1 |
diff -ubBpEr linux-2.6.18/Makefile linux-2.6.18-ccs/Makefile |
diff -ubBpEr linux-2.6.18/Makefile linux-2.6.18-ccs/Makefile |
2 |
--- linux-2.6.18/Makefile 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/Makefile 2007-03-03 10:49:57.000000000 +0900 |
3 |
+++ linux-2.6.18-ccs/Makefile 2006-09-20 16:09:45.000000000 +0900 |
+++ linux-2.6.18-ccs/Makefile 2007-03-03 10:55:25.000000000 +0900 |
4 |
@@ -1,7 +1,7 @@ |
@@ -1,7 +1,7 @@ |
5 |
VERSION = 2 |
VERSION = 2 |
6 |
PATCHLEVEL = 6 |
PATCHLEVEL = 6 |
11 |
|
|
12 |
# *DOCUMENTATION* |
# *DOCUMENTATION* |
13 |
diff -ubBpEr linux-2.6.18/fs/Kconfig linux-2.6.18-ccs/fs/Kconfig |
diff -ubBpEr linux-2.6.18/fs/Kconfig linux-2.6.18-ccs/fs/Kconfig |
14 |
--- linux-2.6.18/fs/Kconfig 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/fs/Kconfig 2007-03-03 10:49:57.000000000 +0900 |
15 |
+++ linux-2.6.18-ccs/fs/Kconfig 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/fs/Kconfig 2007-03-03 10:55:25.000000000 +0900 |
16 |
@@ -1931,5 +1931,7 @@ endmenu |
@@ -1931,5 +1931,7 @@ endmenu |
17 |
|
|
18 |
source "fs/nls/Kconfig" |
source "fs/nls/Kconfig" |
22 |
endmenu |
endmenu |
23 |
|
|
24 |
diff -ubBpEr linux-2.6.18/fs/Makefile linux-2.6.18-ccs/fs/Makefile |
diff -ubBpEr linux-2.6.18/fs/Makefile linux-2.6.18-ccs/fs/Makefile |
25 |
--- linux-2.6.18/fs/Makefile 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/fs/Makefile 2007-03-03 10:49:57.000000000 +0900 |
26 |
+++ linux-2.6.18-ccs/fs/Makefile 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/fs/Makefile 2007-03-03 10:55:25.000000000 +0900 |
27 |
@@ -102,3 +102,5 @@ obj-$(CONFIG_HOSTFS) += hostfs/ |
@@ -102,3 +102,5 @@ obj-$(CONFIG_HOSTFS) += hostfs/ |
28 |
obj-$(CONFIG_HPPFS) += hppfs/ |
obj-$(CONFIG_HPPFS) += hppfs/ |
29 |
obj-$(CONFIG_DEBUG_FS) += debugfs/ |
obj-$(CONFIG_DEBUG_FS) += debugfs/ |
31 |
+ |
+ |
32 |
+include $(srctree)/fs/Makefile-2.6.ccs |
+include $(srctree)/fs/Makefile-2.6.ccs |
33 |
diff -ubBpEr linux-2.6.18/fs/attr.c linux-2.6.18-ccs/fs/attr.c |
diff -ubBpEr linux-2.6.18/fs/attr.c linux-2.6.18-ccs/fs/attr.c |
34 |
--- linux-2.6.18/fs/attr.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/fs/attr.c 2007-03-03 11:38:54.000000000 +0900 |
35 |
+++ linux-2.6.18-ccs/fs/attr.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/fs/attr.c 2007-03-03 11:38:54.000000000 +0900 |
36 |
@@ -15,6 +15,9 @@ |
@@ -15,6 +15,9 @@ |
37 |
#include <linux/fcntl.h> |
#include <linux/fcntl.h> |
38 |
#include <linux/quotaops.h> |
#include <linux/quotaops.h> |
65 |
if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) || |
if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) || |
66 |
(ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid)) |
(ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid)) |
67 |
diff -ubBpEr linux-2.6.18/fs/compat.c linux-2.6.18-ccs/fs/compat.c |
diff -ubBpEr linux-2.6.18/fs/compat.c linux-2.6.18-ccs/fs/compat.c |
68 |
--- linux-2.6.18/fs/compat.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/fs/compat.c 2007-03-03 11:38:54.000000000 +0900 |
69 |
+++ linux-2.6.18-ccs/fs/compat.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/fs/compat.c 2007-03-03 11:38:54.000000000 +0900 |
70 |
@@ -52,6 +52,9 @@ |
@@ -52,6 +52,9 @@ |
71 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
72 |
#include <asm/mmu_context.h> |
#include <asm/mmu_context.h> |
87 |
if (filp->f_op && filp->f_op->compat_ioctl) { |
if (filp->f_op && filp->f_op->compat_ioctl) { |
88 |
error = filp->f_op->compat_ioctl(filp, cmd, arg); |
error = filp->f_op->compat_ioctl(filp, cmd, arg); |
89 |
if (error != -ENOIOCTLCMD) |
if (error != -ENOIOCTLCMD) |
90 |
|
@@ -1567,7 +1573,7 @@ int compat_do_execve(char * filename, |
91 |
|
if (retval < 0) |
92 |
|
goto out; |
93 |
|
|
94 |
|
- retval = search_binary_handler(bprm, regs); |
95 |
|
+ retval = search_binary_handler_with_transition(bprm, regs); |
96 |
|
if (retval >= 0) { |
97 |
|
free_arg_pages(bprm); |
98 |
|
|
99 |
diff -ubBpEr linux-2.6.18/fs/exec.c linux-2.6.18-ccs/fs/exec.c |
diff -ubBpEr linux-2.6.18/fs/exec.c linux-2.6.18-ccs/fs/exec.c |
100 |
--- linux-2.6.18/fs/exec.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/fs/exec.c 2007-03-03 11:38:54.000000000 +0900 |
101 |
+++ linux-2.6.18-ccs/fs/exec.c 2006-10-16 15:20:38.000000000 +0900 |
+++ linux-2.6.18-ccs/fs/exec.c 2007-03-06 10:04:25.000000000 +0900 |
102 |
@@ -57,6 +57,13 @@ |
@@ -57,6 +57,10 @@ |
103 |
#include <linux/kmod.h> |
#include <linux/kmod.h> |
104 |
#endif |
#endif |
105 |
|
|
|
+/***** SAKURA Linux start. *****/ |
|
|
+#include <linux/sakura.h> |
|
|
+/***** SAKURA Linux end. *****/ |
|
106 |
+/***** TOMOYO Linux start. *****/ |
+/***** TOMOYO Linux start. *****/ |
107 |
+#include <linux/tomoyo.h> |
+#include <linux/tomoyo.h> |
108 |
+/***** TOMOYO Linux end. *****/ |
+/***** TOMOYO Linux end. *****/ |
110 |
int core_uses_pid; |
int core_uses_pid; |
111 |
char core_pattern[65] = "core"; |
char core_pattern[65] = "core"; |
112 |
int suid_dumpable = 0; |
int suid_dumpable = 0; |
113 |
@@ -139,6 +146,11 @@ asmlinkage long sys_uselib(const char __ |
@@ -139,6 +143,11 @@ asmlinkage long sys_uselib(const char __ |
114 |
if (error) |
if (error) |
115 |
goto exit; |
goto exit; |
116 |
|
|
122 |
file = nameidata_to_filp(&nd, O_RDONLY); |
file = nameidata_to_filp(&nd, O_RDONLY); |
123 |
error = PTR_ERR(file); |
error = PTR_ERR(file); |
124 |
if (IS_ERR(file)) |
if (IS_ERR(file)) |
125 |
@@ -1132,6 +1144,25 @@ int do_execve(char * filename, |
@@ -486,6 +495,9 @@ struct file *open_exec(const char *name) |
126 |
struct file *file; |
if (!(nd.mnt->mnt_flags & MNT_NOEXEC) && |
127 |
int retval; |
S_ISREG(inode->i_mode)) { |
128 |
int i; |
int err = vfs_permission(&nd, MAY_EXEC); |
129 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
130 |
+#ifdef CONFIG_TOMOYO |
+ if (!err && (current->tomoyo_flags & TOMOYO_CHECK_READ_FOR_OPEN_EXEC)) err = CheckOpenPermission(nd.dentry, nd.mnt, 01); /* 01 means "read". */ |
131 |
+ struct domain_info *next_domain = NULL; |
+ /***** TOMOYO Linux end. *****/ |
132 |
+#endif |
file = ERR_PTR(err); |
133 |
+ /***** TOMOYO Linux end. *****/ |
if (!err) { |
134 |
+ |
file = nameidata_to_filp(&nd, O_RDONLY); |
135 |
+ /***** CCS Start. *****/ |
@@ -1188,7 +1200,8 @@ int do_execve(char * filename, |
136 |
+#if defined(CONFIG_SAKURA) || defined(CONFIG_TOMOYO) |
if (retval < 0) |
