• R/O
  • SSH
  • HTTPS

tomoyo: Commit


Commit MetaInfo

Revision6744 (tree)
Time2019-10-01 20:13:50
Authorkumaneko

Log Message

(empty log message)

Change Summary

Incremental Difference

--- trunk/1.8.x/ccs-patch/patches/ccs-patch-4.19.diff (revision 6743)
+++ trunk/1.8.x/ccs-patch/patches/ccs-patch-4.19.diff (revision 6744)
@@ -1,6 +1,6 @@
1-This is TOMOYO Linux patch for kernel 4.19.75.
1+This is TOMOYO Linux patch for kernel 4.19.76.
22
3-Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.19.75.tar.xz
3+Source code for this patch is https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.19.76.tar.xz
44 ---
55 fs/exec.c | 2 -
66 fs/open.c | 2 +
@@ -28,8 +28,8 @@
2828 security/security.c | 9 +++++-
2929 24 files changed, 148 insertions(+), 29 deletions(-)
3030
31---- linux-4.19.75.orig/fs/exec.c
32-+++ linux-4.19.75/fs/exec.c
31+--- linux-4.19.76.orig/fs/exec.c
32++++ linux-4.19.76/fs/exec.c
3333 @@ -1692,7 +1692,7 @@ static int exec_binprm(struct linux_binp
3434 old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent));
3535 rcu_read_unlock();
@@ -39,8 +39,8 @@
3939 if (ret >= 0) {
4040 audit_bprm(bprm);
4141 trace_sched_process_exec(current, old_pid, bprm);
42---- linux-4.19.75.orig/fs/open.c
43-+++ linux-4.19.75/fs/open.c
42+--- linux-4.19.76.orig/fs/open.c
43++++ linux-4.19.76/fs/open.c
4444 @@ -1199,6 +1199,8 @@ SYSCALL_DEFINE1(close, unsigned int, fd)
4545 */
4646 SYSCALL_DEFINE0(vhangup)
@@ -50,8 +50,8 @@
5050 if (capable(CAP_SYS_TTY_CONFIG)) {
5151 tty_vhangup_self();
5252 return 0;
53---- linux-4.19.75.orig/fs/proc/version.c
54-+++ linux-4.19.75/fs/proc/version.c
53+--- linux-4.19.76.orig/fs/proc/version.c
54++++ linux-4.19.76/fs/proc/version.c
5555 @@ -21,3 +21,10 @@ static int __init proc_version_init(void
5656 return 0;
5757 }
@@ -59,12 +59,12 @@
5959 +
6060 +static int __init ccs_show_version(void)
6161 +{
62-+ printk(KERN_INFO "Hook version: 4.19.75 2019/09/26\n");
62++ printk(KERN_INFO "Hook version: 4.19.76 2019/10/01\n");
6363 + return 0;
6464 +}
6565 +fs_initcall(ccs_show_version);
66---- linux-4.19.75.orig/include/linux/sched.h
67-+++ linux-4.19.75/include/linux/sched.h
66+--- linux-4.19.76.orig/include/linux/sched.h
67++++ linux-4.19.76/include/linux/sched.h
6868 @@ -34,6 +34,7 @@ struct audit_context;
6969 struct backing_dev_info;
7070 struct bio_list;
@@ -84,8 +84,8 @@
8484
8585 /*
8686 * New fields for task_struct should be added above here, so that
87---- linux-4.19.75.orig/include/linux/security.h
88-+++ linux-4.19.75/include/linux/security.h
87+--- linux-4.19.76.orig/include/linux/security.h
88++++ linux-4.19.76/include/linux/security.h
8989 @@ -53,6 +53,7 @@ struct msg_msg;
9090 struct xattr;
9191 struct xfrm_sec_ctx;
@@ -306,8 +306,8 @@
306306 }
307307 #endif /* CONFIG_SECURITY_PATH */
308308
309---- linux-4.19.75.orig/include/net/ip.h
310-+++ linux-4.19.75/include/net/ip.h
309+--- linux-4.19.76.orig/include/net/ip.h
310++++ linux-4.19.76/include/net/ip.h
311311 @@ -301,6 +301,8 @@ void inet_get_local_port_range(struct ne
312312 #ifdef CONFIG_SYSCTL
313313 static inline int inet_is_local_reserved_port(struct net *net, int port)
@@ -326,8 +326,8 @@
326326 return 0;
327327 }
328328
329---- linux-4.19.75.orig/init/init_task.c
330-+++ linux-4.19.75/init/init_task.c
329+--- linux-4.19.76.orig/init/init_task.c
330++++ linux-4.19.76/init/init_task.c
331331 @@ -179,6 +179,10 @@ struct task_struct init_task
332332 #ifdef CONFIG_SECURITY
333333 .security = NULL,
@@ -339,8 +339,8 @@
339339 };
340340 EXPORT_SYMBOL(init_task);
341341
342---- linux-4.19.75.orig/kernel/kexec.c
343-+++ linux-4.19.75/kernel/kexec.c
342+--- linux-4.19.76.orig/kernel/kexec.c
343++++ linux-4.19.76/kernel/kexec.c
344344 @@ -18,7 +18,7 @@
345345 #include <linux/syscalls.h>
346346 #include <linux/vmalloc.h>
@@ -359,8 +359,8 @@
359359
360360 /* Permit LSMs and IMA to fail the kexec */
361361 result = security_kernel_load_data(LOADING_KEXEC_IMAGE);
362---- linux-4.19.75.orig/kernel/module.c
363-+++ linux-4.19.75/kernel/module.c
362+--- linux-4.19.76.orig/kernel/module.c
363++++ linux-4.19.76/kernel/module.c
364364 @@ -66,6 +66,7 @@
365365 #include <linux/audit.h>
366366 #include <uapi/linux/module.h>
@@ -387,8 +387,8 @@
387387
388388 return 0;
389389 }
390---- linux-4.19.75.orig/kernel/ptrace.c
391-+++ linux-4.19.75/kernel/ptrace.c
390+--- linux-4.19.76.orig/kernel/ptrace.c
391++++ linux-4.19.76/kernel/ptrace.c
392392 @@ -1137,6 +1137,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
393393 {
394394 struct task_struct *child;
@@ -413,8 +413,8 @@
413413
414414 if (request == PTRACE_TRACEME) {
415415 ret = ptrace_traceme();
416---- linux-4.19.75.orig/kernel/reboot.c
417-+++ linux-4.19.75/kernel/reboot.c
416+--- linux-4.19.76.orig/kernel/reboot.c
417++++ linux-4.19.76/kernel/reboot.c
418418 @@ -16,6 +16,7 @@
419419 #include <linux/syscalls.h>
420420 #include <linux/syscore_ops.h>
@@ -432,8 +432,8 @@
432432
433433 /*
434434 * If pid namespaces are enabled and the current task is in a child
435---- linux-4.19.75.orig/kernel/sched/core.c
436-+++ linux-4.19.75/kernel/sched/core.c
435+--- linux-4.19.76.orig/kernel/sched/core.c
436++++ linux-4.19.76/kernel/sched/core.c
437437 @@ -3945,6 +3945,8 @@ int can_nice(const struct task_struct *p
438438 SYSCALL_DEFINE1(nice, int, increment)
439439 {
@@ -443,8 +443,8 @@
443443
444444 /*
445445 * Setpriority might change our priority at the same moment.
