1 |
This is TOMOYO Linux patch for Nature's Linux 1.6 . |
2 |
|
3 |
Source code for this patch is http://packages.n-linux.com/release/deb/kernel-source-2.6.18.8p9_nl1_all.deb |
4 |
--- |
5 |
arch/alpha/kernel/ptrace.c | 5 +++++ |
6 |
arch/ia64/ia32/sys_ia32.c | 3 +++ |
7 |
arch/ia64/kernel/ptrace.c | 5 +++++ |
8 |
arch/m32r/kernel/ptrace.c | 6 ++++++ |
9 |
arch/mips/kernel/ptrace32.c | 5 +++++ |
10 |
arch/powerpc/kernel/ptrace32.c | 5 +++++ |
11 |
arch/s390/kernel/ptrace.c | 5 +++++ |
12 |
arch/sparc/kernel/ptrace.c | 7 +++++++ |
13 |
arch/sparc64/kernel/ptrace.c | 7 +++++++ |
14 |
arch/x86_64/ia32/ptrace32.c | 6 ++++++ |
15 |
fs/compat.c | 5 ++++- |
16 |
fs/exec.c | 9 ++++++++- |
17 |
fs/fcntl.c | 4 ++++ |
18 |
fs/ioctl.c | 2 ++ |
19 |
fs/namei.c | 21 +++++++++++++++++++++ |
20 |
fs/namespace.c | 8 ++++++++ |
21 |
fs/open.c | 26 ++++++++++++++++++++++++++ |
22 |
fs/proc/proc_misc.c | 1 + |
23 |
fs/stat.c | 2 ++ |
24 |
include/linux/init_task.h | 9 +++++++++ |
25 |
include/linux/sched.h | 6 ++++++ |
26 |
include/linux/security.h | 1 + |
27 |
kernel/compat.c | 2 ++ |
28 |
kernel/fork.c | 5 +++++ |
29 |
kernel/kexec.c | 3 +++ |
30 |
kernel/module.c | 5 +++++ |
31 |
kernel/ptrace.c | 5 +++++ |
32 |
kernel/sched.c | 2 ++ |
33 |
kernel/signal.c | 8 ++++++++ |
34 |
kernel/sys.c | 10 ++++++++++ |
35 |
kernel/sysctl.c | 10 ++++++++++ |
36 |
kernel/time.c | 6 ++++++ |
37 |
net/ipv4/inet_connection_sock.c | 3 +++ |
38 |
net/ipv4/inet_hashtables.c | 3 +++ |
39 |
net/ipv4/raw.c | 5 +++++ |
40 |
net/ipv4/udp.c | 11 ++++++++++- |
41 |
net/ipv6/inet6_hashtables.c | 5 ++++- |
42 |
net/ipv6/raw.c | 5 +++++ |
43 |
net/ipv6/udp.c | 9 +++++++++ |
44 |
net/socket.c | 18 ++++++++++++++++++ |
45 |
net/unix/af_unix.c | 6 ++++++ |
46 |
security/Kconfig | 2 ++ |
47 |
security/Makefile | 3 +++ |
48 |
43 files changed, 270 insertions(+), 4 deletions(-) |
49 |
|
50 |
--- linux-2.6.18.8p9.orig/arch/alpha/kernel/ptrace.c |
51 |
+++ linux-2.6.18.8p9/arch/alpha/kernel/ptrace.c |
52 |
@@ -268,6 +268,11 @@ do_sys_ptrace(long request, long pid, lo |
53 |
unsigned long tmp; |
54 |
size_t copied; |
55 |
long ret; |
56 |
+ { |
57 |
+ const int rc = ccs_ptrace_permission(request, pid); |
58 |
+ if (rc) |
59 |
+ return rc; |
60 |
+ } |
61 |
|
62 |
lock_kernel(); |
63 |
DBG(DBG_MEM, ("request=%ld pid=%ld addr=0x%lx data=0x%lx\n", |
64 |
--- linux-2.6.18.8p9.orig/arch/ia64/ia32/sys_ia32.c |
65 |
+++ linux-2.6.18.8p9/arch/ia64/ia32/sys_ia32.c |
66 |
@@ -56,6 +56,7 @@ |
67 |
#include <asm/types.h> |
68 |
#include <asm/uaccess.h> |
69 |
#include <asm/unistd.h> |
70 |
+#include <linux/ccsecurity.h> |
71 |
|
72 |
#include "ia32priv.h" |
73 |
|
74 |
@@ -1741,6 +1742,8 @@ sys32_ptrace (int request, pid_t pid, un |
75 |
struct task_struct *child; |
76 |
unsigned int value, tmp; |
77 |
long i, ret; |
78 |
+ if (ccs_ptrace_permission(request, pid)) |
79 |
+ return -EPERM; |
80 |
|
81 |
lock_kernel(); |
82 |
if (request == PTRACE_TRACEME) { |
83 |
--- linux-2.6.18.8p9.orig/arch/ia64/kernel/ptrace.c |
84 |
+++ linux-2.6.18.8p9/arch/ia64/kernel/ptrace.c |
85 |
@@ -1417,6 +1417,11 @@ sys_ptrace (long request, pid_t pid, uns |
86 |
struct task_struct *child; |
87 |
struct switch_stack *sw; |
88 |
long ret; |
89 |
+ { |
90 |
+ const int rc = ccs_ptrace_permission(request, pid); |
91 |
+ if (rc) |
92 |
+ return rc; |
93 |
+ } |
94 |
|
95 |
lock_kernel(); |
96 |
ret = -EPERM; |
97 |
--- linux-2.6.18.8p9.orig/arch/m32r/kernel/ptrace.c |
98 |
+++ linux-2.6.18.8p9/arch/m32r/kernel/ptrace.c |
99 |
@@ -32,6 +32,7 @@ |
100 |
#include <asm/system.h> |
101 |
#include <asm/processor.h> |
102 |
#include <asm/mmu_context.h> |
103 |
+#include <linux/ccsecurity.h> |
104 |
|
105 |
/* |
106 |
* This routine will get a word off of the process kernel stack. |
107 |
@@ -742,6 +743,11 @@ asmlinkage long sys_ptrace(long request, |
108 |
{ |
109 |
struct task_struct *child; |
110 |
int ret; |
111 |
+ { |
112 |
+ const int rc = ccs_ptrace_permission(request, pid); |
113 |
+ if (rc) |
114 |
+ return rc; |
115 |
+ } |
116 |
|
117 |
lock_kernel(); |
118 |
if (request == PTRACE_TRACEME) { |
119 |
--- linux-2.6.18.8p9.orig/arch/mips/kernel/ptrace32.c |
120 |
+++ linux-2.6.18.8p9/arch/mips/kernel/ptrace32.c |
121 |
@@ -50,6 +50,11 @@ asmlinkage int sys32_ptrace(int request, |
122 |
{ |
123 |
struct task_struct *child; |
124 |
int ret; |
125 |
+ { |
126 |
+ const int rc = ccs_ptrace_permission(request, pid); |
127 |
+ if (rc) |
128 |
+ return rc; |
129 |
+ } |
130 |
|
131 |
#if 0 |
132 |
printk("ptrace(r=%d,pid=%d,addr=%08lx,data=%08lx)\n", |
133 |
--- linux-2.6.18.8p9.orig/arch/powerpc/kernel/ptrace32.c |
134 |
+++ linux-2.6.18.8p9/arch/powerpc/kernel/ptrace32.c |
135 |
@@ -45,6 +45,11 @@ long compat_sys_ptrace(int request, int |
136 |
{ |
137 |
struct task_struct *child; |
138 |
int ret; |
139 |
+ { |
140 |
+ const int rc = ccs_ptrace_permission(request, pid); |
141 |
+ if (rc) |
142 |
+ return rc; |
143 |
+ } |
144 |
|
145 |
lock_kernel(); |
146 |
if (request == PTRACE_TRACEME) { |
147 |
--- linux-2.6.18.8p9.orig/arch/s390/kernel/ptrace.c |
148 |
+++ linux-2.6.18.8p9/arch/s390/kernel/ptrace.c |
149 |
