| 1 |
diff -ubBpEr linux-2.6.19/Makefile linux-2.6.19-ccs/Makefile |
diff -ubBpEr linux-2.6.19/Makefile linux-2.6.19-ccs/Makefile |
| 2 |
--- linux-2.6.19/Makefile 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/Makefile 2007-03-03 10:49:57.000000000 +0900 |
| 3 |
+++ linux-2.6.19-ccs/Makefile 2006-11-30 11:30:34.000000000 +0900 |
+++ linux-2.6.19-ccs/Makefile 2007-03-03 10:55:25.000000000 +0900 |
| 4 |
@@ -1,7 +1,7 @@ |
@@ -1,7 +1,7 @@ |
| 5 |
VERSION = 2 |
VERSION = 2 |
| 6 |
PATCHLEVEL = 6 |
PATCHLEVEL = 6 |
| 11 |
|
|
| 12 |
# *DOCUMENTATION* |
# *DOCUMENTATION* |
| 13 |
diff -ubBpEr linux-2.6.19/fs/Kconfig linux-2.6.19-ccs/fs/Kconfig |
diff -ubBpEr linux-2.6.19/fs/Kconfig linux-2.6.19-ccs/fs/Kconfig |
| 14 |
--- linux-2.6.19/fs/Kconfig 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/fs/Kconfig 2007-03-03 10:49:57.000000000 +0900 |
| 15 |
+++ linux-2.6.19-ccs/fs/Kconfig 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/fs/Kconfig 2007-03-03 10:55:25.000000000 +0900 |
| 16 |
@@ -2098,5 +2098,7 @@ endif |
@@ -2098,5 +2098,7 @@ endif |
| 17 |
source "fs/nls/Kconfig" |
source "fs/nls/Kconfig" |
| 18 |
source "fs/dlm/Kconfig" |
source "fs/dlm/Kconfig" |
| 22 |
endmenu |
endmenu |
| 23 |
|
|
| 24 |
diff -ubBpEr linux-2.6.19/fs/Makefile linux-2.6.19-ccs/fs/Makefile |
diff -ubBpEr linux-2.6.19/fs/Makefile linux-2.6.19-ccs/fs/Makefile |
| 25 |
--- linux-2.6.19/fs/Makefile 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/fs/Makefile 2007-03-03 10:49:57.000000000 +0900 |
| 26 |
+++ linux-2.6.19-ccs/fs/Makefile 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/fs/Makefile 2007-03-03 10:55:25.000000000 +0900 |
| 27 |
@@ -114,3 +114,5 @@ obj-$(CONFIG_HPPFS) += hppfs/ |
@@ -114,3 +114,5 @@ obj-$(CONFIG_HPPFS) += hppfs/ |
| 28 |
obj-$(CONFIG_DEBUG_FS) += debugfs/ |
obj-$(CONFIG_DEBUG_FS) += debugfs/ |
| 29 |
obj-$(CONFIG_OCFS2_FS) += ocfs2/ |
obj-$(CONFIG_OCFS2_FS) += ocfs2/ |
| 31 |
+ |
+ |
| 32 |
+include $(srctree)/fs/Makefile-2.6.ccs |
+include $(srctree)/fs/Makefile-2.6.ccs |
| 33 |
diff -ubBpEr linux-2.6.19/fs/attr.c linux-2.6.19-ccs/fs/attr.c |
diff -ubBpEr linux-2.6.19/fs/attr.c linux-2.6.19-ccs/fs/attr.c |
| 34 |
--- linux-2.6.19/fs/attr.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/fs/attr.c 2007-03-03 11:38:54.000000000 +0900 |
| 35 |
+++ linux-2.6.19-ccs/fs/attr.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/fs/attr.c 2007-03-03 11:38:54.000000000 +0900 |
| 36 |
@@ -15,6 +15,9 @@ |
@@ -15,6 +15,9 @@ |
| 37 |
#include <linux/fcntl.h> |
#include <linux/fcntl.h> |
| 38 |
#include <linux/quotaops.h> |
#include <linux/quotaops.h> |
| 65 |
if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) || |
if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) || |
| 66 |
(ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid)) |
(ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid)) |
| 67 |
diff -ubBpEr linux-2.6.19/fs/compat.c linux-2.6.19-ccs/fs/compat.c |
diff -ubBpEr linux-2.6.19/fs/compat.c linux-2.6.19-ccs/fs/compat.c |
| 68 |
--- linux-2.6.19/fs/compat.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/fs/compat.c 2007-03-03 11:38:54.000000000 +0900 |
| 69 |
+++ linux-2.6.19-ccs/fs/compat.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/fs/compat.c 2007-03-03 11:38:54.000000000 +0900 |
| 70 |
@@ -53,6 +53,9 @@ |
@@ -53,6 +53,9 @@ |
| 71 |
#include <asm/mmu_context.h> |
#include <asm/mmu_context.h> |
| 72 |
#include <asm/ioctls.h> |
#include <asm/ioctls.h> |
| 87 |
if (filp->f_op && filp->f_op->compat_ioctl) { |
if (filp->f_op && filp->f_op->compat_ioctl) { |
| 88 |
error = filp->f_op->compat_ioctl(filp, cmd, arg); |
error = filp->f_op->compat_ioctl(filp, cmd, arg); |
| 89 |
if (error != -ENOIOCTLCMD) |
if (error != -ENOIOCTLCMD) |
| 90 |
|
@@ -1547,7 +1553,7 @@ int compat_do_execve(char * filename, |
| 91 |
|
if (retval < 0) |
| 92 |
|
goto out; |
| 93 |
|
|
| 94 |
|
- retval = search_binary_handler(bprm, regs); |
| 95 |
|
+ retval = search_binary_handler_with_transition(bprm, regs); |
| 96 |
|
if (retval >= 0) { |
| 97 |
|
free_arg_pages(bprm); |
| 98 |
|
|
| 99 |
diff -ubBpEr linux-2.6.19/fs/exec.c linux-2.6.19-ccs/fs/exec.c |
diff -ubBpEr linux-2.6.19/fs/exec.c linux-2.6.19-ccs/fs/exec.c |
| 100 |
--- linux-2.6.19/fs/exec.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/fs/exec.c 2007-03-03 11:38:54.000000000 +0900 |
| 101 |
+++ linux-2.6.19-ccs/fs/exec.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/fs/exec.c 2007-03-06 10:04:16.000000000 +0900 |
| 102 |
@@ -57,6 +57,13 @@ |
@@ -57,6 +57,10 @@ |
| 103 |
#include <linux/kmod.h> |
#include <linux/kmod.h> |
| 104 |
#endif |
#endif |
| 105 |
|
|
|
+/***** SAKURA Linux start. *****/ |
|
|
+#include <linux/sakura.h> |
|
|
+/***** SAKURA Linux end. *****/ |
|
| 106 |
+/***** TOMOYO Linux start. *****/ |
+/***** TOMOYO Linux start. *****/ |
| 107 |
+#include <linux/tomoyo.h> |
+#include <linux/tomoyo.h> |
| 108 |
+/***** TOMOYO Linux end. *****/ |
+/***** TOMOYO Linux end. *****/ |
| 110 |
int core_uses_pid; |
int core_uses_pid; |
| 111 |
char core_pattern[128] = "core"; |
char core_pattern[128] = "core"; |
| 112 |
int suid_dumpable = 0; |
int suid_dumpable = 0; |
| 113 |
@@ -139,6 +146,11 @@ asmlinkage long sys_uselib(const char __ |
@@ -139,6 +143,11 @@ asmlinkage long sys_uselib(const char __ |
| 114 |
if (error) |
if (error) |
| 115 |
goto exit; |
goto exit; |
| 116 |
|
|
| 122 |
file = nameidata_to_filp(&nd, O_RDONLY); |
file = nameidata_to_filp(&nd, O_RDONLY); |
| 123 |
error = PTR_ERR(file); |
error = PTR_ERR(file); |
| 124 |
if (IS_ERR(file)) |
if (IS_ERR(file)) |
| 125 |
@@ -1128,6 +1140,25 @@ int do_execve(char * filename, |
@@ -486,6 +495,9 @@ struct file *open_exec(const char *name) |
| 126 |
struct file *file; |
if (!(nd.mnt->mnt_flags & MNT_NOEXEC) && |
| 127 |
int retval; |
S_ISREG(inode->i_mode)) { |
| 128 |
int i; |
int err = vfs_permission(&nd, MAY_EXEC); |
| 129 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
| 130 |
+#ifdef CONFIG_TOMOYO |
+ if (!err && (current->tomoyo_flags & TOMOYO_CHECK_READ_FOR_OPEN_EXEC)) err = CheckOpenPermission(nd.dentry, nd.mnt, 01); /* 01 means "read". */ |
| 131 |
+ struct domain_info *next_domain = NULL; |
+ /***** TOMOYO Linux end. *****/ |
| 132 |
+#endif |
file = ERR_PTR(err); |
| 133 |
+ /***** TOMOYO Linux end. *****/ |
if (!err) { |
| 134 |
+ |
file = nameidata_to_filp(&nd, O_RDONLY); |
| 135 |
+ /***** CCS Start. *****/ |
@@ -1184,7 +1196,8 @@ int do_execve(char * filename, |
| 136 |
+#if defined(CONFIG_SAKURA) || defined(CONFIG_TOMOYO) |
