This is TOMOYO Linux patch for kernel 2.6.29.4.

Source code for this patch is http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.29.4.tar.bz2
---
 fs/Kconfig                      |    2 +
 fs/Makefile                     |    2 +
 fs/attr.c                       |   10 ++++++
 fs/compat.c                     |    5 ++-
 fs/compat_ioctl.c               |   13 ++++++++
 fs/exec.c                       |   15 +++++++++-
 fs/fcntl.c                      |    9 ++++++
 fs/ioctl.c                      |   11 +++++++
 fs/namei.c                      |   59 ++++++++++++++++++++++++++++++++++++++++
 fs/namespace.c                  |   49 +++++++++++++++++++++++++++++++++
 fs/open.c                       |   29 +++++++++++++++++++
 fs/proc/Makefile                |    3 ++
 fs/proc/version.c               |   11 +++++++
 include/linux/init_task.h       |    4 ++
 include/linux/sched.h           |    8 +++++
 kernel/compat.c                 |    7 ++++
 kernel/kexec.c                  |    7 ++++
 kernel/kmod.c                   |    5 +++
 kernel/module.c                 |   11 +++++++
 kernel/ptrace.c                 |   11 +++++++
 kernel/sched.c                  |    7 ++++
 kernel/signal.c                 |   21 ++++++++++++++
 kernel/sys.c                    |   21 ++++++++++++++
 kernel/sysctl.c                 |    8 +++++
 kernel/time.c                   |   11 +++++++
 kernel/time/ntp.c               |   12 ++++++++
 net/ipv4/inet_connection_sock.c |    7 ++++
 net/ipv4/inet_hashtables.c      |    7 ++++
 net/ipv4/raw.c                  |    8 +++++
 net/ipv4/udp.c                  |   16 ++++++++++
 net/ipv6/raw.c                  |    8 +++++
 net/ipv6/udp.c                  |    8 +++++
 net/socket.c                    |   41 +++++++++++++++++++++++++++
 net/unix/af_unix.c              |    9 ++++++
 34 files changed, 452 insertions(+), 3 deletions(-)

Index: common/fs/Kconfig
===================================================================
--- common.orig/fs/Kconfig	2010-03-31 20:36:17.000000000 +0200
+++ common/fs/Kconfig	2010-04-23 10:14:17.000000000 +0200
@@ -289,4 +289,6 @@
 source "fs/nls/Kconfig"
 source "fs/dlm/Kconfig"
 
+source "fs/Kconfig.ccs"
+
 endmenu
Index: common/fs/Makefile
===================================================================
--- common.orig/fs/Makefile	2010-03-31 20:36:17.000000000 +0200
+++ common/fs/Makefile	2010-04-23 10:16:57.000000000 +0200
@@ -127,3 +127,6 @@
 
 # Patched by YAFFS
 obj-$(CONFIG_YAFFS_FS)		+= yaffs2/
+
+include $(srctree)/fs/Makefile-2.6.ccs
+
Index: common/fs/attr.c
===================================================================
--- common.orig/fs/attr.c	2010-03-31 20:36:17.000000000 +0200
+++ common/fs/attr.c	2010-04-23 10:14:17.000000000 +0200
@@ -14,6 +14,9 @@
 #include <linux/fcntl.h>
 #include <linux/quotaops.h>
 #include <linux/security.h>
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
 
 /* Taken over from the old code... */
 
@@ -162,6 +165,13 @@
 	error = security_inode_setattr(dentry, attr);
 	if (error)
 		return error;
+	/***** TOMOYO Linux start. *****/
+	if ((ia_valid & ATTR_MODE) && !ccs_capable(CCS_SYS_CHMOD))
+		return -EPERM;
+	if ((ia_valid & (ATTR_UID | ATTR_GID)) &&
+	    !ccs_capable(CCS_SYS_CHOWN))
+		return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	if (ia_valid & ATTR_SIZE)
 		down_write(&dentry->d_inode->i_alloc_sem);
Index: common/fs/compat.c
===================================================================
--- common.orig/fs/compat.c	2010-03-31 20:36:17.000000000 +0200
+++ common/fs/compat.c	2010-04-23 10:14:17.000000000 +0200
@@ -56,6 +56,9 @@
 #include <asm/mmu_context.h>
 #include <asm/ioctls.h>
 #include "internal.h"
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
 
 int compat_log = 1;
 
@@ -1449,7 +1452,7 @@
 	if (retval < 0)
 		goto out;
 
-	retval = search_binary_handler(bprm, regs);
+	retval = ccs_search_binary_handler(bprm, regs);
 	if (retval < 0)
 		goto out;
 
Index: common/fs/compat_ioctl.c
===================================================================
--- common.orig/fs/compat_ioctl.c	2010-03-31 20:36:17.000000000 +0200
+++ common/fs/compat_ioctl.c	2010-04-23 10:14:17.000000000 +0200
@@ -113,6 +113,9 @@
 #ifdef CONFIG_SPARC
 #include <asm/fbio.h>
 #endif
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
 
 static int do_ioctl32_pointer(unsigned int fd, unsigned int cmd,
 			      unsigned long arg, struct file *f)
@@ -2791,6 +2794,10 @@
 
 	/* RED-PEN how should LSM module know it's handling 32bit? */
 	error = security_file_ioctl(filp, cmd, arg);
+	/***** TOMOYO Linux start. *****/
+	if (!error)
+		error = ccs_check_ioctl_permission(filp, cmd, arg);
+	/***** TOMOYO Linux end. *****/
 	if (error)
 		goto out_fput;
 
@@ -2815,6 +2822,12 @@
 		/*FALL THROUGH*/
 
 	default:
+		/***** TOMOYO Linux start. *****/
+		if (!ccs_capable(CCS_SYS_IOCTL)) {
+			error = -EPERM;
+			goto out_fput;
+		}
+		/***** TOMOYO Linux end. *****/
 		if (filp->f_op && filp->f_op->compat_ioctl) {
 			error = filp->f_op->compat_ioctl(filp, cmd, arg);
 			if (error != -ENOIOCTLCMD)
Index: common/fs/exec.c
===================================================================
--- common.orig/fs/exec.c	2010-03-31 20:36:17.000000000 +0200
+++ common/fs/exec.c	2010-04-23 10:19:24.000000000 +0200
@@ -61,6 +61,10 @@
 	void qemu_trace_thread_name(char *name);
 #endif
 
