1 |
diff -ubBpEr linux-2.6.12.3-a9-8/Makefile linux-2.6.12.3-a9-8-ccs/Makefile |
diff -ubBpEr linux-2.6.12.3-a9-8/Makefile linux-2.6.12.3-a9-8-ccs/Makefile |
2 |
--- linux-2.6.12.3-a9-8/Makefile 2006-11-20 15:28:26.259225752 +0900 |
--- linux-2.6.12.3-a9-8/Makefile 2006-10-19 21:19:32.000000000 +0900 |
3 |
+++ linux-2.6.12.3-a9-8-ccs/Makefile 2006-11-20 15:28:51.587375288 +0900 |
+++ linux-2.6.12.3-a9-8-ccs/Makefile 2006-11-20 15:28:51.000000000 +0900 |
4 |
@@ -1,7 +1,7 @@ |
@@ -1,7 +1,7 @@ |
5 |
VERSION = 2 |
VERSION = 2 |
6 |
PATCHLEVEL = 6 |
PATCHLEVEL = 6 |
11 |
|
|
12 |
# *DOCUMENTATION* |
# *DOCUMENTATION* |
13 |
diff -ubBpEr linux-2.6.12.3-a9-8/fs/Kconfig linux-2.6.12.3-a9-8-ccs/fs/Kconfig |
diff -ubBpEr linux-2.6.12.3-a9-8/fs/Kconfig linux-2.6.12.3-a9-8-ccs/fs/Kconfig |
14 |
--- linux-2.6.12.3-a9-8/fs/Kconfig 2006-11-20 15:28:26.261225448 +0900 |
--- linux-2.6.12.3-a9-8/fs/Kconfig 2005-07-16 06:18:57.000000000 +0900 |
15 |
+++ linux-2.6.12.3-a9-8-ccs/fs/Kconfig 2006-11-20 15:28:32.147330624 +0900 |
+++ linux-2.6.12.3-a9-8-ccs/fs/Kconfig 2006-11-20 15:28:32.000000000 +0900 |
16 |
@@ -1725,5 +1725,7 @@ endmenu |
@@ -1725,5 +1725,7 @@ endmenu |
17 |
|
|
18 |
source "fs/nls/Kconfig" |
source "fs/nls/Kconfig" |
22 |
endmenu |
endmenu |
23 |
|
|
24 |
diff -ubBpEr linux-2.6.12.3-a9-8/fs/Makefile linux-2.6.12.3-a9-8-ccs/fs/Makefile |
diff -ubBpEr linux-2.6.12.3-a9-8/fs/Makefile linux-2.6.12.3-a9-8-ccs/fs/Makefile |
25 |
--- linux-2.6.12.3-a9-8/fs/Makefile 2006-11-20 15:28:26.262225296 +0900 |
--- linux-2.6.12.3-a9-8/fs/Makefile 2005-07-16 06:18:57.000000000 +0900 |
26 |
+++ linux-2.6.12.3-a9-8-ccs/fs/Makefile 2006-11-20 15:28:32.149330320 +0900 |
+++ linux-2.6.12.3-a9-8-ccs/fs/Makefile 2006-11-20 15:28:32.000000000 +0900 |
27 |
@@ -95,3 +95,5 @@ obj-$(CONFIG_BEFS_FS) += befs/ |
@@ -95,3 +95,5 @@ obj-$(CONFIG_BEFS_FS) += befs/ |
28 |
obj-$(CONFIG_HOSTFS) += hostfs/ |
obj-$(CONFIG_HOSTFS) += hostfs/ |
29 |
obj-$(CONFIG_HPPFS) += hppfs/ |
obj-$(CONFIG_HPPFS) += hppfs/ |
31 |
+ |
+ |
32 |
+include $(srctree)/fs/Makefile-2.6.ccs |
+include $(srctree)/fs/Makefile-2.6.ccs |
33 |
diff -ubBpEr linux-2.6.12.3-a9-8/fs/attr.c linux-2.6.12.3-a9-8-ccs/fs/attr.c |
diff -ubBpEr linux-2.6.12.3-a9-8/fs/attr.c linux-2.6.12.3-a9-8-ccs/fs/attr.c |
34 |
--- linux-2.6.12.3-a9-8/fs/attr.c 2006-11-20 15:28:26.262225296 +0900 |
--- linux-2.6.12.3-a9-8/fs/attr.c 2005-07-16 06:18:57.000000000 +0900 |
35 |
+++ linux-2.6.12.3-a9-8-ccs/fs/attr.c 2006-11-20 15:28:32.150330168 +0900 |
+++ linux-2.6.12.3-a9-8-ccs/fs/attr.c 2007-03-05 17:58:28.000000000 +0900 |
36 |
@@ -15,6 +15,9 @@ |
@@ -15,6 +15,9 @@ |
37 |
#include <linux/quotaops.h> |
#include <linux/quotaops.h> |
38 |
#include <linux/security.h> |
#include <linux/security.h> |
65 |
if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) || |
if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) || |
66 |
(ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid)) |
(ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid)) |
67 |
diff -ubBpEr linux-2.6.12.3-a9-8/fs/compat.c linux-2.6.12.3-a9-8-ccs/fs/compat.c |
diff -ubBpEr linux-2.6.12.3-a9-8/fs/compat.c linux-2.6.12.3-a9-8-ccs/fs/compat.c |
68 |
--- linux-2.6.12.3-a9-8/fs/compat.c 2006-11-20 15:28:26.262225296 +0900 |
--- linux-2.6.12.3-a9-8/fs/compat.c 2005-07-16 06:18:57.000000000 +0900 |
69 |
+++ linux-2.6.12.3-a9-8-ccs/fs/compat.c 2006-11-20 15:28:32.151330016 +0900 |
+++ linux-2.6.12.3-a9-8-ccs/fs/compat.c 2007-03-05 18:00:01.000000000 +0900 |
70 |
@@ -50,6 +50,9 @@ |
@@ -50,6 +50,9 @@ |
71 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
72 |
#include <asm/mmu_context.h> |
#include <asm/mmu_context.h> |
87 |
if (filp->f_op && filp->f_op->compat_ioctl) { |
if (filp->f_op && filp->f_op->compat_ioctl) { |
88 |
error = filp->f_op->compat_ioctl(filp, cmd, arg); |
error = filp->f_op->compat_ioctl(filp, cmd, arg); |
89 |
if (error != -ENOIOCTLCMD) |
if (error != -ENOIOCTLCMD) |
90 |
|
@@ -1557,7 +1563,7 @@ int compat_do_execve(char * filename, |
91 |
|
if (retval < 0) |
92 |
|
goto out; |
93 |
|
|
94 |
|
- retval = search_binary_handler(bprm, regs); |
95 |
|
+ retval = search_binary_handler_with_transition(bprm, regs); |
96 |
|
if (retval >= 0) { |
97 |
|
free_arg_pages(bprm); |
98 |
|
|
99 |
diff -ubBpEr linux-2.6.12.3-a9-8/fs/exec.c linux-2.6.12.3-a9-8-ccs/fs/exec.c |
diff -ubBpEr linux-2.6.12.3-a9-8/fs/exec.c linux-2.6.12.3-a9-8-ccs/fs/exec.c |
100 |
--- linux-2.6.12.3-a9-8/fs/exec.c 2006-11-20 15:28:26.264224992 +0900 |
--- linux-2.6.12.3-a9-8/fs/exec.c 2005-07-16 06:18:57.000000000 +0900 |
101 |
+++ linux-2.6.12.3-a9-8-ccs/fs/exec.c 2006-11-20 15:28:32.154329560 +0900 |
+++ linux-2.6.12.3-a9-8-ccs/fs/exec.c 2007-03-06 11:27:49.000000000 +0900 |
102 |
@@ -56,6 +56,13 @@ |
@@ -56,6 +56,10 @@ |
103 |
#include <linux/kmod.h> |
#include <linux/kmod.h> |
104 |
#endif |
#endif |
105 |
|
|
|
+/***** SAKURA Linux start. *****/ |
|
|
+#include <linux/sakura.h> |
|
|
+/***** SAKURA Linux end. *****/ |
|
106 |
+/***** TOMOYO Linux start. *****/ |
+/***** TOMOYO Linux start. *****/ |
107 |
+#include <linux/tomoyo.h> |
+#include <linux/tomoyo.h> |
108 |
+/***** TOMOYO Linux end. *****/ |
+/***** TOMOYO Linux end. *****/ |
110 |
int core_uses_pid; |
int core_uses_pid; |
111 |
char core_pattern[65] = "core"; |
char core_pattern[65] = "core"; |
112 |
/* The maximal length of core_pattern is also specified in sysctl.c */ |
/* The maximal length of core_pattern is also specified in sysctl.c */ |
113 |
@@ -136,6 +143,11 @@ asmlinkage long sys_uselib(const char __ |
@@ -136,6 +140,11 @@ asmlinkage long sys_uselib(const char __ |
114 |
if (error) |
if (error) |
115 |
goto exit; |
goto exit; |
116 |
|
|
122 |
file = dentry_open(nd.dentry, nd.mnt, O_RDONLY); |
file = dentry_open(nd.dentry, nd.mnt, O_RDONLY); |
123 |
error = PTR_ERR(file); |
error = PTR_ERR(file); |
124 |
if (IS_ERR(file)) |
if (IS_ERR(file)) |
125 |
@@ -1134,6 +1146,25 @@ int do_execve(char * filename, |
@@ -504,6 +513,9 @@ struct file *open_exec(const char *name) |
126 |
struct file *file; |
int err = permission(inode, MAY_EXEC, &nd); |
127 |
int retval; |
if (!err && !(inode->i_mode & 0111)) |
128 |
int i; |
err = -EACCES; |
129 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
130 |
