diff -ubBpEr linux-2.6.12-2.3.legacy_FC3/Makefile linux-2.6.12-2.3.legacy_FC3-ccs/Makefile
--- linux-2.6.12-2.3.legacy_FC3/Makefile	2006-03-24 09:36:20.000000000 +0900
+++ linux-2.6.12-2.3.legacy_FC3-ccs/Makefile	2006-03-24 09:27:03.000000000 +0900
@@ -1,7 +1,7 @@
 VERSION = 2
 PATCHLEVEL = 6
 SUBLEVEL = 12
-EXTRAVERSION = -2.3.legacy_FC3
+EXTRAVERSION = -2.3.legacy_FC3-ccs
 NAME=Woozy Numbat
 
 # *DOCUMENTATION*
diff -ubBpEr linux-2.6.12-2.3.legacy_FC3/fs/Kconfig linux-2.6.12-2.3.legacy_FC3-ccs/fs/Kconfig
--- linux-2.6.12-2.3.legacy_FC3/fs/Kconfig	2005-06-18 04:48:29.000000000 +0900
+++ linux-2.6.12-2.3.legacy_FC3-ccs/fs/Kconfig	2006-03-24 09:26:42.000000000 +0900
@@ -1725,5 +1725,7 @@ endmenu
 
 source "fs/nls/Kconfig"
 
+source "fs/Kconfig.ccs"
+
 endmenu
 
diff -ubBpEr linux-2.6.12-2.3.legacy_FC3/fs/Makefile linux-2.6.12-2.3.legacy_FC3-ccs/fs/Makefile
--- linux-2.6.12-2.3.legacy_FC3/fs/Makefile	2005-06-18 04:48:29.000000000 +0900
+++ linux-2.6.12-2.3.legacy_FC3-ccs/fs/Makefile	2006-03-24 09:26:42.000000000 +0900
@@ -95,3 +95,22 @@ obj-$(CONFIG_BEFS_FS)		+= befs/
 obj-$(CONFIG_HOSTFS)		+= hostfs/
 obj-$(CONFIG_HPPFS)		+= hppfs/
 obj-$(CONFIG_DEBUG_FS)		+= debugfs/
+
+obj-y += tomoyo_domain.o
+obj-$(CONFIG_SAKURA) += ccs_common.o realpath.o
+obj-$(CONFIG_SAKURA_RESTRICT_MOUNT) += sakura_mount.o
+obj-$(CONFIG_SAKURA_RESTRICT_CHROOT) += sakura_chroot.o
+obj-$(CONFIG_SAKURA_RESTRICT_UNMOUNT) += sakura_umount.o
+obj-$(CONFIG_SAKURA_TRACE_READONLY) += sakura_trace.o
+obj-$(CONFIG_SAKURA_DENY_CONCEAL_MOUNT) += sakura_maymount.o
+obj-$(CONFIG_SAKURA_DENY_PIVOT_ROOT) += sakura_pivot.o
+obj-$(CONFIG_SAKURA_RESTRICT_AUTOBIND) += sakura_bind.o
+obj-$(CONFIG_SAKURA_DROP_CAPABILITY_API) += sakura_capability.o
+obj-$(CONFIG_TOMOYO) += tomoyo_audit.o ccs_common.o realpath.o
+obj-$(CONFIG_TOMOYO_MAC_FOR_FILE) += tomoyo_file.o
+obj-$(CONFIG_TOMOYO_MAC_FOR_BINDPORT) += tomoyo_bind.o
+obj-$(CONFIG_TOMOYO_MAC_FOR_CONNECTPORT) += tomoyo_connect.o
+obj-$(CONFIG_TOMOYO_MAC_FOR_SIGNAL) += tomoyo_signal.o
+obj-$(CONFIG_TOMOYO_MAC_FOR_CAPABILITY) += tomoyo_capability.o
+obj-$(CONFIG_SYAORAN) += syaoran.o
+syaoran-objs := syaoran_2.6.o
diff -ubBpEr linux-2.6.12-2.3.legacy_FC3/fs/attr.c linux-2.6.12-2.3.legacy_FC3-ccs/fs/attr.c
--- linux-2.6.12-2.3.legacy_FC3/fs/attr.c	2005-06-18 04:48:29.000000000 +0900
+++ linux-2.6.12-2.3.legacy_FC3-ccs/fs/attr.c	2006-03-24 09:26:42.000000000 +0900
@@ -15,6 +15,9 @@
 #include <linux/quotaops.h>
 #include <linux/security.h>
 #include <linux/time.h>
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
 