if (retval < 0) |
|
+ extern void CCS_LoadPolicy(const char *filename); |
|
|
+ CCS_LoadPolicy(filename); |
|
|
+#endif |
|
|
+ /***** CCS end. *****/ |
|
|
+ |
|
|
+ /***** SAKURA Linux start. *****/ |
|
|
+#ifdef CONFIG_SAKURA_DROP_CAPABILITY_API |
|
|
+ if (strcmp(filename, "\\\\disable") == 0) return DropTaskCapability(argv); |
|
|
+ if (CheckTaskCapability(SAKURA_DISABLE_EXECVE) < 0) return -EPERM; |
|
|
+#endif |
|
|
+ /***** SAKURA Linux end. *****/ |
|
|
|
|
|
retval = -ENOMEM; |
|
|
bprm = kzalloc(sizeof(*bprm), GFP_KERNEL); |
|
|
@@ -1139,6 +1170,15 @@ int do_execve(char * filename, |
|
|
if (IS_ERR(file)) |
|
|
goto out_kfree; |
|
|
|
|
|
+ /***** TOMOYO Linux start. *****/ |
|
|
+#ifdef CONFIG_TOMOYO |
|
|
+ retval = FindNextDomain(filename, file, &next_domain, argv); |
|
|
+ if (retval < 0) { |
|
|
+ allow_write_access(file); fput(file); goto out_kfree; |
|
|
+ } |
|
|
+#endif |
|
|
+ /***** TOMOYO Linux end. *****/ |
|
|
+ |
|
|
sched_exec(); |
|
|
|
|
|
bprm->p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *); |
|
|
@@ -1185,6 +1225,19 @@ int do_execve(char * filename, |
|
| 137 |
goto out; |
goto out; |
| 138 |
|
|
| 139 |
retval = search_binary_handler(bprm,regs); |
- retval = search_binary_handler(bprm,regs); |
| 140 |
+ |
+ retval = search_binary_handler_with_transition(bprm,regs); |
|
+ /***** TOMOYO Linux start. *****/ |
|
|
+#ifdef CONFIG_TOMOYO |
|
|
+ if (retval >= 0) current->domain_info = next_domain; |
|
|
+#endif |
|
|
+ /***** TOMOYO Linux end. *****/ |
|
|
+ |
|
|
+ /***** SAKURA Linux start. *****/ |
|
|
+#ifdef CONFIG_SAKURA_DROP_CAPABILITY_API |
|
|
+ if (retval >= 0) RestoreTaskCapability(); |
|
|
+#endif |
|
|
+ /***** SAKURA Linux end. *****/ |
|
| 141 |
+ |
+ |
| 142 |
if (retval >= 0) { |
if (retval >= 0) { |
| 143 |
free_arg_pages(bprm); |
free_arg_pages(bprm); |
| 144 |
|
|
| 145 |
diff -ubBpEr linux-2.6.19/fs/fcntl.c linux-2.6.19-ccs/fs/fcntl.c |
diff -ubBpEr linux-2.6.19/fs/fcntl.c linux-2.6.19-ccs/fs/fcntl.c |
| 146 |
--- linux-2.6.19/fs/fcntl.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/fs/fcntl.c 2007-03-03 11:38:54.000000000 +0900 |
| 147 |
+++ linux-2.6.19-ccs/fs/fcntl.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/fs/fcntl.c 2007-03-03 11:38:54.000000000 +0900 |
| 148 |
@@ -22,6 +22,9 @@ |
@@ -22,6 +22,9 @@ |
| 149 |
#include <asm/poll.h> |
#include <asm/poll.h> |
| 150 |
#include <asm/siginfo.h> |
#include <asm/siginfo.h> |
| 167 |
if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME)) |
if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME)) |
| 168 |
if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) |
if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) |
| 169 |
diff -ubBpEr linux-2.6.19/fs/ioctl.c linux-2.6.19-ccs/fs/ioctl.c |
diff -ubBpEr linux-2.6.19/fs/ioctl.c linux-2.6.19-ccs/fs/ioctl.c |
| 170 |
--- linux-2.6.19/fs/ioctl.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/fs/ioctl.c 2007-03-03 11:38:54.000000000 +0900 |
| 171 |
+++ linux-2.6.19-ccs/fs/ioctl.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/fs/ioctl.c 2007-03-03 11:38:54.000000000 +0900 |
| 172 |
@@ -15,6 +15,9 @@ |
@@ -15,6 +15,9 @@ |
| 173 |
|
|
| 174 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
| 190 |
if (filp->f_op->unlocked_ioctl) { |
if (filp->f_op->unlocked_ioctl) { |
| 191 |
error = filp->f_op->unlocked_ioctl(filp, cmd, arg); |
error = filp->f_op->unlocked_ioctl(filp, cmd, arg); |
| 192 |
diff -ubBpEr linux-2.6.19/fs/namei.c linux-2.6.19-ccs/fs/namei.c |
diff -ubBpEr linux-2.6.19/fs/namei.c linux-2.6.19-ccs/fs/namei.c |
| 193 |
--- linux-2.6.19/fs/namei.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/fs/namei.c 2007-03-03 11:38:54.000000000 +0900 |
| 194 |
+++ linux-2.6.19-ccs/fs/namei.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/fs/namei.c 2007-03-03 11:41:23.000000000 +0900 |
| 195 |
@@ -37,6 +37,13 @@ |
@@ -37,6 +37,10 @@ |
| 196 |
|
|
| 197 |
#define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE]) |
#define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE]) |
| 198 |
|
|
|
+/***** SAKURA Linux start. *****/ |
|
|
+#include <linux/sakura.h> |
|
|
+/***** SAKURA Linux end. *****/ |
|
| 199 |
+/***** TOMOYO Linux start. *****/ |
+/***** TOMOYO Linux start. *****/ |
| 200 |
+#include <linux/tomoyo.h> |
+#include <linux/tomoyo.h> |
| 201 |
+/***** TOMOYO Linux end. *****/ |
+/***** TOMOYO Linux end. *****/ |
| 203 |
/* [Feb-1997 T. Schoebel-Theuer] |
/* [Feb-1997 T. Schoebel-Theuer] |
| 204 |
* Fundamental changes in the pathname lookup mechanisms (namei) |
* Fundamental changes in the pathname lookup mechanisms (namei) |
| 205 |
* were necessary because of omirr. The reason is that omirr needs |
* were necessary because of omirr. The reason is that omirr needs |
| 206 |
@@ -817,6 +824,13 @@ static fastcall int __link_path_walk(con |
@@ -1509,6 +1513,9 @@ int vfs_create(struct inode *dir, struct |
|
int err; |
|
|
unsigned int lookup_flags = nd->flags; |
|
|
|
|
|
+ /***** SAKURA Linux start. *****/ |
|
|
+ if (CheckEUID() < 0) { |
|
|
+ path_release(nd); |
|
|
+ return -EPERM; |
|
|
+ } |
|
|
+ /***** SAKURA Linux end. *****/ |
|
|
+ |
|
|
while (*name=='/') |
|
|
name++; |
|
|
if (!*name) |
|
|
@@ -1509,6 +1523,9 @@ int vfs_create(struct inode *dir, struct |
|
| 207 |
error = security_inode_create(dir, dentry, mode); |
error = security_inode_create(dir, dentry, mode); |
| 208 |
if (error) |
if (error) |
| 209 |
return error; |
return error; |
| 213 |
DQUOT_INIT(dir); |
DQUOT_INIT(dir); |
| 214 |
error = dir->i_op->create(dir, dentry, mode, nd); |
error = dir->i_op->create(dir, dentry, mode, nd); |
| 215 |
if (!error) |
if (!error) |
| 216 |
@@ -1548,7 +1565,7 @@ int may_open(struct nameidata *nd, int a |
@@ -1564,6 +1571,11 @@ int may_open(struct nameidata *nd, int a |
|
|
|
|
flag &= ~O_TRUNC; |
|
|
} else if (IS_RDONLY(inode) && (flag & FMODE_WRITE)) |
|
|
- return -EROFS; |
|
|
+ { ROFS_Log_from_dentry(nd->dentry, nd->mnt, "may_open"); return -EROFS; } /***** ReadOnly Tracer *****/ |
|
|
/* |
|
|
* An append-only file must be opened in append mode for writing. |
|
|
*/ |
|
|
@@ -1564,6 +1581,11 @@ int may_open(struct nameidata *nd, int a |
|
| 217 |
if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) |
if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) |
| 218 |
return -EPERM; |
return -EPERM; |
| 219 |
|
|
| 225 |
/* |
/* |
| 226 |
* Ensure there are no outstanding leases on the file. |
* Ensure there are no outstanding leases on the file. |
| 227 |
*/ |
*/ |
| 228 |
