Develop and Download Open Source Software

CaitSith

Browse Subversion Repository

/[caitsith]/trunk/caitsith-patch/patches/ccs-patch-4.14.diff

Diff of /trunk/caitsith-patch/patches/ccs-patch-4.14.diff

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 386 by kumaneko, Sat Nov 11 13:41:19 2023 UTC revision 387 by kumaneko, Mon Dec 25 14:08:19 2023 UTC
# Line 1  Line 1 
1  This is TOMOYO Linux patch for kernel 4.14.329.  This is TOMOYO Linux patch for kernel 4.14.334.
2    
3  Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.329.tar.xz  Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.334.tar.xz
4  ---  ---
5   fs/exec.c                 |    2 -   fs/exec.c                 |    2 -
6   fs/open.c                 |    2 +   fs/open.c                 |    2 +
# Line 28  Source code for this patch is https://ww Line 28  Source code for this patch is https://ww
28   security/security.c       |    9 +++++-   security/security.c       |    9 +++++-
29   24 files changed, 153 insertions(+), 29 deletions(-)   24 files changed, 153 insertions(+), 29 deletions(-)
30    
31  --- linux-4.14.329.orig/fs/exec.c  --- linux-4.14.334.orig/fs/exec.c
32  +++ linux-4.14.329/fs/exec.c  +++ linux-4.14.334/fs/exec.c
33  @@ -1692,7 +1692,7 @@ static int exec_binprm(struct linux_binp  @@ -1692,7 +1692,7 @@ static int exec_binprm(struct linux_binp
34          old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent));          old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent));
35          rcu_read_unlock();          rcu_read_unlock();
# Line 39  Source code for this patch is https://ww Line 39  Source code for this patch is https://ww
39          if (ret >= 0) {          if (ret >= 0) {
40                  audit_bprm(bprm);                  audit_bprm(bprm);
41                  trace_sched_process_exec(current, old_pid, bprm);                  trace_sched_process_exec(current, old_pid, bprm);
42  --- linux-4.14.329.orig/fs/open.c  --- linux-4.14.334.orig/fs/open.c
43  +++ linux-4.14.329/fs/open.c  +++ linux-4.14.334/fs/open.c
44  @@ -1193,6 +1193,8 @@ EXPORT_SYMBOL(sys_close);  @@ -1193,6 +1193,8 @@ EXPORT_SYMBOL(sys_close);
45    */    */
46   SYSCALL_DEFINE0(vhangup)   SYSCALL_DEFINE0(vhangup)
# Line 50  Source code for this patch is https://ww Line 50  Source code for this patch is https://ww
50          if (capable(CAP_SYS_TTY_CONFIG)) {          if (capable(CAP_SYS_TTY_CONFIG)) {
51                  tty_vhangup_self();                  tty_vhangup_self();
52                  return 0;                  return 0;
53  --- linux-4.14.329.orig/fs/proc/version.c  --- linux-4.14.334.orig/fs/proc/version.c
54  +++ linux-4.14.329/fs/proc/version.c  +++ linux-4.14.334/fs/proc/version.c
55  @@ -33,3 +33,10 @@ static int __init proc_version_init(void  @@ -33,3 +33,10 @@ static int __init proc_version_init(void
56          return 0;          return 0;
57   }   }
# Line 59  Source code for this patch is https://ww Line 59  Source code for this patch is https://ww
59  +  +
60  +static int __init ccs_show_version(void)  +static int __init ccs_show_version(void)
61  +{  +{
62  +       printk(KERN_INFO "Hook version: 4.14.329 2023/11/11\n");  +       printk(KERN_INFO "Hook version: 4.14.334 2023/12/25\n");
63  +       return 0;  +       return 0;
64  +}  +}
65  +fs_initcall(ccs_show_version);  +fs_initcall(ccs_show_version);
66  --- linux-4.14.329.orig/include/linux/init_task.h  --- linux-4.14.334.orig/include/linux/init_task.h