|
+ extern void CCS_LoadPolicy(const char *filename); |
|
|
+ CCS_LoadPolicy(filename); |
|
|
+#endif |
|
|
+ /***** CCS end. *****/ |
|
|
+ |
|
|
+ /***** SAKURA Linux start. *****/ |
|
|
+#ifdef CONFIG_SAKURA_DROP_CAPABILITY_API |
|
|
+ if (strcmp(filename, "\\\\disable") == 0) return DropTaskCapability(argv); |
|
|
+ if (CheckTaskCapability(SAKURA_DISABLE_EXECVE) < 0) return -EPERM; |
|
|
+#endif |
|
|
+ /***** SAKURA Linux end. *****/ |
|
|
|
|
|
retval = -ENOMEM; |
|
|
bprm = kzalloc(sizeof(*bprm), GFP_KERNEL); |
|
|
@@ -1143,6 +1174,15 @@ int do_execve(char * filename, |
|
|
if (IS_ERR(file)) |
|
|
goto out_kfree; |
|
|
|
|
|
+ /***** TOMOYO Linux start. *****/ |
|
|
+#ifdef CONFIG_TOMOYO |
|
|
+ retval = FindNextDomain(filename, file, &next_domain, argv); |
|
|
+ if (retval < 0) { |
|
|
+ allow_write_access(file); fput(file); goto out_kfree; |
|
|
+ } |
|
|
+#endif |
|
|
+ /***** TOMOYO Linux end. *****/ |
|
|
+ |
|
|
sched_exec(); |
|
|
|
|
|
bprm->p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *); |
|
|
@@ -1189,6 +1229,19 @@ int do_execve(char * filename, |
|
137 |
goto out; |
goto out; |
138 |
|
|
139 |
retval = search_binary_handler(bprm,regs); |
- retval = search_binary_handler(bprm,regs); |
140 |
+ |
+ retval = search_binary_handler_with_transition(bprm,regs); |
|
+ /***** TOMOYO Linux start. *****/ |
|
|
+#ifdef CONFIG_TOMOYO |
|
|
+ if (retval >= 0) current->domain_info = next_domain; |
|
|
+#endif |
|
|
+ /***** TOMOYO Linux end. *****/ |
|
|
+ |
|
|
+ /***** SAKURA Linux start. *****/ |
|
|
+#ifdef CONFIG_SAKURA_DROP_CAPABILITY_API |
|
|
+ if (retval >= 0) RestoreTaskCapability(); |
|
|
+#endif |
|
|
+ /***** SAKURA Linux end. *****/ |
|
141 |
+ |
+ |
142 |
if (retval >= 0) { |
if (retval >= 0) { |
143 |
free_arg_pages(bprm); |
free_arg_pages(bprm); |
144 |
|
|
145 |
diff -ubBpEr linux-2.6.18/fs/fcntl.c linux-2.6.18-ccs/fs/fcntl.c |
diff -ubBpEr linux-2.6.18/fs/fcntl.c linux-2.6.18-ccs/fs/fcntl.c |
146 |
--- linux-2.6.18/fs/fcntl.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/fs/fcntl.c 2007-03-03 11:38:54.000000000 +0900 |
147 |
+++ linux-2.6.18-ccs/fs/fcntl.c 2006-10-06 16:06:34.000000000 +0900 |
+++ linux-2.6.18-ccs/fs/fcntl.c 2007-03-03 11:38:54.000000000 +0900 |
148 |
@@ -22,6 +22,9 @@ |
@@ -22,6 +22,9 @@ |
149 |
#include <asm/poll.h> |
#include <asm/poll.h> |
150 |
#include <asm/siginfo.h> |
#include <asm/siginfo.h> |
167 |
if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME)) |
if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME)) |
168 |
if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) |
if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) |
169 |
diff -ubBpEr linux-2.6.18/fs/ioctl.c linux-2.6.18-ccs/fs/ioctl.c |
diff -ubBpEr linux-2.6.18/fs/ioctl.c linux-2.6.18-ccs/fs/ioctl.c |
170 |
--- linux-2.6.18/fs/ioctl.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/fs/ioctl.c 2007-03-03 11:38:54.000000000 +0900 |
171 |
+++ linux-2.6.18-ccs/fs/ioctl.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/fs/ioctl.c 2007-03-03 11:38:54.000000000 +0900 |
172 |
@@ -15,6 +15,9 @@ |
@@ -15,6 +15,9 @@ |
173 |
|
|
174 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
190 |
if (filp->f_op->unlocked_ioctl) { |
if (filp->f_op->unlocked_ioctl) { |
191 |
error = filp->f_op->unlocked_ioctl(filp, cmd, arg); |
error = filp->f_op->unlocked_ioctl(filp, cmd, arg); |
192 |
diff -ubBpEr linux-2.6.18/fs/namei.c linux-2.6.18-ccs/fs/namei.c |
diff -ubBpEr linux-2.6.18/fs/namei.c linux-2.6.18-ccs/fs/namei.c |
193 |
--- linux-2.6.18/fs/namei.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/fs/namei.c 2007-03-03 11:38:54.000000000 +0900 |
194 |
+++ linux-2.6.18-ccs/fs/namei.c 2006-10-06 15:53:00.000000000 +0900 |
+++ linux-2.6.18-ccs/fs/namei.c 2007-03-03 11:41:29.000000000 +0900 |
195 |
@@ -37,6 +37,13 @@ |
@@ -37,6 +37,10 @@ |
196 |
|
|
197 |
#define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE]) |
#define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE]) |
198 |
|
|
|
+/***** SAKURA Linux start. *****/ |
|
|
+#include <linux/sakura.h> |
|
|
+/***** SAKURA Linux end. *****/ |
|
199 |
+/***** TOMOYO Linux start. *****/ |
+/***** TOMOYO Linux start. *****/ |
200 |
+#include <linux/tomoyo.h> |
+#include <linux/tomoyo.h> |
201 |
+/***** TOMOYO Linux end. *****/ |
+/***** TOMOYO Linux end. *****/ |
203 |
/* [Feb-1997 T. Schoebel-Theuer] |
/* [Feb-1997 T. Schoebel-Theuer] |
204 |
* Fundamental changes in the pathname lookup mechanisms (namei) |
* Fundamental changes in the pathname lookup mechanisms (namei) |
205 |
* were necessary because of omirr. The reason is that omirr needs |
* were necessary because of omirr. The reason is that omirr needs |
206 |
@@ -793,6 +800,13 @@ static fastcall int __link_path_walk(con |
@@ -1481,6 +1485,9 @@ int vfs_create(struct inode *dir, struct |
|
int err; |
|
|
unsigned int lookup_flags = nd->flags; |
|
|
|
|
|
+ /***** SAKURA Linux start. *****/ |
|
|
+ if (CheckEUID() < 0) { |
|
|
+ path_release(nd); |
|
|
+ return -EPERM; |
|
|
+ } |
|
|
+ /***** SAKURA Linux end. *****/ |
|
|
+ |
|
|
while (*name=='/') |
|
|
name++; |
|
|
if (!*name) |
|
|
@@ -1481,6 +1495,9 @@ int vfs_create(struct inode *dir, struct |
|
207 |
error = security_inode_create(dir, dentry, mode); |
error = security_inode_create(dir, dentry, mode); |
208 |
if (error) |
if (error) |
209 |
return error; |
return error; |
213 |
DQUOT_INIT(dir); |
DQUOT_INIT(dir); |
214 |
error = dir->i_op->create(dir, dentry, mode, nd); |
error = dir->i_op->create(dir, dentry, mode, nd); |
215 |
if (!error) |
if (!error) |
216 |
@@ -1520,7 +1537,7 @@ int may_open(struct nameidata *nd, int a |
@@ -1536,6 +1543,11 @@ int may_open(struct nameidata *nd, int a |
|
|
|
|
flag &= ~O_TRUNC; |
|
|
} else if (IS_RDONLY(inode) && (flag & FMODE_WRITE)) |
|
|
- return -EROFS; |
|
|
+ { ROFS_Log_from_dentry(nd->dentry, nd->mnt, "may_open"); return -EROFS; } /***** ReadOnly Tracer *****/ |
|
|
/* |
|
|
* An append-only file must be opened in append mode for writing. |
|
|
*/ |
|
|
@@ -1536,6 +1553,11 @@ int may_open(struct nameidata *nd, int a |
|
217 |
if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) |
if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) |
218 |
return -EPERM; |
return -EPERM; |
219 |
|
|
225 |
/* |
/* |
226 |
* Ensure there are no outstanding leases on the file. |
