diff options
Diffstat (limited to 'recipes-kernel/linux/linux-yocto-4.1/ccs-patch-4.1.diff')
-rw-r--r-- | recipes-kernel/linux/linux-yocto-4.1/ccs-patch-4.1.diff | 968 |
1 files changed, 968 insertions, 0 deletions
diff --git a/recipes-kernel/linux/linux-yocto-4.1/ccs-patch-4.1.diff b/recipes-kernel/linux/linux-yocto-4.1/ccs-patch-4.1.diff new file mode 100644 index 0000000..9ad49fd --- /dev/null +++ b/recipes-kernel/linux/linux-yocto-4.1/ccs-patch-4.1.diff @@ -0,0 +1,968 @@ +This is TOMOYO Linux patch for kernel 4.1.8. + +Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.1.8.tar.xz +--- + fs/exec.c | 2 + fs/open.c | 2 + fs/proc/version.c | 7 ++ + include/linux/init_task.h | 9 +++ + include/linux/sched.h | 6 ++ + include/linux/security.h | 62 +++++++++++++++---------- + include/net/ip.h | 4 + + kernel/fork.c | 5 ++ + kernel/kexec.c | 3 + + kernel/module.c | 5 ++ + kernel/ptrace.c | 10 ++++ + kernel/reboot.c | 3 + + kernel/sched/core.c | 2 + kernel/signal.c | 10 ++++ + kernel/sys.c | 8 +++ + kernel/time/ntp.c | 8 +++ + net/ipv4/raw.c | 4 + + net/ipv4/udp.c | 4 + + net/ipv6/raw.c | 4 + + net/ipv6/udp.c | 4 + + net/socket.c | 4 + + net/unix/af_unix.c | 4 + + security/Kconfig | 2 + security/Makefile | 3 + + security/security.c | 110 ++++++++++++++++++++++++++++++++++++++++------ + 25 files changed, 248 insertions(+), 37 deletions(-) + +--- linux-4.1.8.orig/fs/exec.c ++++ linux-4.1.8/fs/exec.c +@@ -1461,7 +1461,7 @@ static int exec_binprm(struct linux_binp + old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent)); + rcu_read_unlock(); + +- ret = search_binary_handler(bprm); ++ ret = ccs_search_binary_handler(bprm); + if (ret >= 0) { + audit_bprm(bprm); + trace_sched_process_exec(current, old_pid, bprm); +--- linux-4.1.8.orig/fs/open.c ++++ linux-4.1.8/fs/open.c +@@ -1106,6 +1106,8 @@ EXPORT_SYMBOL(sys_close); + */ + SYSCALL_DEFINE0(vhangup) + { ++ if (!ccs_capable(CCS_SYS_VHANGUP)) ++ return -EPERM; + if (capable(CAP_SYS_TTY_CONFIG)) { + tty_vhangup_self(); + return 0; +--- linux-4.1.8.orig/fs/proc/version.c ++++ linux-4.1.8/fs/proc/version.c +@@ -32,3 +32,10 @@ static int __init proc_version_init(void + return 0; + } + fs_initcall(proc_version_init); ++ ++static int __init ccs_show_version(void) ++{ ++ printk(KERN_INFO "Hook version: 4.1.8 2015/09/26\n"); ++ return 0; ++} ++fs_initcall(ccs_show_version); +--- linux-4.1.8.orig/include/linux/init_task.h ++++ linux-4.1.8/include/linux/init_task.h +@@ -182,6 +182,14 @@ extern struct task_group root_task_group + # define INIT_KASAN(tsk) + #endif + ++#if defined(CONFIG_CCSECURITY) && !defined(CONFIG_CCSECURITY_USE_EXTERNAL_TASK_SECURITY) ++#define INIT_CCSECURITY \ ++ .ccs_domain_info = NULL, \ ++ .ccs_flags = 0, ++#else ++#define INIT_CCSECURITY ++#endif ++ + /* + * INIT_TASK is used to set up the first task table, touch at + * your own risk!. Base=0, limit=0x1fffff (=2MB) +@@ -258,6 +266,7 @@ extern struct task_group root_task_group + INIT_VTIME(tsk) \ + INIT_NUMA_BALANCING(tsk) \ + INIT_KASAN(tsk) \ ++ INIT_CCSECURITY \ + } + + +--- linux-4.1.8.orig/include/linux/sched.h ++++ linux-4.1.8/include/linux/sched.h +@@ -6,6 +6,8 @@ + #include <linux/sched/prio.h> + + ++struct ccs_domain_info; ++ + struct sched_param { + int sched_priority; + }; +@@ -1724,6 +1726,10 @@ struct task_struct { + #ifdef CONFIG_DEBUG_ATOMIC_SLEEP + unsigned long task_state_change; + #endif ++#if defined(CONFIG_CCSECURITY) && !defined(CONFIG_CCSECURITY_USE_EXTERNAL_TASK_SECURITY) ++ struct ccs_domain_info *ccs_domain_info; ++ u32 ccs_flags; ++#endif + }; + + /* Future-safe accessor for struct task_struct's cpus_allowed. */ +--- linux-4.1.8.orig/include/linux/security.h ++++ linux-4.1.8/include/linux/security.h +@@ -53,6 +53,7 @@ struct msg_queue; + struct xattr; + struct xfrm_sec_ctx; + struct mm_struct; ++#include <linux/ccsecurity.h> + + /* Maximum number of letters for an LSM name string */ + #define SECURITY_NAME_MAX 10 +@@ -2042,7 +2043,10 @@ static inline int security_syslog(int ty + static inline int security_settime(const struct timespec *ts, + const struct timezone *tz) + { +- return cap_settime(ts, tz); ++ int error = cap_settime(ts, tz); ++ if (!error) ++ error = ccs_settime(ts, tz); ++ return error; + } + + static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) +@@ -2111,18 +2115,18 @@ static inline int security_sb_mount(cons + const char *type, unsigned long flags, + void *data) + { +- return 0; ++ return ccs_sb_mount(dev_name, path, type, flags, data); + } + + static inline int security_sb_umount(struct vfsmount *mnt, int flags) + { +- return 0; ++ return ccs_sb_umount(mnt, flags); + } + + static inline int security_sb_pivotroot(struct path *old_path, + struct path *new_path) + { +- return 0; ++ return ccs_sb_pivotroot(old_path, new_path); + } + + static inline int security_sb_set_mnt_opts(struct super_block *sb, +@@ -2260,7 +2264,7 @@ static inline int security_inode_setattr + + static inline int security_inode_getattr(const struct path *path) + { +- return 0; ++ return ccs_inode_getattr(path); + } + + static inline int security_inode_setxattr(struct dentry *dentry, +@@ -2336,7 +2340,7 @@ static inline void security_file_free(st + static inline int security_file_ioctl(struct file *file, unsigned int cmd, + unsigned long arg) + { +- return 0; ++ return ccs_file_ioctl(file, cmd, arg); + } + + static inline int security_mmap_file(struct file *file, unsigned long prot, +@@ -2365,7 +2369,7 @@ static inline int security_file_lock(str + static inline int security_file_fcntl(struct file *file, unsigned int cmd, + unsigned long arg) + { +- return 0; ++ return ccs_file_fcntl(file, cmd, arg); + } + + static inline void security_file_set_fowner(struct file *file) +@@ -2388,7 +2392,7 @@ static inline int security_file_receive( + static inline int security_file_open(struct file *file, + const struct cred *cred) + { +- return 0; ++ return ccs_file_open(file, cred); + } + + static inline int security_task_create(unsigned long clone_flags) +@@ -2750,7 +2754,7 @@ static inline int security_unix_may_send + static inline int security_socket_create(int family, int type, + int protocol, int kern) + { +- return 0; ++ return ccs_socket_create(family, type, protocol, kern); + } + + static inline int security_socket_post_create(struct socket *sock, +@@ -2765,19 +2769,19 @@ static inline int security_socket_bind(s + struct sockaddr *address, + int addrlen) + { +- return 0; ++ return ccs_socket_bind(sock, address, addrlen); + } + + static inline int security_socket_connect(struct socket *sock, + struct sockaddr *address, + int addrlen) + { +- return 0; ++ return ccs_socket_connect(sock, address, addrlen); + } + + static inline int security_socket_listen(struct socket *sock, int backlog) + { +- return 0; ++ return ccs_socket_listen(sock, backlog); + } + + static inline int security_socket_accept(struct socket *sock, +@@ -2789,7 +2793,7 @@ static inline int security_socket_accept + static inline int security_socket_sendmsg(struct socket *sock, + struct msghdr *msg, int size) + { +- return 0; ++ return ccs_socket_sendmsg(sock, msg, size); + } + + static