67  +++ linux-4.14.329/include/linux/init_task.h  +++ linux-4.14.334/include/linux/init_task.h
68  @@ -219,6 +219,14 @@ extern struct cred init_cred;  @@ -219,6 +219,14 @@ extern struct cred init_cred;
69   #define INIT_TASK_SECURITY   #define INIT_TASK_SECURITY
70   #endif   #endif
# Line 88  Source code for this patch is https://ww Line 88  Source code for this patch is https://ww
88   }   }
89    
90    
91  --- linux-4.14.329.orig/include/linux/sched.h  --- linux-4.14.334.orig/include/linux/sched.h
92  +++ linux-4.14.329/include/linux/sched.h  +++ linux-4.14.334/include/linux/sched.h
93  @@ -33,6 +33,7 @@ struct audit_context;  @@ -33,6 +33,7 @@ struct audit_context;
94   struct backing_dev_info;   struct backing_dev_info;
95   struct bio_list;   struct bio_list;
# Line 109  Source code for this patch is https://ww Line 109  Source code for this patch is https://ww
109    
110          /*          /*
111           * New fields for task_struct should be added above here, so that           * New fields for task_struct should be added above here, so that
112  --- linux-4.14.329.orig/include/linux/security.h  --- linux-4.14.334.orig/include/linux/security.h
113  +++ linux-4.14.329/include/linux/security.h  +++ linux-4.14.334/include/linux/security.h
114  @@ -56,6 +56,7 @@ struct msg_queue;  @@ -56,6 +56,7 @@ struct msg_queue;
115   struct xattr;   struct xattr;
116   struct xfrm_sec_ctx;   struct xfrm_sec_ctx;
# Line 331  Source code for this patch is https://ww Line 331  Source code for this patch is https://ww
331   }   }
332   #endif /* CONFIG_SECURITY_PATH */   #endif /* CONFIG_SECURITY_PATH */
333    
334  --- linux-4.14.329.orig/include/net/ip.h  --- linux-4.14.334.orig/include/net/ip.h
335  +++ linux-4.14.329/include/net/ip.h  +++ linux-4.14.334/include/net/ip.h
336  @@ -266,6 +266,8 @@ void inet_get_local_port_range(struct ne  @@ -266,6 +266,8 @@ void inet_get_local_port_range(struct ne
337   #ifdef CONFIG_SYSCTL   #ifdef CONFIG_SYSCTL
338   static inline int inet_is_local_reserved_port(struct net *net, int port)   static inline int inet_is_local_reserved_port(struct net *net, int port)
# Line 351  Source code for this patch is https://ww Line 351  Source code for this patch is https://ww
351          return 0;          return 0;
352   }   }
353    
354  --- linux-4.14.329.orig/kernel/kexec.c  --- linux-4.14.334.orig/kernel/kexec.c
355  +++ linux-4.14.329/kernel/kexec.c  +++ linux-4.14.334/kernel/kexec.c
356  @@ -17,7 +17,7 @@  @@ -17,7 +17,7 @@
357   #include <linux/syscalls.h>   #include <linux/syscalls.h>
358   #include <linux/vmalloc.h>   #include <linux/vmalloc.h>
# Line 371  Source code for this patch is https://ww Line 371  Source code for this patch is https://ww
371    
372          /*          /*
373           * Verify we have a legal set of flags           * Verify we have a legal set of flags
374  --- linux-4.14.329.orig/kernel/module.c  --- linux-4.14.334.orig/kernel/module.c
375  +++ linux-4.14.329/kernel/module.c  +++ linux-4.14.334/kernel/module.c
376  @@ -66,6 +66,7 @@  @@ -66,6 +66,7 @@
377   #include <linux/audit.h>   #include <linux/audit.h>
378   #include <uapi/linux/module.h>   #include <uapi/linux/module.h>
# Line 399  Source code for this patch is https://ww Line 399  Source code for this patch is https://ww
399    
400          return 0;          return 0;
401   }   }
402  --- linux-4.14.329.orig/kernel/ptrace.c  --- linux-4.14.334.orig/kernel/ptrace.c
