1 |
This is TOMOYO Linux patch for kernel 3.10.60. |
This is TOMOYO Linux patch for kernel 3.10.61. |
2 |
|
|
3 |
Source code for this patch is https://www.kernel.org/pub/linux/kernel/v3.x/linux-3.10.60.tar.xz |
Source code for this patch is https://www.kernel.org/pub/linux/kernel/v3.x/linux-3.10.61.tar.xz |
4 |
--- |
--- |
5 |
fs/exec.c | 2 |
fs/exec.c | 2 |
6 |
fs/open.c | 2 |
fs/open.c | 2 |
28 |
security/security.c | 107 ++++++++++++++++++++++++++++++++++++++++------ |
security/security.c | 107 ++++++++++++++++++++++++++++++++++++++++------ |
29 |
24 files changed, 235 insertions(+), 37 deletions(-) |
24 files changed, 235 insertions(+), 37 deletions(-) |
30 |
|
|
31 |
--- linux-3.10.60.orig/fs/exec.c |
--- linux-3.10.61.orig/fs/exec.c |
32 |
+++ linux-3.10.60/fs/exec.c |
+++ linux-3.10.61/fs/exec.c |
33 |
@@ -1540,7 +1540,7 @@ static int do_execve_common(const char * |
@@ -1540,7 +1540,7 @@ static int do_execve_common(const char * |
34 |
if (retval < 0) |
if (retval < 0) |
35 |
goto out; |
goto out; |
39 |
if (retval < 0) |
if (retval < 0) |
40 |
goto out; |
goto out; |
41 |
|
|
42 |
--- linux-3.10.60.orig/fs/open.c |
--- linux-3.10.61.orig/fs/open.c |
43 |
+++ linux-3.10.60/fs/open.c |
+++ linux-3.10.61/fs/open.c |
44 |
@@ -1023,6 +1023,8 @@ EXPORT_SYMBOL(sys_close); |
@@ -1023,6 +1023,8 @@ EXPORT_SYMBOL(sys_close); |
45 |
*/ |
*/ |
46 |
SYSCALL_DEFINE0(vhangup) |
SYSCALL_DEFINE0(vhangup) |
50 |
if (capable(CAP_SYS_TTY_CONFIG)) { |
if (capable(CAP_SYS_TTY_CONFIG)) { |
51 |
tty_vhangup_self(); |
tty_vhangup_self(); |
52 |
return 0; |
return 0; |
53 |
--- linux-3.10.60.orig/fs/proc/version.c |
--- linux-3.10.61.orig/fs/proc/version.c |
54 |
+++ linux-3.10.60/fs/proc/version.c |
+++ linux-3.10.61/fs/proc/version.c |
55 |
@@ -32,3 +32,10 @@ static int __init proc_version_init(void |
@@ -32,3 +32,10 @@ static int __init proc_version_init(void |
56 |
return 0; |
return 0; |
57 |
} |
} |
59 |
+ |
+ |
60 |
+static int __init ccs_show_version(void) |
+static int __init ccs_show_version(void) |
61 |
+{ |
+{ |
62 |
+ printk(KERN_INFO "Hook version: 3.10.60 2014/11/19\n"); |
+ printk(KERN_INFO "Hook version: 3.10.61 2014/11/23\n"); |
63 |
+ return 0; |
+ return 0; |
64 |
+} |
+} |
65 |
+module_init(ccs_show_version); |
+module_init(ccs_show_version); |
66 |
--- linux-3.10.60.orig/include/linux/init_task.h |
--- linux-3.10.61.orig/include/linux/init_task.h |
67 |
+++ linux-3.10.60/include/linux/init_task.h |
+++ linux-3.10.61/include/linux/init_task.h |
68 |
@@ -155,6 +155,14 @@ extern struct task_group root_task_group |
@@ -155,6 +155,14 @@ extern struct task_group root_task_group |
69 |
|
|
70 |
#define INIT_TASK_COMM "swapper" |
#define INIT_TASK_COMM "swapper" |
88 |
} |
} |
89 |
|
|