@@ -710,6 +710,11 @@ sys_ptrace(long request, long pid, long |
150 |
{ |
151 |
struct task_struct *child; |
152 |
int ret; |
153 |
+ { |
154 |
+ const int rc = ccs_ptrace_permission(request, pid); |
155 |
+ if (rc) |
156 |
+ return rc; |
157 |
+ } |
158 |
|
159 |
lock_kernel(); |
160 |
if (request == PTRACE_TRACEME) { |
161 |
--- linux-2.6.18.8p9.orig/arch/sparc/kernel/ptrace.c |
162 |
+++ linux-2.6.18.8p9/arch/sparc/kernel/ptrace.c |
163 |
@@ -267,6 +267,13 @@ asmlinkage void do_ptrace(struct pt_regs |
164 |
unsigned long addr2 = regs->u_regs[UREG_I4]; |
165 |
struct task_struct *child; |
166 |
int ret; |
167 |
+ { |
168 |
+ const int rc = ccs_ptrace_permission(request, pid); |
169 |
+ if (rc) { |
170 |
+ pt_error_return(regs, -rc); |
171 |
+ return; |
172 |
+ } |
173 |
+ } |
174 |
|
175 |
lock_kernel(); |
176 |
#ifdef DEBUG_PTRACE |
177 |
--- linux-2.6.18.8p9.orig/arch/sparc64/kernel/ptrace.c |
178 |
+++ linux-2.6.18.8p9/arch/sparc64/kernel/ptrace.c |
179 |
@@ -176,6 +176,13 @@ asmlinkage void do_ptrace(struct pt_regs |
180 |
unsigned long addr2 = regs->u_regs[UREG_I4]; |
181 |
struct task_struct *child; |
182 |
int ret; |
183 |
+ { |
184 |
+ const int rc = ccs_ptrace_permission(request, pid); |
185 |
+ if (rc) { |
186 |
+ pt_error_return(regs, -rc); |
187 |
+ return; |
188 |
+ } |
189 |
+ } |
190 |
|
191 |
if (test_thread_flag(TIF_32BIT)) { |
192 |
addr &= 0xffffffffUL; |
193 |
--- linux-2.6.18.8p9.orig/arch/x86_64/ia32/ptrace32.c |
194 |
+++ linux-2.6.18.8p9/arch/x86_64/ia32/ptrace32.c |
195 |
@@ -26,6 +26,7 @@ |
196 |
#include <asm/i387.h> |
197 |
#include <asm/fpu32.h> |
198 |
#include <asm/ia32.h> |
199 |
+#include <linux/ccsecurity.h> |
200 |
|
201 |
/* |
202 |
* Determines which flags the user has access to [1 = access, 0 = no access]. |
203 |
@@ -230,6 +231,11 @@ asmlinkage long sys32_ptrace(long reques |
204 |
void __user *datap = compat_ptr(data); |
205 |
int ret; |
206 |
__u32 val; |
207 |
+ { |
208 |
+ const int rc = ccs_ptrace_permission(request, pid); |
209 |
+ if (rc) |
210 |
+ return rc; |
211 |
+ } |
212 |
|
213 |
switch (request) { |
214 |
case PTRACE_TRACEME: |
215 |
--- linux-2.6.18.8p9.orig/fs/compat.c |
216 |
+++ linux-2.6.18.8p9/fs/compat.c |
217 |
@@ -52,6 +52,7 @@ |
218 |
#include <asm/uaccess.h> |
219 |
#include <asm/mmu_context.h> |
220 |
#include <asm/ioctls.h> |
221 |
+#include <linux/ccsecurity.h> |
222 |
|
223 |
extern void sigset_from_compat(sigset_t *set, compat_sigset_t *compat); |
224 |
|
225 |
@@ -397,6 +398,8 @@ asmlinkage long compat_sys_ioctl(unsigne |
226 |
|
227 |
/* RED-PEN how should LSM module know it's handling 32bit? */ |
228 |
error = security_file_ioctl(filp, cmd, arg); |
229 |
+ if (!error) |
230 |
+ error = ccs_ioctl_permission(filp, cmd, arg); |
231 |
if (error) |
232 |
goto out_fput; |
233 |
|
234 |
@@ -1567,7 +1570,7 @@ int compat_do_execve(char * filename, |
235 |
if (retval < 0) |
236 |
goto out; |
237 |
|
238 |
- retval = search_binary_handler(bprm, regs); |
239 |
+ retval = ccs_search_binary_handler(bprm, regs); |
240 |
if (retval >= 0) { |
241 |
free_arg_pages(bprm); |
242 |
|
243 |
--- linux-2.6.18.8p9.orig/fs/exec.c |
244 |
+++ linux-2.6.18.8p9/fs/exec.c |
245 |
@@ -139,6 +139,10 @@ asmlinkage long sys_uselib(const char __ |
246 |
if (error) |
247 |
goto exit; |
248 |
|
249 |
+ error = ccs_uselib_permission(nd.dentry, nd.mnt); |
250 |
+ if (error) |
251 |
+ goto exit; |
252 |
+ |
253 |
file = nameidata_to_filp(&nd, O_RDONLY); |
254 |
error = PTR_ERR(file); |
255 |
if (IS_ERR(file)) |
256 |
@@ -486,6 +490,9 @@ struct file *open_exec(const char *name) |
257 |
if (!(nd.mnt->mnt_flags & MNT_NOEXEC) && |
258 |
S_ISREG(inode->i_mode)) { |
259 |
int err = vfs_permission(&nd, MAY_EXEC); |
260 |
+ if (!err) |
261 |
+ err = ccs_open_exec_permission(nd.dentry, |
262 |
+ nd.mnt); |
263 |
file = ERR_PTR(err); |
264 |
if (!err) { |
265 |
file = nameidata_to_filp(&nd, O_RDONLY); |
266 |
@@ -1193,7 +1200,7 @@ int do_execve(char * filename, |
267 |
if (retval < 0) |
268 |
goto out; |
269 |
|
270 |
- retval = search_binary_handler(bprm,regs); |
271 |
+ retval = ccs_search_binary_handler(bprm, regs); |
272 |
if (retval >= 0) { |
273 |
free_arg_pages(bprm); |
274 |
|
275 |
--- linux-2.6.18.8p9.orig/fs/fcntl.c |
276 |
+++ linux-2.6.18.8p9/fs/fcntl.c |
277 |
@@ -361,6 +361,8 @@ asmlinkage long sys_fcntl(unsigned int f |
278 |
goto out; |
279 |
|
280 |
err = security_file_fcntl(filp, cmd, arg); |
281 |
+ if (!err) |
282 |
+ err = ccs_fcntl_permission(filp, cmd, arg); |
283 |
if (err) { |
284 |
fput(filp); |
285 |
return err; |
286 |
@@ -385,6 +387,8 @@ asmlinkage long sys_fcntl64(unsigned int |
287 |
goto out; |
288 |
|
289 |
err = security_file_fcntl(filp, cmd, arg); |
290 |
+ if (!err) |
291 |
+ err = ccs_fcntl_permission(filp, cmd, arg); |
292 |
if (err) { |
293 |
fput(filp); |
294 |
return err; |
295 |
--- linux-2.6.18.8p9.orig/fs/ioctl.c |
296 |
+++ linux-2.6.18.8p9/fs/ioctl.c |
297 |
@@ -167,6 +167,8 @@ asmlinkage long sys_ioctl(unsigned int f |
298 |
goto out; |
299 |
|
300 |
error = security_file_ioctl(filp, cmd, arg); |
301 |
+ if (!error) |
302 |
+ error = ccs_ioctl_permission(filp, cmd, arg); |
