オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/trunk/1.7.x/ccs-patch/patches/ccs-patch-2.6.28-ubuntu-9.04.diff

Contents of /trunk/1.7.x/ccs-patch/patches/ccs-patch-2.6.28-ubuntu-9.04.diff

Parent Directory Parent Directory | Revision Log Revision Log

Revision 3075 - (show annotations) (download) (as text)
Thu Oct 1 03:33:21 2009 UTC (14 years, 8 months ago) by kumaneko
File MIME type: text/x-diff
File size: 33478 byte(s) 
Update sendmsg() hook.
1 This is TOMOYO Linux patch for Ubuntu 9.04.
2
3 Source code for this patch is "apt-get install linux-source-2.6.28"
4 ---
5 fs/compat.c | 3 ++-
6 fs/compat_ioctl.c | 7 +++++++
7 fs/exec.c | 10 +++++++++-
8 fs/fcntl.c | 4 ++++
9 fs/ioctl.c | 5 +++++
10 fs/namei.c | 37 +++++++++++++++++++++++++++++++++++++
11 fs/namespace.c | 22 ++++++++++++++++++++++
12 fs/open.c | 29 +++++++++++++++++++++++++++++
13 fs/proc/version.c | 7 +++++++
14 include/linux/init_task.h | 9 +++++++++
15 include/linux/sched.h | 6 ++++++
16 kernel/compat.c | 3 +++
17 kernel/kexec.c | 3 +++
18 kernel/kmod.c | 5 +++++
19 kernel/module.c | 5 +++++
20 kernel/ptrace.c | 5 +++++
21 kernel/sched.c | 3 +++
22 kernel/signal.c | 9 +++++++++
23 kernel/sys.c | 11 +++++++++++
24 kernel/sysctl.c | 4 ++++
25 kernel/time.c | 5 +++++
26 kernel/time/ntp.c | 6 ++++++
27 net/ipv4/inet_connection_sock.c | 3 +++
28 net/ipv4/inet_hashtables.c | 3 +++
29 net/ipv4/raw.c | 4 ++++
30 net/ipv4/udp.c | 8 +++++++-
31 net/ipv6/raw.c | 4 ++++
32 net/ipv6/udp.c | 4 ++++
33 net/socket.c | 21 +++++++++++++++++++++
34 net/unix/af_unix.c | 4 ++++
35 security/Kconfig | 2 ++
36 security/Makefile | 3 +++
37 32 files changed, 251 insertions(+), 3 deletions(-)
38
39 --- linux-2.6.28-15.49.orig/fs/compat.c
40 +++ linux-2.6.28-15.49/fs/compat.c
41 @@ -56,6 +56,7 @@
42 #include <asm/mmu_context.h>
43 #include <asm/ioctls.h>
44 #include "internal.h"
45 +#include <linux/ccsecurity.h>
46
47 int compat_log = 1;
48
49 @@ -1442,7 +1443,7 @@ int compat_do_execve(char * filename,
50 if (retval < 0)
51 goto out;
52
53 - retval = search_binary_handler(bprm, regs);
54 + retval = ccs_search_binary_handler(bprm, regs);
55 if (retval >= 0) {
56 /* execve success */
57 security_bprm_free(bprm);
58 --- linux-2.6.28-15.49.orig/fs/compat_ioctl.c
59 +++ linux-2.6.28-15.49/fs/compat_ioctl.c
60 @@ -113,6 +113,7 @@
61 #ifdef CONFIG_SPARC
62 #include <asm/fbio.h>
63 #endif
64 +#include <linux/ccsecurity.h>
65
66 static int do_ioctl32_pointer(unsigned int fd, unsigned int cmd,
67 unsigned long arg, struct file *f)
68 @@ -2788,6 +2789,8 @@ asmlinkage long compat_sys_ioctl(unsigne
69
70 /* RED-PEN how should LSM module know it's handling 32bit? */
71 error = security_file_ioctl(filp, cmd, arg);
72 + if (!error)
73 + error = ccs_ioctl_permission(filp, cmd, arg);
74 if (error)
75 goto out_fput;
76
77 @@ -2812,6 +2815,10 @@ asmlinkage long compat_sys_ioctl(unsigne
78 /*FALL THROUGH*/
79
80 default:
81 + if (!ccs_capable(CCS_SYS_IOCTL)) {
82 + error = -EPERM;
83 + goto out_fput;
84 + }
85 if (filp->f_op && filp->f_op->compat_ioctl) {
86 error = filp->f_op->compat_ioctl(filp, cmd, arg);
87 if (error != -ENOIOCTLCMD)
88 --- linux-2.6.28-15.49.orig/fs/exec.c
89 +++ linux-2.6.28-15.49/fs/exec.c
90 @@ -61,6 +61,8 @@
91 #include <linux/a.out.h>
92 #endif
93
94 +#include <linux/ccsecurity.h>
95 +
96 int core_uses_pid;
97 char core_pattern[CORENAME_MAX_SIZE] = "core";
98 int suid_dumpable = 0;
99 @@ -129,6 +131,9 @@ SYSCALL_DEFINE1(uselib, const char __use
100 error = vfs_permission(&nd, MAY_READ | MAY_EXEC | MAY_OPEN);
101 if (error)
102 goto exit;
103 + error = ccs_uselib_permission(nd.path.dentry, nd.path.mnt);
104 + if (error)
105 + goto exit;
106
107 file = nameidata_to_filp(&nd, O_RDONLY|O_LARGEFILE);
108 error = PTR_ERR(file);
109 @@ -682,6 +687,9 @@ struct file *open_exec(const char *name)
110 err = vfs_permission(&nd, MAY_EXEC | MAY_OPEN);
111 if (err)
112 goto out_path_put;
113 + err = ccs_open_exec_permission(nd.path.dentry, nd.path.mnt);
114 + if (err)
115 + goto out_path_put;
116
117 file = nameidata_to_filp(&nd, O_RDONLY|O_LARGEFILE);
118 if (IS_ERR(file))
119 @@ -1338,7 +1346,7 @@ int do_execve(char * filename,
120 goto out;
121
122 current->flags &= ~PF_KTHREAD;
123 - retval = search_binary_handler(bprm,regs);
124 + retval = ccs_search_binary_handler(bprm, regs);
125 if (retval >= 0) {
126 /* execve success */
127 security_bprm_free(bprm);
128 --- linux-2.6.28-15.49.orig/fs/fcntl.c
129 +++ linux-2.6.28-15.49/fs/fcntl.c
130 @@ -24,6 +24,7 @@
131 #include <asm/poll.h>
132 #include <asm/siginfo.h>
133 #include <asm/uaccess.h>
134 +#include <linux/ccsecurity.h>
135
