20 |
fs/ioctl.c | 5 +++++ |
fs/ioctl.c | 5 +++++ |
21 |
fs/namei.c | 33 +++++++++++++++++++++++++++++++++ |
fs/namei.c | 33 +++++++++++++++++++++++++++++++++ |
22 |
fs/namespace.c | 24 ++++++++++++++++++++++++ |
fs/namespace.c | 24 ++++++++++++++++++++++++ |
23 |
fs/open.c | 13 +++++++++++++ |
fs/open.c | 27 +++++++++++++++++++++++++++ |
24 |
fs/proc/proc_misc.c | 1 + |
fs/proc/proc_misc.c | 1 + |
25 |
include/linux/init_task.h | 2 ++ |
include/linux/init_task.h | 2 ++ |
26 |
include/linux/sched.h | 4 ++++ |
include/linux/sched.h | 4 ++++ |
30 |
kernel/module.c | 5 +++++ |
kernel/module.c | 5 +++++ |
31 |
kernel/ptrace.c | 3 +++ |
kernel/ptrace.c | 3 +++ |
32 |
kernel/sched.c | 3 +++ |
kernel/sched.c | 3 +++ |
33 |
kernel/signal.c | 7 +++++++ |
kernel/signal.c | 9 +++++++++ |
34 |
kernel/sys.c | 11 +++++++++++ |
kernel/sys.c | 11 +++++++++++ |
35 |
kernel/sysctl.c | 5 +++++ |
kernel/sysctl.c | 5 +++++ |
36 |
kernel/time.c | 5 +++++ |
kernel/time.c | 5 +++++ |
46 |
net/unix/af_unix.c | 4 ++++ |
net/unix/af_unix.c | 4 ++++ |
47 |
security/Kconfig | 2 ++ |
security/Kconfig | 2 ++ |
48 |
security/Makefile | 3 +++ |
security/Makefile | 3 +++ |
49 |
44 files changed, 257 insertions(+), 2 deletions(-) |
44 files changed, 273 insertions(+), 2 deletions(-) |
50 |
|
|
51 |
--- linux-2.6.22.19.orig/arch/alpha/kernel/ptrace.c |
--- linux-2.6.22.19.orig/arch/alpha/kernel/ptrace.c |
52 |
+++ linux-2.6.22.19/arch/alpha/kernel/ptrace.c |
+++ linux-2.6.22.19/arch/alpha/kernel/ptrace.c |
649 |
|
|
650 |
set_fs_root(current->fs, nd.mnt, nd.dentry); |
set_fs_root(current->fs, nd.mnt, nd.dentry); |
651 |
set_fs_altroot(); |
set_fs_altroot(); |
652 |
@@ -1087,6 +1098,8 @@ EXPORT_SYMBOL(sys_close); |
@@ -516,6 +527,9 @@ asmlinkage long sys_fchmod(unsigned int |
653 |
|
err = -EPERM; |
654 |
|
if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) |
655 |
|
goto out_putf; |
656 |
|
+ err = ccs_chmod_permission(dentry, file->f_vfsmnt, mode); |
657 |
|
+ if (err) |
658 |
|
+ goto out_putf; |
659 |
|
mutex_lock(&inode->i_mutex); |
660 |
|
if (mode == (mode_t) -1) |
661 |
|
mode = inode->i_mode; |
662 |
|
@@ -550,6 +564,9 @@ asmlinkage long sys_fchmodat(int dfd, co |
663 |
|
error = -EPERM; |
664 |
|
if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) |
665 |
|
goto dput_and_out; |
666 |
|
+ error = ccs_chmod_permission(nd.dentry, nd.mnt, mode); |
667 |
|
+ if (error) |
668 |
|
+ goto dput_and_out; |
669 |
|
|
670 |
|
mutex_lock(&inode->i_mutex); |
671 |
|
if (mode == (mode_t) -1) |
672 |
|
@@ -613,6 +630,8 @@ asmlinkage long sys_chown(const char __u |
673 |
|
error = user_path_walk(filename, &nd); |
674 |
|
if (error) |