446---- linux-4.19.75.orig/kernel/signal.c
447-+++ linux-4.19.75/kernel/signal.c
446+--- linux-4.19.76.orig/kernel/signal.c
447++++ linux-4.19.76/kernel/signal.c
448448 @@ -3271,6 +3271,8 @@ COMPAT_SYSCALL_DEFINE4(rt_sigtimedwait,
449449 SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
450450 {
@@ -490,8 +490,8 @@
490490
491491 return do_send_specific(tgid, pid, sig, info);
492492 }
493---- linux-4.19.75.orig/kernel/sys.c
494-+++ linux-4.19.75/kernel/sys.c
493+--- linux-4.19.76.orig/kernel/sys.c
494++++ linux-4.19.76/kernel/sys.c
495495 @@ -201,6 +201,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
496496
497497 if (which > PRIO_USER || which < PRIO_PROCESS)
@@ -521,8 +521,8 @@
521521
522522 errno = -EFAULT;
523523 if (!copy_from_user(tmp, name, len)) {
524---- linux-4.19.75.orig/kernel/time/timekeeping.c
525-+++ linux-4.19.75/kernel/time/timekeeping.c
524+--- linux-4.19.76.orig/kernel/time/timekeeping.c
525++++ linux-4.19.76/kernel/time/timekeeping.c
526526 @@ -26,6 +26,7 @@
527527 #include <linux/stop_machine.h>
528528 #include <linux/pvclock_gtod.h>
@@ -556,8 +556,8 @@
556556
557557 /*
558558 * Validate if a timespec/timeval used to inject a time
559---- linux-4.19.75.orig/net/ipv4/raw.c
560-+++ linux-4.19.75/net/ipv4/raw.c
559+--- linux-4.19.76.orig/net/ipv4/raw.c
560++++ linux-4.19.76/net/ipv4/raw.c
561561 @@ -772,6 +772,10 @@ static int raw_recvmsg(struct sock *sk,
562562 skb = skb_recv_datagram(sk, flags, noblock, &err);
563563 if (!skb)
@@ -569,8 +569,8 @@
569569
570570 copied = skb->len;
571571 if (len < copied) {
572---- linux-4.19.75.orig/net/ipv4/udp.c
573-+++ linux-4.19.75/net/ipv4/udp.c
572+--- linux-4.19.76.orig/net/ipv4/udp.c
573++++ linux-4.19.76/net/ipv4/udp.c
574574 @@ -1668,6 +1668,8 @@ try_again:
575575 skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err);
576576 if (!skb)
@@ -580,8 +580,8 @@
580580
581581 ulen = udp_skb_len(skb);
582582 copied = len;
583---- linux-4.19.75.orig/net/ipv6/raw.c
584-+++ linux-4.19.75/net/ipv6/raw.c
583+--- linux-4.19.76.orig/net/ipv6/raw.c
584++++ linux-4.19.76/net/ipv6/raw.c
585585 @@ -485,6 +485,10 @@ static int rawv6_recvmsg(struct sock *sk
586586 skb = skb_recv_datagram(sk, flags, noblock, &err);
587587 if (!skb)
@@ -593,8 +593,8 @@
593593
594594 copied = skb->len;
595595 if (copied > len) {
596---- linux-4.19.75.orig/net/ipv6/udp.c
597-+++ linux-4.19.75/net/ipv6/udp.c
596+--- linux-4.19.76.orig/net/ipv6/udp.c
597++++ linux-4.19.76/net/ipv6/udp.c
598598 @@ -344,6 +344,8 @@ try_again:
599599 skb = __skb_recv_udp(sk, flags, noblock, &peeked, &off, &err);
600600 if (!skb)
@@ -604,8 +604,8 @@
604604
605605 ulen = udp6_skb_len(skb);
606606 copied = len;
607---- linux-4.19.75.orig/net/socket.c
608-+++ linux-4.19.75/net/socket.c
607+--- linux-4.19.76.orig/net/socket.c
608++++ linux-4.19.76/net/socket.c
609609 @@ -1590,6 +1590,10 @@ int __sys_accept4(int fd, struct sockadd
610610 if (err < 0)
611611 goto out_fd;
@@ -617,8 +617,8 @@
617617 if (upeer_sockaddr) {
618618 len = newsock->ops->getname(newsock,
619619 (struct sockaddr *)&address, 2);
620---- linux-4.19.75.orig/net/unix/af_unix.c
621-+++ linux-4.19.75/net/unix/af_unix.c
620+--- linux-4.19.76.orig/net/unix/af_unix.c
621++++ linux-4.19.76/net/unix/af_unix.c
622622 @@ -2137,6 +2137,10 @@ static int unix_dgram_recvmsg(struct soc
623623 EPOLLOUT | EPOLLWRNORM |
624624 EPOLLWRBAND);
@@ -638,8 +638,8 @@
638638 mutex_unlock(&u->iolock);
639639 out:
640640 return err;
641---- linux-4.19.75.orig/security/Kconfig
642-+++ linux-4.19.75/security/Kconfig
641+--- linux-4.19.76.orig/security/Kconfig
642++++ linux-4.19.76/security/Kconfig
643643 @@ -276,5 +276,7 @@ config DEFAULT_SECURITY
644644 default "apparmor" if DEFAULT_SECURITY_APPARMOR
645645 default "" if DEFAULT_SECURITY_DAC
@@ -648,8 +648,8 @@
648648 +
649649 endmenu
650650
651---- linux-4.19.75.orig/security/Makefile
652-+++ linux-4.19.75/security/Makefile
651+--- linux-4.19.76.orig/security/Makefile
652++++ linux-4.19.76/security/Makefile
653653 @@ -30,3 +30,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
654654 # Object integrity file lists
655655 subdir-$(CONFIG_INTEGRITY) += integrity
@@ -657,8 +657,8 @@
657657 +
658658 +subdir-$(CONFIG_CCSECURITY) += ccsecurity
659659 +obj-$(CONFIG_CCSECURITY) += ccsecurity/
660---- linux-4.19.75.orig/security/security.c
661-+++ linux-4.19.75/security/security.c
660+--- linux-4.19.76.orig/security/security.c
661++++ linux-4.19.76/security/security.c
662662 @@ -988,12 +988,19 @@ int security_file_open(struct file *file
663663
664664 int security_task_alloc(struct task_struct *task, unsigned long clone_flags)
--- trunk/1.8.x/ccs-patch/patches/ccs-patch-5.2.diff (revision 6743)
+++ trunk/1.8.x/ccs-patch/patches/ccs-patch-5.2.diff (revision 6744)
@@ -1,6 +1,6 @@
1-This is TOMOYO Linux patch for kernel 5.2.17.
1+This is TOMOYO Linux patch for kernel 5.2.18.