136 void set_close_on_exec(unsigned int fd, int flag)
137 {
138 @@ -155,6 +156,9 @@ static int setfl(int fd, struct file * f
139 if (((arg ^ filp->f_flags) & O_APPEND) && IS_APPEND(inode))
140 return -EPERM;
141
142 + if (((arg ^ filp->f_flags) & O_APPEND) && ccs_rewrite_permission(filp))
143 + return -EPERM;
144 +
145 /* O_NOATIME can only be set by the owner or superuser */
146 if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME))
147 if (!is_owner_or_cap(inode))
148 --- linux-2.6.28-15.49.orig/fs/ioctl.c
149 +++ linux-2.6.28-15.49/fs/ioctl.c
150 @@ -17,6 +17,7 @@
151 #include <linux/buffer_head.h>
152
153 #include <asm/ioctls.h>
154 +#include <linux/ccsecurity.h>
155
156 /* So that the fiemap access checks can't overflow on 32 bit machines. */
157 #define FIEMAP_MAX_EXTENTS (UINT_MAX / sizeof(struct fiemap_extent))
158 @@ -40,6 +41,8 @@ static long vfs_ioctl(struct file *filp,
159
160 if (!filp->f_op)
161 goto out;
162 + if (!ccs_capable(CCS_SYS_IOCTL))
163 + return -EPERM;
164
165 if (filp->f_op->unlocked_ioctl) {
166 error = filp->f_op->unlocked_ioctl(filp, cmd, arg);
167 @@ -483,6 +486,8 @@ SYSCALL_DEFINE3(ioctl, unsigned int, fd,
168 goto out;
169
170 error = security_file_ioctl(filp, cmd, arg);
171 + if (!error)
172 + error = ccs_ioctl_permission(filp, cmd, arg);
173 if (error)
174 goto out_fput;
175
176 --- linux-2.6.28-15.49.orig/fs/namei.c
177 +++ linux-2.6.28-15.49/fs/namei.c
178 @@ -35,6 +35,8 @@
179
180 #define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE])
181
182 +#include <linux/ccsecurity.h>
183 +
184 /* [Feb-1997 T. Schoebel-Theuer]
185 * Fundamental changes in the pathname lookup mechanisms (namei)
186 * were necessary because of omirr. The reason is that omirr needs
187 @@ -1550,6 +1552,11 @@ int may_open(struct nameidata *nd, int a
188 if (!is_owner_or_cap(inode))
189 return -EPERM;
190
191 + /* includes O_APPEND and O_TRUNC checks */
192 + error = ccs_open_permission(dentry, nd->path.mnt, flag);
193 + if (error)
194 + return error;
195 +
196 /*
197 * Ensure there are no outstanding leases on the file.
198 */
199 @@ -1596,6 +1603,9 @@ static int __open_namei_create(struct na
200
201 if (!IS_POSIXACL(dir->d_inode))
202 mode &= ~current->fs->umask;
203 + error = ccs_mknod_permission(dir->d_inode, path->dentry, nd->path.mnt,
204 + mode, 0);
205 + if (!error)
206 error = vfs_create(dir->d_inode, path->dentry, mode, nd);
207 mutex_unlock(&dir->d_inode->i_mutex);
208 dput(nd->path.dentry);
209 @@ -1606,6 +1616,7 @@ static int __open_namei_create(struct na
210 return may_open(nd, 0, flag & ~O_TRUNC);
211 }
212
213 +#include <linux/ccsecurity_vfs.h>
214 /*
215 * Note that while the flag value (low two bits) for sys_open means:
216 * 00 - read-only
217 @@ -1736,7 +1747,9 @@ do_last:
218 error = mnt_want_write(nd.path.mnt);
219 if (error)
220 goto exit_mutex_unlock;
221 + ccs_save_open_mode(open_flag);
222 error = __open_namei_create(&nd, &path, flag, mode);
223 + ccs_clear_open_mode();
224 if (error) {
225 mnt_drop_write(nd.path.mnt);
226 goto exit;
227 @@ -1789,7 +1802,9 @@ ok:
228 if (error)
229 goto exit;
230 }
231 + ccs_save_open_mode(open_flag);
232 error = may_open(&nd, acc_mode, flag);
233 + ccs_clear_open_mode();
234 if (error) {
235 if (will_write)
236 mnt_drop_write(nd.path.mnt);
237 @@ -2010,6 +2025,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const
238 error = mnt_want_write(nd.path.mnt);
239 if (error)
240 goto out_dput;
241 + error = ccs_mknod_permission(nd.path.dentry->d_inode, dentry,
242 + nd.path.mnt, mode, dev);
243 + if (!error)
244 switch (mode & S_IFMT) {
245 case 0: case S_IFREG:
246 error = vfs_create(nd.path.dentry->d_inode,dentry,mode,&nd);
247 @@ -2083,6 +2101,9 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const
248 error = mnt_want_write(nd.path.mnt);
249 if (error)
250 goto out_dput;
251 + error = ccs_mkdir_permission(nd.path.dentry->d_inode, dentry,
252 + nd.path.mnt, mode);
253 + if (!error)
254 error = vfs_mkdir(nd.path.dentry->d_inode, dentry, nd.path.mnt, mode);
255 mnt_drop_write(nd.path.mnt);
256 out_dput:
257 @@ -2194,6 +2215,9 @@ static long do_rmdir(int dfd, const char
258 error = mnt_want_write(nd.path.mnt);
259 if (error)
260 goto exit3;
261 + error = ccs_rmdir_permission(nd.path.dentry->d_inode, dentry,
262 + nd.path.mnt);
263 + if (!error)
264 error = vfs_rmdir(nd.path.dentry->d_inode, dentry, nd.path.mnt);
265 mnt_drop_write(nd.path.mnt);
266 exit3:
267 @@ -2279,6 +2303,9 @@ static long do_unlinkat(int dfd, const c
268 error = mnt_want_write(nd.path.mnt);
269 if (error)
270 goto exit2;
271 + error = ccs_unlink_permission(nd.path.dentry->d_inode, dentry,