* Ensure there are no outstanding leases on the file. |
227 |
*/ |
*/ |
228 |
@@ -1567,6 +1589,9 @@ int may_open(struct nameidata *nd, int a |
@@ -1567,6 +1579,9 @@ int may_open(struct nameidata *nd, int a |
229 |
return 0; |
return 0; |
230 |
} |
} |
231 |
|
|
235 |
/* |
/* |
236 |
* open_namei() |
* open_namei() |
237 |
* |
* |
238 |
@@ -1697,6 +1722,7 @@ ok: |
@@ -1835,6 +1850,12 @@ asmlinkage long sys_mknodat(int dfd, con |
|
exit_dput: |
|
|
dput_path(&path, nd); |
|
|
exit: |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd->dentry, nd->mnt, "open_namei"); /***** ReadOnly Tracer *****/ |
|
|
if (!IS_ERR(nd->intent.open.file)) |
|
|
release_open_intent(nd); |
|
|
path_release(nd); |
|
|
@@ -1835,6 +1861,12 @@ asmlinkage long sys_mknodat(int dfd, con |
|
239 |
|
|
240 |
if (S_ISDIR(mode)) |
if (S_ISDIR(mode)) |
241 |
return -EPERM; |
return -EPERM; |
248 |
tmp = getname(filename); |
tmp = getname(filename); |
249 |
if (IS_ERR(tmp)) |
if (IS_ERR(tmp)) |
250 |
return PTR_ERR(tmp); |
return PTR_ERR(tmp); |
251 |
@@ -1853,10 +1885,16 @@ asmlinkage long sys_mknodat(int dfd, con |
@@ -1853,10 +1874,16 @@ asmlinkage long sys_mknodat(int dfd, con |
252 |
error = vfs_create(nd.dentry->d_inode,dentry,mode,&nd); |
error = vfs_create(nd.dentry->d_inode,dentry,mode,&nd); |
253 |
break; |
break; |
254 |
case S_IFCHR: case S_IFBLK: |
case S_IFCHR: case S_IFBLK: |
265 |
error = vfs_mknod(nd.dentry->d_inode,dentry,mode,0); |
error = vfs_mknod(nd.dentry->d_inode,dentry,mode,0); |
266 |
break; |
break; |
267 |
case S_IFDIR: |
case S_IFDIR: |
268 |
@@ -1865,6 +1903,7 @@ asmlinkage long sys_mknodat(int dfd, con |
@@ -1921,6 +1948,9 @@ asmlinkage long sys_mkdirat(int dfd, con |
|
default: |
|
|
error = -EINVAL; |
|
|
} |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "sys_mknod"); /***** ReadOnly Tracer *****/ |
|
|
dput(dentry); |
|
|
} |
|
|
mutex_unlock(&nd.dentry->d_inode->i_mutex); |
|
|
@@ -1921,7 +1960,11 @@ asmlinkage long sys_mkdirat(int dfd, con |
|
269 |
if (!IS_ERR(dentry)) { |
if (!IS_ERR(dentry)) { |
270 |
if (!IS_POSIXACL(nd.dentry->d_inode)) |
if (!IS_POSIXACL(nd.dentry->d_inode)) |
271 |
mode &= ~current->fs->umask; |
mode &= ~current->fs->umask; |
273 |
+ if ((error = pre_vfs_mkdir(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_MKDIR_ACL, dentry, nd.mnt)) == 0) |
+ if ((error = pre_vfs_mkdir(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_MKDIR_ACL, dentry, nd.mnt)) == 0) |
274 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
275 |
error = vfs_mkdir(nd.dentry->d_inode, dentry, mode); |
error = vfs_mkdir(nd.dentry->d_inode, dentry, mode); |
|
+ if (error == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "sys_mkdir"); /***** ReadOnly Tracer *****/ |
|
276 |
dput(dentry); |
dput(dentry); |
277 |
} |
} |
278 |
mutex_unlock(&nd.dentry->d_inode->i_mutex); |
@@ -2029,6 +2059,9 @@ static long do_rmdir(int dfd, const char |
|
@@ -2029,7 +2072,11 @@ static long do_rmdir(int dfd, const char |
|
279 |
dentry = lookup_hash(&nd); |
dentry = lookup_hash(&nd); |
280 |
error = PTR_ERR(dentry); |
error = PTR_ERR(dentry); |
281 |
if (!IS_ERR(dentry)) { |
if (!IS_ERR(dentry)) { |
283 |
+ if ((error = pre_vfs_rmdir(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_RMDIR_ACL, dentry, nd.mnt)) == 0) |
+ if ((error = pre_vfs_rmdir(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_RMDIR_ACL, dentry, nd.mnt)) == 0) |
284 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
285 |
error = vfs_rmdir(nd.dentry->d_inode, dentry); |
error = vfs_rmdir(nd.dentry->d_inode, dentry); |
|
+ if (error == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "sys_rmdir"); /***** ReadOnly Tracer *****/ |
|
286 |
dput(dentry); |
dput(dentry); |
287 |
} |
} |
288 |
mutex_unlock(&nd.dentry->d_inode->i_mutex); |
@@ -2088,6 +2121,9 @@ static long do_unlinkat(int dfd, const c |
|
@@ -2088,6 +2135,9 @@ static long do_unlinkat(int dfd, const c |
|
289 |
struct dentry *dentry; |
struct dentry *dentry; |
290 |
struct nameidata nd; |
struct nameidata nd; |
291 |
struct inode *inode = NULL; |
struct inode *inode = NULL; |
295 |
|
|
296 |
name = getname(pathname); |
name = getname(pathname); |
297 |
if(IS_ERR(name)) |
if(IS_ERR(name)) |
298 |
@@ -2109,7 +2159,11 @@ static long do_unlinkat(int dfd, const c |
@@ -2109,6 +2145,9 @@ static long do_unlinkat(int dfd, const c |
299 |
inode = dentry->d_inode; |
inode = dentry->d_inode; |
300 |
if (inode) |
if (inode) |
301 |
atomic_inc(&inode->i_count); |
atomic_inc(&inode->i_count); |
303 |
+ if ((error = pre_vfs_unlink(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_UNLINK_ACL, dentry, nd.mnt)) == 0) |
+ if ((error = pre_vfs_unlink(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_UNLINK_ACL, dentry, nd.mnt)) == 0) |
304 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
305 |
error = vfs_unlink(nd.dentry->d_inode, dentry); |
error = vfs_unlink(nd.dentry->d_inode, dentry); |
|
+ if (error == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "sys_unlink"); /***** ReadOnly Tracer *****/ |
|
306 |
exit2: |
exit2: |
307 |
dput(dentry); |
dput(dentry); |
308 |
} |
@@ -2171,6 +2210,9 @@ asmlinkage long sys_symlinkat(const char |
|
@@ -2171,6 +2225,9 @@ asmlinkage long sys_symlinkat(const char |
|
309 |
int error = 0; |
int error = 0; |
310 |
char * from; |
char * from; |
311 |
char * to; |
char * to; |
315 |
|
|
316 |
from = getname(oldname); |
from = getname(oldname); |
317 |
if(IS_ERR(from)) |
if(IS_ERR(from)) |
318 |
@@ -2187,7 +2244,11 @@ asmlinkage long sys_symlinkat(const char |
@@ -2187,6 +2229,9 @@ asmlinkage long sys_symlinkat(const char |
319 |
dentry = lookup_create(&nd, 0); |
dentry = lookup_create(&nd, 0); |
320 |
error = PTR_ERR(dentry); |
error = PTR_ERR(dentry); |
321 |
if (!IS_ERR(dentry)) { |
if (!IS_ERR(dentry)) { |
323 |
+ if ((error = pre_vfs_symlink(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_SYMLINK_ACL, dentry, nd.mnt)) == 0) |
+ if ((error = pre_vfs_symlink(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_SYMLINK_ACL, dentry, nd.mnt)) == 0) |
324 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
325 |
error = vfs_symlink(nd.dentry->d_inode, dentry, from, S_IALLUGO); |
error = vfs_symlink(nd.dentry->d_inode, dentry, from, S_IALLUGO); |
|
+ if (error == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "vfs_symlink"); /***** ReadOnly Tracer *****/ |