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
+
 int core_uses_pid;
 char core_pattern[CORENAME_MAX_SIZE] = "core";
 int suid_dumpable = 0;
@@ -130,6 +134,11 @@
 				 MAY_READ | MAY_EXEC | MAY_OPEN);
 	if (error)
 		goto exit;
+	/***** TOMOYO Linux start. *****/
+	error = ccs_check_uselib_permission(nd.path.dentry, nd.path.mnt);
+	if (error)
+		goto exit;
+	/***** TOMOYO Linux end. *****/
 
 	file = nameidata_to_filp(&nd, O_RDONLY|O_LARGEFILE);
 	error = PTR_ERR(file);
@@ -677,6 +686,11 @@
 	err = inode_permission(nd.path.dentry->d_inode, MAY_EXEC | MAY_OPEN);
 	if (err)
 		goto out_path_put;
+	/***** TOMOYO Linux start. *****/
+	err = ccs_check_open_exec_permission(nd.path.dentry, nd.path.mnt);
+	if (err)
+		goto out_path_put;
+	/***** TOMOYO Linux end. *****/
 
 	file = nameidata_to_filp(&nd, O_RDONLY|O_LARGEFILE);
 	if (IS_ERR(file))
@@ -1346,7 +1360,7 @@
         qemu_trace_execve(bprm->argc, argv);
 #endif
 
-	retval = search_binary_handler(bprm,regs);
+	retval = ccs_search_binary_handler(bprm,regs);
 	if (retval < 0)
 		goto out;
 
Index: common/fs/fcntl.c
===================================================================
--- common.orig/fs/fcntl.c	2010-03-31 20:36:17.000000000 +0200
+++ common/fs/fcntl.c	2010-04-23 10:14:17.000000000 +0200
@@ -24,6 +24,9 @@
 #include <asm/poll.h>
 #include <asm/siginfo.h>
 #include <asm/uaccess.h>
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
 
 void set_close_on_exec(unsigned int fd, int flag)
 {
@@ -155,6 +158,12 @@
 	if (((arg ^ filp->f_flags) & O_APPEND) && IS_APPEND(inode))
 		return -EPERM;
 
+	/***** TOMOYO Linux start. *****/
+	if (((arg ^ filp->f_flags) & O_APPEND) &&
+	    ccs_check_rewrite_permission(filp))
+		return -EPERM;
+	/***** TOMOYO Linux end. *****/
+
 	/* O_NOATIME can only be set by the owner or superuser */
 	if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME))
 		if (!is_owner_or_cap(inode))
Index: common/fs/ioctl.c
===================================================================
--- common.orig/fs/ioctl.c	2010-03-31 20:36:17.000000000 +0200
+++ common/fs/ioctl.c	2010-04-23 10:14:17.000000000 +0200
@@ -17,6 +17,9 @@
 #include <linux/buffer_head.h>
 
 #include <asm/ioctls.h>
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
 
 /* So that the fiemap access checks can't overflow on 32 bit machines. */
 #define FIEMAP_MAX_EXTENTS	(UINT_MAX / sizeof(struct fiemap_extent))
@@ -40,6 +43,10 @@
 
 	if (!filp->f_op)
 		goto out;
+	/***** TOMOYO Linux start. *****/
+	if (!ccs_capable(CCS_SYS_IOCTL))
+		return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	if (filp->f_op->unlocked_ioctl) {
 		error = filp->f_op->unlocked_ioctl(filp, cmd, arg);
@@ -553,6 +560,10 @@
 		goto out;
 
 	error = security_file_ioctl(filp, cmd, arg);
+	/***** TOMOYO Linux start. *****/
+	if (!error)
+		error = ccs_check_ioctl_permission(filp, cmd, arg);
+	/***** TOMOYO Linux end. *****/
 	if (error)
 		goto out_fput;
 
Index: common/fs/namei.c
===================================================================
--- common.orig/fs/namei.c	2010-03-31 20:36:17.000000000 +0200
+++ common/fs/namei.c	2010-04-23 10:14:17.000000000 +0200
@@ -35,6 +35,10 @@
 
 #define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE])
 
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
+
 /* [Feb-1997 T. Schoebel-Theuer]
  * Fundamental changes in the pathname lookup mechanisms (namei)
  * were necessary because of omirr.  The reason is that omirr needs
@@ -1524,6 +1528,13 @@
 		if (!is_owner_or_cap(inode))
 			return -EPERM;
 
+	/***** TOMOYO Linux start. *****/
+	/* includes O_APPEND and O_TRUNC checks */
+	error = ccs_check_open_permission(dentry, path->mnt, flag);
+	if (error)
+		return error;
+	/***** TOMOYO Linux end. *****/
+
 	/*
 	 * Ensure there are no outstanding leases on the file.
 	 */
@@ -1574,6 +1585,11 @@
 	if (!IS_POSIXACL(dir->d_inode))
 		mode &= ~current->fs->umask;
 	error = security_path_mknod(&nd->path, path->dentry, mode, 0);
+	/***** TOMOYO Linux start. *****/
+	if (!error)
+		error = ccs_check_mknod_permission(dir->d_inode, path->dentry,
+						   nd->path.mnt, mode, 0);
+	/***** TOMOYO Linux end. *****/
 	if (error)
 		goto out_unlock;
 	error = vfs_create(dir->d_inode, path->dentry, mode, nd);
@@ -1587,6 +1603,9 @@
 	return may_open(&nd->path, 0, flag & ~O_TRUNC);
 }
 