inline int security_socket_recvmsg(struct socket *sock, +@@ -3031,42 +3035,42 @@ int security_path_chroot(struct path *pa + #else /* CONFIG_SECURITY_PATH */ + static inline int security_path_unlink(struct path *dir, struct dentry *dentry) + { +- return 0; ++ return ccs_path_unlink(dir, dentry); + } + + static inline int security_path_mkdir(struct path *dir, struct dentry *dentry, + umode_t mode) + { +- return 0; ++ return ccs_path_mkdir(dir, dentry, mode); + } + + static inline int security_path_rmdir(struct path *dir, struct dentry *dentry) + { +- return 0; ++ return ccs_path_rmdir(dir, dentry); + } + + static inline int security_path_mknod(struct path *dir, struct dentry *dentry, + umode_t mode, unsigned int dev) + { +- return 0; ++ return ccs_path_mknod(dir, dentry, mode, dev); + } + + static inline int security_path_truncate(struct path *path) + { +- return 0; ++ return ccs_path_truncate(path); + } + + static inline int security_path_symlink(struct path *dir, struct dentry *dentry, + const char *old_name) + { +- return 0; ++ return ccs_path_symlink(dir, dentry, old_name); + } + + static inline int security_path_link(struct dentry *old_dentry, + struct path *new_dir, + struct dentry *new_dentry) + { +- return 0; ++ return ccs_path_link(old_dentry, new_dir, new_dentry); + } + + static inline int security_path_rename(struct path *old_dir, +@@ -3075,22 +3079,32 @@ static inline int security_path_rename(s + struct dentry *new_dentry, + unsigned int flags) + { +- return 0; ++ /* ++ * Not using RENAME_EXCHANGE here in order to avoid KABI breakage ++ * by doing "#include <uapi/linux/fs.h>" . ++ */ ++ if (flags & (1 << 1)) { ++ int err = ccs_path_rename(new_dir, new_dentry, old_dir, ++ old_dentry); ++ if (err) ++ return err; ++ } ++ return ccs_path_rename(old_dir, old_dentry, new_dir, new_dentry); + } + + static inline int security_path_chmod(struct path *path, umode_t mode) + { +- return 0; ++ return ccs_path_chmod(path, mode); + } + + static inline int security_path_chown(struct path *path, kuid_t uid, kgid_t gid) + { +- return 0; ++ return ccs_path_chown(path, uid, gid); + } + + static inline int security_path_chroot(struct path *path) + { +- return 0; ++ return ccs_path_chroot(path); + } + #endif /* CONFIG_SECURITY_PATH */ + +--- linux-4.1.8.orig/include/net/ip.h ++++ linux-4.1.8/include/net/ip.h +@@ -216,6 +216,8 @@ void inet_get_local_port_range(struct ne + #ifdef CONFIG_SYSCTL + static inline int inet_is_local_reserved_port(struct net *net, int port) + { ++ if (ccs_lport_reserved(port)) ++ return 1; + if (!net->ipv4.sysctl_local_reserved_ports) + return 0; + return test_bit(port, net->ipv4.sysctl_local_reserved_ports); +@@ -229,6 +231,8 @@ static inline bool sysctl_dev_name_is_al + #else + static inline int inet_is_local_reserved_port(struct net *net, int port) + { ++ if (ccs_lport_reserved(port)) ++ return 1; + return 0; + } + #endif +--- linux-4.1.8.orig/kernel/fork.c ++++ linux-4.1.8/kernel/fork.c +@@ -257,6 +257,7 @@ void __put_task_struct(struct task_struc + delayacct_tsk_free(tsk); + put_signal_struct(tsk->signal); + ++ ccs_free_task_security(tsk); + if (!profile_handoff_task(tsk)) + free_task(tsk); + } +@@ -1423,6 +1424,9 @@ static struct task_struct *copy_process( + goto bad_fork_cleanup_perf; + /* copy all the process information */ + shm_init_task(p); ++ retval = ccs_alloc_task_security(p); ++ if (retval) ++ goto bad_fork_cleanup_audit; + retval = copy_semundo(clone_flags, p); + if (retval) + goto bad_fork_cleanup_audit; +@@ -1627,6 +1631,7 @@ bad_fork_cleanup_semundo: + exit_sem(p); + bad_fork_cleanup_audit: + audit_free(p); ++ ccs_free_task_security(p); + bad_fork_cleanup_perf: + perf_event_free_task(p); + bad_fork_cleanup_policy: +--- linux-4.1.8.orig/kernel/kexec.c ++++ linux-4.1.8/kernel/kexec.c +@@ -41,6 +41,7 @@ + #include <asm/uaccess.h> + #include <asm/io.h> + #include <asm/sections.h> ++#include <linux/ccsecurity.h> + + #include <crypto/hash.h> + #include <crypto/sha.h> +@@ -1245,6 +1246,8 @@ SYSCALL_DEFINE4(kexec_load, unsigned lon + /* We only trust the superuser with rebooting the system. */ + if (!capable(CAP_SYS_BOOT) || kexec_load_disabled) + return -EPERM; ++ if (!ccs_capable(CCS_SYS_KEXEC_LOAD)) ++ return -EPERM; + + /* + * Verify we have a legal set of flags +--- linux-4.1.8.orig/kernel/module.c ++++ linux-4.1.8/kernel/module.c +@@ -61,6 +61,7 @@ + #include <linux/bsearch.h> + #include <uapi/linux/module.h> + #include "module-internal.h" ++#include <linux/ccsecurity.h> + + #define CREATE_TRACE_POINTS + #include <trace/events/module.h> +@@ -799,6 +800,8 @@ SYSCALL_DEFINE2(delete_module, const cha + + if (!capable(CAP_SYS_MODULE) || modules_disabled) + return -EPERM; ++ if (!ccs_capable(CCS_USE_KERNEL_MODULE)) ++ return -EPERM; + + if (strncpy_from_user(name, name_user, MODULE_NAME_LEN-1) < 0) + return -EFAULT; +@@ -3155,6 +3158,8 @@ static int may_init_module(void) + { + if (!capable(CAP_SYS_MODULE) || modules_disabled) + return -EPERM; ++ if (!ccs_capable(CCS_USE_KERNEL_MODULE)) ++ return -EPERM; + + return 0; + } +--- linux-4.1.8.orig/kernel/ptrace.c ++++ linux-4.1.8/kernel/ptrace.c +@@ -1034,6 +1034,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l + { + struct task_struct *child; + long ret; ++ { ++ const int rc = ccs_ptrace_permission(request, pid); ++ if (rc) ++ return rc; ++ } + + if (request == PTRACE_TRACEME) { + ret = ptrace_traceme(); +@@ -1180,6 +1185,11 @@ COMPAT_SYSCALL_DEFINE4(ptrace, compat_lo + { + struct task_struct *child; + long ret; ++ { ++ const int rc = ccs_ptrace_permission(request, pid); ++ if (rc) ++ return rc; ++ } + + if (request == PTRACE_TRACEME) { + ret = ptrace_traceme(); +--- linux-4.1.8.orig/kernel/reboot.c ++++ linux-4.1.8/kernel/reboot.c +@@ -16,6 +16,7 @@ + #include <linux/syscalls.h> + #include <linux/syscore_ops.h> + #include <linux/uaccess.h> ++#include <linux/ccsecurity.h> + + /* + * this indicates whether you can reboot with ctrl-alt-del: the default is yes +@@ -295,6 +296,8 @@ SYSCALL_DEFINE4(reboot, int, magic1, int + magic2 != LINUX_REBOOT_MAGIC2B && + magic2 != LINUX_REBOOT_MAGIC2C)) + return -EINVAL; ++ if (!ccs_capable(CCS_SYS_REBOOT)) ++ return -EPERM; + + /* + * If pid namespaces are enabled and the current task is in a child +--- linux-4.1.8.orig/kernel/sched/core.c ++++ linux-4.1.8/kernel/sched/core.c +@@ -3145,6 +3145,8 @@ int can_nice(const struct task_struct *p + SYSCALL_DEFINE1(nice, int, increment) + { + long nice, retval; ++ if (!ccs_capable(CCS_SYS_NICE)) ++ return -EPERM; + + /* + * Setpriority might change our priority at the same moment. +--- linux-4.1.8.orig/kernel/signal.c ++++ linux-4.1.8/kernel/signal.c +@@ -2901,6 +2901,8 @@ SYSCALL_DEFINE4(rt_sigtimedwait, const s + SYSCALL_DEFINE2(kill, pid_t, pid, int, sig) + { + struct siginfo info; ++ if (ccs_kill_permission(pid, sig)) ++ return -EPERM; + + info.si_signo = sig; + info.si_errno = 0; +@@ -2969,6 +2971,8 @@ SYSCALL_DEFINE3(tgkill, pid_t, tgid, pid + /* This is only valid for single tasks */ + if (pid <= 0 || tgid <= 0) + return -EINVAL; ++ if (ccs_tgkill_permission(tgid, pid, sig)) ++ return -EPERM; + + return do_tkill(tgid, pid, sig); + } +@@ -2985,6 +2989,8 @@ SYSCALL_DEFINE2(tkill, pid_t, pid, int, + /* This is only valid for single tasks */ + if (pid <= 0) + return -EINVAL; ++ if (ccs_tkill_permission(pid, sig)) ++ return -EPERM; + + return do_tkill(0, pid, sig); + } +@@ -2999,6 +3005,8 @@ static int do_rt_sigqueueinfo(pid_t pid, + return -EPERM; + + info->si_signo = sig; ++ if (ccs_sigqueue_permission(pid, sig)) ++ return -EPERM; + + /* POSIX.1b doesn't mention process groups. */ + return kill_proc_info(sig, info, pid); +@@ -3047,6 +3055,8 @@ static int do_rt_tgsigqueueinfo(pid_t tg + return -EPERM; + + info->si_signo = sig; ++ if (ccs_tgsigqueue_permission(tgid, pid, sig)) ++ return -EPERM; + + return do_send_specific(tgid, pid, sig, info); + } +--- linux-4.1.8.orig/kernel/sys.c ++++ linux-4.1.8/kernel/sys.c +@@ -183,6 +183,10 @@ SYSCALL_DEFINE3(setpriority, int, which, + + if (which > PRIO_USER || which < PRIO_PROCESS) + goto out; ++ if (!ccs_capable(CCS_SYS_NICE)) { ++ error = -EPERM; ++ goto out; ++ } + + /* normalize: avoid signed division (rounding problems) */ + error = -ESRCH; +@@ -1222,6 +1226,8 @@ SYSCALL_DEFINE2(sethostname, char __user + + if (len < 0 || len > __NEW_UTS_LEN) + return -EINVAL; ++ if (!ccs_capable(CCS_SYS_SETHOSTNAME)) ++ return -EPERM; + down_write(&uts_sem); + errno = -EFAULT; + if (!copy_from_user(tmp, name, len)) { +@@ -1272,6 +1278,8 @@ SYSCALL_DEFINE2(setdomainname, char __us + return -EPERM; + if (len < 0 || len > __NEW_UTS_LEN) + return -EINVAL; ++ if (!ccs_capable(CCS_SYS_SETHOSTNAME)) ++ return -EPERM; + + down_write(&uts_sem); + errno = -EFAULT; +--- linux-4.1.8.orig/kernel/time/ntp.c ++++ linux-4.1.8/kernel/time/ntp.c +@@ -16,6 +16,7 @@ + #include <linux/mm.h> + #include <linux/module.h> + #include <linux/rtc.h> ++#include <linux/ccsecurity.h> + + #include "ntp_internal.h" + +@@ -626,10 +627,15 @@ int ntp_validate_timex(struct timex *txc + if (!(txc->modes & ADJ_OFFSET_READONLY) && + !capable(CAP_SYS_TIME)) + return -EPERM; ++ if (!(txc->modes & ADJ_OFFSET_READONLY) && ++ !ccs_capable(CCS_SYS_SETTIME)) ++ return -EPERM; + } else { + /* In order to modify anything, you gotta be super-user! */ + if (txc->modes && !capable(CAP_SYS_TIME)) + return -EPERM; ++ if (txc->modes && !ccs_capable(CCS_SYS_SETTIME)) ++ return -EPERM; + /* + * if the quartz is off by more than 10% then + * something is VERY wrong! +@@ -642,6 +648,8 @@ int ntp_validate_timex(struct timex *txc + + if ((txc->modes & ADJ_SETOFFSET) && (!capable(CAP_SYS_TIME))) + return -EPERM; ++ if ((txc->modes & ADJ_SETOFFSET) && !ccs_capable(CCS_SYS_SETTIME)) ++ return -EPERM; + + /* + * Check for potential multiplication overflows that can +--- linux-4.1.8.orig/net/ipv4/raw.c ++++ linux-4.1.8/net/ipv4/raw.c +@@ -727,6 +727,10 @@ static int raw_recvmsg(struct sock *sk, + skb = skb_recv_datagram(sk, flags, noblock, &err); + if (!skb) + goto out; ++ if (ccs_socket_post_recvmsg_permission(sk, skb, flags)) { ++ err = -EAGAIN; /* Hope less harmful than -EPERM. */ ++ goto out; ++ } + + copied = skb->len; + if (len < copied) { +--- linux-4.1.8.orig/net/ipv4/udp.c ++++ linux-4.1.8/net/ipv4/udp.c +@@ -1272,6 +1272,10 @@ try_again: + &peeked, &off, &err); + if (!skb) + goto out; ++ if (ccs_socket_post_recvmsg_permission(sk, skb, flags)) { ++ err = -EAGAIN; /* Hope less harmful than -EPERM. */ ++ goto out; ++ } + + ulen = skb->len - sizeof(struct udphdr); + copied = len; +--- linux-4.1.8.orig/net/ipv6/raw.c ++++ linux-4.1.8/net/ipv6/raw.c +@@ -477,6 +477,10 @@ static