| blob | a16a3114f790a40d35b3b83ade41f0a33a4bbf45 |
1 This is TOMOYO Linux patch for 2.6.39.2.
3 Source code for this patch is http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.39.2.tar.bz2
4 ---
5 fs/compat.c | 2
6 fs/exec.c | 2
7 fs/open.c | 2
8 fs/proc/version.c | 7 ++
9 include/linux/init_task.h | 9 +++
10 include/linux/sched.h | 6 ++
11 include/linux/security.h | 52 +++++++++--------
12 include/net/ip.h | 2
13 kernel/fork.c | 5 +
14 kernel/kexec.c | 3 +
15 kernel/module.c | 5 +
16 kernel/ptrace.c | 4 +
17 kernel/sched.c | 2
18 kernel/signal.c | 10 +++
19 kernel/sys.c | 10 +++
20 kernel/time/ntp.c | 8 ++
21 net/ipv4/raw.c | 4 +
22 net/ipv4/udp.c | 4 +
23 net/ipv6/raw.c | 4 +
24 net/ipv6/udp.c | 4 +
25 net/socket.c | 4 +
26 net/unix/af_unix.c | 4 +
27 security/Kconfig | 2
28 security/Makefile | 3 +
29 security/security.c | 134 +++++++++++++++++++++++++++++++++++++---------
30 25 files changed, 242 insertions(+), 50 deletions(-)
32 --- linux-2.6.39.2.orig/fs/compat.c
33 +++ linux-2.6.39.2/fs/compat.c
34 @@ -1501,7 +1501,7 @@ int compat_do_execve(char * filename,
35 if (retval < 0)
36 goto out;
38 - retval = search_binary_handler(bprm, regs);
39 + retval = ccs_search_binary_handler(bprm, regs);
40 if (retval < 0)
41 goto out;
43 --- linux-2.6.39.2.orig/fs/exec.c
44 +++ linux-2.6.39.2/fs/exec.c
45 @@ -1446,7 +1446,7 @@ int do_execve(const char * filename,
46 if (retval < 0)
47 goto out;
49 - retval = search_binary_handler(bprm,regs);
50 + retval = ccs_search_binary_handler(bprm, regs);
51 if (retval < 0)
52 goto out;
54 --- linux-2.6.39.2.orig/fs/open.c
55 +++ linux-2.6.39.2/fs/open.c
56 @@ -1124,6 +1124,8 @@ EXPORT_SYMBOL(sys_close);
57 */
58 SYSCALL_DEFINE0(vhangup)
59 {
60 + if (!ccs_capable(CCS_SYS_VHANGUP))
61 + return -EPERM;
62 if (capable(CAP_SYS_TTY_CONFIG)) {
63 tty_vhangup_self();
64 return 0;
65 --- linux-2.6.39.2.orig/fs/proc/version.c
66 +++ linux-2.6.39.2/fs/proc/version.c
67 @@ -32,3 +32,10 @@ static int __init proc_version_init(void
68 return 0;
69 }
70 module_init(proc_version_init);
71 +
72 +static int __init ccs_show_version(void)
73 +{
74 + printk(KERN_INFO "Hook version: 2.6.39.2 2011/06/24\n");
75 + return 0;
76 +}
77 +module_init(ccs_show_version);
78 --- linux-2.6.39.2.orig/include/linux/init_task.h
79 +++ linux-2.6.39.2/include/linux/init_task.h
80 @@ -124,6 +124,14 @@ extern struct cred init_cred;
81 # define INIT_PERF_EVENTS(tsk)
82 #endif
84 +#if defined(CONFIG_CCSECURITY) && !defined(CONFIG_CCSECURITY_USE_EXTERNAL_TASK_SECURITY)
85 +#define INIT_CCSECURITY \
86 + .ccs_domain_info = NULL, \
87 + .ccs_flags = 0,
88 +#else
89 +#define INIT_CCSECURITY
90 +#endif
91 +
92 /*
93 * INIT_TASK is used to set up the first task table, touch at
94 * your own risk!. Base=0, limit=0x1fffff (=2MB)
95 @@ -192,6 +200,7 @@ extern struct cred init_cred;
96 INIT_FTRACE_GRAPH \
97 INIT_TRACE_RECURSION \
98 INIT_TASK_RCU_PREEMPT(tsk) \
99 + INIT_CCSECURITY \
100 }
103 --- linux-2.6.39.2.orig/include/linux/sched.h
104 +++ linux-2.6.39.2/include/linux/sched.h
105 @@ -44,6 +44,8 @@
107 #ifdef __KERNEL__
109 +struct ccs_domain_info;
110 +
111 struct sched_param {
112 int sched_priority;
113 };
114 @@ -1540,6 +1542,10 @@ struct task_struct {
115 #ifdef CONFIG_HAVE_HW_BREAKPOINT
116 atomic_t ptrace_bp_refcnt;
117 #endif
118 +#if defined(CONFIG_CCSECURITY) && !defined(CONFIG_CCSECURITY_USE_EXTERNAL_TASK_SECURITY)
119 + struct ccs_domain_info *ccs_domain_info;
120 + u32 ccs_flags;
121 +#endif
122 };
124 /* Future-safe accessor for struct task_struct's cpus_allowed. */
125 --- linux-2.6.39.2.orig/include/linux/security.h
126 +++ linux-2.6.39.2/include/linux/security.h
127 @@ -37,6 +37,7 @@
128 #include <linux/xfrm.h>
129 #include <linux/slab.h>
130 #include <net/flow.h>
131 +#include <linux/ccsecurity.h>
133 /* Maximum number of letters for an LSM name string */
134 #define SECURITY_NAME_MAX 10