|
326 |
dput(dentry); |
dput(dentry); |
327 |
} |
} |
328 |
mutex_unlock(&nd.dentry->d_inode->i_mutex); |
@@ -2259,6 +2304,9 @@ asmlinkage long sys_linkat(int olddfd, c |
|
@@ -2259,6 +2320,9 @@ asmlinkage long sys_linkat(int olddfd, c |
|
329 |
struct nameidata nd, old_nd; |
struct nameidata nd, old_nd; |
330 |
int error; |
int error; |
331 |
char * to; |
char * to; |
335 |
|
|
336 |
if ((flags & ~AT_SYMLINK_FOLLOW) != 0) |
if ((flags & ~AT_SYMLINK_FOLLOW) != 0) |
337 |
return -EINVAL; |
return -EINVAL; |
338 |
@@ -2281,7 +2345,11 @@ asmlinkage long sys_linkat(int olddfd, c |
@@ -2281,6 +2329,9 @@ asmlinkage long sys_linkat(int olddfd, c |
339 |
new_dentry = lookup_create(&nd, 0); |
new_dentry = lookup_create(&nd, 0); |
340 |
error = PTR_ERR(new_dentry); |
error = PTR_ERR(new_dentry); |
341 |
if (!IS_ERR(new_dentry)) { |
if (!IS_ERR(new_dentry)) { |
343 |
+ if ((error = pre_vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry)) == 0 && (error = CheckDoubleWritePermission(TYPE_LINK_ACL, old_nd.dentry, old_nd.mnt, new_dentry, nd.mnt)) == 0) |
+ if ((error = pre_vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry)) == 0 && (error = CheckDoubleWritePermission(TYPE_LINK_ACL, old_nd.dentry, old_nd.mnt, new_dentry, nd.mnt)) == 0) |
344 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
345 |
error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry); |
error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry); |
|
+ if (error == -EROFS) ROFS_Log_from_dentry(new_dentry, nd.mnt, "vfs_link"); /***** ReadOnly Tracer *****/ |
|
346 |
dput(new_dentry); |
dput(new_dentry); |
347 |
} |
} |
348 |
mutex_unlock(&nd.dentry->d_inode->i_mutex); |
@@ -2507,6 +2558,13 @@ static int do_rename(int olddfd, const c |
|
@@ -2507,6 +2575,13 @@ static int do_rename(int olddfd, const c |
|
349 |
if (new_dentry == trap) |
if (new_dentry == trap) |
350 |
goto exit5; |
goto exit5; |
351 |
|
|
359 |
error = vfs_rename(old_dir->d_inode, old_dentry, |
error = vfs_rename(old_dir->d_inode, old_dentry, |
360 |
new_dir->d_inode, new_dentry); |
new_dir->d_inode, new_dentry); |
361 |
exit5: |
exit5: |
362 |
@@ -2520,6 +2595,7 @@ exit2: |
@@ -2529,6 +2587,9 @@ asmlinkage long sys_renameat(int olddfd, |
|
exit1: |
|
|
path_release(&oldnd); |
|
|
exit: |
|
|
+ if (error == -EROFS) ROFS_Log(oldname, "do_rename"); /***** ReadOnly Tracer *****/ |
|
|
return error; |
|
|
} |
|
|
|
|
|
@@ -2529,6 +2605,9 @@ asmlinkage long sys_renameat(int olddfd, |
|
363 |
int error; |
int error; |
364 |
char * from; |
char * from; |
365 |
char * to; |
char * to; |
370 |
from = getname(oldname); |
from = getname(oldname); |
371 |
if(IS_ERR(from)) |
if(IS_ERR(from)) |
372 |
diff -ubBpEr linux-2.6.18/fs/namespace.c linux-2.6.18-ccs/fs/namespace.c |
diff -ubBpEr linux-2.6.18/fs/namespace.c linux-2.6.18-ccs/fs/namespace.c |
373 |
--- linux-2.6.18/fs/namespace.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/fs/namespace.c 2007-03-03 11:38:54.000000000 +0900 |
374 |
+++ linux-2.6.18-ccs/fs/namespace.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/fs/namespace.c 2007-03-06 10:02:13.000000000 +0900 |
375 |
@@ -25,6 +25,12 @@ |
@@ -25,6 +25,12 @@ |
376 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
377 |
#include <asm/unistd.h> |
#include <asm/unistd.h> |
412 |
goto out; |
goto out; |
413 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
414 |
+ err = -EPERM; |
+ err = -EPERM; |
415 |
+ if (SAKURA_MayMount(nd) < 0 || CheckTaskCapability(SAKURA_DISABLE_MOUNT) < 0) goto out; |
+ if (SAKURA_MayMount(nd) < 0) goto out; |
416 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
417 |
|
|
418 |
err = -ENOMEM; |
err = -ENOMEM; |
424 |
- |
- |
425 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
426 |
+ err = -EPERM; |
+ err = -EPERM; |
427 |
+ if (SAKURA_MayUmount(old_nd.mnt) < 0 || SAKURA_MayMount(nd) < 0 || CheckTaskCapability(SAKURA_DISABLE_MOUNT) < 0) goto out; |
+ if (SAKURA_MayUmount(old_nd.mnt) < 0 || SAKURA_MayMount(nd) < 0) goto out; |
428 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
429 |
err = -ENOENT; |
err = -ENOENT; |
430 |
mutex_lock(&nd->dentry->d_inode->i_mutex); |
mutex_lock(&nd->dentry->d_inode->i_mutex); |
435 |
goto unlock; |
goto unlock; |
436 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
437 |
+ err = -EPERM; |
+ err = -EPERM; |
438 |
+ if (SAKURA_MayMount(nd) < 0 || CheckTaskCapability(SAKURA_DISABLE_MOUNT) < 0) goto unlock; |
+ if (SAKURA_MayMount(nd) < 0) goto unlock; |
439 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
440 |
|
|
441 |
newmnt->mnt_flags = mnt_flags; |
newmnt->mnt_flags = mnt_flags; |
442 |
if ((err = graft_tree(newmnt, nd))) |
if ((err = graft_tree(newmnt, nd))) |
443 |
@@ -1555,6 +1579,9 @@ asmlinkage long sys_mount(char __user * |
@@ -1402,6 +1426,13 @@ long do_mount(char *dev_name, char *dir_ |
444 |
unsigned long type_page; |
if (data_page) |
445 |
unsigned long dev_page; |
((char *)data_page)[PAGE_SIZE - 1] = 0; |
446 |
char *dir_page; |
|
447 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
448 |
+ if (CheckCapabilityACL(TOMOYO_SYS_MOUNT)) return -EPERM; |
+ if (CheckCapabilityACL(TOMOYO_SYS_MOUNT)) return -EPERM; |
449 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
|
|
|
|
retval = copy_mount_options(type, &type_page); |
|
|
if (retval < 0) |
|
|
@@ -1573,6 +1600,15 @@ asmlinkage long sys_mount(char __user * |
|
|
if (retval < 0) |
|
|
goto out3; |
|
|
|
|
450 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
451 |
+ retval = -EPERM; |
+ if (CheckMountPermission(dev_name, dir_name, type_page, &flags)) return -EPERM; |
|
+ if (CheckMountPermission((char *) dev_page, dir_page, (char *) type_page, &flags) < 0 || |
|
|
+ CheckTaskCapability(SAKURA_DISABLE_MOUNT) < 0) { |
|
|
+ free_page(data_page); |
|
|
+ goto out3; |
|
|
+ } |
|
452 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
453 |
+ |
+ |
454 |
lock_kernel(); |
/* Separate the per-mountpoint flags */ |
455 |
retval = do_mount((char *)dev_page, dir_page, (char *)type_page, |
if (flags & MS_NOSUID) |
456 |
flags, (void *)data_page); |
mnt_flags |= MNT_NOSUID; |
457 |
@@ -1692,6 +1728,10 @@ asmlinkage long sys_pivot_root(const cha |
@@ -1692,6 +1723,10 @@ asmlinkage long sys_pivot_root(const cha |
458 |
if (!capable(CAP_SYS_ADMIN)) |
if (!capable(CAP_SYS_ADMIN)) |
459 |
return -EPERM; |