+#ifdef CONFIG_TOMOYO |
+ if (!err && (current->tomoyo_flags & TOMOYO_CHECK_READ_FOR_OPEN_EXEC)) err = CheckOpenPermission(nd.dentry, nd.mnt, 01); /* 01 means "read". */ |
131 |
+ struct domain_info *next_domain = NULL; |
+ /***** TOMOYO Linux end. *****/ |
132 |
+#endif |
file = ERR_PTR(err); |
133 |
+ /***** TOMOYO Linux end. *****/ |
if (!err) { |
134 |
+ |
file = dentry_open(nd.dentry, nd.mnt, O_RDONLY); |
135 |
+ /***** CCS Start. *****/ |
@@ -1191,7 +1203,8 @@ int do_execve(char * filename, |
136 |
+#if defined(CONFIG_SAKURA) || defined(CONFIG_TOMOYO) |
if (retval < 0) |
|
+ extern void CCS_LoadPolicy(const char *filename); |
|
|
+ CCS_LoadPolicy(filename); |
|
|
+#endif |
|
|
+ /***** CCS end. *****/ |
|
|
+ |
|
|
+ /***** SAKURA Linux start. *****/ |
|
|
+#ifdef CONFIG_SAKURA_DROP_CAPABILITY_API |
|
|
+ if (strcmp(filename, "\\\\disable") == 0) return DropTaskCapability(argv); |
|
|
+ if (CheckTaskCapability(SAKURA_DISABLE_EXECVE) < 0) return -EPERM; |
|
|
+#endif |
|
|
+ /***** SAKURA Linux end. *****/ |
|
|
|
|
|
retval = -ENOMEM; |
|
|
bprm = kmalloc(sizeof(*bprm), GFP_KERNEL); |
|
|
@@ -1146,6 +1177,15 @@ int do_execve(char * filename, |
|
|
if (IS_ERR(file)) |
|
|
goto out_kfree; |
|
|
|
|
|
+ /***** TOMOYO Linux start. *****/ |
|
|
+#ifdef CONFIG_TOMOYO |
|
|
+ retval = FindNextDomain(filename, file, &next_domain, argv); |
|
|
+ if (retval < 0) { |
|
|
+ allow_write_access(file); fput(file); goto out_kfree; |
|
|
+ } |
|
|
+#endif |
|
|
+ /***** TOMOYO Linux end. *****/ |
|
|
+ |
|
|
sched_exec(); |
|
|
|
|
|
bprm->p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *); |
|
|
@@ -1192,6 +1232,19 @@ int do_execve(char * filename, |
|
137 |
goto out; |
goto out; |
138 |
|
|
139 |
retval = search_binary_handler(bprm,regs); |
- retval = search_binary_handler(bprm,regs); |
140 |
+ |
+ retval = search_binary_handler_with_transition(bprm,regs); |
|
+ /***** TOMOYO Linux start. *****/ |
|
|
+#ifdef CONFIG_TOMOYO |
|
|
+ if (retval >= 0) current->domain_info = next_domain; |
|
|
+#endif |
|
|
+ /***** TOMOYO Linux end. *****/ |
|
|
+ |
|
|
+ /***** SAKURA Linux start. *****/ |
|
|
+#ifdef CONFIG_SAKURA_DROP_CAPABILITY_API |
|
|
+ if (retval >= 0) RestoreTaskCapability(); |
|
|
+#endif |
|
|
+ /***** SAKURA Linux end. *****/ |
|
141 |
+ |
+ |
142 |
if (retval >= 0) { |
if (retval >= 0) { |
143 |
free_arg_pages(bprm); |
free_arg_pages(bprm); |
144 |
|
|
145 |
diff -ubBpEr linux-2.6.12.3-a9-8/fs/fcntl.c linux-2.6.12.3-a9-8-ccs/fs/fcntl.c |
diff -ubBpEr linux-2.6.12.3-a9-8/fs/fcntl.c linux-2.6.12.3-a9-8-ccs/fs/fcntl.c |
146 |
--- linux-2.6.12.3-a9-8/fs/fcntl.c 2006-11-20 15:28:26.265224840 +0900 |
--- linux-2.6.12.3-a9-8/fs/fcntl.c 2005-07-16 06:18:57.000000000 +0900 |
147 |
+++ linux-2.6.12.3-a9-8-ccs/fs/fcntl.c 2006-11-20 15:28:32.155329408 +0900 |
+++ linux-2.6.12.3-a9-8-ccs/fs/fcntl.c 2007-03-05 18:00:01.000000000 +0900 |
148 |
@@ -20,6 +20,9 @@ |
@@ -20,6 +20,9 @@ |
149 |
#include <asm/poll.h> |
#include <asm/poll.h> |
150 |
#include <asm/siginfo.h> |
#include <asm/siginfo.h> |
167 |
if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME)) |
if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME)) |
168 |
if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) |
if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) |
169 |
diff -ubBpEr linux-2.6.12.3-a9-8/fs/ioctl.c linux-2.6.12.3-a9-8-ccs/fs/ioctl.c |
diff -ubBpEr linux-2.6.12.3-a9-8/fs/ioctl.c linux-2.6.12.3-a9-8-ccs/fs/ioctl.c |
170 |
--- linux-2.6.12.3-a9-8/fs/ioctl.c 2006-11-20 15:28:26.265224840 +0900 |
--- linux-2.6.12.3-a9-8/fs/ioctl.c 2005-07-16 06:18:57.000000000 +0900 |
171 |
+++ linux-2.6.12.3-a9-8-ccs/fs/ioctl.c 2006-11-20 15:28:32.156329256 +0900 |
+++ linux-2.6.12.3-a9-8-ccs/fs/ioctl.c 2007-03-05 18:00:01.000000000 +0900 |
172 |
@@ -15,6 +15,9 @@ |
@@ -15,6 +15,9 @@ |
173 |
|
|
174 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
190 |
if (filp->f_op->unlocked_ioctl) { |
if (filp->f_op->unlocked_ioctl) { |
191 |
error = filp->f_op->unlocked_ioctl(filp, cmd, arg); |
error = filp->f_op->unlocked_ioctl(filp, cmd, arg); |
192 |
diff -ubBpEr linux-2.6.12.3-a9-8/fs/namei.c linux-2.6.12.3-a9-8-ccs/fs/namei.c |
diff -ubBpEr linux-2.6.12.3-a9-8/fs/namei.c linux-2.6.12.3-a9-8-ccs/fs/namei.c |
193 |
--- linux-2.6.12.3-a9-8/fs/namei.c 2006-11-20 15:28:26.266224688 +0900 |
--- linux-2.6.12.3-a9-8/fs/namei.c 2005-09-15 23:45:11.000000000 +0900 |
194 |
+++ linux-2.6.12.3-a9-8-ccs/fs/namei.c 2006-11-20 15:28:32.170327128 +0900 |
+++ linux-2.6.12.3-a9-8-ccs/fs/namei.c 2007-03-05 18:00:02.000000000 +0900 |
195 |
@@ -33,6 +33,13 @@ |
@@ -33,6 +33,10 @@ |
196 |
|
|
197 |
#define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE]) |
#define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE]) |
198 |
|
|
|
+/***** SAKURA Linux start. *****/ |
|
|
+#include <linux/sakura.h> |
|
|
+/***** SAKURA Linux end. *****/ |
|
199 |
+/***** TOMOYO Linux start. *****/ |
+/***** TOMOYO Linux start. *****/ |
200 |
+#include <linux/tomoyo.h> |
+#include <linux/tomoyo.h> |
201 |
+/***** TOMOYO Linux end. *****/ |
+/***** TOMOYO Linux end. *****/ |
203 |
/* [Feb-1997 T. Schoebel-Theuer] |
/* [Feb-1997 T. Schoebel-Theuer] |
204 |
* Fundamental changes in the pathname lookup mechanisms (namei) |
* Fundamental changes in the pathname lookup mechanisms (namei) |
205 |
* were necessary because of omirr. The reason is that omirr needs |
* were necessary because of omirr. The reason is that omirr needs |
206 |
@@ -720,6 +727,13 @@ static fastcall int __link_path_walk(con |
@@ -1311,6 +1315,9 @@ int vfs_create(struct inode *dir, struct |
|
int err; |
|
|
unsigned int lookup_flags = nd->flags; |
|
|
|
|
|
+ /***** SAKURA Linux start. *****/ |
|
|
+ if (CheckEUID() < 0) { |
|
|
+ path_release(nd); |
|
|
+ return -EPERM; |
|
|
+ } |
|
|
+ /***** SAKURA Linux end. *****/ |
|
|
+ |
|
|
while (*name=='/') |
|
|
name++; |
|
|
if (!*name) |
|
|
@@ -1311,6 +1325,9 @@ int vfs_create(struct inode *dir, struct |
|
207 |
error = security_inode_create(dir, dentry, mode); |
error = security_inode_create(dir, dentry, mode); |
208 |
if (error) |
if (error) |
209 |
return error; |
return error; |
213 |
DQUOT_INIT(dir); |
DQUOT_INIT(dir); |
214 |
error = dir->i_op->create(dir, dentry, mode, nd); |