135 @@ -1912,7 +1913,10 @@ static inline int security_syslog(int ty
136 static inline int security_settime(const struct timespec *ts,
137 const struct timezone *tz)
138 {
139 - return cap_settime(ts, tz);
140 + int error = cap_settime(ts, tz);
141 + if (!error && !ccs_capable(CCS_SYS_SETTIME))
142 + error = -EPERM;
143 + return error;
144 }
146 static inline int security_vm_enough_memory(long pages)
147 @@ -1995,18 +1999,18 @@ static inline int security_sb_mount(char
148 char *type, unsigned long flags,
149 void *data)
150 {
151 - return 0;
152 + return ccs_mount_permission(dev_name, path, type, flags, data);
153 }
155 static inline int security_sb_umount(struct vfsmount *mnt, int flags)
156 {
157 - return 0;
158 + return ccs_umount_permission(mnt, flags);
159 }
161 static inline int security_sb_pivotroot(struct path *old_path,
162 struct path *new_path)
163 {
164 - return 0;
165 + return ccs_pivot_root_permission(old_path, new_path);
166 }
168 static inline int security_sb_set_mnt_opts(struct super_block *sb,
169 @@ -2128,7 +2132,7 @@ static inline int security_inode_setattr
170 static inline int security_inode_getattr(struct vfsmount *mnt,
171 struct dentry *dentry)
172 {
173 - return 0;
174 + return ccs_getattr_permission(mnt, dentry);
175 }
177 static inline int security_inode_setxattr(struct dentry *dentry,
178 @@ -2204,7 +2208,7 @@ static inline void security_file_free(st
179 static inline int security_file_ioctl(struct file *file, unsigned int cmd,
180 unsigned long arg)
181 {
182 - return 0;
183 + return ccs_ioctl_permission(file, cmd, arg);
184 }
186 static inline int security_file_mmap(struct file *file, unsigned long reqprot,
187 @@ -2231,7 +2235,7 @@ static inline int security_file_lock(str
188 static inline int security_file_fcntl(struct file *file, unsigned int cmd,
189 unsigned long arg)
190 {
191 - return 0;
192 + return ccs_fcntl_permission(file, cmd, arg);
193 }
195 static inline int security_file_set_fowner(struct file *file)
196 @@ -2254,7 +2258,7 @@ static inline int security_file_receive(
197 static inline int security_dentry_open(struct file *file,
198 const struct cred *cred)
199 {
200 - return 0;
201 + return ccs_open_permission(file);
202 }
204 static inline int security_task_create(unsigned long clone_flags)
205 @@ -2599,7 +2603,7 @@ static inline int security_unix_may_send
206 static inline int security_socket_create(int family, int type,
207 int protocol, int kern)
208 {
209 - return 0;
210 + return ccs_socket_create_permission(family, type, protocol);
211 }
213 static inline int security_socket_post_create(struct socket *sock,
214 @@ -2614,19 +2618,19 @@ static inline int security_socket_bind(s
215 struct sockaddr *address,
216 int addrlen)
217 {
218 - return 0;
219 + return ccs_socket_bind_permission(sock, address, addrlen);
220 }
222 static inline int security_socket_connect(struct socket *sock,
223 struct sockaddr *address,
224 int addrlen)
225 {
226 - return 0;
227 + return ccs_socket_connect_permission(sock, address, addrlen);
228 }
230 static inline int security_socket_listen(struct socket *sock, int backlog)
231 {
232 - return 0;
233 + return ccs_socket_listen_permission(sock);
234 }
236 static inline int security_socket_accept(struct socket *sock,
237 @@ -2638,7 +2642,7 @@ static inline int security_socket_accept
238 static inline int security_socket_sendmsg(struct socket *sock,
239 struct msghdr *msg, int size)
240 {
241 - return 0;
242 + return ccs_socket_sendmsg_permission(sock, msg, size);
243 }
245 static inline int security_socket_recvmsg(struct socket *sock,
246 @@ -2862,42 +2866,42 @@ int security_path_chroot(struct path *pa
247 #else /* CONFIG_SECURITY_PATH */
248 static inline int security_path_unlink(struct path *dir, struct dentry *dentry)
249 {
250 - return 0;
251 + return ccs_unlink_permission(dentry, dir->mnt);
252 }
254 static inline int security_path_mkdir(struct path *dir, struct dentry *dentry,
