1 |
diff -ubBpEr linux-2.6.19/Makefile linux-2.6.19-ccs/Makefile |
diff -ubBpEr linux-2.6.19/Makefile linux-2.6.19-ccs/Makefile |
2 |
--- linux-2.6.19/Makefile 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/Makefile 2007-03-03 10:49:57.000000000 +0900 |
3 |
+++ linux-2.6.19-ccs/Makefile 2006-11-30 11:30:34.000000000 +0900 |
+++ linux-2.6.19-ccs/Makefile 2007-03-03 10:55:25.000000000 +0900 |
4 |
@@ -1,7 +1,7 @@ |
@@ -1,7 +1,7 @@ |
5 |
VERSION = 2 |
VERSION = 2 |
6 |
PATCHLEVEL = 6 |
PATCHLEVEL = 6 |
11 |
|
|
12 |
# *DOCUMENTATION* |
# *DOCUMENTATION* |
13 |
diff -ubBpEr linux-2.6.19/fs/Kconfig linux-2.6.19-ccs/fs/Kconfig |
diff -ubBpEr linux-2.6.19/fs/Kconfig linux-2.6.19-ccs/fs/Kconfig |
14 |
--- linux-2.6.19/fs/Kconfig 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/fs/Kconfig 2007-03-03 10:49:57.000000000 +0900 |
15 |
+++ linux-2.6.19-ccs/fs/Kconfig 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/fs/Kconfig 2007-03-03 10:55:25.000000000 +0900 |
16 |
@@ -2098,5 +2098,7 @@ endif |
@@ -2098,5 +2098,7 @@ endif |
17 |
source "fs/nls/Kconfig" |
source "fs/nls/Kconfig" |
18 |
source "fs/dlm/Kconfig" |
source "fs/dlm/Kconfig" |
22 |
endmenu |
endmenu |
23 |
|
|
24 |
diff -ubBpEr linux-2.6.19/fs/Makefile linux-2.6.19-ccs/fs/Makefile |
diff -ubBpEr linux-2.6.19/fs/Makefile linux-2.6.19-ccs/fs/Makefile |
25 |
--- linux-2.6.19/fs/Makefile 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/fs/Makefile 2007-03-03 10:49:57.000000000 +0900 |
26 |
+++ linux-2.6.19-ccs/fs/Makefile 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/fs/Makefile 2007-03-03 10:55:25.000000000 +0900 |
27 |
@@ -114,3 +114,5 @@ obj-$(CONFIG_HPPFS) += hppfs/ |
@@ -114,3 +114,5 @@ obj-$(CONFIG_HPPFS) += hppfs/ |
28 |
obj-$(CONFIG_DEBUG_FS) += debugfs/ |
obj-$(CONFIG_DEBUG_FS) += debugfs/ |
29 |
obj-$(CONFIG_OCFS2_FS) += ocfs2/ |
obj-$(CONFIG_OCFS2_FS) += ocfs2/ |
31 |
+ |
+ |
32 |
+include $(srctree)/fs/Makefile-2.6.ccs |
+include $(srctree)/fs/Makefile-2.6.ccs |
33 |
diff -ubBpEr linux-2.6.19/fs/attr.c linux-2.6.19-ccs/fs/attr.c |
diff -ubBpEr linux-2.6.19/fs/attr.c linux-2.6.19-ccs/fs/attr.c |
34 |
--- linux-2.6.19/fs/attr.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/fs/attr.c 2007-03-03 11:38:54.000000000 +0900 |
35 |
+++ linux-2.6.19-ccs/fs/attr.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/fs/attr.c 2007-03-03 11:38:54.000000000 +0900 |
36 |
@@ -15,6 +15,9 @@ |
@@ -15,6 +15,9 @@ |
37 |
#include <linux/fcntl.h> |
#include <linux/fcntl.h> |
38 |
#include <linux/quotaops.h> |
#include <linux/quotaops.h> |
65 |
if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) || |
if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) || |
66 |
(ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid)) |
(ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid)) |
67 |
diff -ubBpEr linux-2.6.19/fs/compat.c linux-2.6.19-ccs/fs/compat.c |
diff -ubBpEr linux-2.6.19/fs/compat.c linux-2.6.19-ccs/fs/compat.c |
68 |
--- linux-2.6.19/fs/compat.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/fs/compat.c 2007-03-03 11:38:54.000000000 +0900 |
69 |
+++ linux-2.6.19-ccs/fs/compat.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/fs/compat.c 2007-03-03 11:38:54.000000000 +0900 |
70 |
@@ -53,6 +53,9 @@ |
@@ -53,6 +53,9 @@ |
71 |
#include <asm/mmu_context.h> |
#include <asm/mmu_context.h> |
72 |
#include <asm/ioctls.h> |
#include <asm/ioctls.h> |
87 |
if (filp->f_op && filp->f_op->compat_ioctl) { |
if (filp->f_op && filp->f_op->compat_ioctl) { |
88 |
error = filp->f_op->compat_ioctl(filp, cmd, arg); |
error = filp->f_op->compat_ioctl(filp, cmd, arg); |
89 |
if (error != -ENOIOCTLCMD) |
if (error != -ENOIOCTLCMD) |
90 |
|
@@ -1547,7 +1553,7 @@ int compat_do_execve(char * filename, |
91 |
|
if (retval < 0) |
92 |
|
goto out; |
93 |
|
|
94 |
|
- retval = search_binary_handler(bprm, regs); |
95 |
|
+ retval = search_binary_handler_with_transition(bprm, regs); |
96 |
|
if (retval >= 0) { |
97 |
|
free_arg_pages(bprm); |
98 |
|
|
99 |
diff -ubBpEr linux-2.6.19/fs/exec.c linux-2.6.19-ccs/fs/exec.c |
diff -ubBpEr linux-2.6.19/fs/exec.c linux-2.6.19-ccs/fs/exec.c |
100 |
--- linux-2.6.19/fs/exec.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/fs/exec.c 2007-03-03 11:38:54.000000000 +0900 |
101 |
+++ linux-2.6.19-ccs/fs/exec.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/fs/exec.c 2007-03-06 10:04:16.000000000 +0900 |
102 |
@@ -57,6 +57,13 @@ |
@@ -57,6 +57,10 @@ |
103 |
#include <linux/kmod.h> |
#include <linux/kmod.h> |
104 |
#endif |
#endif |
105 |
|
|
|
+/***** SAKURA Linux start. *****/ |
|
|
+#include <linux/sakura.h> |
|
|
+/***** SAKURA Linux end. *****/ |
|
106 |
+/***** TOMOYO Linux start. *****/ |
+/***** TOMOYO Linux start. *****/ |
107 |
+#include <linux/tomoyo.h> |
+#include <linux/tomoyo.h> |
108 |
+/***** TOMOYO Linux end. *****/ |
+/***** TOMOYO Linux end. *****/ |
110 |
int core_uses_pid; |
int core_uses_pid; |
111 |
char core_pattern[128] = "core"; |
char core_pattern[128] = "core"; |
112 |
int suid_dumpable = 0; |
int suid_dumpable = 0; |
113 |
@@ -139,6 +146,11 @@ asmlinkage long sys_uselib(const char __ |
@@ -139,6 +143,11 @@ asmlinkage long sys_uselib(const char __ |
114 |
if (error) |
if (error) |
115 |
goto exit; |
goto exit; |
116 |
|
|
122 |
file = nameidata_to_filp(&nd, O_RDONLY); |
file = nameidata_to_filp(&nd, O_RDONLY); |
123 |
error = PTR_ERR(file); |
error = PTR_ERR(file); |
124 |
if (IS_ERR(file)) |
if (IS_ERR(file)) |
125 |
@@ -1128,6 +1140,25 @@ int do_execve(char * filename, |
@@ -486,6 +495,9 @@ struct file *open_exec(const char *name) |
126 |
struct file *file; |
if (!(nd.mnt->mnt_flags & MNT_NOEXEC) && |
127 |
int retval; |
S_ISREG(inode->i_mode)) { |
128 |
int i; |
int err = vfs_permission(&nd, MAY_EXEC); |
129 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
130 |
+#ifdef CONFIG_TOMOYO |
+ if (!err && (current->tomoyo_flags & TOMOYO_CHECK_READ_FOR_OPEN_EXEC)) err = CheckOpenPermission(nd.dentry, nd.mnt, 01); /* 01 means "read". */ |
131 |
+ struct domain_info *next_domain = NULL; |
+ /***** TOMOYO Linux end. *****/ |
132 |
+#endif |
file = ERR_PTR(err); |
133 |
+ /***** TOMOYO Linux end. *****/ |
if (!err) { |
134 |
+ |
file = nameidata_to_filp(&nd, O_RDONLY); |
135 |
+ /***** CCS Start. *****/ |
@@ -1184,7 +1196,8 @@ int do_execve(char * filename, |
136 |
+#if defined(CONFIG_SAKURA) || defined(CONFIG_TOMOYO) |
if (retval < 0) |
|