error = dir->i_op->create(dir, dentry, mode, nd); |
215 |
if (!error) { |
if (!error) { |
216 |
@@ -1352,7 +1369,7 @@ int may_open(struct nameidata *nd, int a |
@@ -1368,6 +1375,11 @@ int may_open(struct nameidata *nd, int a |
|
|
|
|
flag &= ~O_TRUNC; |
|
|
} else if (IS_RDONLY(inode) && (flag & FMODE_WRITE)) |
|
|
- return -EROFS; |
|
|
+ { ROFS_Log_from_dentry(nd->dentry, nd->mnt, "may_open"); return -EROFS; } /***** ReadOnly Tracer *****/ |
|
|
/* |
|
|
* An append-only file must be opened in append mode for writing. |
|
|
*/ |
|
|
@@ -1368,6 +1385,11 @@ int may_open(struct nameidata *nd, int a |
|
217 |
if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) |
if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) |
218 |
return -EPERM; |
return -EPERM; |
219 |
|
|
225 |
/* |
/* |
226 |
* Ensure there are no outstanding leases on the file. |
* Ensure there are no outstanding leases on the file. |
227 |
*/ |
*/ |
228 |
@@ -1399,6 +1421,9 @@ int may_open(struct nameidata *nd, int a |
@@ -1399,6 +1411,9 @@ int may_open(struct nameidata *nd, int a |
229 |
return 0; |
return 0; |
230 |
} |
} |
231 |
|
|
235 |
/* |
/* |
236 |
* open_namei() |
* open_namei() |
237 |
* |
* |
238 |
@@ -1525,6 +1550,7 @@ exit_dput: |
@@ -1638,6 +1653,12 @@ asmlinkage long sys_mknod(const char __u |
|
if (nd->mnt != path.mnt) |
|
|
mntput(path.mnt); |
|
|
exit: |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd->dentry, nd->mnt, "open_namei"); /***** ReadOnly Tracer *****/ |
|
|
path_release(nd); |
|
|
return error; |
|
|
|
|
|
@@ -1638,6 +1664,12 @@ asmlinkage long sys_mknod(const char __u |
|
239 |
|
|
240 |
if (S_ISDIR(mode)) |
if (S_ISDIR(mode)) |
241 |
return -EPERM; |
return -EPERM; |
248 |
tmp = getname(filename); |
tmp = getname(filename); |
249 |
if (IS_ERR(tmp)) |
if (IS_ERR(tmp)) |
250 |
return PTR_ERR(tmp); |
return PTR_ERR(tmp); |
251 |
@@ -1656,10 +1688,16 @@ asmlinkage long sys_mknod(const char __u |
@@ -1656,10 +1677,16 @@ asmlinkage long sys_mknod(const char __u |
252 |
error = vfs_create(nd.dentry->d_inode,dentry,mode,&nd); |
error = vfs_create(nd.dentry->d_inode,dentry,mode,&nd); |
253 |
break; |
break; |
254 |
case S_IFCHR: case S_IFBLK: |
case S_IFCHR: case S_IFBLK: |
265 |
error = vfs_mknod(nd.dentry->d_inode,dentry,mode,0); |
error = vfs_mknod(nd.dentry->d_inode,dentry,mode,0); |
266 |
break; |
break; |
267 |
case S_IFDIR: |
case S_IFDIR: |
268 |
@@ -1668,6 +1706,7 @@ asmlinkage long sys_mknod(const char __u |
@@ -1721,6 +1748,9 @@ asmlinkage long sys_mkdir(const char __u |
|
default: |
|
|
error = -EINVAL; |
|
|
} |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "sys_mknod"); /***** ReadOnly Tracer *****/ |
|
|
dput(dentry); |
|
|
} |
|
|
up(&nd.dentry->d_inode->i_sem); |
|
|
@@ -1721,7 +1760,11 @@ asmlinkage long sys_mkdir(const char __u |
|
269 |
if (!IS_ERR(dentry)) { |
if (!IS_ERR(dentry)) { |
270 |
if (!IS_POSIXACL(nd.dentry->d_inode)) |
if (!IS_POSIXACL(nd.dentry->d_inode)) |
271 |
mode &= ~current->fs->umask; |
mode &= ~current->fs->umask; |
273 |
+ if ((error = pre_vfs_mkdir(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_MKDIR_ACL, dentry, nd.mnt)) == 0) |
+ if ((error = pre_vfs_mkdir(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_MKDIR_ACL, dentry, nd.mnt)) == 0) |
274 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
275 |
error = vfs_mkdir(nd.dentry->d_inode, dentry, mode); |
error = vfs_mkdir(nd.dentry->d_inode, dentry, mode); |
|
+ if (error == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "sys_mkdir"); /***** ReadOnly Tracer *****/ |
|
276 |
dput(dentry); |
dput(dentry); |
277 |
} |
} |
278 |
up(&nd.dentry->d_inode->i_sem); |
@@ -1825,6 +1855,9 @@ asmlinkage long sys_rmdir(const char __u |
|
@@ -1825,7 +1868,11 @@ asmlinkage long sys_rmdir(const char __u |
|
279 |
dentry = lookup_hash(&nd.last, nd.dentry); |
dentry = lookup_hash(&nd.last, nd.dentry); |
280 |
error = PTR_ERR(dentry); |
error = PTR_ERR(dentry); |
281 |
if (!IS_ERR(dentry)) { |
if (!IS_ERR(dentry)) { |
283 |
+ if ((error = pre_vfs_rmdir(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_RMDIR_ACL, dentry, nd.mnt)) == 0) |
+ if ((error = pre_vfs_rmdir(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_RMDIR_ACL, dentry, nd.mnt)) == 0) |
284 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
285 |
error = vfs_rmdir(nd.dentry->d_inode, dentry); |
error = vfs_rmdir(nd.dentry->d_inode, dentry); |
|
+ if (error == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "sys_rmdir"); /***** ReadOnly Tracer *****/ |
|
286 |
dput(dentry); |
dput(dentry); |
287 |
} |
} |
288 |
up(&nd.dentry->d_inode->i_sem); |
@@ -1879,6 +1912,9 @@ asmlinkage long sys_unlink(const char __ |
|
@@ -1879,6 +1926,9 @@ asmlinkage long sys_unlink(const char __ |
|
289 |
struct dentry *dentry; |
struct dentry *dentry; |
290 |
struct nameidata nd; |
struct nameidata nd; |
291 |
struct inode *inode = NULL; |
struct inode *inode = NULL; |
295 |
|
|
296 |
name = getname(pathname); |
name = getname(pathname); |
297 |
if(IS_ERR(name)) |
if(IS_ERR(name)) |
298 |
@@ -1900,7 +1950,11 @@ asmlinkage long sys_unlink(const char __ |
@@ -1900,6 +1936,9 @@ asmlinkage long sys_unlink(const char __ |
299 |
inode = dentry->d_inode; |
inode = dentry->d_inode; |
300 |
if (inode) |
if (inode) |
301 |
atomic_inc(&inode->i_count); |
atomic_inc(&inode->i_count); |
303 |
+ if ((error = pre_vfs_unlink(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_UNLINK_ACL, dentry, nd.mnt)) == 0) |
+ if ((error = pre_vfs_unlink(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_UNLINK_ACL, dentry, nd.mnt)) == 0) |
304 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
305 |
error = vfs_unlink(nd.dentry->d_inode, dentry); |
error = vfs_unlink(nd.dentry->d_inode, dentry); |
|
+ if (error == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "sys_unlink"); /***** ReadOnly Tracer *****/ |
|
306 |
exit2: |
exit2: |
307 |
dput(dentry); |
dput(dentry); |
308 |
} |
@@ -1947,6 +1986,9 @@ asmlinkage long sys_symlink(const char _ |
|
@@ -1947,6 +2001,9 @@ asmlinkage long sys_symlink(const char _ |
|
309 |
int error = 0; |
int error = 0; |
310 |
char * from; |
char * from; |
311 |
char * to; |
char * to; |
315 |
|
|
316 |
from = getname(oldname); |
from = getname(oldname); |