22
3-Source code for this patch is https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.2.17.tar.xz
3+Source code for this patch is https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.2.18.tar.xz
44 ---
55 fs/exec.c | 2 -
66 fs/open.c | 2 +
@@ -28,8 +28,8 @@
2828 security/security.c | 5 ++-
2929 24 files changed, 160 insertions(+), 30 deletions(-)
3030
31---- linux-5.2.17.orig/fs/exec.c
32-+++ linux-5.2.17/fs/exec.c
31+--- linux-5.2.18.orig/fs/exec.c
32++++ linux-5.2.18/fs/exec.c
3333 @@ -1698,7 +1698,7 @@ static int exec_binprm(struct linux_binp
3434 old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent));
3535 rcu_read_unlock();
@@ -39,8 +39,8 @@
3939 if (ret >= 0) {
4040 audit_bprm(bprm);
4141 trace_sched_process_exec(current, old_pid, bprm);
42---- linux-5.2.17.orig/fs/open.c
43-+++ linux-5.2.17/fs/open.c
42+--- linux-5.2.18.orig/fs/open.c
43++++ linux-5.2.18/fs/open.c
4444 @@ -1200,6 +1200,8 @@ SYSCALL_DEFINE1(close, unsigned int, fd)
4545 */
4646 SYSCALL_DEFINE0(vhangup)
@@ -50,8 +50,8 @@
5050 if (capable(CAP_SYS_TTY_CONFIG)) {
5151 tty_vhangup_self();
5252 return 0;
53---- linux-5.2.17.orig/fs/proc/version.c
54-+++ linux-5.2.17/fs/proc/version.c
53+--- linux-5.2.18.orig/fs/proc/version.c
54++++ linux-5.2.18/fs/proc/version.c
5555 @@ -21,3 +21,10 @@ static int __init proc_version_init(void
5656 return 0;
5757 }
@@ -59,12 +59,12 @@
5959 +
6060 +static int __init ccs_show_version(void)
6161 +{
62-+ printk(KERN_INFO "Hook version: 5.2.17 2019/09/26\n");
62++ printk(KERN_INFO "Hook version: 5.2.18 2019/10/01\n");
6363 + return 0;
6464 +}
6565 +fs_initcall(ccs_show_version);
66---- linux-5.2.17.orig/include/linux/sched.h
67-+++ linux-5.2.17/include/linux/sched.h
66+--- linux-5.2.18.orig/include/linux/sched.h
67++++ linux-5.2.18/include/linux/sched.h
6868 @@ -35,6 +35,7 @@ struct audit_context;
6969 struct backing_dev_info;
7070 struct bio_list;
@@ -84,8 +84,8 @@
8484
8585 #ifdef CONFIG_GCC_PLUGIN_STACKLEAK
8686 unsigned long lowest_stack;
87---- linux-5.2.17.orig/include/linux/security.h
88-+++ linux-5.2.17/include/linux/security.h
87+--- linux-5.2.18.orig/include/linux/security.h
88++++ linux-5.2.18/include/linux/security.h
8989 @@ -57,6 +57,7 @@ struct mm_struct;
9090 struct fs_context;
9191 struct fs_parameter;
@@ -315,8 +315,8 @@
315315 }
316316 #endif /* CONFIG_SECURITY_PATH */
317317
318---- linux-5.2.17.orig/include/net/ip.h
319-+++ linux-5.2.17/include/net/ip.h
318+--- linux-5.2.18.orig/include/net/ip.h
319++++ linux-5.2.18/include/net/ip.h
320320 @@ -302,6 +302,8 @@ void inet_get_local_port_range(struct ne
321321 #ifdef CONFIG_SYSCTL
322322 static inline int inet_is_local_reserved_port(struct net *net, int port)
@@ -335,8 +335,8 @@
335335 return 0;
336336 }
337337
338---- linux-5.2.17.orig/init/init_task.c
339-+++ linux-5.2.17/init/init_task.c
338+--- linux-5.2.18.orig/init/init_task.c
339++++ linux-5.2.18/init/init_task.c
340340 @@ -180,6 +180,10 @@ struct task_struct init_task
341341 #ifdef CONFIG_SECURITY
342342 .security = NULL,
@@ -348,8 +348,8 @@
348348 };
349349 EXPORT_SYMBOL(init_task);
350350
351---- linux-5.2.17.orig/kernel/kexec.c
352-+++ linux-5.2.17/kernel/kexec.c
351+--- linux-5.2.18.orig/kernel/kexec.c
352++++ linux-5.2.18/kernel/kexec.c
353353 @@ -16,7 +16,7 @@
354354 #include <linux/syscalls.h>
355355 #include <linux/vmalloc.h>
@@ -368,8 +368,8 @@
368368
369369 /* Permit LSMs and IMA to fail the kexec */
370370 result = security_kernel_load_data(LOADING_KEXEC_IMAGE);
371---- linux-5.2.17.orig/kernel/module.c
372-+++ linux-5.2.17/kernel/module.c
371+--- linux-5.2.18.orig/kernel/module.c
372++++ linux-5.2.18/kernel/module.c
373373 @@ -54,6 +54,7 @@
374374 #include <linux/audit.h>
375375 #include <uapi/linux/module.h>
@@ -396,8 +396,8 @@
396396
397397 return 0;
398398 }
399---- linux-5.2.17.orig/kernel/ptrace.c
400-+++ linux-5.2.17/kernel/ptrace.c
399+--- linux-5.2.18.orig/kernel/ptrace.c
400++++ linux-5.2.18/kernel/ptrace.c
401401 @@ -1137,6 +1137,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
402402 {
403403 struct task_struct *child;
@@ -422,8 +422,8 @@
422422
423423 if (request == PTRACE_TRACEME) {
424424 ret = ptrace_traceme();
425---- linux-5.2.17.orig/kernel/reboot.c
426-+++ linux-5.2.17/kernel/reboot.c
425+--- linux-5.2.18.orig/kernel/reboot.c
426++++ linux-5.2.18/kernel/reboot.c
427427 @@ -17,6 +17,7 @@
428428 #include <linux/syscalls.h>
429429 #include <linux/syscore_ops.h>
@@ -441,8 +441,8 @@
441441
442442 /*
443443 * If pid namespaces are enabled and the current task is in a child
444---- linux-5.2.17.orig/kernel/sched/core.c
445-+++ linux-5.2.17/kernel/sched/core.c
444+--- linux-5.2.18.orig/kernel/sched/core.c
445++++ linux-5.2.18/kernel/sched/core.c
446446 @@ -3940,6 +3940,8 @@ int can_nice(const struct task_struct *p
447447 SYSCALL_DEFINE1(nice, int, increment)
448448 {
@@ -452,8 +452,8 @@
452452
453453 /*
454454 * Setpriority might change our priority at the same moment.
