This is TOMOYO Linux patch for kernel 2.6.29.4. Source code for this patch is http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.29.4.tar.bz2 --- fs/Kconfig | 2 + fs/Makefile | 2 + fs/attr.c | 10 ++++++ fs/compat.c | 5 ++- fs/compat_ioctl.c | 13 ++++++++ fs/exec.c | 15 +++++++++- fs/fcntl.c | 9 ++++++ fs/ioctl.c | 11 +++++++ fs/namei.c | 59 ++++++++++++++++++++++++++++++++++++++++ fs/namespace.c | 49 +++++++++++++++++++++++++++++++++ fs/open.c | 29 +++++++++++++++++++ fs/proc/Makefile | 3 ++ fs/proc/version.c | 11 +++++++ include/linux/init_task.h | 4 ++ include/linux/sched.h | 8 +++++ kernel/compat.c | 7 ++++ kernel/kexec.c | 7 ++++ kernel/kmod.c | 5 +++ kernel/module.c | 11 +++++++ kernel/ptrace.c | 11 +++++++ kernel/sched.c | 7 ++++ kernel/signal.c | 21 ++++++++++++++ kernel/sys.c | 21 ++++++++++++++ kernel/sysctl.c | 8 +++++ kernel/time.c | 11 +++++++ kernel/time/ntp.c | 12 ++++++++ net/ipv4/inet_connection_sock.c | 7 ++++ net/ipv4/inet_hashtables.c | 7 ++++ net/ipv4/raw.c | 8 +++++ net/ipv4/udp.c | 16 ++++++++++ net/ipv6/raw.c | 8 +++++ net/ipv6/udp.c | 8 +++++ net/socket.c | 41 +++++++++++++++++++++++++++ net/unix/af_unix.c | 9 ++++++ 34 files changed, 452 insertions(+), 3 deletions(-) Index: common/fs/Kconfig =================================================================== --- common.orig/fs/Kconfig 2010-03-31 20:36:17.000000000 +0200 +++ common/fs/Kconfig 2010-04-23 10:14:17.000000000 +0200 @@ -289,4 +289,6 @@ source "fs/nls/Kconfig" source "fs/dlm/Kconfig" +source "fs/Kconfig.ccs" + endmenu Index: common/fs/Makefile =================================================================== --- common.orig/fs/Makefile 2010-03-31 20:36:17.000000000 +0200 +++ common/fs/Makefile 2010-04-23 10:16:57.000000000 +0200 @@ -127,3 +127,6 @@ # Patched by YAFFS obj-$(CONFIG_YAFFS_FS) += yaffs2/ + +include $(srctree)/fs/Makefile-2.6.ccs + Index: common/fs/attr.c =================================================================== --- common.orig/fs/attr.c 2010-03-31 20:36:17.000000000 +0200 +++ common/fs/attr.c 2010-04-23 10:14:17.000000000 +0200 @@ -14,6 +14,9 @@ #include #include #include +/***** TOMOYO Linux start. *****/ +#include +/***** TOMOYO Linux end. *****/ /* Taken over from the old code... */ @@ -162,6 +165,13 @@ error = security_inode_setattr(dentry, attr); if (error) return error; + /***** TOMOYO Linux start. *****/ + if ((ia_valid & ATTR_MODE) && !ccs_capable(CCS_SYS_CHMOD)) + return -EPERM; + if ((ia_valid & (ATTR_UID | ATTR_GID)) && + !ccs_capable(CCS_SYS_CHOWN)) + return -EPERM; + /***** TOMOYO Linux end. *****/ if (ia_valid & ATTR_SIZE) down_write(&dentry->d_inode->i_alloc_sem); Index: common/fs/compat.c =================================================================== --- common.orig/fs/compat.c 2010-03-31 20:36:17.000000000 +0200 +++ common/fs/compat.c 2010-04-23 10:14:17.000000000 +0200 @@ -56,6 +56,9 @@ #include #include #include "internal.h" +/***** TOMOYO Linux start. *****/ +#include +/***** TOMOYO Linux end. *****/ int compat_log = 1; @@ -1449,7 +1452,7 @@ if (retval < 0) goto out; - retval = search_binary_handler(bprm, regs); + retval = ccs_search_binary_handler(bprm, regs); if (retval < 0) goto out; Index: common/fs/compat_ioctl.c =================================================================== --- common.orig/fs/compat_ioctl.c 2010-03-31 20:36:17.000000000 +0200 +++ common/fs/compat_ioctl.c 2010-04-23 10:14:17.000000000 +0200 @@ -113,6 +113,9 @@ #ifdef CONFIG_SPARC #include #endif +/***** TOMOYO Linux start. *****/ +#include +/***** TOMOYO Linux end. *****/ static int do_ioctl32_pointer(unsigned int fd, unsigned int cmd, unsigned long arg, struct file *f) @@ -2791,6 +2794,10 @@ /* RED-PEN how should LSM module know it's handling 32bit? */ error = security_file_ioctl(filp, cmd, arg); + /***** TOMOYO Linux start. *****/ + if (!error) + error = ccs_check_ioctl_permission(filp, cmd, arg); + /***** TOMOYO Linux end. *****/ if (error) goto out_fput; @@ -2815,6 +2822,12 @@ /*FALL THROUGH*/ default: + /***** TOMOYO Linux start. *****/ + if (!ccs_capable(CCS_SYS_IOCTL)) { + error = -EPERM; + goto out_fput; + } + /***** TOMOYO Linux end. *****/ if (filp->f_op && filp->f_op->compat_ioctl) { error = filp->f_op->compat_ioctl(filp, cmd, arg); if (error != -ENOIOCTLCMD) Index: common/fs/exec.c =================================================================== --- common.orig/fs/exec.c 2010-03-31 20:36:17.000000000 +0200 +++ common/fs/exec.c 2010-04-23 10:19:24.000000000 +0200 @@ -61,6 +61,10 @@ void qemu_trace_thread_name(char *name); #endif +/***** TOMOYO Linux