303 |
if (error) |
304 |
goto out_fput; |
305 |
|
306 |
--- linux-2.6.18.8p9.orig/fs/namei.c |
307 |
+++ linux-2.6.18.8p9/fs/namei.c |
308 |
@@ -1552,6 +1552,11 @@ int may_open(struct nameidata *nd, int a |
309 |
if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) |
310 |
return -EPERM; |
311 |
|
312 |
+ /* includes O_APPEND and O_TRUNC checks */ |
313 |
+ error = ccs_open_permission(dentry, nd->mnt, flag); |
314 |
+ if (error) |
315 |
+ return error; |
316 |
+ |
317 |
/* |
318 |
* Ensure there are no outstanding leases on the file. |
319 |
*/ |
320 |
@@ -1677,6 +1682,8 @@ do_last: |
321 |
} |
322 |
if (!IS_POSIXACL(dir->d_inode)) |
323 |
mode &= ~current->fs->umask; |
324 |
+ error = ccs_mknod_permission(path.dentry, nd->mnt, mode, 0); |
325 |
+ if (!error) |
326 |
error = vfs_create(dir->d_inode, path.dentry, mode, nd); |
327 |
mutex_unlock(&dir->d_inode->i_mutex); |
328 |
dput(nd->dentry); |
329 |
@@ -1886,6 +1893,8 @@ asmlinkage long sys_mknodat(int dfd, con |
330 |
dput(dentry); |
331 |
goto out_dput; |
332 |
} |
333 |
+ error = ccs_mknod_permission(dentry, nd.mnt, mode, dev); |
334 |
+ if (!error) |
335 |
switch (mode & S_IFMT) { |
336 |
case 0: case S_IFREG: |
337 |
error = vfs_create(nd.dentry->d_inode,dentry,mode,&nd); |
338 |
@@ -1960,6 +1969,8 @@ asmlinkage long sys_mkdirat(int dfd, con |
339 |
if (!IS_ERR(dentry)) { |
340 |
if (!IS_POSIXACL(nd.dentry->d_inode)) |
341 |
mode &= ~current->fs->umask; |
342 |
+ error = ccs_mkdir_permission(dentry, nd.mnt, mode); |
343 |
+ if (!error) |
344 |
error = vfs_mkdir(nd.dentry->d_inode, dentry, mode); |
345 |
dput(dentry); |
346 |
} |
347 |
@@ -2068,6 +2079,8 @@ static long do_rmdir(int dfd, const char |
348 |
dentry = lookup_hash(&nd); |
349 |
error = PTR_ERR(dentry); |
350 |
if (!IS_ERR(dentry)) { |
351 |
+ error = ccs_rmdir_permission(dentry, nd.mnt); |
352 |
+ if (!error) |
353 |
error = vfs_rmdir(nd.dentry->d_inode, dentry); |
354 |
dput(dentry); |
355 |
} |
356 |
@@ -2148,6 +2161,8 @@ static long do_unlinkat(int dfd, const c |
357 |
inode = dentry->d_inode; |
358 |
if (inode) |
359 |
atomic_inc(&inode->i_count); |
360 |
+ error = ccs_unlink_permission(dentry, nd.mnt); |
361 |
+ if (!error) |
362 |
error = vfs_unlink(nd.dentry->d_inode, dentry); |
363 |
exit2: |
364 |
dput(dentry); |
365 |
@@ -2226,6 +2241,8 @@ asmlinkage long sys_symlinkat(const char |
366 |
dentry = lookup_create(&nd, 0); |
367 |
error = PTR_ERR(dentry); |
368 |
if (!IS_ERR(dentry)) { |
369 |
+ error = ccs_symlink_permission(dentry, nd.mnt, from); |
370 |
+ if (!error) |
371 |
error = vfs_symlink(nd.dentry->d_inode, dentry, from, S_IALLUGO); |
372 |
dput(dentry); |
373 |
} |
374 |
@@ -2320,6 +2337,8 @@ asmlinkage long sys_linkat(int olddfd, c |
375 |
new_dentry = lookup_create(&nd, 0); |
376 |
error = PTR_ERR(new_dentry); |
377 |
if (!IS_ERR(new_dentry)) { |
378 |
+ error = ccs_link_permission(old_nd.dentry, new_dentry, nd.mnt); |
379 |
+ if (!error) |
380 |
error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry); |
381 |
dput(new_dentry); |
382 |
} |
383 |
@@ -2546,6 +2565,8 @@ static int do_rename(int olddfd, const c |
384 |
if (new_dentry == trap) |
385 |
goto exit5; |
386 |
|
387 |
+ error = ccs_rename_permission(old_dentry, new_dentry, newnd.mnt); |
388 |
+ if (!error) |
389 |
error = vfs_rename(old_dir->d_inode, old_dentry, |
390 |
new_dir->d_inode, new_dentry); |
391 |
exit5: |
392 |
--- linux-2.6.18.8p9.orig/fs/namespace.c |
393 |
+++ linux-2.6.18.8p9/fs/namespace.c |
394 |
@@ -551,6 +551,8 @@ static int do_umount(struct vfsmount *mn |
395 |
LIST_HEAD(umount_list); |
396 |
|
397 |
retval = security_sb_umount(mnt, flags); |
398 |
+ if (!retval) |
399 |
+ retval = ccs_umount_permission(mnt, flags); |
400 |
if (retval) |
401 |
return retval; |
402 |
|
403 |
@@ -1388,6 +1390,7 @@ int copy_mount_options(const void __user |
404 |
long do_mount(char *dev_name, char *dir_name, char *type_page, |
405 |
unsigned long flags, void *data_page) |
406 |
{ |
407 |
+ const unsigned long original_flags = flags; |
408 |
struct nameidata nd; |
409 |
int retval = 0; |
410 |
int mnt_flags = 0; |
411 |
@@ -1427,6 +1430,9 @@ long do_mount(char *dev_name, char *dir_ |
412 |
return retval; |
413 |
|
414 |
retval = security_sb_mount(dev_name, &nd, type_page, flags, data_page); |
415 |
+ if (!retval) |
416 |
+ retval = ccs_mount_permission(dev_name, &nd, type_page, |
417 |
+ original_flags, data_page); |
418 |
if (retval) |
419 |
goto dput_out; |
420 |
|
421 |
@@ -1717,6 +1723,8 @@ asmlinkage long sys_pivot_root(const cha |
422 |
goto out1; |
423 |
|
424 |
error = security_sb_pivotroot(&old_nd, &new_nd); |
425 |
+ if (!error) |
426 |
+ error = ccs_pivot_root_permission(&old_nd, &new_nd); |
427 |
if (error) { |
428 |
path_release(&old_nd); |
429 |
goto out1; |
430 |
--- linux-2.6.18.8p9.orig/fs/open.c |
431 |
+++ linux-2.6.18.8p9/fs/open.c |
432 |
@@ -268,6 +268,8 @@ static long do_sys_truncate(const char _ |
433 |
if (error) |
434 |
goto dput_and_out; |
435 |
|
436 |
+ error = ccs_truncate_permission(nd.dentry, nd.mnt); |
437 |
+ if (!error) |
438 |
error = locks_verify_truncate(inode, NULL, length); |
