Develop and Download Open Source Software

CaitSith

Browse Subversion Repository

/[caitsith]/trunk/caitsith-patch/patches/ccs-patch-4.19.diff

Diff of /trunk/caitsith-patch/patches/ccs-patch-4.19.diff

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 351 by kumaneko, Mon Jul 12 13:07:48 2021 UTC revision 352 by kumaneko, Mon Jul 26 14:34:53 2021 UTC
# Line 1  Line 1 
1  This is TOMOYO Linux patch for kernel 4.19.197.  This is TOMOYO Linux patch for kernel 4.19.198.
2    
3  Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.19.197.tar.xz  Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.19.198.tar.xz
4  ---  ---
5   fs/exec.c                 |    2 -   fs/exec.c                 |    2 -
6   fs/open.c                 |    2 +   fs/open.c                 |    2 +
# Line 28  Source code for this patch is https://ww Line 28  Source code for this patch is https://ww
28   security/security.c       |    9 +++++-   security/security.c       |    9 +++++-
29   24 files changed, 148 insertions(+), 29 deletions(-)   24 files changed, 148 insertions(+), 29 deletions(-)
30    
31  --- linux-4.19.197.orig/fs/exec.c  --- linux-4.19.198.orig/fs/exec.c
32  +++ linux-4.19.197/fs/exec.c  +++ linux-4.19.198/fs/exec.c
33  @@ -1707,7 +1707,7 @@ static int exec_binprm(struct linux_binp  @@ -1707,7 +1707,7 @@ static int exec_binprm(struct linux_binp
34          old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent));          old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent));
35          rcu_read_unlock();          rcu_read_unlock();
# Line 39  Source code for this patch is https://ww Line 39  Source code for this patch is https://ww
39          if (ret >= 0) {          if (ret >= 0) {
40                  audit_bprm(bprm);                  audit_bprm(bprm);
41                  trace_sched_process_exec(current, old_pid, bprm);                  trace_sched_process_exec(current, old_pid, bprm);
42  --- linux-4.19.197.orig/fs/open.c  --- linux-4.19.198.orig/fs/open.c
43  +++ linux-4.19.197/fs/open.c  +++ linux-4.19.198/fs/open.c
44  @@ -1196,6 +1196,8 @@ SYSCALL_DEFINE1(close, unsigned int, fd)  @@ -1196,6 +1196,8 @@ SYSCALL_DEFINE1(close, unsigned int, fd)
45    */    */
46   SYSCALL_DEFINE0(vhangup)   SYSCALL_DEFINE0(vhangup)
# Line 50  Source code for this patch is https://ww Line 50  Source code for this patch is https://ww
50          if (capable(CAP_SYS_TTY_CONFIG)) {          if (capable(CAP_SYS_TTY_CONFIG)) {
51                  tty_vhangup_self();                  tty_vhangup_self();
52                  return 0;                  return 0;
53  --- linux-4.19.197.orig/fs/proc/version.c  --- linux-4.19.198.orig/fs/proc/version.c
54  +++ linux-4.19.197/fs/proc/version.c  +++ linux-4.19.198/fs/proc/version.c
55  @@ -21,3 +21,10 @@ static int __init proc_version_init(void  @@ -21,3 +21,10 @@ static int __init proc_version_init(void
56          return 0;          return 0;
57   }   }
# Line 59  Source code for this patch is https://ww Line 59  Source code for this patch is https://ww
59  +  +
60  +static int __init ccs_show_version(void)  +static int __init ccs_show_version(void)
61  +{  +{
62  +       printk(KERN_INFO "Hook version: 4.19.197 2021/07/12\n");  +       printk(KERN_INFO "Hook version: 4.19.198 2021/07/26\n");