start. *****/ +#include +/***** TOMOYO Linux end. *****/ + int core_uses_pid; char core_pattern[CORENAME_MAX_SIZE] = "core"; int suid_dumpable = 0; @@ -130,6 +134,11 @@ MAY_READ | MAY_EXEC | MAY_OPEN); if (error) goto exit; + /***** TOMOYO Linux start. *****/ + error = ccs_check_uselib_permission(nd.path.dentry, nd.path.mnt); + if (error) + goto exit; + /***** TOMOYO Linux end. *****/ file = nameidata_to_filp(&nd, O_RDONLY|O_LARGEFILE); error = PTR_ERR(file); @@ -677,6 +686,11 @@ err = inode_permission(nd.path.dentry->d_inode, MAY_EXEC | MAY_OPEN); if (err) goto out_path_put; + /***** TOMOYO Linux start. *****/ + err = ccs_check_open_exec_permission(nd.path.dentry, nd.path.mnt); + if (err) + goto out_path_put; + /***** TOMOYO Linux end. *****/ file = nameidata_to_filp(&nd, O_RDONLY|O_LARGEFILE); if (IS_ERR(file)) @@ -1346,7 +1360,7 @@ qemu_trace_execve(bprm->argc, argv); #endif - retval = search_binary_handler(bprm,regs); + retval = ccs_search_binary_handler(bprm,regs); if (retval < 0) goto out; Index: common/fs/fcntl.c =================================================================== --- common.orig/fs/fcntl.c 2010-03-31 20:36:17.000000000 +0200 +++ common/fs/fcntl.c 2010-04-23 10:14:17.000000000 +0200 @@ -24,6 +24,9 @@ #include #include #include +/***** TOMOYO Linux start. *****/ +#include +/***** TOMOYO Linux end. *****/ void set_close_on_exec(unsigned int fd, int flag) { @@ -155,6 +158,12 @@ if (((arg ^ filp->f_flags) & O_APPEND) && IS_APPEND(inode)) return -EPERM; + /***** TOMOYO Linux start. *****/ + if (((arg ^ filp->f_flags) & O_APPEND) && + ccs_check_rewrite_permission(filp)) + return -EPERM; + /***** TOMOYO Linux end. *****/ + /* O_NOATIME can only be set by the owner or superuser */ if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME)) if (!is_owner_or_cap(inode)) Index: common/fs/ioctl.c =================================================================== --- common.orig/fs/ioctl.c 2010-03-31 20:36:17.000000000 +0200 +++ common/fs/ioctl.c 2010-04-23 10:14:17.000000000 +0200 @@ -17,6 +17,9 @@ #include #include +/***** TOMOYO Linux start. *****/ +#include +/***** TOMOYO Linux end. *****/ /* So that the fiemap access checks can't overflow on 32 bit machines. */ #define FIEMAP_MAX_EXTENTS (UINT_MAX / sizeof(struct fiemap_extent)) @@ -40,6 +43,10 @@ if (!filp->f_op) goto out; + /***** TOMOYO Linux start. *****/ + if (!ccs_capable(CCS_SYS_IOCTL)) + return -EPERM; + /***** TOMOYO Linux end. *****/ if (filp->f_op->unlocked_ioctl) { error = filp->f_op->unlocked_ioctl(filp, cmd, arg); @@ -553,6 +560,10 @@ goto out; error = security_file_ioctl(filp, cmd, arg); + /***** TOMOYO Linux start. *****/ + if (!error) + error = ccs_check_ioctl_permission(filp, cmd, arg); + /***** TOMOYO Linux end. *****/ if (error) goto out_fput; Index: common/fs/namei.c =================================================================== --- common.orig/fs/namei.c 2010-03-31 20:36:17.000000000 +0200 +++ common/fs/namei.c 2010-04-23 10:14:17.000000000 +0200 @@ -35,6 +35,10 @@ #define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE]) +/***** TOMOYO Linux start. *****/ +#include +/***** TOMOYO Linux end. *****/ + /* [Feb-1997 T. Schoebel-Theuer] * Fundamental changes in the pathname lookup mechanisms (namei) * were necessary because of omirr. The reason is that omirr needs @@ -1524,6 +1528,13 @@ if (!is_owner_or_cap(inode)) return -EPERM; + /***** TOMOYO Linux start. *****/ + /* includes O_APPEND and O_TRUNC checks */ + error = ccs_check_open_permission(dentry, path->mnt, flag); + if (error) + return error; + /***** TOMOYO Linux end. *****/ + /* * Ensure there are no outstanding leases on the file. */ @@ -1574,6 +1585,11 @@ if (!IS_POSIXACL(dir->d_inode)) mode &= ~current->fs->umask; error = security_path_mknod(&nd->path, path->dentry, mode, 0); + /***** TOMOYO Linux start. *****/ + if (!error) + error = ccs_check_mknod_permission(dir->d_inode, path->dentry, + nd->path.mnt, mode, 0); + /***** TOMOYO Linux end. *****/ if (error) goto out_unlock; error = vfs_create(dir->d_inode, path->dentry, mode, nd); @@ -1587,6 +1603,9 @@ return may_open(&nd->path, 0, flag & ~O_TRUNC); } +/***** TOMOYO Linux start. *****/ +#include +/***** TOMOYO Linux end. *****/ /* * Note that while the flag value (low two bits) for sys_open means: * 00 - read-only @@ -1991,6 +2010,12 @@ if (error) goto out_dput; error = security_path_mknod(&nd.path, dentry, mode, dev); + /***** TOMOYO Linux start. *****/ + if (!error) + error = ccs_check_mknod_permission(nd.path.dentry->d_inode, + dentry, nd.path.mnt, mode, + dev); + /***** TOMOYO