403  +++ linux-4.14.329/kernel/ptrace.c  +++ linux-4.14.334/kernel/ptrace.c
404  @@ -1185,6 +1185,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l  @@ -1185,6 +1185,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
405   {   {
406          struct task_struct *child;          struct task_struct *child;
# Line 425  Source code for this patch is https://ww Line 425  Source code for this patch is https://ww
425    
426          if (request == PTRACE_TRACEME) {          if (request == PTRACE_TRACEME) {
427                  ret = ptrace_traceme();                  ret = ptrace_traceme();
428  --- linux-4.14.329.orig/kernel/reboot.c  --- linux-4.14.334.orig/kernel/reboot.c
429  +++ linux-4.14.329/kernel/reboot.c  +++ linux-4.14.334/kernel/reboot.c
430  @@ -16,6 +16,7 @@  @@ -16,6 +16,7 @@
431   #include <linux/syscalls.h>   #include <linux/syscalls.h>
432   #include <linux/syscore_ops.h>   #include <linux/syscore_ops.h>
# Line 444  Source code for this patch is https://ww Line 444  Source code for this patch is https://ww
444    
445          /*          /*
446           * If pid namespaces are enabled and the current task is in a child           * If pid namespaces are enabled and the current task is in a child
447  --- linux-4.14.329.orig/kernel/sched/core.c  --- linux-4.14.334.orig/kernel/sched/core.c
448  +++ linux-4.14.329/kernel/sched/core.c  +++ linux-4.14.334/kernel/sched/core.c
449  @@ -3861,6 +3861,8 @@ int can_nice(const struct task_struct *p  @@ -3861,6 +3861,8 @@ int can_nice(const struct task_struct *p
450   SYSCALL_DEFINE1(nice, int, increment)   SYSCALL_DEFINE1(nice, int, increment)
451   {   {
# Line 455  Source code for this patch is https://ww Line 455  Source code for this patch is https://ww
455    
456          /*          /*
457           * Setpriority might change our priority at the same moment.           * Setpriority might change our priority at the same moment.
458  --- linux-4.14.329.orig/kernel/signal.c  --- linux-4.14.334.orig/kernel/signal.c
459  +++ linux-4.14.329/kernel/signal.c  +++ linux-4.14.334/kernel/signal.c
460  @@ -3031,6 +3031,8 @@ COMPAT_SYSCALL_DEFINE4(rt_sigtimedwait,  @@ -3031,6 +3031,8 @@ COMPAT_SYSCALL_DEFINE4(rt_sigtimedwait,
461   SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)   SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
462   {   {
# Line 502  Source code for this patch is https://ww Line 502  Source code for this patch is https://ww
502    
503          return do_send_specific(tgid, pid, sig, info);          return do_send_specific(tgid, pid, sig, info);
504   }   }
505  --- linux-4.14.329.orig/kernel/sys.c  --- linux-4.14.334.orig/kernel/sys.c
506  +++ linux-4.14.329/kernel/sys.c  +++ linux-4.14.334/kernel/sys.c
507  @@ -193,6 +193,10 @@ SYSCALL_DEFINE3(setpriority, int, which,  @@ -193,6 +193,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
508    
509          if (which > PRIO_USER || which < PRIO_PROCESS)          if (which > PRIO_USER || which < PRIO_PROCESS)
# Line 533  Source code for this patch is https://ww Line 533  Source code for this patch is https://ww
533    
534          errno = -EFAULT;          errno = -EFAULT;
535          if (!copy_from_user(tmp, name, len)) {          if (!copy_from_user(tmp, name, len)) {
536  --- linux-4.14.329.orig/kernel/time/ntp.c  --- linux-4.14.334.orig/kernel/time/ntp.c
537  +++ linux-4.14.329/kernel/time/ntp.c  +++ linux-4.14.334/kernel/time/ntp.c