63  +       return 0;  +       return 0;
64  +}  +}
65  +fs_initcall(ccs_show_version);  +fs_initcall(ccs_show_version);
66  --- linux-4.19.197.orig/include/linux/sched.h  --- linux-4.19.198.orig/include/linux/sched.h
67  +++ linux-4.19.197/include/linux/sched.h  +++ linux-4.19.198/include/linux/sched.h
68  @@ -34,6 +34,7 @@ struct audit_context;  @@ -34,6 +34,7 @@ struct audit_context;
69   struct backing_dev_info;   struct backing_dev_info;
70   struct bio_list;   struct bio_list;
# Line 84  Source code for this patch is https://ww Line 84  Source code for this patch is https://ww
84    
85          /*          /*
86           * New fields for task_struct should be added above here, so that           * New fields for task_struct should be added above here, so that
87  --- linux-4.19.197.orig/include/linux/security.h  --- linux-4.19.198.orig/include/linux/security.h
88  +++ linux-4.19.197/include/linux/security.h  +++ linux-4.19.198/include/linux/security.h
89  @@ -53,6 +53,7 @@ struct msg_msg;  @@ -53,6 +53,7 @@ struct msg_msg;
90   struct xattr;   struct xattr;
91   struct xfrm_sec_ctx;   struct xfrm_sec_ctx;
# Line 306  Source code for this patch is https://ww Line 306  Source code for this patch is https://ww
306   }   }
307   #endif /* CONFIG_SECURITY_PATH */   #endif /* CONFIG_SECURITY_PATH */
308    
309  --- linux-4.19.197.orig/include/net/ip.h  --- linux-4.19.198.orig/include/net/ip.h
310  +++ linux-4.19.197/include/net/ip.h  +++ linux-4.19.198/include/net/ip.h
311  @@ -301,6 +301,8 @@ void inet_get_local_port_range(struct ne  @@ -302,6 +302,8 @@ void inet_get_local_port_range(struct ne
312   #ifdef CONFIG_SYSCTL   #ifdef CONFIG_SYSCTL
313   static inline int inet_is_local_reserved_port(struct net *net, int port)   static inline int inet_is_local_reserved_port(struct net *net, int port)
314   {   {
# Line 317  Source code for this patch is https://ww Line 317  Source code for this patch is https://ww
317          if (!net->ipv4.sysctl_local_reserved_ports)          if (!net->ipv4.sysctl_local_reserved_ports)
318                  return 0;                  return 0;
319          return test_bit(port, net->ipv4.sysctl_local_reserved_ports);          return test_bit(port, net->ipv4.sysctl_local_reserved_ports);
320  @@ -319,6 +321,8 @@ static inline int inet_prot_sock(struct  @@ -320,6 +322,8 @@ static inline int inet_prot_sock(struct
321   #else   #else
322   static inline int inet_is_local_reserved_port(struct net *net, int port)   static inline int inet_is_local_reserved_port(struct net *net, int port)
323   {   {
# Line 326  Source code for this patch is https://ww Line 326  Source code for this patch is https://ww
326          return 0;          return 0;
327   }   }
328    
329  --- linux-4.19.197.orig/init/init_task.c  --- linux-4.19.198.orig/init/init_task.c
330  +++ linux-4.19.197/init/init_task.c  +++ linux-4.19.198/init/init_task.c
331  @@ -180,6 +180,10 @@ struct task_struct init_task  @@ -180,6 +180,10 @@ struct task_struct init_task
332   #ifdef CONFIG_SECURITY   #ifdef CONFIG_SECURITY
333          .security       = NULL,          .security       = NULL,
# Line 339  Source code for this patch is https://ww Line 339  Source code for this patch is https://ww
339   };   };