+ extern void CCS_LoadPolicy(const char *filename); |
|
|
+ CCS_LoadPolicy(filename); |
|
|
+#endif |
|
|
+ /***** CCS end. *****/ |
|
|
+ |
|
|
+ /***** SAKURA Linux start. *****/ |
|
|
+#ifdef CONFIG_SAKURA_DROP_CAPABILITY_API |
|
|
+ if (strcmp(filename, "\\\\disable") == 0) return DropTaskCapability(argv); |
|
|
+ if (CheckTaskCapability(SAKURA_DISABLE_EXECVE) < 0) return -EPERM; |
|
|
+#endif |
|
|
+ /***** SAKURA Linux end. *****/ |
|
|
|
|
|
retval = -ENOMEM; |
|
|
bprm = kzalloc(sizeof(*bprm), GFP_KERNEL); |
|
|
@@ -1139,6 +1170,15 @@ int do_execve(char * filename, |
|
|
if (IS_ERR(file)) |
|
|
goto out_kfree; |
|
|
|
|
|
+ /***** TOMOYO Linux start. *****/ |
|
|
+#ifdef CONFIG_TOMOYO |
|
|
+ retval = FindNextDomain(filename, file, &next_domain, argv); |
|
|
+ if (retval < 0) { |
|
|
+ allow_write_access(file); fput(file); goto out_kfree; |
|
|
+ } |
|
|
+#endif |
|
|
+ /***** TOMOYO Linux end. *****/ |
|
|
+ |
|
|
sched_exec(); |
|
|
|
|
|
bprm->p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *); |
|
|
@@ -1185,6 +1225,19 @@ int do_execve(char * filename, |
|
137 |
goto out; |
goto out; |
138 |
|
|
139 |
retval = search_binary_handler(bprm,regs); |
- retval = search_binary_handler(bprm,regs); |
140 |
+ |
+ retval = search_binary_handler_with_transition(bprm,regs); |
|
+ /***** TOMOYO Linux start. *****/ |
|
|
+#ifdef CONFIG_TOMOYO |
|
|
+ if (retval >= 0) current->domain_info = next_domain; |
|
|
+#endif |
|
|
+ /***** TOMOYO Linux end. *****/ |
|
|
+ |
|
|
+ /***** SAKURA Linux start. *****/ |
|
|
+#ifdef CONFIG_SAKURA_DROP_CAPABILITY_API |
|
|
+ if (retval >= 0) RestoreTaskCapability(); |
|
|
+#endif |
|
|
+ /***** SAKURA Linux end. *****/ |
|
141 |
+ |
+ |
142 |
if (retval >= 0) { |
if (retval >= 0) { |
143 |
free_arg_pages(bprm); |
free_arg_pages(bprm); |
144 |
|
|
145 |
diff -ubBpEr linux-2.6.19/fs/fcntl.c linux-2.6.19-ccs/fs/fcntl.c |
diff -ubBpEr linux-2.6.19/fs/fcntl.c linux-2.6.19-ccs/fs/fcntl.c |
146 |
--- linux-2.6.19/fs/fcntl.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/fs/fcntl.c 2007-03-03 11:38:54.000000000 +0900 |
147 |
+++ linux-2.6.19-ccs/fs/fcntl.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/fs/fcntl.c 2007-03-03 11:38:54.000000000 +0900 |
148 |
@@ -22,6 +22,9 @@ |
@@ -22,6 +22,9 @@ |
149 |
#include <asm/poll.h> |
#include <asm/poll.h> |
150 |
#include <asm/siginfo.h> |
#include <asm/siginfo.h> |
167 |
if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME)) |
if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME)) |
168 |
if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) |
if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) |
169 |
diff -ubBpEr linux-2.6.19/fs/ioctl.c linux-2.6.19-ccs/fs/ioctl.c |
diff -ubBpEr linux-2.6.19/fs/ioctl.c linux-2.6.19-ccs/fs/ioctl.c |
170 |
--- linux-2.6.19/fs/ioctl.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/fs/ioctl.c 2007-03-03 11:38:54.000000000 +0900 |
171 |
+++ linux-2.6.19-ccs/fs/ioctl.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/fs/ioctl.c 2007-03-03 11:38:54.000000000 +0900 |
172 |
@@ -15,6 +15,9 @@ |
@@ -15,6 +15,9 @@ |
173 |
|
|
174 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
190 |
if (filp->f_op->unlocked_ioctl) { |
if (filp->f_op->unlocked_ioctl) { |
191 |
error = filp->f_op->unlocked_ioctl(filp, cmd, arg); |
error = filp->f_op->unlocked_ioctl(filp, cmd, arg); |
192 |
diff -ubBpEr linux-2.6.19/fs/namei.c linux-2.6.19-ccs/fs/namei.c |
diff -ubBpEr linux-2.6.19/fs/namei.c linux-2.6.19-ccs/fs/namei.c |
193 |
--- linux-2.6.19/fs/namei.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/fs/namei.c 2007-03-03 11:38:54.000000000 +0900 |
194 |
+++ linux-2.6.19-ccs/fs/namei.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/fs/namei.c 2007-03-03 11:41:23.000000000 +0900 |
195 |
@@ -37,6 +37,13 @@ |
@@ -37,6 +37,10 @@ |
196 |
|
|
197 |
#define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE]) |
#define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE]) |
198 |
|
|
|
+/***** SAKURA Linux start. *****/ |
|
|
+#include <linux/sakura.h> |
|
|
+/***** SAKURA Linux end. *****/ |
|
199 |
+/***** TOMOYO Linux start. *****/ |
+/***** TOMOYO Linux start. *****/ |
200 |
+#include <linux/tomoyo.h> |
+#include <linux/tomoyo.h> |
201 |
+/***** TOMOYO Linux end. *****/ |
+/***** TOMOYO Linux end. *****/ |
203 |
/* [Feb-1997 T. Schoebel-Theuer] |
/* [Feb-1997 T. Schoebel-Theuer] |
204 |
* Fundamental changes in the pathname lookup mechanisms (namei) |
* Fundamental changes in the pathname lookup mechanisms (namei) |
205 |
* were necessary because of omirr. The reason is that omirr needs |
* were necessary because of omirr. The reason is that omirr needs |
206 |
@@ -817,6 +824,13 @@ static fastcall int __link_path_walk(con |
@@ -1509,6 +1513,9 @@ int vfs_create(struct inode *dir, struct |
|
int err; |
|
|
unsigned int lookup_flags = nd->flags; |
|
|
|
|
|
+ /***** SAKURA Linux start. *****/ |
|
|
+ if (CheckEUID() < 0) { |
|
|
+ path_release(nd); |
|
|
+ return -EPERM; |
|
|
+ } |
|
|
+ /***** SAKURA Linux end. *****/ |
|
|
+ |
|
|
while (*name=='/') |
|
|
name++; |
|
|
if (!*name) |
|
|
@@ -1509,6 +1523,9 @@ int vfs_create(struct inode *dir, struct |
|
207 |
error = security_inode_create(dir, dentry, mode); |
error = security_inode_create(dir, dentry, mode); |
208 |
if (error) |
if (error) |
209 |
return error; |
return error; |
213 |
DQUOT_INIT(dir); |
DQUOT_INIT(dir); |
214 |
error = dir->i_op->create(dir, dentry, mode, nd); |
error = dir->i_op->create(dir, dentry, mode, nd); |
215 |
if (!error) |
if (!error) |
216 |
@@ -1548,7 +1565,7 @@ int may_open(struct nameidata *nd, int a |
@@ -1564,6 +1571,11 @@ int may_open(struct nameidata *nd, int a |
|
|
|
|
flag &= ~O_TRUNC; |
|
|
} else if (IS_RDONLY(inode) && (flag & FMODE_WRITE)) |
|
|
- return -EROFS; |
|
|
+ { ROFS_Log_from_dentry(nd->dentry, nd->mnt, "may_open"); return -EROFS; } /***** ReadOnly Tracer *****/ |
|
|
/* |
|
|
* An append-only file must be opened in append mode for writing. |
|
|
*/ |
|
|
@@ -1564,6 +1581,11 @@ int may_open(struct nameidata *nd, int a |
|
217 |
if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) |
if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) |
218 |
return -EPERM; |
return -EPERM; |
219 |
|
|
225 |
/* |
/* |
226 |
* Ensure there are no outstanding leases on the file. |
* Ensure there are no outstanding leases on the file. |
227 |
*/ |
*/ |
228 |