Linux end. *****/ if (error) goto out_drop_write; switch (mode & S_IFMT) { @@ -2066,6 +2091,11 @@ if (error) goto out_dput; error = security_path_mkdir(&nd.path, dentry, mode); + /***** TOMOYO Linux start. *****/ + if (!error) + error = ccs_check_mkdir_permission(nd.path.dentry->d_inode, + dentry, nd.path.mnt, mode); + /***** TOMOYO Linux end. *****/ if (error) goto out_drop_write; error = vfs_mkdir(nd.path.dentry->d_inode, dentry, mode); @@ -2180,6 +2210,11 @@ if (error) goto exit3; error = security_path_rmdir(&nd.path, dentry); + /***** TOMOYO Linux start. *****/ + if (!error) + error = ccs_check_rmdir_permission(nd.path.dentry->d_inode, + dentry, nd.path.mnt); + /***** TOMOYO Linux end. *****/ if (error) goto exit4; error = vfs_rmdir(nd.path.dentry->d_inode, dentry); @@ -2269,6 +2304,12 @@ if (error) goto exit2; error = security_path_unlink(&nd.path, dentry); + /***** TOMOYO Linux start. *****/ + if (!error) + error = ccs_check_unlink_permission(nd.path.dentry + ->d_inode, dentry, + nd.path.mnt); + /***** TOMOYO Linux end. *****/ if (error) goto exit3; error = vfs_unlink(nd.path.dentry->d_inode, dentry); @@ -2354,6 +2395,11 @@ if (error) goto out_dput; error = security_path_symlink(&nd.path, dentry, from); + /***** TOMOYO Linux start. *****/ + if (!error) + error = ccs_check_symlink_permission(nd.path.dentry->d_inode, + dentry, nd.path.mnt, from); + /***** TOMOYO Linux end. *****/ if (error) goto out_drop_write; error = vfs_symlink(nd.path.dentry->d_inode, dentry, from); @@ -2454,6 +2500,12 @@ if (error) goto out_dput; error = security_path_link(old_path.dentry, &nd.path, new_dentry); + /***** TOMOYO Linux start. *****/ + if (!error) + error = ccs_check_link_permission(old_path.dentry, + nd.path.dentry->d_inode, + new_dentry, nd.path.mnt); + /***** TOMOYO Linux end. *****/ if (error) goto out_drop_write; error = vfs_link(old_path.dentry, nd.path.dentry->d_inode, new_dentry); @@ -2695,6 +2747,13 @@ goto exit5; error = security_path_rename(&oldnd.path, old_dentry, &newnd.path, new_dentry); + /***** TOMOYO Linux start. *****/ + if (!error) + error = ccs_check_rename_permission(old_dir->d_inode, + old_dentry, + new_dir->d_inode, + new_dentry, newnd.path.mnt); + /***** TOMOYO Linux end. *****/ if (error) goto exit6; error = vfs_rename(old_dir->d_inode, old_dentry, Index: common/fs/namespace.c =================================================================== --- common.orig/fs/namespace.c 2010-03-31 20:36:17.000000000 +0200 +++ common/fs/namespace.c 2010-04-23 10:14:17.000000000 +0200 @@ -31,6 +31,12 @@ #include #include "pnode.h" #include "internal.h" +/***** SAKURA Linux start. *****/ +#include +/***** SAKURA Linux end. *****/ +/***** TOMOYO Linux start. *****/ +#include +/***** TOMOYO Linux end. *****/ #define HASH_SHIFT ilog2(PAGE_SIZE / sizeof(struct list_head)) #define HASH_SIZE (1UL << HASH_SHIFT) @@ -1043,6 +1049,11 @@ if (retval) return retval; + /***** SAKURA Linux start. *****/ + if (ccs_may_umount(mnt)) + return -EPERM; + /***** SAKURA Linux end. *****/ + /* * Allow userspace to request a mountpoint be expired rather than * unmounting unconditionally. Unmount only happens if: @@ -1134,6 +1145,10 @@ { struct path path; int retval; + /***** TOMOYO Linux start. *****/ + if (!ccs_capable(CCS_SYS_UMOUNT)) + return -EPERM; + /***** TOMOYO Linux end. *****/ retval = user_path(name, &path); if (retval) @@ -1482,6 +1497,11 @@ if (!check_mnt(path->mnt) || !check_mnt(old_path.mnt)) goto out; + /***** SAKURA Linux start. *****/ + err = -EPERM; + if (ccs_may_mount(path)) + goto out; + /***** SAKURA Linux end. *****/ err = -ENOMEM; if (recurse) @@ -1593,6 +1613,11 @@ if (!check_mnt(path->mnt) || !check_mnt(old_path.mnt)) goto out; + /***** SAKURA Linux start. *****/ + err = -EPERM; + if (ccs_may_umount(old_path.mnt) || ccs_may_mount(path)) + goto out; + /***** SAKURA Linux end. *****/ err = -ENOENT; mutex_lock(&path->dentry->d_inode->i_mutex); if (IS_DEADDIR(path->dentry->d_inode)) @@ -1696,6 +1721,11 @@ err = -EINVAL; if (S_ISLNK(newmnt->mnt_root->d_inode->i_mode)) goto unlock; + /***** SAKURA Linux start. *****/ + err = -EPERM; + if (ccs_may_mount(path)) + goto unlock; + /***** SAKURA Linux end. *****/ newmnt->mnt_flags = mnt_flags; if ((err = graft_tree(newmnt, path))) @@ -1919,6 +1949,17 @@ if (data_page) ((char *)data_page)[PAGE_SIZE - 1] = 0; + /***** TOMOYO Linux start. *****/ + if (!ccs_capable(CCS_SYS_MOUNT)) + return -EPERM; + /***** TOMOYO Linux end. *****/ + /***** SAKURA Linux start. *****/ + retval = ccs_check_mount_permission(dev_name, dir_name, type_page, + &flags); + if (retval) + return retval; + /***** SAKURA Linux end. *****/ + /* Separate the per-mountpoint flags */ if (flags & MS_NOSUID) mnt_flags |= MNT_NOSUID; @@ -2182,6 +2223,10 @@ if (!capable(CAP_SYS_ADMIN)) return -EPERM; + /***** TOMOYO Linux start. *****/ + if (!ccs_capable(CCS_SYS_PIVOT_ROOT)) + return -EPERM; + /***** TOMOYO Linux end. *****/ error = user_path_dir(new_root, &new); if (error) @@ -2195,6 +2240,10 @@ goto out1; error = security_sb_pivotroot(&old, &new); + /***** SAKURA Linux start. *****/ + if (!error) + error = ccs_check_pivot_root_permission(&old, &new); + /***** SAKURA Linux end. *****/ if (error) { path_put(&old); goto out1; Index: common/fs/open.c =================================================================== --- common.orig/fs/open.c 2010-03-31 20:36:17.000000000 +0200 +++ common/fs/open.c 2010-04-23 10:14:17.000000000 +0200 @@ -29,6 +29,12 @@ #include #include #include +/***** SAKURA Linux start. *****/ +#include +/***** SAKURA Linux end. *****/ +/***** TOMOYO Linux start. *****/ +#include +/***** TOMOYO Linux end. *****/ int vfs_statfs(struct dentry *dentry, struct kstatfs *buf) { @@ -272,6 +278,11 @@ error = locks_verify_truncate(inode, NULL, length); if (!error) error = security_path_truncate(&path, length, 0); + /***** TOMOYO Linux start. *****/ + if (!error) + error = ccs_check_truncate_permission(path.dentry, path.mnt, + length, 0); + /***** TOMOYO Linux end. *****/ if (!error) { DQUOT_INIT(inode); error = do_truncate(path.dentry, length, 0, NULL); @@ -331,6 +342,12 @@ if (!error) error = security_path_truncate(&file->f_path, length, ATTR_MTIME|ATTR_CTIME); + /***** TOMOYO Linux start. *****/ + if (!error) + error = ccs_check_truncate_permission(dentry, file->f_vfsmnt, + length, + ATTR_MTIME|ATTR_CTIME); + /***** TOMOYO Linux end. *****/ if (!error) error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, file); out_putf: @@ -585,6 +602,14 @@ error = -EPERM; if (!capable(CAP_SYS_CHROOT)) goto dput_and_out; + /***** TOMOYO Linux start. *****/ + if (!ccs_capable(CCS_SYS_CHROOT)) + goto dput_and_out; + /***** TOMOYO Linux end. *****/ + /***** SAKURA Linux start. *****/ + if (ccs_check_chroot_permission(&path)) + goto dput_and_out; + /***** SAKURA Linux end. *****/ set_fs_root(current->fs, &path); error = 0; @@ -1156,6 +1181,10 @@ */ SYSCALL_DEFINE0(vhangup) { + /***** TOMOYO Linux start. *****/ + if (!ccs_capable(CCS_SYS_VHANGUP)) + return -EPERM; + /***** TOMOYO Linux end. *****/ if (capable(CAP_SYS_TTY_CONFIG)) { tty_vhangup_self(); return 0; Index: common/fs/proc/Makefile =================================================================== --- common.orig/fs/proc/Makefile 2010-03-31 20:36:17.000000000 +0200 +++ common/fs/proc/Makefile 2010-04-23 10:14:17.000000000 +0200 @@ -25,3 +25,6 @@ proc-$(CONFIG_PROC_DEVICETREE) += proc_devtree.o proc-$(CONFIG_PRINTK) += kmsg.o proc-$(CONFIG_PROC_PAGE_MONITOR) += page.o + +proc-$(CONFIG_SAKURA) += ccs_proc.o +proc-$(CONFIG_TOMOYO) += ccs_proc.o Index: common/fs/proc/version.c =================================================================== --- common.orig/fs/proc/version.c 2010-03-31 20:36:17.000000000 +0200 +++ common/fs/proc/version.c 2010-04-23 10:14:17.000000000 +0200 @@ -32,3 +32,14 @@ return 0; } module_init(proc_version_init); + +/***** CCS start. *****/ +#if defined(CONFIG_SAKURA) || defined(CONFIG_TOMOYO) +static int __init ccs_show_version(void) +{ + printk(KERN_INFO "Hook version: 2.6.29.4 2009/05/20\n"); + return 0; +} +module_init(ccs_show_version); +#endif +/***** CCS end. *****/ Index: common/include/linux/init_task.h =================================================================== --- common.orig/include/linux/init_task.h 2010-03-31 20:36:17.000000000 +0200 +++ common/include/linux/init_task.h 2010-04-23 10:14:17.000000000 +0200 @@ -184,6 +184,10 @@ INIT_IDS \ INIT_TRACE_IRQFLAGS \ INIT_LOCKDEP \ + /***** TOMOYO Linux start. *****/ \ + .ccs_domain_info = NULL, \ + .ccs_flags = 0, \ + /***** TOMOYO Linux end. *****/ \ } Index: common/include/linux/sched.h =================================================================== --- common.orig/include/linux/sched.h 2010-03-31 20:36:17.000000000 +0200 +++ common/include/linux/sched.h 2010-04-23 10:14:17.000000000 +0200 @@ -29,6 +29,10 @@ #define CLONE_NEWNET 0x40000000 /* New network namespace */ #define CLONE_IO 0x80000000 /* Clone io context */ +/***** TOMOYO Linux start. *****/ +struct ccs_domain_info; +/***** TOMOYO Linux end. *****/ + /* * Scheduling policies */ @@ -1417,6 +1421,10 @@ /* state flags for use by tracers */ unsigned long trace; #endif + /***** TOMOYO Linux start. *****/ + struct ccs_domain_info *ccs_domain_info; + u32 ccs_flags; + /***** TOMOYO Linux end. *****/ }; /* Future-safe accessor for struct task_struct's cpus_allowed. */ Index: common/kernel/compat.c =================================================================== --- common.orig/kernel/compat.c 2010-03-31 20:36:17.000000000 +0200 +++ common/kernel/compat.c 2010-04-23 10:14:17.000000000 +0200 @@ -27,6 +27,9 @@ #include #include +/***** TOMOYO Linux start. *****/ +#include +/***** TOMOYO Linux end. *****/ /* * Note that the native side is already converted to a timespec, because @@ -915,6 +918,10 @@ err = security_settime(&tv, NULL); if (err) return err; + /***** TOMOYO Linux start. *****/ + if (!ccs_capable(CCS_SYS_SETTIME)) + return -EPERM; + /***** TOMOYO Linux end. *****/ do_settimeofday(&tv); return 0; Index: common/kernel/kexec.c =================================================================== --- common.orig/kernel/kexec.c 2010-03-31 20:36:17.000000000 +0200 +++ common/kernel/kexec.c 2010-04-23 10:14:17.000000000 +0200 @@ -37,6 +37,9 @@ #include #include #include +/***** TOMOYO Linux start. *****/ +#include +/***** TOMOYO Linux end. *****/ /* Per cpu memory for storing cpu states in case of system crash. */ note_buf_t* crash_notes; @@ -943,6 +946,10 @@ /* We only trust the superuser with rebooting the system. */ if (!capable(CAP_SYS_BOOT)) return -EPERM; + /***** TOMOYO Linux start. *****/ + if (!ccs_capable(CCS_SYS_KEXEC_LOAD)) + return -EPERM; + /***** TOMOYO Linux end. *****/ /* * Verify we have a legal set of flags Index: common/kernel/kmod.c =================================================================== --- common.orig/kernel/kmod.c 2010-03-31 20:36:17.000000000 +0200 +++ common/kernel/kmod.c 2010-04-23 10:14:17.000000000 +0200 @@ -175,6 +175,11 @@ */ set_user_nice(current, 0); + /***** TOMOYO Linux start. *****/ + current->ccs_domain_info = NULL; + current->ccs_flags = 0; + /***** TOMOYO Linux end. *****/ + retval = kernel_execve(sub_info->path, sub_info->argv, sub_info->envp); /* Exec failed? */ Index: common/kernel/module.c =================================================================== --- common.orig/kernel/module.c 2010-03-31 20:36:17.000000000 +0200 +++ common/kernel/module.c 2010-04-23 10:14:17.000000000 +0200 @@ -51,6 +51,9 @@ #include #include #include +/***** TOMOYO Linux start. *****/ +#include +/***** TOMOYO Linux end. *****/ #if 0 #define DEBUGP printk @@ -753,6 +756,10 @@ if (!capable(CAP_SYS_MODULE)) return -EPERM; + /***** TOMOYO Linux start. *****/ + if (!ccs_capable(CCS_USE_KERNEL_MODULE)) + return -EPERM; + /***** TOMOYO Linux end. *****/ if (strncpy_from_user(name, name_user, MODULE_NAME_LEN-1) < 0) return -EFAULT; @@ -2322,6 +2329,10 @@ /* Must have permission */ if (!capable(CAP_SYS_MODULE)) return -EPERM; + /***** TOMOYO Linux start. *****/ + if (!ccs_capable(CCS_USE_KERNEL_MODULE)) + return -EPERM; + /***** TOMOYO Linux end. *****/ /* Only one module load at a time, please */ if (mutex_lock_interruptible(&module_mutex) != 0) Index: common/kernel/ptrace.c =================================================================== --- common.orig/kernel/ptrace.c 2010-03-31 20:36:17.000000000 +0200 +++ common/kernel/ptrace.c 2010-04-23 10:14:17.000000000 +0200 @@ -24,6 +24,9 @@ #include #include +/***** TOMOYO Linux start. *****/ +#include +/***** TOMOYO Linux end. *****/ /* @@ -578,6 +581,10 @@ { struct task_struct *child; long ret; + /***** TOMOYO Linux start. *****/ + if (!ccs_capable(CCS_SYS_PTRACE)) + return -EPERM; + /***** TOMOYO Linux end. *****/ /* * This lock_kernel fixes a subtle race with suid exec @@ -701,6 +708,10 @@ { struct task_struct *child; long ret; + /***** TOMOYO Linux start. *****/ + if (!ccs_capable(CCS_SYS_PTRACE)) + return -EPERM; + /***** TOMOYO Linux end. *****/ /* * This lock_kernel fixes a subtle race with suid exec Index: common/kernel/sched.c =================================================================== --- common.orig/kernel/sched.c 2010-03-31 20:36:17.000000000 +0200 +++ common/kernel/sched.c 2010-04-23 10:14:17.000000000 +0200 @@ -76,6 +76,9 @@ #include #include +/***** TOMOYO Linux start. *****/ +#include +/***** TOMOYO Linux end. *****/ #include "sched_cpupri.h" @@ -5192,6 +5195,10 @@ SYSCALL_DEFINE1(nice, int, increment) { long nice, retval; + /***** TOMOYO Linux start. *****/ + if (!ccs_capable(CCS_SYS_NICE)) + return -EPERM; + /***** TOMOYO Linux end. *****/ /* * Setpriority might change our priority at the same moment. Index: common/kernel/signal.c =================================================================== --- common.orig/kernel/signal.c 2010-03-31 20:36:17.000000000 +0200 +++ common/kernel/signal.c 2010-04-23 10:14:17.000000000 +0200 @@ -34,6 +34,9 @@ #include #include #include "audit.h" /* audit_signal_info() */ +/***** TOMOYO Linux start. *****/ +#include +/***** TOMOYO Linux end. *****/ /* * SLAB caches for signal bits. @@ -2233,6 +2236,12 @@ SYSCALL_DEFINE2(kill, pid_t, pid, int, sig) { struct siginfo info; + /***** TOMOYO Linux start. *****/ + if (sig && !ccs_capable(CCS_SYS_KILL)) + return -EPERM; + if (sig && ccs_check_signal_acl(sig, pid)) + return -EPERM; + /***** TOMOYO Linux end. *****/ info.si_signo = sig; info.si_errno = 0; @@ -2294,6 +2303,12 @@ /* This is only valid for single tasks */ if (pid <= 0 || tgid <= 0) return -EINVAL; + /***** TOMOYO Linux start. *****/ + if (sig && !ccs_capable(CCS_SYS_KILL)) + return -EPERM; + if (sig && ccs_check_signal_acl(sig, pid)) + return -EPERM; + /***** TOMOYO Linux end. *****/ return do_tkill(tgid, pid, sig); } @@ -2306,6 +2321,12 @@ /* This is only valid for single tasks */ if (pid <= 0) return -EINVAL; + /***** TOMOYO Linux start. *****/ + if (sig && !ccs_capable(CCS_SYS_KILL)) + return -EPERM; + if (sig && ccs_check_signal_acl(sig, pid)) + return -EPERM; + /***** TOMOYO Linux end. *****/ return do_tkill(0, pid, sig); } Index: common/kernel/sys.c =================================================================== --- common.orig/kernel/sys.c 2010-03-31 20:36:17.000000000 +0200 +++ common/kernel/sys.c 2010-04-23 10:14:17.000000000 +0200 @@ -43,6 +43,9 @@ #include #include #include +/***** TOMOYO Linux start. *****/ +#include +/***** TOMOYO Linux end. *****/ #ifndef SET_UNALIGN_CTL # define SET_UNALIGN_CTL(a,b) (-EINVAL) @@ -153,6 +156,12 @@ if (which > PRIO_USER || which < PRIO_PROCESS) goto out; + /***** TOMOYO Linux start. *****/ + if (!ccs_capable(CCS_SYS_NICE)) { + error = -EPERM; + goto out; + } + /***** TOMOYO Linux end. *****/ /* normalize: avoid signed division (rounding problems) */ error = -ESRCH; @@ -371,6 +380,10 @@ magic2 != LINUX_REBOOT_MAGIC2B && magic2 != LINUX_REBOOT_MAGIC2C)) return -EINVAL; + /***** TOMOYO Linux start. *****/ + if (!ccs_capable(CCS_SYS_REBOOT)) + return -EPERM; + /***** TOMOYO Linux end. *****/ /* Instead of trying to make the power_off code look like * halt when pm_power_off is not set do it the easy way. @@ -1424,6 +1437,10 @@ return -EPERM; if (len < 0 || len > __NEW_UTS_LEN) return -EINVAL; + /***** TOMOYO Linux start. *****/ + if (!ccs_capable(CCS_SYS_SETHOSTNAME)) + return -EPERM; + /***** TOMOYO Linux end. *****/ down_write(&uts_sem); errno = -EFAULT; if (!copy_from_user(tmp, name, len)) { @@ -1473,6 +1490,10 @@ return -EPERM; if (len < 0 || len > __NEW_UTS_LEN) return -EINVAL; + /***** TOMOYO Linux start. *****/ + if (!ccs_capable(CCS_SYS_SETHOSTNAME)) + return -EPERM; + /***** TOMOYO Linux end. *****/ down_write(&uts_sem); errno = -EFAULT; Index: common/kernel/sysctl.c =================================================================== --- common.orig/kernel/sysctl.c 2010-03-31 20:36:17.000000000 +0200 +++ common/kernel/sysctl.c 2010-04-23 10:14:17.000000000 +0200 @@ -51,6 +51,9 @@ #include #include +/***** TOMOYO Linux start. *****/ +#include +/***** TOMOYO Linux end. *****/ #ifdef CONFIG_X86 #include @@ -1694,6 +1697,11 @@ for (head = sysctl_head_next(NULL); head; head = sysctl_head_next(head)) { + /***** TOMOYO Linux start. *****/ + error = ccs_parse_table(name, nlen, oldval, newval, + head->ctl_table); + if (!error) + /***** TOMOYO Linux end. *****/ error = parse_table(name, nlen, oldval, oldlenp, newval, newlen, head->root, head->ctl_table); Index: common/kernel/time.c =================================================================== --- common.orig/kernel/time.c 2010-03-31 20:36:17.000000000 +0200 +++ common/kernel/time.c 2010-04-23 10:14:17.000000000 +0200 @@ -41,6 +41,9 @@ #include #include +/***** TOMOYO Linux start. *****/ +#include +/***** TOMOYO Linux end. *****/ #include "timeconst.h" @@ -92,6 +95,10 @@ err = security_settime(&tv, NULL); if (err) return err; + /***** TOMOYO Linux start. *****/ + if (!ccs_capable(CCS_SYS_SETTIME)) + return -EPERM; + /***** TOMOYO Linux end. *****/ do_settimeofday(&tv); return 0; @@ -163,6 +170,10 @@ error = security_settime(tv, tz); if (error) return error; + /***** TOMOYO Linux start. *****/ + if (!ccs_capable(CCS_SYS_SETTIME)) + return -EPERM; + /***** TOMOYO Linux end. *****/ if (tz) { /* SMP safe, global irq locking makes it work. */ Index: common/kernel/time/ntp.c =================================================================== --- common.orig/kernel/time/ntp.c 2010-03-31 20:36:17.000000000 +0200 +++ common/kernel/time/ntp.c 2010-04-23 10:14:17.000000000 +0200 @@ -18,6 +18,9 @@ #include #include #include +/***** TOMOYO Linux start. *****/ +#include +/***** TOMOYO Linux end. *****/ /* * Timekeeping variables @@ -286,10 +289,19 @@ if (!