317 |
if(IS_ERR(from)) |
if(IS_ERR(from)) |
318 |
@@ -1963,7 +2020,11 @@ asmlinkage long sys_symlink(const char _ |
@@ -1963,6 +2005,9 @@ asmlinkage long sys_symlink(const char _ |
319 |
dentry = lookup_create(&nd, 0); |
dentry = lookup_create(&nd, 0); |
320 |
error = PTR_ERR(dentry); |
error = PTR_ERR(dentry); |
321 |
if (!IS_ERR(dentry)) { |
if (!IS_ERR(dentry)) { |
323 |
+ if ((error = pre_vfs_symlink(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_SYMLINK_ACL, dentry, nd.mnt)) == 0) |
+ if ((error = pre_vfs_symlink(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_SYMLINK_ACL, dentry, nd.mnt)) == 0) |
324 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
325 |
error = vfs_symlink(nd.dentry->d_inode, dentry, from, S_IALLUGO); |
error = vfs_symlink(nd.dentry->d_inode, dentry, from, S_IALLUGO); |
|
+ if (error == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "vfs_symlink"); /***** ReadOnly Tracer *****/ |
|
326 |
dput(dentry); |
dput(dentry); |
327 |
} |
} |
328 |
up(&nd.dentry->d_inode->i_sem); |
@@ -2030,6 +2075,9 @@ asmlinkage long sys_link(const char __us |
|
@@ -2030,6 +2091,9 @@ asmlinkage long sys_link(const char __us |
|
329 |
struct nameidata nd, old_nd; |
struct nameidata nd, old_nd; |
330 |
int error; |
int error; |
331 |
char * to; |
char * to; |
335 |
|
|
336 |
to = getname(newname); |
to = getname(newname); |
337 |
if (IS_ERR(to)) |
if (IS_ERR(to)) |
338 |
@@ -2047,7 +2111,11 @@ asmlinkage long sys_link(const char __us |
@@ -2047,6 +2095,9 @@ asmlinkage long sys_link(const char __us |
339 |
new_dentry = lookup_create(&nd, 0); |
new_dentry = lookup_create(&nd, 0); |
340 |
error = PTR_ERR(new_dentry); |
error = PTR_ERR(new_dentry); |
341 |
if (!IS_ERR(new_dentry)) { |
if (!IS_ERR(new_dentry)) { |
343 |
+ if ((error = pre_vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry)) == 0 && (error = CheckDoubleWritePermission(TYPE_LINK_ACL, old_nd.dentry, old_nd.mnt, new_dentry, nd.mnt)) == 0) |
+ if ((error = pre_vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry)) == 0 && (error = CheckDoubleWritePermission(TYPE_LINK_ACL, old_nd.dentry, old_nd.mnt, new_dentry, nd.mnt)) == 0) |
344 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
345 |
error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry); |
error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry); |
|
+ if (error == -EROFS) ROFS_Log_from_dentry(new_dentry, nd.mnt, "vfs_link"); /***** ReadOnly Tracer *****/ |
|
346 |
dput(new_dentry); |
dput(new_dentry); |
347 |
} |
} |
348 |
up(&nd.dentry->d_inode->i_sem); |
@@ -2269,6 +2320,13 @@ static inline int do_rename(const char * |
|
@@ -2269,6 +2337,13 @@ static inline int do_rename(const char * |
|
349 |
if (new_dentry == trap) |
if (new_dentry == trap) |
350 |
goto exit5; |
goto exit5; |
351 |
|
|
359 |
error = vfs_rename(old_dir->d_inode, old_dentry, |
error = vfs_rename(old_dir->d_inode, old_dentry, |
360 |
new_dir->d_inode, new_dentry); |
new_dir->d_inode, new_dentry); |
361 |
exit5: |
exit5: |
362 |
@@ -2282,6 +2357,7 @@ exit2: |
@@ -2290,6 +2348,9 @@ asmlinkage long sys_rename(const char __ |
|
exit1: |
|
|
path_release(&oldnd); |
|
|
exit: |
|
|
+ if (error == -EROFS) ROFS_Log(oldname, "do_rename"); /***** ReadOnly Tracer *****/ |
|
|
return error; |
|
|
} |
|
|
|
|
|
@@ -2290,6 +2366,9 @@ asmlinkage long sys_rename(const char __ |
|
363 |
int error; |
int error; |
364 |
char * from; |
char * from; |
365 |
char * to; |
char * to; |
370 |
from = getname(oldname); |
from = getname(oldname); |
371 |
if(IS_ERR(from)) |
if(IS_ERR(from)) |
372 |
diff -ubBpEr linux-2.6.12.3-a9-8/fs/namespace.c linux-2.6.12.3-a9-8-ccs/fs/namespace.c |
diff -ubBpEr linux-2.6.12.3-a9-8/fs/namespace.c linux-2.6.12.3-a9-8-ccs/fs/namespace.c |
373 |
--- linux-2.6.12.3-a9-8/fs/namespace.c 2006-11-20 15:28:26.267224536 +0900 |
--- linux-2.6.12.3-a9-8/fs/namespace.c 2005-07-16 06:18:57.000000000 +0900 |
374 |
+++ linux-2.6.12.3-a9-8-ccs/fs/namespace.c 2006-11-20 15:28:32.174326520 +0900 |
+++ linux-2.6.12.3-a9-8-ccs/fs/namespace.c 2007-03-05 18:00:02.000000000 +0900 |
375 |
@@ -24,6 +24,12 @@ |
@@ -24,6 +24,12 @@ |
376 |
#include <linux/mount.h> |
#include <linux/mount.h> |
377 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
412 |
if (check_mnt(nd->mnt) && (!recurse || check_mnt(old_nd.mnt))) { |
if (check_mnt(nd->mnt) && (!recurse || check_mnt(old_nd.mnt))) { |
413 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
414 |
+ err = -EPERM; |
+ err = -EPERM; |
415 |
+ if (SAKURA_MayMount(nd) < 0 || CheckTaskCapability(SAKURA_DISABLE_MOUNT) < 0) goto out; |
+ if (SAKURA_MayMount(nd) < 0) goto out; |
416 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
417 |
err = -ENOMEM; |
err = -ENOMEM; |
418 |
if (recurse) |
if (recurse) |
435 |
- |
- |
436 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
437 |
+ err = -EPERM; |
+ err = -EPERM; |
438 |
+ if (SAKURA_MayUmount(old_nd.mnt) < 0 || SAKURA_MayMount(nd) < 0 || CheckTaskCapability(SAKURA_DISABLE_MOUNT) < 0) goto out; |
+ if (SAKURA_MayUmount(old_nd.mnt) < 0 || SAKURA_MayMount(nd) < 0) goto out; |
439 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
440 |
err = -ENOENT; |
err = -ENOENT; |
441 |
down(&nd->dentry->d_inode->i_sem); |
down(&nd->dentry->d_inode->i_sem); |
446 |
goto unlock; |
goto unlock; |
447 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
448 |
+ err = -EPERM; |
+ err = -EPERM; |
449 |
+ if (SAKURA_MayMount(nd) < 0 || CheckTaskCapability(SAKURA_DISABLE_MOUNT) < 0) goto unlock; |
+ if (SAKURA_MayMount(nd) < 0) goto unlock; |
450 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
451 |
|
|
452 |
newmnt->mnt_flags = mnt_flags; |
newmnt->mnt_flags = mnt_flags; |
453 |
err = graft_tree(newmnt, nd); |
err = graft_tree(newmnt, nd); |
454 |
@@ -1154,6 +1180,9 @@ asmlinkage long sys_mount(char __user * |
@@ -1026,6 +1052,13 @@ long do_mount(char * dev_name, char * di |
455 |
unsigned long type_page; |
if (data_page) |
456 |
unsigned long dev_page; |
((char *)data_page)[PAGE_SIZE - 1] = 0; |
457 |
char *dir_page; |
|
458 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
459 |
+ if (CheckCapabilityACL(TOMOYO_SYS_MOUNT)) return -EPERM; |
+ if (CheckCapabilityACL(TOMOYO_SYS_MOUNT)) return -EPERM; |