455---- linux-5.2.17.orig/kernel/signal.c
456-+++ linux-5.2.17/kernel/signal.c
455+--- linux-5.2.18.orig/kernel/signal.c
456++++ linux-5.2.18/kernel/signal.c
457457 @@ -3615,6 +3615,8 @@ static inline void prepare_kill_siginfo(
458458 SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
459459 {
@@ -521,8 +521,8 @@
521521
522522 return do_send_specific(tgid, pid, sig, info);
523523 }
524---- linux-5.2.17.orig/kernel/sys.c
525-+++ linux-5.2.17/kernel/sys.c
524+--- linux-5.2.18.orig/kernel/sys.c
525++++ linux-5.2.18/kernel/sys.c
526526 @@ -204,6 +204,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
527527
528528 if (which > PRIO_USER || which < PRIO_PROCESS)
@@ -552,8 +552,8 @@
552552
553553 errno = -EFAULT;
554554 if (!copy_from_user(tmp, name, len)) {
555---- linux-5.2.17.orig/kernel/time/timekeeping.c
556-+++ linux-5.2.17/kernel/time/timekeeping.c
555+--- linux-5.2.18.orig/kernel/time/timekeeping.c
556++++ linux-5.2.18/kernel/time/timekeeping.c
557557 @@ -22,6 +22,7 @@
558558 #include <linux/pvclock_gtod.h>
559559 #include <linux/compiler.h>
@@ -587,8 +587,8 @@
587587
588588 /*
589589 * Validate if a timespec/timeval used to inject a time
590---- linux-5.2.17.orig/net/ipv4/raw.c
591-+++ linux-5.2.17/net/ipv4/raw.c
590+--- linux-5.2.18.orig/net/ipv4/raw.c
591++++ linux-5.2.18/net/ipv4/raw.c
592592 @@ -767,6 +767,10 @@ static int raw_recvmsg(struct sock *sk,
593593 skb = skb_recv_datagram(sk, flags, noblock, &err);
594594 if (!skb)
@@ -600,8 +600,8 @@
600600
601601 copied = skb->len;
602602 if (len < copied) {
603---- linux-5.2.17.orig/net/ipv4/udp.c
604-+++ linux-5.2.17/net/ipv4/udp.c
603+--- linux-5.2.18.orig/net/ipv4/udp.c
604++++ linux-5.2.18/net/ipv4/udp.c
605605 @@ -1721,6 +1721,8 @@ try_again:
606606 skb = __skb_recv_udp(sk, flags, noblock, &off, &err);
607607 if (!skb)
@@ -611,8 +611,8 @@
611611
612612 ulen = udp_skb_len(skb);
613613 copied = len;
614---- linux-5.2.17.orig/net/ipv6/raw.c
615-+++ linux-5.2.17/net/ipv6/raw.c
614+--- linux-5.2.18.orig/net/ipv6/raw.c
615++++ linux-5.2.18/net/ipv6/raw.c
616616 @@ -480,6 +480,10 @@ static int rawv6_recvmsg(struct sock *sk
617617 skb = skb_recv_datagram(sk, flags, noblock, &err);
618618 if (!skb)
@@ -624,8 +624,8 @@
624624
625625 copied = skb->len;
626626 if (copied > len) {
627---- linux-5.2.17.orig/net/ipv6/udp.c
628-+++ linux-5.2.17/net/ipv6/udp.c
627+--- linux-5.2.18.orig/net/ipv6/udp.c
628++++ linux-5.2.18/net/ipv6/udp.c
629629 @@ -300,6 +300,8 @@ try_again:
630630 skb = __skb_recv_udp(sk, flags, noblock, &off, &err);
631631 if (!skb)
@@ -635,8 +635,8 @@
635635
636636 ulen = udp6_skb_len(skb);
637637 copied = len;
638---- linux-5.2.17.orig/net/socket.c
639-+++ linux-5.2.17/net/socket.c
638+--- linux-5.2.18.orig/net/socket.c
639++++ linux-5.2.18/net/socket.c
640640 @@ -1761,6 +1761,10 @@ int __sys_accept4(int fd, struct sockadd
641641 if (err < 0)
642642 goto out_fd;
@@ -648,8 +648,8 @@
648648 if (upeer_sockaddr) {
649649 len = newsock->ops->getname(newsock,
650650 (struct sockaddr *)&address, 2);
651---- linux-5.2.17.orig/net/unix/af_unix.c
652-+++ linux-5.2.17/net/unix/af_unix.c
651+--- linux-5.2.18.orig/net/unix/af_unix.c
652++++ linux-5.2.18/net/unix/af_unix.c
653653 @@ -2075,6 +2075,10 @@ static int unix_dgram_recvmsg(struct soc
654654 EPOLLOUT | EPOLLWRNORM |
655655 EPOLLWRBAND);
@@ -669,8 +669,8 @@
669669 mutex_unlock(&u->iolock);
670670 out:
671671 return err;
672---- linux-5.2.17.orig/security/Kconfig
673-+++ linux-5.2.17/security/Kconfig
672+--- linux-5.2.18.orig/security/Kconfig
673++++ linux-5.2.18/security/Kconfig
674674 @@ -290,5 +290,7 @@ config LSM
675675
676676 source "security/Kconfig.hardening"
@@ -679,8 +679,8 @@
679679 +
680680 endmenu
681681
682---- linux-5.2.17.orig/security/Makefile
683-+++ linux-5.2.17/security/Makefile
682+--- linux-5.2.18.orig/security/Makefile
683++++ linux-5.2.18/security/Makefile
684684 @@ -32,3 +32,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
685685 # Object integrity file lists
686686 subdir-$(CONFIG_INTEGRITY) += integrity
@@ -688,8 +688,8 @@
688688 +
689689 +subdir-$(CONFIG_CCSECURITY) += ccsecurity
690690 +obj-$(CONFIG_CCSECURITY) += ccsecurity/
691---- linux-5.2.17.orig/security/security.c
692-+++ linux-5.2.17/security/security.c
691+--- linux-5.2.18.orig/security/security.c
692++++ linux-5.2.18/security/security.c
693693 @@ -1464,7 +1464,9 @@ int security_task_alloc(struct task_stru
694694
695695 if (rc)
--- trunk/1.8.x/ccs-patch/patches/ccs-patch-5.3.diff (revision 6743)
+++ trunk/1.8.x/ccs-patch/patches/ccs-patch-5.3.diff (revision 6744)
@@ -1,6 +1,6 @@
1-This is TOMOYO Linux patch for kernel 5.3.1.
1+This is TOMOYO Linux patch for kernel 5.3.2.
22
3-Source code for this patch is https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.3.1.tar.xz
3+Source code for this patch is https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.3.2.tar.xz
44 ---
55 fs/exec.c | 2 -
66 fs/open.c | 2 +
@@ -28,8 +28,8 @@
2828 security/security.c | 5 ++-
2929 24 files changed, 160 insertions(+), 30 deletions(-)
3030
31---- linux-5.3.1.orig/fs/exec.c
32-+++ linux-5.3.1/fs/exec.c
31+--- linux-5.3.2.orig/fs/exec.c
32++++ linux-5.3.2/fs/exec.c
3333 @@ -1698,7 +1698,7 @@ static int exec_binprm(struct linux_binp
3434 old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent));
3535 rcu_read_unlock();
@@ -39,8 +39,8 @@
3939 if (ret >= 0) {
4040 audit_bprm(bprm);
4141 trace_sched_process_exec(current, old_pid, bprm);
42---- linux-5.3.1.orig/fs/open.c
43-+++ linux-5.3.1/fs/open.c
42+--- linux-5.3.2.orig/fs/open.c
43++++ linux-5.3.2/fs/open.c
4444 @@ -1200,6 +1200,8 @@ SYSCALL_DEFINE1(close, unsigned int, fd)
4545 */
4646 SYSCALL_DEFINE0(vhangup)
@@ -50,8 +50,8 @@
5050 if (capable(CAP_SYS_TTY_CONFIG)) {
5151 tty_vhangup_self();
5252 return 0;
53---- linux-5.3.1.orig/fs/proc/version.c
54-+++ linux-5.3.1/fs/proc/version.c
53+--- linux-5.3.2.orig/fs/proc/version.c
54++++ linux-5.3.2/fs/proc/version.c
5555 @@ -21,3 +21,10 @@ static int __init proc_version_init(void
5656 return 0;
5757 }
@@ -59,12 +59,12 @@
5959 +
6060 +static int __init ccs_show_version(void)
6161 +{