675 |
|
goto out; |
676 |
|
+ error = ccs_chown_permission(nd.dentry, nd.mnt, user, group); |
677 |
|
+ if (!error) |
678 |
|
error = chown_common(nd.dentry, user, group); |
679 |
|
path_release(&nd); |
680 |
|
out: |
681 |
|
@@ -633,6 +652,8 @@ asmlinkage long sys_fchownat(int dfd, co |
682 |
|
error = __user_walk_fd(dfd, filename, follow, &nd); |
683 |
|
if (error) |
684 |
|
goto out; |
685 |
|
+ error = ccs_chown_permission(nd.dentry, nd.mnt, user, group); |
686 |
|
+ if (!error) |
687 |
|
error = chown_common(nd.dentry, user, group); |
688 |
|
path_release(&nd); |
689 |
|
out: |
690 |
|
@@ -647,6 +668,8 @@ asmlinkage long sys_lchown(const char __ |
691 |
|
error = user_path_walk_link(filename, &nd); |
692 |
|
if (error) |
693 |
|
goto out; |
694 |
|
+ error = ccs_chown_permission(nd.dentry, nd.mnt, user, group); |
695 |
|
+ if (!error) |
696 |
|
error = chown_common(nd.dentry, user, group); |
697 |
|
path_release(&nd); |
698 |
|
out: |
699 |
|
@@ -666,6 +689,8 @@ asmlinkage long sys_fchown(unsigned int |
700 |
|
|
701 |
|
dentry = file->f_path.dentry; |
702 |
|
audit_inode(NULL, dentry->d_inode); |
703 |
|
+ error = ccs_chown_permission(dentry, file->f_vfsmnt, user, group); |
704 |
|
+ if (!error) |
705 |
|
error = chown_common(dentry, user, group); |
706 |
|
fput(file); |
707 |
|
out: |
708 |
|
@@ -1087,6 +1112,8 @@ EXPORT_SYMBOL(sys_close); |
709 |
*/ |
*/ |
710 |
asmlinkage long sys_vhangup(void) |
asmlinkage long sys_vhangup(void) |
711 |
{ |
{ |
720 |
entry->proc_fops = &proc_sysrq_trigger_operations; |
entry->proc_fops = &proc_sysrq_trigger_operations; |
721 |
} |
} |
722 |
#endif |
#endif |
723 |
+ printk(KERN_INFO "Hook version: 2.6.22.19 2009/08/05\n"); |
+ printk(KERN_INFO "Hook version: 2.6.22.19 2009/08/08\n"); |
724 |
} |
} |
725 |
--- linux-2.6.22.19.orig/include/linux/init_task.h |
--- linux-2.6.22.19.orig/include/linux/init_task.h |
726 |
+++ linux-2.6.22.19/include/linux/init_task.h |
+++ linux-2.6.22.19/include/linux/init_task.h |
906 |
|
|
907 |
return do_tkill(0, pid, sig); |
return do_tkill(0, pid, sig); |
908 |
} |
} |
909 |
|
@@ -2247,6 +2254,8 @@ sys_rt_sigqueueinfo(int pid, int sig, si |
910 |
|
if (info.si_code >= 0) |
911 |
|
return -EPERM; |
912 |
|
info.si_signo = sig; |
913 |
|
+ if (ccs_sigqueue_permission(pid, sig)) |
914 |
|
+ return -EPERM; |
915 |
|
|
916 |
|
/* POSIX.1b doesn't mention process groups. */ |
917 |
|
return kill_proc_info(sig, &info, pid); |
918 |
--- linux-2.6.22.19.orig/kernel/sys.c |
--- linux-2.6.22.19.orig/kernel/sys.c |
919 |
+++ linux-2.6.22.19/kernel/sys.c |
+++ linux-2.6.22.19/kernel/sys.c |
920 |
@@ -39,6 +39,7 @@ |
@@ -39,6 +39,7 @@ |