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo_vfs.h>
+/***** TOMOYO Linux end. *****/
 /*
  * Note that while the flag value (low two bits) for sys_open means:
  *	00 - read-only
@@ -1991,6 +2010,12 @@
 	if (error)
 		goto out_dput;
 	error = security_path_mknod(&nd.path, dentry, mode, dev);
+	/***** TOMOYO Linux start. *****/
+	if (!error)
+		error = ccs_check_mknod_permission(nd.path.dentry->d_inode,
+						   dentry, nd.path.mnt, mode,
+						   dev);
+	/***** TOMOYO Linux end. *****/
 	if (error)
 		goto out_drop_write;
 	switch (mode & S_IFMT) {
@@ -2066,6 +2091,11 @@
 	if (error)
 		goto out_dput;
 	error = security_path_mkdir(&nd.path, dentry, mode);
+	/***** TOMOYO Linux start. *****/
+	if (!error)
+		error = ccs_check_mkdir_permission(nd.path.dentry->d_inode,
+						   dentry, nd.path.mnt, mode);
+	/***** TOMOYO Linux end. *****/
 	if (error)
 		goto out_drop_write;
 	error = vfs_mkdir(nd.path.dentry->d_inode, dentry, mode);
@@ -2180,6 +2210,11 @@
 	if (error)
 		goto exit3;
 	error = security_path_rmdir(&nd.path, dentry);
+	/***** TOMOYO Linux start. *****/
+	if (!error)
+		error = ccs_check_rmdir_permission(nd.path.dentry->d_inode,
+						   dentry, nd.path.mnt);
+	/***** TOMOYO Linux end. *****/
 	if (error)
 		goto exit4;
 	error = vfs_rmdir(nd.path.dentry->d_inode, dentry);
@@ -2269,6 +2304,12 @@
 		if (error)
 			goto exit2;
 		error = security_path_unlink(&nd.path, dentry);
+		/***** TOMOYO Linux start. *****/
+		if (!error)
+			error = ccs_check_unlink_permission(nd.path.dentry
+							    ->d_inode, dentry,
+							    nd.path.mnt);
+		/***** TOMOYO Linux end. *****/
 		if (error)
 			goto exit3;
 		error = vfs_unlink(nd.path.dentry->d_inode, dentry);
@@ -2354,6 +2395,11 @@
 	if (error)
 		goto out_dput;
 	error = security_path_symlink(&nd.path, dentry, from);
+	/***** TOMOYO Linux start. *****/
+	if (!error)
+		error = ccs_check_symlink_permission(nd.path.dentry->d_inode,
+						     dentry, nd.path.mnt, from);
+	/***** TOMOYO Linux end. *****/
 	if (error)
 		goto out_drop_write;
 	error = vfs_symlink(nd.path.dentry->d_inode, dentry, from);
@@ -2454,6 +2500,12 @@
 	if (error)
 		goto out_dput;
 	error = security_path_link(old_path.dentry, &nd.path, new_dentry);
+	/***** TOMOYO Linux start. *****/
+	if (!error)
+		error = ccs_check_link_permission(old_path.dentry,
+						  nd.path.dentry->d_inode,
+						  new_dentry, nd.path.mnt);
+	/***** TOMOYO Linux end. *****/
 	if (error)
 		goto out_drop_write;
 	error = vfs_link(old_path.dentry, nd.path.dentry->d_inode, new_dentry);
@@ -2695,6 +2747,13 @@
 		goto exit5;
 	error = security_path_rename(&oldnd.path, old_dentry,
 				     &newnd.path, new_dentry);
+	/***** TOMOYO Linux start. *****/
+	if (!error)
+		error = ccs_check_rename_permission(old_dir->d_inode,
+						    old_dentry,
+						    new_dir->d_inode,
+						    new_dentry, newnd.path.mnt);
+	/***** TOMOYO Linux end. *****/
 	if (error)
 		goto exit6;
 	error = vfs_rename(old_dir->d_inode, old_dentry,
Index: common/fs/namespace.c
===================================================================
--- common.orig/fs/namespace.c	2010-03-31 20:36:17.000000000 +0200
+++ common/fs/namespace.c	2010-04-23 10:14:17.000000000 +0200
@@ -31,6 +31,12 @@
 #include <asm/unistd.h>
 #include "pnode.h"
 #include "internal.h"
+/***** SAKURA Linux start. *****/
+#include <linux/sakura.h>
+/***** SAKURA Linux end. *****/
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
 
 #define HASH_SHIFT ilog2(PAGE_SIZE / sizeof(struct list_head))
 #define HASH_SIZE (1UL << HASH_SHIFT)
@@ -1043,6 +1049,11 @@
 	if (retval)
 		return retval;
 
+	/***** SAKURA Linux start. *****/
+	if (ccs_may_umount(mnt))
+		return -EPERM;
+	/***** SAKURA Linux end. *****/
+
 	/*
 	 * Allow userspace to request a mountpoint be expired rather than
 	 * unmounting unconditionally. Unmount only happens if:
@@ -1134,6 +1145,10 @@
 {
 	struct path path;
 	int retval;
+	/***** TOMOYO Linux start. *****/
+	if (!ccs_capable(CCS_SYS_UMOUNT))
+		return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	retval = user_path(name, &path);
 	if (retval)
@@ -1482,6 +1497,11 @@
 
 	if (!check_mnt(path->mnt) || !check_mnt(old_path.mnt))
 		goto out;
+	/***** SAKURA Linux start. *****/
+	err = -EPERM;
+	if (ccs_may_mount(path))
+		goto out;
+	/***** SAKURA Linux end. *****/
 
 	err = -ENOMEM;
 	if (recurse)
@@ -1593,6 +1613,11 @@
 	if (!check_mnt(path->mnt) || !check_mnt(old_path.mnt))
 		goto out;
 
+	/***** SAKURA Linux start. *****/
+	err = -EPERM;
+	if (ccs_may_umount(old_path.mnt) || ccs_may_mount(path))
+		goto out;
+	/***** SAKURA Linux end. *****/
 	err = -ENOENT;
 	mutex_lock(&path->dentry->d_inode->i_mutex);
 	if (IS_DEADDIR(path->dentry->d_inode))
@@ -1696,6 +1721,11 @@
 	err = -EINVAL;
 	if (S_ISLNK(newmnt->mnt_root->d_inode->i_mode))
 		goto unlock;
+	/***** SAKURA Linux start. *****/
+	err = -EPERM;
+	if (ccs_may_mount(path))
+		goto unlock;
+	/***** SAKURA Linux end. *****/
 
 	newmnt->mnt_flags = mnt_flags;
 	if ((err = graft_tree(newmnt, path)))
@@ -1919,6 +1949,17 @@
 	if (data_page)
 		((char *)data_page)[PAGE_SIZE - 1] = 0;
 