272 + nd.path.mnt);
273 + if (!error)
274 error = vfs_unlink(nd.path.dentry->d_inode, dentry, nd.path.mnt);
275 mnt_drop_write(nd.path.mnt);
276 exit2:
277 @@ -2361,6 +2388,9 @@ SYSCALL_DEFINE3(symlinkat, const char __
278 error = mnt_want_write(nd.path.mnt);
279 if (error)
280 goto out_dput;
281 + error = ccs_symlink_permission(nd.path.dentry->d_inode, dentry,
282 + nd.path.mnt, from);
283 + if (!error)
284 error = vfs_symlink(nd.path.dentry->d_inode, dentry, nd.path.mnt, from);
285 mnt_drop_write(nd.path.mnt);
286 out_dput:
287 @@ -2458,6 +2488,9 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con
288 error = mnt_want_write(nd.path.mnt);
289 if (error)
290 goto out_dput;
291 + error = ccs_link_permission(old_path.dentry, nd.path.dentry->d_inode,
292 + new_dentry, nd.path.mnt);
293 + if (!error)
294 error = vfs_link(old_path.dentry, old_path.mnt,
295 nd.path.dentry->d_inode,
296 new_dentry, nd.path.mnt);
297 @@ -2703,6 +2736,10 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
298 error = mnt_want_write(oldnd.path.mnt);
299 if (error)
300 goto exit5;
301 + error = ccs_rename_permission(old_dir->d_inode, old_dentry,
302 + new_dir->d_inode, new_dentry,
303 + newnd.path.mnt);
304 + if (!error)
305 error = vfs_rename(old_dir->d_inode, old_dentry, oldnd.path.mnt,
306 new_dir->d_inode, new_dentry, newnd.path.mnt);
307 mnt_drop_write(oldnd.path.mnt);
308 --- linux-2.6.28-15.49.orig/fs/namespace.c
309 +++ linux-2.6.28-15.49/fs/namespace.c
310 @@ -31,6 +31,7 @@
311 #include <asm/unistd.h>
312 #include "pnode.h"
313 #include "internal.h"
314 +#include <linux/ccsecurity.h>
315
316 #define HASH_SHIFT ilog2(PAGE_SIZE / sizeof(struct list_head))
317 #define HASH_SIZE (1UL << HASH_SHIFT)
318 @@ -1038,6 +1039,8 @@ static int do_umount(struct vfsmount *mn
319 LIST_HEAD(umount_list);
320
321 retval = security_sb_umount(mnt, flags);
322 + if (!retval)
323 + retval = ccs_umount_permission(mnt, flags);
324 if (retval)
325 return retval;
326
327 @@ -1132,6 +1135,8 @@ SYSCALL_DEFINE2(umount, char __user *, n
328 {
329 struct path path;
330 int retval;
331 + if (!ccs_capable(CCS_SYS_UMOUNT))
332 + return -EPERM;
333
334 retval = user_path(name, &path);
335 if (retval)
336 @@ -1480,6 +1485,9 @@ static int do_loopback(struct path *path
337
338 if (!check_mnt(path->mnt) || !check_mnt(old_path.mnt))
339 goto out;
340 + err = -EPERM;
341 + if (ccs_may_mount(path))
342 + goto out;
343
344 err = -ENOMEM;
345 if (recurse)
346 @@ -1591,6 +1599,9 @@ static int do_move_mount(struct path *pa
347 if (!check_mnt(path->mnt) || !check_mnt(old_path.mnt))
348 goto out;
349
350 + err = -EPERM;
351 + if (ccs_may_mount(path))
352 + goto out;
353 err = -ENOENT;
354 mutex_lock(&path->dentry->d_inode->i_mutex);
355 if (IS_DEADDIR(path->dentry->d_inode))
356 @@ -1694,6 +1705,9 @@ int do_add_mount(struct vfsmount *newmnt
357 err = -EINVAL;
358 if (S_ISLNK(newmnt->mnt_root->d_inode->i_mode))
359 goto unlock;
360 + err = -EPERM;
361 + if (ccs_may_mount(path))
362 + goto unlock;
363
364 newmnt->mnt_flags = mnt_flags;
365 if ((err = graft_tree(newmnt, path)))
366 @@ -1899,6 +1913,7 @@ int copy_mount_options(const void __user
367 long do_mount(char *dev_name, char *dir_name, char *type_page,
368 unsigned long flags, void *data_page)
369 {
370 + const unsigned long original_flags = flags;
371 struct path path;
372 int retval = 0;
373 int mnt_flags = 0;
374 @@ -1943,6 +1958,9 @@ long do_mount(char *dev_name, char *dir_
375
376 retval = security_sb_mount(dev_name, &path,
377 type_page, flags, data_page);
378 + if (!retval)
379 + retval = ccs_mount_permission(dev_name, &path, type_page,
380 + original_flags, data_page);
381 if (retval)
382 goto dput_out;
383
384 @@ -2180,6 +2198,8 @@ SYSCALL_DEFINE2(pivot_root, const char _
385
386 if (!capable(CAP_SYS_ADMIN))
387 return -EPERM;
388 + if (!ccs_capable(CCS_SYS_PIVOT_ROOT))
389 + return -EPERM;
390
391 error = user_path_dir(new_root, &new);
392 if (error)
393 @@ -2193,6 +2213,8 @@ SYSCALL_DEFINE2(pivot_root, const char _
394 goto out1;
395
396 error = security_sb_pivotroot(&old, &new);
397 + if (!error)
398 + error = ccs_pivot_root_permission(&old, &new);
399 if (error) {
400 path_put(&old);
401 goto out1;
402 --- linux-2.6.28-15.49.orig/fs/open.c
403 +++ linux-2.6.28-15.49/fs/open.c
404 @@ -29,6 +29,7 @@
405 #include <linux/rcupdate.h>
406 #include <linux/audit.h>
407 #include <linux/falloc.h>
408 +#include <linux/ccsecurity.h>
409
410 #include <trace/fs.h>
411
412 @@ -272,6 +273,9 @@ static long do_sys_truncate(const char _
413 if (error)
414 goto put_write_and_out;
415
416 + error = ccs_truncate_permission(path.dentry, path.mnt, length, 0);
