| 1 |
diff -ubBpEr linux-2.6.18/Makefile linux-2.6.18-ccs/Makefile |
diff -ubBpEr linux-2.6.18/Makefile linux-2.6.18-ccs/Makefile |
| 2 |
--- linux-2.6.18/Makefile 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/Makefile 2007-03-03 10:49:57.000000000 +0900 |
| 3 |
+++ linux-2.6.18-ccs/Makefile 2006-09-20 16:09:45.000000000 +0900 |
+++ linux-2.6.18-ccs/Makefile 2007-03-03 10:55:25.000000000 +0900 |
| 4 |
@@ -1,7 +1,7 @@ |
@@ -1,7 +1,7 @@ |
| 5 |
VERSION = 2 |
VERSION = 2 |
| 6 |
PATCHLEVEL = 6 |
PATCHLEVEL = 6 |
| 11 |
|
|
| 12 |
# *DOCUMENTATION* |
# *DOCUMENTATION* |
| 13 |
diff -ubBpEr linux-2.6.18/fs/Kconfig linux-2.6.18-ccs/fs/Kconfig |
diff -ubBpEr linux-2.6.18/fs/Kconfig linux-2.6.18-ccs/fs/Kconfig |
| 14 |
--- linux-2.6.18/fs/Kconfig 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/fs/Kconfig 2007-03-03 10:49:57.000000000 +0900 |
| 15 |
+++ linux-2.6.18-ccs/fs/Kconfig 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/fs/Kconfig 2007-03-03 10:55:25.000000000 +0900 |
| 16 |
@@ -1931,5 +1931,7 @@ endmenu |
@@ -1931,5 +1931,7 @@ endmenu |
| 17 |
|
|
| 18 |
source "fs/nls/Kconfig" |
source "fs/nls/Kconfig" |
| 22 |
endmenu |
endmenu |
| 23 |
|
|
| 24 |
diff -ubBpEr linux-2.6.18/fs/Makefile linux-2.6.18-ccs/fs/Makefile |
diff -ubBpEr linux-2.6.18/fs/Makefile linux-2.6.18-ccs/fs/Makefile |
| 25 |
--- linux-2.6.18/fs/Makefile 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/fs/Makefile 2007-03-03 10:49:57.000000000 +0900 |
| 26 |
+++ linux-2.6.18-ccs/fs/Makefile 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/fs/Makefile 2007-03-03 10:55:25.000000000 +0900 |
| 27 |
@@ -102,3 +102,5 @@ obj-$(CONFIG_HOSTFS) += hostfs/ |
@@ -102,3 +102,5 @@ obj-$(CONFIG_HOSTFS) += hostfs/ |
| 28 |
obj-$(CONFIG_HPPFS) += hppfs/ |
obj-$(CONFIG_HPPFS) += hppfs/ |
| 29 |
obj-$(CONFIG_DEBUG_FS) += debugfs/ |
obj-$(CONFIG_DEBUG_FS) += debugfs/ |
| 31 |
+ |
+ |
| 32 |
+include $(srctree)/fs/Makefile-2.6.ccs |
+include $(srctree)/fs/Makefile-2.6.ccs |
| 33 |
diff -ubBpEr linux-2.6.18/fs/attr.c linux-2.6.18-ccs/fs/attr.c |
diff -ubBpEr linux-2.6.18/fs/attr.c linux-2.6.18-ccs/fs/attr.c |
| 34 |
--- linux-2.6.18/fs/attr.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/fs/attr.c 2007-03-03 11:38:54.000000000 +0900 |
| 35 |
+++ linux-2.6.18-ccs/fs/attr.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/fs/attr.c 2007-03-03 11:38:54.000000000 +0900 |
| 36 |
@@ -15,6 +15,9 @@ |
@@ -15,6 +15,9 @@ |
| 37 |
#include <linux/fcntl.h> |
#include <linux/fcntl.h> |
| 38 |
#include <linux/quotaops.h> |
#include <linux/quotaops.h> |
| 65 |
if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) || |
if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) || |
| 66 |
(ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid)) |
(ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid)) |
| 67 |
diff -ubBpEr linux-2.6.18/fs/compat.c linux-2.6.18-ccs/fs/compat.c |
diff -ubBpEr linux-2.6.18/fs/compat.c linux-2.6.18-ccs/fs/compat.c |
| 68 |
--- linux-2.6.18/fs/compat.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/fs/compat.c 2007-03-03 11:38:54.000000000 +0900 |
| 69 |
+++ linux-2.6.18-ccs/fs/compat.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/fs/compat.c 2007-03-03 11:38:54.000000000 +0900 |
| 70 |
@@ -52,6 +52,9 @@ |
@@ -52,6 +52,9 @@ |
| 71 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
| 72 |
#include <asm/mmu_context.h> |
#include <asm/mmu_context.h> |
| 87 |
if (filp->f_op && filp->f_op->compat_ioctl) { |
if (filp->f_op && filp->f_op->compat_ioctl) { |
| 88 |
error = filp->f_op->compat_ioctl(filp, cmd, arg); |
error = filp->f_op->compat_ioctl(filp, cmd, arg); |
| 89 |
if (error != -ENOIOCTLCMD) |
if (error != -ENOIOCTLCMD) |
| 90 |
|
@@ -1567,7 +1573,7 @@ int compat_do_execve(char * filename, |
| 91 |
|
if (retval < 0) |
| 92 |
|
goto out; |
| 93 |
|
|
| 94 |
|
- retval = search_binary_handler(bprm, regs); |
| 95 |
|
+ retval = search_binary_handler_with_transition(bprm, regs); |
| 96 |
|
if (retval >= 0) { |
| 97 |
|
free_arg_pages(bprm); |
| 98 |
|
|
| 99 |
diff -ubBpEr linux-2.6.18/fs/exec.c linux-2.6.18-ccs/fs/exec.c |
diff -ubBpEr linux-2.6.18/fs/exec.c linux-2.6.18-ccs/fs/exec.c |
| 100 |
--- linux-2.6.18/fs/exec.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/fs/exec.c 2007-03-03 11:38:54.000000000 +0900 |
| 101 |
+++ linux-2.6.18-ccs/fs/exec.c 2006-10-16 15:20:38.000000000 +0900 |
+++ linux-2.6.18-ccs/fs/exec.c 2007-03-06 10:04:25.000000000 +0900 |
| 102 |
@@ -57,6 +57,13 @@ |
@@ -57,6 +57,10 @@ |
| 103 |
#include <linux/kmod.h> |
#include <linux/kmod.h> |
| 104 |
#endif |
#endif |
| 105 |
|
|
|
+/***** SAKURA Linux start. *****/ |
|
|
+#include <linux/sakura.h> |
|
|
+/***** SAKURA Linux end. *****/ |
|
| 106 |
+/***** TOMOYO Linux start. *****/ |
+/***** TOMOYO Linux start. *****/ |
| 107 |
+#include <linux/tomoyo.h> |
+#include <linux/tomoyo.h> |
| 108 |
+/***** TOMOYO Linux end. *****/ |
+/***** TOMOYO Linux end. *****/ |
| 110 |
int core_uses_pid; |
int core_uses_pid; |
| 111 |
char core_pattern[65] = "core"; |
char core_pattern[65] = "core"; |
| 112 |
int suid_dumpable = 0; |
int suid_dumpable = 0; |
| 113 |
@@ -139,6 +146,11 @@ asmlinkage long sys_uselib(const char __ |
@@ -139,6 +143,11 @@ asmlinkage long sys_uselib(const char __ |
| 114 |
if (error) |
if (error) |
| 115 |
goto exit; |
goto exit; |
| 116 |
|
|
| 122 |
file = nameidata_to_filp(&nd, O_RDONLY); |
file = nameidata_to_filp(&nd, O_RDONLY); |
| 123 |
error = PTR_ERR(file); |
error = PTR_ERR(file); |
| 124 |
if (IS_ERR(file)) |
if (IS_ERR(file)) |
| 125 |
@@ -1132,6 +1144,25 @@ int do_execve(char * filename, |
@@ -486,6 +495,9 @@ struct file *open_exec(const char *name) |
| 126 |
struct file *file; |
if (!(nd.mnt->mnt_flags & MNT_NOEXEC) && |
| 127 |
int retval; |
S_ISREG(inode->i_mode)) { |
| 128 |
int i; |
int err = vfs_permission(&nd, MAY_EXEC); |
| 129 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
| 130 |
+#ifdef CONFIG_TOMOYO |
+ if (!err && (current->tomoyo_flags & TOMOYO_CHECK_READ_FOR_OPEN_EXEC)) err = CheckOpenPermission(nd.dentry, nd.mnt, 01); /* 01 means "read". */ |
| 131 |
+ struct domain_info *next_domain = NULL; |
+ /***** TOMOYO Linux end. *****/ |
| 132 |
+#endif |
file = ERR_PTR(err); |
| 133 |
+ /***** TOMOYO Linux end. *****/ |
if (!err) { |
| 134 |
+ |
file = nameidata_to_filp(&nd, O_RDONLY); |
| 135 |
+ /***** CCS Start. *****/ |
@@ -1188,7 +1200,8 @@ int do_execve(char * filename, |
| 136 |