340   EXPORT_SYMBOL(init_task);   EXPORT_SYMBOL(init_task);
341    
342  --- linux-4.19.197.orig/kernel/kexec.c  --- linux-4.19.198.orig/kernel/kexec.c
343  +++ linux-4.19.197/kernel/kexec.c  +++ linux-4.19.198/kernel/kexec.c
344  @@ -18,7 +18,7 @@  @@ -18,7 +18,7 @@
345   #include <linux/syscalls.h>   #include <linux/syscalls.h>
346   #include <linux/vmalloc.h>   #include <linux/vmalloc.h>
# Line 359  Source code for this patch is https://ww Line 359  Source code for this patch is https://ww
359    
360          /* Permit LSMs and IMA to fail the kexec */          /* Permit LSMs and IMA to fail the kexec */
361          result = security_kernel_load_data(LOADING_KEXEC_IMAGE);          result = security_kernel_load_data(LOADING_KEXEC_IMAGE);
362  --- linux-4.19.197.orig/kernel/module.c  --- linux-4.19.198.orig/kernel/module.c
363  +++ linux-4.19.197/kernel/module.c  +++ linux-4.19.198/kernel/module.c
364  @@ -66,6 +66,7 @@  @@ -66,6 +66,7 @@
365   #include <linux/audit.h>   #include <linux/audit.h>
366   #include <uapi/linux/module.h>   #include <uapi/linux/module.h>
# Line 387  Source code for this patch is https://ww Line 387  Source code for this patch is https://ww
387    
388          return 0;          return 0;
389   }   }
390  --- linux-4.19.197.orig/kernel/ptrace.c  --- linux-4.19.198.orig/kernel/ptrace.c
391  +++ linux-4.19.197/kernel/ptrace.c  +++ linux-4.19.198/kernel/ptrace.c
392  @@ -1152,6 +1152,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l  @@ -1152,6 +1152,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
393   {   {
394          struct task_struct *child;          struct task_struct *child;
# Line 413  Source code for this patch is https://ww Line 413  Source code for this patch is https://ww
413    
414          if (request == PTRACE_TRACEME) {          if (request == PTRACE_TRACEME) {
415                  ret = ptrace_traceme();                  ret = ptrace_traceme();
416  --- linux-4.19.197.orig/kernel/reboot.c  --- linux-4.19.198.orig/kernel/reboot.c
417  +++ linux-4.19.197/kernel/reboot.c  +++ linux-4.19.198/kernel/reboot.c
418  @@ -16,6 +16,7 @@  @@ -16,6 +16,7 @@
419   #include <linux/syscalls.h>   #include <linux/syscalls.h>
420   #include <linux/syscore_ops.h>   #include <linux/syscore_ops.h>
# Line 432  Source code for this patch is https://ww Line 432  Source code for this patch is https://ww
432    
433          /*          /*
434           * If pid namespaces are enabled and the current task is in a child           * If pid namespaces are enabled and the current task is in a child
435  --- linux-4.19.197.orig/kernel/sched/core.c  --- linux-4.19.198.orig/kernel/sched/core.c
436  +++ linux-4.19.197/kernel/sched/core.c  +++ linux-4.19.198/kernel/sched/core.c
437  @@ -3989,6 +3989,8 @@ int can_nice(const struct task_struct *p  @@ -3989,6 +3989,8 @@ int can_nice(const struct task_struct *p
438   SYSCALL_DEFINE1(nice, int, increment)   SYSCALL_DEFINE1(nice, int, increment)
439   {   {
# Line 443  Source code for this patch is https://ww Line 443  Source code for this patch is https://ww
443    
444          /*          /*
445           * Setpriority might change our priority at the same moment.           * Setpriority might change our priority at the same moment.