90 |
|
|
91 |
--- linux-3.10.60.orig/include/linux/sched.h |
--- linux-3.10.61.orig/include/linux/sched.h |
92 |
+++ linux-3.10.60/include/linux/sched.h |
+++ linux-3.10.61/include/linux/sched.h |
93 |
@@ -4,6 +4,8 @@ |
@@ -4,6 +4,8 @@ |
94 |
#include <uapi/linux/sched.h> |
#include <uapi/linux/sched.h> |
95 |
|
|
99 |
struct sched_param { |
struct sched_param { |
100 |
int sched_priority; |
int sched_priority; |
101 |
}; |
}; |
102 |
@@ -1422,6 +1424,10 @@ struct task_struct { |
@@ -1428,6 +1430,10 @@ struct task_struct { |
103 |
unsigned int sequential_io; |
unsigned int sequential_io; |
104 |
unsigned int sequential_io_avg; |
unsigned int sequential_io_avg; |
105 |
#endif |
#endif |
110 |
}; |
}; |
111 |
|
|
112 |
/* Future-safe accessor for struct task_struct's cpus_allowed. */ |
/* Future-safe accessor for struct task_struct's cpus_allowed. */ |
113 |
--- linux-3.10.60.orig/include/linux/security.h |
--- linux-3.10.61.orig/include/linux/security.h |
114 |
+++ linux-3.10.60/include/linux/security.h |
+++ linux-3.10.61/include/linux/security.h |
115 |
@@ -52,6 +52,7 @@ struct msg_queue; |
@@ -52,6 +52,7 @@ struct msg_queue; |
116 |
struct xattr; |
struct xattr; |
117 |
struct xfrm_sec_ctx; |
struct xfrm_sec_ctx; |
313 |
} |
} |
314 |
#endif /* CONFIG_SECURITY_PATH */ |
#endif /* CONFIG_SECURITY_PATH */ |
315 |
|
|
316 |
--- linux-3.10.60.orig/include/net/ip.h |
--- linux-3.10.61.orig/include/net/ip.h |
317 |
+++ linux-3.10.60/include/net/ip.h |
+++ linux-3.10.61/include/net/ip.h |
318 |
@@ -205,6 +205,8 @@ extern void inet_get_local_port_range(in |
@@ -205,6 +205,8 @@ extern void inet_get_local_port_range(in |
319 |
extern unsigned long *sysctl_local_reserved_ports; |
extern unsigned long *sysctl_local_reserved_ports; |
320 |
static inline int inet_is_reserved_local_port(int port) |
static inline int inet_is_reserved_local_port(int port) |
324 |
return test_bit(port, sysctl_local_reserved_ports); |
return test_bit(port, sysctl_local_reserved_ports); |
325 |
} |
} |
326 |
|
|
327 |
--- linux-3.10.60.orig/kernel/fork.c |
--- linux-3.10.61.orig/kernel/fork.c |
328 |
+++ linux-3.10.60/kernel/fork.c |
+++ linux-3.10.61/kernel/fork.c |
329 |
@@ -242,6 +242,7 @@ void __put_task_struct(struct task_struc |
@@ -242,6 +242,7 @@ void __put_task_struct(struct task_struc |
330 |
delayacct_tsk_free(tsk); |
delayacct_tsk_free(tsk); |
331 |
put_signal_struct(tsk->signal); |
put_signal_struct(tsk->signal); |
352 |
bad_fork_cleanup_perf: |
bad_fork_cleanup_perf: |
353 |
perf_event_free_task(p); |
perf_event_free_task(p); |
354 |
bad_fork_cleanup_policy: |
bad_fork_cleanup_policy: |
355 |
--- linux-3.10.60.orig/kernel/kexec.c |
--- linux-3.10.61.orig/kernel/kexec.c |
356 |
+++ linux-3.10.60/kernel/kexec.c |