+#if defined(CONFIG_SAKURA) || defined(CONFIG_TOMOYO) |
if (retval < 0) |
|
+ extern void CCS_LoadPolicy(const char *filename); |
|
|
+ CCS_LoadPolicy(filename); |
|
|
+#endif |
|
|
+ /***** CCS end. *****/ |
|
|
+ |
|
|
+ /***** SAKURA Linux start. *****/ |
|
|
+#ifdef CONFIG_SAKURA_DROP_CAPABILITY_API |
|
|
+ if (strcmp(filename, "\\\\disable") == 0) return DropTaskCapability(argv); |
|
|
+ if (CheckTaskCapability(SAKURA_DISABLE_EXECVE) < 0) return -EPERM; |
|
|
+#endif |
|
|
+ /***** SAKURA Linux end. *****/ |
|
|
|
|
|
retval = -ENOMEM; |
|
|
bprm = kzalloc(sizeof(*bprm), GFP_KERNEL); |
|
|
@@ -1143,6 +1174,15 @@ int do_execve(char * filename, |
|
|
if (IS_ERR(file)) |
|
|
goto out_kfree; |
|
|
|
|
|
+ /***** TOMOYO Linux start. *****/ |
|
|
+#ifdef CONFIG_TOMOYO |
|
|
+ retval = FindNextDomain(filename, file, &next_domain, argv); |
|
|
+ if (retval < 0) { |
|
|
+ allow_write_access(file); fput(file); goto out_kfree; |
|
|
+ } |
|
|
+#endif |
|
|
+ /***** TOMOYO Linux end. *****/ |
|
|
+ |
|
|
sched_exec(); |
|
|
|
|
|
bprm->p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *); |
|
|
@@ -1189,6 +1229,19 @@ int do_execve(char * filename, |
|
| 137 |
goto out; |
goto out; |
| 138 |
|
|
| 139 |
retval = search_binary_handler(bprm,regs); |
- retval = search_binary_handler(bprm,regs); |
| 140 |
+ |
+ retval = search_binary_handler_with_transition(bprm,regs); |
|
+ /***** TOMOYO Linux start. *****/ |
|
|
+#ifdef CONFIG_TOMOYO |
|
|
+ if (retval >= 0) current->domain_info = next_domain; |
|
|
+#endif |
|
|
+ /***** TOMOYO Linux end. *****/ |
|
|
+ |
|
|
+ /***** SAKURA Linux start. *****/ |
|
|
+#ifdef CONFIG_SAKURA_DROP_CAPABILITY_API |
|
|
+ if (retval >= 0) RestoreTaskCapability(); |
|
|
+#endif |
|
|
+ /***** SAKURA Linux end. *****/ |
|
| 141 |
+ |
+ |
| 142 |
if (retval >= 0) { |
if (retval >= 0) { |
| 143 |
free_arg_pages(bprm); |
free_arg_pages(bprm); |
| 144 |
|
|
| 145 |
diff -ubBpEr linux-2.6.18/fs/fcntl.c linux-2.6.18-ccs/fs/fcntl.c |
diff -ubBpEr linux-2.6.18/fs/fcntl.c linux-2.6.18-ccs/fs/fcntl.c |
| 146 |
--- linux-2.6.18/fs/fcntl.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/fs/fcntl.c 2007-03-03 11:38:54.000000000 +0900 |
| 147 |
+++ linux-2.6.18-ccs/fs/fcntl.c 2006-10-06 16:06:34.000000000 +0900 |
+++ linux-2.6.18-ccs/fs/fcntl.c 2007-03-03 11:38:54.000000000 +0900 |
| 148 |
@@ -22,6 +22,9 @@ |
@@ -22,6 +22,9 @@ |
| 149 |
#include <asm/poll.h> |
#include <asm/poll.h> |
| 150 |
#include <asm/siginfo.h> |
#include <asm/siginfo.h> |
| 167 |
if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME)) |
if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME)) |
| 168 |
if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) |
if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) |
| 169 |
diff -ubBpEr linux-2.6.18/fs/ioctl.c linux-2.6.18-ccs/fs/ioctl.c |
diff -ubBpEr linux-2.6.18/fs/ioctl.c linux-2.6.18-ccs/fs/ioctl.c |
| 170 |
--- linux-2.6.18/fs/ioctl.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/fs/ioctl.c 2007-03-03 11:38:54.000000000 +0900 |
| 171 |
+++ linux-2.6.18-ccs/fs/ioctl.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/fs/ioctl.c 2007-03-03 11:38:54.000000000 +0900 |
| 172 |
@@ -15,6 +15,9 @@ |
@@ -15,6 +15,9 @@ |
| 173 |
|
|
| 174 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
| 190 |
if (filp->f_op->unlocked_ioctl) { |
if (filp->f_op->unlocked_ioctl) { |
| 191 |
error = filp->f_op->unlocked_ioctl(filp, cmd, arg); |
error = filp->f_op->unlocked_ioctl(filp, cmd, arg); |
| 192 |
diff -ubBpEr linux-2.6.18/fs/namei.c linux-2.6.18-ccs/fs/namei.c |
diff -ubBpEr linux-2.6.18/fs/namei.c linux-2.6.18-ccs/fs/namei.c |
| 193 |
--- linux-2.6.18/fs/namei.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/fs/namei.c 2007-03-03 11:38:54.000000000 +0900 |
| 194 |
+++ linux-2.6.18-ccs/fs/namei.c 2006-10-06 15:53:00.000000000 +0900 |
+++ linux-2.6.18-ccs/fs/namei.c 2007-03-03 11:41:29.000000000 +0900 |
| 195 |
@@ -37,6 +37,13 @@ |
@@ -37,6 +37,10 @@ |
| 196 |
|
|
| 197 |
#define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE]) |
#define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE]) |
| 198 |
|
|
|
+/***** SAKURA Linux start. *****/ |
|
|
+#include <linux/sakura.h> |
|
|
+/***** SAKURA Linux end. *****/ |
|
| 199 |
+/***** TOMOYO Linux start. *****/ |
+/***** TOMOYO Linux start. *****/ |
| 200 |
+#include <linux/tomoyo.h> |
+#include <linux/tomoyo.h> |
| 201 |
+/***** TOMOYO Linux end. *****/ |
+/***** TOMOYO Linux end. *****/ |
| 203 |
/* [Feb-1997 T. Schoebel-Theuer] |
/* [Feb-1997 T. Schoebel-Theuer] |
| 204 |
* Fundamental changes in the pathname lookup mechanisms (namei) |
* Fundamental changes in the pathname lookup mechanisms (namei) |
| 205 |
* were necessary because of omirr. The reason is that omirr needs |
* were necessary because of omirr. The reason is that omirr needs |
| 206 |
@@ -793,6 +800,13 @@ static fastcall int __link_path_walk(con |
@@ -1481,6 +1485,9 @@ int vfs_create(struct inode *dir, struct |
|
int err; |
|
|
unsigned int lookup_flags = nd->flags; |
|
|
|
|
|
+ /***** SAKURA Linux start. *****/ |
|
|
+ if (CheckEUID() < 0) { |
|
|
+ path_release(nd); |
|
|
+ return -EPERM; |
|
|
+ } |
|
|
+ /***** SAKURA Linux end. *****/ |
|
|
+ |
|
|
while (*name=='/') |
|
|
name++; |
|
|
if (!*name) |
|
|
@@ -1481,6 +1495,9 @@ int vfs_create(struct inode *dir, struct |
|
| 207 |
error = security_inode_create(dir, dentry, mode); |
error = security_inode_create(dir, dentry, mode); |
| 208 |
if (error) |
if (error) |
| 209 |
return error; |
return error; |
| 213 |
DQUOT_INIT(dir); |
DQUOT_INIT(dir); |
| 214 |
error = dir->i_op->create(dir, dentry, mode, nd); |
error = dir->i_op->create(dir, dentry, mode, nd); |
| 215 |
if (!error) |
if (!error) |
| 216 |
@@ -1520,7 +1537,7 @@ int may_open(struct nameidata *nd, int a |
@@ -1536,6 +1543,11 @@ int may_open(struct nameidata *nd, int a |
|
|
|
|
flag &= ~O_TRUNC; |
|
|
} else if (IS_RDONLY(inode) && (flag & FMODE_WRITE)) |
|
|
- return -EROFS; |
|
|
+ { ROFS_Log_from_dentry(nd->dentry, nd->mnt, "may_open"); return -EROFS; } /***** ReadOnly Tracer *****/ |
|
|
/* |
|
|
* An append-only file must be opened in append mode for writing. |
|
|
*/ |
|
|
@@ -1536,6 +1553,11 @@ int may_open(struct nameidata *nd, int a |
|
| 217 |
if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) |
if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) |
| 218 |
return -EPERM; |
return -EPERM; |
| 219 |
|
|
| 225 |
/* |
/* |
| 226 |
* Ensure there are no outstanding leases on the file. |