@@ -1613,6 +1635,9 @@ static int open_namei_create(struct name |
@@ -1613,6 +1625,9 @@ static int open_namei_create(struct name |
| 229 |
return may_open(nd, 0, flag & ~O_TRUNC); |
return may_open(nd, 0, flag & ~O_TRUNC); |
| 230 |
} |
} |
| 231 |
|
|
| 235 |
/* |
/* |
| 236 |
* open_namei() |
* open_namei() |
| 237 |
* |
* |
| 238 |
@@ -1735,6 +1760,7 @@ ok: |
@@ -1873,6 +1888,12 @@ asmlinkage long sys_mknodat(int dfd, con |
|
exit_dput: |
|
|
dput_path(&path, nd); |
|
|
exit: |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd->dentry, nd->mnt, "open_namei"); /***** ReadOnly Tracer *****/ |
|
|
if (!IS_ERR(nd->intent.open.file)) |
|
|
release_open_intent(nd); |
|
|
path_release(nd); |
|
|
@@ -1873,6 +1899,12 @@ asmlinkage long sys_mknodat(int dfd, con |
|
| 239 |
|
|
| 240 |
if (S_ISDIR(mode)) |
if (S_ISDIR(mode)) |
| 241 |
return -EPERM; |
return -EPERM; |
| 248 |
tmp = getname(filename); |
tmp = getname(filename); |
| 249 |
if (IS_ERR(tmp)) |
if (IS_ERR(tmp)) |
| 250 |
return PTR_ERR(tmp); |
return PTR_ERR(tmp); |
| 251 |
@@ -1891,10 +1923,16 @@ asmlinkage long sys_mknodat(int dfd, con |
@@ -1891,10 +1912,16 @@ asmlinkage long sys_mknodat(int dfd, con |
| 252 |
error = vfs_create(nd.dentry->d_inode,dentry,mode,&nd); |
error = vfs_create(nd.dentry->d_inode,dentry,mode,&nd); |
| 253 |
break; |
break; |
| 254 |
case S_IFCHR: case S_IFBLK: |
case S_IFCHR: case S_IFBLK: |
| 265 |
error = vfs_mknod(nd.dentry->d_inode,dentry,mode,0); |
error = vfs_mknod(nd.dentry->d_inode,dentry,mode,0); |
| 266 |
break; |
break; |
| 267 |
case S_IFDIR: |
case S_IFDIR: |
| 268 |
@@ -1903,6 +1941,7 @@ asmlinkage long sys_mknodat(int dfd, con |
@@ -1962,6 +1989,9 @@ asmlinkage long sys_mkdirat(int dfd, con |
|
default: |
|
|
error = -EINVAL; |
|
|
} |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "sys_mknod"); /***** ReadOnly Tracer *****/ |
|
|
dput(dentry); |
|
|
} |
|
|
mutex_unlock(&nd.dentry->d_inode->i_mutex); |
|
|
@@ -1962,7 +2001,11 @@ asmlinkage long sys_mkdirat(int dfd, con |
|
| 269 |
|
|
| 270 |
if (!IS_POSIXACL(nd.dentry->d_inode)) |
if (!IS_POSIXACL(nd.dentry->d_inode)) |
| 271 |
mode &= ~current->fs->umask; |
mode &= ~current->fs->umask; |
| 273 |
+ if ((error = pre_vfs_mkdir(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_MKDIR_ACL, dentry, nd.mnt)) == 0) |
+ if ((error = pre_vfs_mkdir(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_MKDIR_ACL, dentry, nd.mnt)) == 0) |
| 274 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
| 275 |
error = vfs_mkdir(nd.dentry->d_inode, dentry, mode); |
error = vfs_mkdir(nd.dentry->d_inode, dentry, mode); |
|
+ if (error == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "sys_mkdir"); /***** ReadOnly Tracer *****/ |
|
| 276 |
dput(dentry); |
dput(dentry); |
| 277 |
out_unlock: |
out_unlock: |
| 278 |
mutex_unlock(&nd.dentry->d_inode->i_mutex); |
@@ -2070,6 +2100,9 @@ static long do_rmdir(int dfd, const char |
|
@@ -2070,7 +2113,11 @@ static long do_rmdir(int dfd, const char |
|
| 279 |
error = PTR_ERR(dentry); |
error = PTR_ERR(dentry); |
| 280 |
if (IS_ERR(dentry)) |
if (IS_ERR(dentry)) |
| 281 |
goto exit2; |
goto exit2; |
| 283 |
+ if ((error = pre_vfs_rmdir(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_RMDIR_ACL, dentry, nd.mnt)) == 0) |
+ if ((error = pre_vfs_rmdir(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_RMDIR_ACL, dentry, nd.mnt)) == 0) |
| 284 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
| 285 |
error = vfs_rmdir(nd.dentry->d_inode, dentry); |
error = vfs_rmdir(nd.dentry->d_inode, dentry); |
|
+ if (error == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "sys_rmdir"); /***** ReadOnly Tracer *****/ |
|
| 286 |
dput(dentry); |
dput(dentry); |
| 287 |
exit2: |
exit2: |
| 288 |
mutex_unlock(&nd.dentry->d_inode->i_mutex); |
@@ -2129,6 +2162,9 @@ static long do_unlinkat(int dfd, const c |
|
@@ -2129,6 +2176,9 @@ static long do_unlinkat(int dfd, const c |
|
| 289 |
struct dentry *dentry; |
struct dentry *dentry; |
| 290 |
struct nameidata nd; |
struct nameidata nd; |
| 291 |
struct inode *inode = NULL; |
struct inode *inode = NULL; |
| 295 |
|
|
| 296 |
name = getname(pathname); |
name = getname(pathname); |
| 297 |
if(IS_ERR(name)) |
if(IS_ERR(name)) |
| 298 |
@@ -2150,7 +2200,11 @@ static long do_unlinkat(int dfd, const c |
@@ -2150,6 +2186,9 @@ static long do_unlinkat(int dfd, const c |
| 299 |
inode = dentry->d_inode; |
inode = dentry->d_inode; |
| 300 |
if (inode) |
if (inode) |
| 301 |
atomic_inc(&inode->i_count); |
atomic_inc(&inode->i_count); |
| 303 |
+ if ((error = pre_vfs_unlink(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_UNLINK_ACL, dentry, nd.mnt)) == 0) |
+ if ((error = pre_vfs_unlink(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_UNLINK_ACL, dentry, nd.mnt)) == 0) |
| 304 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
| 305 |
error = vfs_unlink(nd.dentry->d_inode, dentry); |
error = vfs_unlink(nd.dentry->d_inode, dentry); |
|
+ if (error == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "sys_unlink"); /***** ReadOnly Tracer *****/ |
|
| 306 |
exit2: |
exit2: |
| 307 |
dput(dentry); |
dput(dentry); |
| 308 |
} |
@@ -2214,6 +2253,9 @@ asmlinkage long sys_symlinkat(const char |
|
@@ -2214,6 +2268,9 @@ asmlinkage long sys_symlinkat(const char |
|
| 309 |
char * to; |
char * to; |
| 310 |
struct dentry *dentry; |
struct dentry *dentry; |
| 311 |
struct nameidata nd; |
struct nameidata nd; |
| 315 |
|
|
| 316 |
from = getname(oldname); |
from = getname(oldname); |
| 317 |
if(IS_ERR(from)) |
if(IS_ERR(from)) |
| 318 |
@@ -2231,7 +2288,11 @@ asmlinkage long sys_symlinkat(const char |
@@ -2231,6 +2273,9 @@ asmlinkage long sys_symlinkat(const char |
| 319 |
if (IS_ERR(dentry)) |
if (IS_ERR(dentry)) |
| 320 |
goto out_unlock; |
goto out_unlock; |
| 321 |
|
|
| 323 |
+ if ((error = pre_vfs_symlink(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_SYMLINK_ACL, dentry, nd.mnt)) == 0) |
+ if ((error = pre_vfs_symlink(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_SYMLINK_ACL, dentry, nd.mnt)) == 0) |
| 324 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
| 325 |
error = vfs_symlink(nd.dentry->d_inode, dentry, from, S_IALLUGO); |
error = vfs_symlink(nd.dentry->d_inode, dentry, from, S_IALLUGO); |
|
+ if (error == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "vfs_symlink"); /***** ReadOnly Tracer *****/ |
|
| 326 |
dput(dentry); |
dput(dentry); |
| 327 |
out_unlock: |
out_unlock: |
| 328 |
mutex_unlock(&nd.dentry->d_inode->i_mutex); |
@@ -2303,6 +2348,9 @@ asmlinkage long sys_linkat(int olddfd, c |