+	/***** TOMOYO Linux start. *****/
+	if (!ccs_capable(CCS_SYS_MOUNT))
+		return -EPERM;
+	/***** TOMOYO Linux end. *****/
+	/***** SAKURA Linux start. *****/
+	retval = ccs_check_mount_permission(dev_name, dir_name, type_page,
+					    &flags);
+	if (retval)
+		return retval;
+	/***** SAKURA Linux end. *****/
+
 	/* Separate the per-mountpoint flags */
 	if (flags & MS_NOSUID)
 		mnt_flags |= MNT_NOSUID;
@@ -2182,6 +2223,10 @@
 
 	if (!capable(CAP_SYS_ADMIN))
 		return -EPERM;
+	/***** TOMOYO Linux start. *****/
+	if (!ccs_capable(CCS_SYS_PIVOT_ROOT))
+		return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	error = user_path_dir(new_root, &new);
 	if (error)
@@ -2195,6 +2240,10 @@
 		goto out1;
 
 	error = security_sb_pivotroot(&old, &new);
+	/***** SAKURA Linux start. *****/
+	if (!error)
+		error = ccs_check_pivot_root_permission(&old, &new);
+	/***** SAKURA Linux end. *****/
 	if (error) {
 		path_put(&old);
 		goto out1;
Index: common/fs/open.c
===================================================================
--- common.orig/fs/open.c	2010-03-31 20:36:17.000000000 +0200
+++ common/fs/open.c	2010-04-23 10:14:17.000000000 +0200
@@ -29,6 +29,12 @@
 #include <linux/rcupdate.h>
 #include <linux/audit.h>
 #include <linux/falloc.h>
+/***** SAKURA Linux start. *****/
+#include <linux/sakura.h>
+/***** SAKURA Linux end. *****/
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
 
 int vfs_statfs(struct dentry *dentry, struct kstatfs *buf)
 {
@@ -272,6 +278,11 @@
 	error = locks_verify_truncate(inode, NULL, length);
 	if (!error)
 		error = security_path_truncate(&path, length, 0);
+	/***** TOMOYO Linux start. *****/
+	if (!error)
+		error = ccs_check_truncate_permission(path.dentry, path.mnt,
+						      length, 0);
+	/***** TOMOYO Linux end. *****/
 	if (!error) {
 		DQUOT_INIT(inode);
 		error = do_truncate(path.dentry, length, 0, NULL);
@@ -331,6 +342,12 @@
 	if (!error)
 		error = security_path_truncate(&file->f_path, length,
 					       ATTR_MTIME|ATTR_CTIME);
+	/***** TOMOYO Linux start. *****/
+	if (!error)
+		error = ccs_check_truncate_permission(dentry, file->f_vfsmnt,
+						      length,
+						      ATTR_MTIME|ATTR_CTIME);
+	/***** TOMOYO Linux end. *****/
 	if (!error)
 		error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, file);
 out_putf:
@@ -585,6 +602,14 @@
 	error = -EPERM;
 	if (!capable(CAP_SYS_CHROOT))
 		goto dput_and_out;
+	/***** TOMOYO Linux start. *****/
+	if (!ccs_capable(CCS_SYS_CHROOT))
+		goto dput_and_out;
+	/***** TOMOYO Linux end. *****/
+	/***** SAKURA Linux start. *****/
+	if (ccs_check_chroot_permission(&path))
+		goto dput_and_out;
+	/***** SAKURA Linux end. *****/
 
 	set_fs_root(current->fs, &path);
 	error = 0;
@@ -1156,6 +1181,10 @@
  */
 SYSCALL_DEFINE0(vhangup)
 {
+	/***** TOMOYO Linux start. *****/
+	if (!ccs_capable(CCS_SYS_VHANGUP))
+		return -EPERM;
+	/***** TOMOYO Linux end. *****/
 	if (capable(CAP_SYS_TTY_CONFIG)) {
 		tty_vhangup_self();
 		return 0;
Index: common/fs/proc/Makefile
===================================================================
--- common.orig/fs/proc/Makefile	2010-03-31 20:36:17.000000000 +0200
+++ common/fs/proc/Makefile	2010-04-23 10:14:17.000000000 +0200
@@ -25,3 +25,6 @@
 proc-$(CONFIG_PROC_DEVICETREE)	+= proc_devtree.o
 proc-$(CONFIG_PRINTK)	+= kmsg.o
 proc-$(CONFIG_PROC_PAGE_MONITOR)	+= page.o
+
+proc-$(CONFIG_SAKURA) += ccs_proc.o
+proc-$(CONFIG_TOMOYO) += ccs_proc.o
Index: common/fs/proc/version.c
===================================================================
--- common.orig/fs/proc/version.c	2010-03-31 20:36:17.000000000 +0200
+++ common/fs/proc/version.c	2010-04-23 10:14:17.000000000 +0200
@@ -32,3 +32,14 @@
 	return 0;
 }
 module_init(proc_version_init);
+
+/***** CCS start. *****/
+#if defined(CONFIG_SAKURA) || defined(CONFIG_TOMOYO)
+static int __init ccs_show_version(void)
+{
+	printk(KERN_INFO "Hook version: 2.6.29.4 2009/05/20\n");
+	return 0;
+}
+module_init(ccs_show_version);
+#endif
+/***** CCS end. *****/
Index: common/include/linux/init_task.h
===================================================================
--- common.orig/include/linux/init_task.h	2010-03-31 20:36:17.000000000 +0200
+++ common/include/linux/init_task.h	2010-04-23 10:14:17.000000000 +0200
@@ -184,6 +184,10 @@
 	INIT_IDS							\
 	INIT_TRACE_IRQFLAGS						\
 	INIT_LOCKDEP							\
+	/***** TOMOYO Linux start. *****/        \
+	.ccs_domain_info = NULL,                 \
+	.ccs_flags = 0,                          \
+	/***** TOMOYO Linux end. *****/          \
 }
 