* Ensure there are no outstanding leases on the file. |
| 227 |
*/ |
*/ |
| 228 |
@@ -1567,6 +1589,9 @@ int may_open(struct nameidata *nd, int a |
@@ -1567,6 +1579,9 @@ int may_open(struct nameidata *nd, int a |
| 229 |
return 0; |
return 0; |
| 230 |
} |
} |
| 231 |
|
|
| 235 |
/* |
/* |
| 236 |
* open_namei() |
* open_namei() |
| 237 |
* |
* |
| 238 |
@@ -1697,6 +1722,7 @@ ok: |
@@ -1835,6 +1850,12 @@ asmlinkage long sys_mknodat(int dfd, con |
|
exit_dput: |
|
|
dput_path(&path, nd); |
|
|
exit: |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd->dentry, nd->mnt, "open_namei"); /***** ReadOnly Tracer *****/ |
|
|
if (!IS_ERR(nd->intent.open.file)) |
|
|
release_open_intent(nd); |
|
|
path_release(nd); |
|
|
@@ -1835,6 +1861,12 @@ asmlinkage long sys_mknodat(int dfd, con |
|
| 239 |
|
|
| 240 |
if (S_ISDIR(mode)) |
if (S_ISDIR(mode)) |
| 241 |
return -EPERM; |
return -EPERM; |
| 248 |
tmp = getname(filename); |
tmp = getname(filename); |
| 249 |
if (IS_ERR(tmp)) |
if (IS_ERR(tmp)) |
| 250 |
return PTR_ERR(tmp); |
return PTR_ERR(tmp); |
| 251 |
@@ -1853,10 +1885,16 @@ asmlinkage long sys_mknodat(int dfd, con |
@@ -1853,10 +1874,16 @@ asmlinkage long sys_mknodat(int dfd, con |
| 252 |
error = vfs_create(nd.dentry->d_inode,dentry,mode,&nd); |
error = vfs_create(nd.dentry->d_inode,dentry,mode,&nd); |
| 253 |
break; |
break; |
| 254 |
case S_IFCHR: case S_IFBLK: |
case S_IFCHR: case S_IFBLK: |
| 265 |
error = vfs_mknod(nd.dentry->d_inode,dentry,mode,0); |
error = vfs_mknod(nd.dentry->d_inode,dentry,mode,0); |
| 266 |
break; |
break; |
| 267 |
case S_IFDIR: |
case S_IFDIR: |
| 268 |
@@ -1865,6 +1903,7 @@ asmlinkage long sys_mknodat(int dfd, con |
@@ -1921,6 +1948,9 @@ asmlinkage long sys_mkdirat(int dfd, con |
|
default: |
|
|
error = -EINVAL; |
|
|
} |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "sys_mknod"); /***** ReadOnly Tracer *****/ |
|
|
dput(dentry); |
|
|
} |
|
|
mutex_unlock(&nd.dentry->d_inode->i_mutex); |
|
|
@@ -1921,7 +1960,11 @@ asmlinkage long sys_mkdirat(int dfd, con |
|
| 269 |
if (!IS_ERR(dentry)) { |
if (!IS_ERR(dentry)) { |
| 270 |
if (!IS_POSIXACL(nd.dentry->d_inode)) |
if (!IS_POSIXACL(nd.dentry->d_inode)) |
| 271 |
mode &= ~current->fs->umask; |
mode &= ~current->fs->umask; |
| 273 |
+ if ((error = pre_vfs_mkdir(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_MKDIR_ACL, dentry, nd.mnt)) == 0) |
+ if ((error = pre_vfs_mkdir(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_MKDIR_ACL, dentry, nd.mnt)) == 0) |
| 274 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
| 275 |
error = vfs_mkdir(nd.dentry->d_inode, dentry, mode); |
error = vfs_mkdir(nd.dentry->d_inode, dentry, mode); |
|
+ if (error == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "sys_mkdir"); /***** ReadOnly Tracer *****/ |
|
| 276 |
dput(dentry); |
dput(dentry); |
| 277 |
} |
} |
| 278 |
mutex_unlock(&nd.dentry->d_inode->i_mutex); |
@@ -2029,6 +2059,9 @@ static long do_rmdir(int dfd, const char |
|
@@ -2029,7 +2072,11 @@ static long do_rmdir(int dfd, const char |
|
| 279 |
dentry = lookup_hash(&nd); |
dentry = lookup_hash(&nd); |
| 280 |
error = PTR_ERR(dentry); |
error = PTR_ERR(dentry); |
| 281 |
if (!IS_ERR(dentry)) { |
if (!IS_ERR(dentry)) { |
| 283 |
+ if ((error = pre_vfs_rmdir(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_RMDIR_ACL, dentry, nd.mnt)) == 0) |
+ if ((error = pre_vfs_rmdir(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_RMDIR_ACL, dentry, nd.mnt)) == 0) |
| 284 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
| 285 |
error = vfs_rmdir(nd.dentry->d_inode, dentry); |
error = vfs_rmdir(nd.dentry->d_inode, dentry); |
|
+ if (error == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "sys_rmdir"); /***** ReadOnly Tracer *****/ |
|
| 286 |
dput(dentry); |
dput(dentry); |
| 287 |
} |
} |
| 288 |
mutex_unlock(&nd.dentry->d_inode->i_mutex); |
@@ -2088,6 +2121,9 @@ static long do_unlinkat(int dfd, const c |
|
@@ -2088,6 +2135,9 @@ static long do_unlinkat(int dfd, const c |
|
| 289 |
struct dentry *dentry; |
struct dentry *dentry; |
| 290 |
struct nameidata nd; |
struct nameidata nd; |
| 291 |
struct inode *inode = NULL; |
struct inode *inode = NULL; |
| 295 |
|
|
| 296 |
name = getname(pathname); |
name = getname(pathname); |
| 297 |
if(IS_ERR(name)) |
if(IS_ERR(name)) |
| 298 |
@@ -2109,7 +2159,11 @@ static long do_unlinkat(int dfd, const c |
@@ -2109,6 +2145,9 @@ static long do_unlinkat(int dfd, const c |
| 299 |
inode = dentry->d_inode; |
inode = dentry->d_inode; |
| 300 |
if (inode) |
if (inode) |
| 301 |
atomic_inc(&inode->i_count); |
atomic_inc(&inode->i_count); |
| 303 |
+ if ((error = pre_vfs_unlink(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_UNLINK_ACL, dentry, nd.mnt)) == 0) |
+ if ((error = pre_vfs_unlink(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_UNLINK_ACL, dentry, nd.mnt)) == 0) |
| 304 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
| 305 |
error = vfs_unlink(nd.dentry->d_inode, dentry); |
error = vfs_unlink(nd.dentry->d_inode, dentry); |
|
+ if (error == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "sys_unlink"); /***** ReadOnly Tracer *****/ |
|
| 306 |
exit2: |
exit2: |
| 307 |
dput(dentry); |
dput(dentry); |
| 308 |
} |
@@ -2171,6 +2210,9 @@ asmlinkage long sys_symlinkat(const char |
|
@@ -2171,6 +2225,9 @@ asmlinkage long sys_symlinkat(const char |
|
| 309 |
int error = 0; |
int error = 0; |
| 310 |
char * from; |
char * from; |
| 311 |
char * to; |
char * to; |
| 315 |
|
|
| 316 |
from = getname(oldname); |
from = getname(oldname); |
| 317 |
if(IS_ERR(from)) |
if(IS_ERR(from)) |
| 318 |
@@ -2187,7 +2244,11 @@ asmlinkage long sys_symlinkat(const char |
@@ -2187,6 +2229,9 @@ asmlinkage long sys_symlinkat(const char |
| 319 |
dentry = lookup_create(&nd, 0); |
dentry = lookup_create(&nd, 0); |
| 320 |
error = PTR_ERR(dentry); |
error = PTR_ERR(dentry); |
| 321 |
if (!IS_ERR(dentry)) { |
if (!IS_ERR(dentry)) { |
| 323 |
+ if ((error = pre_vfs_symlink(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_SYMLINK_ACL, dentry, nd.mnt)) == 0) |
+ if ((error = pre_vfs_symlink(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_SYMLINK_ACL, dentry, nd.mnt)) == 0) |
| 324 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
| 325 |
error = vfs_symlink(nd.dentry->d_inode, dentry, from, S_IALLUGO); |
error = vfs_symlink(nd.dentry->d_inode, dentry, from, S_IALLUGO); |
|
+ if (error == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "vfs_symlink"); /***** ReadOnly Tracer *****/ |