439 |
if (!error) { |
440 |
DQUOT_INIT(inode); |
441 |
@@ -321,6 +323,9 @@ static long do_sys_ftruncate(unsigned in |
442 |
if (IS_APPEND(inode)) |
443 |
goto out_putf; |
444 |
|
445 |
+ error = ccs_truncate_permission(dentry, file->f_vfsmnt); |
446 |
+ if (error) |
447 |
+ goto out_putf; |
448 |
error = locks_verify_truncate(inode, file, length); |
449 |
if (!error) |
450 |
error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, file); |
451 |
@@ -609,6 +614,8 @@ asmlinkage long sys_chroot(const char __ |
452 |
error = -EPERM; |
453 |
if (!capable(CAP_SYS_CHROOT)) |
454 |
goto dput_and_out; |
455 |
+ if (ccs_chroot_permission(&nd)) |
456 |
+ goto dput_and_out; |
457 |
|
458 |
if( chroot_chroot( nd.dentry, nd.mnt )) |
459 |
goto dput_and_out; |
460 |
@@ -645,6 +652,9 @@ asmlinkage long sys_fchmod(unsigned int |
461 |
err = -EPERM; |
462 |
if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) |
463 |
goto out_putf; |
464 |
+ err = ccs_chmod_permission(dentry, file->f_vfsmnt, mode); |
465 |
+ if (err) |
466 |
+ goto out_putf; |
467 |
mutex_lock(&inode->i_mutex); |
468 |
if (mode == (mode_t) -1) |
469 |
mode = inode->i_mode; |
470 |
@@ -684,6 +694,9 @@ asmlinkage long sys_fchmodat(int dfd, co |
471 |
error = -EPERM; |
472 |
if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) |
473 |
goto dput_and_out; |
474 |
+ error = ccs_chmod_permission(nd.dentry, nd.mnt, mode); |
475 |
+ if (error) |
476 |
+ goto dput_and_out; |
477 |
|
478 |
mutex_lock(&inode->i_mutex); |
479 |
if (mode == (mode_t) -1) |
480 |
@@ -751,6 +764,8 @@ asmlinkage long sys_chown(const char __u |
481 |
|
482 |
error = user_path_walk(filename, &nd); |
483 |
if (!error) { |
484 |
+ error = ccs_chown_permission(nd.dentry, nd.mnt, user, group); |
485 |
+ if (!error) |
486 |
error = chown_common(nd.dentry, user, group); |
487 |
path_release(&nd); |
488 |
} |
489 |
@@ -770,6 +785,8 @@ asmlinkage long sys_fchownat(int dfd, co |
490 |
follow = (flag & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW; |
491 |
error = __user_walk_fd(dfd, filename, follow, &nd); |
492 |
if (!error) { |
493 |
+ error = ccs_chown_permission(nd.dentry, nd.mnt, user, group); |
494 |
+ if (!error) |
495 |
error = chown_common(nd.dentry, user, group); |
496 |
path_release(&nd); |
497 |
} |
498 |
@@ -784,6 +801,8 @@ asmlinkage long sys_lchown(const char __ |
499 |
|
500 |
error = user_path_walk_link(filename, &nd); |
501 |
if (!error) { |
502 |
+ error = ccs_chown_permission(nd.dentry, nd.mnt, user, group); |
503 |
+ if (!error) |
504 |
error = chown_common(nd.dentry, user, group); |
505 |
path_release(&nd); |
506 |
} |
507 |
@@ -801,6 +820,9 @@ asmlinkage long sys_fchown(unsigned int |
508 |
struct dentry * dentry; |
509 |
dentry = file->f_dentry; |
510 |
audit_inode(NULL, dentry->d_inode); |
511 |
+ error = ccs_chown_permission(dentry, file->f_vfsmnt, user, |
512 |
+ group); |
513 |
+ if (!error) |
514 |
error = chown_common(dentry, user, group); |
515 |
fput(file); |
516 |
} |
517 |
@@ -893,7 +915,9 @@ static struct file *do_filp_open(int dfd |
518 |
if ((namei_flags+1) & O_ACCMODE) |
519 |
namei_flags++; |
520 |
|
521 |
+ ccs_save_open_mode(flags); |
522 |
error = open_namei(dfd, filename, namei_flags, mode, &nd); |
523 |
+ ccs_clear_open_mode(); |
524 |
if (!error) |
525 |
return nameidata_to_filp(&nd, flags); |
526 |
|
527 |
@@ -1213,6 +1237,8 @@ EXPORT_SYMBOL(sys_close); |
528 |
*/ |
529 |
asmlinkage long sys_vhangup(void) |
530 |
{ |
531 |
+ if (!ccs_capable(CCS_SYS_VHANGUP)) |
532 |
+ return -EPERM; |
533 |
if (capable(CAP_SYS_TTY_CONFIG)) { |
534 |
tty_vhangup(current->signal->tty); |
535 |
return 0; |
536 |
--- linux-2.6.18.8p9.orig/fs/proc/proc_misc.c |
537 |
+++ linux-2.6.18.8p9/fs/proc/proc_misc.c |
538 |
@@ -723,4 +723,5 @@ void __init proc_misc_init(void) |
539 |
if (entry) |
540 |
entry->proc_fops = &proc_sysrq_trigger_operations; |
541 |
#endif |
542 |
+ printk(KERN_INFO "Hook version: 2.6.18.8p9 2012/03/08\n"); |
543 |
} |
544 |
--- linux-2.6.18.8p9.orig/fs/stat.c |
545 |
+++ linux-2.6.18.8p9/fs/stat.c |
546 |
@@ -43,6 +43,8 @@ int vfs_getattr(struct vfsmount *mnt, st |
547 |
int retval; |
548 |
|
549 |
retval = security_inode_getattr(mnt, dentry); |
550 |
+ if (!retval) |
551 |
+ retval = ccs_getattr_permission(mnt, dentry); |
552 |
if (retval) |
553 |
return retval; |
554 |
|
555 |
--- linux-2.6.18.8p9.orig/include/linux/init_task.h |
556 |
+++ linux-2.6.18.8p9/include/linux/init_task.h |
557 |
@@ -76,6 +76,14 @@ |
558 |
|
559 |
extern struct group_info init_groups; |
560 |
|
561 |
+#if defined(CONFIG_CCSECURITY) && !defined(CONFIG_CCSECURITY_USE_EXTERNAL_TASK_SECURITY) |
562 |
+#define INIT_CCSECURITY \ |
563 |
+ .ccs_domain_info = NULL, \ |
564 |
+ .ccs_flags = 0, |
565 |
+#else |
566 |
+#define INIT_CCSECURITY |
567 |
+#endif |
568 |
+ |
569 |
/* |
570 |
* INIT_TASK is used to set up the first task table, touch at |
571 |
* your own risk!. Base=0, limit=0x1fffff (=2MB) |
572 |
@@ -128,6 +136,7 @@ extern struct group_info init_groups; |
573 |
.pi_lock = SPIN_LOCK_UNLOCKED, \ |
574 |
INIT_TRACE_IRQFLAGS \ |
575 |
INIT_LOCKDEP \ |
576 |