 /* Taken over from the old code... */
 
@@ -179,12 +182,20 @@ int notify_change(struct dentry * dentry
 
 	if (inode->i_op && inode->i_op->setattr) {
 		error = security_inode_setattr(dentry, attr);
+		/***** TOMOYO Linux start. *****/
+		if (!error && (ia_valid & ATTR_MODE)) error = CheckCapabilityACL(TOMOYO_SYS_CHMOD);
+		if (!error && (ia_valid & (ATTR_UID | ATTR_GID))) error = CheckCapabilityACL(TOMOYO_SYS_CHOWN);
+		/***** TOMOYO Linux end. *****/
 		if (!error)
 			error = inode->i_op->setattr(dentry, attr);
 	} else {
 		error = inode_change_ok(inode, attr);
 		if (!error)
 			error = security_inode_setattr(dentry, attr);
+		/***** TOMOYO Linux start. *****/
+		if (!error && (ia_valid & ATTR_MODE)) error = CheckCapabilityACL(TOMOYO_SYS_CHMOD);
+		if (!error && (ia_valid & (ATTR_UID | ATTR_GID))) error = CheckCapabilityACL(TOMOYO_SYS_CHOWN);
+		/***** TOMOYO Linux end. *****/
 		if (!error) {
 			if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) ||
 			    (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid))
diff -ubBpEr linux-2.6.12-2.3.legacy_FC3/fs/compat.c linux-2.6.12-2.3.legacy_FC3-ccs/fs/compat.c
--- linux-2.6.12-2.3.legacy_FC3/fs/compat.c	2005-06-18 04:48:29.000000000 +0900
+++ linux-2.6.12-2.3.legacy_FC3-ccs/fs/compat.c	2006-03-24 09:26:42.000000000 +0900
@@ -50,6 +50,9 @@
 #include <asm/uaccess.h>
 #include <asm/mmu_context.h>
 #include <asm/ioctls.h>
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
 
 /*
  * Not all architectures have sys_utime, so implement this in terms
@@ -466,6 +469,9 @@ asmlinkage long compat_sys_ioctl(unsigne
 		/*FALL THROUGH*/
 
 	default:
+		/***** TOMOYO Linux start. *****/
+		if ((error = CheckCapabilityACL(TOMOYO_SYS_IOCTL)) < 0) goto out_fput;
+		/***** TOMOYO Linux end. *****/
 		if (filp->f_op && filp->f_op->compat_ioctl) {
 			error = filp->f_op->compat_ioctl(filp, cmd, arg);
 			if (error != -ENOIOCTLCMD)
diff -ubBpEr linux-2.6.12-2.3.legacy_FC3/fs/exec.c linux-2.6.12-2.3.legacy_FC3-ccs/fs/exec.c
--- linux-2.6.12-2.3.legacy_FC3/fs/exec.c	2006-03-24 09:22:55.000000000 +0900
+++ linux-2.6.12-2.3.legacy_FC3-ccs/fs/exec.c	2006-03-24 09:26:42.000000000 +0900
@@ -56,6 +56,14 @@
 #include <linux/kmod.h>
 #endif
 
+/***** SAKURA Linux start. *****/
+#include <linux/sakura.h>
+/***** SAKURA Linux end. *****/
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+#include <linux/realpath.h>
+/***** TOMOYO Linux end. *****/
+
 int core_uses_pid;
 char core_pattern[65] = "core";
 /* The maximal length of core_pattern is also specified in sysctl.c */
@@ -145,6 +153,24 @@ asmlinkage long sys_uselib(const char __
 	if(file->f_op) {
 		struct linux_binfmt * fmt;
 