446  --- linux-4.19.197.orig/kernel/signal.c  --- linux-4.19.198.orig/kernel/signal.c
447  +++ linux-4.19.197/kernel/signal.c  +++ linux-4.19.198/kernel/signal.c
448  @@ -3286,6 +3286,8 @@ COMPAT_SYSCALL_DEFINE4(rt_sigtimedwait,  @@ -3286,6 +3286,8 @@ COMPAT_SYSCALL_DEFINE4(rt_sigtimedwait,
449   SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)   SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
450   {   {
# Line 490  Source code for this patch is https://ww Line 490  Source code for this patch is https://ww
490    
491          return do_send_specific(tgid, pid, sig, info);          return do_send_specific(tgid, pid, sig, info);
492   }   }
493  --- linux-4.19.197.orig/kernel/sys.c  --- linux-4.19.198.orig/kernel/sys.c
494  +++ linux-4.19.197/kernel/sys.c  +++ linux-4.19.198/kernel/sys.c
495  @@ -201,6 +201,10 @@ SYSCALL_DEFINE3(setpriority, int, which,  @@ -201,6 +201,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
496    
497          if (which > PRIO_USER || which < PRIO_PROCESS)          if (which > PRIO_USER || which < PRIO_PROCESS)
# Line 521  Source code for this patch is https://ww Line 521  Source code for this patch is https://ww
521    
522          errno = -EFAULT;          errno = -EFAULT;
523          if (!copy_from_user(tmp, name, len)) {          if (!copy_from_user(tmp, name, len)) {
524  --- linux-4.19.197.orig/kernel/time/timekeeping.c  --- linux-4.19.198.orig/kernel/time/timekeeping.c
525  +++ linux-4.19.197/kernel/time/timekeeping.c  +++ linux-4.19.198/kernel/time/timekeeping.c
526  @@ -26,6 +26,7 @@  @@ -26,6 +26,7 @@
527   #include <linux/stop_machine.h>   #include <linux/stop_machine.h>
528   #include <linux/pvclock_gtod.h>   #include <linux/pvclock_gtod.h>
# Line 556  Source code for this patch is https://ww Line 556  Source code for this patch is https://ww
556    
557                  /*                  /*
558                   * Validate if a timespec/timeval used to inject a time                   * Validate if a timespec/timeval used to inject a time
559  --- linux-4.19.197.orig/net/ipv4/raw.c  --- linux-4.19.198.orig/net/ipv4/raw.c
560  +++ linux-4.19.197/net/ipv4/raw.c  +++ linux-4.19.198/net/ipv4/raw.c
561  @@ -772,6 +772,10 @@ static int raw_recvmsg(struct sock *sk,  @@ -772,6 +772,10 @@ static int raw_recvmsg(struct sock *sk,
562          skb = skb_recv_datagram(sk, flags, noblock, &err);          skb = skb_recv_datagram(sk, flags, noblock, &err);
563          if (!skb)          if (!skb)
# Line 569  Source code for this patch is https://ww Line 569  Source code for this patch is https://ww
569    
570          copied = skb->len;          copied = skb->len;
571          if (len < copied) {          if (len < copied) {
572  --- linux-4.19.197.orig/net/ipv4/udp.c  --- linux-4.19.198.orig/net/ipv4/udp.c
573  +++ linux-4.19.197/net/ipv4/udp.c  +++ linux-4.19.198/net/ipv4/udp.c
574  @@ -1686,6 +1686,8 @@ try_again:  @@ -1686,6 +1686,8 @@ try_again:
575          skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err);          skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err);
576          if (!skb)          if (!skb)
# Line 580  Source code for this patch is https://ww Line 580  Source code for this patch is https://ww
580    
581          ulen = udp_skb_len(skb);          ulen = udp_skb_len(skb);
582          copied = len;          copied = len;
583  --- linux-4.19.197.orig/net/ipv6/raw.c  --- linux-4.19.198.orig/net/ipv6/raw.c
584  +++ linux-4.19.197/net/ipv6/raw.c  +++ linux-4.19.198/net/ipv6/raw.c
585  @@ -485,6 +485,10 @@ static int rawv6_recvmsg(struct sock *sk  @@ -485,6 +485,10 @@ static int rawv6_recvmsg(struct sock *sk
586          skb = skb_recv_datagram(sk, flags, noblock, &err);          skb = skb_recv_datagram(sk, flags, noblock, &err);
587          if (!skb)          if (!skb)
# Line 593  Source code for this patch is https://ww Line 593  Source code for this patch is https://ww
593    
594          copied = skb->len;          copied = skb->len;
595          if (copied > len) {          if (copied > len) {
596  --- linux-4.19.197.orig/net/ipv6/udp.c  --- linux-4.19.198.orig/net/ipv6/udp.c
597  +++ linux-4.19.197/net/ipv6/udp.c  +++ linux-4.19.198/net/ipv6/udp.c