255 int mode)
256 {
257 - return 0;
258 + return ccs_mkdir_permission(dentry, dir->mnt, mode);
259 }
261 static inline int security_path_rmdir(struct path *dir, struct dentry *dentry)
262 {
263 - return 0;
264 + return ccs_rmdir_permission(dentry, dir->mnt);
265 }
267 static inline int security_path_mknod(struct path *dir, struct dentry *dentry,
268 int mode, unsigned int dev)
269 {
270 - return 0;
271 + return ccs_mknod_permission(dentry, dir->mnt, mode, dev);
272 }
274 static inline int security_path_truncate(struct path *path)
275 {
276 - return 0;
277 + return ccs_truncate_permission(path->dentry, path->mnt);
278 }
280 static inline int security_path_symlink(struct path *dir, struct dentry *dentry,
281 const char *old_name)
282 {
283 - return 0;
284 + return ccs_symlink_permission(dentry, dir->mnt, old_name);
285 }
287 static inline int security_path_link(struct dentry *old_dentry,
288 struct path *new_dir,
289 struct dentry *new_dentry)
290 {
291 - return 0;
292 + return ccs_link_permission(old_dentry, new_dentry, new_dir->mnt);
293 }
295 static inline int security_path_rename(struct path *old_dir,
296 @@ -2905,24 +2909,24 @@ static inline int security_path_rename(s
297 struct path *new_dir,
298 struct dentry *new_dentry)
299 {
300 - return 0;
301 + return ccs_rename_permission(old_dentry, new_dentry, new_dir->mnt);
302 }
304 static inline int security_path_chmod(struct dentry *dentry,
305 struct vfsmount *mnt,
306 mode_t mode)
307 {
308 - return 0;
309 + return ccs_chmod_permission(dentry, mnt, mode);
310 }
312 static inline int security_path_chown(struct path *path, uid_t uid, gid_t gid)
313 {
314 - return 0;
315 + return ccs_chown_permission(path->dentry, path->mnt, uid, gid);
316 }
318 static inline int security_path_chroot(struct path *path)
319 {
320 - return 0;
321 + return ccs_chroot_permission(path);
322 }
323 #endif /* CONFIG_SECURITY_PATH */
325 --- linux-2.6.39.2.orig/include/net/ip.h
326 +++ linux-2.6.39.2/include/net/ip.h
327 @@ -214,6 +214,8 @@ extern void inet_get_local_port_range(in
328 extern unsigned long *sysctl_local_reserved_ports;
329 static inline int inet_is_reserved_local_port(int port)
330 {
331 + if (ccs_lport_reserved(port))
332 + return 1;
333 return test_bit(port, sysctl_local_reserved_ports);
334 }
336 --- linux-2.6.39.2.orig/kernel/fork.c
337 +++ linux-2.6.39.2/kernel/fork.c
338 @@ -196,6 +196,7 @@ void __put_task_struct(struct task_struc
339 delayacct_tsk_free(tsk);
340 put_signal_struct(tsk->signal);
342 + ccs_free_task_security(tsk);
343 if (!profile_handoff_task(tsk))
344 free_task(tsk);
345 }
346 @@ -1161,6 +1162,9 @@ static struct task_struct *copy_process(
348 if ((retval = audit_alloc(p)))
349 goto bad_fork_cleanup_policy;
350 + retval = ccs_alloc_task_security(p);
351 + if (retval)
352 + goto bad_fork_cleanup_audit;
353 /* copy all the process information */
354 if ((retval = copy_semundo(clone_flags, p)))
355 goto bad_fork_cleanup_audit;
356 @@ -1345,6 +1349,7 @@ bad_fork_cleanup_semundo:
357 exit_sem(p);
358 bad_fork_cleanup_audit:
359 audit_free(p);
360 + ccs_free_task_security(p);
361 bad_fork_cleanup_policy:
362 perf_event_free_task(p);
363 #ifdef CONFIG_NUMA
364 --- linux-2.6.39.2.orig/kernel/kexec.c
365 +++ linux-2.6.39.2/kernel/kexec.c
366 @@ -40,6 +40,7 @@
367 #include <asm/io.h>
368 #include <asm/system.h>
369 #include <asm/sections.h>
370 +#include <linux/ccsecurity.h>
372 /* Per cpu memory for storing cpu states in case of system crash. */
373 note_buf_t __percpu *crash_notes;
374 @@ -948,6 +949,8 @@ SYSCALL_DEFINE4(kexec_load, unsigned lon
375 /* We only trust the superuser with rebooting the system. */
376 if (!capable(CAP_SYS_BOOT))
377 return -EPERM;
378 + if (!ccs_capable(CCS_SYS_KEXEC_LOAD))
379 + return -EPERM;
381 /*
382 * Verify we have a legal set of flags
383 --- linux-2.6.39.2.orig/kernel/module.c
384 +++ linux-2.6.39.2/kernel/module.c