@@ -1613,6 +1635,9 @@ static int open_namei_create(struct name |
@@ -1613,6 +1625,9 @@ static int open_namei_create(struct name |
229 |
return may_open(nd, 0, flag & ~O_TRUNC); |
return may_open(nd, 0, flag & ~O_TRUNC); |
230 |
} |
} |
231 |
|
|
235 |
/* |
/* |
236 |
* open_namei() |
* open_namei() |
237 |
* |
* |
238 |
@@ -1735,6 +1760,7 @@ ok: |
@@ -1873,6 +1888,12 @@ asmlinkage long sys_mknodat(int dfd, con |
|
exit_dput: |
|
|
dput_path(&path, nd); |
|
|
exit: |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd->dentry, nd->mnt, "open_namei"); /***** ReadOnly Tracer *****/ |
|
|
if (!IS_ERR(nd->intent.open.file)) |
|
|
release_open_intent(nd); |
|
|
path_release(nd); |
|
|
@@ -1873,6 +1899,12 @@ asmlinkage long sys_mknodat(int dfd, con |
|
239 |
|
|
240 |
if (S_ISDIR(mode)) |
if (S_ISDIR(mode)) |
241 |
return -EPERM; |
return -EPERM; |
248 |
tmp = getname(filename); |
tmp = getname(filename); |
249 |
if (IS_ERR(tmp)) |
if (IS_ERR(tmp)) |
250 |
return PTR_ERR(tmp); |
return PTR_ERR(tmp); |
251 |
@@ -1891,10 +1923,16 @@ asmlinkage long sys_mknodat(int dfd, con |
@@ -1891,10 +1912,16 @@ asmlinkage long sys_mknodat(int dfd, con |
252 |
error = vfs_create(nd.dentry->d_inode,dentry,mode,&nd); |
error = vfs_create(nd.dentry->d_inode,dentry,mode,&nd); |
253 |
break; |
break; |
254 |
case S_IFCHR: case S_IFBLK: |
case S_IFCHR: case S_IFBLK: |
265 |
error = vfs_mknod(nd.dentry->d_inode,dentry,mode,0); |
error = vfs_mknod(nd.dentry->d_inode,dentry,mode,0); |
266 |
break; |
break; |
267 |
case S_IFDIR: |
case S_IFDIR: |
268 |
@@ -1903,6 +1941,7 @@ asmlinkage long sys_mknodat(int dfd, con |
@@ -1962,6 +1989,9 @@ asmlinkage long sys_mkdirat(int dfd, con |
|
default: |
|
|
error = -EINVAL; |
|
|
} |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "sys_mknod"); /***** ReadOnly Tracer *****/ |
|
|
dput(dentry); |
|
|
} |
|
|
mutex_unlock(&nd.dentry->d_inode->i_mutex); |
|
|
@@ -1962,7 +2001,11 @@ asmlinkage long sys_mkdirat(int dfd, con |
|
269 |
|
|
270 |
if (!IS_POSIXACL(nd.dentry->d_inode)) |
if (!IS_POSIXACL(nd.dentry->d_inode)) |
271 |
mode &= ~current->fs->umask; |
mode &= ~current->fs->umask; |
273 |
+ if ((error = pre_vfs_mkdir(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_MKDIR_ACL, dentry, nd.mnt)) == 0) |
+ if ((error = pre_vfs_mkdir(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_MKDIR_ACL, dentry, nd.mnt)) == 0) |
274 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
275 |
error = vfs_mkdir(nd.dentry->d_inode, dentry, mode); |
error = vfs_mkdir(nd.dentry->d_inode, dentry, mode); |
|
+ if (error == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "sys_mkdir"); /***** ReadOnly Tracer *****/ |
|
276 |
dput(dentry); |
dput(dentry); |
277 |
out_unlock: |
out_unlock: |
278 |
mutex_unlock(&nd.dentry->d_inode->i_mutex); |
@@ -2070,6 +2100,9 @@ static long do_rmdir(int dfd, const char |
|
@@ -2070,7 +2113,11 @@ static long do_rmdir(int dfd, const char |
|
279 |
error = PTR_ERR(dentry); |
error = PTR_ERR(dentry); |
280 |
if (IS_ERR(dentry)) |
if (IS_ERR(dentry)) |
281 |
goto exit2; |
goto exit2; |
283 |
+ if ((error = pre_vfs_rmdir(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_RMDIR_ACL, dentry, nd.mnt)) == 0) |
+ if ((error = pre_vfs_rmdir(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_RMDIR_ACL, dentry, nd.mnt)) == 0) |
284 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
285 |
error = vfs_rmdir(nd.dentry->d_inode, dentry); |
error = vfs_rmdir(nd.dentry->d_inode, dentry); |
|
+ if (error == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "sys_rmdir"); /***** ReadOnly Tracer *****/ |
|
286 |
dput(dentry); |
dput(dentry); |
287 |
exit2: |
exit2: |
288 |
mutex_unlock(&nd.dentry->d_inode->i_mutex); |
@@ -2129,6 +2162,9 @@ static long do_unlinkat(int dfd, const c |
|
@@ -2129,6 +2176,9 @@ static long do_unlinkat(int dfd, const c |
|
289 |
struct dentry *dentry; |
struct dentry *dentry; |
290 |
struct nameidata nd; |
struct nameidata nd; |
291 |
struct inode *inode = NULL; |
struct inode *inode = NULL; |
295 |
|
|
296 |
name = getname(pathname); |
name = getname(pathname); |
297 |
if(IS_ERR(name)) |
if(IS_ERR(name)) |
298 |
@@ -2150,7 +2200,11 @@ static long do_unlinkat(int dfd, const c |
@@ -2150,6 +2186,9 @@ static long do_unlinkat(int dfd, const c |
299 |
inode = dentry->d_inode; |
inode = dentry->d_inode; |
300 |
if (inode) |
if (inode) |
301 |
atomic_inc(&inode->i_count); |
atomic_inc(&inode->i_count); |
303 |
+ if ((error = pre_vfs_unlink(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_UNLINK_ACL, dentry, nd.mnt)) == 0) |
+ if ((error = pre_vfs_unlink(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_UNLINK_ACL, dentry, nd.mnt)) == 0) |
304 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
305 |
error = vfs_unlink(nd.dentry->d_inode, dentry); |
error = vfs_unlink(nd.dentry->d_inode, dentry); |
|
+ if (error == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "sys_unlink"); /***** ReadOnly Tracer *****/ |
|
306 |
exit2: |
exit2: |
307 |
dput(dentry); |
dput(dentry); |
308 |
} |
@@ -2214,6 +2253,9 @@ asmlinkage long sys_symlinkat(const char |
|
@@ -2214,6 +2268,9 @@ asmlinkage long sys_symlinkat(const char |
|
309 |
char * to; |
char * to; |
310 |
struct dentry *dentry; |
struct dentry *dentry; |
311 |
struct nameidata nd; |
struct nameidata nd; |
315 |
|
|
316 |
from = getname(oldname); |
from = getname(oldname); |
317 |
if(IS_ERR(from)) |
if(IS_ERR(from)) |
318 |
@@ -2231,7 +2288,11 @@ asmlinkage long sys_symlinkat(const char |
@@ -2231,6 +2273,9 @@ asmlinkage long sys_symlinkat(const char |
319 |
if (IS_ERR(dentry)) |
if (IS_ERR(dentry)) |
320 |
goto out_unlock; |
goto out_unlock; |
321 |
|
|
323 |
+ if ((error = pre_vfs_symlink(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_SYMLINK_ACL, dentry, nd.mnt)) == 0) |
+ if ((error = pre_vfs_symlink(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_SYMLINK_ACL, dentry, nd.mnt)) == 0) |
324 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
325 |
error = vfs_symlink(nd.dentry->d_inode, dentry, from, S_IALLUGO); |
error = vfs_symlink(nd.dentry->d_inode, dentry, from, S_IALLUGO); |
|
+ if (error == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "vfs_symlink"); /***** ReadOnly Tracer *****/ |
|
326 |
dput(dentry); |
dput(dentry); |
327 |
out_unlock: |
out_unlock: |
328 |
mutex_unlock(&nd.dentry->d_inode->i_mutex); |
@@ -2303,6 +2348,9 @@ asmlinkage long sys_linkat(int olddfd, c |