538  @@ -18,6 +18,7 @@  @@ -18,6 +18,7 @@
539   #include <linux/module.h>   #include <linux/module.h>
540   #include <linux/rtc.h>   #include <linux/rtc.h>
# Line 568  Source code for this patch is https://ww Line 568  Source code for this patch is https://ww
568    
569                  if (txc->modes & ADJ_NANO) {                  if (txc->modes & ADJ_NANO) {
570                          struct timespec ts;                          struct timespec ts;
571  --- linux-4.14.329.orig/net/ipv4/raw.c  --- linux-4.14.334.orig/net/ipv4/raw.c
572  +++ linux-4.14.329/net/ipv4/raw.c  +++ linux-4.14.334/net/ipv4/raw.c
573  @@ -771,6 +771,10 @@ static int raw_recvmsg(struct sock *sk,  @@ -771,6 +771,10 @@ static int raw_recvmsg(struct sock *sk,
574          skb = skb_recv_datagram(sk, flags, noblock, &err);          skb = skb_recv_datagram(sk, flags, noblock, &err);
575          if (!skb)          if (!skb)
# Line 581  Source code for this patch is https://ww Line 581  Source code for this patch is https://ww
581    
582          copied = skb->len;          copied = skb->len;
583          if (len < copied) {          if (len < copied) {
584  --- linux-4.14.329.orig/net/ipv4/udp.c  --- linux-4.14.334.orig/net/ipv4/udp.c
585  +++ linux-4.14.329/net/ipv4/udp.c  +++ linux-4.14.334/net/ipv4/udp.c
586  @@ -1611,6 +1611,8 @@ try_again:  @@ -1611,6 +1611,8 @@ try_again:
587          skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err);          skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err);
588          if (!skb)          if (!skb)
# Line 592  Source code for this patch is https://ww Line 592  Source code for this patch is https://ww
592    
593          ulen = udp_skb_len(skb);          ulen = udp_skb_len(skb);
594          copied = len;          copied = len;
595  --- linux-4.14.329.orig/net/ipv6/raw.c  --- linux-4.14.334.orig/net/ipv6/raw.c
596  +++ linux-4.14.329/net/ipv6/raw.c  +++ linux-4.14.334/net/ipv6/raw.c
597  @@ -485,6 +485,10 @@ static int rawv6_recvmsg(struct sock *sk  @@ -485,6 +485,10 @@ static int rawv6_recvmsg(struct sock *sk
598          skb = skb_recv_datagram(sk, flags, noblock, &err);          skb = skb_recv_datagram(sk, flags, noblock, &err);
599          if (!skb)          if (!skb)
# Line 605  Source code for this patch is https://ww Line 605  Source code for this patch is https://ww
605    
606          copied = skb->len;          copied = skb->len;
607          if (copied > len) {          if (copied > len) {
608  --- linux-4.14.329.orig/net/ipv6/udp.c  --- linux-4.14.334.orig/net/ipv6/udp.c
609  +++ linux-4.14.329/net/ipv6/udp.c  +++ linux-4.14.334/net/ipv6/udp.c
610  @@ -384,6 +384,8 @@ try_again:  @@ -384,6 +384,8 @@ try_again:
611          skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err);          skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err);
612          if (!skb)          if (!skb)
# Line 616  Source code for this patch is https://ww Line 616  Source code for this patch is https://ww
616    
617          ulen = udp6_skb_len(skb);          ulen = udp6_skb_len(skb);
618          copied = len;          copied = len;
619  --- linux-4.14.329.orig/net/socket.c  --- linux-4.14.334.orig/net/socket.c
620  +++ linux-4.14.329/net/socket.c  +++ linux-4.14.334/net/socket.c
621  @@ -1588,6 +1588,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct  @@ -1588,6 +1588,10 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