|
@@ -2303,6 +2364,9 @@ asmlinkage long sys_linkat(int olddfd, c |
|
| 329 |
struct nameidata nd, old_nd; |
struct nameidata nd, old_nd; |
| 330 |
int error; |
int error; |
| 331 |
char * to; |
char * to; |
| 335 |
|
|
| 336 |
if ((flags & ~AT_SYMLINK_FOLLOW) != 0) |
if ((flags & ~AT_SYMLINK_FOLLOW) != 0) |
| 337 |
return -EINVAL; |
return -EINVAL; |
| 338 |
@@ -2326,7 +2390,11 @@ asmlinkage long sys_linkat(int olddfd, c |
@@ -2326,6 +2374,9 @@ asmlinkage long sys_linkat(int olddfd, c |
| 339 |
error = PTR_ERR(new_dentry); |
error = PTR_ERR(new_dentry); |
| 340 |
if (IS_ERR(new_dentry)) |
if (IS_ERR(new_dentry)) |
| 341 |
goto out_unlock; |
goto out_unlock; |
| 343 |
+ if ((error = pre_vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry)) == 0 && (error = CheckDoubleWritePermission(TYPE_LINK_ACL, old_nd.dentry, old_nd.mnt, new_dentry, nd.mnt)) == 0) |
+ if ((error = pre_vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry)) == 0 && (error = CheckDoubleWritePermission(TYPE_LINK_ACL, old_nd.dentry, old_nd.mnt, new_dentry, nd.mnt)) == 0) |
| 344 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
| 345 |
error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry); |
error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry); |
|
+ if (error == -EROFS) ROFS_Log_from_dentry(new_dentry, nd.mnt, "vfs_link"); /***** ReadOnly Tracer *****/ |
|
| 346 |
dput(new_dentry); |
dput(new_dentry); |
| 347 |
out_unlock: |
out_unlock: |
| 348 |
mutex_unlock(&nd.dentry->d_inode->i_mutex); |
@@ -2551,6 +2602,12 @@ static int do_rename(int olddfd, const c |
|
@@ -2551,6 +2619,12 @@ static int do_rename(int olddfd, const c |
|
| 349 |
error = -ENOTEMPTY; |
error = -ENOTEMPTY; |
| 350 |
if (new_dentry == trap) |
if (new_dentry == trap) |
| 351 |
goto exit5; |
goto exit5; |
| 358 |
|
|
| 359 |
error = vfs_rename(old_dir->d_inode, old_dentry, |
error = vfs_rename(old_dir->d_inode, old_dentry, |
| 360 |
new_dir->d_inode, new_dentry); |
new_dir->d_inode, new_dentry); |
| 361 |
@@ -2565,6 +2639,7 @@ exit2: |
@@ -2574,6 +2631,9 @@ asmlinkage long sys_renameat(int olddfd, |
|
exit1: |
|
|
path_release(&oldnd); |
|
|
exit: |
|
|
+ if (error == -EROFS) ROFS_Log(oldname, "do_rename"); /***** ReadOnly Tracer *****/ |
|
|
return error; |
|
|
} |
|
|
|
|
|
@@ -2574,6 +2649,9 @@ asmlinkage long sys_renameat(int olddfd, |
|
| 362 |
int error; |
int error; |
| 363 |
char * from; |
char * from; |
| 364 |
char * to; |
char * to; |
| 369 |
from = getname(oldname); |
from = getname(oldname); |
| 370 |
if(IS_ERR(from)) |
if(IS_ERR(from)) |
| 371 |
diff -ubBpEr linux-2.6.19/fs/namespace.c linux-2.6.19-ccs/fs/namespace.c |
diff -ubBpEr linux-2.6.19/fs/namespace.c linux-2.6.19-ccs/fs/namespace.c |
| 372 |
--- linux-2.6.19/fs/namespace.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/fs/namespace.c 2007-03-03 11:38:54.000000000 +0900 |
| 373 |
+++ linux-2.6.19-ccs/fs/namespace.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/fs/namespace.c 2007-03-06 10:02:06.000000000 +0900 |
| 374 |
@@ -28,6 +28,12 @@ |
@@ -28,6 +28,12 @@ |
| 375 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
| 376 |
#include <asm/unistd.h> |
#include <asm/unistd.h> |
| 411 |
goto out; |
goto out; |
| 412 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
| 413 |
+ err = -EPERM; |
+ err = -EPERM; |
| 414 |
+ if (SAKURA_MayMount(nd) < 0 || CheckTaskCapability(SAKURA_DISABLE_MOUNT) < 0) goto out; |
+ if (SAKURA_MayMount(nd) < 0) goto out; |
| 415 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
| 416 |
|
|
| 417 |
err = -ENOMEM; |
err = -ENOMEM; |
| 423 |
- |
- |
| 424 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
| 425 |
+ err = -EPERM; |
+ err = -EPERM; |
| 426 |
+ if (SAKURA_MayUmount(old_nd.mnt) < 0 || SAKURA_MayMount(nd) < 0 || CheckTaskCapability(SAKURA_DISABLE_MOUNT) < 0) goto out; |
+ if (SAKURA_MayUmount(old_nd.mnt) < 0 || SAKURA_MayMount(nd) < 0) goto out; |
| 427 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
| 428 |
err = -ENOENT; |
err = -ENOENT; |
| 429 |
mutex_lock(&nd->dentry->d_inode->i_mutex); |
mutex_lock(&nd->dentry->d_inode->i_mutex); |
| 434 |
goto unlock; |
goto unlock; |
| 435 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
| 436 |
+ err = -EPERM; |
+ err = -EPERM; |
| 437 |
+ if (SAKURA_MayMount(nd) < 0 || CheckTaskCapability(SAKURA_DISABLE_MOUNT) < 0) goto unlock; |
+ if (SAKURA_MayMount(nd) < 0) goto unlock; |
| 438 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
| 439 |
|
|
| 440 |
newmnt->mnt_flags = mnt_flags; |
newmnt->mnt_flags = mnt_flags; |
| 441 |
if ((err = graft_tree(newmnt, nd))) |
if ((err = graft_tree(newmnt, nd))) |
| 442 |
@@ -1547,6 +1571,9 @@ asmlinkage long sys_mount(char __user * |
@@ -1394,6 +1418,13 @@ long do_mount(char *dev_name, char *dir_ |
| 443 |
unsigned long type_page; |
if (data_page) |
| 444 |
unsigned long dev_page; |
((char *)data_page)[PAGE_SIZE - 1] = 0; |
| 445 |
char *dir_page; |
|
| 446 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
| 447 |
+ if (CheckCapabilityACL(TOMOYO_SYS_MOUNT)) return -EPERM; |
+ if (CheckCapabilityACL(TOMOYO_SYS_MOUNT)) return -EPERM; |
| 448 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
|
|
|
|
retval = copy_mount_options(type, &type_page); |
|
|
if (retval < 0) |
|
|
@@ -1565,6 +1592,15 @@ asmlinkage long sys_mount(char __user * |
|
|
if (retval < 0) |
|
|
goto out3; |
|
|
|
|
| 449 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
| 450 |
+ retval = -EPERM; |
+ if (CheckMountPermission(dev_name, dir_name, type_page, &flags)) return -EPERM; |
|
+ if (CheckMountPermission((char *) dev_page, dir_page, (char *) type_page, &flags) < 0 || |
|
|
+ CheckTaskCapability(SAKURA_DISABLE_MOUNT) < 0) { |
|
|
+ free_page(data_page); |
|
|
+ goto out3; |
|
|
+ } |
|
| 451 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
| 452 |
+ |
+ |
| 453 |
lock_kernel(); |
/* Separate the per-mountpoint flags */ |
| 454 |
retval = do_mount((char *)dev_page, dir_page, (char *)type_page, |
if (flags & MS_NOSUID) |
| 455 |
flags, (void *)data_page); |
mnt_flags |= MNT_NOSUID; |
| 456 |
@@ -1684,6 +1720,10 @@ asmlinkage long sys_pivot_root(const cha |
@@ -1684,6 +1715,10 @@ asmlinkage long sys_pivot_root(const cha |
| 457 |
if (!capable(CAP_SYS_ADMIN)) |
if (!capable(CAP_SYS_ADMIN)) |
| 458 |
return -EPERM; |
return -EPERM; |
| 459 |
|
|
| 460 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
| 461 |
+ if (CheckPivotRootPermission() < 0 || CheckTaskCapability(SAKURA_DISABLE_PIVOTROOT) < 0) return -EPERM; |