460 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
|
|
|
|
retval = copy_mount_options (type, &type_page); |
|
|
if (retval < 0) |
|
|
@@ -1172,6 +1201,15 @@ asmlinkage long sys_mount(char __user * |
|
|
if (retval < 0) |
|
|
goto out3; |
|
|
|
|
461 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
462 |
+ retval = -EPERM; |
+ if (CheckMountPermission(dev_name, dir_name, type_page, &flags)) return -EPERM; |
|
+ if (CheckMountPermission((char *) dev_page, dir_page, (char *) type_page, &flags) < 0 || |
|
|
+ CheckTaskCapability(SAKURA_DISABLE_MOUNT) < 0) { |
|
|
+ free_page(data_page); |
|
|
+ goto out3; |
|
|
+ } |
|
463 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
464 |
+ |
+ |
465 |
lock_kernel(); |
/* Separate the per-mountpoint flags */ |
466 |
retval = do_mount((char*)dev_page, dir_page, (char*)type_page, |
if (flags & MS_NOSUID) |
467 |
flags, (void*)data_page); |
mnt_flags |= MNT_NOSUID; |
468 |
@@ -1285,6 +1323,10 @@ asmlinkage long sys_pivot_root(const cha |
@@ -1285,6 +1318,10 @@ asmlinkage long sys_pivot_root(const cha |
469 |
if (!capable(CAP_SYS_ADMIN)) |
if (!capable(CAP_SYS_ADMIN)) |
470 |
return -EPERM; |
return -EPERM; |
471 |
|
|
472 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
473 |
+ if (CheckPivotRootPermission() < 0 || CheckTaskCapability(SAKURA_DISABLE_PIVOTROOT) < 0) return -EPERM; |
+ if (CheckPivotRootPermission() < 0) return -EPERM; |
474 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
475 |
+ |
+ |
476 |
lock_kernel(); |
lock_kernel(); |
477 |
|
|
478 |
error = __user_walk(new_root, LOOKUP_FOLLOW|LOOKUP_DIRECTORY, &new_nd); |
error = __user_walk(new_root, LOOKUP_FOLLOW|LOOKUP_DIRECTORY, &new_nd); |
479 |
diff -ubBpEr linux-2.6.12.3-a9-8/fs/open.c linux-2.6.12.3-a9-8-ccs/fs/open.c |
diff -ubBpEr linux-2.6.12.3-a9-8/fs/open.c linux-2.6.12.3-a9-8-ccs/fs/open.c |
480 |
--- linux-2.6.12.3-a9-8/fs/open.c 2006-11-20 15:28:26.268224384 +0900 |
--- linux-2.6.12.3-a9-8/fs/open.c 2005-07-16 06:18:57.000000000 +0900 |
481 |
+++ linux-2.6.12.3-a9-8-ccs/fs/open.c 2006-11-20 15:28:32.176326216 +0900 |
+++ linux-2.6.12.3-a9-8-ccs/fs/open.c 2007-03-05 18:12:31.000000000 +0900 |
482 |
@@ -26,6 +26,13 @@ |
@@ -26,6 +26,13 @@ |
483 |
|
|
484 |
#include <asm/unistd.h> |
#include <asm/unistd.h> |
503 |
error = locks_verify_truncate(inode, NULL, length); |
error = locks_verify_truncate(inode, NULL, length); |
504 |
if (!error) { |
if (!error) { |
505 |
DQUOT_INIT(inode); |
DQUOT_INIT(inode); |
506 |
@@ -265,6 +275,7 @@ static inline long do_sys_truncate(const |
@@ -310,6 +320,9 @@ static inline long do_sys_ftruncate(unsi |
|
put_write_access(inode); |
|
|
|
|
|
dput_and_out: |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "do_sys_truncate"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
out: |
|
|
return error; |
|
|
@@ -310,10 +321,14 @@ static inline long do_sys_ftruncate(unsi |
|
507 |
if (IS_APPEND(inode)) |
if (IS_APPEND(inode)) |
508 |
goto out_putf; |
goto out_putf; |
509 |
|
|
513 |
error = locks_verify_truncate(inode, file, length); |
error = locks_verify_truncate(inode, file, length); |
514 |
if (!error) |
if (!error) |
515 |
error = do_truncate(dentry, length); |
error = do_truncate(dentry, length); |
516 |
out_putf: |
@@ -570,6 +583,9 @@ asmlinkage long sys_chroot(const char __ |
|
+ if (error == -EROFS) ROFS_Log_from_dentry(file->f_dentry, file->f_vfsmnt, "do_sys_ftruncate"); /***** ReadOnly Tracer *****/ |
|
|
fput(file); |
|
|
out: |
|
|
return error; |
|
|
@@ -395,6 +410,7 @@ asmlinkage long sys_utime(char __user * |
|
|
error = notify_change(nd.dentry, &newattrs); |
|
|
up(&inode->i_sem); |
|
|
dput_and_out: |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_utime"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
out: |
|
|
return error; |
|
|
@@ -448,6 +464,7 @@ long do_utimes(char __user * filename, s |
|
|
error = notify_change(nd.dentry, &newattrs); |
|
|
up(&inode->i_sem); |
|
|
dput_and_out: |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_utimes"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
out: |
|
|
return error; |
|
|
@@ -505,6 +522,9 @@ asmlinkage long sys_access(const char __ |
|
|
if(!res && (mode & S_IWOTH) && IS_RDONLY(nd.dentry->d_inode) |
|
|
&& !special_file(nd.dentry->d_inode->i_mode)) |
|
|
res = -EROFS; |
|
|
+#if 0 |
|
|
+ if (res == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_access"); /***** ReadOnly Tracer *****/ |
|
|
+#endif |
|
|
path_release(&nd); |
|
|
} |
|
|
|
|
|
@@ -570,6 +590,9 @@ asmlinkage long sys_chroot(const char __ |
|
517 |
{ |
{ |
518 |
struct nameidata nd; |
struct nameidata nd; |
519 |
int error; |
int error; |
523 |
|
|
524 |
error = __user_walk(filename, LOOKUP_FOLLOW | LOOKUP_DIRECTORY | LOOKUP_NOALT, &nd); |
error = __user_walk(filename, LOOKUP_FOLLOW | LOOKUP_DIRECTORY | LOOKUP_NOALT, &nd); |
525 |
if (error) |
if (error) |
526 |
@@ -583,6 +606,19 @@ asmlinkage long sys_chroot(const char __ |
@@ -583,6 +599,19 @@ asmlinkage long sys_chroot(const char __ |
527 |
if (!capable(CAP_SYS_CHROOT)) |
if (!capable(CAP_SYS_CHROOT)) |
528 |
goto dput_and_out; |
goto dput_and_out; |
529 |
|
|
531 |
+ { |
+ { |
532 |
+ char *name = getname(filename); |
+ char *name = getname(filename); |
533 |
+ if (!IS_ERR(name)) { |
+ if (!IS_ERR(name)) { |
534 |
+ error = CheckChRootPermission(name) | CheckTaskCapability(SAKURA_DISABLE_CHROOT); |
+ error = CheckChRootPermission(name); |
535 |
+ putname(name); |
+ putname(name); |
536 |
+ } else { |
+ } else { |
537 |
+ error = PTR_ERR(name); |
+ error = PTR_ERR(name); |
543 |
set_fs_root(current->fs, nd.mnt, nd.dentry); |
set_fs_root(current->fs, nd.mnt, nd.dentry); |
544 |
set_fs_altroot(); |
set_fs_altroot(); |
545 |
error = 0; |
error = 0; |
546 |
@@ -622,6 +658,7 @@ asmlinkage long sys_fchmod(unsigned int |
@@ -1041,6 +1070,9 @@ EXPORT_SYMBOL(sys_close); |
|
up(&inode->i_sem); |
|
|
|
|
|
out_putf: |
|
|
+ if (err == -EROFS) ROFS_Log_from_dentry(file->f_dentry, file->f_vfsmnt, "sys_fchmod"); /***** ReadOnly Tracer *****/ |
|
|
fput(file); |
|
|
out: |
|
|
return err; |
|
|
@@ -656,6 +693,7 @@ asmlinkage long sys_chmod(const char __u |
|
|
up(&inode->i_sem); |
|
|
|
|
|
dput_and_out: |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_chmod"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