+++ linux-3.10.61/kernel/kexec.c |
357 |
@@ -37,6 +37,7 @@ |
@@ -37,6 +37,7 @@ |
358 |
#include <asm/uaccess.h> |
#include <asm/uaccess.h> |
359 |
#include <asm/io.h> |
#include <asm/io.h> |
371 |
|
|
372 |
/* |
/* |
373 |
* Verify we have a legal set of flags |
* Verify we have a legal set of flags |
374 |
--- linux-3.10.60.orig/kernel/module.c |
--- linux-3.10.61.orig/kernel/module.c |
375 |
+++ linux-3.10.60/kernel/module.c |
+++ linux-3.10.61/kernel/module.c |
376 |
@@ -63,6 +63,7 @@ |
@@ -63,6 +63,7 @@ |
377 |
#include <linux/fips.h> |
#include <linux/fips.h> |
378 |
#include <uapi/linux/module.h> |
#include <uapi/linux/module.h> |
399 |
|
|
400 |
return 0; |
return 0; |
401 |
} |
} |
402 |
--- linux-3.10.60.orig/kernel/ptrace.c |
--- linux-3.10.61.orig/kernel/ptrace.c |
403 |
+++ linux-3.10.60/kernel/ptrace.c |
+++ linux-3.10.61/kernel/ptrace.c |
404 |
@@ -998,6 +998,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l |
@@ -998,6 +998,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l |
405 |
{ |
{ |
406 |
struct task_struct *child; |
struct task_struct *child; |
425 |
|
|
426 |
if (request == PTRACE_TRACEME) { |
if (request == PTRACE_TRACEME) { |
427 |
ret = ptrace_traceme(); |
ret = ptrace_traceme(); |
428 |
--- linux-3.10.60.orig/kernel/sched/core.c |
--- linux-3.10.61.orig/kernel/sched/core.c |
429 |
+++ linux-3.10.60/kernel/sched/core.c |
+++ linux-3.10.61/kernel/sched/core.c |
430 |
@@ -3732,6 +3732,8 @@ int can_nice(const struct task_struct *p |
@@ -3732,6 +3732,8 @@ int can_nice(const struct task_struct *p |
431 |
SYSCALL_DEFINE1(nice, int, increment) |
SYSCALL_DEFINE1(nice, int, increment) |
432 |
{ |
{ |
436 |
|
|
437 |
/* |
/* |
438 |
* Setpriority might change our priority at the same moment. |
* Setpriority might change our priority at the same moment. |
439 |
--- linux-3.10.60.orig/kernel/signal.c |
--- linux-3.10.61.orig/kernel/signal.c |
440 |
+++ linux-3.10.60/kernel/signal.c |
+++ linux-3.10.61/kernel/signal.c |
441 |
@@ -2909,6 +2909,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s |
@@ -2909,6 +2909,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s |
442 |
SYSCALL_DEFINE2(kill, pid_t, pid, int, sig) |
SYSCALL_DEFINE2(kill, pid_t, pid, int, sig) |
443 |
{ |
{ |
483 |
|
|
484 |
return do_send_specific(tgid, pid, sig, info); |
return do_send_specific(tgid, pid, sig, info); |
485 |
} |
} |
486 |
--- linux-3.10.60.orig/kernel/sys.c |
--- linux-3.10.61.orig/kernel/sys.c |
487 |
+++ linux-3.10.60/kernel/sys.c |
+++ linux-3.10.61/kernel/sys.c |
488 |
@@ -186,6 +186,10 @@ SYSCALL_DEFINE3(setpriority, int, which, |
@@ -186,6 +186,10 @@ SYSCALL_DEFINE3(setpriority, int, which, |
489 |
|
|
490 |
if (which > PRIO_USER || which < PRIO_PROCESS) |
