);
632
633 + if (ccs_socket_post_recvmsg_permission(sk, skb, flags)) {
634 + err = -EAGAIN; /* Hope less harmful than -EPERM. */
635 + goto out_unlock;
636 + }
637 if (msg->msg_name)
638 unix_copy_addr(msg, skb->sk);
639
640 --- linux-2.6.35.14.orig/security/Kconfig
641 +++ linux-2.6.35.14/security/Kconfig
642 @@ -175,5 +175,7 @@ config DEFAULT_SECURITY
643 default "tomoyo" if DEFAULT_SECURITY_TOMOYO
644 default "" if DEFAULT_SECURITY_DAC
645
646 +source security/ccsecurity/Kconfig
647 +
648 endmenu
649
650 --- linux-2.6.35.14.orig/security/Makefile
651 +++ linux-2.6.35.14/security/Makefile
652 @@ -24,3 +24,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
653 # Object integrity file lists
654 subdir-$(CONFIG_IMA) += integrity/ima
655 obj-$(CONFIG_IMA) += integrity/ima/built-in.o
656 +
657 +subdir-$(CONFIG_CCSECURITY) += ccsecurity
658 +obj-$(CONFIG_CCSECURITY) += ccsecurity/built-in.o
659 --- linux-2.6.35.14.orig/security/security.c
660 +++ linux-2.6.35.14/security/security.c
661 @@ -212,7 +212,10 @@ int security_syslog(int type, bool from_
662
663 int security_settime(struct timespec *ts, struct timezone *tz)
664 {
665 - return security_ops->settime(ts, tz);
666 + int error = security_ops->settime(ts, tz);
667 + if (!error && !ccs_capable(CCS_SYS_SETTIME))
668 + error = -EPERM;
669 + return error;
670 }
671
672 int security_vm_enough_memory(long pages)
673 @@ -298,17 +301,27 @@ int security_sb_statfs(struct dentry *de
674 int security_sb_mount(char *dev_name, struct path *path,
675 char *type, unsigned long flags, void *data)
676 {
677 - return security_ops->sb_mount(dev_name, path, type, flags, data);
678 + int error = security_ops->sb_mount(dev_name, path, type, flags, data);
679 + if (!error)
680 + error = ccs_mount_permission(dev_name, path, type, flags,
681 + data);
682 + return error;
683 }
684
685 int security_sb_umount(struct vfsmount *mnt, int flags)
686 {
687 - return security_ops->sb_umount(mnt, flags);
688 + int error = security_ops->sb_umount(mnt, flags);
689 + if (!error)
690 + error = ccs_umount_permission(mnt, flags);
691 + return error;
692 }
693
694 int security_sb_pivotroot(struct path *old_path, struct path *new_path)
695 {
696 - return security_ops->sb_pivotroot(old_path, new_path);
697 + int error = security_ops->sb_pivotroot(old_path, new_path);
698 + if (!error)
699 + error = ccs_pivot_root_permission(old_path, new_path);
700 + return error;
701 }
702
703 int security_sb_set_mnt_opts(struct super_block *sb,
704 @@ -364,85 +377,131 @@ EXPORT_SYMBOL(security_inode_init_securi
705 int security_path_mknod(struct path *dir, struct dentry *dentry, int mode,
706 unsigned int dev)
707 {
708 + int error;
709 if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
710 return 0;
711 - return security_ops->path_mknod(dir, dentry, mode, dev);
712 + error = security_ops->path_mknod(dir, dentry, mode, dev);
713 + if (!error)
714 + error = ccs_mknod_permission(dentry, dir->mnt, mode, dev);
715 + return error;
716 }
717 EXPORT_SYMBOL(security_path_mknod);
718
719 int security_path_mkdir(struct path *dir, struct dentry *dentry, int mode)
720 {
721 + int error;
722 if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
723 return 0;
724 - return security_ops->path_mkdir(dir, dentry, mode);
725 + error = security_ops->path_mkdir(dir, dentry, mode);
726 + if (!error)
727 + error = ccs_mkdir_permission(dentry, dir->mnt, mode);
728 + return error;
729 }
730
731 int security_path_rmdir(struct path *dir, struct dentry *dentry)
732 {
733 + int error;
734 if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
735 return 0;
736 - return security_ops->path_rmdir(dir, dentry);