|
| 326 |
dput(dentry); |
dput(dentry); |
| 327 |
} |
} |
| 328 |
mutex_unlock(&nd.dentry->d_inode->i_mutex); |
@@ -2259,6 +2304,9 @@ asmlinkage long sys_linkat(int olddfd, c |
|
@@ -2259,6 +2320,9 @@ asmlinkage long sys_linkat(int olddfd, c |
|
| 329 |
struct nameidata nd, old_nd; |
struct nameidata nd, old_nd; |
| 330 |
int error; |
int error; |
| 331 |
char * to; |
char * to; |
| 335 |
|
|
| 336 |
if ((flags & ~AT_SYMLINK_FOLLOW) != 0) |
if ((flags & ~AT_SYMLINK_FOLLOW) != 0) |
| 337 |
return -EINVAL; |
return -EINVAL; |
| 338 |
@@ -2281,7 +2345,11 @@ asmlinkage long sys_linkat(int olddfd, c |
@@ -2281,6 +2329,9 @@ asmlinkage long sys_linkat(int olddfd, c |
| 339 |
new_dentry = lookup_create(&nd, 0); |
new_dentry = lookup_create(&nd, 0); |
| 340 |
error = PTR_ERR(new_dentry); |
error = PTR_ERR(new_dentry); |
| 341 |
if (!IS_ERR(new_dentry)) { |
if (!IS_ERR(new_dentry)) { |
| 343 |
+ if ((error = pre_vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry)) == 0 && (error = CheckDoubleWritePermission(TYPE_LINK_ACL, old_nd.dentry, old_nd.mnt, new_dentry, nd.mnt)) == 0) |
+ if ((error = pre_vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry)) == 0 && (error = CheckDoubleWritePermission(TYPE_LINK_ACL, old_nd.dentry, old_nd.mnt, new_dentry, nd.mnt)) == 0) |
| 344 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
| 345 |
error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry); |
error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry); |
|
+ if (error == -EROFS) ROFS_Log_from_dentry(new_dentry, nd.mnt, "vfs_link"); /***** ReadOnly Tracer *****/ |
|
| 346 |
dput(new_dentry); |
dput(new_dentry); |
| 347 |
} |
} |
| 348 |
mutex_unlock(&nd.dentry->d_inode->i_mutex); |
@@ -2507,6 +2558,13 @@ static int do_rename(int olddfd, const c |
|
@@ -2507,6 +2575,13 @@ static int do_rename(int olddfd, const c |
|
| 349 |
if (new_dentry == trap) |
if (new_dentry == trap) |
| 350 |
goto exit5; |
goto exit5; |
| 351 |
|
|
| 359 |
error = vfs_rename(old_dir->d_inode, old_dentry, |
error = vfs_rename(old_dir->d_inode, old_dentry, |
| 360 |
new_dir->d_inode, new_dentry); |
new_dir->d_inode, new_dentry); |
| 361 |
exit5: |
exit5: |
| 362 |
@@ -2520,6 +2595,7 @@ exit2: |
@@ -2529,6 +2587,9 @@ asmlinkage long sys_renameat(int olddfd, |
|
exit1: |
|
|
path_release(&oldnd); |
|
|
exit: |
|
|
+ if (error == -EROFS) ROFS_Log(oldname, "do_rename"); /***** ReadOnly Tracer *****/ |
|
|
return error; |
|
|
} |
|
|
|
|
|
@@ -2529,6 +2605,9 @@ asmlinkage long sys_renameat(int olddfd, |
|
| 363 |
int error; |
int error; |
| 364 |
char * from; |
char * from; |
| 365 |
char * to; |
char * to; |
| 370 |
from = getname(oldname); |
from = getname(oldname); |
| 371 |
if(IS_ERR(from)) |
if(IS_ERR(from)) |
| 372 |
diff -ubBpEr linux-2.6.18/fs/namespace.c linux-2.6.18-ccs/fs/namespace.c |
diff -ubBpEr linux-2.6.18/fs/namespace.c linux-2.6.18-ccs/fs/namespace.c |
| 373 |
--- linux-2.6.18/fs/namespace.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/fs/namespace.c 2007-03-03 11:38:54.000000000 +0900 |
| 374 |
+++ linux-2.6.18-ccs/fs/namespace.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/fs/namespace.c 2007-03-06 10:02:13.000000000 +0900 |
| 375 |
@@ -25,6 +25,12 @@ |
@@ -25,6 +25,12 @@ |
| 376 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
| 377 |
#include <asm/unistd.h> |
#include <asm/unistd.h> |
| 412 |
goto out; |
goto out; |
| 413 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
| 414 |
+ err = -EPERM; |
+ err = -EPERM; |
| 415 |
+ if (SAKURA_MayMount(nd) < 0 || CheckTaskCapability(SAKURA_DISABLE_MOUNT) < 0) goto out; |
+ if (SAKURA_MayMount(nd) < 0) goto out; |
| 416 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
| 417 |
|
|
| 418 |
err = -ENOMEM; |
err = -ENOMEM; |
| 424 |
- |
- |
| 425 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
| 426 |
+ err = -EPERM; |
+ err = -EPERM; |
| 427 |
+ if (SAKURA_MayUmount(old_nd.mnt) < 0 || SAKURA_MayMount(nd) < 0 || CheckTaskCapability(SAKURA_DISABLE_MOUNT) < 0) goto out; |
+ if (SAKURA_MayUmount(old_nd.mnt) < 0 || SAKURA_MayMount(nd) < 0) goto out; |
| 428 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
| 429 |
err = -ENOENT; |
err = -ENOENT; |
| 430 |
mutex_lock(&nd->dentry->d_inode->i_mutex); |
mutex_lock(&nd->dentry->d_inode->i_mutex); |
| 435 |
goto unlock; |
goto unlock; |
| 436 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
| 437 |
+ err = -EPERM; |
+ err = -EPERM; |
| 438 |
+ if (SAKURA_MayMount(nd) < 0 || CheckTaskCapability(SAKURA_DISABLE_MOUNT) < 0) goto unlock; |
+ if (SAKURA_MayMount(nd) < 0) goto unlock; |
| 439 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
| 440 |
|
|
| 441 |
newmnt->mnt_flags = mnt_flags; |
newmnt->mnt_flags = mnt_flags; |
| 442 |
if ((err = graft_tree(newmnt, nd))) |
if ((err = graft_tree(newmnt, nd))) |
| 443 |
@@ -1555,6 +1579,9 @@ asmlinkage long sys_mount(char __user * |
@@ -1402,6 +1426,13 @@ long do_mount(char *dev_name, char *dir_ |
| 444 |
unsigned long type_page; |
if (data_page) |
| 445 |
unsigned long dev_page; |
((char *)data_page)[PAGE_SIZE - 1] = 0; |
| 446 |
char *dir_page; |
|
| 447 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
| 448 |
+ if (CheckCapabilityACL(TOMOYO_SYS_MOUNT)) return -EPERM; |
+ if (CheckCapabilityACL(TOMOYO_SYS_MOUNT)) return -EPERM; |
| 449 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
|
|
|
|
retval = copy_mount_options(type, &type_page); |
|
|
if (retval < 0) |
|
|
@@ -1573,6 +1600,15 @@ asmlinkage long sys_mount(char __user * |
|
|
if (retval < 0) |
|
|
goto out3; |
|
|
|
|
| 450 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
| 451 |
+ retval = -EPERM; |
+ if (CheckMountPermission(dev_name, dir_name, type_page, &flags)) return -EPERM; |
|
+ if (CheckMountPermission((char *) dev_page, dir_page, (char *) type_page, &flags) < 0 || |
|
|
+ CheckTaskCapability(SAKURA_DISABLE_MOUNT) < 0) { |
|
|
+ free_page(data_page); |
|
|
+ goto out3; |
|
|
+ } |
|
| 452 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
| 453 |
+ |
+ |
| 454 |
lock_kernel(); |
/* Separate the per-mountpoint flags */ |
| 455 |
retval = do_mount((char *)dev_page, dir_page, (char *)type_page, |
if (flags & MS_NOSUID) |
| 456 |
flags, (void *)data_page); |
mnt_flags |= MNT_NOSUID; |
| 457 |
@@ -1692,6 +1728,10 @@ asmlinkage long sys_pivot_root(const cha |
@@ -1692,6 +1723,10 @@ asmlinkage long sys_pivot_root(const cha |
| 458 |
if (!capable(CAP_SYS_ADMIN)) |