return -EPERM; |
460 |
|
|
461 |
+ /***** SAKURA Linux start. *****/ |
+ /***** SAKURA Linux start. *****/ |
462 |
+ if (CheckPivotRootPermission() < 0 || CheckTaskCapability(SAKURA_DISABLE_PIVOTROOT) < 0) return -EPERM; |
+ if (CheckPivotRootPermission() < 0) return -EPERM; |
463 |
+ /***** SAKURA Linux end. *****/ |
+ /***** SAKURA Linux end. *****/ |
464 |
+ |
+ |
465 |
lock_kernel(); |
lock_kernel(); |
466 |
|
|
467 |
error = __user_walk(new_root, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, |
error = __user_walk(new_root, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, |
468 |
diff -ubBpEr linux-2.6.18/fs/open.c linux-2.6.18-ccs/fs/open.c |
diff -ubBpEr linux-2.6.18/fs/open.c linux-2.6.18-ccs/fs/open.c |
469 |
--- linux-2.6.18/fs/open.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/fs/open.c 2007-03-03 11:38:54.000000000 +0900 |
470 |
+++ linux-2.6.18-ccs/fs/open.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/fs/open.c 2007-03-05 13:50:59.000000000 +0900 |
471 |
@@ -30,6 +30,12 @@ |
@@ -30,6 +30,12 @@ |
472 |
#include <linux/audit.h> |
#include <linux/audit.h> |
473 |
|
|
491 |
error = locks_verify_truncate(inode, NULL, length); |
error = locks_verify_truncate(inode, NULL, length); |
492 |
if (!error) { |
if (!error) { |
493 |
DQUOT_INIT(inode); |
DQUOT_INIT(inode); |
494 |
@@ -275,6 +284,7 @@ static long do_sys_truncate(const char _ |
@@ -320,6 +329,9 @@ static long do_sys_ftruncate(unsigned in |
|
put_write_access(inode); |
|
|
|
|
|
dput_and_out: |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "do_sys_truncate"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
out: |
|
|
return error; |
|
|
@@ -320,10 +330,14 @@ static long do_sys_ftruncate(unsigned in |
|
495 |
if (IS_APPEND(inode)) |
if (IS_APPEND(inode)) |
496 |
goto out_putf; |
goto out_putf; |
497 |
|
|
501 |
error = locks_verify_truncate(inode, file, length); |
error = locks_verify_truncate(inode, file, length); |
502 |
if (!error) |
if (!error) |
503 |
error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, file); |
error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, file); |
504 |
out_putf: |
@@ -596,6 +608,9 @@ asmlinkage long sys_chroot(const char __ |
|
+ if (error == -EROFS) ROFS_Log_from_dentry(file->f_dentry, file->f_vfsmnt, "do_sys_ftruncate"); /***** ReadOnly Tracer *****/ |
|
|
fput(file); |
|
|
out: |
|
|
return error; |
|
|
@@ -411,6 +425,7 @@ asmlinkage long sys_utime(char __user * |
|
|
error = notify_change(nd.dentry, &newattrs); |
|
|
mutex_unlock(&inode->i_mutex); |
|
|
dput_and_out: |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_utime"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
out: |
|
|
return error; |
|
|
@@ -464,6 +479,7 @@ long do_utimes(int dfd, char __user *fil |
|
|
error = notify_change(nd.dentry, &newattrs); |
|
|
mutex_unlock(&inode->i_mutex); |
|
|
dput_and_out: |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_utimes"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
out: |
|
|
return error; |
|
|
@@ -526,6 +542,9 @@ asmlinkage long sys_faccessat(int dfd, c |
|
|
if(!res && (mode & S_IWOTH) && IS_RDONLY(nd.dentry->d_inode) |
|
|
&& !special_file(nd.dentry->d_inode->i_mode)) |
|
|
res = -EROFS; |
|
|
+#if 0 |
|
|
+ if (res == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_access"); /***** ReadOnly Tracer *****/ |
|
|
+#endif |
|
|
path_release(&nd); |
|
|
} |
|
|
|
|
|
@@ -596,6 +615,9 @@ asmlinkage long sys_chroot(const char __ |
|
505 |
{ |
{ |
506 |
struct nameidata nd; |
struct nameidata nd; |
507 |
int error; |
int error; |
511 |
|
|
512 |
error = __user_walk(filename, LOOKUP_FOLLOW | LOOKUP_DIRECTORY | LOOKUP_NOALT, &nd); |
error = __user_walk(filename, LOOKUP_FOLLOW | LOOKUP_DIRECTORY | LOOKUP_NOALT, &nd); |
513 |
if (error) |
if (error) |
514 |
@@ -609,6 +631,19 @@ asmlinkage long sys_chroot(const char __ |
@@ -609,6 +624,19 @@ asmlinkage long sys_chroot(const char __ |
515 |
if (!capable(CAP_SYS_CHROOT)) |
if (!capable(CAP_SYS_CHROOT)) |
516 |
goto dput_and_out; |
goto dput_and_out; |
517 |
|
|
519 |
+ { |
+ { |
520 |
+ char *name = getname(filename); |
+ char *name = getname(filename); |
521 |
+ if (!IS_ERR(name)) { |
+ if (!IS_ERR(name)) { |
522 |
+ error = CheckChRootPermission(name) | CheckTaskCapability(SAKURA_DISABLE_CHROOT); |
+ error = CheckChRootPermission(name); |
523 |
+ putname(name); |
+ putname(name); |
524 |
+ } else { |
+ } else { |
525 |
+ error = PTR_ERR(name); |
+ error = PTR_ERR(name); |
531 |
set_fs_root(current->fs, nd.mnt, nd.dentry); |
set_fs_root(current->fs, nd.mnt, nd.dentry); |
532 |
set_fs_altroot(); |
set_fs_altroot(); |
533 |
error = 0; |
error = 0; |
534 |
@@ -650,6 +685,7 @@ asmlinkage long sys_fchmod(unsigned int |
@@ -1199,6 +1227,9 @@ EXPORT_SYMBOL(sys_close); |
|
mutex_unlock(&inode->i_mutex); |
|
|
|
|
|
out_putf: |
|
|
+ if (err == -EROFS) ROFS_Log_from_dentry(file->f_dentry, file->f_vfsmnt, "sys_fchmod"); /***** ReadOnly Tracer *****/ |
|
|
fput(file); |
|
|
out: |
|
|
return err; |
|
|
@@ -685,6 +721,7 @@ asmlinkage long sys_fchmodat(int dfd, co |
|
|
mutex_unlock(&inode->i_mutex); |
|
|
|
|
|
dput_and_out: |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_chmod"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
out: |
|
|
return error; |
|
|
@@ -738,6 +775,7 @@ asmlinkage long sys_chown(const char __u |
|
|
error = user_path_walk(filename, &nd); |
|
|
if (!error) { |
|
|
error = chown_common(nd.dentry, user, group); |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_chown"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
} |
|
|
return error; |
|
|
@@ -757,6 +795,7 @@ asmlinkage long sys_fchownat(int dfd, co |
|
|
error = __user_walk_fd(dfd, filename, follow, &nd); |
|
|
if (!error) { |
|
|
error = chown_common(nd.dentry, user, group); |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_fchownat"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
} |
|
|
out: |
|
|
@@ -771,6 +810,7 @@ asmlinkage long sys_lchown(const char __ |
|
|
error = user_path_walk_link(filename, &nd); |
|
|
if (!error) { |
|
|
error = chown_common(nd.dentry, user, group); |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_lchown"); /***** ReadOnly Tracer *****/ |
|
|
path_release(&nd); |
|
|
} |
|
|
return error; |
|
|
@@ -788,6 +828,7 @@ asmlinkage long sys_fchown(unsigned int |
|
|
dentry = file->f_dentry; |