int rawv6_recvmsg(struct sock *sk + skb = skb_recv_datagram(sk, flags, noblock, &err); + if (!skb) + goto out; ++ if (ccs_socket_post_recvmsg_permission(sk, skb, flags)) { ++ err = -EAGAIN; /* Hope less harmful than -EPERM. */ ++ goto out; ++ } + + copied = skb->len; + if (copied > len) { +--- linux-4.1.8.orig/net/ipv6/udp.c ++++ linux-4.1.8/net/ipv6/udp.c +@@ -413,6 +413,10 @@ try_again: + &peeked, &off, &err); + if (!skb) + goto out; ++ if (ccs_socket_post_recvmsg_permission(sk, skb, flags)) { ++ err = -EAGAIN; /* Hope less harmful than -EPERM. */ ++ goto out; ++ } + + ulen = skb->len - sizeof(struct udphdr); + copied = len; +--- linux-4.1.8.orig/net/socket.c ++++ linux-4.1.8/net/socket.c +@@ -1485,6 +1485,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct + if (err < 0) + goto out_fd; + ++ if (ccs_socket_post_accept_permission(sock, newsock)) { ++ err = -EAGAIN; /* Hope less harmful than -EPERM. */ ++ goto out_fd; ++ } + if (upeer_sockaddr) { + if (newsock->ops->getname(newsock, (struct sockaddr *)&address, + &len, 2) < 0) { +--- linux-4.1.8.orig/net/unix/af_unix.c ++++ linux-4.1.8/net/unix/af_unix.c +@@ -1800,6 +1800,10 @@ static int unix_dgram_recvmsg(struct soc + wake_up_interruptible_sync_poll(&u->peer_wait, + POLLOUT | POLLWRNORM | POLLWRBAND); + ++ if (ccs_socket_post_recvmsg_permission(sk, skb, flags)) { ++ err = -EAGAIN; /* Hope less harmful than -EPERM. */ ++ goto out_unlock; ++ } + if (msg->msg_name) + unix_copy_addr(msg, skb->sk); + +--- linux-4.1.8.orig/security/Kconfig ++++ linux-4.1.8/security/Kconfig +@@ -168,5 +168,7 @@ config DEFAULT_SECURITY + default "yama" if DEFAULT_SECURITY_YAMA + default "" if DEFAULT_SECURITY_DAC + ++source security/ccsecurity/Kconfig ++ + endmenu + +--- linux-4.1.8.orig/security/Makefile ++++ linux-4.1.8/security/Makefile +@@ -27,3 +27,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c + # Object integrity file lists + subdir-$(CONFIG_INTEGRITY) += integrity + obj-$(CONFIG_INTEGRITY) += integrity/ ++ ++subdir-$(CONFIG_CCSECURITY) += ccsecurity ++obj-$(CONFIG_CCSECURITY) += ccsecurity/ +--- linux-4.1.8.orig/security/security.c ++++ linux-4.1.8/security/security.c +@@ -226,7 +226,10 @@ int security_syslog(int type) + + int security_settime(const struct timespec *ts, const struct timezone *tz) + { +- return security_ops->settime(ts, tz); ++ int error = security_ops->settime(ts, tz); ++ if (!error) ++ error = ccs_settime(ts, tz); ++ return error; + } + + int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) +@@ -303,17 +306,26 @@ int security_sb_statfs(struct dentry *de + int security_sb_mount(const char *dev_name, struct path *path, + const char *type, unsigned long flags, void *data) + { +- return security_ops->sb_mount(dev_name, path, type, flags, data); ++ int error = security_ops->sb_mount(dev_name, path, type, flags, data); ++ if (!error) ++ error = ccs_sb_mount(dev_name, path, type, flags, data); ++ return error; + } + + int security_sb_umount(struct vfsmount *mnt, int flags) + { +- return security_ops->sb_umount(mnt, flags); ++ int error = security_ops->sb_umount(mnt, flags); ++ if (!error) ++ error = ccs_sb_umount(mnt, flags); ++ return error; + } + + int security_sb_pivotroot(struct path *old_path, struct path *new_path) + { +- return security_ops->sb_pivotroot(old_path, new_path); ++ int error = security_ops->sb_pivotroot(old_path, new_path); ++ if (!error) ++ error = ccs_sb_pivotroot(old_path, new_path); ++ return error; + } + + int security_sb_set_mnt_opts(struct super_block *sb, +@@ -410,31 +422,47 @@ EXPORT_SYMBOL(security_old_inode_init_se + int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode, + unsigned int dev) + { ++ int error; + if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) + return 0; ++ error = ccs_path_mknod(dir, dentry, mode, dev); ++ if (error) ++ return error; + return security_ops->path_mknod(dir, dentry, mode, dev); + } + EXPORT_SYMBOL(security_path_mknod); + + int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode) + { ++ int error; + if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) + return 0; ++ error = ccs_path_mkdir(dir, dentry, mode); ++ if (error) ++ return error; + return security_ops->path_mkdir(dir, dentry, mode); + } + EXPORT_SYMBOL(security_path_mkdir); + + int security_path_rmdir(struct path *dir, struct dentry *dentry) + { ++ int error; + if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) + return 0; ++ error = ccs_path_rmdir(dir, dentry); ++ if (error) ++ return error; + return security_ops->path_rmdir(dir, dentry); + } + + int security_path_unlink(struct path *dir, struct dentry *dentry) + { ++ int error; + if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) + return 0; ++ error = ccs_path_unlink(dir, dentry); ++ if (error) ++ return error; + return security_ops->path_unlink(dir, dentry); + } + EXPORT_SYMBOL(security_path_unlink); +@@ -442,16 +470,24 @@ EXPORT_SYMBOL(security_path_unlink); + int security_path_symlink(struct path *dir, struct dentry *dentry, + const char *old_name) + { ++ int error; + if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) + return 0; ++ error = ccs_path_symlink(dir, dentry, old_name); ++ if (error) ++ return error; + return security_ops->path_symlink(dir, dentry, old_name); + } + + int security_path_link(struct dentry *old_dentry, struct path *new_dir, + struct dentry *new_dentry) + { ++ int error; + if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)))) + return 0; ++ error = ccs_path_link(old_dentry, new_dir, new_dentry); ++ if (error) ++ return error; + return security_ops->path_link(old_dentry, new_dir, new_dentry); + } + +@@ -459,6 +495,7 @@ int security_path_rename(struct path *ol + struct path *new_dir, struct dentry *new_dentry, + unsigned int flags) + { ++ int error; + if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)) || + (d_is_positive(new_dentry) && IS_PRIVATE(d_backing_inode(new_dentry))))) + return 0; +@@ -468,8 +505,15 @@ int security_path_rename(struct path *ol + old_dir, old_dentry); + if (err) + return err; ++ err = ccs_path_rename(new_dir, new_dentry, old_dir, ++ old_dentry); ++ if (err) ++ return err; + } + ++ error = ccs_path_rename(old_dir, old_dentry, new_dir, new_dentry); ++ if (error) ++ return error; + return security_ops->path_rename(old_dir, old_dentry, new_dir, + new_dentry); + } +@@ -477,27 +521,42 @@ EXPORT_SYMBOL(security_path_rename); + + int security_path_truncate(struct path *path) + { ++ int error; + if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) + return 0; ++ error = ccs_path_truncate(path); ++ if (error) ++ return error; + return security_ops->path_truncate(path); + } + + int security_path_chmod(struct path *path, umode_t mode) + { ++ int error; + if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) + return 0; ++ error = ccs_path_chmod(path, mode); ++ if (error) ++ return error; + return security_ops->path_chmod(path, mode); + } + + int security_path_chown(struct path *path, kuid_t uid, kgid_t gid) + { ++ int error; + if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) + return 0; ++ error = ccs_path_chown(path, uid, gid); ++ if (error) ++ return error; + return security_ops->path_chown(path, uid, gid); + } + + int security_path_chroot(struct path *path) + { ++ int error = ccs_path_chroot(path); ++ if (error) ++ return error; + return security_ops->path_chroot(path); + } + #endif +@@ -610,9 +669,13 @@ EXPORT_SYMBOL_GPL(security_inode_setattr + + int security_inode_getattr(const struct path *path) + { ++ int error; + if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) + return 0; +- return security_ops->inode_getattr(path); ++ error = security_ops->inode_getattr(path); ++ if (!error) ++ error = ccs_inode_getattr(path); ++ return error; + } + + int security_inode_setxattr(struct dentry *dentry, const char *name, +@@ -729,7 +792,10 @@ void security_file_free(struct file *fil + + int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg) + { +- return security_ops->file_ioctl(file, cmd, arg); ++ int error = security_ops->file_ioctl(file, cmd, arg); ++ if (!error) ++ error = ccs_file_ioctl(file, cmd, arg); ++ return error; + } + + static inline unsigned long mmap_prot(struct file *file, unsigned long prot) +@@ -794,7 +860,10 @@ int security_file_lock(struct file *file + + int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg) + { +- return security_ops->file_fcntl(file, cmd, arg); ++ int error = security_ops->file_fcntl(file, cmd, arg); ++ if (!error) ++ error = ccs_file_fcntl(file, cmd, arg); ++ return error; + } + + void security_file_set_fowner(struct file *file) +@@ -818,6 +887,8 @@ int security_file_open(struct file *file + int ret; + + ret = security_ops->file_open(file, cred); ++ if (!ret) ++ ret = ccs_file_open(file, cred); + if (ret) + return ret; + +@@ -1168,7 +1239,10 @@ EXPORT_SYMBOL(security_unix_may_send); + + int security_socket_create(int family, int type, int protocol, int kern) + { +- return security_ops->socket_create(family, type, protocol, kern); ++ int error = security_ops->socket_create(family, type, protocol, kern); ++ if (!error) ++ error = ccs_socket_create(family, type, protocol, kern); ++ return error; + } + + int security_socket_post_create(struct socket *sock, int family, +@@ -1180,17 +1254,26 @@ int security_socket_post_create(struct s + + int security_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen) + { +- return security_ops->socket_bind(sock, address, addrlen); ++ int error = security_ops->socket_bind(sock, address, addrlen); ++ if (!error) ++ error = ccs_socket_bind(sock, address, addrlen); ++ return error; + } + + int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen) + { +- return security_ops->socket_connect(sock, address, addrlen); ++ int error = security_ops->socket_connect(sock, address, addrlen); ++ if (!error) ++ error = ccs_socket_connect(sock, address, addrlen); ++ return error; + } + + int security_socket_listen(struct socket *sock, int backlog) + { +- return security_ops->socket_listen(sock, backlog); ++ int error = security_ops->socket_listen(sock, backlog); ++ if (!error) ++ error = ccs_socket_listen(sock, backlog); ++ return error; + } + + int security_socket_accept(struct socket *sock, struct socket *newsock) +@@ -1200,7 +1283,10 @@ int security_socket_accept(struct socket + + int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size) + { +- return security_ops->socket_sendmsg(sock, msg, size); ++ int error = security_ops->socket_sendmsg(sock, msg, size); ++ if (!error) ++ error = ccs_socket_sendmsg(sock, msg, size); ++ return error; + } + + int security_socket_recvmsg(struct socket *sock, struct msghdr *msg, |