+ if (CheckPivotRootPermission() < 0) return -EPERM; |
| 462 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
| 463 |
+ |
+ |
| 464 |
lock_kernel(); |
lock_kernel(); |
| 465 |
|
|
| 466 |
error = __user_walk(new_root, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, |
error = __user_walk(new_root, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, |
| 467 |
diff -ubBpEr linux-2.6.19/fs/open.c linux-2.6.19-ccs/fs/open.c |
diff -ubBpEr linux-2.6.19/fs/open.c linux-2.6.19-ccs/fs/open.c |
| 468 |
--- linux-2.6.19/fs/open.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/fs/open.c 2007-03-03 11:38:54.000000000 +0900 |
| 469 |
+++ linux-2.6.19-ccs/fs/open.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/fs/open.c 2007-03-05 13:50:53.000000000 +0900 |
| 470 |
@@ -27,6 +27,12 @@ |
@@ -27,6 +27,12 @@ |
| 471 |
#include <linux/syscalls.h> |
#include <linux/syscalls.h> |
| 472 |
#include <linux/rcupdate.h> |
#include <linux/rcupdate.h> |
| 490 |
error = locks_verify_truncate(inode, NULL, length); |
error = locks_verify_truncate(inode, NULL, length); |
| 491 |
if (!error) { |
if (!error) { |
| 492 |
DQUOT_INIT(inode); |
DQUOT_INIT(inode); |
| 493 |
@@ -272,6 +281,7 @@ static long do_sys_truncate(const char _ |
@@ -317,6 +326,9 @@ static long do_sys_ftruncate(unsigned in |
|
put_write_access(inode); |
|
|
|
|
|
dput_and_out: |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "do_sys_truncate"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
out: |
|
|
return error; |
|
|
@@ -317,10 +327,14 @@ static long do_sys_ftruncate(unsigned in |
|
| 494 |
if (IS_APPEND(inode)) |
if (IS_APPEND(inode)) |
| 495 |
goto out_putf; |
goto out_putf; |
| 496 |
|
|
| 500 |
error = locks_verify_truncate(inode, file, length); |
error = locks_verify_truncate(inode, file, length); |
| 501 |
if (!error) |
if (!error) |
| 502 |
error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, file); |
error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, file); |
| 503 |
out_putf: |
@@ -469,6 +481,9 @@ asmlinkage long sys_chroot(const char __ |
|
+ if (error == -EROFS) ROFS_Log_from_dentry(file->f_dentry, file->f_vfsmnt, "do_sys_ftruncate"); /***** ReadOnly Tracer *****/ |
|
|
fput(file); |
|
|
out: |
|
|
return error; |
|
|
@@ -399,6 +413,9 @@ asmlinkage long sys_faccessat(int dfd, c |
|
|
res = -EROFS; |
|
|
|
|
|
out_path_release: |
|
|
+#if 0 |
|
|
+ if (res == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_access"); /***** ReadOnly Tracer *****/ |
|
|
+#endif |
|
|
path_release(&nd); |
|
|
out: |
|
|
current->fsuid = old_fsuid; |
|
|
@@ -469,6 +486,9 @@ asmlinkage long sys_chroot(const char __ |
|
| 504 |
{ |
{ |
| 505 |
struct nameidata nd; |
struct nameidata nd; |
| 506 |
int error; |
int error; |
| 510 |
|
|
| 511 |
error = __user_walk(filename, LOOKUP_FOLLOW | LOOKUP_DIRECTORY | LOOKUP_NOALT, &nd); |
error = __user_walk(filename, LOOKUP_FOLLOW | LOOKUP_DIRECTORY | LOOKUP_NOALT, &nd); |
| 512 |
if (error) |
if (error) |
| 513 |
@@ -482,6 +502,19 @@ asmlinkage long sys_chroot(const char __ |
@@ -482,6 +497,19 @@ asmlinkage long sys_chroot(const char __ |
| 514 |
if (!capable(CAP_SYS_CHROOT)) |
if (!capable(CAP_SYS_CHROOT)) |
| 515 |
goto dput_and_out; |
goto dput_and_out; |
| 516 |
|
|
| 518 |
+ { |
+ { |
| 519 |
+ char *name = getname(filename); |
+ char *name = getname(filename); |
| 520 |
+ if (!IS_ERR(name)) { |
+ if (!IS_ERR(name)) { |
| 521 |
+ error = CheckChRootPermission(name) | CheckTaskCapability(SAKURA_DISABLE_CHROOT); |
+ error = CheckChRootPermission(name); |
| 522 |
+ putname(name); |
+ putname(name); |
| 523 |
+ } else { |
+ } else { |
| 524 |
+ error = PTR_ERR(name); |
+ error = PTR_ERR(name); |
| 530 |
set_fs_root(current->fs, nd.mnt, nd.dentry); |
set_fs_root(current->fs, nd.mnt, nd.dentry); |
| 531 |
set_fs_altroot(); |
set_fs_altroot(); |
| 532 |
error = 0; |
error = 0; |
| 533 |
@@ -523,6 +556,7 @@ asmlinkage long sys_fchmod(unsigned int |
@@ -1086,6 +1114,9 @@ EXPORT_SYMBOL(sys_close); |
|
mutex_unlock(&inode->i_mutex); |
|
|
|
|
|
out_putf: |
|
|
+ if (err == -EROFS) ROFS_Log_from_dentry(file->f_dentry, file->f_vfsmnt, "sys_fchmod"); /***** ReadOnly Tracer *****/ |
|
|
fput(file); |
|
|
out: |
|
|
return err; |
|
|
@@ -558,6 +592,7 @@ asmlinkage long sys_fchmodat(int dfd, co |
|
|
mutex_unlock(&inode->i_mutex); |
|
|
|
|
|
dput_and_out: |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_chmod"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
out: |
|
|
return error; |
|
|
@@ -612,6 +647,7 @@ asmlinkage long sys_chown(const char __u |
|
|
if (error) |
|
|
goto out; |
|
|
error = chown_common(nd.dentry, user, group); |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_chown"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
out: |
|
|
return error; |
|
|
@@ -632,6 +668,7 @@ asmlinkage long sys_fchownat(int dfd, co |
|
|
if (error) |
|
|
goto out; |
|
|
error = chown_common(nd.dentry, user, group); |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_fchownat"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
out: |
|
|
return error; |
|
|
@@ -646,6 +683,7 @@ asmlinkage long sys_lchown(const char __ |
|
|
if (error) |
|
|
goto out; |
|
|
error = chown_common(nd.dentry, user, group); |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_lchown"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
out: |
|
|
return error; |
|
|
@@ -665,6 +703,7 @@ asmlinkage long sys_fchown(unsigned int |
|
|
dentry = file->f_dentry; |
|
|
audit_inode(NULL, dentry->d_inode); |
|
|
error = chown_common(dentry, user, group); |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(dentry, file->f_vfsmnt, "sys_fchown"); /***** ReadOnly Tracer *****/ |
|
|
fput(file); |
|
|
out: |
|
|
return error; |
|
|
@@ -1086,6 +1125,9 @@ EXPORT_SYMBOL(sys_close); |
|
| 534 |
*/ |
*/ |
| 535 |
asmlinkage long sys_vhangup(void) |
asmlinkage long sys_vhangup(void) |
| 536 |
{ |
{ |
| 541 |
tty_vhangup(current->signal->tty); |
tty_vhangup(current->signal->tty); |
| 542 |
return 0; |
return 0; |
| 543 |
diff -ubBpEr linux-2.6.19/fs/proc/Makefile linux-2.6.19-ccs/fs/proc/Makefile |
diff -ubBpEr linux-2.6.19/fs/proc/Makefile linux-2.6.19-ccs/fs/proc/Makefile |
| 544 |
--- linux-2.6.19/fs/proc/Makefile 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/fs/proc/Makefile 2007-03-03 10:49:57.000000000 +0900 |
| 545 |
+++ linux-2.6.19-ccs/fs/proc/Makefile 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/fs/proc/Makefile 2007-03-03 10:55:25.000000000 +0900 |
| 546 |
@@ -13,3 +13,6 @@ proc-y += inode.o root.o base.o ge |