737 + error = security_ops->path_rmdir(dir, dentry);
738 + if (!error)
739 + error = ccs_rmdir_permission(dentry, dir->mnt);
740 + return error;
741 }
742
743 int security_path_unlink(struct path *dir, struct dentry *dentry)
744 {
745 + int error;
746 if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
747 return 0;
748 - return security_ops->path_unlink(dir, dentry);
749 + error = security_ops->path_unlink(dir, dentry);
750 + if (!error)
751 + error = ccs_unlink_permission(dentry, dir->mnt);
752 + return error;
753 }
754
755 int security_path_symlink(struct path *dir, struct dentry *dentry,
756 const char *old_name)
757 {
758 + int error;
759 if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
760 return 0;
761 - return security_ops->path_symlink(dir, dentry, old_name);
762 + error = security_ops->path_symlink(dir, dentry, old_name);
763 + if (!error)
764 + error = ccs_symlink_permission(dentry, dir->mnt, old_name);
765 + return error;
766 }
767
768 int security_path_link(struct dentry *old_dentry, struct path *new_dir,
769 struct dentry *new_dentry)
770 {
771 + int error;
772 if (unlikely(IS_PRIVATE(old_dentry->d_inode)))
773 return 0;
774 - return security_ops->path_link(old_dentry, new_dir, new_dentry);
775 + error = security_ops->path_link(old_dentry, new_dir, new_dentry);
776 + if (!error)
777 + error = ccs_link_permission(old_dentry, new_dentry,
778 + new_dir->mnt);
779 + return error;
780 }
781
782 int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
783 struct path *new_dir, struct dentry *new_dentry)
784 {
785 + int error;
786 if (unlikely(IS_PRIVATE(old_dentry->d_inode) ||
787 (new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode))))
788 return 0;
789 - return security_ops->path_rename(old_dir, old_dentry, new_dir,
790 - new_dentry);
791 + error = security_ops->path_rename(old_dir, old_dentry, new_dir,
792 + new_dentry);
793 + if (!error)
794 + error = ccs_rename_permission(old_dentry, new_dentry,
795 + new_dir->mnt);
796 + return error;
797 }
798
799 int security_path_truncate(struct path *path, loff_t length,
800 unsigned int time_attrs)
801 {
802 + int error;
803 if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
804 return 0;
805 - return security_ops->path_truncate(path, length, time_attrs);
806 + error = security_ops->path_truncate(path, length, time_attrs);
807 + if (!error)
808 + error = ccs_truncate_permission(path->dentry, path->mnt);
809 + return error;
810 }
811
812 int security_path_chmod(struct dentry *dentry, struct vfsmount *mnt,
813 mode_t mode)
814 {
815 + int error;
816 if (unlikely(IS_PRIVATE(dentry->d_inode)))
817 return 0;
818 - return security_ops->path_chmod(dentry, mnt, mode);
819 + error = security_ops->path_chmod(dentry, mnt, mode);
820 + if (!error)
821 + error = ccs_chmod_permission(dentry, mnt, mode);
822 + return error;
823 }
824
825 int security_path_chown(struct path *path, uid_t uid, gid_t gid)
826 {
827 + int error;
828 if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
829 return 0;
830 - return security_ops->path_chown(path, uid, gid);
831 + error = security_ops->path_chown(path, uid, gid);
832 + if (!error)
833 + error = ccs_chown_permission(path->dentry, path->mnt, uid,
834 + gid);
835 + return error;
836 }
837
838 int security_path_chroot(struct path *path)
839 {
840 - return security_ops->path_chroot(path);
841 + int error = security_ops->path_chroot(path);
842 + if (!error)
843 + error = ccs_chroot_permission(path);
844 + return error;
845 }
846 #endif
847
848 @@ -540,9 +599,13 @@ EXPORT_SYMBOL_GPL(security_inode_setattr
849
850 int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
851 {
852 + int error;
853 if (unlikely(IS_PRIVATE(dentry->d_inode)))