out: |
|
|
return error; |
|
|
@@ -704,6 +742,7 @@ asmlinkage long sys_chown(const char __u |
|
|
error = user_path_walk(filename, &nd); |
|
|
if (!error) { |
|
|
error = chown_common(nd.dentry, user, group); |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_chown"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
} |
|
|
return error; |
|
|
@@ -717,6 +756,7 @@ asmlinkage long sys_lchown(const char __ |
|
|
error = user_path_walk_link(filename, &nd); |
|
|
if (!error) { |
|
|
error = chown_common(nd.dentry, user, group); |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_lchown"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
} |
|
|
return error; |
|
|
@@ -731,6 +771,7 @@ asmlinkage long sys_fchown(unsigned int |
|
|
file = fget(fd); |
|
|
if (file) { |
|
|
error = chown_common(file->f_dentry, user, group); |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(file->f_dentry, file->f_vfsmnt, "sys_fchown"); /***** ReadOnly Tracer *****/ |
|
|
fput(file); |
|
|
} |
|
|
return error; |
|
|
@@ -1041,6 +1082,9 @@ EXPORT_SYMBOL(sys_close); |
|
547 |
*/ |
*/ |
548 |
asmlinkage long sys_vhangup(void) |
asmlinkage long sys_vhangup(void) |
549 |
{ |
{ |
554 |
tty_vhangup(current->signal->tty); |
tty_vhangup(current->signal->tty); |
555 |
return 0; |
return 0; |
556 |
diff -ubBpEr linux-2.6.12.3-a9-8/fs/proc/Makefile linux-2.6.12.3-a9-8-ccs/fs/proc/Makefile |
diff -ubBpEr linux-2.6.12.3-a9-8/fs/proc/Makefile linux-2.6.12.3-a9-8-ccs/fs/proc/Makefile |
557 |
--- linux-2.6.12.3-a9-8/fs/proc/Makefile 2006-11-20 15:28:26.268224384 +0900 |
--- linux-2.6.12.3-a9-8/fs/proc/Makefile 2005-07-16 06:18:57.000000000 +0900 |
558 |
+++ linux-2.6.12.3-a9-8-ccs/fs/proc/Makefile 2006-11-20 15:28:32.177326064 +0900 |
+++ linux-2.6.12.3-a9-8-ccs/fs/proc/Makefile 2006-11-20 15:28:32.000000000 +0900 |
559 |
@@ -12,3 +12,6 @@ proc-y += inode.o root.o base.o ge |
@@ -12,3 +12,6 @@ proc-y += inode.o root.o base.o ge |
560 |
|
|
561 |
proc-$(CONFIG_PROC_KCORE) += kcore.o |
proc-$(CONFIG_PROC_KCORE) += kcore.o |
564 |
+proc-$(CONFIG_SAKURA) += ccs_proc.o |
+proc-$(CONFIG_SAKURA) += ccs_proc.o |
565 |
+proc-$(CONFIG_TOMOYO) += ccs_proc.o |
+proc-$(CONFIG_TOMOYO) += ccs_proc.o |
566 |
diff -ubBpEr linux-2.6.12.3-a9-8/fs/proc/proc_misc.c linux-2.6.12.3-a9-8-ccs/fs/proc/proc_misc.c |
diff -ubBpEr linux-2.6.12.3-a9-8/fs/proc/proc_misc.c linux-2.6.12.3-a9-8-ccs/fs/proc/proc_misc.c |
567 |
--- linux-2.6.12.3-a9-8/fs/proc/proc_misc.c 2006-11-20 15:28:26.269224232 +0900 |
--- linux-2.6.12.3-a9-8/fs/proc/proc_misc.c 2005-07-16 06:18:57.000000000 +0900 |
568 |
+++ linux-2.6.12.3-a9-8-ccs/fs/proc/proc_misc.c 2006-11-20 15:29:40.957869832 +0900 |
+++ linux-2.6.12.3-a9-8-ccs/fs/proc/proc_misc.c 2007-03-06 11:27:56.000000000 +0900 |
569 |
@@ -617,4 +617,13 @@ void __init proc_misc_init(void) |
@@ -617,4 +617,13 @@ void __init proc_misc_init(void) |
570 |
entry->proc_fops = &ppc_htab_operations; |
entry->proc_fops = &ppc_htab_operations; |
571 |
} |
} |
575 |
+ { |
+ { |
576 |
+ extern void __init CCSProc_Init(void); |
+ extern void __init CCSProc_Init(void); |
577 |
+ CCSProc_Init(); |
+ CCSProc_Init(); |
578 |
+ printk("Hook version: 2.6.12.3-a9-8 2006/11/20\n"); |
+ printk("Hook version: 2.6.12.3-a9-8 2007/03/06\n"); |
579 |
+ } |
+ } |
580 |
+#endif |
+#endif |
581 |
+ /***** CCS end. *****/ |
+ /***** CCS end. *****/ |
582 |
} |
} |
583 |
diff -ubBpEr linux-2.6.12.3-a9-8/include/linux/init_task.h linux-2.6.12.3-a9-8-ccs/include/linux/init_task.h |
diff -ubBpEr linux-2.6.12.3-a9-8/include/linux/init_task.h linux-2.6.12.3-a9-8-ccs/include/linux/init_task.h |
584 |
--- linux-2.6.12.3-a9-8/include/linux/init_task.h 2006-11-20 15:28:26.270224080 +0900 |
--- linux-2.6.12.3-a9-8/include/linux/init_task.h 2005-07-16 06:18:57.000000000 +0900 |
585 |
+++ linux-2.6.12.3-a9-8-ccs/include/linux/init_task.h 2006-11-20 15:28:32.179325760 +0900 |
+++ linux-2.6.12.3-a9-8-ccs/include/linux/init_task.h 2007-03-05 17:56:29.000000000 +0900 |
586 |
@@ -111,6 +111,12 @@ extern struct group_info init_groups; |
@@ -111,6 +111,10 @@ extern struct group_info init_groups; |
587 |
.switch_lock = SPIN_LOCK_UNLOCKED, \ |
.switch_lock = SPIN_LOCK_UNLOCKED, \ |
588 |
.journal_info = NULL, \ |
.journal_info = NULL, \ |
589 |
.cpu_timers = INIT_CPU_TIMERS(tsk.cpu_timers), \ |
.cpu_timers = INIT_CPU_TIMERS(tsk.cpu_timers), \ |
590 |
+ /***** TOMOYO Linux start. *****/ \ |
+ /***** TOMOYO Linux start. *****/ \ |
591 |
+ .domain_info = &KERNEL_DOMAIN, \ |
+ .domain_info = &KERNEL_DOMAIN, \ |
592 |
|
+ .tomoyo_flags = 0, \ |
593 |
+ /***** TOMOYO Linux end. *****/ \ |
+ /***** TOMOYO Linux end. *****/ \ |
|
+ /***** SAKURA Linux start. *****/ \ |
|
|
+ .dropped_capability = 0, \ |
|
|
+ /***** SAKURA Linux end. *****/ \ |
|
594 |
} |
} |
595 |
|
|
596 |
|
|
597 |
diff -ubBpEr linux-2.6.12.3-a9-8/include/linux/sched.h linux-2.6.12.3-a9-8-ccs/include/linux/sched.h |
diff -ubBpEr linux-2.6.12.3-a9-8/include/linux/sched.h linux-2.6.12.3-a9-8-ccs/include/linux/sched.h |
598 |
--- linux-2.6.12.3-a9-8/include/linux/sched.h 2006-11-20 15:28:26.270224080 +0900 |
--- linux-2.6.12.3-a9-8/include/linux/sched.h 2005-07-16 06:18:57.000000000 +0900 |
599 |
+++ linux-2.6.12.3-a9-8-ccs/include/linux/sched.h 2006-11-20 15:28:32.181325456 +0900 |
+++ linux-2.6.12.3-a9-8-ccs/include/linux/sched.h 2007-03-05 17:56:18.000000000 +0900 |
600 |
@@ -37,6 +37,11 @@ |
@@ -37,6 +37,11 @@ |
601 |
|
|
602 |
struct exec_domain; |
struct exec_domain; |
609 |
/* |
/* |
610 |
* cloning flags: |
* cloning flags: |
611 |
*/ |
*/ |
612 |
@@ -740,6 +745,12 @@ struct task_struct { |
@@ -740,6 +745,10 @@ struct task_struct { |
613 |
nodemask_t mems_allowed; |
nodemask_t mems_allowed; |
614 |
int cpuset_mems_generation; |
int cpuset_mems_generation; |
615 |
#endif |
#endif |
616 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
617 |
+ struct domain_info *domain_info; |
+ struct domain_info *domain_info; |
618 |
|
+ unsigned int tomoyo_flags; |
619 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
|
+ /***** SAKURA Linux start. *****/ |
|
|
+ unsigned int dropped_capability; |
|
|
+ /***** SAKURA Linux end. *****/ |
|
620 |
}; |
}; |
621 |
|
|
622 |
static inline pid_t process_group(struct task_struct *tsk) |