if (!capable(CAP_SYS_ADMIN)) |
| 459 |
return -EPERM; |
return -EPERM; |
| 460 |
|
|
| 461 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
| 462 |
+ if (CheckPivotRootPermission() < 0 || CheckTaskCapability(SAKURA_DISABLE_PIVOTROOT) < 0) return -EPERM; |
+ if (CheckPivotRootPermission() < 0) return -EPERM; |
| 463 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
| 464 |
+ |
+ |
| 465 |
lock_kernel(); |
lock_kernel(); |
| 466 |
|
|
| 467 |
error = __user_walk(new_root, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, |
error = __user_walk(new_root, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, |
| 468 |
diff -ubBpEr linux-2.6.18/fs/open.c linux-2.6.18-ccs/fs/open.c |
diff -ubBpEr linux-2.6.18/fs/open.c linux-2.6.18-ccs/fs/open.c |
| 469 |
--- linux-2.6.18/fs/open.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/fs/open.c 2007-03-03 11:38:54.000000000 +0900 |
| 470 |
+++ linux-2.6.18-ccs/fs/open.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/fs/open.c 2007-03-05 13:50:59.000000000 +0900 |
| 471 |
@@ -30,6 +30,12 @@ |
@@ -30,6 +30,12 @@ |
| 472 |
#include <linux/audit.h> |
#include <linux/audit.h> |
| 473 |
|
|
| 491 |
error = locks_verify_truncate(inode, NULL, length); |
error = locks_verify_truncate(inode, NULL, length); |
| 492 |
if (!error) { |
if (!error) { |
| 493 |
DQUOT_INIT(inode); |
DQUOT_INIT(inode); |
| 494 |
@@ -275,6 +284,7 @@ static long do_sys_truncate(const char _ |
@@ -320,6 +329,9 @@ static long do_sys_ftruncate(unsigned in |
|
put_write_access(inode); |
|
|
|
|
|
dput_and_out: |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "do_sys_truncate"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
out: |
|
|
return error; |
|
|
@@ -320,10 +330,14 @@ static long do_sys_ftruncate(unsigned in |
|
| 495 |
if (IS_APPEND(inode)) |
if (IS_APPEND(inode)) |
| 496 |
goto out_putf; |
goto out_putf; |
| 497 |
|
|
| 501 |
error = locks_verify_truncate(inode, file, length); |
error = locks_verify_truncate(inode, file, length); |
| 502 |
if (!error) |
if (!error) |
| 503 |
error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, file); |
error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, file); |
| 504 |
out_putf: |
@@ -596,6 +608,9 @@ asmlinkage long sys_chroot(const char __ |
|
+ if (error == -EROFS) ROFS_Log_from_dentry(file->f_dentry, file->f_vfsmnt, "do_sys_ftruncate"); /***** ReadOnly Tracer *****/ |
|
|
fput(file); |
|
|
out: |
|
|
return error; |
|
|
@@ -411,6 +425,7 @@ asmlinkage long sys_utime(char __user * |
|
|
error = notify_change(nd.dentry, &newattrs); |
|
|
mutex_unlock(&inode->i_mutex); |
|
|
dput_and_out: |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_utime"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
out: |
|
|
return error; |
|
|
@@ -464,6 +479,7 @@ long do_utimes(int dfd, char __user *fil |
|
|
error = notify_change(nd.dentry, &newattrs); |
|
|
mutex_unlock(&inode->i_mutex); |
|
|
dput_and_out: |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_utimes"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
out: |
|
|
return error; |
|
|
@@ -526,6 +542,9 @@ asmlinkage long sys_faccessat(int dfd, c |
|
|
if(!res && (mode & S_IWOTH) && IS_RDONLY(nd.dentry->d_inode) |
|
|
&& !special_file(nd.dentry->d_inode->i_mode)) |
|
|
res = -EROFS; |
|
|
+#if 0 |
|
|
+ if (res == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_access"); /***** ReadOnly Tracer *****/ |
|
|
+#endif |
|
|
path_release(&nd); |
|
|
} |
|
|
|
|
|
@@ -596,6 +615,9 @@ asmlinkage long sys_chroot(const char __ |
|
| 505 |
{ |
{ |
| 506 |
struct nameidata nd; |
struct nameidata nd; |
| 507 |
int error; |
int error; |
| 511 |
|
|
| 512 |
error = __user_walk(filename, LOOKUP_FOLLOW | LOOKUP_DIRECTORY | LOOKUP_NOALT, &nd); |
error = __user_walk(filename, LOOKUP_FOLLOW | LOOKUP_DIRECTORY | LOOKUP_NOALT, &nd); |
| 513 |
if (error) |
if (error) |
| 514 |
@@ -609,6 +631,19 @@ asmlinkage long sys_chroot(const char __ |
@@ -609,6 +624,19 @@ asmlinkage long sys_chroot(const char __ |
| 515 |
if (!capable(CAP_SYS_CHROOT)) |
if (!capable(CAP_SYS_CHROOT)) |
| 516 |
goto dput_and_out; |
goto dput_and_out; |
| 517 |
|
|
| 519 |
+ { |
+ { |
| 520 |
+ char *name = getname(filename); |
+ char *name = getname(filename); |
| 521 |
+ if (!IS_ERR(name)) { |
+ if (!IS_ERR(name)) { |
| 522 |
+ error = CheckChRootPermission(name) | CheckTaskCapability(SAKURA_DISABLE_CHROOT); |
+ error = CheckChRootPermission(name); |
| 523 |
+ putname(name); |
+ putname(name); |
| 524 |
+ } else { |
+ } else { |
| 525 |
+ error = PTR_ERR(name); |
+ error = PTR_ERR(name); |
| 531 |
set_fs_root(current->fs, nd.mnt, nd.dentry); |
set_fs_root(current->fs, nd.mnt, nd.dentry); |
| 532 |
set_fs_altroot(); |
set_fs_altroot(); |
| 533 |
error = 0; |
error = 0; |
| 534 |
@@ -650,6 +685,7 @@ asmlinkage long sys_fchmod(unsigned int |
@@ -1199,6 +1227,9 @@ EXPORT_SYMBOL(sys_close); |
|
mutex_unlock(&inode->i_mutex); |
|
|
|
|
|
out_putf: |
|
|
+ if (err == -EROFS) ROFS_Log_from_dentry(file->f_dentry, file->f_vfsmnt, "sys_fchmod"); /***** ReadOnly Tracer *****/ |
|
|
fput(file); |
|
|
out: |
|
|
return err; |
|
|
@@ -685,6 +721,7 @@ asmlinkage long sys_fchmodat(int dfd, co |
|
|
mutex_unlock(&inode->i_mutex); |
|
|
|
|
|
dput_and_out: |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_chmod"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
out: |
|
|
return error; |
|
|
@@ -738,6 +775,7 @@ asmlinkage long sys_chown(const char __u |
|
|
error = user_path_walk(filename, &nd); |
|
|
if (!error) { |
|
|
error = chown_common(nd.dentry, user, group); |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_chown"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
} |
|
|
return error; |
|
|
@@ -757,6 +795,7 @@ asmlinkage long sys_fchownat(int dfd, co |
|
|
error = __user_walk_fd(dfd, filename, follow, &nd); |
|
|
if (!error) { |
|
|
error = chown_common(nd.dentry, user, group); |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_fchownat"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
} |
|
|
out: |
|
|
@@ -771,6 +810,7 @@ asmlinkage long sys_lchown(const char __ |
|
|
error = user_path_walk_link(filename, &nd); |
|
|
if (!error) { |
|
|
error = chown_common(nd.dentry, user, group); |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_lchown"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
} |
|
|
return error; |
|
|
@@ -788,6 +828,7 @@ asmlinkage long sys_fchown(unsigned int |
|
|
dentry = file->f_dentry; |
|
|
audit_inode(NULL, dentry->d_inode); |