598  @@ -347,6 +347,8 @@ try_again:  @@ -347,6 +347,8 @@ try_again:
599          skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err);          skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err);
600          if (!skb)          if (!skb)
# Line 604  Source code for this patch is https://ww Line 604  Source code for this patch is https://ww
604    
605          ulen = udp6_skb_len(skb);          ulen = udp6_skb_len(skb);
606          copied = len;          copied = len;
607  --- linux-4.19.197.orig/net/socket.c  --- linux-4.19.198.orig/net/socket.c
608  +++ linux-4.19.197/net/socket.c  +++ linux-4.19.198/net/socket.c
609  @@ -1700,6 +1700,10 @@ int __sys_accept4(int fd, struct sockadd  @@ -1700,6 +1700,10 @@ int __sys_accept4(int fd, struct sockadd
610          if (err < 0)          if (err < 0)
611                  goto out_fd;                  goto out_fd;
# Line 617  Source code for this patch is https://ww Line 617  Source code for this patch is https://ww
617          if (upeer_sockaddr) {          if (upeer_sockaddr) {
618                  len = newsock->ops->getname(newsock,                  len = newsock->ops->getname(newsock,
619                                          (struct sockaddr *)&address, 2);                                          (struct sockaddr *)&address, 2);
620  --- linux-4.19.197.orig/net/unix/af_unix.c  --- linux-4.19.198.orig/net/unix/af_unix.c
621  +++ linux-4.19.197/net/unix/af_unix.c  +++ linux-4.19.198/net/unix/af_unix.c
622  @@ -2159,6 +2159,10 @@ static int unix_dgram_recvmsg(struct soc  @@ -2159,6 +2159,10 @@ static int unix_dgram_recvmsg(struct soc
623                                                  EPOLLOUT | EPOLLWRNORM |                                                  EPOLLOUT | EPOLLWRNORM |
624                                                  EPOLLWRBAND);                                                  EPOLLWRBAND);
# Line 638  Source code for this patch is https://ww Line 638  Source code for this patch is https://ww
638          mutex_unlock(&u->iolock);          mutex_unlock(&u->iolock);
639   out:   out:
640          return err;          return err;
641  --- linux-4.19.197.orig/security/Kconfig  --- linux-4.19.198.orig/security/Kconfig
642  +++ linux-4.19.197/security/Kconfig  +++ linux-4.19.198/security/Kconfig
643  @@ -276,5 +276,7 @@ config DEFAULT_SECURITY  @@ -276,5 +276,7 @@ config DEFAULT_SECURITY
644          default "apparmor" if DEFAULT_SECURITY_APPARMOR          default "apparmor" if DEFAULT_SECURITY_APPARMOR
645          default "" if DEFAULT_SECURITY_DAC          default "" if DEFAULT_SECURITY_DAC
# Line 648  Source code for this patch is https://ww Line 648  Source code for this patch is https://ww
648  +  +
649   endmenu   endmenu
650    
651  --- linux-4.19.197.orig/security/Makefile  --- linux-4.19.198.orig/security/Makefile
652  +++ linux-4.19.197/security/Makefile  +++ linux-4.19.198/security/Makefile
653  @@ -30,3 +30,6 @@ obj-$(CONFIG_CGROUP_DEVICE)           += device_c  @@ -30,3 +30,6 @@ obj-$(CONFIG_CGROUP_DEVICE)           += device_c
654   # Object integrity file lists   # Object integrity file lists
655   subdir-$(CONFIG_INTEGRITY)             += integrity   subdir-$(CONFIG_INTEGRITY)             += integrity
# Line 657  Source code for this patch is https://ww Line 657  Source code for this patch is https://ww
657  +  +
658  +subdir-$(CONFIG_CCSECURITY)            += ccsecurity  +subdir-$(CONFIG_CCSECURITY)            += ccsecurity
659  +obj-$(CONFIG_CCSECURITY)               += ccsecurity/  +obj-$(CONFIG_CCSECURITY)               += ccsecurity/
660  --- linux-4.19.197.orig/security/security.c  --- linux-4.19.198.orig/security/security.c
661  +++ linux-4.19.197/security/security.c  +++ linux-4.19.198/security/security.c
662  @@ -984,12 +984,19 @@ int security_file_open(struct file *file  @@ -984,12 +984,19 @@ int security_file_open(struct file *file
663    
664   int security_task_alloc(struct task_struct *task, unsigned long clone_flags)   int security_task_alloc(struct task_struct *task, unsigned long clone_flags)
Legend:
Removed from v.351  
changed lines
  Added in v.352
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help