static inline pid_t process_group(struct task_struct *tsk) |
623 |
diff -ubBpEr linux-2.6.12.3-a9-8/kernel/kmod.c linux-2.6.12.3-a9-8-ccs/kernel/kmod.c |
diff -ubBpEr linux-2.6.12.3-a9-8/kernel/kmod.c linux-2.6.12.3-a9-8-ccs/kernel/kmod.c |
624 |
--- linux-2.6.12.3-a9-8/kernel/kmod.c 2006-11-20 15:28:26.271223928 +0900 |
--- linux-2.6.12.3-a9-8/kernel/kmod.c 2005-07-16 06:18:57.000000000 +0900 |
625 |
+++ linux-2.6.12.3-a9-8-ccs/kernel/kmod.c 2006-11-20 15:28:32.183325152 +0900 |
+++ linux-2.6.12.3-a9-8-ccs/kernel/kmod.c 2007-03-05 17:56:37.000000000 +0900 |
626 |
@@ -143,6 +143,13 @@ static int ____call_usermodehelper(void |
@@ -143,6 +143,11 @@ static int ____call_usermodehelper(void |
627 |
/* We can run anywhere, unlike our parent keventd(). */ |
/* We can run anywhere, unlike our parent keventd(). */ |
628 |
set_cpus_allowed(current, CPU_MASK_ALL); |
set_cpus_allowed(current, CPU_MASK_ALL); |
629 |
|
|
630 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
631 |
+ current->domain_info = &KERNEL_DOMAIN; |
+ current->domain_info = &KERNEL_DOMAIN; |
632 |
|
+ current->tomoyo_flags = 0; |
633 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
|
+ /***** SAKURA Linux start. *****/ |
|
|
+ current->dropped_capability = 0; |
|
|
+ /***** SAKURA Linux end. *****/ |
|
634 |
+ |
+ |
635 |
retval = -EPERM; |
retval = -EPERM; |
636 |
if (current->fs->root) |
if (current->fs->root) |
637 |
retval = execve(sub_info->path, sub_info->argv,sub_info->envp); |
retval = execve(sub_info->path, sub_info->argv,sub_info->envp); |
638 |
diff -ubBpEr linux-2.6.12.3-a9-8/kernel/module.c linux-2.6.12.3-a9-8-ccs/kernel/module.c |
diff -ubBpEr linux-2.6.12.3-a9-8/kernel/module.c linux-2.6.12.3-a9-8-ccs/kernel/module.c |
639 |
--- linux-2.6.12.3-a9-8/kernel/module.c 2006-11-20 15:28:26.272223776 +0900 |
--- linux-2.6.12.3-a9-8/kernel/module.c 2005-07-16 06:18:57.000000000 +0900 |
640 |
+++ linux-2.6.12.3-a9-8-ccs/kernel/module.c 2006-11-20 15:28:32.185324848 +0900 |
+++ linux-2.6.12.3-a9-8-ccs/kernel/module.c 2006-11-20 15:28:32.000000000 +0900 |
641 |
@@ -38,6 +38,9 @@ |
@@ -38,6 +38,9 @@ |
642 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
643 |
#include <asm/semaphore.h> |
#include <asm/semaphore.h> |
671 |
if (down_interruptible(&module_mutex) != 0) |
if (down_interruptible(&module_mutex) != 0) |
672 |
return -EINTR; |
return -EINTR; |
673 |
diff -ubBpEr linux-2.6.12.3-a9-8/kernel/sched.c linux-2.6.12.3-a9-8-ccs/kernel/sched.c |
diff -ubBpEr linux-2.6.12.3-a9-8/kernel/sched.c linux-2.6.12.3-a9-8-ccs/kernel/sched.c |
674 |
--- linux-2.6.12.3-a9-8/kernel/sched.c 2006-11-20 15:28:26.274223472 +0900 |
--- linux-2.6.12.3-a9-8/kernel/sched.c 2005-07-16 06:18:57.000000000 +0900 |
675 |
+++ linux-2.6.12.3-a9-8-ccs/kernel/sched.c 2006-11-20 15:28:32.188324392 +0900 |
+++ linux-2.6.12.3-a9-8-ccs/kernel/sched.c 2006-11-20 15:28:32.000000000 +0900 |
676 |
@@ -50,6 +50,9 @@ |
@@ -50,6 +50,9 @@ |
677 |
#include <asm/tlb.h> |
#include <asm/tlb.h> |
678 |
|
|
694 |
/* |
/* |
695 |
* Setpriority might change our priority at the same moment. |
* Setpriority might change our priority at the same moment. |
696 |
diff -ubBpEr linux-2.6.12.3-a9-8/kernel/signal.c linux-2.6.12.3-a9-8-ccs/kernel/signal.c |
diff -ubBpEr linux-2.6.12.3-a9-8/kernel/signal.c linux-2.6.12.3-a9-8-ccs/kernel/signal.c |
697 |
--- linux-2.6.12.3-a9-8/kernel/signal.c 2006-11-20 15:28:26.276223168 +0900 |
--- linux-2.6.12.3-a9-8/kernel/signal.c 2005-07-16 06:18:57.000000000 +0900 |
698 |
+++ linux-2.6.12.3-a9-8-ccs/kernel/signal.c 2006-11-20 15:28:32.191323936 +0900 |
+++ linux-2.6.12.3-a9-8-ccs/kernel/signal.c 2006-11-20 15:28:32.000000000 +0900 |
699 |
@@ -28,6 +28,9 @@ |
@@ -28,6 +28,9 @@ |
700 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
701 |
#include <asm/unistd.h> |
#include <asm/unistd.h> |
741 |
info.si_errno = 0; |
info.si_errno = 0; |
742 |
info.si_code = SI_TKILL; |
info.si_code = SI_TKILL; |
743 |
diff -ubBpEr linux-2.6.12.3-a9-8/kernel/sys.c linux-2.6.12.3-a9-8-ccs/kernel/sys.c |
diff -ubBpEr linux-2.6.12.3-a9-8/kernel/sys.c linux-2.6.12.3-a9-8-ccs/kernel/sys.c |
744 |
--- linux-2.6.12.3-a9-8/kernel/sys.c 2006-11-20 15:28:26.278222864 +0900 |
--- linux-2.6.12.3-a9-8/kernel/sys.c 2005-07-16 06:18:57.000000000 +0900 |
745 |
+++ linux-2.6.12.3-a9-8-ccs/kernel/sys.c 2006-11-20 15:28:32.194323480 +0900 |
+++ linux-2.6.12.3-a9-8-ccs/kernel/sys.c 2006-11-20 15:28:32.000000000 +0900 |
746 |
@@ -33,6 +33,9 @@ |
@@ -33,6 +33,9 @@ |
747 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
748 |
#include <asm/io.h> |
#include <asm/io.h> |
794 |
down_write(&uts_sem); |
down_write(&uts_sem); |
795 |
errno = -EFAULT; |
errno = -EFAULT; |
796 |
diff -ubBpEr linux-2.6.12.3-a9-8/kernel/sysctl.c linux-2.6.12.3-a9-8-ccs/kernel/sysctl.c |
diff -ubBpEr linux-2.6.12.3-a9-8/kernel/sysctl.c linux-2.6.12.3-a9-8-ccs/kernel/sysctl.c |
797 |
--- linux-2.6.12.3-a9-8/kernel/sysctl.c 2006-11-20 15:28:26.278222864 +0900 |
--- linux-2.6.12.3-a9-8/kernel/sysctl.c 2005-07-16 06:18:57.000000000 +0900 |
798 |
+++ linux-2.6.12.3-a9-8-ccs/kernel/sysctl.c 2006-11-20 15:28:32.197323024 +0900 |
+++ linux-2.6.12.3-a9-8-ccs/kernel/sysctl.c 2006-11-20 15:28:32.000000000 +0900 |
799 |
@@ -44,6 +44,9 @@ |
@@ -44,6 +44,9 @@ |
800 |
|
|
801 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
930 |
|
|
931 |
/* |
/* |
932 |
diff -ubBpEr linux-2.6.12.3-a9-8/kernel/time.c linux-2.6.12.3-a9-8-ccs/kernel/time.c |
diff -ubBpEr linux-2.6.12.3-a9-8/kernel/time.c linux-2.6.12.3-a9-8-ccs/kernel/time.c |
933 |
--- linux-2.6.12.3-a9-8/kernel/time.c 2006-11-20 15:28:26.279222712 +0900 |
--- linux-2.6.12.3-a9-8/kernel/time.c 2005-07-16 06:18:57.000000000 +0900 |
934 |
+++ linux-2.6.12.3-a9-8-ccs/kernel/time.c 2006-11-20 15:28:32.199322720 +0900 |
+++ linux-2.6.12.3-a9-8-ccs/kernel/time.c 2006-11-20 15:28:32.000000000 +0900 |
935 |
@@ -38,6 +38,9 @@ |
@@ -38,6 +38,9 @@ |
936 |
|
|
937 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
973 |
/* Now we validate the data before disabling interrupts */ |
/* Now we validate the data before disabling interrupts */ |
974 |
|
|
975 |
diff -ubBpEr linux-2.6.12.3-a9-8/net/ipv4/tcp_ipv4.c linux-2.6.12.3-a9-8-ccs/net/ipv4/tcp_ipv4.c |
