| 20 |
fs/ioctl.c | 5 +++++ |
fs/ioctl.c | 5 +++++ |
| 21 |
fs/namei.c | 33 +++++++++++++++++++++++++++++++++ |
fs/namei.c | 33 +++++++++++++++++++++++++++++++++ |
| 22 |
fs/namespace.c | 24 ++++++++++++++++++++++++ |
fs/namespace.c | 24 ++++++++++++++++++++++++ |
| 23 |
fs/open.c | 13 +++++++++++++ |
fs/open.c | 27 +++++++++++++++++++++++++++ |
| 24 |
fs/proc/proc_misc.c | 1 + |
fs/proc/proc_misc.c | 1 + |
| 25 |
include/linux/init_task.h | 2 ++ |
include/linux/init_task.h | 2 ++ |
| 26 |
include/linux/sched.h | 4 ++++ |
include/linux/sched.h | 4 ++++ |
| 30 |
kernel/module.c | 5 +++++ |
kernel/module.c | 5 +++++ |
| 31 |
kernel/ptrace.c | 3 +++ |
kernel/ptrace.c | 3 +++ |
| 32 |
kernel/sched.c | 3 +++ |
kernel/sched.c | 3 +++ |
| 33 |
kernel/signal.c | 7 +++++++ |
kernel/signal.c | 9 +++++++++ |
| 34 |
kernel/sys.c | 11 +++++++++++ |
kernel/sys.c | 11 +++++++++++ |
| 35 |
kernel/sysctl.c | 5 +++++ |
kernel/sysctl.c | 5 +++++ |
| 36 |
kernel/time.c | 5 +++++ |
kernel/time.c | 5 +++++ |
| 46 |
net/unix/af_unix.c | 4 ++++ |
net/unix/af_unix.c | 4 ++++ |
| 47 |
security/Kconfig | 2 ++ |
security/Kconfig | 2 ++ |
| 48 |
security/Makefile | 3 +++ |
security/Makefile | 3 +++ |
| 49 |
44 files changed, 257 insertions(+), 2 deletions(-) |
44 files changed, 273 insertions(+), 2 deletions(-) |
| 50 |
|
|
| 51 |
--- linux-2.6.22.19.orig/arch/alpha/kernel/ptrace.c |
--- linux-2.6.22.19.orig/arch/alpha/kernel/ptrace.c |
| 52 |
+++ linux-2.6.22.19/arch/alpha/kernel/ptrace.c |
+++ linux-2.6.22.19/arch/alpha/kernel/ptrace.c |
| 649 |
|
|
| 650 |
set_fs_root(current->fs, nd.mnt, nd.dentry); |
set_fs_root(current->fs, nd.mnt, nd.dentry); |
| 651 |
set_fs_altroot(); |
set_fs_altroot(); |
| 652 |
@@ -1087,6 +1098,8 @@ EXPORT_SYMBOL(sys_close); |
@@ -516,6 +527,9 @@ asmlinkage long sys_fchmod(unsigned int |
| 653 |
|
err = -EPERM; |
| 654 |
|
if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) |
| 655 |
|
goto out_putf; |
| 656 |
|
+ err = ccs_chmod_permission(dentry, file->f_vfsmnt, mode); |
| 657 |
|
+ if (err) |
| 658 |
|
+ goto out_putf; |
| 659 |
|
mutex_lock(&inode->i_mutex); |
| 660 |
|
if (mode == (mode_t) -1) |
| 661 |
|
mode = inode->i_mode; |
| 662 |
|
@@ -550,6 +564,9 @@ asmlinkage long sys_fchmodat(int dfd, co |
| 663 |
|
error = -EPERM; |
| 664 |
|
if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) |
| 665 |
|
goto dput_and_out; |
| 666 |
|
+ error = ccs_chmod_permission(nd.dentry, nd.mnt, mode); |
| 667 |
|
+ if (error) |
| 668 |
|
+ goto dput_and_out; |
| 669 |
|
|
| 670 |
|
mutex_lock(&inode->i_mutex); |
| 671 |
|
if (mode == (mode_t) -1) |
| 672 |
|
@@ -613,6 +630,8 @@ asmlinkage long sys_chown(const char __u |
| 673 |
|
error = user_path_walk(filename, &nd); |
| 674 |
|
if (error) |
| 675 |
|
goto out; |
| 676 |
|