62-+ printk(KERN_INFO "Hook version: 5.3.1 2019/09/26\n");
62++ printk(KERN_INFO "Hook version: 5.3.2 2019/10/01\n");
6363 + return 0;
6464 +}
6565 +fs_initcall(ccs_show_version);
66---- linux-5.3.1.orig/include/linux/sched.h
67-+++ linux-5.3.1/include/linux/sched.h
66+--- linux-5.3.2.orig/include/linux/sched.h
67++++ linux-5.3.2/include/linux/sched.h
6868 @@ -36,6 +36,7 @@ struct backing_dev_info;
6969 struct bio_list;
7070 struct blk_plug;
@@ -84,8 +84,8 @@
8484
8585 #ifdef CONFIG_GCC_PLUGIN_STACKLEAK
8686 unsigned long lowest_stack;
87---- linux-5.3.1.orig/include/linux/security.h
88-+++ linux-5.3.1/include/linux/security.h
87+--- linux-5.3.2.orig/include/linux/security.h
88++++ linux-5.3.2/include/linux/security.h
8989 @@ -57,6 +57,7 @@ struct mm_struct;
9090 struct fs_context;
9191 struct fs_parameter;
@@ -315,8 +315,8 @@
315315 }
316316 #endif /* CONFIG_SECURITY_PATH */
317317
318---- linux-5.3.1.orig/include/net/ip.h
319-+++ linux-5.3.1/include/net/ip.h
318+--- linux-5.3.2.orig/include/net/ip.h
319++++ linux-5.3.2/include/net/ip.h
320320 @@ -340,6 +340,8 @@ void inet_get_local_port_range(struct ne
321321 #ifdef CONFIG_SYSCTL
322322 static inline int inet_is_local_reserved_port(struct net *net, int port)
@@ -335,8 +335,8 @@
335335 return 0;
336336 }
337337
338---- linux-5.3.1.orig/init/init_task.c
339-+++ linux-5.3.1/init/init_task.c
338+--- linux-5.3.2.orig/init/init_task.c
339++++ linux-5.3.2/init/init_task.c
340340 @@ -183,6 +183,10 @@ struct task_struct init_task
341341 #ifdef CONFIG_SECURITY
342342 .security = NULL,
@@ -348,8 +348,8 @@
348348 };
349349 EXPORT_SYMBOL(init_task);
350350
351---- linux-5.3.1.orig/kernel/kexec.c
352-+++ linux-5.3.1/kernel/kexec.c
351+--- linux-5.3.2.orig/kernel/kexec.c
352++++ linux-5.3.2/kernel/kexec.c
353353 @@ -16,7 +16,7 @@
354354 #include <linux/syscalls.h>
355355 #include <linux/vmalloc.h>
@@ -368,8 +368,8 @@
368368
369369 /* Permit LSMs and IMA to fail the kexec */
370370 result = security_kernel_load_data(LOADING_KEXEC_IMAGE);
371---- linux-5.3.1.orig/kernel/module.c
372-+++ linux-5.3.1/kernel/module.c
371+--- linux-5.3.2.orig/kernel/module.c
372++++ linux-5.3.2/kernel/module.c
373373 @@ -54,6 +54,7 @@
374374 #include <linux/audit.h>
375375 #include <uapi/linux/module.h>
@@ -396,8 +396,8 @@
396396
397397 return 0;
398398 }
399---- linux-5.3.1.orig/kernel/ptrace.c
400-+++ linux-5.3.1/kernel/ptrace.c
399+--- linux-5.3.2.orig/kernel/ptrace.c
400++++ linux-5.3.2/kernel/ptrace.c
401401 @@ -1239,6 +1239,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
402402 {
403403 struct task_struct *child;
@@ -422,8 +422,8 @@
422422
423423 if (request == PTRACE_TRACEME) {
424424 ret = ptrace_traceme();
425---- linux-5.3.1.orig/kernel/reboot.c
426-+++ linux-5.3.1/kernel/reboot.c
425+--- linux-5.3.2.orig/kernel/reboot.c
426++++ linux-5.3.2/kernel/reboot.c
427427 @@ -17,6 +17,7 @@
428428 #include <linux/syscalls.h>
429429 #include <linux/syscore_ops.h>
@@ -441,8 +441,8 @@
441441
442442 /*
443443 * If pid namespaces are enabled and the current task is in a child
444---- linux-5.3.1.orig/kernel/sched/core.c
445-+++ linux-5.3.1/kernel/sched/core.c
444+--- linux-5.3.2.orig/kernel/sched/core.c
445++++ linux-5.3.2/kernel/sched/core.c
446446 @@ -4375,6 +4375,8 @@ int can_nice(const struct task_struct *p
447447 SYSCALL_DEFINE1(nice, int, increment)
448448 {
@@ -452,8 +452,8 @@
452452
453453 /*
454454 * Setpriority might change our priority at the same moment.
455---- linux-5.3.1.orig/kernel/signal.c
456-+++ linux-5.3.1/kernel/signal.c
455+--- linux-5.3.2.orig/kernel/signal.c
456++++ linux-5.3.2/kernel/signal.c
457457 @@ -3634,6 +3634,8 @@ static inline void prepare_kill_siginfo(
458458 SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
459459 {
@@ -521,8 +521,8 @@
521521
522522 return do_send_specific(tgid, pid, sig, info);
523523 }
524---- linux-5.3.1.orig/kernel/sys.c
525-+++ linux-5.3.1/kernel/sys.c
524+--- linux-5.3.2.orig/kernel/sys.c
525++++ linux-5.3.2/kernel/sys.c
526526 @@ -204,6 +204,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
527527
528528 if (which > PRIO_USER || which < PRIO_PROCESS)
@@ -552,8 +552,8 @@
552552
553553 errno = -EFAULT;
554554 if (!copy_from_user(tmp, name, len)) {
555---- linux-5.3.1.orig/kernel/time/timekeeping.c
556-+++ linux-5.3.1/kernel/time/timekeeping.c
555+--- linux-5.3.2.orig/kernel/time/timekeeping.c
556++++ linux-5.3.2/kernel/time/timekeeping.c
557557 @@ -22,6 +22,7 @@
558558 #include <linux/pvclock_gtod.h>
559559 #include <linux/compiler.h>
@@ -587,8 +587,8 @@
587587
588588 /*
589589 * Validate if a timespec/timeval used to inject a time
590---- linux-5.3.1.orig/net/ipv4/raw.c
591-+++ linux-5.3.1/net/ipv4/raw.c
590+--- linux-5.3.2.orig/net/ipv4/raw.c
591++++ linux-5.3.2/net/ipv4/raw.c
592592 @@ -767,6 +767,10 @@ static int raw_recvmsg(struct sock *sk,
593593 skb = skb_recv_datagram(sk, flags, noblock, &err);
594594 if (!skb)
@@ -600,8 +600,8 @@
600600
601601 copied = skb->len;
602602 if (len < copied) {
603---- linux-5.3.1.orig/net/ipv4/udp.c
604-+++ linux-5.3.1/net/ipv4/udp.c
603+--- linux-5.3.2.orig/net/ipv4/udp.c
604++++ linux-5.3.2/net/ipv4/udp.c
605605 @@ -1709,6 +1709,8 @@ try_again:
606606 skb = __skb_recv_udp(sk, flags, noblock, &off, &err);
607607 if (!skb)
@@ -611,8 +611,8 @@
611611
612612 ulen = udp_skb_len(skb);
613613 copied = len;
614---- linux-5.3.1.orig/net/ipv6/raw.c
615-+++ linux-5.3.1/net/ipv6/raw.c
614+--- linux-5.3.2.orig/net/ipv6/raw.c
615++++ linux-5.3.2/net/ipv6/raw.c
616616 @@ -480,6 +480,10 @@ static int rawv6_recvmsg(struct sock *sk
617617 skb = skb_recv_datagram(sk, flags, noblock, &err);
618618 if (!skb)
@@ -624,8 +624,8 @@
624624
625625 copied = skb->len;
626626 if (copied > len) {
627---- linux-5.3.1.orig/net/ipv6/udp.c
628-+++ linux-5.3.1/net/ipv6/udp.c
627+--- linux-5.3.2.orig/net/ipv6/udp.c
628++++ linux-5.3.2/net/ipv6/udp.c
629629 @@ -288,6 +288,8 @@ try_again:
630630 skb = __skb_recv_udp(sk, flags, noblock, &off, &err);
631631 if (!skb)
@@ -635,8 +635,8 @@
635635
636636 ulen = udp6_skb_len(skb);
637637 copied = len;
638---- linux-5.3.1.orig/net/socket.c
639-+++ linux-5.3.1/net/socket.c