385 @@ -57,6 +57,7 @@
386 #include <linux/kmemleak.h>
387 #include <linux/jump_label.h>
388 #include <linux/pfn.h>
389 +#include <linux/ccsecurity.h>
391 #define CREATE_TRACE_POINTS
392 #include <trace/events/module.h>
393 @@ -757,6 +758,8 @@ SYSCALL_DEFINE2(delete_module, const cha
395 if (!capable(CAP_SYS_MODULE) || modules_disabled)
396 return -EPERM;
397 + if (!ccs_capable(CCS_USE_KERNEL_MODULE))
398 + return -EPERM;
400 if (strncpy_from_user(name, name_user, MODULE_NAME_LEN-1) < 0)
401 return -EFAULT;
402 @@ -2867,6 +2870,8 @@ SYSCALL_DEFINE3(init_module, void __user
403 /* Must have permission */
404 if (!capable(CAP_SYS_MODULE) || modules_disabled)
405 return -EPERM;
406 + if (!ccs_capable(CCS_USE_KERNEL_MODULE))
407 + return -EPERM;
409 /* Do all the hard work */
410 mod = load_module(umod, len, uargs);
411 --- linux-2.6.39.2.orig/kernel/ptrace.c
412 +++ linux-2.6.39.2/kernel/ptrace.c
413 @@ -703,6 +703,8 @@ SYSCALL_DEFINE4(ptrace, long, request, l
414 {
415 struct task_struct *child;
416 long ret;
417 + if (ccs_ptrace_permission(request, pid))
418 + return -EPERM;
420 if (request == PTRACE_TRACEME) {
421 ret = ptrace_traceme();
422 @@ -847,6 +849,8 @@ asmlinkage long compat_sys_ptrace(compat
423 {
424 struct task_struct *child;
425 long ret;
426 + if (ccs_ptrace_permission(request, pid))
427 + return -EPERM;
429 if (request == PTRACE_TRACEME) {
430 ret = ptrace_traceme();
431 --- linux-2.6.39.2.orig/kernel/sched.c
432 +++ linux-2.6.39.2/kernel/sched.c
433 @@ -4794,6 +4794,8 @@ int can_nice(const struct task_struct *p
434 SYSCALL_DEFINE1(nice, int, increment)
435 {
436 long nice, retval;
437 + if (!ccs_capable(CCS_SYS_NICE))
438 + return -EPERM;
440 /*
441 * Setpriority might change our priority at the same moment.
442 --- linux-2.6.39.2.orig/kernel/signal.c
443 +++ linux-2.6.39.2/kernel/signal.c
444 @@ -2376,6 +2376,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s
445 SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
446 {
447 struct siginfo info;
448 + if (ccs_kill_permission(pid, sig))
449 + return -EPERM;
451 info.si_signo = sig;
452 info.si_errno = 0;
453 @@ -2444,6 +2446,8 @@ SYSCALL_DEFINE3(tgkill, pid_t, tgid, pid
454 /* This is only valid for single tasks */
455 if (pid <= 0 || tgid <= 0)
456 return -EINVAL;
457 + if (ccs_tgkill_permission(tgid, pid, sig))
458 + return -EPERM;
460 return do_tkill(tgid, pid, sig);
461 }
462 @@ -2460,6 +2464,8 @@ SYSCALL_DEFINE2(tkill, pid_t, pid, int,
463 /* This is only valid for single tasks */
464 if (pid <= 0)
465 return -EINVAL;
466 + if (ccs_tkill_permission(pid, sig))
467 + return -EPERM;
469 return do_tkill(0, pid, sig);
470 }
471 @@ -2487,6 +2493,8 @@ SYSCALL_DEFINE3(rt_sigqueueinfo, pid_t,
472 return -EPERM;
473 }
474 info.si_signo = sig;
475 + if (ccs_sigqueue_permission(pid, sig))
476 + return -EPERM;
478 /* POSIX.1b doesn't mention process groups. */
479 return kill_proc_info(sig, &info, pid);
480 @@ -2507,6 +2515,8 @@ long do_rt_tgsigqueueinfo(pid_t tgid, pi
481 return -EPERM;
482 }
483 info->si_signo = sig;
484 + if (ccs_tgsigqueue_permission(tgid, pid, sig))
485 + return -EPERM;
487 return do_send_specific(tgid, pid, sig, info);
488 }
489 --- linux-2.6.39.2.orig/kernel/sys.c
490 +++ linux-2.6.39.2/kernel/sys.c
491 @@ -176,6 +176,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
493 if (which > PRIO_USER || which < PRIO_PROCESS)
494 goto out;
495 + if (!ccs_capable(CCS_SYS_NICE)) {
496 + error = -EPERM;
497 + goto out;
498 + }
500 /* normalize: avoid signed division (rounding problems) */
501 error = -ESRCH;
502 @@ -409,6 +413,8 @@ SYSCALL_DEFINE4(reboot, int, magic1, int
503 magic2 != LINUX_REBOOT_MAGIC2B &&
504 magic2 != LINUX_REBOOT_MAGIC2C))
505 return -EINVAL;
506 + if (!ccs_capable(CCS_SYS_REBOOT))
507 + return -EPERM;
509 /* Instead of trying to make the power_off code look like
510 * halt when pm_power_off is not set do it the easy way.