if (which > PRIO_USER || which < PRIO_PROCESS) |
523 |
|
|
524 |
down_write(&uts_sem); |
down_write(&uts_sem); |
525 |
errno = -EFAULT; |
errno = -EFAULT; |
526 |
--- linux-3.10.60.orig/kernel/time/ntp.c |
--- linux-3.10.61.orig/kernel/time/ntp.c |
527 |
+++ linux-3.10.60/kernel/time/ntp.c |
+++ linux-3.10.61/kernel/time/ntp.c |
528 |
@@ -16,6 +16,7 @@ |
@@ -16,6 +16,7 @@ |
529 |
#include <linux/mm.h> |
#include <linux/mm.h> |
530 |
#include <linux/module.h> |
#include <linux/module.h> |
558 |
|
|
559 |
return 0; |
return 0; |
560 |
} |
} |
561 |
--- linux-3.10.60.orig/net/ipv4/raw.c |
--- linux-3.10.61.orig/net/ipv4/raw.c |
562 |
+++ linux-3.10.60/net/ipv4/raw.c |
+++ linux-3.10.61/net/ipv4/raw.c |
563 |
@@ -700,6 +700,10 @@ static int raw_recvmsg(struct kiocb *ioc |
@@ -700,6 +700,10 @@ static int raw_recvmsg(struct kiocb *ioc |
564 |
skb = skb_recv_datagram(sk, flags, noblock, &err); |
skb = skb_recv_datagram(sk, flags, noblock, &err); |
565 |
if (!skb) |
if (!skb) |
571 |
|
|
572 |
copied = skb->len; |
copied = skb->len; |
573 |
if (len < copied) { |
if (len < copied) { |
574 |
--- linux-3.10.60.orig/net/ipv4/udp.c |
--- linux-3.10.61.orig/net/ipv4/udp.c |
575 |
+++ linux-3.10.60/net/ipv4/udp.c |
+++ linux-3.10.61/net/ipv4/udp.c |
576 |
@@ -1218,6 +1218,10 @@ try_again: |
@@ -1218,6 +1218,10 @@ try_again: |
577 |
&peeked, &off, &err); |
&peeked, &off, &err); |
578 |
if (!skb) |
if (!skb) |
584 |
|
|
585 |
ulen = skb->len - sizeof(struct udphdr); |
ulen = skb->len - sizeof(struct udphdr); |
586 |
copied = len; |
copied = len; |
587 |
--- linux-3.10.60.orig/net/ipv6/raw.c |
--- linux-3.10.61.orig/net/ipv6/raw.c |
588 |
+++ linux-3.10.60/net/ipv6/raw.c |
+++ linux-3.10.61/net/ipv6/raw.c |
589 |
@@ -468,6 +468,10 @@ static int rawv6_recvmsg(struct kiocb *i |
@@ -468,6 +468,10 @@ static int rawv6_recvmsg(struct kiocb *i |
590 |
skb = skb_recv_datagram(sk, flags, noblock, &err); |
skb = skb_recv_datagram(sk, flags, noblock, &err); |
591 |
if (!skb) |
if (!skb) |
597 |
|
|
598 |
copied = skb->len; |
copied = skb->len; |
599 |
if (copied > len) { |
if (copied > len) { |
600 |
--- linux-3.10.60.orig/net/ipv6/udp.c |
--- linux-3.10.61.orig/net/ipv6/udp.c |
601 |
+++ linux-3.10.60/net/ipv6/udp.c |
+++ linux-3.10.61/net/ipv6/udp.c |
602 |
@@ -384,6 +384,10 @@ try_again: |
@@ -384,6 +384,10 @@ try_again: |
603 |
&peeked, &off, &err); |
&peeked, &off, &err); |
604 |
if (!skb) |
if (!skb) |
610 |
|
|
611 |
ulen = skb->len - sizeof(struct udphdr); |
ulen = skb->len - sizeof(struct udphdr); |
612 |
copied = len; |
copied = len; |
613 |
--- linux-3.10.60.orig/net/socket.c |
--- linux-3.10.61.orig/net/socket.c |
614 |
+++ linux-3.10.60/net/socket.c |
+++ linux-3.10.61/net/socket.c |
615 |