|
@@ -2303,6 +2364,9 @@ asmlinkage long sys_linkat(int olddfd, c |
|
329 |
struct nameidata nd, old_nd; |
struct nameidata nd, old_nd; |
330 |
int error; |
int error; |
331 |
char * to; |
char * to; |
335 |
|
|
336 |
if ((flags & ~AT_SYMLINK_FOLLOW) != 0) |
if ((flags & ~AT_SYMLINK_FOLLOW) != 0) |
337 |
return -EINVAL; |
return -EINVAL; |
338 |
@@ -2326,7 +2390,11 @@ asmlinkage long sys_linkat(int olddfd, c |
@@ -2326,6 +2374,9 @@ asmlinkage long sys_linkat(int olddfd, c |
339 |
error = PTR_ERR(new_dentry); |
error = PTR_ERR(new_dentry); |
340 |
if (IS_ERR(new_dentry)) |
if (IS_ERR(new_dentry)) |
341 |
goto out_unlock; |
goto out_unlock; |
343 |
+ if ((error = pre_vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry)) == 0 && (error = CheckDoubleWritePermission(TYPE_LINK_ACL, old_nd.dentry, old_nd.mnt, new_dentry, nd.mnt)) == 0) |
+ if ((error = pre_vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry)) == 0 && (error = CheckDoubleWritePermission(TYPE_LINK_ACL, old_nd.dentry, old_nd.mnt, new_dentry, nd.mnt)) == 0) |
344 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
345 |
error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry); |
error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry); |
|
+ if (error == -EROFS) ROFS_Log_from_dentry(new_dentry, nd.mnt, "vfs_link"); /***** ReadOnly Tracer *****/ |
|
346 |
dput(new_dentry); |
dput(new_dentry); |
347 |
out_unlock: |
out_unlock: |
348 |
mutex_unlock(&nd.dentry->d_inode->i_mutex); |
@@ -2551,6 +2602,12 @@ static int do_rename(int olddfd, const c |
|
@@ -2551,6 +2619,12 @@ static int do_rename(int olddfd, const c |
|
349 |
error = -ENOTEMPTY; |
error = -ENOTEMPTY; |
350 |
if (new_dentry == trap) |
if (new_dentry == trap) |
351 |
goto exit5; |
goto exit5; |
358 |
|
|
359 |
error = vfs_rename(old_dir->d_inode, old_dentry, |
error = vfs_rename(old_dir->d_inode, old_dentry, |
360 |
new_dir->d_inode, new_dentry); |
new_dir->d_inode, new_dentry); |
361 |
@@ -2565,6 +2639,7 @@ exit2: |
@@ -2574,6 +2631,9 @@ asmlinkage long sys_renameat(int olddfd, |
|
exit1: |
|
|
path_release(&oldnd); |
|
|
exit: |
|
|
+ if (error == -EROFS) ROFS_Log(oldname, "do_rename"); /***** ReadOnly Tracer *****/ |
|
|
return error; |
|
|
} |
|
|
|
|
|
@@ -2574,6 +2649,9 @@ asmlinkage long sys_renameat(int olddfd, |
|
362 |
int error; |
int error; |
363 |
char * from; |
char * from; |
364 |
char * to; |
char * to; |
369 |
from = getname(oldname); |
from = getname(oldname); |
370 |
if(IS_ERR(from)) |
if(IS_ERR(from)) |
371 |
diff -ubBpEr linux-2.6.19/fs/namespace.c linux-2.6.19-ccs/fs/namespace.c |
diff -ubBpEr linux-2.6.19/fs/namespace.c linux-2.6.19-ccs/fs/namespace.c |
372 |
--- linux-2.6.19/fs/namespace.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/fs/namespace.c 2007-03-03 11:38:54.000000000 +0900 |
373 |
+++ linux-2.6.19-ccs/fs/namespace.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/fs/namespace.c 2007-03-06 10:02:06.000000000 +0900 |
374 |
@@ -28,6 +28,12 @@ |
@@ -28,6 +28,12 @@ |
375 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
376 |
#include <asm/unistd.h> |
#include <asm/unistd.h> |
411 |
goto out; |
goto out; |
412 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
413 |
+ err = -EPERM; |
+ err = -EPERM; |
414 |
+ if (SAKURA_MayMount(nd) < 0 || CheckTaskCapability(SAKURA_DISABLE_MOUNT) < 0) goto out; |
+ if (SAKURA_MayMount(nd) < 0) goto out; |
415 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
416 |
|
|
417 |
err = -ENOMEM; |
err = -ENOMEM; |
423 |
- |
- |
424 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
425 |
+ err = -EPERM; |
+ err = -EPERM; |
426 |
+ if (SAKURA_MayUmount(old_nd.mnt) < 0 || SAKURA_MayMount(nd) < 0 || CheckTaskCapability(SAKURA_DISABLE_MOUNT) < 0) goto out; |
+ if (SAKURA_MayUmount(old_nd.mnt) < 0 || SAKURA_MayMount(nd) < 0) goto out; |
427 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
428 |
err = -ENOENT; |
err = -ENOENT; |
429 |
mutex_lock(&nd->dentry->d_inode->i_mutex); |
mutex_lock(&nd->dentry->d_inode->i_mutex); |
434 |
goto unlock; |
goto unlock; |
435 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
436 |
+ err = -EPERM; |
+ err = -EPERM; |
437 |
+ if (SAKURA_MayMount(nd) < 0 || CheckTaskCapability(SAKURA_DISABLE_MOUNT) < 0) goto unlock; |
+ if (SAKURA_MayMount(nd) < 0) goto unlock; |
438 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
439 |
|
|
440 |
newmnt->mnt_flags = mnt_flags; |
newmnt->mnt_flags = mnt_flags; |
441 |
if ((err = graft_tree(newmnt, nd))) |
if ((err = graft_tree(newmnt, nd))) |
442 |
@@ -1547,6 +1571,9 @@ asmlinkage long sys_mount(char __user * |
@@ -1394,6 +1418,13 @@ long do_mount(char *dev_name, char *dir_ |
443 |
unsigned long type_page; |
if (data_page) |
444 |
unsigned long dev_page; |
((char *)data_page)[PAGE_SIZE - 1] = 0; |
445 |
char *dir_page; |
|
446 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
447 |
+ if (CheckCapabilityACL(TOMOYO_SYS_MOUNT)) return -EPERM; |
+ if (CheckCapabilityACL(TOMOYO_SYS_MOUNT)) return -EPERM; |
448 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
|
|
|
|
retval = copy_mount_options(type, &type_page); |
|
|
if (retval < 0) |
|
|
@@ -1565,6 +1592,15 @@ asmlinkage long sys_mount(char __user * |
|
|
if (retval < 0) |
|
|
goto out3; |
|
|
|
|
449 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
450 |
+ retval = -EPERM; |
+ if (CheckMountPermission(dev_name, dir_name, type_page, &flags)) return -EPERM; |
|
+ if (CheckMountPermission((char *) dev_page, dir_page, (char *) type_page, &flags) < 0 || |
|
|
+ CheckTaskCapability(SAKURA_DISABLE_MOUNT) < 0) { |
|
|
+ free_page(data_page); |
|
|
+ goto out3; |
|
|
+ } |
|
451 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
452 |
+ |
+ |
453 |
lock_kernel(); |
/* Separate the per-mountpoint flags */ |
454 |
retval = do_mount((char *)dev_page, dir_page, (char *)type_page, |
if (flags & MS_NOSUID) |
455 |
flags, (void *)data_page); |
mnt_flags |= MNT_NOSUID; |
456 |
@@ -1684,6 +1720,10 @@ asmlinkage long sys_pivot_root(const cha |
@@ -1684,6 +1715,10 @@ asmlinkage long sys_pivot_root(const cha |
457 |
if (!capable(CAP_SYS_ADMIN)) |
if (!capable(CAP_SYS_ADMIN)) |
458 |
return -EPERM; |
return -EPERM; |
459 |
|
|
460 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
461 |
+ if (CheckPivotRootPermission() < 0 || CheckTaskCapability(SAKURA_DISABLE_PIVOTROOT) < 0) return -EPERM; |