diff -ubBpEr linux-2.6.12.3-a9-8/net/ipv4/tcp_ipv4.c linux-2.6.12.3-a9-8-ccs/net/ipv4/tcp_ipv4.c |
976 |
--- linux-2.6.12.3-a9-8/net/ipv4/tcp_ipv4.c 2006-11-20 15:28:26.279222712 +0900 |
--- linux-2.6.12.3-a9-8/net/ipv4/tcp_ipv4.c 2005-07-16 06:18:57.000000000 +0900 |
977 |
+++ linux-2.6.12.3-a9-8-ccs/net/ipv4/tcp_ipv4.c 2006-11-20 15:28:32.202322264 +0900 |
+++ linux-2.6.12.3-a9-8-ccs/net/ipv4/tcp_ipv4.c 2006-11-20 15:28:32.000000000 +0900 |
978 |
@@ -74,6 +74,9 @@ |
@@ -74,6 +74,9 @@ |
979 |
#include <linux/stddef.h> |
#include <linux/stddef.h> |
980 |
#include <linux/proc_fs.h> |
#include <linux/proc_fs.h> |
1006 |
spin_lock(&head->lock); |
spin_lock(&head->lock); |
1007 |
|
|
1008 |
diff -ubBpEr linux-2.6.12.3-a9-8/net/ipv4/udp.c linux-2.6.12.3-a9-8-ccs/net/ipv4/udp.c |
diff -ubBpEr linux-2.6.12.3-a9-8/net/ipv4/udp.c linux-2.6.12.3-a9-8-ccs/net/ipv4/udp.c |
1009 |
--- linux-2.6.12.3-a9-8/net/ipv4/udp.c 2006-11-20 15:28:26.280222560 +0900 |
--- linux-2.6.12.3-a9-8/net/ipv4/udp.c 2005-07-16 06:18:57.000000000 +0900 |
1010 |
+++ linux-2.6.12.3-a9-8-ccs/net/ipv4/udp.c 2006-11-20 15:28:32.205321808 +0900 |
+++ linux-2.6.12.3-a9-8-ccs/net/ipv4/udp.c 2006-11-20 15:28:32.000000000 +0900 |
1011 |
@@ -107,6 +107,9 @@ |
@@ -107,6 +107,9 @@ |
1012 |
#include <net/inet_common.h> |
#include <net/inet_common.h> |
1013 |
#include <net/checksum.h> |
#include <net/checksum.h> |
1039 |
break; |
break; |
1040 |
} |
} |
1041 |
diff -ubBpEr linux-2.6.12.3-a9-8/net/ipv6/tcp_ipv6.c linux-2.6.12.3-a9-8-ccs/net/ipv6/tcp_ipv6.c |
diff -ubBpEr linux-2.6.12.3-a9-8/net/ipv6/tcp_ipv6.c linux-2.6.12.3-a9-8-ccs/net/ipv6/tcp_ipv6.c |
1042 |
--- linux-2.6.12.3-a9-8/net/ipv6/tcp_ipv6.c 2006-11-20 15:28:26.281222408 +0900 |
--- linux-2.6.12.3-a9-8/net/ipv6/tcp_ipv6.c 2005-12-14 14:54:14.000000000 +0900 |
1043 |
+++ linux-2.6.12.3-a9-8-ccs/net/ipv6/tcp_ipv6.c 2006-11-20 15:28:32.207321504 +0900 |
+++ linux-2.6.12.3-a9-8-ccs/net/ipv6/tcp_ipv6.c 2006-11-20 15:28:32.000000000 +0900 |
1044 |
@@ -63,6 +63,9 @@ |
@@ -63,6 +63,9 @@ |
1045 |
|
|
1046 |
#include <linux/proc_fs.h> |
#include <linux/proc_fs.h> |
1072 |
spin_lock(&head->lock); |
spin_lock(&head->lock); |
1073 |
|
|
1074 |
diff -ubBpEr linux-2.6.12.3-a9-8/net/ipv6/udp.c linux-2.6.12.3-a9-8-ccs/net/ipv6/udp.c |
diff -ubBpEr linux-2.6.12.3-a9-8/net/ipv6/udp.c linux-2.6.12.3-a9-8-ccs/net/ipv6/udp.c |
1075 |
--- linux-2.6.12.3-a9-8/net/ipv6/udp.c 2006-11-20 15:28:26.282222256 +0900 |
--- linux-2.6.12.3-a9-8/net/ipv6/udp.c 2005-12-14 14:54:14.000000000 +0900 |
1076 |
+++ linux-2.6.12.3-a9-8-ccs/net/ipv6/udp.c 2006-11-20 15:31:52.775290928 +0900 |
+++ linux-2.6.12.3-a9-8-ccs/net/ipv6/udp.c 2006-11-20 15:31:52.000000000 +0900 |
1077 |
@@ -57,6 +57,9 @@ |
@@ -57,6 +57,9 @@ |
1078 |
|
|
1079 |
#include <linux/proc_fs.h> |
#include <linux/proc_fs.h> |
1105 |
break; |
break; |
1106 |
} |
} |
1107 |
diff -ubBpEr linux-2.6.12.3-a9-8/net/socket.c linux-2.6.12.3-a9-8-ccs/net/socket.c |
diff -ubBpEr linux-2.6.12.3-a9-8/net/socket.c linux-2.6.12.3-a9-8-ccs/net/socket.c |
1108 |
--- linux-2.6.12.3-a9-8/net/socket.c 2006-11-20 15:28:26.283222104 +0900 |
--- linux-2.6.12.3-a9-8/net/socket.c 2005-07-16 06:18:57.000000000 +0900 |
1109 |
+++ linux-2.6.12.3-a9-8-ccs/net/socket.c 2006-11-20 15:28:32.212320744 +0900 |
+++ linux-2.6.12.3-a9-8-ccs/net/socket.c 2006-11-20 15:28:32.000000000 +0900 |
1110 |
@@ -94,6 +94,11 @@ |
@@ -94,6 +94,11 @@ |
1111 |
#include <net/sock.h> |
#include <net/sock.h> |
1112 |
#include <linux/netfilter.h> |
#include <linux/netfilter.h> |
1199 |
sock->file->f_flags); |
sock->file->f_flags); |
1200 |
out_put: |
out_put: |
1201 |
diff -ubBpEr linux-2.6.12.3-a9-8/net/unix/af_unix.c linux-2.6.12.3-a9-8-ccs/net/unix/af_unix.c |
diff -ubBpEr linux-2.6.12.3-a9-8/net/unix/af_unix.c linux-2.6.12.3-a9-8-ccs/net/unix/af_unix.c |
1202 |
--- linux-2.6.12.3-a9-8/net/unix/af_unix.c 2006-11-20 15:28:26.284221952 +0900 |
--- linux-2.6.12.3-a9-8/net/unix/af_unix.c 2005-07-16 06:18:57.000000000 +0900 |
1203 |
+++ linux-2.6.12.3-a9-8-ccs/net/unix/af_unix.c 2006-11-20 15:28:32.215320288 +0900 |
+++ linux-2.6.12.3-a9-8-ccs/net/unix/af_unix.c 2007-03-05 18:00:17.000000000 +0900 |
1204 |
@@ -117,6 +117,12 @@ |
@@ -117,6 +117,9 @@ |
1205 |
#include <linux/mount.h> |
#include <linux/mount.h> |
1206 |
#include <net/checksum.h> |
#include <net/checksum.h> |
1207 |
#include <linux/security.h> |
#include <linux/security.h> |
|
+/***** SAKURA Linux start. *****/ |
|
|
+#include <linux/sakura.h> |
|
|
+/***** SAKURA Linux end. *****/ |
|
1208 |
+/***** TOMOYO Linux start. *****/ |
+/***** TOMOYO Linux start. *****/ |
1209 |
+#include <linux/tomoyo.h> |
+#include <linux/tomoyo.h> |
1210 |
+/***** TOMOYO Linux end. *****/ |
+/***** TOMOYO Linux end. *****/ |
1211 |
|
|
1212 |
int sysctl_unix_max_dgram_qlen = 10; |
int sysctl_unix_max_dgram_qlen = 10; |
1213 |
|
|
1214 |
@@ -738,6 +744,10 @@ static int unix_bind(struct socket *sock |
@@ -738,6 +741,10 @@ static int unix_bind(struct socket *sock |
1215 |
err = unix_autobind(sock); |
err = unix_autobind(sock); |
1216 |
goto out; |
goto out; |
1217 |
} |
} |
1222 |
|
|
1223 |
err = unix_mkname(sunaddr, addr_len, &hash); |
err = unix_mkname(sunaddr, addr_len, &hash); |
1224 |
if (err < 0) |
if (err < 0) |
1225 |
@@ -781,7 +791,11 @@ static int unix_bind(struct socket *sock |
@@ -781,6 +788,9 @@ static int unix_bind(struct socket *sock |
1226 |
*/ |
*/ |
1227 |
mode = S_IFSOCK | |
mode = S_IFSOCK | |
1228 |
(SOCK_INODE(sock)->i_mode & ~current->fs->umask); |
(SOCK_INODE(sock)->i_mode & ~current->fs->umask); |
1230 |
+ if ((err = pre_vfs_mknod(nd.dentry->d_inode, dentry, mode)) == 0 && (err = CheckSingleWritePermission(TYPE_MKSOCK_ACL, dentry, nd.mnt)) == 0) |
+ if ((err = pre_vfs_mknod(nd.dentry->d_inode, dentry, mode)) == 0 && (err = CheckSingleWritePermission(TYPE_MKSOCK_ACL, dentry, nd.mnt)) == 0) |
1231 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
1232 |
err = vfs_mknod(nd.dentry->d_inode, dentry, mode, 0); |
err = vfs_mknod(nd.dentry->d_inode, dentry, mode, 0); |
|
+ if (err == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "unix_bind"); /***** ReadOnly Tracer *****/ |
|
1233 |
if (err) |
if (err) |
1234 |
goto out_mknod_dput; |
goto out_mknod_dput; |
|
up(&nd.dentry->d_inode->i_sem); |
|