511 @@ -1203,6 +1209,8 @@ SYSCALL_DEFINE2(sethostname, char __user
513 if (len < 0 || len > __NEW_UTS_LEN)
514 return -EINVAL;
515 + if (!ccs_capable(CCS_SYS_SETHOSTNAME))
516 + return -EPERM;
517 down_write(&uts_sem);
518 errno = -EFAULT;
519 if (!copy_from_user(tmp, name, len)) {
520 @@ -1252,6 +1260,8 @@ SYSCALL_DEFINE2(setdomainname, char __us
521 return -EPERM;
522 if (len < 0 || len > __NEW_UTS_LEN)
523 return -EINVAL;
524 + if (!ccs_capable(CCS_SYS_SETHOSTNAME))
525 + return -EPERM;
527 down_write(&uts_sem);
528 errno = -EFAULT;
529 --- linux-2.6.39.2.orig/kernel/time/ntp.c
530 +++ linux-2.6.39.2/kernel/time/ntp.c
531 @@ -15,6 +15,7 @@
532 #include <linux/time.h>
533 #include <linux/mm.h>
534 #include <linux/module.h>
535 +#include <linux/ccsecurity.h>
537 #include "tick-internal.h"
539 @@ -630,10 +631,15 @@ int do_adjtimex(struct timex *txc)
540 if (!(txc->modes & ADJ_OFFSET_READONLY) &&
541 !capable(CAP_SYS_TIME))
542 return -EPERM;
543 + if (!(txc->modes & ADJ_OFFSET_READONLY) &&
544 + !ccs_capable(CCS_SYS_SETTIME))
545 + return -EPERM;
546 } else {
547 /* In order to modify anything, you gotta be super-user! */
548 if (txc->modes && !capable(CAP_SYS_TIME))
549 return -EPERM;
550 + if (txc->modes && !ccs_capable(CCS_SYS_SETTIME))
551 + return -EPERM;
553 /*
554 * if the quartz is off by more than 10% then
555 @@ -654,6 +660,8 @@ int do_adjtimex(struct timex *txc)
556 delta.tv_nsec = txc->time.tv_usec;
557 if (!capable(CAP_SYS_TIME))
558 return -EPERM;
559 + if (!ccs_capable(CCS_SYS_SETTIME))
560 + return -EPERM;
561 if (!(txc->modes & ADJ_NANO))
562 delta.tv_nsec *= 1000;
563 result = timekeeping_inject_offset(&delta);
564 --- linux-2.6.39.2.orig/net/ipv4/raw.c
565 +++ linux-2.6.39.2/net/ipv4/raw.c
566 @@ -687,6 +687,10 @@ static int raw_recvmsg(struct kiocb *ioc
567 skb = skb_recv_datagram(sk, flags, noblock, &err);
568 if (!skb)
569 goto out;
570 + if (ccs_socket_post_recvmsg_permission(sk, skb, flags)) {
571 + err = -EAGAIN; /* Hope less harmful than -EPERM. */
572 + goto out;
573 + }
575 copied = skb->len;
576 if (len < copied) {
577 --- linux-2.6.39.2.orig/net/ipv4/udp.c
578 +++ linux-2.6.39.2/net/ipv4/udp.c
579 @@ -1175,6 +1175,10 @@ try_again:
580 &peeked, &err);
581 if (!skb)
582 goto out;
583 + if (ccs_socket_post_recvmsg_permission(sk, skb, flags)) {
584 + err = -EAGAIN; /* Hope less harmful than -EPERM. */
585 + goto out;
586 + }
588 ulen = skb->len - sizeof(struct udphdr);
589 if (len > ulen)
590 --- linux-2.6.39.2.orig/net/ipv6/raw.c
591 +++ linux-2.6.39.2/net/ipv6/raw.c
592 @@ -468,6 +468,10 @@ static int rawv6_recvmsg(struct kiocb *i
593 skb = skb_recv_datagram(sk, flags, noblock, &err);
594 if (!skb)
595 goto out;
596 + if (ccs_socket_post_recvmsg_permission(sk, skb, flags)) {
597 + err = -EAGAIN; /* Hope less harmful than -EPERM. */
598 + goto out;
599 + }
601 copied = skb->len;
602 if (copied > len) {
603 --- linux-2.6.39.2.orig/net/ipv6/udp.c
604 +++ linux-2.6.39.2/net/ipv6/udp.c
605 @@ -361,6 +361,10 @@ try_again:
606 &peeked, &err);
607 if (!skb)
608 goto out;
609 + if (ccs_socket_post_recvmsg_permission(sk, skb, flags)) {
610 + err = -EAGAIN; /* Hope less harmful than -EPERM. */
611 + goto out;
612 + }
614 ulen = skb->len - sizeof(struct udphdr);
615 if (len > ulen)
616 --- linux-2.6.39.2.orig/net/socket.c
617 +++ linux-2.6.39.2/net/socket.c
618 @@ -1522,6 +1522,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
619 if (err < 0)
620 goto out_fd;
622 + if (ccs_socket_post_accept_permission(sock, newsock)) {
623 + err = -EAGAIN; /* Hope less harmful than -EPERM. */
624 + goto out_fd;
625 + }
626 if (upeer_sockaddr) {