638+--- linux-5.3.2.orig/net/socket.c
639++++ linux-5.3.2/net/socket.c
640640 @@ -1755,6 +1755,10 @@ int __sys_accept4(int fd, struct sockadd
641641 if (err < 0)
642642 goto out_fd;
@@ -648,8 +648,8 @@
648648 if (upeer_sockaddr) {
649649 len = newsock->ops->getname(newsock,
650650 (struct sockaddr *)&address, 2);
651---- linux-5.3.1.orig/net/unix/af_unix.c
652-+++ linux-5.3.1/net/unix/af_unix.c
651+--- linux-5.3.2.orig/net/unix/af_unix.c
652++++ linux-5.3.2/net/unix/af_unix.c
653653 @@ -2075,6 +2075,10 @@ static int unix_dgram_recvmsg(struct soc
654654 EPOLLOUT | EPOLLWRNORM |
655655 EPOLLWRBAND);
@@ -669,8 +669,8 @@
669669 mutex_unlock(&u->iolock);
670670 out:
671671 return err;
672---- linux-5.3.1.orig/security/Kconfig
673-+++ linux-5.3.1/security/Kconfig
672+--- linux-5.3.2.orig/security/Kconfig
673++++ linux-5.3.2/security/Kconfig
674674 @@ -290,5 +290,7 @@ config LSM
675675
676676 source "security/Kconfig.hardening"
@@ -679,8 +679,8 @@
679679 +
680680 endmenu
681681
682---- linux-5.3.1.orig/security/Makefile
683-+++ linux-5.3.1/security/Makefile
682+--- linux-5.3.2.orig/security/Makefile
683++++ linux-5.3.2/security/Makefile
684684 @@ -32,3 +32,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
685685 # Object integrity file lists
686686 subdir-$(CONFIG_INTEGRITY) += integrity
@@ -688,8 +688,8 @@
688688 +
689689 +subdir-$(CONFIG_CCSECURITY) += ccsecurity
690690 +obj-$(CONFIG_CCSECURITY) += ccsecurity/
691---- linux-5.3.1.orig/security/security.c
692-+++ linux-5.3.1/security/security.c
691+--- linux-5.3.2.orig/security/security.c
692++++ linux-5.3.2/security/security.c
693693 @@ -1467,7 +1467,9 @@ int security_task_alloc(struct task_stru
694694
695695 if (rc)
--- trunk/1.8.x/ccs-patch/patches/ccs-patch-5.4.diff (revision 6743)
+++ trunk/1.8.x/ccs-patch/patches/ccs-patch-5.4.diff (revision 6744)
@@ -1,6 +1,6 @@
1-This is TOMOYO Linux patch for linux-next.
1+This is TOMOYO Linux patch for kernel 5.4-rc1.
22
3-Source code for this patch is https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/snapshot/linux-next-next-20190915.tar.gz
3+Source code for this patch is https://git.kernel.org/torvalds/t/linux-5.4-rc1.tar.gz
44 ---
55 fs/exec.c | 2 -
66 fs/open.c | 2 +
@@ -28,9 +28,9 @@
2828 security/security.c | 5 ++-
2929 24 files changed, 160 insertions(+), 30 deletions(-)
3030
31---- linux-next.orig/fs/exec.c
32-+++ linux-next/fs/exec.c
33-@@ -1698,7 +1698,7 @@ static int exec_binprm(struct linux_binp
31+--- linux-5.4-rc1.orig/fs/exec.c
32++++ linux-5.4-rc1/fs/exec.c
33+@@ -1699,7 +1699,7 @@ static int exec_binprm(struct linux_binp
3434 old_vpid = task_pid_nr_ns(current, task_active_pid_ns(current->parent));
3535 rcu_read_unlock();
3636
@@ -39,8 +39,8 @@
3939 if (ret >= 0) {
4040 audit_bprm(bprm);
4141 trace_sched_process_exec(current, old_pid, bprm);
42---- linux-next.orig/fs/open.c
43-+++ linux-next/fs/open.c
42+--- linux-5.4-rc1.orig/fs/open.c
43++++ linux-5.4-rc1/fs/open.c
4444 @@ -1208,6 +1208,8 @@ SYSCALL_DEFINE1(close, unsigned int, fd)
4545 */
4646 SYSCALL_DEFINE0(vhangup)
@@ -50,8 +50,8 @@
5050 if (capable(CAP_SYS_TTY_CONFIG)) {
5151 tty_vhangup_self();
5252 return 0;
53---- linux-next.orig/fs/proc/version.c
54-+++ linux-next/fs/proc/version.c
53+--- linux-5.4-rc1.orig/fs/proc/version.c
54++++ linux-5.4-rc1/fs/proc/version.c
5555 @@ -21,3 +21,10 @@ static int __init proc_version_init(void
5656 return 0;
5757 }
@@ -59,12 +59,12 @@
5959 +
6060 +static int __init ccs_show_version(void)
6161 +{
62-+ printk(KERN_INFO "Hook version: 5.3-rc8-next-20190915 2019/09/16\n");
62++ printk(KERN_INFO "Hook version: 5.4-rc1 2019/10/01\n");
6363 + return 0;
6464 +}
6565 +fs_initcall(ccs_show_version);
66---- linux-next.orig/include/linux/sched.h
67-+++ linux-next/include/linux/sched.h
66+--- linux-5.4-rc1.orig/include/linux/sched.h
67++++ linux-5.4-rc1/include/linux/sched.h
6868 @@ -38,6 +38,7 @@ struct backing_dev_info;
6969 struct bio_list;
7070 struct blk_plug;
@@ -73,7 +73,7 @@
7373 struct cfs_rq;
7474 struct fs_struct;
7575 struct futex_pi_state;
76-@@ -1258,6 +1259,10 @@ struct task_struct {
76+@@ -1259,6 +1260,10 @@ struct task_struct {
7777 /* Used by LSM modules for access restriction: */
7878 void *security;
7979 #endif
@@ -84,17 +84,17 @@
8484
8585 #ifdef CONFIG_GCC_PLUGIN_STACKLEAK
8686 unsigned long lowest_stack;
87---- linux-next.orig/include/linux/security.h
88-+++ linux-next/include/linux/security.h
89-@@ -59,6 +59,7 @@ struct fs_parameter;
87+--- linux-5.4-rc1.orig/include/linux/security.h
88++++ linux-5.4-rc1/include/linux/security.h
89+@@ -57,6 +57,7 @@ struct mm_struct;
90+ struct fs_context;
91+ struct fs_parameter;
9092 enum fs_value_type;
91- struct watch;
92- struct watch_notification;
9393 +#include <linux/ccsecurity.h>
9494
9595 /* Default (no) options for the capable function */
9696 #define CAP_OPT_NONE 0x0
97-@@ -559,7 +560,10 @@ static inline int security_syslog(int ty
97+@@ -557,7 +558,10 @@ static inline int security_syslog(int ty
9898 static inline int security_settime64(const struct timespec64 *ts,
9999 const struct timezone *tz)
100100 {
@@ -106,7 +106,7 @@
106106 }
107107
108108 static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
109-@@ -636,18 +640,18 @@ static inline int security_sb_mount(cons
109+@@ -634,18 +638,18 @@ static inline int security_sb_mount(cons
110110 const char *type, unsigned long flags,
111111 void *data)
112112 {
@@ -128,7 +128,7 @@
128128 }
129129
130130 static inline int security_sb_set_mnt_opts(struct super_block *sb,
131-@@ -675,7 +679,7 @@ static inline int security_add_mnt_opt(c
131+@@ -673,7 +677,7 @@ static inline int security_add_mnt_opt(c
132132 static inline int security_move_mount(const struct path *from_path,
133133 const struct path *to_path)
134134 {
@@ -137,7 +137,7 @@
137137 }
138138
139139 static inline int security_path_notify(const struct path *path, u64 mask,
140-@@ -809,7 +813,7 @@ static inline int security_inode_setattr
140+@@ -807,7 +811,7 @@ static inline int security_inode_setattr
141141
142142 static inline int security_inode_getattr(const struct path *path)
143143 {
@@ -146,7 +146,7 @@
146146 }
147147