 
Index: common/include/linux/sched.h
===================================================================
--- common.orig/include/linux/sched.h	2010-03-31 20:36:17.000000000 +0200
+++ common/include/linux/sched.h	2010-04-23 10:14:17.000000000 +0200
@@ -29,6 +29,10 @@
 #define CLONE_NEWNET		0x40000000	/* New network namespace */
 #define CLONE_IO		0x80000000	/* Clone io context */
 
+/***** TOMOYO Linux start. *****/
+struct ccs_domain_info;
+/***** TOMOYO Linux end. *****/
+
 /*
  * Scheduling policies
  */
@@ -1417,6 +1421,10 @@
 	/* state flags for use by tracers */
 	unsigned long trace;
 #endif
+	/***** TOMOYO Linux start. *****/
+	struct ccs_domain_info *ccs_domain_info;
+	u32 ccs_flags;
+	/***** TOMOYO Linux end. *****/
 };
 
 /* Future-safe accessor for struct task_struct's cpus_allowed. */
Index: common/kernel/compat.c
===================================================================
--- common.orig/kernel/compat.c	2010-03-31 20:36:17.000000000 +0200
+++ common/kernel/compat.c	2010-04-23 10:14:17.000000000 +0200
@@ -27,6 +27,9 @@
 #include <linux/ptrace.h>
 
 #include <asm/uaccess.h>
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
 
 /*
  * Note that the native side is already converted to a timespec, because
@@ -915,6 +918,10 @@
 	err = security_settime(&tv, NULL);
 	if (err)
 		return err;
+	/***** TOMOYO Linux start. *****/
+	if (!ccs_capable(CCS_SYS_SETTIME))
+		return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	do_settimeofday(&tv);
 	return 0;
Index: common/kernel/kexec.c
===================================================================
--- common.orig/kernel/kexec.c	2010-03-31 20:36:17.000000000 +0200
+++ common/kernel/kexec.c	2010-04-23 10:14:17.000000000 +0200
@@ -37,6 +37,9 @@
 #include <asm/io.h>
 #include <asm/system.h>
 #include <asm/sections.h>
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
 
 /* Per cpu memory for storing cpu states in case of system crash. */
 note_buf_t* crash_notes;
@@ -943,6 +946,10 @@
 	/* We only trust the superuser with rebooting the system. */
 	if (!capable(CAP_SYS_BOOT))
 		return -EPERM;
+	/***** TOMOYO Linux start. *****/
+	if (!ccs_capable(CCS_SYS_KEXEC_LOAD))
+		return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	/*
 	 * Verify we have a legal set of flags
Index: common/kernel/kmod.c
===================================================================
--- common.orig/kernel/kmod.c	2010-03-31 20:36:17.000000000 +0200
+++ common/kernel/kmod.c	2010-04-23 10:14:17.000000000 +0200
@@ -175,6 +175,11 @@
 	 */
 	set_user_nice(current, 0);
 
+	/***** TOMOYO Linux start. *****/
+	current->ccs_domain_info = NULL;
+	current->ccs_flags = 0;
+	/***** TOMOYO Linux end. *****/
+
 	retval = kernel_execve(sub_info->path, sub_info->argv, sub_info->envp);
 
 	/* Exec failed? */
Index: common/kernel/module.c
===================================================================
--- common.orig/kernel/module.c	2010-03-31 20:36:17.000000000 +0200
+++ common/kernel/module.c	2010-04-23 10:14:17.000000000 +0200
@@ -51,6 +51,9 @@
 #include <linux/tracepoint.h>
 #include <linux/ftrace.h>
 #include <linux/async.h>
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
 
 #if 0
 #define DEBUGP printk
@@ -753,6 +756,10 @@
 
 	if (!capable(CAP_SYS_MODULE))
 		return -EPERM;
+	/***** TOMOYO Linux start. *****/
+	if (!ccs_capable(CCS_USE_KERNEL_MODULE))
+		return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	if (strncpy_from_user(name, name_user, MODULE_NAME_LEN-1) < 0)
 		return -EFAULT;
@@ -2322,6 +2329,10 @@
 	/* Must have permission */
 	if (!capable(CAP_SYS_MODULE))
 		return -EPERM;
+	/***** TOMOYO Linux start. *****/
+	if (!ccs_capable(CCS_USE_KERNEL_MODULE))
+		return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	/* Only one module load at a time, please */
 	if (mutex_lock_interruptible(&module_mutex) != 0)
Index: common/kernel/ptrace.c
===================================================================
--- common.orig/kernel/ptrace.c	2010-03-31 20:36:17.000000000 +0200
+++ common/kernel/ptrace.c	2010-04-23 10:14:17.000000000 +0200
@@ -24,6 +24,9 @@
 
 #include <asm/pgtable.h>
 #include <asm/uaccess.h>
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
 
 
 /*
@@ -578,6 +581,10 @@
 {
 	struct task_struct *child;
 	long ret;
+	/***** TOMOYO Linux start. *****/
+	if (!ccs_capable(CCS_SYS_PTRACE))
+		return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	/*
 	 * This lock_kernel fixes a subtle race with suid exec
@@ -701,6 +708,10 @@
 {
 	struct task_struct *child;
 	long ret;
+	/***** TOMOYO Linux start. *****/
+	if (!ccs_capable(CCS_SYS_PTRACE))
+		return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	/*
 	 * This lock_kernel fixes a subtle race with suid exec
Index: common/kernel/sched.c
===================================================================
--- common.orig/kernel/sched.c	2010-03-31 20:36:17.000000000 +0200
+++ common/kernel/sched.c	2010-04-23 10:14:17.000000000 +0200
@@ -76,6 +76,9 @@
 
 #include <asm/tlb.h>
 #include <asm/irq_regs.h>
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
 
 #include "sched_cpupri.h"
 
@@ -5192,6 +5195,10 @@
 SYSCALL_DEFINE1(nice, int, increment)
 {
 	long nice, retval;
+	/***** TOMOYO Linux start. *****/
+	if (!ccs_capable(CCS_SYS_NICE))
+		return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	/*
 	 * Setpriority might change our priority at the same moment.
Index: common/kernel/signal.c
===================================================================
--- common.orig/kernel/signal.c	2010-03-31 20:36:17.000000000 +0200
+++ common/kernel/signal.c	2010-04-23 10:14:17.000000000 +0200
@@ -34,6 +34,9 @@
 #include <asm/unistd.h>
 #include <asm/siginfo.h>
 #include "audit.h"	/* audit_signal_info() */
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
 