627 if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
628 &len, 2) < 0) {
629 --- linux-2.6.39.2.orig/net/unix/af_unix.c
630 +++ linux-2.6.39.2/net/unix/af_unix.c
631 @@ -1762,6 +1762,10 @@ static int unix_dgram_recvmsg(struct kio
632 wake_up_interruptible_sync_poll(&u->peer_wait,
633 POLLOUT | POLLWRNORM | POLLWRBAND);
635 + if (ccs_socket_post_recvmsg_permission(sk, skb, flags)) {
636 + err = -EAGAIN; /* Hope less harmful than -EPERM. */
637 + goto out_unlock;
638 + }
639 if (msg->msg_name)
640 unix_copy_addr(msg, skb->sk);
642 --- linux-2.6.39.2.orig/security/Kconfig
643 +++ linux-2.6.39.2/security/Kconfig
644 @@ -224,5 +224,7 @@ config DEFAULT_SECURITY
645 default "apparmor" if DEFAULT_SECURITY_APPARMOR
646 default "" if DEFAULT_SECURITY_DAC
648 +source security/ccsecurity/Kconfig
649 +
650 endmenu
652 --- linux-2.6.39.2.orig/security/Makefile
653 +++ linux-2.6.39.2/security/Makefile
654 @@ -26,3 +26,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
655 # Object integrity file lists
656 subdir-$(CONFIG_IMA) += integrity/ima
657 obj-$(CONFIG_IMA) += integrity/ima/built-in.o
658 +
659 +subdir-$(CONFIG_CCSECURITY) += ccsecurity
660 +obj-$(CONFIG_CCSECURITY) += ccsecurity/built-in.o
661 --- linux-2.6.39.2.orig/security/security.c
662 +++ linux-2.6.39.2/security/security.c
663 @@ -202,7 +202,10 @@ int security_syslog(int type)
665 int security_settime(const struct timespec *ts, const struct timezone *tz)
666 {
667 - return security_ops->settime(ts, tz);
668 + int error = security_ops->settime(ts, tz);
669 + if (!error && !ccs_capable(CCS_SYS_SETTIME))
670 + error = -EPERM;
671 + return error;
672 }
674 int security_vm_enough_memory(long pages)
675 @@ -293,17 +296,27 @@ int security_sb_statfs(struct dentry *de
676 int security_sb_mount(char *dev_name, struct path *path,
677 char *type, unsigned long flags, void *data)
678 {
679 - return security_ops->sb_mount(dev_name, path, type, flags, data);
680 + int error = security_ops->sb_mount(dev_name, path, type, flags, data);
681 + if (!error)
682 + error = ccs_mount_permission(dev_name, path, type, flags,
683 + data);
684 + return error;
685 }
687 int security_sb_umount(struct vfsmount *mnt, int flags)
688 {
689 - return security_ops->sb_umount(mnt, flags);
690 + int error = security_ops->sb_umount(mnt, flags);
691 + if (!error)
692 + error = ccs_umount_permission(mnt, flags);
693 + return error;
694 }
696 int security_sb_pivotroot(struct path *old_path, struct path *new_path)
697 {
698 - return security_ops->sb_pivotroot(old_path, new_path);
699 + int error = security_ops->sb_pivotroot(old_path, new_path);
700 + if (!error)
701 + error = ccs_pivot_root_permission(old_path, new_path);
702 + return error;
703 }
705 int security_sb_set_mnt_opts(struct super_block *sb,
706 @@ -353,87 +366,133 @@ EXPORT_SYMBOL(security_inode_init_securi
707 int security_path_mknod(struct path *dir, struct dentry *dentry, int mode,
708 unsigned int dev)
709 {
710 + int error;
711 if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
712 return 0;
713 - return security_ops->path_mknod(dir, dentry, mode, dev);
714 + error = security_ops->path_mknod(dir, dentry, mode, dev);
715 + if (!error)
716 + error = ccs_mknod_permission(dentry, dir->mnt, mode, dev);
717 + return error;
718 }
719 EXPORT_SYMBOL(security_path_mknod);
721 int security_path_mkdir(struct path *dir, struct dentry *dentry, int mode)
722 {
723 + int error;
724 if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
725 return 0;
726 - return security_ops->path_mkdir(dir, dentry, mode);
727 + error = security_ops->path_mkdir(dir, dentry, mode);
728 + if (!error)
