オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/trunk/1.7.x/ccs-patch/patches/ccs-patch-2.6.31.diff

Contents of /trunk/1.7.x/ccs-patch/patches/ccs-patch-2.6.31.diff

Parent Directory Parent Directory | Revision Log Revision Log

Revision 3075 - (show annotations) (download) (as text)
Thu Oct 1 03:33:21 2009 UTC (14 years, 8 months ago) by kumaneko
File MIME type: text/x-diff
File size: 32737 byte(s) 
Update sendmsg() hook.
1 This is TOMOYO Linux patch for kernel 2.6.31.1.
2
3 Source code for this patch is http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.31.1.tar.bz2
4 ---
5 fs/compat.c | 3 ++-
6 fs/compat_ioctl.c | 7 +++++++
7 fs/exec.c | 3 ++-
8 fs/fcntl.c | 4 ++++
9 fs/ioctl.c | 5 +++++
10 fs/namei.c | 38 ++++++++++++++++++++++++++++++++++++++
11 fs/namespace.c | 22 ++++++++++++++++++++++
12 fs/open.c | 29 +++++++++++++++++++++++++++++
13 fs/proc/version.c | 7 +++++++
14 include/linux/init_task.h | 9 +++++++++
15 include/linux/sched.h | 6 ++++++
16 kernel/compat.c | 3 +++
17 kernel/kexec.c | 3 +++
18 kernel/kmod.c | 5 +++++
19 kernel/module.c | 5 +++++
20 kernel/ptrace.c | 5 +++++
21 kernel/sched.c | 3 +++
22 kernel/signal.c | 11 +++++++++++
23 kernel/sys.c | 11 +++++++++++
24 kernel/sysctl.c | 4 ++++
25 kernel/time.c | 5 +++++
26 kernel/time/ntp.c | 6 ++++++
27 net/ipv4/inet_connection_sock.c | 3 +++
28 net/ipv4/inet_hashtables.c | 3 +++
29 net/ipv4/raw.c | 4 ++++
30 net/ipv4/udp.c | 7 ++++++-
31 net/ipv6/raw.c | 4 ++++
32 net/ipv6/udp.c | 4 ++++
33 net/socket.c | 21 +++++++++++++++++++++
34 net/unix/af_unix.c | 5 +++++
35 security/Kconfig | 2 ++
36 security/Makefile | 3 +++
37 32 files changed, 247 insertions(+), 3 deletions(-)
38
39 --- linux-2.6.31.1.orig/fs/compat.c
40 +++ linux-2.6.31.1/fs/compat.c
41 @@ -56,6 +56,7 @@
42 #include <asm/mmu_context.h>
43 #include <asm/ioctls.h>
44 #include "internal.h"
45 +#include <linux/ccsecurity.h>
46
47 int compat_log = 1;
48
49 @@ -1535,7 +1536,7 @@ int compat_do_execve(char * filename,
50 if (retval < 0)
51 goto out;
52
53 - retval = search_binary_handler(bprm, regs);
54 + retval = ccs_search_binary_handler(bprm, regs);
55 if (retval < 0)
56 goto out;
57
58 --- linux-2.6.31.1.orig/fs/compat_ioctl.c
59 +++ linux-2.6.31.1/fs/compat_ioctl.c
60 @@ -114,6 +114,7 @@
61 #ifdef CONFIG_SPARC
62 #include <asm/fbio.h>
63 #endif
64 +#include <linux/ccsecurity.h>
65
66 static int do_ioctl32_pointer(unsigned int fd, unsigned int cmd,
67 unsigned long arg, struct file *f)
68 @@ -2778,6 +2779,8 @@ asmlinkage long compat_sys_ioctl(unsigne
69
70 /* RED-PEN how should LSM module know it's handling 32bit? */
71 error = security_file_ioctl(filp, cmd, arg);
72 + if (!error)
73 + error = ccs_ioctl_permission(filp, cmd, arg);
74 if (error)
75 goto out_fput;
76
77 @@ -2814,6 +2817,10 @@ asmlinkage long compat_sys_ioctl(unsigne
78 /*FALL THROUGH*/
79
80 default:
81 + if (!ccs_capable(CCS_SYS_IOCTL)) {
82 + error = -EPERM;
83 + goto out_fput;
84 + }
85 if (filp->f_op && filp->f_op->compat_ioctl) {
86 error = filp->f_op->compat_ioctl(filp, cmd, arg);
87 if (error != -ENOIOCTLCMD)
88 --- linux-2.6.31.1.orig/fs/exec.c
89 +++ linux-2.6.31.1/fs/exec.c
90 @@ -60,6 +60,7 @@
91 #include <asm/mmu_context.h>
92 #include <asm/tlb.h>
93 #include "internal.h"
94 +#include <linux/ccsecurity.h>
95
96 int core_uses_pid;
97 char core_pattern[CORENAME_MAX_SIZE] = "core";
98 @@ -1350,7 +1351,7 @@ int do_execve(char * filename,
99 goto out;
100
101 current->flags &= ~PF_KTHREAD;
102 - retval = search_binary_handler(bprm,regs);
103 + retval = ccs_search_binary_handler(bprm, regs);
104 if (retval < 0)
105 goto out;
106
107 --- linux-2.6.31.1.orig/fs/fcntl.c
108 +++ linux-2.6.31.1/fs/fcntl.c
109 @@ -23,6 +23,7 @@
110 #include <asm/poll.h>
111 #include <asm/siginfo.h>
112 #include <asm/uaccess.h>
113 +#include <linux/ccsecurity.h>
114
115 void set_close_on_exec(unsigned int fd, int flag)
116 {
117 @@ -156,6 +157,9 @@ static int setfl(int fd, struct file * f
118 if (((arg ^ filp->f_flags) & O_APPEND) && IS_APPEND(inode))
119 return -EPERM;
120
121 + if (((arg ^ filp->f_flags) & O_APPEND) && ccs_rewrite_permission(filp))
122 + return -EPERM;
123 +
124 /* O_NOATIME can only be set by the owner or superuser */
125 if ((arg & O_NOATIME) && !(filp->f_flags & O_NOATIME))
126 if (!is_owner_or_cap(inode))
127 --- linux-2.6.31.1.orig/fs/ioctl.c
128 +++ linux-2.6.31.1/fs/ioctl.c
129 @@ -18,6 +18,7 @@
130 #include <linux/falloc.h>
131
132 #include <asm/ioctls.h>