@@ -13,3 +13,6 @@ proc-y += inode.o root.o base.o ge |
| 547 |
proc-$(CONFIG_PROC_KCORE) += kcore.o |
proc-$(CONFIG_PROC_KCORE) += kcore.o |
| 548 |
proc-$(CONFIG_PROC_VMCORE) += vmcore.o |
proc-$(CONFIG_PROC_VMCORE) += vmcore.o |
| 551 |
+proc-$(CONFIG_SAKURA) += ccs_proc.o |
+proc-$(CONFIG_SAKURA) += ccs_proc.o |
| 552 |
+proc-$(CONFIG_TOMOYO) += ccs_proc.o |
+proc-$(CONFIG_TOMOYO) += ccs_proc.o |
| 553 |
diff -ubBpEr linux-2.6.19/fs/proc/proc_misc.c linux-2.6.19-ccs/fs/proc/proc_misc.c |
diff -ubBpEr linux-2.6.19/fs/proc/proc_misc.c linux-2.6.19-ccs/fs/proc/proc_misc.c |
| 554 |
--- linux-2.6.19/fs/proc/proc_misc.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/fs/proc/proc_misc.c 2007-03-03 10:49:57.000000000 +0900 |
| 555 |
+++ linux-2.6.19-ccs/fs/proc/proc_misc.c 2006-11-30 11:31:06.000000000 +0900 |
+++ linux-2.6.19-ccs/fs/proc/proc_misc.c 2007-03-06 10:06:52.000000000 +0900 |
| 556 |
@@ -742,4 +742,13 @@ void __init proc_misc_init(void) |
@@ -742,4 +742,13 @@ void __init proc_misc_init(void) |
| 557 |
if (entry) |
if (entry) |
| 558 |
entry->proc_fops = &proc_sysrq_trigger_operations; |
entry->proc_fops = &proc_sysrq_trigger_operations; |
| 562 |
+ { |
+ { |
| 563 |
+ extern void __init CCSProc_Init(void); |
+ extern void __init CCSProc_Init(void); |
| 564 |
+ CCSProc_Init(); |
+ CCSProc_Init(); |
| 565 |
+ printk("Hook version: 2.6.19 2006/11/30\n"); |
+ printk("Hook version: 2.6.19 2007/03/06\n"); |
| 566 |
+ } |
+ } |
| 567 |
+#endif |
+#endif |
| 568 |
+ /***** CCS end. *****/ |
+ /***** CCS end. *****/ |
| 569 |
} |
} |
|
diff -ubBpEr linux-2.6.19/fs/utimes.c linux-2.6.19-ccs/fs/utimes.c |
|
|
--- linux-2.6.19/fs/utimes.c 2006-11-30 11:30:07.000000000 +0900 |
|
|
+++ linux-2.6.19-ccs/fs/utimes.c 2006-11-30 11:30:18.000000000 +0900 |
|
|
@@ -5,6 +5,9 @@ |
|
|
#include <linux/utime.h> |
|
|
#include <asm/uaccess.h> |
|
|
#include <asm/unistd.h> |
|
|
+/***** SAKURA Linux start. *****/ |
|
|
+#include <linux/sakura.h> |
|
|
+/***** SAKURA Linux end. *****/ |
|
|
|
|
|
#ifdef __ARCH_WANT_SYS_UTIME |
|
|
|
|
|
@@ -64,6 +67,7 @@ asmlinkage long sys_utime(char __user * |
|
|
error = notify_change(nd.dentry, &newattrs); |
|
|
mutex_unlock(&inode->i_mutex); |
|
|
dput_and_out: |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_utime"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
out: |
|
|
return error; |
|
|
@@ -117,6 +121,7 @@ long do_utimes(int dfd, char __user *fil |
|
|
error = notify_change(nd.dentry, &newattrs); |
|
|
mutex_unlock(&inode->i_mutex); |
|
|
dput_and_out: |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_utimes"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
out: |
|
|
return error; |
|
| 570 |
diff -ubBpEr linux-2.6.19/include/linux/init_task.h linux-2.6.19-ccs/include/linux/init_task.h |
diff -ubBpEr linux-2.6.19/include/linux/init_task.h linux-2.6.19-ccs/include/linux/init_task.h |
| 571 |
--- linux-2.6.19/include/linux/init_task.h 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/include/linux/init_task.h 2007-03-03 10:49:57.000000000 +0900 |
| 572 |
+++ linux-2.6.19-ccs/include/linux/init_task.h 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/include/linux/init_task.h 2007-03-03 11:13:19.000000000 +0900 |
| 573 |
@@ -140,6 +140,12 @@ extern struct group_info init_groups; |
@@ -140,6 +140,10 @@ extern struct group_info init_groups; |
| 574 |
.pi_lock = SPIN_LOCK_UNLOCKED, \ |
.pi_lock = SPIN_LOCK_UNLOCKED, \ |
| 575 |
INIT_TRACE_IRQFLAGS \ |
INIT_TRACE_IRQFLAGS \ |
| 576 |
INIT_LOCKDEP \ |
INIT_LOCKDEP \ |
| 577 |
+ /***** TOMOYO Linux start. *****/ \ |
+ /***** TOMOYO Linux start. *****/ \ |
| 578 |
+ .domain_info = &KERNEL_DOMAIN, \ |
+ .domain_info = &KERNEL_DOMAIN, \ |
| 579 |
|
+ .tomoyo_flags = 0, \ |
| 580 |
+ /***** TOMOYO Linux end. *****/ \ |
+ /***** TOMOYO Linux end. *****/ \ |
|
+ /***** SAKURA Linux start. *****/ \ |
|
|
+ .dropped_capability = 0, \ |
|
|
+ /***** SAKURA Linux end. *****/ \ |
|
| 581 |
} |
} |
| 582 |
|
|
| 583 |
|
|
| 584 |
diff -ubBpEr linux-2.6.19/include/linux/sched.h linux-2.6.19-ccs/include/linux/sched.h |
diff -ubBpEr linux-2.6.19/include/linux/sched.h linux-2.6.19-ccs/include/linux/sched.h |
| 585 |
--- linux-2.6.19/include/linux/sched.h 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/include/linux/sched.h 2007-03-03 10:49:57.000000000 +0900 |
| 586 |
+++ linux-2.6.19-ccs/include/linux/sched.h 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/include/linux/sched.h 2007-03-03 11:08:55.000000000 +0900 |
| 587 |
@@ -27,6 +27,11 @@ |
@@ -27,6 +27,11 @@ |
| 588 |
#define CLONE_NEWUTS 0x04000000 /* New utsname group? */ |
#define CLONE_NEWUTS 0x04000000 /* New utsname group? */ |
| 589 |
#define CLONE_NEWIPC 0x08000000 /* New ipcs */ |
#define CLONE_NEWIPC 0x08000000 /* New ipcs */ |
| 596 |
/* |
/* |
| 597 |
* Scheduling policies |
* Scheduling policies |
| 598 |
*/ |
*/ |
| 599 |
@@ -1023,6 +1028,12 @@ struct task_struct { |
@@ -1023,6 +1028,10 @@ struct task_struct { |
| 600 |
#ifdef CONFIG_TASK_DELAY_ACCT |
#ifdef CONFIG_TASK_DELAY_ACCT |
| 601 |
struct task_delay_info *delays; |
struct task_delay_info *delays; |
| 602 |
#endif |
#endif |
| 603 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
| 604 |
+ struct domain_info *domain_info; |
+ struct domain_info *domain_info; |
| 605 |
|
+ unsigned int tomoyo_flags; |
| 606 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
|
+ /***** SAKURA Linux start. *****/ |
|
|
+ unsigned int dropped_capability; |
|
|
+ /***** SAKURA Linux end. *****/ |
|
| 607 |
}; |
}; |
| 608 |
|
|
| 609 |
static inline pid_t process_group(struct task_struct *tsk) |
static inline pid_t process_group(struct task_struct *tsk) |
| 610 |
diff -ubBpEr linux-2.6.19/kernel/kexec.c linux-2.6.19-ccs/kernel/kexec.c |
diff -ubBpEr linux-2.6.19/kernel/kexec.c linux-2.6.19-ccs/kernel/kexec.c |
| 611 |
--- linux-2.6.19/kernel/kexec.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/kernel/kexec.c 2007-03-03 10:49:57.000000000 +0900 |
| 612 |
+++ linux-2.6.19-ccs/kernel/kexec.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/kernel/kexec.c 2007-03-03 10:55:25.000000000 +0900 |
| 613 |
@@ -26,6 +26,9 @@ |
@@ -26,6 +26,9 @@ |
| 614 |
#include <asm/io.h> |
#include <asm/io.h> |
| 615 |
#include <asm/system.h> |
#include <asm/system.h> |
| 631 |
/* |
/* |
| 632 |
* Verify we have a legal set of flags |
* Verify we have a legal set of flags |
| 633 |
diff -ubBpEr linux-2.6.19/kernel/kmod.c linux-2.6.19-ccs/kernel/kmod.c |
diff -ubBpEr linux-2.6.19/kernel/kmod.c linux-2.6.19-ccs/kernel/kmod.c |
| 634 |