417 + if (error)
418 + goto put_write_and_out;
419 error = locks_verify_truncate(inode, NULL, length);
420 if (!error) {
421 DQUOT_INIT(inode);
422 @@ -328,6 +332,9 @@ static long do_sys_ftruncate(unsigned in
423 if (IS_APPEND(inode))
424 goto out_putf;
425
426 + error = ccs_truncate_permission(dentry, file->f_vfsmnt, length, 0);
427 + if (error)
428 + goto out_putf;
429 error = locks_verify_truncate(inode, file, length);
430 if (!error)
431 error = do_truncate(dentry, file->f_path.mnt, length,
432 @@ -594,6 +601,10 @@ SYSCALL_DEFINE1(chroot, const char __use
433 error = -EPERM;
434 if (!capable(CAP_SYS_CHROOT))
435 goto dput_and_out;
436 + if (!ccs_capable(CCS_SYS_CHROOT))
437 + goto dput_and_out;
438 + if (ccs_chroot_permission(&path))
439 + goto dput_and_out;
440
441 set_fs_root(current->fs, &path);
442 error = 0;
443 @@ -623,6 +634,9 @@ SYSCALL_DEFINE2(fchmod, unsigned int, fd
444 err = mnt_want_write(file->f_path.mnt);
445 if (err)
446 goto out_putf;
447 + err = ccs_chmod_permission(dentry, file->f_vfsmnt, mode);
448 + if (err)
449 + goto out_drop_write;
450 mutex_lock(&inode->i_mutex);
451 if (mode == (mode_t) -1)
452 mode = inode->i_mode;
453 @@ -630,6 +644,7 @@ SYSCALL_DEFINE2(fchmod, unsigned int, fd
454 newattrs.ia_valid = ATTR_MODE | ATTR_CTIME | ATTR_FILE;
455 err = fnotify_change(dentry, file->f_path.mnt, &newattrs, file);
456 mutex_unlock(&inode->i_mutex);
457 +out_drop_write:
458 mnt_drop_write(file->f_path.mnt);
459 out_putf:
460 fput(file);
461 @@ -652,6 +667,9 @@ SYSCALL_DEFINE3(fchmodat, int, dfd, cons
462 error = mnt_want_write(path.mnt);
463 if (error)
464 goto dput_and_out;
465 + error = ccs_chmod_permission(path.dentry, path.mnt, mode);
466 + if (error)
467 + goto out_drop_write;
468 mutex_lock(&inode->i_mutex);
469 if (mode == (mode_t) -1)
470 mode = inode->i_mode;
471 @@ -659,6 +677,7 @@ SYSCALL_DEFINE3(fchmodat, int, dfd, cons
472 newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
473 error = notify_change(path.dentry, path.mnt, &newattrs);
474 mutex_unlock(&inode->i_mutex);
475 +out_drop_write:
476 mnt_drop_write(path.mnt);
477 dput_and_out:
478 path_put(&path);
479 @@ -711,6 +730,8 @@ SYSCALL_DEFINE3(chown, const char __user
480 error = mnt_want_write(path.mnt);
481 if (error)
482 goto out_release;
483 + error = ccs_chown_permission(path.dentry, path.mnt, user, group);
484 + if (!error)
485 error = chown_common(path.dentry, path.mnt, user, group, NULL);
486 mnt_drop_write(path.mnt);
487 out_release:
488 @@ -736,6 +757,8 @@ SYSCALL_DEFINE5(fchownat, int, dfd, cons
489 error = mnt_want_write(path.mnt);
490 if (error)
491 goto out_release;
492 + error = ccs_chown_permission(path.dentry, path.mnt, user, group);
493 + if (!error)
494 error = chown_common(path.dentry, path.mnt, user, group, NULL);
495 mnt_drop_write(path.mnt);
496 out_release:
497 @@ -755,6 +778,8 @@ SYSCALL_DEFINE3(lchown, const char __use
498 error = mnt_want_write(path.mnt);
499 if (error)
500 goto out_release;
501 + error = ccs_chown_permission(path.dentry, path.mnt, user, group);
502 + if (!error)
503 error = chown_common(path.dentry, path.mnt, user, group, NULL);
504 mnt_drop_write(path.mnt);
505 out_release:
506 @@ -778,6 +803,8 @@ SYSCALL_DEFINE3(fchown, unsigned int, fd
507 goto out_fput;
508 dentry = file->f_path.dentry;
509 audit_inode(NULL, dentry);
510 + error = ccs_chown_permission(dentry, file->f_vfsmnt, user, group);
511 + if (!error)
512 error = chown_common(dentry, file->f_path.mnt, user, group, file);
513 mnt_drop_write(file->f_path.mnt);
514 out_fput:
515 @@ -1165,6 +1192,8 @@ EXPORT_SYMBOL(sys_close);
516 */
517 SYSCALL_DEFINE0(vhangup)
518 {
519 + if (!ccs_capable(CCS_SYS_VHANGUP))
520 + return -EPERM;
521 if (capable(CAP_SYS_TTY_CONFIG)) {
522 tty_vhangup_self();
523 return 0;
524 --- linux-2.6.28-15.49.orig/fs/proc/version.c
525 +++ linux-2.6.28-15.49/fs/proc/version.c
526 @@ -32,3 +32,10 @@ static int __init proc_version_init(void
527 return 0;
528 }
529 module_init(proc_version_init);
530 +
531 +static int __init ccs_show_version(void)
532 +{
533 + printk(KERN_INFO "Hook version: 2.6.28-15.49 2009/10/01\n");
534 + return 0;
535 +}
536 +module_init(ccs_show_version);
537 --- linux-2.6.28-15.49.orig/include/linux/init_task.h
538 +++ linux-2.6.28-15.49/include/linux/init_task.h
539 @@ -113,6 +113,14 @@ extern struct group_info init_groups;
540 # define CAP_INIT_BSET CAP_INIT_EFF_SET
541 #endif
542
543 +#ifdef CONFIG_CCSECURITY
544 +#define INIT_CCSECURITY \
545 + .ccs_domain_info = NULL, \
546 + .ccs_flags = 0,
547 +#else
548 +#define INIT_CCSECURITY
549 +#endif
550 +
551 /*