133 +#include <linux/ccsecurity.h>
134
135 /* So that the fiemap access checks can't overflow on 32 bit machines. */
136 #define FIEMAP_MAX_EXTENTS (UINT_MAX / sizeof(struct fiemap_extent))
137 @@ -41,6 +42,8 @@ static long vfs_ioctl(struct file *filp,
138
139 if (!filp->f_op)
140 goto out;
141 + if (!ccs_capable(CCS_SYS_IOCTL))
142 + return -EPERM;
143
144 if (filp->f_op->unlocked_ioctl) {
145 error = filp->f_op->unlocked_ioctl(filp, cmd, arg);
146 @@ -617,6 +620,8 @@ SYSCALL_DEFINE3(ioctl, unsigned int, fd,
147 goto out;
148
149 error = security_file_ioctl(filp, cmd, arg);
150 + if (!error)
151 + error = ccs_ioctl_permission(filp, cmd, arg);
152 if (error)
153 goto out_fput;
154
155 --- linux-2.6.31.1.orig/fs/namei.c
156 +++ linux-2.6.31.1/fs/namei.c
157 @@ -37,6 +37,8 @@
158
159 #define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE])
160
161 +#include <linux/ccsecurity.h>
162 +
163 /* [Feb-1997 T. Schoebel-Theuer]
164 * Fundamental changes in the pathname lookup mechanisms (namei)
165 * were necessary because of omirr. The reason is that omirr needs
166 @@ -1556,6 +1558,11 @@ int may_open(struct path *path, int acc_
167 goto err_out;
168 }
169
170 + /* includes O_APPEND and O_TRUNC checks */
171 + error = ccs_open_permission(dentry, path->mnt, flag);
172 + if (error)
173 + goto err_out;
174 +
175 /*
176 * Ensure there are no outstanding leases on the file.
177 */
178 @@ -1611,6 +1618,9 @@ static int __open_namei_create(struct na
179 if (!IS_POSIXACL(dir->d_inode))
180 mode &= ~current_umask();
181 error = security_path_mknod(&nd->path, path->dentry, mode, 0);
182 + if (!error)
183 + error = ccs_mknod_permission(dir->d_inode, path->dentry,
184 + nd->path.mnt, mode, 0);
185 if (error)
186 goto out_unlock;
187 error = vfs_create(dir->d_inode, path->dentry, mode, nd);
188 @@ -1624,6 +1634,7 @@ out_unlock:
189 return may_open(&nd->path, 0, flag & ~O_TRUNC);
190 }
191
192 +#include <linux/ccsecurity_vfs.h>
193 /*
194 * Note that while the flag value (low two bits) for sys_open means:
195 * 00 - read-only
196 @@ -1763,7 +1774,9 @@ do_last:
197 error = mnt_want_write(nd.path.mnt);
198 if (error)
199 goto exit_mutex_unlock;
200 + ccs_save_open_mode(open_flag);
201 error = __open_namei_create(&nd, &path, flag, mode);
202 + ccs_clear_open_mode();
203 if (error) {
204 mnt_drop_write(nd.path.mnt);
205 goto exit;
206 @@ -1822,7 +1835,9 @@ ok:
207 if (error)
208 goto exit;
209 }
210 + ccs_save_open_mode(open_flag);
211 error = may_open(&nd.path, acc_mode, flag);
212 + ccs_clear_open_mode();
213 if (error) {
214 if (will_write)
215 mnt_drop_write(nd.path.mnt);
216 @@ -2052,6 +2067,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const
217 if (error)
218 goto out_dput;
219 error = security_path_mknod(&nd.path, dentry, mode, dev);
220 + if (!error)
221 + error = ccs_mknod_permission(nd.path.dentry->d_inode, dentry,
222 + nd.path.mnt, mode, dev);
223 if (error)
224 goto out_drop_write;
225 switch (mode & S_IFMT) {
226 @@ -2127,6 +2145,9 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const
227 if (error)
228 goto out_dput;
229 error = security_path_mkdir(&nd.path, dentry, mode);
230 + if (!error)
231 + error = ccs_mkdir_permission(nd.path.dentry->d_inode, dentry,
232 + nd.path.mnt, mode);
233 if (error)
234 goto out_drop_write;
235 error = vfs_mkdir(nd.path.dentry->d_inode, dentry, mode);
236 @@ -2241,6 +2262,9 @@ static long do_rmdir(int dfd, const char
237 if (error)
238 goto exit3;
239 error = security_path_rmdir(&nd.path, dentry);
240 + if (!error)
241 + error = ccs_rmdir_permission(nd.path.dentry->d_inode, dentry,
242 + nd.path.mnt);
243 if (error)
244 goto exit4;
245 error = vfs_rmdir(nd.path.dentry->d_inode, dentry);
246 @@ -2330,6 +2354,9 @@ static long do_unlinkat(int dfd, const c
247 if (error)
248 goto exit2;
249 error = security_path_unlink(&nd.path, dentry);
250 + if (!error)
251 + error = ccs_unlink_permission(nd.path.dentry->d_inode,
252 + dentry, nd.path.mnt);
253 if (error)
254 goto exit3;
255 error = vfs_unlink(nd.path.dentry->d_inode, dentry);
256 @@ -2415,6 +2442,9 @@ SYSCALL_DEFINE3(symlinkat, const char __
257 if (error)
258 goto out_dput;
259 error = security_path_symlink(&nd.path, dentry, from);
260 + if (!error)
261 + error = ccs_symlink_permission(nd.path.dentry->d_inode, dentry,
262 + nd.path.mnt, from);
263 if (error)
264 goto out_drop_write;
265 error = vfs_symlink(nd.path.dentry->d_inode, dentry, from);