148148 static inline int security_inode_setxattr(struct dentry *dentry,
149-@@ -901,7 +905,7 @@ static inline void security_file_free(st
149+@@ -899,7 +903,7 @@ static inline void security_file_free(st
150150 static inline int security_file_ioctl(struct file *file, unsigned int cmd,
151151 unsigned long arg)
152152 {
@@ -155,7 +155,7 @@
155155 }
156156
157157 static inline int security_mmap_file(struct file *file, unsigned long prot,
158-@@ -930,7 +934,7 @@ static inline int security_file_lock(str
158+@@ -928,7 +932,7 @@ static inline int security_file_lock(str
159159 static inline int security_file_fcntl(struct file *file, unsigned int cmd,
160160 unsigned long arg)
161161 {
@@ -164,7 +164,7 @@
164164 }
165165
166166 static inline void security_file_set_fowner(struct file *file)
167-@@ -952,17 +956,19 @@ static inline int security_file_receive(
167+@@ -950,17 +954,19 @@ static inline int security_file_receive(
168168
169169 static inline int security_file_open(struct file *file)
170170 {
@@ -187,7 +187,7 @@
187187
188188 static inline int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
189189 {
190-@@ -1370,7 +1376,7 @@ static inline int security_unix_may_send
190+@@ -1339,7 +1345,7 @@ static inline int security_unix_may_send
191191 static inline int security_socket_create(int family, int type,
192192 int protocol, int kern)
193193 {
@@ -196,7 +196,7 @@
196196 }
197197
198198 static inline int security_socket_post_create(struct socket *sock,
199-@@ -1391,19 +1397,19 @@ static inline int security_socket_bind(s
199+@@ -1360,19 +1366,19 @@ static inline int security_socket_bind(s
200200 struct sockaddr *address,
201201 int addrlen)
202202 {
@@ -219,7 +219,7 @@
219219 }
220220
221221 static inline int security_socket_accept(struct socket *sock,
222-@@ -1415,7 +1421,7 @@ static inline int security_socket_accept
222+@@ -1384,7 +1390,7 @@ static inline int security_socket_accept
223223 static inline int security_socket_sendmsg(struct socket *sock,
224224 struct msghdr *msg, int size)
225225 {
@@ -228,7 +228,7 @@
228228 }
229229
230230 static inline int security_socket_recvmsg(struct socket *sock,
231-@@ -1702,42 +1708,42 @@ int security_path_chroot(const struct pa
231+@@ -1671,42 +1677,42 @@ int security_path_chroot(const struct pa
232232 #else /* CONFIG_SECURITY_PATH */
233233 static inline int security_path_unlink(const struct path *dir, struct dentry *dentry)
234234 {
@@ -278,7 +278,7 @@
278278 }
279279
280280 static inline int security_path_rename(const struct path *old_dir,
281-@@ -1746,22 +1752,32 @@ static inline int security_path_rename(c
281+@@ -1715,22 +1721,32 @@ static inline int security_path_rename(c
282282 struct dentry *new_dentry,
283283 unsigned int flags)
284284 {
@@ -315,8 +315,8 @@
315315 }
316316 #endif /* CONFIG_SECURITY_PATH */
317317
318---- linux-next.orig/include/net/ip.h
319-+++ linux-next/include/net/ip.h
318+--- linux-5.4-rc1.orig/include/net/ip.h
319++++ linux-5.4-rc1/include/net/ip.h
320320 @@ -341,6 +341,8 @@ void inet_get_local_port_range(struct ne
321321 #ifdef CONFIG_SYSCTL
322322 static inline int inet_is_local_reserved_port(struct net *net, int port)
@@ -335,8 +335,8 @@
335335 return 0;
336336 }
337337
338---- linux-next.orig/init/init_task.c
339-+++ linux-next/init/init_task.c
338+--- linux-5.4-rc1.orig/init/init_task.c
339++++ linux-5.4-rc1/init/init_task.c
340340 @@ -181,6 +181,10 @@ struct task_struct init_task
341341 #ifdef CONFIG_SECURITY
342342 .security = NULL,
@@ -348,8 +348,8 @@
348348 };
349349 EXPORT_SYMBOL(init_task);
350350
351---- linux-next.orig/kernel/kexec.c
352-+++ linux-next/kernel/kexec.c
351+--- linux-5.4-rc1.orig/kernel/kexec.c
352++++ linux-5.4-rc1/kernel/kexec.c
353353 @@ -16,7 +16,7 @@
354354 #include <linux/syscalls.h>
355355 #include <linux/vmalloc.h>
@@ -368,8 +368,8 @@
368368
369369 /* Permit LSMs and IMA to fail the kexec */
370370 result = security_kernel_load_data(LOADING_KEXEC_IMAGE);
371---- linux-next.orig/kernel/module.c
372-+++ linux-next/kernel/module.c
371+--- linux-5.4-rc1.orig/kernel/module.c
372++++ linux-5.4-rc1/kernel/module.c
373373 @@ -55,6 +55,7 @@
374374 #include <linux/audit.h>
375375 #include <uapi/linux/module.h>
@@ -378,7 +378,7 @@
378378
379379 #define CREATE_TRACE_POINTS
380380 #include <trace/events/module.h>
381-@@ -965,6 +966,8 @@ SYSCALL_DEFINE2(delete_module, const cha
381+@@ -973,6 +974,8 @@ SYSCALL_DEFINE2(delete_module, const cha
382382
383383 if (!capable(CAP_SYS_MODULE) || modules_disabled)
384384 return -EPERM;
@@ -387,7 +387,7 @@
387387
388388 if (strncpy_from_user(name, name_user, MODULE_NAME_LEN-1) < 0)
389389 return -EFAULT;
390-@@ -3607,6 +3610,8 @@ static int may_init_module(void)
390+@@ -3669,6 +3672,8 @@ static int may_init_module(void)
391391 {
392392 if (!capable(CAP_SYS_MODULE) || modules_disabled)
393393 return -EPERM;
@@ -396,8 +396,8 @@
396396
397397 return 0;
398398 }
399---- linux-next.orig/kernel/ptrace.c
400-+++ linux-next/kernel/ptrace.c
399+--- linux-5.4-rc1.orig/kernel/ptrace.c
400++++ linux-5.4-rc1/kernel/ptrace.c
401401 @@ -1239,6 +1239,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
402402 {
403403 struct task_struct *child;
@@ -422,8 +422,8 @@
422422
423423 if (request == PTRACE_TRACEME) {
424424 ret = ptrace_traceme();
425---- linux-next.orig/kernel/reboot.c
426-+++ linux-next/kernel/reboot.c
425+--- linux-5.4-rc1.orig/kernel/reboot.c
426++++ linux-5.4-rc1/kernel/reboot.c
427427 @@ -17,6 +17,7 @@
428428 #include <linux/syscalls.h>
429429 #include <linux/syscore_ops.h>
@@ -441,9 +441,9 @@
441441
442442 /*
443443 * If pid namespaces are enabled and the current task is in a child
444---- linux-next.orig/kernel/sched/core.c
445-+++ linux-next/kernel/sched/core.c
446-@@ -4560,6 +4560,8 @@ int can_nice(const struct task_struct *p
444+--- linux-5.4-rc1.orig/kernel/sched/core.c
445++++ linux-5.4-rc1/kernel/sched/core.c
446+@@ -4563,6 +4563,8 @@ int can_nice(const struct task_struct *p
447447 SYSCALL_DEFINE1(nice, int, increment)
448448 {
449449 long nice, retval;
@@ -452,8 +452,8 @@
452452
453453 /*
454454 * Setpriority might change our priority at the same moment.