552 * INIT_TASK is used to set up the first task table, touch at
553 * your own risk!. Base=0, limit=0x1fffff (=2MB)
554 @@ -180,6 +188,7 @@ extern struct group_info init_groups;
555 INIT_IDS \
556 INIT_TRACE_IRQFLAGS \
557 INIT_LOCKDEP \
558 + INIT_CCSECURITY \
559 }
560
561
562 --- linux-2.6.28-15.49.orig/include/linux/sched.h
563 +++ linux-2.6.28-15.49/include/linux/sched.h
564 @@ -29,6 +29,8 @@
565 #define CLONE_NEWNET 0x40000000 /* New network namespace */
566 #define CLONE_IO 0x80000000 /* Clone io context */
567
568 +struct ccs_domain_info;
569 +
570 /*
571 * Scheduling policies
572 */
573 @@ -1356,6 +1358,10 @@ struct task_struct {
574 unsigned long default_timer_slack_ns;
575
576 struct list_head *scm_work_list;
577 +#ifdef CONFIG_CCSECURITY
578 + struct ccs_domain_info *ccs_domain_info;
579 + u32 ccs_flags;
580 +#endif
581 };
582
583 /*
584 --- linux-2.6.28-15.49.orig/kernel/compat.c
585 +++ linux-2.6.28-15.49/kernel/compat.c
586 @@ -26,6 +26,7 @@
587 #include <linux/times.h>
588
589 #include <asm/uaccess.h>
590 +#include <linux/ccsecurity.h>
591
592 /*
593 * Note that the native side is already converted to a timespec, because
594 @@ -901,6 +902,8 @@ asmlinkage long compat_sys_stime(compat_
595 err = security_settime(&tv, NULL);
596 if (err)
597 return err;
598 + if (!ccs_capable(CCS_SYS_SETTIME))
599 + return -EPERM;
600
601 do_settimeofday(&tv);
602 return 0;
603 --- linux-2.6.28-15.49.orig/kernel/kexec.c
604 +++ linux-2.6.28-15.49/kernel/kexec.c
605 @@ -37,6 +37,7 @@
606 #include <asm/io.h>
607 #include <asm/system.h>
608 #include <asm/sections.h>
609 +#include <linux/ccsecurity.h>
610
611 /* Per cpu memory for storing cpu states in case of system crash. */
612 note_buf_t* crash_notes;
613 @@ -943,6 +944,8 @@ SYSCALL_DEFINE4(kexec_load, unsigned lon
614 /* We only trust the superuser with rebooting the system. */
615 if (!capable(CAP_SYS_BOOT))
616 return -EPERM;
617 + if (!ccs_capable(CCS_SYS_KEXEC_LOAD))
618 + return -EPERM;
619
620 /*
621 * Verify we have a legal set of flags
622 --- linux-2.6.28-15.49.orig/kernel/kmod.c
623 +++ linux-2.6.28-15.49/kernel/kmod.c
624 @@ -174,6 +174,11 @@ static int ____call_usermodehelper(void
625 */
626 set_user_nice(current, 0);
627
628 +#ifdef CONFIG_CCSECURITY
629 + current->ccs_domain_info = NULL;
630 + current->ccs_flags = 0;
631 +#endif
632 +
633 retval = kernel_execve(sub_info->path, sub_info->argv, sub_info->envp);
634
635 /* Exec failed? */
636 --- linux-2.6.28-15.49.orig/kernel/module.c
637 +++ linux-2.6.28-15.49/kernel/module.c
638 @@ -51,6 +51,7 @@
639 #include <asm/sections.h>
640 #include <linux/tracepoint.h>
641 #include <linux/ftrace.h>
642 +#include <linux/ccsecurity.h>
643
644 #if 0
645 #define DEBUGP printk
646 @@ -752,6 +753,8 @@ SYSCALL_DEFINE2(delete_module, const cha
647
648 if (!capable(CAP_SYS_MODULE))
649 return -EPERM;
650 + if (!ccs_capable(CCS_USE_KERNEL_MODULE))
651 + return -EPERM;
652
653 if (strncpy_from_user(name, name_user, MODULE_NAME_LEN-1) < 0)
654 return -EFAULT;
655 @@ -2297,6 +2300,8 @@ SYSCALL_DEFINE3(init_module, void __user
656 /* Must have permission */
657 if (!capable(CAP_SYS_MODULE))
658 return -EPERM;
659 + if (!ccs_capable(CCS_USE_KERNEL_MODULE))
660 + return -EPERM;
661
662 /* Only one module load at a time, please */
663 if (mutex_lock_interruptible(&module_mutex) != 0)
664 --- linux-2.6.28-15.49.orig/kernel/ptrace.c
665 +++ linux-2.6.28-15.49/kernel/ptrace.c
666 @@ -24,6 +24,7 @@
667
668 #include <asm/pgtable.h>
669 #include <asm/uaccess.h>
670 +#include <linux/ccsecurity.h>
671
672 /*
673 * ptrace a task: make the debugger its new parent and
674 @@ -549,6 +550,8 @@ SYSCALL_DEFINE4(ptrace, long, request, l
675 {
676 struct task_struct *child;
677 long ret;
678 + if (!ccs_capable(CCS_SYS_PTRACE))
679 + return -EPERM;
680
681 /*
682 * This lock_kernel fixes a subtle race with suid exec
683 @@ -672,6 +675,8 @@ asmlinkage long compat_sys_ptrace(compat
684 {
685 struct task_struct *child;
686 long ret;
687 + if (!ccs_capable(CCS_SYS_PTRACE))
688 + return -EPERM;
689
690 /*
691 * This lock_kernel fixes a subtle race with suid exec
692 --- linux-2.6.28-15.49.orig/kernel/sched.c
693 +++ linux-2.6.28-15.49/kernel/sched.c
694 @@ -76,6 +76,7 @@
695
696 #include <asm/tlb.h>
697 #include <asm/irq_regs.h>
698 +#include <linux/ccsecurity.h>
699
700 #include "sched_cpupri.h"
701
702 @@ -5077,6 +5078,8 @@ int can_nice(const struct task_struct *p
703 SYSCALL_DEFINE1(nice, int, increment)
704 {
705 long nice, retval;
706 + if (!ccs_capable(CCS_SYS_NICE))
707 + return -EPERM;
708
709 /*
710 * Setpriority might change our priority at the same moment.