266 @@ -2515,6 +2545,10 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con
267 if (error)
268 goto out_dput;
269 error = security_path_link(old_path.dentry, &nd.path, new_dentry);
270 + if (!error)
271 + error = ccs_link_permission(old_path.dentry,
272 + nd.path.dentry->d_inode,
273 + new_dentry, nd.path.mnt);
274 if (error)
275 goto out_drop_write;
276 error = vfs_link(old_path.dentry, nd.path.dentry->d_inode, new_dentry);
277 @@ -2756,6 +2790,10 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
278 goto exit5;
279 error = security_path_rename(&oldnd.path, old_dentry,
280 &newnd.path, new_dentry);
281 + if (!error)
282 + error = ccs_rename_permission(old_dir->d_inode, old_dentry,
283 + new_dir->d_inode, new_dentry,
284 + newnd.path.mnt);
285 if (error)
286 goto exit6;
287 error = vfs_rename(old_dir->d_inode, old_dentry,
288 --- linux-2.6.31.1.orig/fs/namespace.c
289 +++ linux-2.6.31.1/fs/namespace.c
290 @@ -33,6 +33,7 @@
291 #include <asm/unistd.h>
292 #include "pnode.h"
293 #include "internal.h"
294 +#include <linux/ccsecurity.h>
295
296 #define HASH_SHIFT ilog2(PAGE_SIZE / sizeof(struct list_head))
297 #define HASH_SIZE (1UL << HASH_SHIFT)
298 @@ -1030,6 +1031,8 @@ static int do_umount(struct vfsmount *mn
299 LIST_HEAD(umount_list);
300
301 retval = security_sb_umount(mnt, flags);
302 + if (!retval)
303 + retval = ccs_umount_permission(mnt, flags);
304 if (retval)
305 return retval;
306
307 @@ -1119,6 +1122,8 @@ SYSCALL_DEFINE2(umount, char __user *, n
308 {
309 struct path path;
310 int retval;
311 + if (!ccs_capable(CCS_SYS_UMOUNT))
312 + return -EPERM;
313
314 retval = user_path(name, &path);
315 if (retval)
316 @@ -1467,6 +1472,9 @@ static int do_loopback(struct path *path
317
318 if (!check_mnt(path->mnt) || !check_mnt(old_path.mnt))
319 goto out;
320 + err = -EPERM;
321 + if (ccs_may_mount(path))
322 + goto out;
323
324 err = -ENOMEM;
325 if (recurse)
326 @@ -1578,6 +1586,9 @@ static int do_move_mount(struct path *pa
327 if (!check_mnt(path->mnt) || !check_mnt(old_path.mnt))
328 goto out;
329
330 + err = -EPERM;
331 + if (ccs_may_mount(path))
332 + goto out;
333 err = -ENOENT;
334 mutex_lock(&path->dentry->d_inode->i_mutex);
335 if (IS_DEADDIR(path->dentry->d_inode))
336 @@ -1683,6 +1694,9 @@ int do_add_mount(struct vfsmount *newmnt
337 err = -EINVAL;
338 if (S_ISLNK(newmnt->mnt_root->d_inode->i_mode))
339 goto unlock;
340 + err = -EPERM;
341 + if (ccs_may_mount(path))
342 + goto unlock;
343
344 newmnt->mnt_flags = mnt_flags;
345 if ((err = graft_tree(newmnt, path)))
346 @@ -1888,6 +1902,7 @@ int copy_mount_options(const void __user
347 long do_mount(char *dev_name, char *dir_name, char *type_page,
348 unsigned long flags, void *data_page)
349 {
350 + const unsigned long original_flags = flags;
351 struct path path;
352 int retval = 0;
353 int mnt_flags = 0;
354 @@ -1937,6 +1952,9 @@ long do_mount(char *dev_name, char *dir_
355
356 retval = security_sb_mount(dev_name, &path,
357 type_page, flags, data_page);
358 + if (!retval)
359 + retval = ccs_mount_permission(dev_name, &path, type_page,
360 + original_flags, data_page);
361 if (retval)
362 goto dput_out;
363
364 @@ -2140,6 +2158,8 @@ SYSCALL_DEFINE2(pivot_root, const char _
365
366 if (!capable(CAP_SYS_ADMIN))
367 return -EPERM;
368 + if (!ccs_capable(CCS_SYS_PIVOT_ROOT))
369 + return -EPERM;
370
371 error = user_path_dir(new_root, &new);
372 if (error)
373 @@ -2153,6 +2173,8 @@ SYSCALL_DEFINE2(pivot_root, const char _
374 goto out1;
375
376 error = security_sb_pivotroot(&old, &new);
377 + if (!error)
378 + error = ccs_pivot_root_permission(&old, &new);
379 if (error) {
380 path_put(&old);
381 goto out1;
382 --- linux-2.6.31.1.orig/fs/open.c
383 +++ linux-2.6.31.1/fs/open.c
384 @@ -30,6 +30,7 @@
385 #include <linux/audit.h>
386 #include <linux/falloc.h>
387 #include <linux/fs_struct.h>
388 +#include <linux/ccsecurity.h>
389
390 int vfs_statfs(struct dentry *dentry, struct kstatfs *buf)
391 {
392 @@ -273,6 +274,9 @@ static long do_sys_truncate(const char _
393 error = locks_verify_truncate(inode, NULL, length);
394 if (!error)
395 error = security_path_truncate(&path, length, 0);
396 + if (!error)
397 + error = ccs_truncate_permission(path.dentry, path.mnt, length,
398 + 0);
399 if (!error) {
400 vfs_dq_init(inode);
401 error = do_truncate(path.dentry, length, 0, NULL);
402 @@ -333,6 +337,9 @@ static long do_sys_ftruncate(unsigned in
403 error = security_path_truncate(&file->f_path, length,