|
|
error = chown_common(dentry, user, group); |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(dentry, file->f_vfsmnt, "sys_fchown"); /***** ReadOnly Tracer *****/ |
|
|
fput(file); |
|
|
} |
|
|
return error; |
|
|
@@ -1199,6 +1240,9 @@ EXPORT_SYMBOL(sys_close); |
|
| 535 |
*/ |
*/ |
| 536 |
asmlinkage long sys_vhangup(void) |
asmlinkage long sys_vhangup(void) |
| 537 |
{ |
{ |
| 542 |
tty_vhangup(current->signal->tty); |
tty_vhangup(current->signal->tty); |
| 543 |
return 0; |
return 0; |
| 544 |
diff -ubBpEr linux-2.6.18/fs/proc/Makefile linux-2.6.18-ccs/fs/proc/Makefile |
diff -ubBpEr linux-2.6.18/fs/proc/Makefile linux-2.6.18-ccs/fs/proc/Makefile |
| 545 |
--- linux-2.6.18/fs/proc/Makefile 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/fs/proc/Makefile 2007-03-03 10:49:57.000000000 +0900 |
| 546 |
+++ linux-2.6.18-ccs/fs/proc/Makefile 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/fs/proc/Makefile 2007-03-03 10:55:25.000000000 +0900 |
| 547 |
@@ -13,3 +13,6 @@ proc-y += inode.o root.o base.o ge |
@@ -13,3 +13,6 @@ proc-y += inode.o root.o base.o ge |
| 548 |
proc-$(CONFIG_PROC_KCORE) += kcore.o |
proc-$(CONFIG_PROC_KCORE) += kcore.o |
| 549 |
proc-$(CONFIG_PROC_VMCORE) += vmcore.o |
proc-$(CONFIG_PROC_VMCORE) += vmcore.o |
| 552 |
+proc-$(CONFIG_SAKURA) += ccs_proc.o |
+proc-$(CONFIG_SAKURA) += ccs_proc.o |
| 553 |
+proc-$(CONFIG_TOMOYO) += ccs_proc.o |
+proc-$(CONFIG_TOMOYO) += ccs_proc.o |
| 554 |
diff -ubBpEr linux-2.6.18/fs/proc/proc_misc.c linux-2.6.18-ccs/fs/proc/proc_misc.c |
diff -ubBpEr linux-2.6.18/fs/proc/proc_misc.c linux-2.6.18-ccs/fs/proc/proc_misc.c |
| 555 |
--- linux-2.6.18/fs/proc/proc_misc.c 2006-10-19 16:15:41.000000000 +0900 |
--- linux-2.6.18/fs/proc/proc_misc.c 2007-03-03 10:49:57.000000000 +0900 |
| 556 |
+++ linux-2.6.18-ccs/fs/proc/proc_misc.c 2006-10-19 16:15:41.000000000 +0900 |
+++ linux-2.6.18-ccs/fs/proc/proc_misc.c 2007-03-06 10:06:57.000000000 +0900 |
| 557 |
@@ -723,4 +723,13 @@ void __init proc_misc_init(void) |
@@ -723,4 +723,13 @@ void __init proc_misc_init(void) |
| 558 |
if (entry) |
if (entry) |
| 559 |
entry->proc_fops = &proc_sysrq_trigger_operations; |
entry->proc_fops = &proc_sysrq_trigger_operations; |
| 563 |
+ { |
+ { |
| 564 |
+ extern void __init CCSProc_Init(void); |
+ extern void __init CCSProc_Init(void); |
| 565 |
+ CCSProc_Init(); |
+ CCSProc_Init(); |
| 566 |
+ printk("Hook version: 2.6.18 2006/10/19\n"); |
+ printk("Hook version: 2.6.18 2007/03/06\n"); |
| 567 |
+ } |
+ } |
| 568 |
+#endif |
+#endif |
| 569 |
+ /***** CCS end. *****/ |
+ /***** CCS end. *****/ |
| 570 |
} |
} |
| 571 |
diff -ubBpEr linux-2.6.18/include/linux/init_task.h linux-2.6.18-ccs/include/linux/init_task.h |
diff -ubBpEr linux-2.6.18/include/linux/init_task.h linux-2.6.18-ccs/include/linux/init_task.h |
| 572 |
--- linux-2.6.18/include/linux/init_task.h 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/include/linux/init_task.h 2007-03-03 10:49:57.000000000 +0900 |
| 573 |
+++ linux-2.6.18-ccs/include/linux/init_task.h 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/include/linux/init_task.h 2007-03-03 11:13:33.000000000 +0900 |
| 574 |
@@ -128,6 +128,12 @@ extern struct group_info init_groups; |
@@ -128,6 +128,10 @@ extern struct group_info init_groups; |
| 575 |
.pi_lock = SPIN_LOCK_UNLOCKED, \ |
.pi_lock = SPIN_LOCK_UNLOCKED, \ |
| 576 |
INIT_TRACE_IRQFLAGS \ |
INIT_TRACE_IRQFLAGS \ |
| 577 |
INIT_LOCKDEP \ |
INIT_LOCKDEP \ |
| 578 |
+ /***** TOMOYO Linux start. *****/ \ |
+ /***** TOMOYO Linux start. *****/ \ |
| 579 |
+ .domain_info = &KERNEL_DOMAIN, \ |
+ .domain_info = &KERNEL_DOMAIN, \ |
| 580 |
|
+ .tomoyo_flags = 0, \ |
| 581 |
+ /***** TOMOYO Linux end. *****/ \ |
+ /***** TOMOYO Linux end. *****/ \ |
|
+ /***** SAKURA Linux start. *****/ \ |
|
|
+ .dropped_capability = 0, \ |
|
|
+ /***** SAKURA Linux end. *****/ \ |
|
| 582 |
} |
} |
| 583 |
|
|
| 584 |
|
|
| 585 |
diff -ubBpEr linux-2.6.18/include/linux/sched.h linux-2.6.18-ccs/include/linux/sched.h |
diff -ubBpEr linux-2.6.18/include/linux/sched.h linux-2.6.18-ccs/include/linux/sched.h |
| 586 |
--- linux-2.6.18/include/linux/sched.h 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/include/linux/sched.h 2007-03-03 10:49:57.000000000 +0900 |
| 587 |
+++ linux-2.6.18-ccs/include/linux/sched.h 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/include/linux/sched.h 2007-03-03 11:09:01.000000000 +0900 |
| 588 |
@@ -25,6 +25,11 @@ |
@@ -25,6 +25,11 @@ |
| 589 |
#define CLONE_CHILD_SETTID 0x01000000 /* set the TID in the child */ |
#define CLONE_CHILD_SETTID 0x01000000 /* set the TID in the child */ |
| 590 |
#define CLONE_STOPPED 0x02000000 /* Start in stopped state */ |
#define CLONE_STOPPED 0x02000000 /* Start in stopped state */ |
| 597 |
/* |
/* |
| 598 |
* Scheduling policies |
* Scheduling policies |
| 599 |
*/ |
*/ |
| 600 |
@@ -996,6 +1001,12 @@ struct task_struct { |
@@ -996,6 +1001,10 @@ struct task_struct { |
| 601 |
#ifdef CONFIG_TASK_DELAY_ACCT |
#ifdef CONFIG_TASK_DELAY_ACCT |
| 602 |
struct task_delay_info *delays; |
struct task_delay_info *delays; |
| 603 |
#endif |
#endif |
| 604 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
| 605 |
+ struct domain_info *domain_info; |
+ struct domain_info *domain_info; |
| 606 |
|
+ unsigned int tomoyo_flags; |
| 607 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
|
+ /***** SAKURA Linux start. *****/ |
|
|
+ unsigned int dropped_capability; |
|
|
+ /***** SAKURA Linux end. *****/ |
|
| 608 |
}; |
}; |
| 609 |
|
|
| 610 |
static inline pid_t process_group(struct task_struct *tsk) |
static inline pid_t process_group(struct task_struct *tsk) |
| 611 |
diff -ubBpEr linux-2.6.18/kernel/kexec.c linux-2.6.18-ccs/kernel/kexec.c |
diff -ubBpEr linux-2.6.18/kernel/kexec.c linux-2.6.18-ccs/kernel/kexec.c |
| 612 |
--- linux-2.6.18/kernel/kexec.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/kernel/kexec.c 2007-03-03 10:49:57.000000000 +0900 |
| 613 |
+++ linux-2.6.18-ccs/kernel/kexec.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/kernel/kexec.c 2007-03-03 10:55:25.000000000 +0900 |
| 614 |
@@ -26,6 +26,9 @@ |
@@ -26,6 +26,9 @@ |
| 615 |
#include <asm/io.h> |
#include <asm/io.h> |
| 616 |
#include <asm/system.h> |
#include <asm/system.h> |
| 632 |
/* |
/* |
| 633 |
* Verify we have a legal set of flags |
* Verify we have a legal set of flags |
| 634 |
diff -ubBpEr linux-2.6.18/kernel/kmod.c linux-2.6.18-ccs/kernel/kmod.c |