+ if (CheckPivotRootPermission() < 0) return -EPERM; |
462 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
463 |
+ |
+ |
464 |
lock_kernel(); |
lock_kernel(); |
465 |
|
|
466 |
error = __user_walk(new_root, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, |
error = __user_walk(new_root, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, |
467 |
diff -ubBpEr linux-2.6.19/fs/open.c linux-2.6.19-ccs/fs/open.c |
diff -ubBpEr linux-2.6.19/fs/open.c linux-2.6.19-ccs/fs/open.c |
468 |
--- linux-2.6.19/fs/open.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/fs/open.c 2007-03-03 11:38:54.000000000 +0900 |
469 |
+++ linux-2.6.19-ccs/fs/open.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/fs/open.c 2007-03-05 13:50:53.000000000 +0900 |
470 |
@@ -27,6 +27,12 @@ |
@@ -27,6 +27,12 @@ |
471 |
#include <linux/syscalls.h> |
#include <linux/syscalls.h> |
472 |
#include <linux/rcupdate.h> |
#include <linux/rcupdate.h> |
490 |
error = locks_verify_truncate(inode, NULL, length); |
error = locks_verify_truncate(inode, NULL, length); |
491 |
if (!error) { |
if (!error) { |
492 |
DQUOT_INIT(inode); |
DQUOT_INIT(inode); |
493 |
@@ -272,6 +281,7 @@ static long do_sys_truncate(const char _ |
@@ -317,6 +326,9 @@ static long do_sys_ftruncate(unsigned in |
|
put_write_access(inode); |
|
|
|
|
|
dput_and_out: |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "do_sys_truncate"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
out: |
|
|
return error; |
|
|
@@ -317,10 +327,14 @@ static long do_sys_ftruncate(unsigned in |
|
494 |
if (IS_APPEND(inode)) |
if (IS_APPEND(inode)) |
495 |
goto out_putf; |
goto out_putf; |
496 |
|
|
500 |
error = locks_verify_truncate(inode, file, length); |
error = locks_verify_truncate(inode, file, length); |
501 |
if (!error) |
if (!error) |
502 |
error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, file); |
error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, file); |
503 |
out_putf: |
@@ -469,6 +481,9 @@ asmlinkage long sys_chroot(const char __ |
|
+ if (error == -EROFS) ROFS_Log_from_dentry(file->f_dentry, file->f_vfsmnt, "do_sys_ftruncate"); /***** ReadOnly Tracer *****/ |
|
|
fput(file); |
|
|
out: |
|
|
return error; |
|
|
@@ -399,6 +413,9 @@ asmlinkage long sys_faccessat(int dfd, c |
|
|
res = -EROFS; |
|
|
|
|
|
out_path_release: |
|
|
+#if 0 |
|
|
+ if (res == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_access"); /***** ReadOnly Tracer *****/ |
|
|
+#endif |
|
|
path_release(&nd); |
|
|
out: |
|
|
current->fsuid = old_fsuid; |
|
|
@@ -469,6 +486,9 @@ asmlinkage long sys_chroot(const char __ |
|
504 |
{ |
{ |
505 |
struct nameidata nd; |
struct nameidata nd; |
506 |
int error; |
int error; |
510 |
|
|
511 |
error = __user_walk(filename, LOOKUP_FOLLOW | LOOKUP_DIRECTORY | LOOKUP_NOALT, &nd); |
error = __user_walk(filename, LOOKUP_FOLLOW | LOOKUP_DIRECTORY | LOOKUP_NOALT, &nd); |
512 |
if (error) |
if (error) |
513 |
@@ -482,6 +502,19 @@ asmlinkage long sys_chroot(const char __ |
@@ -482,6 +497,19 @@ asmlinkage long sys_chroot(const char __ |
514 |
if (!capable(CAP_SYS_CHROOT)) |
if (!capable(CAP_SYS_CHROOT)) |
515 |
goto dput_and_out; |
goto dput_and_out; |
516 |
|
|
518 |
+ { |
+ { |
519 |
+ char *name = getname(filename); |
+ char *name = getname(filename); |
520 |
+ if (!IS_ERR(name)) { |
+ if (!IS_ERR(name)) { |
521 |
+ error = CheckChRootPermission(name) | CheckTaskCapability(SAKURA_DISABLE_CHROOT); |
+ error = CheckChRootPermission(name); |
522 |
+ putname(name); |
+ putname(name); |
523 |
+ } else { |
+ } else { |
524 |
+ error = PTR_ERR(name); |
+ error = PTR_ERR(name); |
530 |
set_fs_root(current->fs, nd.mnt, nd.dentry); |
set_fs_root(current->fs, nd.mnt, nd.dentry); |
531 |
set_fs_altroot(); |
set_fs_altroot(); |
532 |
error = 0; |
error = 0; |
533 |
@@ -523,6 +556,7 @@ asmlinkage long sys_fchmod(unsigned int |
@@ -1086,6 +1114,9 @@ EXPORT_SYMBOL(sys_close); |
|
mutex_unlock(&inode->i_mutex); |
|
|
|
|
|
out_putf: |
|
|
+ if (err == -EROFS) ROFS_Log_from_dentry(file->f_dentry, file->f_vfsmnt, "sys_fchmod"); /***** ReadOnly Tracer *****/ |
|
|
fput(file); |
|
|
out: |
|
|
return err; |
|
|
@@ -558,6 +592,7 @@ asmlinkage long sys_fchmodat(int dfd, co |
|
|
mutex_unlock(&inode->i_mutex); |
|
|
|
|
|
dput_and_out: |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_chmod"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
out: |
|
|
return error; |
|
|
@@ -612,6 +647,7 @@ asmlinkage long sys_chown(const char __u |
|
|
if (error) |
|
|
goto out; |
|
|
error = chown_common(nd.dentry, user, group); |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_chown"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
out: |
|
|
return error; |
|
|
@@ -632,6 +668,7 @@ asmlinkage long sys_fchownat(int dfd, co |
|
|
if (error) |
|
|
goto out; |
|
|
error = chown_common(nd.dentry, user, group); |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_fchownat"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
out: |
|
|
return error; |
|
|
@@ -646,6 +683,7 @@ asmlinkage long sys_lchown(const char __ |
|
|
if (error) |
|
|
goto out; |
|
|
error = chown_common(nd.dentry, user, group); |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_lchown"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
out: |
|
|
return error; |
|
|
@@ -665,6 +703,7 @@ asmlinkage long sys_fchown(unsigned int |
|
|
dentry = file->f_dentry; |
|
|
audit_inode(NULL, dentry->d_inode); |
|
|
error = chown_common(dentry, user, group); |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(dentry, file->f_vfsmnt, "sys_fchown"); /***** ReadOnly Tracer *****/ |
|
|
fput(file); |
|
|
out: |
|
|
return error; |
|
|
@@ -1086,6 +1125,9 @@ EXPORT_SYMBOL(sys_close); |
|
534 |
*/ |
*/ |
535 |
asmlinkage long sys_vhangup(void) |
asmlinkage long sys_vhangup(void) |
536 |
{ |
{ |
541 |
tty_vhangup(current->signal->tty); |
tty_vhangup(current->signal->tty); |
542 |
return 0; |
return 0; |
543 |
diff -ubBpEr linux-2.6.19/fs/proc/Makefile linux-2.6.19-ccs/fs/proc/Makefile |
diff -ubBpEr linux-2.6.19/fs/proc/Makefile linux-2.6.19-ccs/fs/proc/Makefile |
544 |
--- linux-2.6.19/fs/proc/Makefile 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/fs/proc/Makefile 2007-03-03 10:49:57.000000000 +0900 |
545 |
+++ linux-2.6.19-ccs/fs/proc/Makefile 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/fs/proc/Makefile 2007-03-03 10:55:25.000000000 +0900 |
546 |
@@ -13,3 +13,6 @@ proc-y += inode.o root.o base.o ge |