404 ATTR_MTIME|ATTR_CTIME);
405 if (!error)
406 + error = ccs_truncate_permission(dentry, file->f_vfsmnt, length,
407 + ATTR_MTIME|ATTR_CTIME);
408 + if (!error)
409 error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, file);
410 out_putf:
411 fput(file);
412 @@ -586,6 +593,10 @@ SYSCALL_DEFINE1(chroot, const char __use
413 error = -EPERM;
414 if (!capable(CAP_SYS_CHROOT))
415 goto dput_and_out;
416 + if (!ccs_capable(CCS_SYS_CHROOT))
417 + goto dput_and_out;
418 + if (ccs_chroot_permission(&path))
419 + goto dput_and_out;
420
421 set_fs_root(current->fs, &path);
422 error = 0;
423 @@ -615,6 +626,9 @@ SYSCALL_DEFINE2(fchmod, unsigned int, fd
424 err = mnt_want_write_file(file);
425 if (err)
426 goto out_putf;
427 + err = ccs_chmod_permission(dentry, file->f_vfsmnt, mode);
428 + if (err)
429 + goto out_drop_write;
430 mutex_lock(&inode->i_mutex);
431 if (mode == (mode_t) -1)
432 mode = inode->i_mode;
433 @@ -622,6 +636,7 @@ SYSCALL_DEFINE2(fchmod, unsigned int, fd
434 newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
435 err = notify_change(dentry, &newattrs);
436 mutex_unlock(&inode->i_mutex);
437 +out_drop_write:
438 mnt_drop_write(file->f_path.mnt);
439 out_putf:
440 fput(file);
441 @@ -644,6 +659,9 @@ SYSCALL_DEFINE3(fchmodat, int, dfd, cons
442 error = mnt_want_write(path.mnt);
443 if (error)
444 goto dput_and_out;
445 + error = ccs_chmod_permission(path.dentry, path.mnt, mode);
446 + if (error)
447 + goto out_drop_write;
448 mutex_lock(&inode->i_mutex);
449 if (mode == (mode_t) -1)
450 mode = inode->i_mode;
451 @@ -651,6 +669,7 @@ SYSCALL_DEFINE3(fchmodat, int, dfd, cons
452 newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
453 error = notify_change(path.dentry, &newattrs);
454 mutex_unlock(&inode->i_mutex);
455 +out_drop_write:
456 mnt_drop_write(path.mnt);
457 dput_and_out:
458 path_put(&path);
459 @@ -699,6 +718,8 @@ SYSCALL_DEFINE3(chown, const char __user
460 error = mnt_want_write(path.mnt);
461 if (error)
462 goto out_release;
463 + error = ccs_chown_permission(path.dentry, path.mnt, user, group);
464 + if (!error)
465 error = chown_common(path.dentry, user, group);
466 mnt_drop_write(path.mnt);
467 out_release:
468 @@ -724,6 +745,8 @@ SYSCALL_DEFINE5(fchownat, int, dfd, cons
469 error = mnt_want_write(path.mnt);
470 if (error)
471 goto out_release;
472 + error = ccs_chown_permission(path.dentry, path.mnt, user, group);
473 + if (!error)
474 error = chown_common(path.dentry, user, group);
475 mnt_drop_write(path.mnt);
476 out_release:
477 @@ -743,6 +766,8 @@ SYSCALL_DEFINE3(lchown, const char __use
478 error = mnt_want_write(path.mnt);
479 if (error)
480 goto out_release;
481 + error = ccs_chown_permission(path.dentry, path.mnt, user, group);
482 + if (!error)
483 error = chown_common(path.dentry, user, group);
484 mnt_drop_write(path.mnt);
485 out_release:
486 @@ -766,6 +791,8 @@ SYSCALL_DEFINE3(fchown, unsigned int, fd
487 goto out_fput;
488 dentry = file->f_path.dentry;
489 audit_inode(NULL, dentry);
490 + error = ccs_chown_permission(dentry, file->f_vfsmnt, user, group);
491 + if (!error)
492 error = chown_common(dentry, user, group);
493 mnt_drop_write(file->f_path.mnt);
494 out_fput:
495 @@ -1157,6 +1184,8 @@ EXPORT_SYMBOL(sys_close);
496 */
497 SYSCALL_DEFINE0(vhangup)
498 {
499 + if (!ccs_capable(CCS_SYS_VHANGUP))
500 + return -EPERM;
501 if (capable(CAP_SYS_TTY_CONFIG)) {
502 tty_vhangup_self();
503 return 0;
504 --- linux-2.6.31.1.orig/fs/proc/version.c
505 +++ linux-2.6.31.1/fs/proc/version.c
506 @@ -32,3 +32,10 @@ static int __init proc_version_init(void
507 return 0;
508 }
509 module_init(proc_version_init);
510 +
511 +static int __init ccs_show_version(void)
512 +{
513 + printk(KERN_INFO "Hook version: 2.6.31.1 2009/10/01\n");
514 + return 0;
515 +}
516 +module_init(ccs_show_version);
517 --- linux-2.6.31.1.orig/include/linux/init_task.h
518 +++ linux-2.6.31.1/include/linux/init_task.h
519 @@ -105,6 +105,14 @@ extern struct cred init_cred;
520 # define INIT_PERF_COUNTERS(tsk)
521 #endif
522
523 +#ifdef CONFIG_CCSECURITY
524 +#define INIT_CCSECURITY \
525 + .ccs_domain_info = NULL, \
526 + .ccs_flags = 0,
527 +#else
528 +#define INIT_CCSECURITY
529 +#endif
530 +
531 /*
532 * INIT_TASK is used to set up the first task table, touch at
533 * your own risk!. Base=0, limit=0x1fffff (=2MB)
534 @@ -173,6 +181,7 @@ extern struct cred init_cred;
535 INIT_LOCKDEP \
536 INIT_FTRACE_GRAPH \
537 INIT_TRACE_RECURSION \