diff -ubBpEr linux-2.6.18/kernel/kmod.c linux-2.6.18-ccs/kernel/kmod.c |
| 635 |
--- linux-2.6.18/kernel/kmod.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/kernel/kmod.c 2007-03-03 10:49:57.000000000 +0900 |
| 636 |
+++ linux-2.6.18-ccs/kernel/kmod.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/kernel/kmod.c 2007-03-03 11:16:30.000000000 +0900 |
| 637 |
@@ -148,6 +148,13 @@ static int ____call_usermodehelper(void |
@@ -148,6 +148,11 @@ static int ____call_usermodehelper(void |
| 638 |
/* We can run anywhere, unlike our parent keventd(). */ |
/* We can run anywhere, unlike our parent keventd(). */ |
| 639 |
set_cpus_allowed(current, CPU_MASK_ALL); |
set_cpus_allowed(current, CPU_MASK_ALL); |
| 640 |
|
|
| 641 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
| 642 |
+ current->domain_info = &KERNEL_DOMAIN; |
+ current->domain_info = &KERNEL_DOMAIN; |
| 643 |
|
+ current->tomoyo_flags = 0; |
| 644 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
|
+ /***** SAKURA Linux start. *****/ |
|
|
+ current->dropped_capability = 0; |
|
|
+ /***** SAKURA Linux end. *****/ |
|
| 645 |
+ |
+ |
| 646 |
retval = -EPERM; |
retval = -EPERM; |
| 647 |
if (current->fs->root) |
if (current->fs->root) |
| 648 |
retval = execve(sub_info->path, sub_info->argv,sub_info->envp); |
retval = execve(sub_info->path, sub_info->argv,sub_info->envp); |
| 649 |
diff -ubBpEr linux-2.6.18/kernel/module.c linux-2.6.18-ccs/kernel/module.c |
diff -ubBpEr linux-2.6.18/kernel/module.c linux-2.6.18-ccs/kernel/module.c |
| 650 |
--- linux-2.6.18/kernel/module.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/kernel/module.c 2007-03-03 10:49:57.000000000 +0900 |
| 651 |
+++ linux-2.6.18-ccs/kernel/module.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/kernel/module.c 2007-03-03 10:55:25.000000000 +0900 |
| 652 |
@@ -44,6 +44,9 @@ |
@@ -44,6 +44,9 @@ |
| 653 |
#include <asm/semaphore.h> |
#include <asm/semaphore.h> |
| 654 |
#include <asm/cacheflush.h> |
#include <asm/cacheflush.h> |
| 682 |
if (mutex_lock_interruptible(&module_mutex) != 0) |
if (mutex_lock_interruptible(&module_mutex) != 0) |
| 683 |
return -EINTR; |
return -EINTR; |
| 684 |
diff -ubBpEr linux-2.6.18/kernel/sched.c linux-2.6.18-ccs/kernel/sched.c |
diff -ubBpEr linux-2.6.18/kernel/sched.c linux-2.6.18-ccs/kernel/sched.c |
| 685 |
--- linux-2.6.18/kernel/sched.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/kernel/sched.c 2007-03-03 10:49:57.000000000 +0900 |
| 686 |
+++ linux-2.6.18-ccs/kernel/sched.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/kernel/sched.c 2007-03-03 10:55:25.000000000 +0900 |
| 687 |
@@ -55,6 +55,9 @@ |
@@ -55,6 +55,9 @@ |
| 688 |
#include <asm/tlb.h> |
#include <asm/tlb.h> |
| 689 |
|
|
| 705 |
/* |
/* |
| 706 |
* Setpriority might change our priority at the same moment. |
* Setpriority might change our priority at the same moment. |
| 707 |
diff -ubBpEr linux-2.6.18/kernel/signal.c linux-2.6.18-ccs/kernel/signal.c |
diff -ubBpEr linux-2.6.18/kernel/signal.c linux-2.6.18-ccs/kernel/signal.c |
| 708 |
--- linux-2.6.18/kernel/signal.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/kernel/signal.c 2007-03-03 10:49:57.000000000 +0900 |
| 709 |
+++ linux-2.6.18-ccs/kernel/signal.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/kernel/signal.c 2007-03-03 10:55:25.000000000 +0900 |
| 710 |
@@ -28,6 +28,9 @@ |
@@ -28,6 +28,9 @@ |
| 711 |
#include <asm/unistd.h> |
#include <asm/unistd.h> |
| 712 |
#include <asm/siginfo.h> |
#include <asm/siginfo.h> |
| 751 |
return do_tkill(0, pid, sig); |
return do_tkill(0, pid, sig); |
| 752 |
} |
} |
| 753 |
diff -ubBpEr linux-2.6.18/kernel/sys.c linux-2.6.18-ccs/kernel/sys.c |
diff -ubBpEr linux-2.6.18/kernel/sys.c linux-2.6.18-ccs/kernel/sys.c |
| 754 |
--- linux-2.6.18/kernel/sys.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/kernel/sys.c 2007-03-03 10:49:57.000000000 +0900 |
| 755 |
+++ linux-2.6.18-ccs/kernel/sys.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/kernel/sys.c 2007-03-03 10:55:25.000000000 +0900 |
| 756 |
@@ -36,6 +36,9 @@ |
@@ -36,6 +36,9 @@ |
| 757 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
| 758 |
#include <asm/io.h> |
#include <asm/io.h> |
| 804 |
down_write(&uts_sem); |
down_write(&uts_sem); |
| 805 |
errno = -EFAULT; |
errno = -EFAULT; |
| 806 |
diff -ubBpEr linux-2.6.18/kernel/sysctl.c linux-2.6.18-ccs/kernel/sysctl.c |
diff -ubBpEr linux-2.6.18/kernel/sysctl.c linux-2.6.18-ccs/kernel/sysctl.c |
| 807 |
--- linux-2.6.18/kernel/sysctl.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/kernel/sysctl.c 2007-03-03 10:49:57.000000000 +0900 |
| 808 |
+++ linux-2.6.18-ccs/kernel/sysctl.c 2006-10-05 08:41:07.000000000 +0900 |
+++ linux-2.6.18-ccs/kernel/sysctl.c 2007-03-03 10:55:25.000000000 +0900 |
| 809 |
@@ -48,6 +48,9 @@ |
@@ -48,6 +48,9 @@ |
| 810 |
|
|
| 811 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
| 928 |
table, name, nlen, |
table, name, nlen, |
| 929 |
oldval, oldlenp, |
oldval, oldlenp, |
| 930 |
diff -ubBpEr linux-2.6.18/kernel/time.c linux-2.6.18-ccs/kernel/time.c |
diff -ubBpEr linux-2.6.18/kernel/time.c linux-2.6.18-ccs/kernel/time.c |
| 931 |
--- linux-2.6.18/kernel/time.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/kernel/time.c 2007-03-03 10:49:57.000000000 +0900 |
| 932 |
+++ linux-2.6.18-ccs/kernel/time.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/kernel/time.c 2007-03-03 10:55:25.000000000 +0900 |
| 933 |
@@ -39,6 +39,9 @@ |
@@ -39,6 +39,9 @@ |
| 934 |
|
|
| 935 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
| 971 |
/* Now we validate the data before disabling interrupts */ |
/* Now we validate the data before disabling interrupts */ |
| 972 |
|
|
| 973 |
diff -ubBpEr linux-2.6.18/net/ipv4/inet_connection_sock.c linux-2.6.18-ccs/net/ipv4/inet_connection_sock.c |
diff -ubBpEr linux-2.6.18/net/ipv4/inet_connection_sock.c linux-2.6.18-ccs/net/ipv4/inet_connection_sock.c |
| 974 |
--- linux-2.6.18/net/ipv4/inet_connection_sock.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/net/ipv4/inet_connection_sock.c 2007-03-03 10:49:57.000000000 +0900 |
| 975 |
+++ linux-2.6.18-ccs/net/ipv4/inet_connection_sock.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/net/ipv4/inet_connection_sock.c 2007-03-03 10:55:25.000000000 +0900 |
| 976 |
@@ -23,6 +23,9 @@ |
@@ -23,6 +23,9 @@ |
| 977 |
#include <net/route.h> |
#include <net/route.h> |
| 978 |
#include <net/tcp_states.h> |
#include <net/tcp_states.h> |
| 994 |
if (tb->port == rover) |