(txc->modes & ADJ_OFFSET_READONLY) && !capable(CAP_SYS_TIME)) return -EPERM; + /***** TOMOYO Linux start. *****/ + if (!(txc->modes & ADJ_OFFSET_READONLY) && + !ccs_capable(CCS_SYS_SETTIME)) + return -EPERM; + /***** TOMOYO Linux end. *****/ } else { /* In order to modify anything, you gotta be super-user! */ if (txc->modes && !capable(CAP_SYS_TIME)) return -EPERM; + /***** TOMOYO Linux start. *****/ + if (txc->modes && !ccs_capable(CCS_SYS_SETTIME)) + return -EPERM; + /***** TOMOYO Linux end. *****/ /* if the quartz is off by more than 10% something is VERY wrong! */ if (txc->modes & ADJ_TICK && Index: common/net/ipv4/inet_connection_sock.c =================================================================== --- common.orig/net/ipv4/inet_connection_sock.c 2010-03-31 20:36:17.000000000 +0200 +++ common/net/ipv4/inet_connection_sock.c 2010-04-23 10:14:17.000000000 +0200 @@ -23,6 +23,9 @@ #include #include #include +/***** SAKURA Linux start. *****/ +#include +/***** SAKURA Linux end. *****/ #ifdef INET_CSK_DEBUG const char inet_csk_timer_bug_msg[] = "inet_csk BUG: unknown timer value\n"; @@ -108,6 +111,10 @@ head = &hashinfo->bhash[inet_bhashfn(net, rover, hashinfo->bhash_size)]; spin_lock(&head->lock); + /***** SAKURA Linux start. *****/ + if (ccs_lport_reserved(rover)) + goto next; + /***** SAKURA Linux end. *****/ inet_bind_bucket_for_each(tb, node, &head->chain) if (ib_net(tb) == net && tb->port == rover) goto next; Index: common/net/ipv4/inet_hashtables.c =================================================================== --- common.orig/net/ipv4/inet_hashtables.c 2010-03-31 20:36:17.000000000 +0200 +++ common/net/ipv4/inet_hashtables.c 2010-04-23 10:14:17.000000000 +0200 @@ -22,6 +22,9 @@ #include #include #include +/***** SAKURA Linux start. *****/ +#include +/***** SAKURA Linux end. *****/ /* * Allocate and initialize a new local port bind bucket. @@ -434,6 +437,10 @@ local_bh_disable(); for (i = 1; i <= remaining; i++) { port = low + (i + offset) % remaining; + /***** SAKURA Linux start. *****/ + if (ccs_lport_reserved(port)) + continue; + /***** SAKURA Linux end. *****/ head = &hinfo->bhash[inet_bhashfn(net, port, hinfo->bhash_size)]; spin_lock(&head->lock); Index: common/net/ipv4/raw.c =================================================================== --- common.orig/net/ipv4/raw.c 2010-03-31 20:36:17.000000000 +0200 +++ common/net/ipv4/raw.c 2010-04-23 10:14:17.000000000 +0200 @@ -77,6 +77,9 @@ #include #include #include +/***** TOMOYO Linux start. *****/ +#include +/***** TOMOYO Linux end. *****/ static struct raw_hashinfo raw_v4_hashinfo = { .lock = __RW_LOCK_UNLOCKED(raw_v4_hashinfo.lock), @@ -665,6 +668,11 @@ skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) goto out; + /***** TOMOYO Linux start. *****/ + err = ccs_socket_recvmsg_permission(sk, skb, flags); + if (err) + goto out; + /***** TOMOYO Linux end. *****/ copied = skb->len; if (len < copied) { Index: common/net/ipv4/udp.c =================================================================== --- common.orig/net/ipv4/udp.c 2010-03-31 20:36:17.000000000 +0200 +++ common/net/ipv4/udp.c 2010-04-23 10:14:17.000000000 +0200 @@ -105,6 +105,12 @@ #include #include #include "udp_impl.h" +/***** SAKURA Linux start. *****/ +#include +/***** SAKURA Linux end. *****/ +/***** TOMOYO Linux start. *****/ +#include +/***** TOMOYO Linux end. *****/ struct udp_table udp_table; EXPORT_SYMBOL(udp_table); @@ -195,7 +201,10 @@ */ do { if (low <= snum && snum <= high && - !test_bit(snum / UDP_HTABLE_SIZE, bitmap)) + !test_bit(snum / UDP_HTABLE_SIZE, bitmap) + /***** SAKURA Linux start. *****/ + && !ccs_lport_reserved(snum)) + /***** SAKURA Linux end. *****/ goto found; snum += rand; } while (snum != first); @@ -897,6 +906,11 @@ &peeked, &err); if (!skb) goto out; + /***** TOMOYO Linux start. *****/ + err = ccs_socket_recvmsg_permission(sk, skb, flags); + if (err) + goto out; + /***** TOMOYO Linux end. *****/ ulen = skb->len - sizeof(struct udphdr); copied = len; Index: common/net/ipv6/raw.c =================================================================== --- common.orig/net/ipv6/raw.c 2010-03-31 20:36:17.000000000 +0200 +++ common/net/ipv6/raw.c 