|
|
audit_inode(NULL, dentry->d_inode); |
|
|
error = chown_common(dentry, user, group); |
|
|
+ if (error == -EROFS) ROFS_Log_from_dentry(dentry, file->f_vfsmnt, "sys_fchown"); /***** ReadOnly Tracer *****/ |
|
|
fput(file); |
|
|
} |
|
|
return error; |
|
|
@@ -1199,6 +1240,9 @@ EXPORT_SYMBOL(sys_close); |
|
535 |
*/ |
*/ |
536 |
asmlinkage long sys_vhangup(void) |
asmlinkage long sys_vhangup(void) |
537 |
{ |
{ |
542 |
tty_vhangup(current->signal->tty); |
tty_vhangup(current->signal->tty); |
543 |
return 0; |
return 0; |
544 |
diff -ubBpEr linux-2.6.18/fs/proc/Makefile linux-2.6.18-ccs/fs/proc/Makefile |
diff -ubBpEr linux-2.6.18/fs/proc/Makefile linux-2.6.18-ccs/fs/proc/Makefile |
545 |
--- linux-2.6.18/fs/proc/Makefile 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/fs/proc/Makefile 2007-03-03 10:49:57.000000000 +0900 |
546 |
+++ linux-2.6.18-ccs/fs/proc/Makefile 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/fs/proc/Makefile 2007-03-03 10:55:25.000000000 +0900 |
547 |
@@ -13,3 +13,6 @@ proc-y += inode.o root.o base.o ge |
@@ -13,3 +13,6 @@ proc-y += inode.o root.o base.o ge |
548 |
proc-$(CONFIG_PROC_KCORE) += kcore.o |
proc-$(CONFIG_PROC_KCORE) += kcore.o |
549 |
proc-$(CONFIG_PROC_VMCORE) += vmcore.o |
proc-$(CONFIG_PROC_VMCORE) += vmcore.o |
552 |
+proc-$(CONFIG_SAKURA) += ccs_proc.o |
+proc-$(CONFIG_SAKURA) += ccs_proc.o |
553 |
+proc-$(CONFIG_TOMOYO) += ccs_proc.o |
+proc-$(CONFIG_TOMOYO) += ccs_proc.o |
554 |
diff -ubBpEr linux-2.6.18/fs/proc/proc_misc.c linux-2.6.18-ccs/fs/proc/proc_misc.c |
diff -ubBpEr linux-2.6.18/fs/proc/proc_misc.c linux-2.6.18-ccs/fs/proc/proc_misc.c |
555 |
--- linux-2.6.18/fs/proc/proc_misc.c 2006-10-19 16:15:41.000000000 +0900 |
--- linux-2.6.18/fs/proc/proc_misc.c 2007-03-03 10:49:57.000000000 +0900 |
556 |
+++ linux-2.6.18-ccs/fs/proc/proc_misc.c 2006-10-19 16:15:41.000000000 +0900 |
+++ linux-2.6.18-ccs/fs/proc/proc_misc.c 2007-03-06 10:06:57.000000000 +0900 |
557 |
@@ -723,4 +723,13 @@ void __init proc_misc_init(void) |
@@ -723,4 +723,13 @@ void __init proc_misc_init(void) |
558 |
if (entry) |
if (entry) |
559 |
entry->proc_fops = &proc_sysrq_trigger_operations; |
entry->proc_fops = &proc_sysrq_trigger_operations; |
563 |
+ { |
+ { |
564 |
+ extern void __init CCSProc_Init(void); |
+ extern void __init CCSProc_Init(void); |
565 |
+ CCSProc_Init(); |
+ CCSProc_Init(); |
566 |
+ printk("Hook version: 2.6.18 2006/10/19\n"); |
+ printk("Hook version: 2.6.18 2007/03/06\n"); |
567 |
+ } |
+ } |
568 |
+#endif |
+#endif |
569 |
+ /***** CCS end. *****/ |
+ /***** CCS end. *****/ |
570 |
} |
} |
571 |
diff -ubBpEr linux-2.6.18/include/linux/init_task.h linux-2.6.18-ccs/include/linux/init_task.h |
diff -ubBpEr linux-2.6.18/include/linux/init_task.h linux-2.6.18-ccs/include/linux/init_task.h |
572 |
--- linux-2.6.18/include/linux/init_task.h 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/include/linux/init_task.h 2007-03-03 10:49:57.000000000 +0900 |
573 |
+++ linux-2.6.18-ccs/include/linux/init_task.h 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/include/linux/init_task.h 2007-03-03 11:13:33.000000000 +0900 |
574 |
@@ -128,6 +128,12 @@ extern struct group_info init_groups; |
@@ -128,6 +128,10 @@ extern struct group_info init_groups; |
575 |
.pi_lock = SPIN_LOCK_UNLOCKED, \ |
.pi_lock = SPIN_LOCK_UNLOCKED, \ |
576 |
INIT_TRACE_IRQFLAGS \ |
INIT_TRACE_IRQFLAGS \ |
577 |
INIT_LOCKDEP \ |
INIT_LOCKDEP \ |
578 |
+ /***** TOMOYO Linux start. *****/ \ |
+ /***** TOMOYO Linux start. *****/ \ |
579 |
+ .domain_info = &KERNEL_DOMAIN, \ |
+ .domain_info = &KERNEL_DOMAIN, \ |
580 |
|
+ .tomoyo_flags = 0, \ |
581 |
+ /***** TOMOYO Linux end. *****/ \ |
+ /***** TOMOYO Linux end. *****/ \ |
|
+ /***** SAKURA Linux start. *****/ \ |
|
|
+ .dropped_capability = 0, \ |
|
|
+ /***** SAKURA Linux end. *****/ \ |
|
582 |
} |
} |
583 |
|
|
584 |
|
|
585 |
diff -ubBpEr linux-2.6.18/include/linux/sched.h linux-2.6.18-ccs/include/linux/sched.h |
diff -ubBpEr linux-2.6.18/include/linux/sched.h linux-2.6.18-ccs/include/linux/sched.h |
586 |
--- linux-2.6.18/include/linux/sched.h 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/include/linux/sched.h 2007-03-03 10:49:57.000000000 +0900 |
587 |
+++ linux-2.6.18-ccs/include/linux/sched.h 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/include/linux/sched.h 2007-03-03 11:09:01.000000000 +0900 |
588 |
@@ -25,6 +25,11 @@ |
@@ -25,6 +25,11 @@ |
589 |
#define CLONE_CHILD_SETTID 0x01000000 /* set the TID in the child */ |
#define CLONE_CHILD_SETTID 0x01000000 /* set the TID in the child */ |
590 |
#define CLONE_STOPPED 0x02000000 /* Start in stopped state */ |
#define CLONE_STOPPED 0x02000000 /* Start in stopped state */ |
597 |
/* |
/* |
598 |
* Scheduling policies |
* Scheduling policies |
599 |
*/ |
*/ |
600 |
@@ -996,6 +1001,12 @@ struct task_struct { |
@@ -996,6 +1001,10 @@ struct task_struct { |
601 |
#ifdef CONFIG_TASK_DELAY_ACCT |
#ifdef CONFIG_TASK_DELAY_ACCT |
602 |
struct task_delay_info *delays; |
struct task_delay_info *delays; |
603 |
#endif |
#endif |
604 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
605 |
+ struct domain_info *domain_info; |
+ struct domain_info *domain_info; |
606 |
|
+ unsigned int tomoyo_flags; |
607 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
|
+ /***** SAKURA Linux start. *****/ |
|
|
+ unsigned int dropped_capability; |
|
|
+ /***** SAKURA Linux end. *****/ |
|
608 |
}; |
}; |
609 |
|
|
610 |
static inline pid_t process_group(struct task_struct *tsk) |
static inline pid_t process_group(struct task_struct *tsk) |
611 |
diff -ubBpEr linux-2.6.18/kernel/kexec.c linux-2.6.18-ccs/kernel/kexec.c |
diff -ubBpEr linux-2.6.18/kernel/kexec.c linux-2.6.18-ccs/kernel/kexec.c |
612 |
--- linux-2.6.18/kernel/kexec.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/kernel/kexec.c 2007-03-03 10:49:57.000000000 +0900 |
613 |
+++ linux-2.6.18-ccs/kernel/kexec.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/kernel/kexec.c 2007-03-03 10:55:25.000000000 +0900 |
614 |
@@ -26,6 +26,9 @@ |
@@ -26,6 +26,9 @@ |
615 |
#include <asm/io.h> |
#include <asm/io.h> |
616 |
#include <asm/system.h> |
#include <asm/system.h> |
632 |
/* |
/* |
633 |
* Verify we have a legal set of flags |
* Verify we have a legal set of flags |
634 |
diff -ubBpEr linux-2.6.18/kernel/kmod.c linux-2.6.18-ccs/kernel/kmod.c |