 /*
  * SLAB caches for signal bits.
@@ -2233,6 +2236,12 @@
 SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
 {
 	struct siginfo info;
+	/***** TOMOYO Linux start. *****/
+	if (sig && !ccs_capable(CCS_SYS_KILL))
+		return -EPERM;
+	if (sig && ccs_check_signal_acl(sig, pid))
+		return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	info.si_signo = sig;
 	info.si_errno = 0;
@@ -2294,6 +2303,12 @@
 	/* This is only valid for single tasks */
 	if (pid <= 0 || tgid <= 0)
 		return -EINVAL;
+	/***** TOMOYO Linux start. *****/
+	if (sig && !ccs_capable(CCS_SYS_KILL))
+		return -EPERM;
+	if (sig && ccs_check_signal_acl(sig, pid))
+		return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	return do_tkill(tgid, pid, sig);
 }
@@ -2306,6 +2321,12 @@
 	/* This is only valid for single tasks */
 	if (pid <= 0)
 		return -EINVAL;
+	/***** TOMOYO Linux start. *****/
+	if (sig && !ccs_capable(CCS_SYS_KILL))
+		return -EPERM;
+	if (sig && ccs_check_signal_acl(sig, pid))
+		return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	return do_tkill(0, pid, sig);
 }
Index: common/kernel/sys.c
===================================================================
--- common.orig/kernel/sys.c	2010-03-31 20:36:17.000000000 +0200
+++ common/kernel/sys.c	2010-04-23 10:14:17.000000000 +0200
@@ -43,6 +43,9 @@
 #include <asm/uaccess.h>
 #include <asm/io.h>
 #include <asm/unistd.h>
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
 
 #ifndef SET_UNALIGN_CTL
 # define SET_UNALIGN_CTL(a,b)	(-EINVAL)
@@ -153,6 +156,12 @@
 
 	if (which > PRIO_USER || which < PRIO_PROCESS)
 		goto out;
+	/***** TOMOYO Linux start. *****/
+	if (!ccs_capable(CCS_SYS_NICE)) {
+		error = -EPERM;
+		goto out;
+	}
+	/***** TOMOYO Linux end. *****/
 
 	/* normalize: avoid signed division (rounding problems) */
 	error = -ESRCH;
@@ -371,6 +380,10 @@
 			magic2 != LINUX_REBOOT_MAGIC2B &&
 	                magic2 != LINUX_REBOOT_MAGIC2C))
 		return -EINVAL;
+	/***** TOMOYO Linux start. *****/
+	if (!ccs_capable(CCS_SYS_REBOOT))
+		return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	/* Instead of trying to make the power_off code look like
 	 * halt when pm_power_off is not set do it the easy way.
@@ -1424,6 +1437,10 @@
 		return -EPERM;
 	if (len < 0 || len > __NEW_UTS_LEN)
 		return -EINVAL;
+	/***** TOMOYO Linux start. *****/
+	if (!ccs_capable(CCS_SYS_SETHOSTNAME))
+		return -EPERM;
+	/***** TOMOYO Linux end. *****/
 	down_write(&uts_sem);
 	errno = -EFAULT;
 	if (!copy_from_user(tmp, name, len)) {
@@ -1473,6 +1490,10 @@
 		return -EPERM;
 	if (len < 0 || len > __NEW_UTS_LEN)
 		return -EINVAL;
+	/***** TOMOYO Linux start. *****/
+	if (!ccs_capable(CCS_SYS_SETHOSTNAME))
+		return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	down_write(&uts_sem);
 	errno = -EFAULT;
Index: common/kernel/sysctl.c
===================================================================
--- common.orig/kernel/sysctl.c	2010-03-31 20:36:17.000000000 +0200
+++ common/kernel/sysctl.c	2010-04-23 10:14:17.000000000 +0200
@@ -51,6 +51,9 @@
 
 #include <asm/uaccess.h>
 #include <asm/processor.h>
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
 
 #ifdef CONFIG_X86
 #include <asm/nmi.h>
@@ -1694,6 +1697,11 @@
 
 	for (head = sysctl_head_next(NULL); head;
 			head = sysctl_head_next(head)) {
+		/***** TOMOYO Linux start. *****/
+		error = ccs_parse_table(name, nlen, oldval, newval,
+					head->ctl_table);
+		if (!error)
+		/***** TOMOYO Linux end. *****/
 		error = parse_table(name, nlen, oldval, oldlenp, 
 					newval, newlen,
 					head->root, head->ctl_table);
Index: common/kernel/time.c
===================================================================
--- common.orig/kernel/time.c	2010-03-31 20:36:17.000000000 +0200
+++ common/kernel/time.c	2010-04-23 10:14:17.000000000 +0200
@@ -41,6 +41,9 @@
 
 #include <asm/uaccess.h>
 #include <asm/unistd.h>
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
 
 #include "timeconst.h"
 
@@ -92,6 +95,10 @@
 	err = security_settime(&tv, NULL);
 	if (err)
 		return err;
+	/***** TOMOYO Linux start. *****/
+	if (!ccs_capable(CCS_SYS_SETTIME))
+		return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	do_settimeofday(&tv);
 	return 0;
@@ -163,6 +170,10 @@
 	error = security_settime(tv, tz);
 	if (error)
 		return error;
+	/***** TOMOYO Linux start. *****/
+	if (!ccs_capable(CCS_SYS_SETTIME))
+		return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	if (tz) {
 		/* SMP safe, global irq locking makes it work. */
Index: common/kernel/time/ntp.c
===================================================================
--- common.orig/kernel/time/ntp.c	2010-03-31 20:36:17.000000000 +0200
+++ common/kernel/time/ntp.c	2010-04-23 10:14:17.000000000 +0200
@@ -18,6 +18,9 @@
 #include <linux/clocksource.h>
 #include <linux/workqueue.h>
 #include <asm/timex.h>
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
 