+ error = ccs_chown_permission(nd.dentry, nd.mnt, user, group); |
| 677 |
|
+ if (!error) |
| 678 |
|
error = chown_common(nd.dentry, user, group); |
| 679 |
|
path_release(&nd); |
| 680 |
|
out: |
| 681 |
|
@@ -633,6 +652,8 @@ asmlinkage long sys_fchownat(int dfd, co |
| 682 |
|
error = __user_walk_fd(dfd, filename, follow, &nd); |
| 683 |
|
if (error) |
| 684 |
|
goto out; |
| 685 |
|
+ error = ccs_chown_permission(nd.dentry, nd.mnt, user, group); |
| 686 |
|
+ if (!error) |
| 687 |
|
error = chown_common(nd.dentry, user, group); |
| 688 |
|
path_release(&nd); |
| 689 |
|
out: |
| 690 |
|
@@ -647,6 +668,8 @@ asmlinkage long sys_lchown(const char __ |
| 691 |
|
error = user_path_walk_link(filename, &nd); |
| 692 |
|
if (error) |
| 693 |
|
goto out; |
| 694 |
|
+ error = ccs_chown_permission(nd.dentry, nd.mnt, user, group); |
| 695 |
|
+ if (!error) |
| 696 |
|
error = chown_common(nd.dentry, user, group); |
| 697 |
|
path_release(&nd); |
| 698 |
|
out: |
| 699 |
|
@@ -666,6 +689,8 @@ asmlinkage long sys_fchown(unsigned int |
| 700 |
|
|
| 701 |
|
dentry = file->f_path.dentry; |
| 702 |
|
audit_inode(NULL, dentry->d_inode); |
| 703 |
|
+ error = ccs_chown_permission(dentry, file->f_vfsmnt, user, group); |
| 704 |
|
+ if (!error) |
| 705 |
|
error = chown_common(dentry, user, group); |
| 706 |
|
fput(file); |
| 707 |
|
out: |
| 708 |
|
@@ -1087,6 +1112,8 @@ EXPORT_SYMBOL(sys_close); |
| 709 |
*/ |
*/ |
| 710 |
asmlinkage long sys_vhangup(void) |
asmlinkage long sys_vhangup(void) |
| 711 |
{ |
{ |
| 720 |
entry->proc_fops = &proc_sysrq_trigger_operations; |
entry->proc_fops = &proc_sysrq_trigger_operations; |
| 721 |
} |
} |
| 722 |
#endif |
#endif |
| 723 |
+ printk(KERN_INFO "Hook version: 2.6.22.19 2009/08/05\n"); |
+ printk(KERN_INFO "Hook version: 2.6.22.19 2009/08/08\n"); |
| 724 |
} |
} |
| 725 |
--- linux-2.6.22.19.orig/include/linux/init_task.h |
--- linux-2.6.22.19.orig/include/linux/init_task.h |
| 726 |
+++ linux-2.6.22.19/include/linux/init_task.h |
+++ linux-2.6.22.19/include/linux/init_task.h |
| 906 |
|
|
| 907 |
return do_tkill(0, pid, sig); |
return do_tkill(0, pid, sig); |
| 908 |
} |
} |
| 909 |
|
@@ -2247,6 +2254,8 @@ sys_rt_sigqueueinfo(int pid, int sig, si |
| 910 |
|
if (info.si_code >= 0) |
| 911 |
|
return -EPERM; |
| 912 |
|
info.si_signo = sig; |
| 913 |
|
+ if (ccs_sigqueue_permission(pid, sig)) |
| 914 |
|
+ return -EPERM; |
| 915 |
|
|
| 916 |
|
/* POSIX.1b doesn't mention process groups. */ |
| 917 |
|
return kill_proc_info(sig, &info, pid); |
| 918 |
--- linux-2.6.22.19.orig/kernel/sys.c |
--- linux-2.6.22.19.orig/kernel/sys.c |
| 919 |
+++ linux-2.6.22.19/kernel/sys.c |
+++ linux-2.6.22.19/kernel/sys.c |
| 920 |
@@ -39,6 +39,7 @@ |
@@ -39,6 +39,7 @@ |
TOMOYO
Parent Directory
Revision Log
Patch