@@ -13,3 +13,6 @@ proc-y += inode.o root.o base.o ge |
547 |
proc-$(CONFIG_PROC_KCORE) += kcore.o |
proc-$(CONFIG_PROC_KCORE) += kcore.o |
548 |
proc-$(CONFIG_PROC_VMCORE) += vmcore.o |
proc-$(CONFIG_PROC_VMCORE) += vmcore.o |
551 |
+proc-$(CONFIG_SAKURA) += ccs_proc.o |
+proc-$(CONFIG_SAKURA) += ccs_proc.o |
552 |
+proc-$(CONFIG_TOMOYO) += ccs_proc.o |
+proc-$(CONFIG_TOMOYO) += ccs_proc.o |
553 |
diff -ubBpEr linux-2.6.19/fs/proc/proc_misc.c linux-2.6.19-ccs/fs/proc/proc_misc.c |
diff -ubBpEr linux-2.6.19/fs/proc/proc_misc.c linux-2.6.19-ccs/fs/proc/proc_misc.c |
554 |
--- linux-2.6.19/fs/proc/proc_misc.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/fs/proc/proc_misc.c 2007-03-03 10:49:57.000000000 +0900 |
555 |
+++ linux-2.6.19-ccs/fs/proc/proc_misc.c 2006-11-30 11:31:06.000000000 +0900 |
+++ linux-2.6.19-ccs/fs/proc/proc_misc.c 2007-03-06 10:06:52.000000000 +0900 |
556 |
@@ -742,4 +742,13 @@ void __init proc_misc_init(void) |
@@ -742,4 +742,13 @@ void __init proc_misc_init(void) |
557 |
if (entry) |
if (entry) |
558 |
entry->proc_fops = &proc_sysrq_trigger_operations; |
entry->proc_fops = &proc_sysrq_trigger_operations; |
562 |
+ { |
+ { |
563 |
+ extern void __init CCSProc_Init(void); |
+ extern void __init CCSProc_Init(void); |
564 |
+ CCSProc_Init(); |
+ CCSProc_Init(); |
565 |
+ printk("Hook version: 2.6.19 2006/11/30\n"); |
+ printk("Hook version: 2.6.19 2007/03/06\n"); |
566 |
+ } |
+ } |
567 |
+#endif |
+#endif |
568 |
+ /***** CCS end. *****/ |
+ /***** CCS end. *****/ |
569 |
} |
} |
|
diff -ubBpEr linux-2.6.19/fs/utimes.c linux-2.6.19-ccs/fs/utimes.c |
|
|
--- linux-2.6.19/fs/utimes.c 2006-11-30 11:30:07.000000000 +0900 |
|
|
+++ linux-2.6.19-ccs/fs/utimes.c 2006-11-30 11:30:18.000000000 +0900 |
|
|
@@ -5,6 +5,9 @@ |
|
|
#include <linux/utime.h> |
|
|
#include <asm/uaccess.h> |
|
|
#include <asm/unistd.h> |
|
|
+/***** SAKURA Linux start. *****/ |
|
|
+#include <linux/sakura.h> |
|
|
+/***** SAKURA Linux end. *****/ |
|
|
|
|
|
#ifdef __ARCH_WANT_SYS_UTIME |
|
|
|
|
|
@@ -64,6 +67,7 @@ asmlinkage long sys_utime(char __user * |
|
|
error = notify_change(nd.dentry, &newattrs); |
|
|
mutex_unlock(&inode->i_mutex); |
|
|
dput_and_out: |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_utime"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
out: |
|
|
return error; |
|
|
@@ -117,6 +121,7 @@ long do_utimes(int dfd, char __user *fil |
|
|
error = notify_change(nd.dentry, &newattrs); |
|
|
mutex_unlock(&inode->i_mutex); |
|
|
dput_and_out: |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_utimes"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
out: |
|
|
return error; |
|
570 |
diff -ubBpEr linux-2.6.19/include/linux/init_task.h linux-2.6.19-ccs/include/linux/init_task.h |
diff -ubBpEr linux-2.6.19/include/linux/init_task.h linux-2.6.19-ccs/include/linux/init_task.h |
571 |
--- linux-2.6.19/include/linux/init_task.h 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/include/linux/init_task.h 2007-03-03 10:49:57.000000000 +0900 |
572 |
+++ linux-2.6.19-ccs/include/linux/init_task.h 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/include/linux/init_task.h 2007-03-03 11:13:19.000000000 +0900 |
573 |
@@ -140,6 +140,12 @@ extern struct group_info init_groups; |
@@ -140,6 +140,10 @@ extern struct group_info init_groups; |
574 |
.pi_lock = SPIN_LOCK_UNLOCKED, \ |
.pi_lock = SPIN_LOCK_UNLOCKED, \ |
575 |
INIT_TRACE_IRQFLAGS \ |
INIT_TRACE_IRQFLAGS \ |
576 |
INIT_LOCKDEP \ |
INIT_LOCKDEP \ |
577 |
+ /***** TOMOYO Linux start. *****/ \ |
+ /***** TOMOYO Linux start. *****/ \ |
578 |
+ .domain_info = &KERNEL_DOMAIN, \ |
+ .domain_info = &KERNEL_DOMAIN, \ |
579 |
|
+ .tomoyo_flags = 0, \ |
580 |
+ /***** TOMOYO Linux end. *****/ \ |
+ /***** TOMOYO Linux end. *****/ \ |
|
+ /***** SAKURA Linux start. *****/ \ |
|
|
+ .dropped_capability = 0, \ |
|
|
+ /***** SAKURA Linux end. *****/ \ |
|
581 |
} |
} |
582 |
|
|
583 |
|
|
584 |
diff -ubBpEr linux-2.6.19/include/linux/sched.h linux-2.6.19-ccs/include/linux/sched.h |
diff -ubBpEr linux-2.6.19/include/linux/sched.h linux-2.6.19-ccs/include/linux/sched.h |
585 |
--- linux-2.6.19/include/linux/sched.h 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/include/linux/sched.h 2007-03-03 10:49:57.000000000 +0900 |
586 |
+++ linux-2.6.19-ccs/include/linux/sched.h 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/include/linux/sched.h 2007-03-03 11:08:55.000000000 +0900 |
587 |
@@ -27,6 +27,11 @@ |
@@ -27,6 +27,11 @@ |
588 |
#define CLONE_NEWUTS 0x04000000 /* New utsname group? */ |
#define CLONE_NEWUTS 0x04000000 /* New utsname group? */ |
589 |
#define CLONE_NEWIPC 0x08000000 /* New ipcs */ |
#define CLONE_NEWIPC 0x08000000 /* New ipcs */ |
596 |
/* |
/* |
597 |
* Scheduling policies |
* Scheduling policies |
598 |
*/ |
*/ |
599 |
@@ -1023,6 +1028,12 @@ struct task_struct { |
@@ -1023,6 +1028,10 @@ struct task_struct { |
600 |
#ifdef CONFIG_TASK_DELAY_ACCT |
#ifdef CONFIG_TASK_DELAY_ACCT |
601 |
struct task_delay_info *delays; |
struct task_delay_info *delays; |
602 |
#endif |
#endif |
603 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
604 |
+ struct domain_info *domain_info; |
+ struct domain_info *domain_info; |
605 |
|
+ unsigned int tomoyo_flags; |
606 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
|
+ /***** SAKURA Linux start. *****/ |
|
|
+ unsigned int dropped_capability; |
|
|
+ /***** SAKURA Linux end. *****/ |
|
607 |
}; |
}; |
608 |
|
|
609 |
static inline pid_t process_group(struct task_struct *tsk) |
static inline pid_t process_group(struct task_struct *tsk) |
610 |
diff -ubBpEr linux-2.6.19/kernel/kexec.c linux-2.6.19-ccs/kernel/kexec.c |
diff -ubBpEr linux-2.6.19/kernel/kexec.c linux-2.6.19-ccs/kernel/kexec.c |
611 |
--- linux-2.6.19/kernel/kexec.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/kernel/kexec.c 2007-03-03 10:49:57.000000000 +0900 |
612 |
+++ linux-2.6.19-ccs/kernel/kexec.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/kernel/kexec.c 2007-03-03 10:55:25.000000000 +0900 |
613 |
@@ -26,6 +26,9 @@ |
@@ -26,6 +26,9 @@ |
614 |
#include <asm/io.h> |
#include <asm/io.h> |
615 |
#include <asm/system.h> |
#include <asm/system.h> |
631 |
/* |
/* |
632 |
* Verify we have a legal set of flags |
* Verify we have a legal set of flags |
633 |
diff -ubBpEr linux-2.6.19/kernel/kmod.c linux-2.6.19-ccs/kernel/kmod.c |