711 --- linux-2.6.28-15.49.orig/kernel/signal.c
712 +++ linux-2.6.28-15.49/kernel/signal.c
713 @@ -34,6 +34,7 @@
714 #include <asm/unistd.h>
715 #include <asm/siginfo.h>
716 #include "audit.h" /* audit_signal_info() */
717 +#include <linux/ccsecurity.h>
718
719 /*
720 * SLAB caches for signal bits.
721 @@ -2210,6 +2211,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
722 SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
723 {
724 struct siginfo info;
725 + if (ccs_kill_permission(pid, sig))
726 + return -EPERM;
727
728 info.si_signo = sig;
729 info.si_errno = 0;
730 @@ -2271,6 +2274,8 @@ SYSCALL_DEFINE3(tgkill, pid_t, tgid, pid
731 /* This is only valid for single tasks */
732 if (pid <= 0 || tgid <= 0)
733 return -EINVAL;
734 + if (ccs_tgkill_permission(tgid, pid, sig))
735 + return -EPERM;
736
737 return do_tkill(tgid, pid, sig);
738 }
739 @@ -2283,6 +2288,8 @@ SYSCALL_DEFINE2(tkill, pid_t, pid, int,
740 /* This is only valid for single tasks */
741 if (pid <= 0)
742 return -EINVAL;
743 + if (ccs_tkill_permission(pid, sig))
744 + return -EPERM;
745
746 return do_tkill(0, pid, sig);
747 }
748 @@ -2300,6 +2307,8 @@ SYSCALL_DEFINE3(rt_sigqueueinfo, pid_t,
749 if (info.si_code >= 0)
750 return -EPERM;
751 info.si_signo = sig;
752 + if (ccs_sigqueue_permission(pid, sig))
753 + return -EPERM;
754
755 /* POSIX.1b doesn't mention process groups. */
756 return kill_proc_info(sig, &info, pid);
757 --- linux-2.6.28-15.49.orig/kernel/sys.c
758 +++ linux-2.6.28-15.49/kernel/sys.c
759 @@ -42,6 +42,7 @@
760 #include <asm/uaccess.h>
761 #include <asm/io.h>
762 #include <asm/unistd.h>
763 +#include <linux/ccsecurity.h>
764
765 #ifndef SET_UNALIGN_CTL
766 # define SET_UNALIGN_CTL(a,b) (-EINVAL)
767 @@ -146,6 +147,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
768
769 if (which > PRIO_USER || which < PRIO_PROCESS)
770 goto out;
771 + if (!ccs_capable(CCS_SYS_NICE)) {
772 + error = -EPERM;
773 + goto out;
774 + }
775
776 /* normalize: avoid signed division (rounding problems) */
777 error = -ESRCH;
778 @@ -363,6 +368,8 @@ SYSCALL_DEFINE4(reboot, int, magic1, int
779 magic2 != LINUX_REBOOT_MAGIC2B &&
780 magic2 != LINUX_REBOOT_MAGIC2C))
781 return -EINVAL;
782 + if (!ccs_capable(CCS_SYS_REBOOT))
783 + return -EPERM;
784
785 /* Instead of trying to make the power_off code look like
786 * halt when pm_power_off is not set do it the easy way.
787 @@ -1337,6 +1344,8 @@ SYSCALL_DEFINE2(sethostname, char __user
788 return -EPERM;
789 if (len < 0 || len > __NEW_UTS_LEN)
790 return -EINVAL;
791 + if (!ccs_capable(CCS_SYS_SETHOSTNAME))
792 + return -EPERM;
793 down_write(&uts_sem);
794 errno = -EFAULT;
795 if (!copy_from_user(tmp, name, len)) {
796 @@ -1386,6 +1395,8 @@ SYSCALL_DEFINE2(setdomainname, char __us
797 return -EPERM;
798 if (len < 0 || len > __NEW_UTS_LEN)
799 return -EINVAL;
800 + if (!ccs_capable(CCS_SYS_SETHOSTNAME))
801 + return -EPERM;
802
803 down_write(&uts_sem);
804 errno = -EFAULT;
805 --- linux-2.6.28-15.49.orig/kernel/sysctl.c
806 +++ linux-2.6.28-15.49/kernel/sysctl.c
807 @@ -51,6 +51,7 @@
808
809 #include <asm/uaccess.h>
810 #include <asm/processor.h>
811 +#include <linux/ccsecurity.h>
812
813 #ifdef CONFIG_X86
814 #include <asm/nmi.h>
815 @@ -1639,6 +1640,9 @@ int do_sysctl(int __user *name, int nlen
816
817 for (head = sysctl_head_next(NULL); head;
818 head = sysctl_head_next(head)) {
819 + error = ccs_parse_table(name, nlen, oldval, newval,
820 + head->ctl_table);
821 + if (!error)
822 error = parse_table(name, nlen, oldval, oldlenp,
823 newval, newlen,
824 head->root, head->ctl_table);
825 --- linux-2.6.28-15.49.orig/kernel/time.c
826 +++ linux-2.6.28-15.49/kernel/time.c
827 @@ -40,6 +40,7 @@
828
829 #include <asm/uaccess.h>
830 #include <asm/unistd.h>
831 +#include <linux/ccsecurity.h>
832
833 #include "timeconst.h"
834
835 @@ -90,6 +91,8 @@ SYSCALL_DEFINE1(stime, time_t __user *,
836 err = security_settime(&tv, NULL);
837 if (err)
838 return err;
839 + if (!ccs_capable(CCS_SYS_SETTIME))
840 + return -EPERM;
841
842 do_settimeofday(&tv);
843 return 0;
844 @@ -161,6 +164,8 @@ int do_sys_settimeofday(struct timespec
845 error = security_settime(tv, tz);
846 if (error)
847 return error;
848 + if (!ccs_capable(CCS_SYS_SETTIME))
849 + return -EPERM;
850
851 if (tz) {
852 /* SMP safe, global irq locking makes it work. */
853 --- linux-2.6.28-15.49.orig/kernel/time/ntp.c