--- linux-2.6.19/kernel/kmod.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/kernel/kmod.c 2007-03-03 10:49:57.000000000 +0900 |
| 635 |
+++ linux-2.6.19-ccs/kernel/kmod.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/kernel/kmod.c 2007-03-03 11:16:25.000000000 +0900 |
| 636 |
@@ -165,6 +165,13 @@ static int ____call_usermodehelper(void |
@@ -165,6 +165,11 @@ static int ____call_usermodehelper(void |
| 637 |
/* We can run anywhere, unlike our parent keventd(). */ |
/* We can run anywhere, unlike our parent keventd(). */ |
| 638 |
set_cpus_allowed(current, CPU_MASK_ALL); |
set_cpus_allowed(current, CPU_MASK_ALL); |
| 639 |
|
|
| 640 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
| 641 |
+ current->domain_info = &KERNEL_DOMAIN; |
+ current->domain_info = &KERNEL_DOMAIN; |
| 642 |
|
+ current->tomoyo_flags = 0; |
| 643 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
|
+ /***** SAKURA Linux start. *****/ |
|
|
+ current->dropped_capability = 0; |
|
|
+ /***** SAKURA Linux end. *****/ |
|
| 644 |
+ |
+ |
| 645 |
retval = -EPERM; |
retval = -EPERM; |
| 646 |
if (current->fs->root) |
if (current->fs->root) |
| 647 |
retval = kernel_execve(sub_info->path, |
retval = kernel_execve(sub_info->path, |
| 648 |
diff -ubBpEr linux-2.6.19/kernel/module.c linux-2.6.19-ccs/kernel/module.c |
diff -ubBpEr linux-2.6.19/kernel/module.c linux-2.6.19-ccs/kernel/module.c |
| 649 |
--- linux-2.6.19/kernel/module.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/kernel/module.c 2007-03-03 10:49:57.000000000 +0900 |
| 650 |
+++ linux-2.6.19-ccs/kernel/module.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/kernel/module.c 2007-03-03 10:55:25.000000000 +0900 |
| 651 |
@@ -44,6 +44,9 @@ |
@@ -44,6 +44,9 @@ |
| 652 |
#include <asm/semaphore.h> |
#include <asm/semaphore.h> |
| 653 |
#include <asm/cacheflush.h> |
#include <asm/cacheflush.h> |
| 681 |
if (mutex_lock_interruptible(&module_mutex) != 0) |
if (mutex_lock_interruptible(&module_mutex) != 0) |
| 682 |
return -EINTR; |
return -EINTR; |
| 683 |
diff -ubBpEr linux-2.6.19/kernel/sched.c linux-2.6.19-ccs/kernel/sched.c |
diff -ubBpEr linux-2.6.19/kernel/sched.c linux-2.6.19-ccs/kernel/sched.c |
| 684 |
--- linux-2.6.19/kernel/sched.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/kernel/sched.c 2007-03-03 10:49:57.000000000 +0900 |
| 685 |
+++ linux-2.6.19-ccs/kernel/sched.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/kernel/sched.c 2007-03-03 10:55:25.000000000 +0900 |
| 686 |
@@ -55,6 +55,9 @@ |
@@ -55,6 +55,9 @@ |
| 687 |
#include <asm/tlb.h> |
#include <asm/tlb.h> |
| 688 |
|
|
| 704 |
/* |
/* |
| 705 |
* Setpriority might change our priority at the same moment. |
* Setpriority might change our priority at the same moment. |
| 706 |
diff -ubBpEr linux-2.6.19/kernel/signal.c linux-2.6.19-ccs/kernel/signal.c |
diff -ubBpEr linux-2.6.19/kernel/signal.c linux-2.6.19-ccs/kernel/signal.c |
| 707 |
--- linux-2.6.19/kernel/signal.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/kernel/signal.c 2007-03-03 10:49:57.000000000 +0900 |
| 708 |
+++ linux-2.6.19-ccs/kernel/signal.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/kernel/signal.c 2007-03-03 10:55:25.000000000 +0900 |
| 709 |
@@ -28,6 +28,9 @@ |
@@ -28,6 +28,9 @@ |
| 710 |
#include <asm/unistd.h> |
#include <asm/unistd.h> |
| 711 |
#include <asm/siginfo.h> |
#include <asm/siginfo.h> |
| 750 |
return do_tkill(0, pid, sig); |
return do_tkill(0, pid, sig); |
| 751 |
} |
} |
| 752 |
diff -ubBpEr linux-2.6.19/kernel/sys.c linux-2.6.19-ccs/kernel/sys.c |
diff -ubBpEr linux-2.6.19/kernel/sys.c linux-2.6.19-ccs/kernel/sys.c |
| 753 |
--- linux-2.6.19/kernel/sys.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/kernel/sys.c 2007-03-03 10:49:57.000000000 +0900 |
| 754 |
+++ linux-2.6.19-ccs/kernel/sys.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/kernel/sys.c 2007-03-03 10:55:25.000000000 +0900 |
| 755 |
@@ -37,6 +37,9 @@ |
@@ -37,6 +37,9 @@ |
| 756 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
| 757 |
#include <asm/io.h> |
#include <asm/io.h> |
| 803 |
down_write(&uts_sem); |
down_write(&uts_sem); |
| 804 |
errno = -EFAULT; |
errno = -EFAULT; |
| 805 |
diff -ubBpEr linux-2.6.19/kernel/sysctl.c linux-2.6.19-ccs/kernel/sysctl.c |
diff -ubBpEr linux-2.6.19/kernel/sysctl.c linux-2.6.19-ccs/kernel/sysctl.c |
| 806 |
--- linux-2.6.19/kernel/sysctl.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/kernel/sysctl.c 2007-03-03 10:49:57.000000000 +0900 |
| 807 |
+++ linux-2.6.19-ccs/kernel/sysctl.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/kernel/sysctl.c 2007-03-03 10:55:25.000000000 +0900 |
| 808 |
@@ -48,6 +48,9 @@ |
@@ -48,6 +48,9 @@ |
| 809 |
|
|
| 810 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
| 928 |
table, name, nlen, |
table, name, nlen, |
| 929 |
oldval, oldlenp, |
oldval, oldlenp, |
| 930 |
diff -ubBpEr linux-2.6.19/kernel/time/ntp.c linux-2.6.19-ccs/kernel/time/ntp.c |
diff -ubBpEr linux-2.6.19/kernel/time/ntp.c linux-2.6.19-ccs/kernel/time/ntp.c |
| 931 |
--- linux-2.6.19/kernel/time/ntp.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/kernel/time/ntp.c 2007-03-03 10:49:57.000000000 +0900 |
| 932 |
+++ linux-2.6.19-ccs/kernel/time/ntp.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/kernel/time/ntp.c 2007-03-03 10:55:25.000000000 +0900 |
| 933 |
@@ -14,6 +14,9 @@ |
@@ -14,6 +14,9 @@ |
| 934 |
|
|
| 935 |
#include <asm/div64.h> |
#include <asm/div64.h> |
| 951 |
/* Now we validate the data before disabling interrupts */ |
/* Now we validate the data before disabling interrupts */ |
| 952 |
|
|
| 953 |
diff -ubBpEr linux-2.6.19/kernel/time.c linux-2.6.19-ccs/kernel/time.c |
diff -ubBpEr linux-2.6.19/kernel/time.c linux-2.6.19-ccs/kernel/time.c |
| 954 |
--- linux-2.6.19/kernel/time.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/kernel/time.c 2007-03-03 10:49:57.000000000 +0900 |
| 955 |
+++ linux-2.6.19-ccs/kernel/time.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/kernel/time.c 2007-03-03 10:55:25.000000000 +0900 |
| 956 |
@@ -39,6 +39,9 @@ |
@@ -39,6 +39,9 @@ |
| 957 |
|
|
| 958 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
| 984 |
if (tz) { |
if (tz) { |
| 985 |
/* SMP safe, global irq locking makes it work. */ |
/* SMP safe, global irq locking makes it work. */ |
| 986 |
diff -ubBpEr linux-2.6.19/net/ipv4/inet_connection_sock.c linux-2.6.19-ccs/net/ipv4/inet_connection_sock.c |
diff -ubBpEr linux-2.6.19/net/ipv4/inet_connection_sock.c linux-2.6.19-ccs/net/ipv4/inet_connection_sock.c |
| 987 |