455---- linux-next.orig/kernel/signal.c
456-+++ linux-next/kernel/signal.c
455+--- linux-5.4-rc1.orig/kernel/signal.c
456++++ linux-5.4-rc1/kernel/signal.c
457457 @@ -3634,6 +3634,8 @@ static inline void prepare_kill_siginfo(
458458 SYSCALL_DEFINE2(kill, pid_t, pid, int, sig)
459459 {
@@ -521,8 +521,8 @@
521521
522522 return do_send_specific(tgid, pid, sig, info);
523523 }
524---- linux-next.orig/kernel/sys.c
525-+++ linux-next/kernel/sys.c
524+--- linux-5.4-rc1.orig/kernel/sys.c
525++++ linux-5.4-rc1/kernel/sys.c
526526 @@ -204,6 +204,10 @@ SYSCALL_DEFINE3(setpriority, int, which,
527527
528528 if (which > PRIO_USER || which < PRIO_PROCESS)
@@ -552,8 +552,8 @@
552552
553553 errno = -EFAULT;
554554 if (!copy_from_user(tmp, name, len)) {
555---- linux-next.orig/kernel/time/timekeeping.c
556-+++ linux-next/kernel/time/timekeeping.c
555+--- linux-5.4-rc1.orig/kernel/time/timekeeping.c
556++++ linux-5.4-rc1/kernel/time/timekeeping.c
557557 @@ -22,6 +22,7 @@
558558 #include <linux/pvclock_gtod.h>
559559 #include <linux/compiler.h>
@@ -587,8 +587,8 @@
587587
588588 /*
589589 * Validate if a timespec/timeval used to inject a time
590---- linux-next.orig/net/ipv4/raw.c
591-+++ linux-next/net/ipv4/raw.c
590+--- linux-5.4-rc1.orig/net/ipv4/raw.c
591++++ linux-5.4-rc1/net/ipv4/raw.c
592592 @@ -767,6 +767,10 @@ static int raw_recvmsg(struct sock *sk,
593593 skb = skb_recv_datagram(sk, flags, noblock, &err);
594594 if (!skb)
@@ -600,9 +600,9 @@
600600
601601 copied = skb->len;
602602 if (len < copied) {
603---- linux-next.orig/net/ipv4/udp.c
604-+++ linux-next/net/ipv4/udp.c
605-@@ -1708,6 +1708,8 @@ try_again:
603+--- linux-5.4-rc1.orig/net/ipv4/udp.c
604++++ linux-5.4-rc1/net/ipv4/udp.c
605+@@ -1709,6 +1709,8 @@ try_again:
606606 skb = __skb_recv_udp(sk, flags, noblock, &off, &err);
607607 if (!skb)
608608 return err;
@@ -611,8 +611,8 @@
611611
612612 ulen = udp_skb_len(skb);
613613 copied = len;
614---- linux-next.orig/net/ipv6/raw.c
615-+++ linux-next/net/ipv6/raw.c
614+--- linux-5.4-rc1.orig/net/ipv6/raw.c
615++++ linux-5.4-rc1/net/ipv6/raw.c
616616 @@ -480,6 +480,10 @@ static int rawv6_recvmsg(struct sock *sk
617617 skb = skb_recv_datagram(sk, flags, noblock, &err);
618618 if (!skb)
@@ -624,9 +624,9 @@
624624
625625 copied = skb->len;
626626 if (copied > len) {
627---- linux-next.orig/net/ipv6/udp.c
628-+++ linux-next/net/ipv6/udp.c
629-@@ -287,6 +287,8 @@ try_again:
627+--- linux-5.4-rc1.orig/net/ipv6/udp.c
628++++ linux-5.4-rc1/net/ipv6/udp.c
629+@@ -288,6 +288,8 @@ try_again:
630630 skb = __skb_recv_udp(sk, flags, noblock, &off, &err);
631631 if (!skb)
632632 return err;
@@ -635,9 +635,9 @@
635635
636636 ulen = udp6_skb_len(skb);
637637 copied = len;
638---- linux-next.orig/net/socket.c
639-+++ linux-next/net/socket.c
640-@@ -1756,6 +1756,10 @@ int __sys_accept4(int fd, struct sockadd
638+--- linux-5.4-rc1.orig/net/socket.c
639++++ linux-5.4-rc1/net/socket.c
640+@@ -1755,6 +1755,10 @@ int __sys_accept4(int fd, struct sockadd
641641 if (err < 0)
642642 goto out_fd;
643643
@@ -648,9 +648,9 @@
648648 if (upeer_sockaddr) {
649649 len = newsock->ops->getname(newsock,
650650 (struct sockaddr *)&address, 2);
651---- linux-next.orig/net/unix/af_unix.c
652-+++ linux-next/net/unix/af_unix.c
653-@@ -2087,6 +2087,10 @@ static int unix_dgram_recvmsg(struct soc
651+--- linux-5.4-rc1.orig/net/unix/af_unix.c
652++++ linux-5.4-rc1/net/unix/af_unix.c
653+@@ -2075,6 +2075,10 @@ static int unix_dgram_recvmsg(struct soc
654654 EPOLLOUT | EPOLLWRNORM |
655655 EPOLLWRBAND);
656656
@@ -661,7 +661,7 @@
661661 if (msg->msg_name)
662662 unix_copy_addr(msg, skb->sk);
663663
664-@@ -2137,6 +2141,7 @@ static int unix_dgram_recvmsg(struct soc
664+@@ -2125,6 +2129,7 @@ static int unix_dgram_recvmsg(struct soc
665665
666666 out_free:
667667 skb_free_datagram(sk, skb);
@@ -669,8 +669,8 @@
669669 mutex_unlock(&u->iolock);
670670 out:
671671 return err;
672---- linux-next.orig/security/Kconfig
673-+++ linux-next/security/Kconfig
672+--- linux-5.4-rc1.orig/security/Kconfig
673++++ linux-5.4-rc1/security/Kconfig
674674 @@ -291,5 +291,7 @@ config LSM
675675
676676 source "security/Kconfig.hardening"
@@ -679,8 +679,8 @@
679679 +
680680 endmenu
681681
682---- linux-next.orig/security/Makefile
683-+++ linux-next/security/Makefile
682+--- linux-5.4-rc1.orig/security/Makefile
683++++ linux-5.4-rc1/security/Makefile
684684 @@ -34,3 +34,6 @@ obj-$(CONFIG_CGROUP_DEVICE) += device_c
685685 # Object integrity file lists
686686 subdir-$(CONFIG_INTEGRITY) += integrity
@@ -688,8 +688,8 @@
688688 +
689689 +subdir-$(CONFIG_CCSECURITY) += ccsecurity
690690 +obj-$(CONFIG_CCSECURITY) += ccsecurity/
691---- linux-next.orig/security/security.c
692-+++ linux-next/security/security.c
691+--- linux-5.4-rc1.orig/security/security.c
692++++ linux-5.4-rc1/security/security.c
693693 @@ -1507,7 +1507,9 @@ int security_task_alloc(struct task_stru
694694
695695 if (rc)
Show on old repository browser