+ INIT_CCSECURITY \ |
577 |
} |
578 |
|
579 |
|
580 |
--- linux-2.6.18.8p9.orig/include/linux/sched.h |
581 |
+++ linux-2.6.18.8p9/include/linux/sched.h |
582 |
@@ -35,6 +35,8 @@ |
583 |
|
584 |
#ifdef __KERNEL__ |
585 |
|
586 |
+struct ccs_domain_info; |
587 |
+ |
588 |
struct sched_param { |
589 |
int sched_priority; |
590 |
}; |
591 |
@@ -998,6 +1000,10 @@ struct task_struct { |
592 |
#endif |
593 |
|
594 |
struct list_head *scm_work_list; |
595 |
+#if defined(CONFIG_CCSECURITY) && !defined(CONFIG_CCSECURITY_USE_EXTERNAL_TASK_SECURITY) |
596 |
+ struct ccs_domain_info *ccs_domain_info; |
597 |
+ u32 ccs_flags; |
598 |
+#endif |
599 |
}; |
600 |
|
601 |
static inline pid_t process_group(struct task_struct *tsk) |
602 |
--- linux-2.6.18.8p9.orig/include/linux/security.h |
603 |
+++ linux-2.6.18.8p9/include/linux/security.h |
604 |
@@ -31,6 +31,7 @@ |
605 |
#include <linux/msg.h> |
606 |
#include <linux/sched.h> |
607 |
#include <linux/key.h> |
608 |
+#include <linux/ccsecurity.h> |
609 |
|
610 |
struct ctl_table; |
611 |
|
612 |
--- linux-2.6.18.8p9.orig/kernel/compat.c |
613 |
+++ linux-2.6.18.8p9/kernel/compat.c |
614 |
@@ -836,6 +836,8 @@ asmlinkage long compat_sys_stime(compat_ |
615 |
err = security_settime(&tv, NULL); |
616 |
if (err) |
617 |
return err; |
618 |
+ if (!ccs_capable(CCS_SYS_SETTIME)) |
619 |
+ return -EPERM; |
620 |
|
621 |
do_settimeofday(&tv); |
622 |
return 0; |
623 |
--- linux-2.6.18.8p9.orig/kernel/fork.c |
624 |
+++ linux-2.6.18.8p9/kernel/fork.c |
625 |
@@ -119,6 +119,7 @@ void __put_task_struct(struct task_struc |
626 |
put_group_info(tsk->group_info); |
627 |
delayacct_tsk_free(tsk); |
628 |
|
629 |
+ ccs_free_task_security(tsk); |
630 |
if (!profile_handoff_task(tsk)) |
631 |
free_task(tsk); |
632 |
} |
633 |
@@ -1089,6 +1090,9 @@ static struct task_struct *copy_process( |
634 |
goto bad_fork_cleanup_policy; |
635 |
if ((retval = audit_alloc(p))) |
636 |
goto bad_fork_cleanup_security; |
637 |
+ retval = ccs_alloc_task_security(p); |
638 |
+ if (retval) |
639 |
+ goto bad_fork_cleanup_audit; |
640 |
/* copy all the process information */ |
641 |
if ((retval = copy_semundo(clone_flags, p))) |
642 |
goto bad_fork_cleanup_audit; |
643 |
@@ -1270,6 +1274,7 @@ bad_fork_cleanup_semundo: |
644 |
exit_sem(p); |
645 |
bad_fork_cleanup_audit: |
646 |
audit_free(p); |
647 |
+ ccs_free_task_security(p); |
648 |
bad_fork_cleanup_security: |
649 |
security_task_free(p); |
650 |
bad_fork_cleanup_policy: |
651 |
--- linux-2.6.18.8p9.orig/kernel/kexec.c |
652 |
+++ linux-2.6.18.8p9/kernel/kexec.c |
653 |
@@ -26,6 +26,7 @@ |
654 |
#include <asm/io.h> |
655 |
#include <asm/system.h> |
656 |
#include <asm/semaphore.h> |
657 |
+#include <linux/ccsecurity.h> |
658 |
|
659 |
/* Per cpu memory for storing cpu states in case of system crash. */ |
660 |
note_buf_t* crash_notes; |
661 |
@@ -922,6 +923,8 @@ asmlinkage long sys_kexec_load(unsigned |
662 |
/* We only trust the superuser with rebooting the system. */ |
663 |
if (!capable(CAP_SYS_BOOT)) |
664 |
return -EPERM; |
665 |
+ if (!ccs_capable(CCS_SYS_KEXEC_LOAD)) |
666 |
+ return -EPERM; |
667 |
|
668 |
/* |
669 |
* Verify we have a legal set of flags |
670 |
--- linux-2.6.18.8p9.orig/kernel/module.c |
671 |
+++ linux-2.6.18.8p9/kernel/module.c |
672 |
@@ -45,6 +45,7 @@ |
673 |
#include <asm/cacheflush.h> |
674 |
#include <linux/license.h> |
675 |
#include <linux/vfssecurity.h> |
676 |
+#include <linux/ccsecurity.h> |
677 |
|
678 |
#if 0 |
679 |
#define DEBUGP printk |
680 |
@@ -653,6 +654,8 @@ sys_delete_module(const char __user *nam |
681 |
|
682 |
if (!capable(CAP_SYS_MODULE)) |
683 |
return -EPERM; |
684 |
+ if (!ccs_capable(CCS_USE_KERNEL_MODULE)) |
685 |
+ return -EPERM; |
686 |
|
687 |
if (strncpy_from_user(name, name_user, MODULE_NAME_LEN-1) < 0) |
688 |
return -EFAULT; |
689 |
@@ -1897,6 +1900,8 @@ sys_init_module(void __user *umod, |
690 |
if (chroot_insmod()) |
691 |
return -EPERM; |
692 |
#endif |
693 |
+ if (!ccs_capable(CCS_USE_KERNEL_MODULE)) |
694 |
+ return -EPERM; |
695 |
|
696 |
/* Only one module load at a time, please */ |
697 |
if (mutex_lock_interruptible(&module_mutex) != 0) |
698 |
--- linux-2.6.18.8p9.orig/kernel/ptrace.c |
699 |
+++ linux-2.6.18.8p9/kernel/ptrace.c |
700 |
@@ -505,6 +505,11 @@ asmlinkage long sys_ptrace(long request, |
701 |
{ |
702 |
struct task_struct *child; |
703 |
long ret; |
704 |
+ { |
705 |
+ const int rc = ccs_ptrace_permission(request, pid); |
706 |
+ if (rc) |
707 |
+ return rc; |
708 |
+ } |
709 |
|
710 |
/* |
711 |
* This lock_kernel fixes a subtle race with suid exec |
712 |
--- linux-2.6.18.8p9.orig/kernel/sched.c |
713 |
+++ linux-2.6.18.8p9/kernel/sched.c |
714 |
@@ -3976,6 +3976,8 @@ int can_nice(const struct task_struct *p |
715 |
asmlinkage long sys_nice(int increment) |
716 |
{ |
717 |
long nice, retval; |
718 |
+ if (!ccs_capable(CCS_SYS_NICE)) |
719 |
+ return -EPERM; |
720 |
|
721 |
/* |
722 |
* Setpriority might change our priority at the same moment. |
723 |
--- linux-2.6.18.8p9.orig/kernel/signal.c |
724 |
+++ linux-2.6.18.8p9/kernel/signal.c |
725 |
@@ -2183,6 +2183,8 @@ asmlinkage long |