if (tb->port == rover) |
| 995 |
goto next; |
goto next; |
| 996 |
diff -ubBpEr linux-2.6.18/net/ipv4/inet_hashtables.c linux-2.6.18-ccs/net/ipv4/inet_hashtables.c |
diff -ubBpEr linux-2.6.18/net/ipv4/inet_hashtables.c linux-2.6.18-ccs/net/ipv4/inet_hashtables.c |
| 997 |
--- linux-2.6.18/net/ipv4/inet_hashtables.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/net/ipv4/inet_hashtables.c 2007-03-03 10:49:57.000000000 +0900 |
| 998 |
+++ linux-2.6.18-ccs/net/ipv4/inet_hashtables.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/net/ipv4/inet_hashtables.c 2007-03-03 10:55:25.000000000 +0900 |
| 999 |
@@ -22,6 +22,9 @@ |
@@ -22,6 +22,9 @@ |
| 1000 |
#include <net/inet_connection_sock.h> |
#include <net/inet_connection_sock.h> |
| 1001 |
#include <net/inet_hashtables.h> |
#include <net/inet_hashtables.h> |
| 1017 |
spin_lock(&head->lock); |
spin_lock(&head->lock); |
| 1018 |
|
|
| 1019 |
diff -ubBpEr linux-2.6.18/net/ipv4/udp.c linux-2.6.18-ccs/net/ipv4/udp.c |
diff -ubBpEr linux-2.6.18/net/ipv4/udp.c linux-2.6.18-ccs/net/ipv4/udp.c |
| 1020 |
--- linux-2.6.18/net/ipv4/udp.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/net/ipv4/udp.c 2007-03-03 10:49:57.000000000 +0900 |
| 1021 |
+++ linux-2.6.18-ccs/net/ipv4/udp.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/net/ipv4/udp.c 2007-03-03 10:55:25.000000000 +0900 |
| 1022 |
@@ -108,6 +108,9 @@ |
@@ -108,6 +108,9 @@ |
| 1023 |
#include <net/inet_common.h> |
#include <net/inet_common.h> |
| 1024 |
#include <net/checksum.h> |
#include <net/checksum.h> |
| 1050 |
break; |
break; |
| 1051 |
} |
} |
| 1052 |
diff -ubBpEr linux-2.6.18/net/ipv6/inet6_hashtables.c linux-2.6.18-ccs/net/ipv6/inet6_hashtables.c |
diff -ubBpEr linux-2.6.18/net/ipv6/inet6_hashtables.c linux-2.6.18-ccs/net/ipv6/inet6_hashtables.c |
| 1053 |
--- linux-2.6.18/net/ipv6/inet6_hashtables.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/net/ipv6/inet6_hashtables.c 2007-03-03 10:49:57.000000000 +0900 |
| 1054 |
+++ linux-2.6.18-ccs/net/ipv6/inet6_hashtables.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/net/ipv6/inet6_hashtables.c 2007-03-03 10:55:25.000000000 +0900 |
| 1055 |
@@ -21,6 +21,9 @@ |
@@ -21,6 +21,9 @@ |
| 1056 |
#include <net/inet_hashtables.h> |
#include <net/inet_hashtables.h> |
| 1057 |
#include <net/inet6_hashtables.h> |
#include <net/inet6_hashtables.h> |
| 1073 |
spin_lock(&head->lock); |
spin_lock(&head->lock); |
| 1074 |
|
|
| 1075 |
diff -ubBpEr linux-2.6.18/net/ipv6/udp.c linux-2.6.18-ccs/net/ipv6/udp.c |
diff -ubBpEr linux-2.6.18/net/ipv6/udp.c linux-2.6.18-ccs/net/ipv6/udp.c |
| 1076 |
--- linux-2.6.18/net/ipv6/udp.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/net/ipv6/udp.c 2007-03-03 10:49:57.000000000 +0900 |
| 1077 |
+++ linux-2.6.18-ccs/net/ipv6/udp.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/net/ipv6/udp.c 2007-03-03 10:55:25.000000000 +0900 |
| 1078 |
@@ -58,6 +58,9 @@ |
@@ -58,6 +58,9 @@ |
| 1079 |
|
|
| 1080 |
#include <linux/proc_fs.h> |
#include <linux/proc_fs.h> |
| 1106 |
break; |
break; |
| 1107 |
} |
} |
| 1108 |
diff -ubBpEr linux-2.6.18/net/socket.c linux-2.6.18-ccs/net/socket.c |
diff -ubBpEr linux-2.6.18/net/socket.c linux-2.6.18-ccs/net/socket.c |
| 1109 |
--- linux-2.6.18/net/socket.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/net/socket.c 2007-03-03 10:49:57.000000000 +0900 |
| 1110 |
+++ linux-2.6.18-ccs/net/socket.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/net/socket.c 2007-03-03 10:55:25.000000000 +0900 |
| 1111 |
@@ -94,6 +94,11 @@ |
@@ -94,6 +94,11 @@ |
| 1112 |
#include <net/sock.h> |
#include <net/sock.h> |
| 1113 |
#include <linux/netfilter.h> |
#include <linux/netfilter.h> |
| 1199 |
sock->file->f_flags); |
sock->file->f_flags); |
| 1200 |
out_put: |
out_put: |
| 1201 |
diff -ubBpEr linux-2.6.18/net/unix/af_unix.c linux-2.6.18-ccs/net/unix/af_unix.c |
diff -ubBpEr linux-2.6.18/net/unix/af_unix.c linux-2.6.18-ccs/net/unix/af_unix.c |
| 1202 |
--- linux-2.6.18/net/unix/af_unix.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/net/unix/af_unix.c 2007-03-03 11:38:54.000000000 +0900 |
| 1203 |
+++ linux-2.6.18-ccs/net/unix/af_unix.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/net/unix/af_unix.c 2007-03-05 13:21:51.000000000 +0900 |
| 1204 |
@@ -116,6 +116,12 @@ |
@@ -116,6 +116,9 @@ |
| 1205 |
#include <linux/mount.h> |
#include <linux/mount.h> |
| 1206 |
#include <net/checksum.h> |
#include <net/checksum.h> |
| 1207 |
#include <linux/security.h> |
#include <linux/security.h> |
|
+/***** SAKURA Linux start. *****/ |
|
|
+#include <linux/sakura.h> |
|
|
+/***** SAKURA Linux end. *****/ |
|
| 1208 |
+/***** TOMOYO Linux start. *****/ |
+/***** TOMOYO Linux start. *****/ |
| 1209 |
+#include <linux/tomoyo.h> |
+#include <linux/tomoyo.h> |
| 1210 |
+/***** TOMOYO Linux end. *****/ |
+/***** TOMOYO Linux end. *****/ |
| 1211 |
|
|
| 1212 |
int sysctl_unix_max_dgram_qlen = 10; |
int sysctl_unix_max_dgram_qlen = 10; |
| 1213 |
|
|
| 1214 |
@@ -764,6 +770,10 @@ static int unix_bind(struct socket *sock |
@@ -764,6 +767,10 @@ static int unix_bind(struct socket *sock |
| 1215 |
err = unix_autobind(sock); |
err = unix_autobind(sock); |
| 1216 |
goto out; |
goto out; |
| 1217 |
} |
} |
| 1222 |
|
|
| 1223 |
err = unix_mkname(sunaddr, addr_len, &hash); |
err = unix_mkname(sunaddr, addr_len, &hash); |
| 1224 |
if (err < 0) |
if (err < 0) |
| 1225 |
@@ -807,7 +817,11 @@ static int unix_bind(struct socket *sock |
@@ -807,6 +814,9 @@ static int unix_bind(struct socket *sock |
| 1226 |
*/ |
*/ |
| 1227 |
mode = S_IFSOCK | |
mode = S_IFSOCK | |
| 1228 |
(SOCK_INODE(sock)->i_mode & ~current->fs->umask); |
(SOCK_INODE(sock)->i_mode & ~current->fs->umask); |
| 1230 |
+ if ((err = pre_vfs_mknod(nd.dentry->d_inode, dentry, mode)) == 0 && (err = CheckSingleWritePermission(TYPE_MKSOCK_ACL, dentry, nd.mnt)) == 0) |
+ if ((err = pre_vfs_mknod(nd.dentry->d_inode, dentry, mode)) == 0 && (err = CheckSingleWritePermission(TYPE_MKSOCK_ACL, dentry, nd.mnt)) == 0) |
| 1231 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
| 1232 |
err = vfs_mknod(nd.dentry->d_inode, dentry, mode, 0); |
err = vfs_mknod(nd.dentry->d_inode, dentry, mode, 0); |
|
+ if (err == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "unix_bind"); /***** ReadOnly Tracer *****/ |
|
| 1233 |
if (err) |
if (err) |
| 1234 |
goto out_mknod_dput; |
goto out_mknod_dput; |
|
mutex_unlock(&nd.dentry->d_inode->i_mutex); |
|
TOMOYO
Parent Directory
Revision Log
Patch