2010-04-23 10:14:17.000000000 +0200 @@ -59,6 +59,9 @@ #include #include +/***** TOMOYO Linux start. *****/ +#include +/***** TOMOYO Linux end. *****/ static struct raw_hashinfo raw_v6_hashinfo = { .lock = __RW_LOCK_UNLOCKED(raw_v6_hashinfo.lock), @@ -465,6 +468,11 @@ skb = skb_recv_datagram(sk, flags, noblock, &err); if (!skb) goto out; + /***** TOMOYO Linux start. *****/ + err = ccs_socket_recvmsg_permission(sk, skb, flags); + if (err) + goto out; + /***** TOMOYO Linux end. *****/ copied = skb->len; if (copied > len) { Index: common/net/ipv6/udp.c =================================================================== --- common.orig/net/ipv6/udp.c 2010-03-31 20:36:17.000000000 +0200 +++ common/net/ipv6/udp.c 2010-04-23 10:14:17.000000000 +0200 @@ -48,6 +48,9 @@ #include #include #include "udp_impl.h" +/***** TOMOYO Linux start. *****/ +#include +/***** TOMOYO Linux end. *****/ int udp_v6_get_port(struct sock *sk, unsigned short snum) { @@ -180,6 +183,11 @@ &peeked, &err); if (!skb) goto out; + /***** TOMOYO Linux start. *****/ + err = ccs_socket_recvmsg_permission(sk, skb, flags); + if (err) + goto out; + /***** TOMOYO Linux end. *****/ ulen = skb->len - sizeof(struct udphdr); copied = len; Index: common/net/socket.c =================================================================== --- common.orig/net/socket.c 2010-03-31 20:36:17.000000000 +0200 +++ common/net/socket.c 2010-04-23 10:14:17.000000000 +0200 @@ -100,6 +100,11 @@ #include #endif +/***** TOMOYO Linux start. *****/ +#include +#include +/***** TOMOYO Linux end. *****/ + static int sock_no_open(struct inode *irrelevant, struct file *dontcare); static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov, unsigned long nr_segs, loff_t pos); @@ -563,6 +568,12 @@ err = security_socket_sendmsg(sock, msg, size); if (err) return err; + /***** TOMOYO Linux start. *****/ + if (ccs_socket_sendmsg_permission(sock, + (struct sockaddr *) msg->msg_name, + msg->msg_namelen)) + return -EPERM; + /***** TOMOYO Linux end. *****/ err = sock->ops->sendmsg(iocb, sock, msg, size); #ifdef CONFIG_UID_STAT @@ -1135,6 +1146,12 @@ family = PF_PACKET; } + /***** TOMOYO Linux start. *****/ + err = ccs_socket_create_permission(family, type, protocol); + if (err) + return err; + /***** TOMOYO Linux end. *****/ + err = security_socket_create(family, type, protocol, kern); if (err) return err; @@ -1383,6 +1400,13 @@ err = security_socket_bind(sock, (struct sockaddr *)&address, addrlen); + /***** TOMOYO Linux start. *****/ + if (!err) + err = ccs_socket_bind_permission(sock, + (struct sockaddr *) + &address, + addrlen); + /***** TOMOYO Linux end. *****/ if (!err) err = sock->ops->bind(sock, (struct sockaddr *) @@ -1412,6 +1436,10 @@ backlog = somaxconn; err = security_socket_listen(sock, backlog); + /***** TOMOYO Linux start. *****/ + if (!err) + err = ccs_socket_listen_permission(sock); + /***** TOMOYO Linux end. *****/ if (!err) err = sock->ops->listen(sock, backlog); @@ -1482,6 +1510,13 @@ if (err < 0) goto out_fd; + /***** TOMOYO Linux start. *****/ + if (ccs_socket_accept_permission(newsock, + (struct sockaddr *) &address)) { + err = -ECONNABORTED; /* Hope less harmful than -EPERM. */ + goto out_fd; + } + /***** TOMOYO Linux end. *****/ if (upeer_sockaddr) { if (newsock->ops->getname(newsock, (struct sockaddr *)&address, &len, 2) < 0) { @@ -1547,6 +1582,12 @@ err = move_addr_to_kernel(uservaddr, addrlen, (struct sockaddr *)&address); if (err < 0) goto out_put; + /***** TOMOYO Linux start. *****/ + err = ccs_socket_connect_permission(sock, (struct sockaddr *) &address, + addrlen); + if (err) + goto out_put; + /***** TOMOYO Linux end. *****/ err = security_socket_connect(sock, (struct sockaddr *)&address, addrlen); Index: common/net/unix/af_unix.c =================================================================== --- common.orig/net/unix/af_unix.c 2010-03-31 20:36:17.000000000 +0200 +++ common/net/unix/af_unix.c 2010-04-23 10:14:17.000000000 +0200 @@ -114,6 +114,9 @@ #include #include #include +/***** TOMOYO Linux start. *****/ +#include +/***** TOMOYO Linux end. *****/ static struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1]; static DEFINE_SPINLOCK(unix_table_lock); @@ -837,6 +840,12 @@ if (err) goto out_mknod_dput; err = security_path_mknod(&nd.path, dentry, mode, 0); + /***** TOMOYO Linux start. *****/ + if (!err) + err = ccs_check_mknod_permission(nd.path.dentry + ->d_inode, dentry, + nd.path.mnt, mode, 0); + /***** TOMOYO Linux end. *****/ if (err) goto out_mknod_drop_write; err = vfs_mknod(nd.path.dentry->d_inode, dentry, mode, 0);