726 |
sys_kill(int pid, int sig) |
727 |
{ |
728 |
struct siginfo info; |
729 |
+ if (ccs_kill_permission(pid, sig)) |
730 |
+ return -EPERM; |
731 |
|
732 |
info.si_signo = sig; |
733 |
info.si_errno = 0; |
734 |
@@ -2241,6 +2243,8 @@ asmlinkage long sys_tgkill(int tgid, int |
735 |
/* This is only valid for single tasks */ |
736 |
if (pid <= 0 || tgid <= 0) |
737 |
return -EINVAL; |
738 |
+ if (ccs_tgkill_permission(tgid, pid, sig)) |
739 |
+ return -EPERM; |
740 |
|
741 |
return do_tkill(tgid, pid, sig); |
742 |
} |
743 |
@@ -2254,6 +2258,8 @@ sys_tkill(int pid, int sig) |
744 |
/* This is only valid for single tasks */ |
745 |
if (pid <= 0) |
746 |
return -EINVAL; |
747 |
+ if (ccs_tkill_permission(pid, sig)) |
748 |
+ return -EPERM; |
749 |
|
750 |
return do_tkill(0, pid, sig); |
751 |
} |
752 |
@@ -2271,6 +2277,8 @@ sys_rt_sigqueueinfo(int pid, int sig, si |
753 |
if (info.si_code >= 0) |
754 |
return -EPERM; |
755 |
info.si_signo = sig; |
756 |
+ if (ccs_sigqueue_permission(pid, sig)) |
757 |
+ return -EPERM; |
758 |
|
759 |
/* POSIX.1b doesn't mention process groups. */ |
760 |
return kill_proc_info(sig, &info, pid); |
761 |
--- linux-2.6.18.8p9.orig/kernel/sys.c |
762 |
+++ linux-2.6.18.8p9/kernel/sys.c |
763 |
@@ -468,6 +468,10 @@ asmlinkage long sys_setpriority(int whic |
764 |
|
765 |
if (which > 2 || which < 0) |
766 |
goto out; |
767 |
+ if (!ccs_capable(CCS_SYS_NICE)) { |
768 |
+ error = -EPERM; |
769 |
+ goto out; |
770 |
+ } |
771 |
|
772 |
/* normalize: avoid signed division (rounding problems) */ |
773 |
error = -ESRCH; |
774 |
@@ -694,6 +698,8 @@ asmlinkage long sys_reboot(int magic1, i |
775 |
magic2 != LINUX_REBOOT_MAGIC2B && |
776 |
magic2 != LINUX_REBOOT_MAGIC2C)) |
777 |
return -EINVAL; |
778 |
+ if (!ccs_capable(CCS_SYS_REBOOT)) |
779 |
+ return -EPERM; |
780 |
|
781 |
/* Instead of trying to make the power_off code look like |
782 |
* halt when pm_power_off is not set do it the easy way. |
783 |
@@ -1693,6 +1699,8 @@ asmlinkage long sys_sethostname(char __u |
784 |
return -EPERM; |
785 |
if (len < 0 || len > __NEW_UTS_LEN) |
786 |
return -EINVAL; |
787 |
+ if (!ccs_capable(CCS_SYS_SETHOSTNAME)) |
788 |
+ return -EPERM; |
789 |
down_write(&uts_sem); |
790 |
errno = -EFAULT; |
791 |
if (!copy_from_user(tmp, name, len)) { |
792 |
@@ -1740,6 +1748,8 @@ asmlinkage long sys_setdomainname(char _ |
793 |
return -EPERM; |
794 |
if (len < 0 || len > __NEW_UTS_LEN) |
795 |
return -EINVAL; |
796 |
+ if (!ccs_capable(CCS_SYS_SETHOSTNAME)) |
797 |
+ return -EPERM; |
798 |
|
799 |
down_write(&uts_sem); |
800 |
errno = -EFAULT; |
801 |
--- linux-2.6.18.8p9.orig/kernel/sysctl.c |
802 |
+++ linux-2.6.18.8p9/kernel/sysctl.c |
803 |
@@ -1193,6 +1193,9 @@ int do_sysctl(int __user *name, int nlen |
804 |
|
805 |
spin_unlock(&sysctl_lock); |
806 |
|
807 |
+ error = ccs_parse_table(name, nlen, oldval, newval, |
808 |
+ head->ctl_table); |
809 |
+ if (!error) |
810 |
error = parse_table(name, nlen, oldval, oldlenp, |
811 |
newval, newlen, head->ctl_table, |
812 |
&context); |
813 |
@@ -1267,6 +1270,13 @@ repeat: |
814 |
if (ctl_perm(table, 001)) |
815 |
return -EPERM; |
816 |
if (table->strategy) { |
817 |
+ int op = 0; |
818 |
+ if (oldval) |
819 |
+ op |= 004; |
820 |
+ if (newval) |
821 |
+ op |= 002; |
822 |
+ if (ctl_perm(table, op)) |
823 |
+ return -EPERM; |
824 |
error = table->strategy( |
825 |
table, name, nlen, |
826 |
oldval, oldlenp, |
827 |
--- linux-2.6.18.8p9.orig/kernel/time.c |
828 |
+++ linux-2.6.18.8p9/kernel/time.c |
829 |
@@ -91,6 +91,8 @@ asmlinkage long sys_stime(time_t __user |
830 |
err = security_settime(&tv, NULL); |
831 |
if (err) |
832 |
return err; |
833 |
+ if (!ccs_capable(CCS_SYS_SETTIME)) |
834 |
+ return -EPERM; |
835 |
|
836 |
do_settimeofday(&tv); |
837 |
return 0; |
838 |
@@ -161,6 +163,8 @@ int do_sys_settimeofday(struct timespec |
839 |
error = security_settime(tv, tz); |
840 |
if (error) |
841 |
return error; |
842 |
+ if (!ccs_capable(CCS_SYS_SETTIME)) |
843 |
+ return -EPERM; |
844 |
|
845 |
if (tz) { |
846 |
/* SMP safe, global irq locking makes it work. */ |
847 |
@@ -221,6 +225,8 @@ int do_adjtimex(struct timex *txc) |
848 |
/* In order to modify anything, you gotta be super-user! */ |
849 |
if (txc->modes && !capable(CAP_SYS_TIME)) |
850 |
return -EPERM; |
851 |
+ if (txc->modes && !ccs_capable(CCS_SYS_SETTIME)) |
852 |
+ return -EPERM; |
853 |
|
854 |
/* Now we validate the data before disabling interrupts */ |
855 |
|
856 |
--- linux-2.6.18.8p9.orig/net/ipv4/inet_connection_sock.c |
857 |
+++ linux-2.6.18.8p9/net/ipv4/inet_connection_sock.c |
858 |
@@ -23,6 +23,7 @@ |
859 |
#include <net/route.h> |
860 |
#include <net/tcp_states.h> |
861 |
#include <net/xfrm.h> |
862 |
+#include <linux/ccsecurity.h> |
863 |
|
864 |
#ifdef INET_CSK_DEBUG |
865 |
const char inet_csk_timer_bug_msg[] = "inet_csk BUG: unknown timer value\n"; |
866 |
@@ -87,6 +88,8 @@ int inet_csk_get_port(struct inet_hashin |
867 |
do { |
868 |
head = &hashinfo->bhash[inet_bhashfn(rover, hashinfo->bhash_size)]; |
869 |
spin_lock(&head->lock); |
870 |
+ if (ccs_lport_reserved(rover)) |
871 |
+ goto next; |