diff -ubBpEr linux-2.6.18/kernel/kmod.c linux-2.6.18-ccs/kernel/kmod.c |
635 |
--- linux-2.6.18/kernel/kmod.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/kernel/kmod.c 2007-03-03 10:49:57.000000000 +0900 |
636 |
+++ linux-2.6.18-ccs/kernel/kmod.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/kernel/kmod.c 2007-03-03 11:16:30.000000000 +0900 |
637 |
@@ -148,6 +148,13 @@ static int ____call_usermodehelper(void |
@@ -148,6 +148,11 @@ static int ____call_usermodehelper(void |
638 |
/* We can run anywhere, unlike our parent keventd(). */ |
/* We can run anywhere, unlike our parent keventd(). */ |
639 |
set_cpus_allowed(current, CPU_MASK_ALL); |
set_cpus_allowed(current, CPU_MASK_ALL); |
640 |
|
|
641 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
642 |
+ current->domain_info = &KERNEL_DOMAIN; |
+ current->domain_info = &KERNEL_DOMAIN; |
643 |
|
+ current->tomoyo_flags = 0; |
644 |
+ /***** TOMOYO Linux start. *****/ |
+ /***** TOMOYO Linux start. *****/ |
|
+ /***** SAKURA Linux start. *****/ |
|
|
+ current->dropped_capability = 0; |
|
|
+ /***** SAKURA Linux end. *****/ |
|
645 |
+ |
+ |
646 |
retval = -EPERM; |
retval = -EPERM; |
647 |
if (current->fs->root) |
if (current->fs->root) |
648 |
retval = execve(sub_info->path, sub_info->argv,sub_info->envp); |
retval = execve(sub_info->path, sub_info->argv,sub_info->envp); |
649 |
diff -ubBpEr linux-2.6.18/kernel/module.c linux-2.6.18-ccs/kernel/module.c |
diff -ubBpEr linux-2.6.18/kernel/module.c linux-2.6.18-ccs/kernel/module.c |
650 |
--- linux-2.6.18/kernel/module.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/kernel/module.c 2007-03-03 10:49:57.000000000 +0900 |
651 |
+++ linux-2.6.18-ccs/kernel/module.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/kernel/module.c 2007-03-03 10:55:25.000000000 +0900 |
652 |
@@ -44,6 +44,9 @@ |
@@ -44,6 +44,9 @@ |
653 |
#include <asm/semaphore.h> |
#include <asm/semaphore.h> |
654 |
#include <asm/cacheflush.h> |
#include <asm/cacheflush.h> |
682 |
if (mutex_lock_interruptible(&module_mutex) != 0) |
if (mutex_lock_interruptible(&module_mutex) != 0) |
683 |
return -EINTR; |
return -EINTR; |
684 |
diff -ubBpEr linux-2.6.18/kernel/sched.c linux-2.6.18-ccs/kernel/sched.c |
diff -ubBpEr linux-2.6.18/kernel/sched.c linux-2.6.18-ccs/kernel/sched.c |
685 |
--- linux-2.6.18/kernel/sched.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/kernel/sched.c 2007-03-03 10:49:57.000000000 +0900 |
686 |
+++ linux-2.6.18-ccs/kernel/sched.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/kernel/sched.c 2007-03-03 10:55:25.000000000 +0900 |
687 |
@@ -55,6 +55,9 @@ |
@@ -55,6 +55,9 @@ |
688 |
#include <asm/tlb.h> |
#include <asm/tlb.h> |
689 |
|
|
705 |
/* |
/* |
706 |
* Setpriority might change our priority at the same moment. |
* Setpriority might change our priority at the same moment. |
707 |
diff -ubBpEr linux-2.6.18/kernel/signal.c linux-2.6.18-ccs/kernel/signal.c |
diff -ubBpEr linux-2.6.18/kernel/signal.c linux-2.6.18-ccs/kernel/signal.c |
708 |
--- linux-2.6.18/kernel/signal.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/kernel/signal.c 2007-03-03 10:49:57.000000000 +0900 |
709 |
+++ linux-2.6.18-ccs/kernel/signal.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/kernel/signal.c 2007-03-03 10:55:25.000000000 +0900 |
710 |
@@ -28,6 +28,9 @@ |
@@ -28,6 +28,9 @@ |
711 |
#include <asm/unistd.h> |
#include <asm/unistd.h> |
712 |
#include <asm/siginfo.h> |
#include <asm/siginfo.h> |
751 |
return do_tkill(0, pid, sig); |
return do_tkill(0, pid, sig); |
752 |
} |
} |
753 |
diff -ubBpEr linux-2.6.18/kernel/sys.c linux-2.6.18-ccs/kernel/sys.c |
diff -ubBpEr linux-2.6.18/kernel/sys.c linux-2.6.18-ccs/kernel/sys.c |
754 |
--- linux-2.6.18/kernel/sys.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/kernel/sys.c 2007-03-03 10:49:57.000000000 +0900 |
755 |
+++ linux-2.6.18-ccs/kernel/sys.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/kernel/sys.c 2007-03-03 10:55:25.000000000 +0900 |
756 |
@@ -36,6 +36,9 @@ |
@@ -36,6 +36,9 @@ |
757 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
758 |
#include <asm/io.h> |
#include <asm/io.h> |
804 |
down_write(&uts_sem); |
down_write(&uts_sem); |
805 |
errno = -EFAULT; |
errno = -EFAULT; |
806 |
diff -ubBpEr linux-2.6.18/kernel/sysctl.c linux-2.6.18-ccs/kernel/sysctl.c |
diff -ubBpEr linux-2.6.18/kernel/sysctl.c linux-2.6.18-ccs/kernel/sysctl.c |
807 |
--- linux-2.6.18/kernel/sysctl.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/kernel/sysctl.c 2007-03-03 10:49:57.000000000 +0900 |
808 |
+++ linux-2.6.18-ccs/kernel/sysctl.c 2006-10-05 08:41:07.000000000 +0900 |
+++ linux-2.6.18-ccs/kernel/sysctl.c 2007-03-03 10:55:25.000000000 +0900 |
809 |
@@ -48,6 +48,9 @@ |
@@ -48,6 +48,9 @@ |
810 |
|
|
811 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
928 |
table, name, nlen, |
table, name, nlen, |
929 |
oldval, oldlenp, |
oldval, oldlenp, |
930 |
diff -ubBpEr linux-2.6.18/kernel/time.c linux-2.6.18-ccs/kernel/time.c |
diff -ubBpEr linux-2.6.18/kernel/time.c linux-2.6.18-ccs/kernel/time.c |
931 |
--- linux-2.6.18/kernel/time.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/kernel/time.c 2007-03-03 10:49:57.000000000 +0900 |
932 |
+++ linux-2.6.18-ccs/kernel/time.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/kernel/time.c 2007-03-03 10:55:25.000000000 +0900 |
933 |
@@ -39,6 +39,9 @@ |
@@ -39,6 +39,9 @@ |
934 |
|
|
935 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
971 |
/* Now we validate the data before disabling interrupts */ |
/* Now we validate the data before disabling interrupts */ |
972 |
|
|
973 |
diff -ubBpEr linux-2.6.18/net/ipv4/inet_connection_sock.c linux-2.6.18-ccs/net/ipv4/inet_connection_sock.c |
diff -ubBpEr linux-2.6.18/net/ipv4/inet_connection_sock.c linux-2.6.18-ccs/net/ipv4/inet_connection_sock.c |
974 |
--- linux-2.6.18/net/ipv4/inet_connection_sock.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/net/ipv4/inet_connection_sock.c 2007-03-03 10:49:57.000000000 +0900 |
975 |
+++ linux-2.6.18-ccs/net/ipv4/inet_connection_sock.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/net/ipv4/inet_connection_sock.c 2007-03-03 10:55:25.000000000 +0900 |
976 |
@@ -23,6 +23,9 @@ |
@@ -23,6 +23,9 @@ |
977 |
#include <net/route.h> |
#include <net/route.h> |
978 |
#include <net/tcp_states.h> |
#include <net/tcp_states.h> |