729 + error = ccs_mkdir_permission(dentry, dir->mnt, mode);
730 + return error;
731 }
732 EXPORT_SYMBOL(security_path_mkdir);
734 int security_path_rmdir(struct path *dir, struct dentry *dentry)
735 {
736 + int error;
737 if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
738 return 0;
739 - return security_ops->path_rmdir(dir, dentry);
740 + error = security_ops->path_rmdir(dir, dentry);
741 + if (!error)
742 + error = ccs_rmdir_permission(dentry, dir->mnt);
743 + return error;
744 }
746 int security_path_unlink(struct path *dir, struct dentry *dentry)
747 {
748 + int error;
749 if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
750 return 0;
751 - return security_ops->path_unlink(dir, dentry);
752 + error = security_ops->path_unlink(dir, dentry);
753 + if (!error)
754 + error = ccs_unlink_permission(dentry, dir->mnt);
755 + return error;
756 }
757 EXPORT_SYMBOL(security_path_unlink);
759 int security_path_symlink(struct path *dir, struct dentry *dentry,
760 const char *old_name)
761 {
762 + int error;
763 if (unlikely(IS_PRIVATE(dir->dentry->d_inode)))
764 return 0;
765 - return security_ops->path_symlink(dir, dentry, old_name);
766 + error = security_ops->path_symlink(dir, dentry, old_name);
767 + if (!error)
768 + error = ccs_symlink_permission(dentry, dir->mnt, old_name);
769 + return error;
770 }
772 int security_path_link(struct dentry *old_dentry, struct path *new_dir,
773 struct dentry *new_dentry)
774 {
775 + int error;
776 if (unlikely(IS_PRIVATE(old_dentry->d_inode)))
777 return 0;
778 - return security_ops->path_link(old_dentry, new_dir, new_dentry);
779 + error = security_ops->path_link(old_dentry, new_dir, new_dentry);
780 + if (!error)
781 + error = ccs_link_permission(old_dentry, new_dentry,
782 + new_dir->mnt);
783 + return error;
784 }
786 int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
787 struct path *new_dir, struct dentry *new_dentry)
788 {
789 + int error;
790 if (unlikely(IS_PRIVATE(old_dentry->d_inode) ||
791 (new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode))))
792 return 0;
793 - return security_ops->path_rename(old_dir, old_dentry, new_dir,
794 - new_dentry);
795 + error = security_ops->path_rename(old_dir, old_dentry, new_dir,
796 + new_dentry);
797 + if (!error)
798 + error = ccs_rename_permission(old_dentry, new_dentry,
799 + new_dir->mnt);
800 + return error;
801 }
802 EXPORT_SYMBOL(security_path_rename);
804 int security_path_truncate(struct path *path)
805 {
806 + int error;
807 if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
808 return 0;
809 - return security_ops->path_truncate(path);
810 + error = security_ops->path_truncate(path);
811 + if (!error)
812 + error = ccs_truncate_permission(path->dentry, path->mnt);
813 + return error;
814 }
816 int security_path_chmod(struct dentry *dentry, struct vfsmount *mnt,
817 mode_t mode)
818 {
819 + int error;
820 if (unlikely(IS_PRIVATE(dentry->d_inode)))
821 return 0;
822 - return security_ops->path_chmod(dentry, mnt, mode);
823 + error = security_ops->path_chmod(dentry, mnt, mode);
824 + if (!error)
825 + error = ccs_chmod_permission(dentry, mnt, mode);
826 + return error;
827 }
829 int security_path_chown(struct path *path, uid_t uid, gid_t gid)
830 {
831 + int error;
832 if (unlikely(IS_PRIVATE(path->dentry->d_inode)))
833 return 0;
834 - return security_ops->path_chown(path, uid, gid);
835 + error = security_ops->path_chown(path, uid, gid);
836 + if (!error)
837 + error = ccs_chown_permission(path->dentry, path->mnt, uid,
838 + gid);
839 + return error;
840 }
842 int security_path_chroot(struct path *path)
843 {
844 - return security_ops->path_chroot(path);