538 + INIT_CCSECURITY \
539 }
540
541
542 --- linux-2.6.31.1.orig/include/linux/sched.h
543 +++ linux-2.6.31.1/include/linux/sched.h
544 @@ -29,6 +29,8 @@
545 #define CLONE_NEWNET 0x40000000 /* New network namespace */
546 #define CLONE_IO 0x80000000 /* Clone io context */
547
548 +struct ccs_domain_info;
549 +
550 /*
551 * Scheduling policies
552 */
553 @@ -1480,6 +1482,10 @@ struct task_struct {
554 /* bitmask of trace recursion */
555 unsigned long trace_recursion;
556 #endif /* CONFIG_TRACING */
557 +#ifdef CONFIG_CCSECURITY
558 + struct ccs_domain_info *ccs_domain_info;
559 + u32 ccs_flags;
560 +#endif
561 };
562
563 /* Future-safe accessor for struct task_struct's cpus_allowed. */
564 --- linux-2.6.31.1.orig/kernel/compat.c
565 +++ linux-2.6.31.1/kernel/compat.c
566 @@ -27,6 +27,7 @@
567 #include <linux/ptrace.h>
568
569 #include <asm/uaccess.h>
570 +#include <linux/ccsecurity.h>
571
572 /*
573 * Note that the native side is already converted to a timespec, because
574 @@ -926,6 +927,8 @@ asmlinkage long compat_sys_stime(compat_
575 err = security_settime(&tv, NULL);
576 if (err)
577 return err;
578 + if (!ccs_capable(CCS_SYS_SETTIME))
579 + return -EPERM;
580
581 do_settimeofday(&tv);
582 return 0;
583 --- linux-2.6.31.1.orig/kernel/kexec.c
584 +++ linux-2.6.31.1/kernel/kexec.c
585 @@ -37,6 +37,7 @@
586 #include <asm/io.h>
587 #include <asm/system.h>
588 #include <asm/sections.h>
589 +#include <linux/ccsecurity.h>
590
591 /* Per cpu memory for storing cpu states in case of system crash. */
592 note_buf_t* crash_notes;
593 @@ -943,6 +944,8 @@ SYSCALL_DEFINE4(kexec_load, unsigned lon
594 /* We only trust the superuser with rebooting the system. */
595 if (!capable(CAP_SYS_BOOT))
596 return -EPERM;
597 + if (!ccs_capable(CCS_SYS_KEXEC_LOAD))
598 + return -EPERM;
599
600 /*
601 * Verify we have a legal set of flags
602 --- linux-2.6.31.1.orig/kernel/kmod.c
603 +++ linux-2.6.31.1/kernel/kmod.c
604 @@ -176,6 +176,11 @@ static int ____call_usermodehelper(void
605 */
606 set_user_nice(current, 0);
607
608 +#ifdef CONFIG_CCSECURITY
609 + current->ccs_domain_info = NULL;
610 + current->ccs_flags = 0;
611 +#endif
612 +
613 retval = kernel_execve(sub_info->path, sub_info->argv, sub_info->envp);
614
615 /* Exec failed? */
616 --- linux-2.6.31.1.orig/kernel/module.c
617 +++ linux-2.6.31.1/kernel/module.c
618 @@ -54,6 +54,7 @@
619 #include <linux/async.h>
620 #include <linux/percpu.h>
621 #include <linux/kmemleak.h>
622 +#include <linux/ccsecurity.h>
623
624 #if 0
625 #define DEBUGP printk
626 @@ -795,6 +796,8 @@ SYSCALL_DEFINE2(delete_module, const cha
627
628 if (!capable(CAP_SYS_MODULE) || modules_disabled)
629 return -EPERM;
630 + if (!ccs_capable(CCS_USE_KERNEL_MODULE))
631 + return -EPERM;
632
633 if (strncpy_from_user(name, name_user, MODULE_NAME_LEN-1) < 0)
634 return -EFAULT;
635 @@ -2421,6 +2424,8 @@ SYSCALL_DEFINE3(init_module, void __user
636 /* Must have permission */
637 if (!capable(CAP_SYS_MODULE) || modules_disabled)
638 return -EPERM;
639 + if (!ccs_capable(CCS_USE_KERNEL_MODULE))
640 + return -EPERM;
641
642 /* Only one module load at a time, please */
643 if (mutex_lock_interruptible(&module_mutex) != 0)
644 --- linux-2.6.31.1.orig/kernel/ptrace.c
645 +++ linux-2.6.31.1/kernel/ptrace.c
646 @@ -22,6 +22,7 @@
647 #include <linux/pid_namespace.h>
648 #include <linux/syscalls.h>
649 #include <linux/uaccess.h>
650 +#include <linux/ccsecurity.h>
651
652
653 /*
654 @@ -600,6 +601,8 @@ SYSCALL_DEFINE4(ptrace, long, request, l
655 {
656 struct task_struct *child;
657 long ret;
658 + if (!ccs_capable(CCS_SYS_PTRACE))
659 + return -EPERM;
660
661 /*
662 * This lock_kernel fixes a subtle race with suid exec
663 @@ -721,6 +724,8 @@ asmlinkage long compat_sys_ptrace(compat
664 {
665 struct task_struct *child;
666 long ret;
667 + if (!ccs_capable(CCS_SYS_PTRACE))
668 + return -EPERM;
669
670 /*
671 * This lock_kernel fixes a subtle race with suid exec
672 --- linux-2.6.31.1.orig/kernel/sched.c
673 +++ linux-2.6.31.1/kernel/sched.c
674 @@ -75,6 +75,7 @@
675
676 #include <asm/tlb.h>
677 #include <asm/irq_regs.h>
678 +#include <linux/ccsecurity.h>
679
680 #include "sched_cpupri.h"
681
682 @@ -5994,6 +5995,8 @@ int can_nice(const struct task_struct *p
683 SYSCALL_DEFINE1(nice, int, increment)
684 {
685 long nice, retval;
686 + if (!ccs_capable(CCS_SYS_NICE))
687 + return -EPERM;
688
689 /*
690 * Setpriority might change our priority at the same moment.