 /*
  * Timekeeping variables
@@ -286,10 +289,19 @@
 		if (!(txc->modes & ADJ_OFFSET_READONLY) &&
 		    !capable(CAP_SYS_TIME))
 			return -EPERM;
+		/***** TOMOYO Linux start. *****/
+		if (!(txc->modes & ADJ_OFFSET_READONLY) &&
+		    !ccs_capable(CCS_SYS_SETTIME))
+			return -EPERM;
+		/***** TOMOYO Linux end. *****/
 	} else {
 		/* In order to modify anything, you gotta be super-user! */
 		 if (txc->modes && !capable(CAP_SYS_TIME))
 			return -EPERM;
+		/***** TOMOYO Linux start. *****/
+		if (txc->modes && !ccs_capable(CCS_SYS_SETTIME))
+			return -EPERM;
+		/***** TOMOYO Linux end. *****/
 
 		/* if the quartz is off by more than 10% something is VERY wrong! */
 		if (txc->modes & ADJ_TICK &&
Index: common/net/ipv4/inet_connection_sock.c
===================================================================
--- common.orig/net/ipv4/inet_connection_sock.c	2010-03-31 20:36:17.000000000 +0200
+++ common/net/ipv4/inet_connection_sock.c	2010-04-23 10:14:17.000000000 +0200
@@ -23,6 +23,9 @@
 #include <net/route.h>
 #include <net/tcp_states.h>
 #include <net/xfrm.h>
+/***** SAKURA Linux start. *****/
+#include <linux/sakura.h>
+/***** SAKURA Linux end. *****/
 
 #ifdef INET_CSK_DEBUG
 const char inet_csk_timer_bug_msg[] = "inet_csk BUG: unknown timer value\n";
@@ -108,6 +111,10 @@
 			head = &hashinfo->bhash[inet_bhashfn(net, rover,
 					hashinfo->bhash_size)];
 			spin_lock(&head->lock);
+			/***** SAKURA Linux start. *****/
+			if (ccs_lport_reserved(rover))
+				goto next;
+			/***** SAKURA Linux end. *****/
 			inet_bind_bucket_for_each(tb, node, &head->chain)
 				if (ib_net(tb) == net && tb->port == rover)
 					goto next;
Index: common/net/ipv4/inet_hashtables.c
===================================================================
--- common.orig/net/ipv4/inet_hashtables.c	2010-03-31 20:36:17.000000000 +0200
+++ common/net/ipv4/inet_hashtables.c	2010-04-23 10:14:17.000000000 +0200
@@ -22,6 +22,9 @@
 #include <net/inet_connection_sock.h>
 #include <net/inet_hashtables.h>
 #include <net/ip.h>
+/***** SAKURA Linux start. *****/
+#include <linux/sakura.h>
+/***** SAKURA Linux end. *****/
 
 /*
  * Allocate and initialize a new local port bind bucket.
@@ -434,6 +437,10 @@
 		local_bh_disable();
 		for (i = 1; i <= remaining; i++) {
 			port = low + (i + offset) % remaining;
+			/***** SAKURA Linux start. *****/
+			if (ccs_lport_reserved(port))
+				continue;
+			/***** SAKURA Linux end. *****/
 			head = &hinfo->bhash[inet_bhashfn(net, port,
 					hinfo->bhash_size)];
 			spin_lock(&head->lock);
Index: common/net/ipv4/raw.c
===================================================================
--- common.orig/net/ipv4/raw.c	2010-03-31 20:36:17.000000000 +0200
+++ common/net/ipv4/raw.c	2010-04-23 10:14:17.000000000 +0200
@@ -77,6 +77,9 @@
 #include <linux/seq_file.h>
 #include <linux/netfilter.h>
 #include <linux/netfilter_ipv4.h>
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo_socket.h>
+/***** TOMOYO Linux end. *****/
 
 static struct raw_hashinfo raw_v4_hashinfo = {
 	.lock = __RW_LOCK_UNLOCKED(raw_v4_hashinfo.lock),
@@ -665,6 +668,11 @@
 	skb = skb_recv_datagram(sk, flags, noblock, &err);
 	if (!skb)
 		goto out;
+	/***** TOMOYO Linux start. *****/
+	err = ccs_socket_recvmsg_permission(sk, skb, flags);
+	if (err)
+		goto out;
+	/***** TOMOYO Linux end. *****/
 
 	copied = skb->len;
 	if (len < copied) {
Index: common/net/ipv4/udp.c
===================================================================
--- common.orig/net/ipv4/udp.c	2010-03-31 20:36:17.000000000 +0200
+++ common/net/ipv4/udp.c	2010-04-23 10:14:17.000000000 +0200
@@ -105,6 +105,12 @@
 #include <net/checksum.h>
 #include <net/xfrm.h>
 #include "udp_impl.h"
+/***** SAKURA Linux start. *****/
+#include <linux/sakura.h>
+/***** SAKURA Linux end. *****/
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo_socket.h>
+/***** TOMOYO Linux end. *****/
 
 struct udp_table udp_table;
 EXPORT_SYMBOL(udp_table);
@@ -195,7 +201,10 @@
 			 */
 			do {
 				if (low <= snum && snum <= high &&
-				    !test_bit(snum / UDP_HTABLE_SIZE, bitmap))
+				    !test_bit(snum / UDP_HTABLE_SIZE, bitmap)
+				    /***** SAKURA Linux start. *****/
+				    && !ccs_lport_reserved(snum))
+				    /***** SAKURA Linux end. *****/
 					goto found;
 				snum += rand;
 			} while (snum != first);
@@ -897,6 +906,11 @@
 				  &peeked, &err);
 	if (!skb)
 		goto out;
+	/***** TOMOYO Linux start. *****/
+	err = ccs_socket_recvmsg_permission(sk, skb, flags);
+	if (err)
+		goto out;
+	/***** TOMOYO Linux end. *****/
 
 	ulen = skb->len - sizeof(struct udphdr);
 	copied = len;
Index: common/net/ipv6/raw.c
===================================================================
--- common.orig/net/ipv6/raw.c	2010-03-31 20:36:17.000000000 +0200
+++ common/net/ipv6/raw.c	2010-04-23 10:14:17.000000000 +0200
@@ -59,6 +59,9 @@
 