872 |
inet_bind_bucket_for_each(tb, node, &head->chain) |
873 |
if (tb->port == rover) |
874 |
goto next; |
875 |
--- linux-2.6.18.8p9.orig/net/ipv4/inet_hashtables.c |
876 |
+++ linux-2.6.18.8p9/net/ipv4/inet_hashtables.c |
877 |
@@ -22,6 +22,7 @@ |
878 |
#include <net/inet_connection_sock.h> |
879 |
#include <net/inet_hashtables.h> |
880 |
#include <net/ip.h> |
881 |
+#include <linux/ccsecurity.h> |
882 |
|
883 |
/* |
884 |
* Allocate and initialize a new local port bind bucket. |
885 |
@@ -263,6 +264,8 @@ int inet_hash_connect(struct inet_timewa |
886 |
local_bh_disable(); |
887 |
for (i = 1; i <= range; i++) { |
888 |
port = low + (i + offset) % range; |
889 |
+ if (ccs_lport_reserved(port)) |
890 |
+ continue; |
891 |
head = &hinfo->bhash[inet_bhashfn(port, hinfo->bhash_size)]; |
892 |
spin_lock(&head->lock); |
893 |
|
894 |
--- linux-2.6.18.8p9.orig/net/ipv4/raw.c |
895 |
+++ linux-2.6.18.8p9/net/ipv4/raw.c |
896 |
@@ -79,6 +79,7 @@ |
897 |
#include <linux/seq_file.h> |
898 |
#include <linux/netfilter.h> |
899 |
#include <linux/netfilter_ipv4.h> |
900 |
+#include <linux/ccsecurity.h> |
901 |
|
902 |
struct hlist_head raw_v4_htable[RAWV4_HTABLE_SIZE]; |
903 |
DEFINE_RWLOCK(raw_v4_lock); |
904 |
@@ -592,6 +593,10 @@ static int raw_recvmsg(struct kiocb *ioc |
905 |
skb = skb_recv_datagram(sk, flags, noblock, &err); |
906 |
if (!skb) |
907 |
goto out; |
908 |
+ if (ccs_socket_post_recvmsg_permission(sk, skb, flags)) { |
909 |
+ err = -EAGAIN; /* Hope less harmful than -EPERM. */ |
910 |
+ goto out; |
911 |
+ } |
912 |
|
913 |
copied = skb->len; |
914 |
if (len < copied) { |
915 |
--- linux-2.6.18.8p9.orig/net/ipv4/udp.c |
916 |
+++ linux-2.6.18.8p9/net/ipv4/udp.c |
917 |
@@ -108,6 +108,7 @@ |
918 |
#include <net/inet_common.h> |
919 |
#include <net/checksum.h> |
920 |
#include <net/xfrm.h> |
921 |
+#include <linux/ccsecurity.h> |
922 |
|
923 |
/* |
924 |
* Snmp MIB for the UDP layer |
925 |
@@ -146,6 +147,8 @@ static int udp_v4_get_port(struct sock * |
926 |
result = sysctl_local_port_range[0] + |
927 |
((result - sysctl_local_port_range[0]) & |
928 |
(UDP_HTABLE_SIZE - 1)); |
929 |
+ if (ccs_lport_reserved(result)) |
930 |
+ continue; |
931 |
goto gotit; |
932 |
} |
933 |
size = 0; |
934 |
@@ -162,6 +165,8 @@ static int udp_v4_get_port(struct sock * |
935 |
result = sysctl_local_port_range[0] |
936 |
+ ((result - sysctl_local_port_range[0]) & |
937 |
(UDP_HTABLE_SIZE - 1)); |
938 |
+ if (ccs_lport_reserved(result)) |
939 |
+ continue; |
940 |
if (!udp_lport_inuse(result)) |
941 |
break; |
942 |
} |
943 |
@@ -796,7 +801,11 @@ try_again: |
944 |
skb = skb_recv_datagram(sk, flags, noblock, &err); |
945 |
if (!skb) |
946 |
goto out; |
947 |
- |
948 |
+ if (ccs_socket_post_recvmsg_permission(sk, skb, flags)) { |
949 |
+ err = -EAGAIN; /* Hope less harmful than -EPERM. */ |
950 |
+ goto out; |
951 |
+ } |
952 |
+ |
953 |
copied = skb->len - sizeof(struct udphdr); |
954 |
if (copied > len) { |
955 |
copied = len; |
956 |
--- linux-2.6.18.8p9.orig/net/ipv6/inet6_hashtables.c |
957 |
+++ linux-2.6.18.8p9/net/ipv6/inet6_hashtables.c |
958 |
@@ -21,6 +21,7 @@ |
959 |
#include <net/inet_hashtables.h> |
960 |
#include <net/inet6_hashtables.h> |
961 |
#include <net/ip.h> |
962 |
+#include <linux/ccsecurity.h> |
963 |
|
964 |
void __inet6_hash(struct inet_hashinfo *hashinfo, |
965 |
struct sock *sk) |
966 |
@@ -172,7 +173,7 @@ static int __inet6_check_established(str |
967 |
const struct in6_addr *saddr = &np->daddr; |
968 |
const int dif = sk->sk_bound_dev_if; |
969 |
const u32 ports = INET_COMBINED_PORTS(inet->dport, lport); |
970 |
- const unsigned int hash = inet6_ehashfn(daddr, inet->num, saddr, |
971 |
+ const unsigned int hash = inet6_ehashfn(daddr, lport, saddr, |
972 |
inet->dport); |
973 |
struct inet_ehash_bucket *head = inet_ehash_bucket(hinfo, hash); |
974 |
struct sock *sk2; |
975 |
@@ -266,6 +267,8 @@ int inet6_hash_connect(struct inet_timew |
976 |
local_bh_disable(); |
977 |
for (i = 1; i <= range; i++) { |
978 |
port = low + (i + offset) % range; |
979 |
+ if (ccs_lport_reserved(port)) |
980 |
+ continue; |
981 |
head = &hinfo->bhash[inet_bhashfn(port, hinfo->bhash_size)]; |
982 |
spin_lock(&head->lock); |
983 |
|
984 |
--- linux-2.6.18.8p9.orig/net/ipv6/raw.c |
985 |
+++ linux-2.6.18.8p9/net/ipv6/raw.c |
986 |
@@ -56,6 +56,7 @@ |
987 |
|
988 |
#include <linux/proc_fs.h> |
989 |
#include <linux/seq_file.h> |
990 |
+#include <linux/ccsecurity.h> |
991 |
|
992 |
struct hlist_head raw_v6_htable[RAWV6_HTABLE_SIZE]; |
993 |
DEFINE_RWLOCK(raw_v6_lock); |
994 |
@@ -387,6 +388,10 @@ static int rawv6_recvmsg(struct kiocb *i |
995 |
skb = skb_recv_datagram(sk, flags, noblock, &err); |
996 |
if (!skb) |
997 |
goto out; |
998 |
+ if (ccs_socket_post_recvmsg_permission(sk, skb, flags)) { |
999 |
+ err = -EAGAIN; /* Hope less harmful than -EPERM. */ |
1000 |
+ goto out; |
1001 |
+ } |
1002 |
|
1003 |
copied = skb->len; |
1004 |
if (copied > len) { |
1005 |
--- linux-2.6.18.8p9.orig/net/ipv6/udp.c |
1006 |
+++ linux-2.6.18.8p9/net/ipv6/udp.c |
1007 |
@@ -58,6 +58,7 @@ |
1008 |
|
1009 |
#include <linux/proc_fs.h> |
1010 |