622          if (err < 0)          if (err < 0)
623                  goto out_fd;                  goto out_fd;
# Line 629  Source code for this patch is https://ww Line 629  Source code for this patch is https://ww
629          if (upeer_sockaddr) {          if (upeer_sockaddr) {
630                  if (newsock->ops->getname(newsock, (struct sockaddr *)&address,                  if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
631                                            &len, 2) < 0) {                                            &len, 2) < 0) {
632  --- linux-4.14.329.orig/net/unix/af_unix.c  --- linux-4.14.334.orig/net/unix/af_unix.c
633  +++ linux-4.14.329/net/unix/af_unix.c  +++ linux-4.14.334/net/unix/af_unix.c
634  @@ -2172,6 +2172,10 @@ static int unix_dgram_recvmsg(struct soc  @@ -2172,6 +2172,10 @@ static int unix_dgram_recvmsg(struct soc
635                                                  POLLOUT | POLLWRNORM |                                                  POLLOUT | POLLWRNORM |
636                                                  POLLWRBAND);                                                  POLLWRBAND);
# Line 650  Source code for this patch is https://ww Line 650  Source code for this patch is https://ww
650          mutex_unlock(&u->iolock);          mutex_unlock(&u->iolock);
651   out:   out:
652          return err;          return err;
653  --- linux-4.14.329.orig/security/Kconfig  --- linux-4.14.334.orig/security/Kconfig
654  +++ linux-4.14.329/security/Kconfig  +++ linux-4.14.334/security/Kconfig
655  @@ -263,5 +263,7 @@ config DEFAULT_SECURITY  @@ -263,5 +263,7 @@ config DEFAULT_SECURITY
656          default "apparmor" if DEFAULT_SECURITY_APPARMOR          default "apparmor" if DEFAULT_SECURITY_APPARMOR
657          default "" if DEFAULT_SECURITY_DAC          default "" if DEFAULT_SECURITY_DAC
# Line 660  Source code for this patch is https://ww Line 660  Source code for this patch is https://ww
660  +  +
661   endmenu   endmenu
662    
663  --- linux-4.14.329.orig/security/Makefile  --- linux-4.14.334.orig/security/Makefile
664  +++ linux-4.14.329/security/Makefile  +++ linux-4.14.334/security/Makefile
665  @@ -30,3 +30,6 @@ obj-$(CONFIG_CGROUP_DEVICE)           += device_c  @@ -30,3 +30,6 @@ obj-$(CONFIG_CGROUP_DEVICE)           += device_c
666   # Object integrity file lists   # Object integrity file lists
667   subdir-$(CONFIG_INTEGRITY)             += integrity   subdir-$(CONFIG_INTEGRITY)             += integrity
# Line 669  Source code for this patch is https://ww Line 669  Source code for this patch is https://ww
669  +  +
670  +subdir-$(CONFIG_CCSECURITY)            += ccsecurity  +subdir-$(CONFIG_CCSECURITY)            += ccsecurity
671  +obj-$(CONFIG_CCSECURITY)               += ccsecurity/  +obj-$(CONFIG_CCSECURITY)               += ccsecurity/
672  --- linux-4.14.329.orig/security/security.c  --- linux-4.14.334.orig/security/security.c
673  +++ linux-4.14.329/security/security.c  +++ linux-4.14.334/security/security.c
674  @@ -979,12 +979,19 @@ int security_file_open(struct file *file  @@ -979,12 +979,19 @@ int security_file_open(struct file *file
675    
676   int security_task_alloc(struct task_struct *task, unsigned long clone_flags)   int security_task_alloc(struct task_struct *task, unsigned long clone_flags)
Legend:
Removed from v.386  
changed lines
  Added in v.387
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help