691 --- linux-2.6.31.1.orig/kernel/signal.c
692 +++ linux-2.6.31.1/kernel/signal.c
693 @@ -34,6 +34,7 @@
694 #include <asm/unistd.h>
695 #include <asm/siginfo.h>
696 #include "audit.h" /* audit_signal_info() */
697 +#include <linux/ccsecurity.h>
698
699 /*
700 * SLAB caches for signal bits.
701 @@ -2276,6 +2277,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
702 SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
703 {
704 struct siginfo info;
705 + if (ccs_kill_permission(pid, sig))
706 + return -EPERM;
707
708 info.si_signo = sig;
709 info.si_errno = 0;
710 @@ -2343,6 +2346,8 @@ SYSCALL_DEFINE3(tgkill, pid_t, tgid, pid
711 /* This is only valid for single tasks */
712 if (pid <= 0 || tgid <= 0)
713 return -EINVAL;
714 + if (ccs_tgkill_permission(tgid, pid, sig))
715 + return -EPERM;
716
717 return do_tkill(tgid, pid, sig);
718 }
719 @@ -2355,6 +2360,8 @@ SYSCALL_DEFINE2(tkill, pid_t, pid, int,
720 /* This is only valid for single tasks */
721 if (pid <= 0)
722 return -EINVAL;
723 + if (ccs_tkill_permission(pid, sig))
724 + return -EPERM;
725
726 return do_tkill(0, pid, sig);
727 }
728 @@ -2372,6 +2379,8 @@ SYSCALL_DEFINE3(rt_sigqueueinfo, pid_t,
729 if (info.si_code >= 0)
730 return -EPERM;
731 info.si_signo = sig;
732 + if (ccs_sigqueue_permission(pid, sig))
733 + return -EPERM;
734
735 /* POSIX.1b doesn't mention process groups. */
736 return kill_proc_info(sig, &info, pid);
737 @@ -2388,6 +2397,8 @@ long do_rt_tgsigqueueinfo(pid_t tgid, pi
738 if (info->si_code >= 0)
739 return -EPERM;
740 info->si_signo = sig;
741 + if (ccs_tgsigqueue_permission(tgid, pid, sig))
742 + return -EPERM;
743
744 return do_send_specific(tgid, pid, sig, info);
745 }
746 --- linux-2.6.31.1.orig/kernel/sys.c
747 +++ linux-2.6.31.1/kernel/sys.c
748 @@ -45,6 +45,7 @@
749 #include <asm/uaccess.h>
750 #include <asm/io.h>
751 #include <asm/unistd.h>
752 +#include <linux/ccsecurity.h>
753
754 #ifndef SET_UNALIGN_CTL
755 # define SET_UNALIGN_CTL(a,b) (-EINVAL)
756 @@ -155,6 +156,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
757
758 if (which > PRIO_USER || which < PRIO_PROCESS)
759 goto out;
760 + if (!ccs_capable(CCS_SYS_NICE)) {
761 + error = -EPERM;
762 + goto out;
763 + }
764
765 /* normalize: avoid signed division (rounding problems) */
766 error = -ESRCH;
767 @@ -374,6 +379,8 @@ SYSCALL_DEFINE4(reboot, int, magic1, int
768 magic2 != LINUX_REBOOT_MAGIC2B &&
769 magic2 != LINUX_REBOOT_MAGIC2C))
770 return -EINVAL;
771 + if (!ccs_capable(CCS_SYS_REBOOT))
772 + return -EPERM;
773
774 /* Instead of trying to make the power_off code look like
775 * halt when pm_power_off is not set do it the easy way.
776 @@ -1135,6 +1142,8 @@ SYSCALL_DEFINE2(sethostname, char __user
777 return -EPERM;
778 if (len < 0 || len > __NEW_UTS_LEN)
779 return -EINVAL;
780 + if (!ccs_capable(CCS_SYS_SETHOSTNAME))
781 + return -EPERM;
782 down_write(&uts_sem);
783 errno = -EFAULT;
784 if (!copy_from_user(tmp, name, len)) {
785 @@ -1184,6 +1193,8 @@ SYSCALL_DEFINE2(setdomainname, char __us
786 return -EPERM;
787 if (len < 0 || len > __NEW_UTS_LEN)
788 return -EINVAL;
789 + if (!ccs_capable(CCS_SYS_SETHOSTNAME))
790 + return -EPERM;
791
792 down_write(&uts_sem);
793 errno = -EFAULT;
794 --- linux-2.6.31.1.orig/kernel/sysctl.c
795 +++ linux-2.6.31.1/kernel/sysctl.c
796 @@ -55,6 +55,7 @@
797
798 #include <asm/uaccess.h>
799 #include <asm/processor.h>
800 +#include <linux/ccsecurity.h>
801
802 #ifdef CONFIG_X86
803 #include <asm/nmi.h>
804 @@ -1784,6 +1785,9 @@ int do_sysctl(int __user *name, int nlen
805
806 for (head = sysctl_head_next(NULL); head;
807 head = sysctl_head_next(head)) {
808 + error = ccs_parse_table(name, nlen, oldval, newval,
809 + head->ctl_table);
810 + if (!error)
811 error = parse_table(name, nlen, oldval, oldlenp,
812 newval, newlen,
813 head->root, head->ctl_table);
814 --- linux-2.6.31.1.orig/kernel/time.c
815 +++ linux-2.6.31.1/kernel/time.c
816 @@ -41,6 +41,7 @@
817
818 #include <asm/uaccess.h>
819 #include <asm/unistd.h>
820 +#include <linux/ccsecurity.h>
821
822 #include "timeconst.h"
823
824 @@ -92,6 +93,8 @@ SYSCALL_DEFINE1(stime, time_t __user *,
825 err = security_settime(&tv, NULL);
826 if (err)
827 return err;
828 + if (!ccs_capable(CCS_SYS_SETTIME))
829 + return -EPERM;
830
831 do_settimeofday(&tv);
832 return 0;
833 @@ -163,6 +166,8 @@ int do_sys_settimeofday(struct timespec
834 error = security_settime(tv, tz);