994 |
if (tb->port == rover) |
if (tb->port == rover) |
995 |
goto next; |
goto next; |
996 |
diff -ubBpEr linux-2.6.18/net/ipv4/inet_hashtables.c linux-2.6.18-ccs/net/ipv4/inet_hashtables.c |
diff -ubBpEr linux-2.6.18/net/ipv4/inet_hashtables.c linux-2.6.18-ccs/net/ipv4/inet_hashtables.c |
997 |
--- linux-2.6.18/net/ipv4/inet_hashtables.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/net/ipv4/inet_hashtables.c 2007-03-03 10:49:57.000000000 +0900 |
998 |
+++ linux-2.6.18-ccs/net/ipv4/inet_hashtables.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/net/ipv4/inet_hashtables.c 2007-03-03 10:55:25.000000000 +0900 |
999 |
@@ -22,6 +22,9 @@ |
@@ -22,6 +22,9 @@ |
1000 |
#include <net/inet_connection_sock.h> |
#include <net/inet_connection_sock.h> |
1001 |
#include <net/inet_hashtables.h> |
#include <net/inet_hashtables.h> |
1017 |
spin_lock(&head->lock); |
spin_lock(&head->lock); |
1018 |
|
|
1019 |
diff -ubBpEr linux-2.6.18/net/ipv4/udp.c linux-2.6.18-ccs/net/ipv4/udp.c |
diff -ubBpEr linux-2.6.18/net/ipv4/udp.c linux-2.6.18-ccs/net/ipv4/udp.c |
1020 |
--- linux-2.6.18/net/ipv4/udp.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/net/ipv4/udp.c 2007-03-03 10:49:57.000000000 +0900 |
1021 |
+++ linux-2.6.18-ccs/net/ipv4/udp.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/net/ipv4/udp.c 2007-03-03 10:55:25.000000000 +0900 |
1022 |
@@ -108,6 +108,9 @@ |
@@ -108,6 +108,9 @@ |
1023 |
#include <net/inet_common.h> |
#include <net/inet_common.h> |
1024 |
#include <net/checksum.h> |
#include <net/checksum.h> |
1050 |
break; |
break; |
1051 |
} |
} |
1052 |
diff -ubBpEr linux-2.6.18/net/ipv6/inet6_hashtables.c linux-2.6.18-ccs/net/ipv6/inet6_hashtables.c |
diff -ubBpEr linux-2.6.18/net/ipv6/inet6_hashtables.c linux-2.6.18-ccs/net/ipv6/inet6_hashtables.c |
1053 |
--- linux-2.6.18/net/ipv6/inet6_hashtables.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/net/ipv6/inet6_hashtables.c 2007-03-03 10:49:57.000000000 +0900 |
1054 |
+++ linux-2.6.18-ccs/net/ipv6/inet6_hashtables.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/net/ipv6/inet6_hashtables.c 2007-03-03 10:55:25.000000000 +0900 |
1055 |
@@ -21,6 +21,9 @@ |
@@ -21,6 +21,9 @@ |
1056 |
#include <net/inet_hashtables.h> |
#include <net/inet_hashtables.h> |
1057 |
#include <net/inet6_hashtables.h> |
#include <net/inet6_hashtables.h> |
1073 |
spin_lock(&head->lock); |
spin_lock(&head->lock); |
1074 |
|
|
1075 |
diff -ubBpEr linux-2.6.18/net/ipv6/udp.c linux-2.6.18-ccs/net/ipv6/udp.c |
diff -ubBpEr linux-2.6.18/net/ipv6/udp.c linux-2.6.18-ccs/net/ipv6/udp.c |
1076 |
--- linux-2.6.18/net/ipv6/udp.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/net/ipv6/udp.c 2007-03-03 10:49:57.000000000 +0900 |
1077 |
+++ linux-2.6.18-ccs/net/ipv6/udp.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/net/ipv6/udp.c 2007-03-03 10:55:25.000000000 +0900 |
1078 |
@@ -58,6 +58,9 @@ |
@@ -58,6 +58,9 @@ |
1079 |
|
|
1080 |
#include <linux/proc_fs.h> |
#include <linux/proc_fs.h> |
1106 |
break; |
break; |
1107 |
} |
} |
1108 |
diff -ubBpEr linux-2.6.18/net/socket.c linux-2.6.18-ccs/net/socket.c |
diff -ubBpEr linux-2.6.18/net/socket.c linux-2.6.18-ccs/net/socket.c |
1109 |
--- linux-2.6.18/net/socket.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/net/socket.c 2007-03-03 10:49:57.000000000 +0900 |
1110 |
+++ linux-2.6.18-ccs/net/socket.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/net/socket.c 2007-03-03 10:55:25.000000000 +0900 |
1111 |
@@ -94,6 +94,11 @@ |
@@ -94,6 +94,11 @@ |
1112 |
#include <net/sock.h> |
#include <net/sock.h> |
1113 |
#include <linux/netfilter.h> |
#include <linux/netfilter.h> |
1199 |
sock->file->f_flags); |
sock->file->f_flags); |
1200 |
out_put: |
out_put: |
1201 |
diff -ubBpEr linux-2.6.18/net/unix/af_unix.c linux-2.6.18-ccs/net/unix/af_unix.c |
diff -ubBpEr linux-2.6.18/net/unix/af_unix.c linux-2.6.18-ccs/net/unix/af_unix.c |
1202 |
--- linux-2.6.18/net/unix/af_unix.c 2006-09-20 12:42:06.000000000 +0900 |
--- linux-2.6.18/net/unix/af_unix.c 2007-03-03 11:38:54.000000000 +0900 |
1203 |
+++ linux-2.6.18-ccs/net/unix/af_unix.c 2006-09-20 16:09:33.000000000 +0900 |
+++ linux-2.6.18-ccs/net/unix/af_unix.c 2007-03-05 13:21:51.000000000 +0900 |
1204 |
@@ -116,6 +116,12 @@ |
@@ -116,6 +116,9 @@ |
1205 |
#include <linux/mount.h> |
#include <linux/mount.h> |
1206 |
#include <net/checksum.h> |
#include <net/checksum.h> |
1207 |
#include <linux/security.h> |
#include <linux/security.h> |
|
+/***** SAKURA Linux start. *****/ |
|
|
+#include <linux/sakura.h> |
|
|
+/***** SAKURA Linux end. *****/ |
|
1208 |
+/***** TOMOYO Linux start. *****/ |
+/***** TOMOYO Linux start. *****/ |
1209 |
+#include <linux/tomoyo.h> |
+#include <linux/tomoyo.h> |
1210 |
+/***** TOMOYO Linux end. *****/ |
+/***** TOMOYO Linux end. *****/ |
1211 |
|
|
1212 |
int sysctl_unix_max_dgram_qlen = 10; |
int sysctl_unix_max_dgram_qlen = 10; |
1213 |
|
|
1214 |
@@ -764,6 +770,10 @@ static int unix_bind(struct socket *sock |
@@ -764,6 +767,10 @@ static int unix_bind(struct socket *sock |
1215 |
err = unix_autobind(sock); |
err = unix_autobind(sock); |
1216 |
goto out; |
goto out; |
1217 |
} |
} |
1222 |
|
|
1223 |
err = unix_mkname(sunaddr, addr_len, &hash); |
err = unix_mkname(sunaddr, addr_len, &hash); |
1224 |
if (err < 0) |
if (err < 0) |
1225 |
@@ -807,7 +817,11 @@ static int unix_bind(struct socket *sock |
@@ -807,6 +814,9 @@ static int unix_bind(struct socket *sock |
1226 |
*/ |
*/ |
1227 |
mode = S_IFSOCK | |
mode = S_IFSOCK | |
1228 |
(SOCK_INODE(sock)->i_mode & ~current->fs->umask); |
(SOCK_INODE(sock)->i_mode & ~current->fs->umask); |
1230 |
+ if ((err = pre_vfs_mknod(nd.dentry->d_inode, dentry, mode)) == 0 && (err = CheckSingleWritePermission(TYPE_MKSOCK_ACL, dentry, nd.mnt)) == 0) |
+ if ((err = pre_vfs_mknod(nd.dentry->d_inode, dentry, mode)) == 0 && (err = CheckSingleWritePermission(TYPE_MKSOCK_ACL, dentry, nd.mnt)) == 0) |
1231 |
+ /***** TOMOYO Linux end. *****/ |
+ /***** TOMOYO Linux end. *****/ |
1232 |
err = vfs_mknod(nd.dentry->d_inode, dentry, mode, 0); |
err = vfs_mknod(nd.dentry->d_inode, dentry, mode, 0); |
|
+ if (err == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "unix_bind"); /***** ReadOnly Tracer *****/ |
|
1233 |
if (err) |
if (err) |
1234 |
goto out_mknod_dput; |
goto out_mknod_dput; |
|
mutex_unlock(&nd.dentry->d_inode->i_mutex); |
|