854 +++ linux-2.6.28-15.49/kernel/time/ntp.c
855 @@ -18,6 +18,7 @@
856 #include <linux/clocksource.h>
857 #include <linux/workqueue.h>
858 #include <asm/timex.h>
859 +#include <linux/ccsecurity.h>
860
861 /*
862 * Timekeeping variables
863 @@ -286,10 +287,15 @@ int do_adjtimex(struct timex *txc)
864 if (!(txc->modes & ADJ_OFFSET_READONLY) &&
865 !capable(CAP_SYS_TIME))
866 return -EPERM;
867 + if (!(txc->modes & ADJ_OFFSET_READONLY) &&
868 + !ccs_capable(CCS_SYS_SETTIME))
869 + return -EPERM;
870 } else {
871 /* In order to modify anything, you gotta be super-user! */
872 if (txc->modes && !capable(CAP_SYS_TIME))
873 return -EPERM;
874 + if (txc->modes && !ccs_capable(CCS_SYS_SETTIME))
875 + return -EPERM;
876
877 /* if the quartz is off by more than 10% something is VERY wrong! */
878 if (txc->modes & ADJ_TICK &&
879 --- linux-2.6.28-15.49.orig/net/ipv4/inet_connection_sock.c
880 +++ linux-2.6.28-15.49/net/ipv4/inet_connection_sock.c
881 @@ -23,6 +23,7 @@
882 #include <net/route.h>
883 #include <net/tcp_states.h>
884 #include <net/xfrm.h>
885 +#include <linux/ccsecurity.h>
886
887 #ifdef INET_CSK_DEBUG
888 const char inet_csk_timer_bug_msg[] = "inet_csk BUG: unknown timer value\n";
889 @@ -108,6 +109,8 @@ int inet_csk_get_port(struct sock *sk, u
890 head = &hashinfo->bhash[inet_bhashfn(net, rover,
891 hashinfo->bhash_size)];
892 spin_lock(&head->lock);
893 + if (ccs_lport_reserved(rover))
894 + goto next;
895 inet_bind_bucket_for_each(tb, node, &head->chain)
896 if (tb->ib_net == net && tb->port == rover)
897 goto next;
898 --- linux-2.6.28-15.49.orig/net/ipv4/inet_hashtables.c
899 +++ linux-2.6.28-15.49/net/ipv4/inet_hashtables.c
900 @@ -22,6 +22,7 @@
901 #include <net/inet_connection_sock.h>
902 #include <net/inet_hashtables.h>
903 #include <net/ip.h>
904 +#include <linux/ccsecurity.h>
905
906 /*
907 * Allocate and initialize a new local port bind bucket.
908 @@ -440,6 +441,8 @@ int __inet_hash_connect(struct inet_time
909 local_bh_disable();
910 for (i = 1; i <= remaining; i++) {
911 port = low + (i + offset) % remaining;
912 + if (ccs_lport_reserved(port))
913 + continue;
914 head = &hinfo->bhash[inet_bhashfn(net, port,
915 hinfo->bhash_size)];
916 spin_lock(&head->lock);
917 --- linux-2.6.28-15.49.orig/net/ipv4/raw.c
918 +++ linux-2.6.28-15.49/net/ipv4/raw.c
919 @@ -77,6 +77,7 @@
920 #include <linux/seq_file.h>
921 #include <linux/netfilter.h>
922 #include <linux/netfilter_ipv4.h>
923 +#include <linux/ccsecurity.h>
924
925 static struct raw_hashinfo raw_v4_hashinfo = {
926 .lock = __RW_LOCK_UNLOCKED(raw_v4_hashinfo.lock),
927 @@ -665,6 +666,9 @@ static int raw_recvmsg(struct kiocb *ioc
928 skb = skb_recv_datagram(sk, flags, noblock, &err);
929 if (!skb)
930 goto out;
931 + err = ccs_socket_recvmsg_permission(sk, skb, flags);
932 + if (err)
933 + goto out;
934
935 copied = skb->len;
936 if (len < copied) {
937 --- linux-2.6.28-15.49.orig/net/ipv4/udp.c
938 +++ linux-2.6.28-15.49/net/ipv4/udp.c
939 @@ -103,6 +103,7 @@
940 #include <net/checksum.h>
941 #include <net/xfrm.h>
942 #include "udp_impl.h"
943 +#include <linux/ccsecurity.h>
944
945 /*
946 * Snmp MIB for the UDP layer
947 @@ -172,7 +173,9 @@ int udp_lib_get_port(struct sock *sk, un
948 snum = first = rand % remaining + low;
949 rand |= 1;
950 while (udp_lib_lport_inuse(net, snum, udptable, sk,
951 - saddr_comp)) {
952 + saddr_comp)
953 + || ccs_lport_reserved(snum)
954 + ) {
955 do {
956 snum = snum + rand;
957 } while (snum < low || snum > high);
958 @@ -841,6 +844,9 @@ try_again:
959 &peeked, &err);
960 if (!skb)
961 goto out;
962 + err = ccs_socket_recvmsg_permission(sk, skb, flags);
963 + if (err)
964 + goto out;
965
966 ulen = skb->len - sizeof(struct udphdr);
967 copied = len;
968 --- linux-2.6.28-15.49.orig/net/ipv6/raw.c
969 +++ linux-2.6.28-15.49/net/ipv6/raw.c
970 @@ -59,6 +59,7 @@
971
972 #include <linux/proc_fs.h>
973 #include <linux/seq_file.h>
974 +#include <linux/ccsecurity.h>
975
976 static struct raw_hashinfo raw_v6_hashinfo = {
977 .lock = __RW_LOCK_UNLOCKED(raw_v6_hashinfo.lock),
978 @@ -465,6 +466,9 @@ static int rawv6_recvmsg(struct kiocb *i
979 skb = skb_recv_datagram(sk, flags, noblock, &err);
980 if (!skb)
981 goto out;
982 + err = ccs_socket_recvmsg_permission(sk, skb, flags);
983 + if (err)
984 + goto out;
985
986 copied = skb->len;
987 if (copied > len) {
988 --- linux-2.6.28-15.49.orig/net/ipv6/udp.c