835 if (error)
836 return error;
837 + if (!ccs_capable(CCS_SYS_SETTIME))
838 + return -EPERM;
839
840 if (tz) {
841 /* SMP safe, global irq locking makes it work. */
842 --- linux-2.6.31.1.orig/kernel/time/ntp.c
843 +++ linux-2.6.31.1/kernel/time/ntp.c
844 @@ -14,6 +14,7 @@
845 #include <linux/timex.h>
846 #include <linux/time.h>
847 #include <linux/mm.h>
848 +#include <linux/ccsecurity.h>
849
850 /*
851 * NTP timekeeping variables:
852 @@ -459,10 +460,15 @@ int do_adjtimex(struct timex *txc)
853 if (!(txc->modes & ADJ_OFFSET_READONLY) &&
854 !capable(CAP_SYS_TIME))
855 return -EPERM;
856 + if (!(txc->modes & ADJ_OFFSET_READONLY) &&
857 + !ccs_capable(CCS_SYS_SETTIME))
858 + return -EPERM;
859 } else {
860 /* In order to modify anything, you gotta be super-user! */
861 if (txc->modes && !capable(CAP_SYS_TIME))
862 return -EPERM;
863 + if (txc->modes && !ccs_capable(CCS_SYS_SETTIME))
864 + return -EPERM;
865
866 /*
867 * if the quartz is off by more than 10% then
868 --- linux-2.6.31.1.orig/net/ipv4/inet_connection_sock.c
869 +++ linux-2.6.31.1/net/ipv4/inet_connection_sock.c
870 @@ -23,6 +23,7 @@
871 #include <net/route.h>
872 #include <net/tcp_states.h>
873 #include <net/xfrm.h>
874 +#include <linux/ccsecurity.h>
875
876 #ifdef INET_CSK_DEBUG
877 const char inet_csk_timer_bug_msg[] = "inet_csk BUG: unknown timer value\n";
878 @@ -111,6 +112,8 @@ again:
879 head = &hashinfo->bhash[inet_bhashfn(net, rover,
880 hashinfo->bhash_size)];
881 spin_lock(&head->lock);
882 + if (ccs_lport_reserved(rover))
883 + goto next;
884 inet_bind_bucket_for_each(tb, node, &head->chain)
885 if (ib_net(tb) == net && tb->port == rover) {
886 if (tb->fastreuse > 0 &&
887 --- linux-2.6.31.1.orig/net/ipv4/inet_hashtables.c
888 +++ linux-2.6.31.1/net/ipv4/inet_hashtables.c
889 @@ -22,6 +22,7 @@
890 #include <net/inet_connection_sock.h>
891 #include <net/inet_hashtables.h>
892 #include <net/ip.h>
893 +#include <linux/ccsecurity.h>
894
895 /*
896 * Allocate and initialize a new local port bind bucket.
897 @@ -443,6 +444,8 @@ int __inet_hash_connect(struct inet_time
898 local_bh_disable();
899 for (i = 1; i <= remaining; i++) {
900 port = low + (i + offset) % remaining;
901 + if (ccs_lport_reserved(port))
902 + continue;
903 head = &hinfo->bhash[inet_bhashfn(net, port,
904 hinfo->bhash_size)];
905 spin_lock(&head->lock);
906 --- linux-2.6.31.1.orig/net/ipv4/raw.c
907 +++ linux-2.6.31.1/net/ipv4/raw.c
908 @@ -77,6 +77,7 @@
909 #include <linux/seq_file.h>
910 #include <linux/netfilter.h>
911 #include <linux/netfilter_ipv4.h>
912 +#include <linux/ccsecurity.h>
913
914 static struct raw_hashinfo raw_v4_hashinfo = {
915 .lock = __RW_LOCK_UNLOCKED(raw_v4_hashinfo.lock),
916 @@ -666,6 +667,9 @@ static int raw_recvmsg(struct kiocb *ioc
917 skb = skb_recv_datagram(sk, flags, noblock, &err);
918 if (!skb)
919 goto out;
920 + err = ccs_socket_recvmsg_permission(sk, skb, flags);
921 + if (err)
922 + goto out;
923
924 copied = skb->len;
925 if (len < copied) {
926 --- linux-2.6.31.1.orig/net/ipv4/udp.c
927 +++ linux-2.6.31.1/net/ipv4/udp.c
928 @@ -105,6 +105,7 @@
929 #include <net/checksum.h>
930 #include <net/xfrm.h>
931 #include "udp_impl.h"
932 +#include <linux/ccsecurity.h>
933
934 struct udp_table udp_table;
935 EXPORT_SYMBOL(udp_table);
936 @@ -195,7 +196,8 @@ int udp_lib_get_port(struct sock *sk, un
937 */
938 do {
939 if (low <= snum && snum <= high &&
940 - !test_bit(snum / UDP_HTABLE_SIZE, bitmap))
941 + !test_bit(snum / UDP_HTABLE_SIZE, bitmap)
942 + && !ccs_lport_reserved(snum))
943 goto found;
944 snum += rand;
945 } while (snum != first);
946 @@ -902,6 +904,9 @@ try_again:
947 &peeked, &err);
948 if (!skb)
949 goto out;
950 + err = ccs_socket_recvmsg_permission(sk, skb, flags);
951 + if (err)
952 + goto out;
953
954 ulen = skb->len - sizeof(struct udphdr);
955 copied = len;
956 --- linux-2.6.31.1.orig/net/ipv6/raw.c
957 +++ linux-2.6.31.1/net/ipv6/raw.c
958 @@ -59,6 +59,7 @@
959
960 #include <linux/proc_fs.h>
961 #include <linux/seq_file.h>
962 +#include <linux/ccsecurity.h>
963
964 static struct raw_hashinfo raw_v6_hashinfo = {
965 .lock = __RW_LOCK_UNLOCKED(raw_v6_hashinfo.lock),
966 @@ -465,6 +466,9 @@ static int rawv6_recvmsg(struct kiocb *i
967 skb = skb_recv_datagram(sk, flags, noblock, &err);
968 if (!skb)
969 goto out;
970 + err = ccs_socket_recvmsg_permission(sk, skb, flags);
971 + if (err)
972 + goto out;
973