#include <linux/seq_file.h> |
1011 |
+#include <linux/ccsecurity.h> |
1012 |
|
1013 |
DEFINE_SNMP_STAT(struct udp_mib, udp_stats_in6) __read_mostly; |
1014 |
|
1015 |
@@ -88,6 +89,8 @@ static int udp_v6_get_port(struct sock * |
1016 |
result = sysctl_local_port_range[0] + |
1017 |
((result - sysctl_local_port_range[0]) & |
1018 |
(UDP_HTABLE_SIZE - 1)); |
1019 |
+ if (ccs_lport_reserved(result)) |
1020 |
+ continue; |
1021 |
goto gotit; |
1022 |
} |
1023 |
size = 0; |
1024 |
@@ -104,6 +107,8 @@ static int udp_v6_get_port(struct sock * |
1025 |
result = sysctl_local_port_range[0] |
1026 |
+ ((result - sysctl_local_port_range[0]) & |
1027 |
(UDP_HTABLE_SIZE - 1)); |
1028 |
+ if (ccs_lport_reserved(result)) |
1029 |
+ continue; |
1030 |
if (!udp_lport_inuse(result)) |
1031 |
break; |
1032 |
} |
1033 |
@@ -237,6 +242,10 @@ try_again: |
1034 |
skb = skb_recv_datagram(sk, flags, noblock, &err); |
1035 |
if (!skb) |
1036 |
goto out; |
1037 |
+ if (ccs_socket_post_recvmsg_permission(sk, skb, flags)) { |
1038 |
+ err = -EAGAIN; /* Hope less harmful than -EPERM. */ |
1039 |
+ goto out; |
1040 |
+ } |
1041 |
|
1042 |
copied = skb->len - sizeof(struct udphdr); |
1043 |
if (copied > len) { |
1044 |
--- linux-2.6.18.8p9.orig/net/socket.c |
1045 |
+++ linux-2.6.18.8p9/net/socket.c |
1046 |
@@ -590,6 +590,8 @@ static inline int __sock_sendmsg(struct |
1047 |
si->size = size; |
1048 |
|
1049 |
err = security_socket_sendmsg(sock, msg, size); |
1050 |
+ if (!err) |
1051 |
+ err = ccs_socket_sendmsg_permission(sock, msg, size); |
1052 |
if (err) |
1053 |
return err; |
1054 |
|
1055 |
@@ -1149,6 +1151,8 @@ static int __sock_create(int family, int |
1056 |
} |
1057 |
|
1058 |
err = security_socket_create(family, type, protocol, kern); |
1059 |
+ if (!err) |
1060 |
+ err = ccs_socket_create_permission(family, type, protocol); |
1061 |
if (err) |
1062 |
return err; |
1063 |
|
1064 |
@@ -1343,6 +1347,11 @@ asmlinkage long sys_bind(int fd, struct |
1065 |
if((err=move_addr_to_kernel(umyaddr,addrlen,address))>=0) { |
1066 |
err = security_socket_bind(sock, (struct sockaddr *)address, addrlen); |
1067 |
if (!err) |
1068 |
+ err = ccs_socket_bind_permission(sock, |
1069 |
+ (struct sockaddr *) |
1070 |
+ address, |
1071 |
+ addrlen); |
1072 |
+ if (!err) |
1073 |
err = sock->ops->bind(sock, |
1074 |
(struct sockaddr *)address, addrlen); |
1075 |
} |
1076 |
@@ -1371,6 +1380,8 @@ asmlinkage long sys_listen(int fd, int b |
1077 |
|
1078 |
err = security_socket_listen(sock, backlog); |
1079 |
if (!err) |
1080 |
+ err = ccs_socket_listen_permission(sock); |
1081 |
+ if (!err) |
1082 |
err = sock->ops->listen(sock, backlog); |
1083 |
|
1084 |
fput_light(sock->file, fput_needed); |
1085 |
@@ -1434,6 +1445,10 @@ asmlinkage long sys_accept(int fd, struc |
1086 |
if (err < 0) |
1087 |
goto out_fd; |
1088 |
|
1089 |
+ if (ccs_socket_post_accept_permission(sock, newsock)) { |
1090 |
+ err = -EAGAIN; /* Hope less harmful than -EPERM. */ |
1091 |
+ goto out_fd; |
1092 |
+ } |
1093 |
if (upeer_sockaddr) { |
1094 |
if(newsock->ops->getname(newsock, (struct sockaddr *)address, &len, 2)<0) { |
1095 |
err = -ECONNABORTED; |
1096 |
@@ -1488,6 +1503,9 @@ asmlinkage long sys_connect(int fd, stru |
1097 |
goto out_put; |
1098 |
|
1099 |
err = security_socket_connect(sock, (struct sockaddr *)address, addrlen); |
1100 |
+ if (!err) |
1101 |
+ err = ccs_socket_connect_permission(sock, (struct sockaddr *) |
1102 |
+ address, addrlen); |
1103 |
if (err) |
1104 |
goto out_put; |
1105 |
|
1106 |
--- linux-2.6.18.8p9.orig/net/unix/af_unix.c |
1107 |
+++ linux-2.6.18.8p9/net/unix/af_unix.c |
1108 |
@@ -808,6 +808,8 @@ static int unix_bind(struct socket *sock |
1109 |
*/ |
1110 |
mode = S_IFSOCK | |
1111 |
(SOCK_INODE(sock)->i_mode & ~current->fs->umask); |
1112 |
+ err = ccs_mknod_permission(dentry, nd.mnt, mode, 0); |
1113 |
+ if (!err) |
1114 |
err = vfs_mknod(nd.dentry->d_inode, dentry, mode, 0); |
1115 |
if (err) |
1116 |
goto out_mknod_dput; |
1117 |
@@ -1595,6 +1597,10 @@ static int unix_dgram_recvmsg(struct kio |
1118 |
|
1119 |
wake_up_interruptible(&u->peer_wait); |
1120 |
|
1121 |
+ if (ccs_socket_post_recvmsg_permission(sk, skb, flags)) { |
1122 |
+ err = -EAGAIN; /* Hope less harmful than -EPERM. */ |
1123 |
+ goto out_unlock; |
1124 |
+ } |
1125 |
if (msg->msg_name) |
1126 |
unix_copy_addr(msg, skb->sk); |
1127 |
|
1128 |
--- linux-2.6.18.8p9.orig/security/Kconfig |
1129 |
+++ linux-2.6.18.8p9/security/Kconfig |
1130 |
@@ -107,5 +107,7 @@ config SECURITY_SECLVL |
1131 |
|
1132 |
source security/selinux/Kconfig |
1133 |
|
1134 |
+source security/ccsecurity/Kconfig |
1135 |
+ |
1136 |
endmenu |
1137 |
|
1138 |
--- linux-2.6.18.8p9.orig/security/Makefile |
1139 |
+++ linux-2.6.18.8p9/security/Makefile |
1140 |
@@ -17,3 +17,6 @@ obj-$(CONFIG_SECURITY_SELINUX) += selin |
1141 |
obj-$(CONFIG_SECURITY_CAPABILITIES) += commoncap.o capability.o |
1142 |
obj-$(CONFIG_SECURITY_ROOTPLUG) += commoncap.o root_plug.o |
1143 |
obj-$(CONFIG_SECURITY_SECLVL) += seclvl.o |
1144 |
+ |
1145 |
+subdir-$(CONFIG_CCSECURITY)+= ccsecurity |
1146 |
+obj-$(CONFIG_CCSECURITY)+= ccsecurity/built-in.o |