854 return 0;
855 - return security_ops->inode_getattr(mnt, dentry);
856 + error = security_ops->inode_getattr(mnt, dentry);
857 + if (!error)
858 + error = ccs_getattr_permission(mnt, dentry);
859 + return error;
860 }
861
862 int security_inode_setxattr(struct dentry *dentry, const char *name,
863 @@ -635,7 +698,10 @@ void security_file_free(struct file *fil
864
865 int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
866 {
867 - return security_ops->file_ioctl(file, cmd, arg);
868 + int error = security_ops->file_ioctl(file, cmd, arg);
869 + if (!error)
870 + error = ccs_ioctl_permission(file, cmd, arg);
871 + return error;
872 }
873
874 int security_file_mmap(struct file *file, unsigned long reqprot,
875 @@ -663,7 +729,10 @@ int security_file_lock(struct file *file
876
877 int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
878 {
879 - return security_ops->file_fcntl(file, cmd, arg);
880 + int error = security_ops->file_fcntl(file, cmd, arg);
881 + if (!error)
882 + error = ccs_fcntl_permission(file, cmd, arg);
883 + return error;
884 }
885
886 int security_file_set_fowner(struct file *file)
887 @@ -684,7 +753,10 @@ int security_file_receive(struct file *f
888
889 int security_dentry_open(struct file *file, const struct cred *cred)
890 {
891 - return security_ops->dentry_open(file, cred);
892 + int error = security_ops->dentry_open(file, cred);
893 + if (!error)
894 + error = ccs_open_permission(file);
895 + return error;
896 }
897
898 int security_task_create(unsigned long clone_flags)
899 @@ -997,7 +1069,10 @@ EXPORT_SYMBOL(security_unix_may_send);
900
901 int security_socket_create(int family, int type, int protocol, int kern)
902 {
903 - return security_ops->socket_create(family, type, protocol, kern);
904 + int error = security_ops->socket_create(family, type, protocol, kern);
905 + if (!error)
906 + error = ccs_socket_create_permission(family, type, protocol);
907 + return error;
908 }
909
910 int security_socket_post_create(struct socket *sock, int family,
911 @@ -1009,17 +1084,26 @@ int security_socket_post_create(struct s
912
913 int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
914 {
915 - return security_ops->socket_bind(sock, address, addrlen);
916 + int error = security_ops->socket_bind(sock, address, addrlen);
917 + if (!error)
918 + error = ccs_socket_bind_permission(sock, address, addrlen);
919 + return error;
920 }
921
922 int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
923 {
924 - return security_ops->socket_connect(sock, address, addrlen);
925 + int error = security_ops->socket_connect(sock, address, addrlen);
926 + if (!error)
927 + error = ccs_socket_connect_permission(sock, address, addrlen);
928 + return error;
929 }
930
931 int security_socket_listen(struct socket *sock, int backlog)
932 {
933 - return security_ops->socket_listen(sock, backlog);
934 + int error = security_ops->socket_listen(sock, backlog);
935 + if (!error)
936 + error = ccs_socket_listen_permission(sock);
937 + return error;
938 }
939
940 int security_socket_accept(struct socket *sock, struct socket *newsock)
941 @@ -1029,7 +1113,10 @@ int security_socket_accept(struct socket
942
943 int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size)
944 {
945 - return security_ops->socket_sendmsg(sock, msg, size);
946 + int error = security_ops->socket_sendmsg(sock, msg, size);
947 + if (!error)
948 + error = ccs_socket_sendmsg_permission(sock, msg, size);
949 + return error;
950 }
951
952 int security_socket_recvmsg(struct socket *sock, struct msghdr *msg,
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
Über OSDN
Software suchen
Entwickeln Software
Hilfeseiten