974 copied = skb->len;
975 if (copied > len) {
976 --- linux-2.6.31.1.orig/net/ipv6/udp.c
977 +++ linux-2.6.31.1/net/ipv6/udp.c
978 @@ -48,6 +48,7 @@
979 #include <linux/proc_fs.h>
980 #include <linux/seq_file.h>
981 #include "udp_impl.h"
982 +#include <linux/ccsecurity.h>
983
984 int ipv6_rcv_saddr_equal(const struct sock *sk, const struct sock *sk2)
985 {
986 @@ -211,6 +212,9 @@ try_again:
987 &peeked, &err);
988 if (!skb)
989 goto out;
990 + err = ccs_socket_recvmsg_permission(sk, skb, flags);
991 + if (err)
992 + goto out;
993
994 ulen = skb->len - sizeof(struct udphdr);
995 copied = len;
996 --- linux-2.6.31.1.orig/net/socket.c
997 +++ linux-2.6.31.1/net/socket.c
998 @@ -96,6 +96,8 @@
999 #include <net/sock.h>
1000 #include <linux/netfilter.h>
1001
1002 +#include <linux/ccsecurity.h>
1003 +
1004 static int sock_no_open(struct inode *irrelevant, struct file *dontcare);
1005 static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov,
1006 unsigned long nr_segs, loff_t pos);
1007 @@ -567,6 +569,8 @@ static inline int __sock_sendmsg(struct
1008 si->size = size;
1009
1010 err = security_socket_sendmsg(sock, msg, size);
1011 + if (!err)
1012 + err = ccs_socket_sendmsg_permission(sock, msg, size);
1013 if (err)
1014 return err;
1015
1016 @@ -1171,6 +1175,8 @@ static int __sock_create(struct net *net
1017 }
1018
1019 err = security_socket_create(family, type, protocol, kern);
1020 + if (!err)
1021 + err = ccs_socket_create_permission(family, type, protocol);
1022 if (err)
1023 return err;
1024
1025 @@ -1419,6 +1425,11 @@ SYSCALL_DEFINE3(bind, int, fd, struct so
1026 (struct sockaddr *)&address,
1027 addrlen);
1028 if (!err)
1029 + err = ccs_socket_bind_permission(sock,
1030 + (struct sockaddr *)
1031 + &address,
1032 + addrlen);
1033 + if (!err)
1034 err = sock->ops->bind(sock,
1035 (struct sockaddr *)
1036 &address, addrlen);
1037 @@ -1448,6 +1459,8 @@ SYSCALL_DEFINE2(listen, int, fd, int, ba
1038
1039 err = security_socket_listen(sock, backlog);
1040 if (!err)
1041 + err = ccs_socket_listen_permission(sock);
1042 + if (!err)
1043 err = sock->ops->listen(sock, backlog);
1044
1045 fput_light(sock->file, fput_needed);
1046 @@ -1517,6 +1530,11 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
1047 if (err < 0)
1048 goto out_fd;
1049
1050 + if (ccs_socket_accept_permission(newsock,
1051 + (struct sockaddr *) &address)) {
1052 + err = -ECONNABORTED; /* Hope less harmful than -EPERM. */
1053 + goto out_fd;
1054 + }
1055 if (upeer_sockaddr) {
1056 if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
1057 &len, 2) < 0) {
1058 @@ -1583,6 +1601,9 @@ SYSCALL_DEFINE3(connect, int, fd, struct
1059
1060 err =
1061 security_socket_connect(sock, (struct sockaddr *)&address, addrlen);
1062 + if (!err)
1063 + err = ccs_socket_connect_permission(sock, (struct sockaddr *)
1064 + &address, addrlen);
1065 if (err)
1066 goto out_put;
1067
1068 --- linux-2.6.31.1.orig/net/unix/af_unix.c
1069 +++ linux-2.6.31.1/net/unix/af_unix.c
1070 @@ -114,6 +114,7 @@
1071 #include <linux/mount.h>
1072 #include <net/checksum.h>
1073 #include <linux/security.h>
1074 +#include <linux/ccsecurity.h>
1075
1076 static struct hlist_head unix_socket_table[UNIX_HASH_SIZE + 1];
1077 static DEFINE_SPINLOCK(unix_table_lock);
1078 @@ -837,6 +838,10 @@ static int unix_bind(struct socket *sock
1079 if (err)
1080 goto out_mknod_dput;
1081 err = security_path_mknod(&nd.path, dentry, mode, 0);
1082 + if (!err)
1083 + err = ccs_mknod_permission(nd.path.dentry->d_inode,
1084 + dentry, nd.path.mnt, mode,
1085 + 0);
1086 if (err)
1087 goto out_mknod_drop_write;
1088 err = vfs_mknod(nd.path.dentry->d_inode, dentry, mode, 0);
1089 --- linux-2.6.31.1.orig/security/Kconfig
1090 +++ linux-2.6.31.1/security/Kconfig
1091 @@ -135,5 +135,7 @@ source security/tomoyo/Kconfig
1092
1093 source security/integrity/ima/Kconfig
1094
1095 +source security/ccsecurity/Kconfig
1096 +
1097 endmenu
1098
1099 --- linux-2.6.31.1.orig/security/Makefile
1100 +++ linux-2.6.31.1/security/Makefile
1101 @@ -26,3 +26,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
1102 # Object integrity file lists
1103 subdir-$(CONFIG_IMA) += integrity/ima
1104 obj-$(CONFIG_IMA) += integrity/ima/built-in.o
1105 +
1106 +subdir-$(CONFIG_CCSECURITY) += ccsecurity
1107 +obj-$(CONFIG_CCSECURITY) += ccsecurity/built-in.o
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
サイト情報
ソフトウェアを探す
ソフトウェアを作る
コミュニティ
ヘルプ