--- linux-2.6.19/net/ipv4/inet_connection_sock.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/net/ipv4/inet_connection_sock.c 2007-03-03 10:49:57.000000000 +0900 |
| 988 |
+++ linux-2.6.19-ccs/net/ipv4/inet_connection_sock.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/net/ipv4/inet_connection_sock.c 2007-03-03 10:55:25.000000000 +0900 |
| 989 |
@@ -23,6 +23,9 @@ |
@@ -23,6 +23,9 @@ |
| 990 |
#include <net/route.h> |
#include <net/route.h> |
| 991 |
#include <net/tcp_states.h> |
#include <net/tcp_states.h> |
| 1007 |
if (tb->port == rover) |
if (tb->port == rover) |
| 1008 |
goto next; |
goto next; |
| 1009 |
diff -ubBpEr linux-2.6.19/net/ipv4/inet_hashtables.c linux-2.6.19-ccs/net/ipv4/inet_hashtables.c |
diff -ubBpEr linux-2.6.19/net/ipv4/inet_hashtables.c linux-2.6.19-ccs/net/ipv4/inet_hashtables.c |
| 1010 |
--- linux-2.6.19/net/ipv4/inet_hashtables.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/net/ipv4/inet_hashtables.c 2007-03-03 10:49:57.000000000 +0900 |
| 1011 |
+++ linux-2.6.19-ccs/net/ipv4/inet_hashtables.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/net/ipv4/inet_hashtables.c 2007-03-03 10:55:25.000000000 +0900 |
| 1012 |
@@ -22,6 +22,9 @@ |
@@ -22,6 +22,9 @@ |
| 1013 |
#include <net/inet_connection_sock.h> |
#include <net/inet_connection_sock.h> |
| 1014 |
#include <net/inet_hashtables.h> |
#include <net/inet_hashtables.h> |
| 1030 |
spin_lock(&head->lock); |
spin_lock(&head->lock); |
| 1031 |
|
|
| 1032 |
diff -ubBpEr linux-2.6.19/net/ipv4/udp.c linux-2.6.19-ccs/net/ipv4/udp.c |
diff -ubBpEr linux-2.6.19/net/ipv4/udp.c linux-2.6.19-ccs/net/ipv4/udp.c |
| 1033 |
--- linux-2.6.19/net/ipv4/udp.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/net/ipv4/udp.c 2007-03-03 10:49:57.000000000 +0900 |
| 1034 |
+++ linux-2.6.19-ccs/net/ipv4/udp.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/net/ipv4/udp.c 2007-03-03 10:55:25.000000000 +0900 |
| 1035 |
@@ -108,6 +108,9 @@ |
@@ -108,6 +108,9 @@ |
| 1036 |
#include <net/inet_common.h> |
#include <net/inet_common.h> |
| 1037 |
#include <net/checksum.h> |
#include <net/checksum.h> |
| 1063 |
break; |
break; |
| 1064 |
} |
} |
| 1065 |
diff -ubBpEr linux-2.6.19/net/ipv6/inet6_hashtables.c linux-2.6.19-ccs/net/ipv6/inet6_hashtables.c |
diff -ubBpEr linux-2.6.19/net/ipv6/inet6_hashtables.c linux-2.6.19-ccs/net/ipv6/inet6_hashtables.c |
| 1066 |
--- linux-2.6.19/net/ipv6/inet6_hashtables.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/net/ipv6/inet6_hashtables.c 2007-03-03 10:49:57.000000000 +0900 |
| 1067 |
+++ linux-2.6.19-ccs/net/ipv6/inet6_hashtables.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/net/ipv6/inet6_hashtables.c 2007-03-03 10:55:25.000000000 +0900 |
| 1068 |
@@ -21,6 +21,9 @@ |
@@ -21,6 +21,9 @@ |
| 1069 |
#include <net/inet_hashtables.h> |
#include <net/inet_hashtables.h> |
| 1070 |
#include <net/inet6_hashtables.h> |
#include <net/inet6_hashtables.h> |
| 1086 |
spin_lock(&head->lock); |
spin_lock(&head->lock); |
| 1087 |
|
|
| 1088 |
diff -ubBpEr linux-2.6.19/net/socket.c linux-2.6.19-ccs/net/socket.c |
diff -ubBpEr linux-2.6.19/net/socket.c linux-2.6.19-ccs/net/socket.c |
| 1089 |
--- linux-2.6.19/net/socket.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/net/socket.c 2007-03-03 10:49:57.000000000 +0900 |
| 1090 |
+++ linux-2.6.19-ccs/net/socket.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/net/socket.c 2007-03-03 10:55:25.000000000 +0900 |
| 1091 |
@@ -94,6 +94,11 @@ |
@@ -94,6 +94,11 @@ |
| 1092 |
#include <net/sock.h> |
#include <net/sock.h> |
| 1093 |
#include <linux/netfilter.h> |
#include <linux/netfilter.h> |
| 1179 |
err = sock->ops->connect(sock, (struct sockaddr *)address, addrlen, |
err = sock->ops->connect(sock, (struct sockaddr *)address, addrlen, |
| 1180 |
sock->file->f_flags); |
sock->file->f_flags); |
| 1181 |
diff -ubBpEr linux-2.6.19/net/unix/af_unix.c linux-2.6.19-ccs/net/unix/af_unix.c |
diff -ubBpEr linux-2.6.19/net/unix/af_unix.c linux-2.6.19-ccs/net/unix/af_unix.c |
| 1182 |
--- linux-2.6.19/net/unix/af_unix.c 2006-11-30 11:30:07.000000000 +0900 |
--- linux-2.6.19/net/unix/af_unix.c 2007-03-03 11:38:54.000000000 +0900 |
| 1183 |
+++ linux-2.6.19-ccs/net/unix/af_unix.c 2006-11-30 11:30:18.000000000 +0900 |
+++ linux-2.6.19-ccs/net/unix/af_unix.c 2007-03-05 13:21:45.000000000 +0900 |
| 1184 |
@@ -116,6 +116,12 @@ |
@@ -116,6 +116,9 @@ |
| 1185 |
#include <linux/mount.h> |
#include <linux/mount.h> |
| 1186 |
#include <net/checksum.h> |
#include <net/checksum.h> |
| 1187 |
#include <linux/security.h> |
#include <linux/security.h> |
|
+/***** SAKURA Linux start. *****/ |
|
|
+#include <linux/sakura.h> |
|
|
+/***** SAKURA Linux end. *****/ |
|
| 1188 |
+/***** TOMOYO Linux start. *****/ |
+/***** TOMOYO Linux start. *****/ |
| 1189 |
+#include <linux/tomoyo.h> |
+#include <linux/tomoyo.h> |
| 1190 |
+/***** TOMOYO Linux end. *****/ |
+/***** TOMOYO Linux end. *****/ |
| 1191 |
|
|
| 1192 |
int sysctl_unix_max_dgram_qlen __read_mostly = 10; |
int sysctl_unix_max_dgram_qlen __read_mostly = 10; |
| 1193 |
|
|
| 1194 |
@@ -764,6 +770,10 @@ static int unix_bind(struct socket *sock |
@@ -764,6 +767,10 @@ static int unix_bind(struct socket *sock |
| 1195 |
err = unix_autobind(sock); |
err = unix_autobind(sock); |
| 1196 |
goto out; |
goto out; |
| 1197 |
} |
} |
| 1202 |
|
|
| 1203 |
err = unix_mkname(sunaddr, addr_len, &hash); |
err = unix_mkname(sunaddr, addr_len, &hash); |
| 1204 |
if (err < 0) |
if (err < 0) |
| 1205 |
@@ -807,7 +817,11 @@ static int unix_bind(struct socket *sock |
@@ -807,6 +814,9 @@ static int unix_bind(struct socket *sock |
| 1206 |
*/ |
*/ |
| 1207 |
mode = S_IFSOCK | |
mode = S_IFSOCK | |
| 1208 |
(SOCK_INODE(sock)->i_mode & ~current->fs->umask); |
(SOCK_INODE(sock)->i_mode & ~current->fs->umask); |
| 1210 |
+ if ((err = pre_vfs_mknod(nd.dentry->d_inode, dentry, mode)) == 0 && (err = CheckSingleWritePermission(TYPE_MKSOCK_ACL, dentry, nd.mnt)) == 0) |
+ if ((err = pre_vfs_mknod(nd.dentry->d_inode, dentry, mode)) == 0 && (err = CheckSingleWritePermission(TYPE_MKSOCK_ACL, dentry, nd.mnt)) == 0) |
| 1211 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
| 1212 |
err = vfs_mknod(nd.dentry->d_inode, dentry, mode, 0); |
err = vfs_mknod(nd.dentry->d_inode, dentry, mode, 0); |
|
+ if (err == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "unix_bind"); /***** ReadOnly Tracer *****/ |
|
| 1213 |
if (err) |
if (err) |
| 1214 |
goto out_mknod_dput; |
goto out_mknod_dput; |
|
mutex_unlock(&nd.dentry->d_inode->i_mutex); |
|
TOMOYO
Parent Directory
Revision Log
Patch