diff -ubBpEr linux-2.6.19/kernel/kmod.c linux-2.6.19-ccs/kernel/kmod.c |
634 |
--- linux-2.6.19/kernel/kmod.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/kernel/kmod.c 2007-03-03 10:49:57.000000000 +0900 |
635 |
+++ linux-2.6.19-ccs/kernel/kmod.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/kernel/kmod.c 2007-03-03 11:16:25.000000000 +0900 |
636 |
@@ -165,6 +165,13 @@ static int ____call_usermodehelper(void |
@@ -165,6 +165,11 @@ static int ____call_usermodehelper(void |
637 |
/* We can run anywhere, unlike our parent keventd(). */ |
/* We can run anywhere, unlike our parent keventd(). */ |
638 |
set_cpus_allowed(current, CPU_MASK_ALL); |
set_cpus_allowed(current, CPU_MASK_ALL); |
639 |
|
|
640 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
641 |
+ current->domain_info = &KERNEL_DOMAIN; |
+ current->domain_info = &KERNEL_DOMAIN; |
642 |
|
+ current->tomoyo_flags = 0; |
643 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
|
+ /***** SAKURA Linux start. *****/ |
|
|
+ current->dropped_capability = 0; |
|
|
+ /***** SAKURA Linux end. *****/ |
|
644 |
+ |
+ |
645 |
retval = -EPERM; |
retval = -EPERM; |
646 |
if (current->fs->root) |
if (current->fs->root) |
647 |
retval = kernel_execve(sub_info->path, |
retval = kernel_execve(sub_info->path, |
648 |
diff -ubBpEr linux-2.6.19/kernel/module.c linux-2.6.19-ccs/kernel/module.c |
diff -ubBpEr linux-2.6.19/kernel/module.c linux-2.6.19-ccs/kernel/module.c |
649 |
--- linux-2.6.19/kernel/module.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/kernel/module.c 2007-03-03 10:49:57.000000000 +0900 |
650 |
+++ linux-2.6.19-ccs/kernel/module.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/kernel/module.c 2007-03-03 10:55:25.000000000 +0900 |
651 |
@@ -44,6 +44,9 @@ |
@@ -44,6 +44,9 @@ |
652 |
#include <asm/semaphore.h> |
#include <asm/semaphore.h> |
653 |
#include <asm/cacheflush.h> |
#include <asm/cacheflush.h> |
681 |
if (mutex_lock_interruptible(&module_mutex) != 0) |
if (mutex_lock_interruptible(&module_mutex) != 0) |
682 |
return -EINTR; |
return -EINTR; |
683 |
diff -ubBpEr linux-2.6.19/kernel/sched.c linux-2.6.19-ccs/kernel/sched.c |
diff -ubBpEr linux-2.6.19/kernel/sched.c linux-2.6.19-ccs/kernel/sched.c |
684 |
--- linux-2.6.19/kernel/sched.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/kernel/sched.c 2007-03-03 10:49:57.000000000 +0900 |
685 |
+++ linux-2.6.19-ccs/kernel/sched.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/kernel/sched.c 2007-03-03 10:55:25.000000000 +0900 |
686 |
@@ -55,6 +55,9 @@ |
@@ -55,6 +55,9 @@ |
687 |
#include <asm/tlb.h> |
#include <asm/tlb.h> |
688 |
|
|
704 |
/* |
/* |
705 |
* Setpriority might change our priority at the same moment. |
* Setpriority might change our priority at the same moment. |
706 |
diff -ubBpEr linux-2.6.19/kernel/signal.c linux-2.6.19-ccs/kernel/signal.c |
diff -ubBpEr linux-2.6.19/kernel/signal.c linux-2.6.19-ccs/kernel/signal.c |
707 |
--- linux-2.6.19/kernel/signal.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/kernel/signal.c 2007-03-03 10:49:57.000000000 +0900 |
708 |
+++ linux-2.6.19-ccs/kernel/signal.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/kernel/signal.c 2007-03-03 10:55:25.000000000 +0900 |
709 |
@@ -28,6 +28,9 @@ |
@@ -28,6 +28,9 @@ |
710 |
#include <asm/unistd.h> |
#include <asm/unistd.h> |
711 |
#include <asm/siginfo.h> |
#include <asm/siginfo.h> |
750 |
return do_tkill(0, pid, sig); |
return do_tkill(0, pid, sig); |
751 |
} |
} |
752 |
diff -ubBpEr linux-2.6.19/kernel/sys.c linux-2.6.19-ccs/kernel/sys.c |
diff -ubBpEr linux-2.6.19/kernel/sys.c linux-2.6.19-ccs/kernel/sys.c |
753 |
--- linux-2.6.19/kernel/sys.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/kernel/sys.c 2007-03-03 10:49:57.000000000 +0900 |
754 |
+++ linux-2.6.19-ccs/kernel/sys.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/kernel/sys.c 2007-03-03 10:55:25.000000000 +0900 |
755 |
@@ -37,6 +37,9 @@ |
@@ -37,6 +37,9 @@ |
756 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
757 |
#include <asm/io.h> |
#include <asm/io.h> |
803 |
down_write(&uts_sem); |
down_write(&uts_sem); |
804 |
errno = -EFAULT; |
errno = -EFAULT; |
805 |
diff -ubBpEr linux-2.6.19/kernel/sysctl.c linux-2.6.19-ccs/kernel/sysctl.c |
diff -ubBpEr linux-2.6.19/kernel/sysctl.c linux-2.6.19-ccs/kernel/sysctl.c |
806 |
--- linux-2.6.19/kernel/sysctl.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/kernel/sysctl.c 2007-03-03 10:49:57.000000000 +0900 |
807 |
+++ linux-2.6.19-ccs/kernel/sysctl.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/kernel/sysctl.c 2007-03-03 10:55:25.000000000 +0900 |
808 |
@@ -48,6 +48,9 @@ |
@@ -48,6 +48,9 @@ |
809 |
|
|
810 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
928 |
table, name, nlen, |
table, name, nlen, |
929 |
oldval, oldlenp, |
oldval, oldlenp, |
930 |
diff -ubBpEr linux-2.6.19/kernel/time/ntp.c linux-2.6.19-ccs/kernel/time/ntp.c |
diff -ubBpEr linux-2.6.19/kernel/time/ntp.c linux-2.6.19-ccs/kernel/time/ntp.c |
931 |
--- linux-2.6.19/kernel/time/ntp.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/kernel/time/ntp.c 2007-03-03 10:49:57.000000000 +0900 |
932 |
+++ linux-2.6.19-ccs/kernel/time/ntp.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/kernel/time/ntp.c 2007-03-03 10:55:25.000000000 +0900 |
933 |
@@ -14,6 +14,9 @@ |
@@ -14,6 +14,9 @@ |
934 |
|
|
935 |
#include <asm/div64.h> |
#include <asm/div64.h> |
951 |
/* Now we validate the data before disabling interrupts */ |
/* Now we validate the data before disabling interrupts */ |
952 |
|
|
953 |
diff -ubBpEr linux-2.6.19/kernel/time.c linux-2.6.19-ccs/kernel/time.c |
diff -ubBpEr linux-2.6.19/kernel/time.c linux-2.6.19-ccs/kernel/time.c |
954 |
--- linux-2.6.19/kernel/time.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/kernel/time.c 2007-03-03 10:49:57.000000000 +0900 |
955 |
+++ linux-2.6.19-ccs/kernel/time.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/kernel/time.c 2007-03-03 10:55:25.000000000 +0900 |
956 |
@@ -39,6 +39,9 @@ |
@@ -39,6 +39,9 @@ |
957 |
|
|
958 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
984 |
if (tz) { |
if (tz) { |
985 |
/* SMP safe, global irq locking makes it work. */ |
/* SMP safe, global irq locking makes it work. */ |
986 |
diff -ubBpEr linux-2.6.19/net/ipv4/inet_connection_sock.c linux-2.6.19-ccs/net/ipv4/inet_connection_sock.c |
diff -ubBpEr linux-2.6.19/net/ipv4/inet_connection_sock.c linux-2.6.19-ccs/net/ipv4/inet_connection_sock.c |