@@ -1611,6 +1611,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct |
@@ -1611,6 +1611,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct |
616 |
if (err < 0) |
if (err < 0) |
617 |
goto out_fd; |
goto out_fd; |
623 |
if (upeer_sockaddr) { |
if (upeer_sockaddr) { |
624 |
if (newsock->ops->getname(newsock, (struct sockaddr *)&address, |
if (newsock->ops->getname(newsock, (struct sockaddr *)&address, |
625 |
&len, 2) < 0) { |
&len, 2) < 0) { |
626 |
--- linux-3.10.60.orig/net/unix/af_unix.c |
--- linux-3.10.61.orig/net/unix/af_unix.c |
627 |
+++ linux-3.10.60/net/unix/af_unix.c |
+++ linux-3.10.61/net/unix/af_unix.c |
628 |
@@ -1816,6 +1816,10 @@ static int unix_dgram_recvmsg(struct kio |
@@ -1816,6 +1816,10 @@ static int unix_dgram_recvmsg(struct kio |
629 |
wake_up_interruptible_sync_poll(&u->peer_wait, |
wake_up_interruptible_sync_poll(&u->peer_wait, |
630 |
POLLOUT | POLLWRNORM | POLLWRBAND); |
POLLOUT | POLLWRNORM | POLLWRBAND); |
636 |
if (msg->msg_name) |
if (msg->msg_name) |
637 |
unix_copy_addr(msg, skb->sk); |
unix_copy_addr(msg, skb->sk); |
638 |
|
|
639 |
--- linux-3.10.60.orig/security/Kconfig |
--- linux-3.10.61.orig/security/Kconfig |
640 |
+++ linux-3.10.60/security/Kconfig |
+++ linux-3.10.61/security/Kconfig |
641 |
@@ -167,5 +167,7 @@ config DEFAULT_SECURITY |
@@ -167,5 +167,7 @@ config DEFAULT_SECURITY |
642 |
default "yama" if DEFAULT_SECURITY_YAMA |
default "yama" if DEFAULT_SECURITY_YAMA |
643 |
default "" if DEFAULT_SECURITY_DAC |
default "" if DEFAULT_SECURITY_DAC |
646 |
+ |
+ |
647 |
endmenu |
endmenu |
648 |
|
|
649 |
--- linux-3.10.60.orig/security/Makefile |
--- linux-3.10.61.orig/security/Makefile |
650 |
+++ linux-3.10.60/security/Makefile |
+++ linux-3.10.61/security/Makefile |
651 |
@@ -28,3 +28,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c |
@@ -28,3 +28,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c |
652 |
# Object integrity file lists |
# Object integrity file lists |
653 |
subdir-$(CONFIG_INTEGRITY) += integrity |
subdir-$(CONFIG_INTEGRITY) += integrity |
655 |
+ |
+ |
656 |
+subdir-$(CONFIG_CCSECURITY) += ccsecurity |
+subdir-$(CONFIG_CCSECURITY) += ccsecurity |
657 |
+obj-$(CONFIG_CCSECURITY) += ccsecurity/built-in.o |
+obj-$(CONFIG_CCSECURITY) += ccsecurity/built-in.o |
658 |
--- linux-3.10.60.orig/security/security.c |
--- linux-3.10.61.orig/security/security.c |
659 |
+++ linux-3.10.60/security/security.c |
+++ linux-3.10.61/security/security.c |
660 |
@@ -202,7 +202,10 @@ int security_syslog(int type) |
@@ -202,7 +202,10 @@ int security_syslog(int type) |
661 |
|
|
662 |
int security_settime(const struct timespec *ts, const struct timezone *tz) |
int security_settime(const struct timespec *ts, const struct timezone *tz) |