 #include <linux/proc_fs.h>
 #include <linux/seq_file.h>
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo_socket.h>
+/***** TOMOYO Linux end. *****/
 
 static struct raw_hashinfo raw_v6_hashinfo = {
 	.lock = __RW_LOCK_UNLOCKED(raw_v6_hashinfo.lock),
@@ -465,6 +468,11 @@
 	skb = skb_recv_datagram(sk, flags, noblock, &err);
 	if (!skb)
 		goto out;
+	/***** TOMOYO Linux start. *****/
+	err = ccs_socket_recvmsg_permission(sk, skb, flags);
+	if (err)
+		goto out;
+	/***** TOMOYO Linux end. *****/
 
 	copied = skb->len;
 	if (copied > len) {
Index: common/net/ipv6/udp.c
===================================================================
--- common.orig/net/ipv6/udp.c	2010-03-31 20:36:17.000000000 +0200
+++ common/net/ipv6/udp.c	2010-04-23 10:14:17.000000000 +0200
@@ -48,6 +48,9 @@
 #include <linux/proc_fs.h>
 #include <linux/seq_file.h>
 #include "udp_impl.h"
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo_socket.h>
+/***** TOMOYO Linux end. *****/
 
 int udp_v6_get_port(struct sock *sk, unsigned short snum)
 {
@@ -180,6 +183,11 @@
 				  &peeked, &err);
 	if (!skb)
 		goto out;
+	/***** TOMOYO Linux start. *****/
+	err = ccs_socket_recvmsg_permission(sk, skb, flags);
+	if (err)
+		goto out;
+	/***** TOMOYO Linux end. *****/
 
 	ulen = skb->len - sizeof(struct udphdr);
 	copied = len;
Index: common/net/socket.c
===================================================================
--- common.orig/net/socket.c	2010-03-31 20:36:17.000000000 +0200
+++ common/net/socket.c	2010-04-23 10:14:17.000000000 +0200
@@ -100,6 +100,11 @@
 #include <linux/uid_stat.h>
 #endif
 
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+#include <linux/tomoyo_socket.h>
+/***** TOMOYO Linux end. *****/
+
 static int sock_no_open(struct inode *irrelevant, struct file *dontcare);
 static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov,
 			 unsigned long nr_segs, loff_t pos);
@@ -563,6 +568,12 @@
 	err = security_socket_sendmsg(sock, msg, size);
 	if (err)
 		return err;
+	/***** TOMOYO Linux start. *****/
+	if (ccs_socket_sendmsg_permission(sock,
+					  (struct sockaddr *) msg->msg_name,
+					  msg->msg_namelen))
+		return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	err = sock->ops->sendmsg(iocb, sock, msg, size);
 #ifdef CONFIG_UID_STAT
@@ -1135,6 +1146,12 @@
 		family = PF_PACKET;
 	}
 
+	/***** TOMOYO Linux start. *****/
+	err = ccs_socket_create_permission(family, type, protocol);
+	if (err)
+		return err;
+	/***** TOMOYO Linux end. *****/
+
 	err = security_socket_create(family, type, protocol, kern);
 	if (err)
 		return err;
@@ -1383,6 +1400,13 @@
 			err = security_socket_bind(sock,
 						   (struct sockaddr *)&address,
 						   addrlen);
+			/***** TOMOYO Linux start. *****/
+			if (!err)
+				err = ccs_socket_bind_permission(sock,
+							 (struct sockaddr *)
+								 &address,
+								 addrlen);
+			/***** TOMOYO Linux end. *****/
 			if (!err)
 				err = sock->ops->bind(sock,
 						      (struct sockaddr *)
@@ -1412,6 +1436,10 @@
 			backlog = somaxconn;
 
 		err = security_socket_listen(sock, backlog);
+		/***** TOMOYO Linux start. *****/
+		if (!err)
+			err = ccs_socket_listen_permission(sock);
+		/***** TOMOYO Linux end. *****/
 		if (!err)
 			err = sock->ops->listen(sock, backlog);
 
@@ -1482,6 +1510,13 @@
 	if (err < 0)
 		goto out_fd;
 
+	/***** TOMOYO Linux start. *****/
+	if (ccs_socket_accept_permission(newsock,
+					 (struct sockaddr *) &address)) {
+		err = -ECONNABORTED; /* Hope less harmful than -EPERM. */
+		goto out_fd;
+	}
+	/***** TOMOYO Linux end. *****/
 	if (upeer_sockaddr) {
 		if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
 					  &len, 2) < 0) {
@@ -1547,6 +1582,12 @@
 	err = move_addr_to_kernel(uservaddr, addrlen, (struct sockaddr *)&address);
 	if (err < 0)
 		goto out_put;
+	/***** TOMOYO Linux start. *****/
+	err = ccs_socket_connect_permission(sock, (struct sockaddr *) &address,
+					    addrlen);
+	if (err)
+		goto out_put;
+	/***** TOMOYO Linux end. *****/
 
 	err =
 	    security_socket_connect(sock, (struct sockaddr *)&address, addrlen);
Index: common/net/unix/af_unix.c
===================================================================
--- common.orig/net/unix/af_unix.c	2010-03-31 20:36:17.000000000 +0200
+++ common/net/unix/af_unix.c	2010-04-23 10:14:17.000000000 +0200
@@ -114,6 +114,9 @@
 #include <linux/mount.h>
 #include <net/checksum.h>
 #include <linux/security.h>
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
 
 static struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1];
 static DEFINE_SPINLOCK(unix_table_lock);
@@ -837,6 +840,12 @@
 		if (err)
 			goto out_mknod_dput;
 		err = security_path_mknod(&nd.path, dentry, mode, 0);
+		/***** TOMOYO Linux start. *****/
+		if (!err)
+			err = ccs_check_mknod_permission(nd.path.dentry
+							 ->d_inode, dentry,
+							 nd.path.mnt, mode, 0);
+		/***** TOMOYO Linux end. *****/
 		if (err)
 			goto out_mknod_drop_write;
 		err = vfs_mknod(nd.path.dentry->d_inode, dentry, mode, 0);