987 |
--- linux-2.6.19/net/ipv4/inet_connection_sock.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/net/ipv4/inet_connection_sock.c 2007-03-03 10:49:57.000000000 +0900 |
988 |
+++ linux-2.6.19-ccs/net/ipv4/inet_connection_sock.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/net/ipv4/inet_connection_sock.c 2007-03-03 10:55:25.000000000 +0900 |
989 |
@@ -23,6 +23,9 @@ |
@@ -23,6 +23,9 @@ |
990 |
#include <net/route.h> |
#include <net/route.h> |
991 |
#include <net/tcp_states.h> |
#include <net/tcp_states.h> |
1007 |
if (tb->port == rover) |
if (tb->port == rover) |
1008 |
goto next; |
goto next; |
1009 |
diff -ubBpEr linux-2.6.19/net/ipv4/inet_hashtables.c linux-2.6.19-ccs/net/ipv4/inet_hashtables.c |
diff -ubBpEr linux-2.6.19/net/ipv4/inet_hashtables.c linux-2.6.19-ccs/net/ipv4/inet_hashtables.c |
1010 |
--- linux-2.6.19/net/ipv4/inet_hashtables.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/net/ipv4/inet_hashtables.c 2007-03-03 10:49:57.000000000 +0900 |
1011 |
+++ linux-2.6.19-ccs/net/ipv4/inet_hashtables.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/net/ipv4/inet_hashtables.c 2007-03-03 10:55:25.000000000 +0900 |
1012 |
@@ -22,6 +22,9 @@ |
@@ -22,6 +22,9 @@ |
1013 |
#include <net/inet_connection_sock.h> |
#include <net/inet_connection_sock.h> |
1014 |
#include <net/inet_hashtables.h> |
#include <net/inet_hashtables.h> |
1030 |
spin_lock(&head->lock); |
spin_lock(&head->lock); |
1031 |
|
|
1032 |
diff -ubBpEr linux-2.6.19/net/ipv4/udp.c linux-2.6.19-ccs/net/ipv4/udp.c |
diff -ubBpEr linux-2.6.19/net/ipv4/udp.c linux-2.6.19-ccs/net/ipv4/udp.c |
1033 |
--- linux-2.6.19/net/ipv4/udp.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/net/ipv4/udp.c 2007-03-03 10:49:57.000000000 +0900 |
1034 |
+++ linux-2.6.19-ccs/net/ipv4/udp.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/net/ipv4/udp.c 2007-03-03 10:55:25.000000000 +0900 |
1035 |
@@ -108,6 +108,9 @@ |
@@ -108,6 +108,9 @@ |
1036 |
#include <net/inet_common.h> |
#include <net/inet_common.h> |
1037 |
#include <net/checksum.h> |
#include <net/checksum.h> |
1063 |
break; |
break; |
1064 |
} |
} |
1065 |
diff -ubBpEr linux-2.6.19/net/ipv6/inet6_hashtables.c linux-2.6.19-ccs/net/ipv6/inet6_hashtables.c |
diff -ubBpEr linux-2.6.19/net/ipv6/inet6_hashtables.c linux-2.6.19-ccs/net/ipv6/inet6_hashtables.c |
1066 |
--- linux-2.6.19/net/ipv6/inet6_hashtables.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/net/ipv6/inet6_hashtables.c 2007-03-03 10:49:57.000000000 +0900 |
1067 |
+++ linux-2.6.19-ccs/net/ipv6/inet6_hashtables.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/net/ipv6/inet6_hashtables.c 2007-03-03 10:55:25.000000000 +0900 |
1068 |
@@ -21,6 +21,9 @@ |
@@ -21,6 +21,9 @@ |
1069 |
#include <net/inet_hashtables.h> |
#include <net/inet_hashtables.h> |
1070 |
#include <net/inet6_hashtables.h> |
#include <net/inet6_hashtables.h> |
1086 |
spin_lock(&head->lock); |
spin_lock(&head->lock); |
1087 |
|
|
1088 |
diff -ubBpEr linux-2.6.19/net/socket.c linux-2.6.19-ccs/net/socket.c |
diff -ubBpEr linux-2.6.19/net/socket.c linux-2.6.19-ccs/net/socket.c |
1089 |
--- linux-2.6.19/net/socket.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/net/socket.c 2007-03-03 10:49:57.000000000 +0900 |
1090 |
+++ linux-2.6.19-ccs/net/socket.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/net/socket.c 2007-03-03 10:55:25.000000000 +0900 |
1091 |
@@ -94,6 +94,11 @@ |
@@ -94,6 +94,11 @@ |
1092 |
#include <net/sock.h> |
#include <net/sock.h> |
1093 |
#include <linux/netfilter.h> |
#include <linux/netfilter.h> |
1179 |
err = sock->ops->connect(sock, (struct sockaddr *)address, addrlen, |
err = sock->ops->connect(sock, (struct sockaddr *)address, addrlen, |
1180 |
sock->file->f_flags); |
sock->file->f_flags); |
1181 |
diff -ubBpEr linux-2.6.19/net/unix/af_unix.c linux-2.6.19-ccs/net/unix/af_unix.c |
diff -ubBpEr linux-2.6.19/net/unix/af_unix.c linux-2.6.19-ccs/net/unix/af_unix.c |
1182 |
--- linux-2.6.19/net/unix/af_unix.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/net/unix/af_unix.c 2007-03-03 11:38:54.000000000 +0900 |
1183 |
+++ linux-2.6.19-ccs/net/unix/af_unix.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/net/unix/af_unix.c 2007-03-05 13:21:45.000000000 +0900 |
1184 |
@@ -116,6 +116,12 @@ |
@@ -116,6 +116,9 @@ |
1185 |
#include <linux/mount.h> |
#include <linux/mount.h> |
1186 |
#include <net/checksum.h> |
#include <net/checksum.h> |
1187 |
#include <linux/security.h> |
#include <linux/security.h> |
|
+/***** SAKURA Linux start. *****/ |
|
|
+#include <linux/sakura.h> |
|
|
+/***** SAKURA Linux end. *****/ |
|
1188 |
+/***** TOMOYO Linux start. *****/ |
+/***** TOMOYO Linux start. *****/ |
1189 |
+#include <linux/tomoyo.h> |
+#include <linux/tomoyo.h> |
1190 |
+/***** TOMOYO Linux end. *****/ |
+/***** TOMOYO Linux end. *****/ |
1191 |
|
|
1192 |
int sysctl_unix_max_dgram_qlen __read_mostly = 10; |
int sysctl_unix_max_dgram_qlen __read_mostly = 10; |
1193 |
|
|
1194 |
@@ -764,6 +770,10 @@ static int unix_bind(struct socket *sock |
@@ -764,6 +767,10 @@ static int unix_bind(struct socket *sock |
1195 |
err = unix_autobind(sock); |
err = unix_autobind(sock); |
1196 |
goto out; |
goto out; |
1197 |
} |
} |
1202 |
|
|
1203 |
err = unix_mkname(sunaddr, addr_len, &hash); |
err = unix_mkname(sunaddr, addr_len, &hash); |
1204 |
if (err < 0) |
if (err < 0) |
1205 |
@@ -807,7 +817,11 @@ static int unix_bind(struct socket *sock |
@@ -807,6 +814,9 @@ static int unix_bind(struct socket *sock |
1206 |
*/ |
*/ |
1207 |
mode = S_IFSOCK | |
mode = S_IFSOCK | |
1208 |
(SOCK_INODE(sock)->i_mode & ~current->fs->umask); |
(SOCK_INODE(sock)->i_mode & ~current->fs->umask); |
1210 |
+ if ((err = pre_vfs_mknod(nd.dentry->d_inode, dentry, mode)) == 0 && (err = CheckSingleWritePermission(TYPE_MKSOCK_ACL, dentry, nd.mnt)) == 0) |
+ if ((err = pre_vfs_mknod(nd.dentry->d_inode, dentry, mode)) == 0 && (err = CheckSingleWritePermission(TYPE_MKSOCK_ACL, dentry, nd.mnt)) == 0) |
1211 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
1212 |
err = vfs_mknod(nd.dentry->d_inode, dentry, mode, 0); |
err = vfs_mknod(nd.dentry->d_inode, dentry, mode, 0); |
|
+ if (err == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "unix_bind"); /***** ReadOnly Tracer *****/ |
|
1213 |
if (err) |
if (err) |
1214 |
goto out_mknod_dput; |
goto out_mknod_dput; |
|
mutex_unlock(&nd.dentry->d_inode->i_mutex); |
|