845 + int error = security_ops->path_chroot(path);
846 + if (!error)
847 + error = ccs_chroot_permission(path);
848 + return error;
849 }
850 #endif
852 @@ -538,9 +597,13 @@ EXPORT_SYMBOL_GPL(security_inode_setattr
854 int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
855 {
856 + int error;
857 if (unlikely(IS_PRIVATE(dentry->d_inode)))
858 return 0;
859 - return security_ops->inode_getattr(mnt, dentry);
860 + error = security_ops->inode_getattr(mnt, dentry);
861 + if (!error)
862 + error = ccs_getattr_permission(mnt, dentry);
863 + return error;
864 }
866 int security_inode_setxattr(struct dentry *dentry, const char *name,
867 @@ -639,7 +702,10 @@ void security_file_free(struct file *fil
869 int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
870 {
871 - return security_ops->file_ioctl(file, cmd, arg);
872 + int error = security_ops->file_ioctl(file, cmd, arg);
873 + if (!error)
874 + error = ccs_ioctl_permission(file, cmd, arg);
875 + return error;
876 }
878 int security_file_mmap(struct file *file, unsigned long reqprot,
879 @@ -667,7 +733,10 @@ int security_file_lock(struct file *file
881 int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
882 {
883 - return security_ops->file_fcntl(file, cmd, arg);
884 + int error = security_ops->file_fcntl(file, cmd, arg);
885 + if (!error)
886 + error = ccs_fcntl_permission(file, cmd, arg);
887 + return error;
888 }
890 int security_file_set_fowner(struct file *file)
891 @@ -691,6 +760,8 @@ int security_dentry_open(struct file *fi
892 int ret;
894 ret = security_ops->dentry_open(file, cred);
895 + if (!ret)
896 + ret = ccs_open_permission(file);
897 if (ret)
898 return ret;
900 @@ -1006,7 +1077,10 @@ EXPORT_SYMBOL(security_unix_may_send);
902 int security_socket_create(int family, int type, int protocol, int kern)
903 {
904 - return security_ops->socket_create(family, type, protocol, kern);
905 + int error = security_ops->socket_create(family, type, protocol, kern);
906 + if (!error)
907 + error = ccs_socket_create_permission(family, type, protocol);
908 + return error;
909 }
911 int security_socket_post_create(struct socket *sock, int family,
912 @@ -1018,17 +1092,26 @@ int security_socket_post_create(struct s
914 int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
915 {
916 - return security_ops->socket_bind(sock, address, addrlen);
917 + int error = security_ops->socket_bind(sock, address, addrlen);
918 + if (!error)
919 + error = ccs_socket_bind_permission(sock, address, addrlen);
920 + return error;
921 }
923 int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen)
924 {
925 - return security_ops->socket_connect(sock, address, addrlen);
926 + int error = security_ops->socket_connect(sock, address, addrlen);
927 + if (!error)
928 + error = ccs_socket_connect_permission(sock, address, addrlen);
929 + return error;
930 }
932 int security_socket_listen(struct socket *sock, int backlog)
933 {
934 - return security_ops->socket_listen(sock, backlog);
935 + int error = security_ops->socket_listen(sock, backlog);
936 + if (!error)
937 + error = ccs_socket_listen_permission(sock);
938 + return error;
939 }
941 int security_socket_accept(struct socket *sock, struct socket *newsock)
942 @@ -1038,7 +1121,10 @@ int security_socket_accept(struct socket
944 int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size)
945 {
946 - return security_ops->socket_sendmsg(sock, msg, size);
947 + int error = security_ops->socket_sendmsg(sock, msg, size);
948 + if (!error)
949 + error = ccs_socket_sendmsg_permission(sock, msg, size);
950 + return error;
951 }
953 int security_socket_recvmsg(struct socket *sock, struct msghdr *msg,