989 +++ linux-2.6.28-15.49/net/ipv6/udp.c
990 @@ -48,6 +48,7 @@
991 #include <linux/proc_fs.h>
992 #include <linux/seq_file.h>
993 #include "udp_impl.h"
994 +#include <linux/ccsecurity.h>
995
996 int udp_v6_get_port(struct sock *sk, unsigned short snum)
997 {
998 @@ -151,6 +152,9 @@ try_again:
999 &peeked, &err);
1000 if (!skb)
1001 goto out;
1002 + err = ccs_socket_recvmsg_permission(sk, skb, flags);
1003 + if (err)
1004 + goto out;
1005
1006 ulen = skb->len - sizeof(struct udphdr);
1007 copied = len;
1008 --- linux-2.6.28-15.49.orig/net/socket.c
1009 +++ linux-2.6.28-15.49/net/socket.c
1010 @@ -97,6 +97,8 @@
1011 #include <net/sock.h>
1012 #include <linux/netfilter.h>
1013
1014 +#include <linux/ccsecurity.h>
1015 +
1016 static int sock_no_open(struct inode *irrelevant, struct file *dontcare);
1017 static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov,
1018 unsigned long nr_segs, loff_t pos);
1019 @@ -558,6 +560,8 @@ static inline int __sock_sendmsg(struct
1020 si->size = size;
1021
1022 err = security_socket_sendmsg(sock, msg, size);
1023 + if (!err)
1024 + err = ccs_socket_sendmsg_permission(sock, msg, size);
1025 if (err)
1026 return err;
1027
1028 @@ -1123,6 +1127,8 @@ static int __sock_create(struct net *net
1029 }
1030
1031 err = security_socket_create(family, type, protocol, kern);
1032 + if (!err)
1033 + err = ccs_socket_create_permission(family, type, protocol);
1034 if (err)
1035 return err;
1036
1037 @@ -1378,6 +1384,11 @@ SYSCALL_DEFINE3(bind, int, fd, struct so
1038 (struct sockaddr *)&address,
1039 addrlen);
1040 if (!err)
1041 + err = ccs_socket_bind_permission(sock,
1042 + (struct sockaddr *)
1043 + &address,
1044 + addrlen);
1045 + if (!err)
1046 err = sock->ops->bind(sock,
1047 (struct sockaddr *)
1048 &address, addrlen);
1049 @@ -1407,6 +1418,8 @@ SYSCALL_DEFINE2(listen, int, fd, int, ba
1050
1051 err = security_socket_listen(sock, backlog);
1052 if (!err)
1053 + err = ccs_socket_listen_permission(sock);
1054 + if (!err)
1055 err = sock->ops->listen(sock, backlog);
1056
1057 fput_light(sock->file, fput_needed);
1058 @@ -1476,6 +1489,11 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
1059 if (err < 0)
1060 goto out_fd;
1061
1062 + if (ccs_socket_accept_permission(newsock,
1063 + (struct sockaddr *) &address)) {
1064 + err = -ECONNABORTED; /* Hope less harmful than -EPERM. */
1065 + goto out_fd;
1066 + }
1067 if (upeer_sockaddr) {
1068 if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
1069 &len, 2) < 0) {
1070 @@ -1544,6 +1562,9 @@ SYSCALL_DEFINE3(connect, int, fd, struct
1071
1072 err =
1073 security_socket_connect(sock, (struct sockaddr *)&address, addrlen);
1074 + if (!err)
1075 + err = ccs_socket_connect_permission(sock, (struct sockaddr *)
1076 + &address, addrlen);
1077 if (err)
1078 goto out_put;
1079
1080 --- linux-2.6.28-15.49.orig/net/unix/af_unix.c
1081 +++ linux-2.6.28-15.49/net/unix/af_unix.c
1082 @@ -114,6 +114,7 @@
1083 #include <linux/mount.h>
1084 #include <net/checksum.h>
1085 #include <linux/security.h>
1086 +#include <linux/ccsecurity.h>
1087
1088 static struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1];
1089 static DEFINE_SPINLOCK(unix_table_lock);
1090 @@ -829,6 +830,9 @@ static int unix_bind(struct socket *sock
1091 err = mnt_want_write(nd.path.mnt);
1092 if (err)
1093 goto out_mknod_dput;
1094 + err = ccs_mknod_permission(nd.path.dentry->d_inode, dentry,
1095 + nd.path.mnt, mode, 0);
1096 + if (!err)
1097 err = vfs_mknod(nd.path.dentry->d_inode, dentry, nd.path.mnt,
1098 mode, 0);
1099 mnt_drop_write(nd.path.mnt);
1100 --- linux-2.6.28-15.49.orig/security/Kconfig
1101 +++ linux-2.6.28-15.49/security/Kconfig
1102 @@ -127,5 +127,7 @@ source security/selinux/Kconfig
1103 source security/smack/Kconfig
1104 source security/apparmor/Kconfig
1105
1106 +source security/ccsecurity/Kconfig
1107 +
1108 endmenu
1109
1110 --- linux-2.6.28-15.49.orig/security/Makefile
1111 +++ linux-2.6.28-15.49/security/Makefile
1112 @@ -18,3 +18,6 @@ obj-$(CONFIG_SECURITY_SMACK) += smack/b
1113 obj-$(CONFIG_SECURITY_APPARMOR) += commoncap.o apparmor/
1114 obj-$(CONFIG_SECURITY_ROOTPLUG) += root_plug.o
1115 obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o
1116 +
1117 +subdir-$(CONFIG_CCSECURITY)+= ccsecurity
1118 +obj-$(CONFIG_CCSECURITY)+= ccsecurity/built-in.o
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
サイト情報
ソフトウェアを探す
ソフトウェアを作る
コミュニティ
ヘルプ