+		/***** TOMOYO Linux start. *****/
+		{
+			int err;
+			char *filename = getname(library);
+			if (!IS_ERR(filename)) {
+				err = CheckFilePerm(filename, 4, 0, "sys_uselib");
+				putname(filename);
+			} else {
+				err = PTR_ERR(filename);
+			}
+			if (err < 0) {
+				error = err;
+				fput(file);
+				goto out;
+			}
+		}
+		/***** TOMOYO Linux end. *****/
+
 		read_lock(&binfmt_lock);
 		for (fmt = formats ; fmt ; fmt = fmt->next) {
 			if (!fmt->load_shlib)
@@ -1132,6 +1158,25 @@ int do_execve(char * filename,
 	struct file *file;
 	int retval;
 	int i;
+	/***** TOMOYO Linux start. *****/
+#ifdef CONFIG_TOMOYO
+	struct domain_info *next_domain = NULL;
+#endif
+	/***** TOMOYO Linux end. *****/
+
+	/***** CCS Start. *****/
+#if defined(CONFIG_SAKURA) || defined(CONFIG_TOMOYO)
+	extern void CCS_LoadPolicy(const char *filename);
+	CCS_LoadPolicy(filename);
+#endif
+	/***** CCS end. *****/
+
+	/***** SAKURA Linux start. *****/
+#ifdef CONFIG_SAKURA_DROP_CAPABILITY_API
+	if (strcmp(filename, "\\\\disable") == 0) return DropTaskCapability(argv);
+	if (CheckTaskCapability(SAKURA_DISABLE_EXECVE) < 0) return -EPERM;
+#endif
+	/***** SAKURA Linux end. *****/
 
 	retval = -ENOMEM;
 	bprm = kmalloc(sizeof(*bprm), GFP_KERNEL);
@@ -1144,6 +1189,23 @@ int do_execve(char * filename,
 	if (IS_ERR(file))
 		goto out_kfree;
 
+ 	/***** TOMOYO Linux start. *****/
+#ifdef CONFIG_TOMOYO
+	{
+ 		const char *buffer;
+		retval = -ENOENT;
+		if ((buffer = realpath(filename)) != NULL) {
+ 			retval = CheckFilePerm(buffer, 1, 1, "do_execve");
+ 			if (retval == 0) next_domain = GetNextDomain(buffer, &retval);
+			kfree(buffer);
+ 		}
+ 		if (retval < 0) {
+			allow_write_access(file); fput(file); goto out_kfree;
+		}
+	}
+#endif
+ 	/***** TOMOYO Linux end. *****/
+	
 	sched_exec();
 
 	bprm->p = PAGE_SIZE*MAX_ARG_PAGES-sizeof(void *);
@@ -1190,6 +1252,19 @@ int do_execve(char * filename,
 		goto out;
 
 	retval = search_binary_handler(bprm,regs);
+ 
+ 	/***** TOMOYO Linux start. *****/
+#ifdef CONFIG_TOMOYO
+ 	if (retval >= 0) current->domain_info = next_domain;
+#endif
+ 	/***** TOMOYO Linux end. *****/
+ 
+ 	/***** SAKURA Linux start. *****/
+#ifdef CONFIG_SAKURA_DROP_CAPABILITY_API
+ 	if (retval >= 0) RestoreTaskCapability();
+#endif
+ 	/***** SAKURA Linux end. *****/
+ 
 	if (retval >= 0) {
 		free_arg_pages(bprm);
 
diff -ubBpEr linux-2.6.12-2.3.legacy_FC3/fs/ioctl.c linux-2.6.12-2.3.legacy_FC3-ccs/fs/ioctl.c
--- linux-2.6.12-2.3.legacy_FC3/fs/ioctl.c	2005-06-18 04:48:29.000000000 +0900
+++ linux-2.6.12-2.3.legacy_FC3-ccs/fs/ioctl.c	2006-03-24 09:26:42.000000000 +0900
@@ -15,6 +15,9 @@
 
 #include <asm/uaccess.h>
 #include <asm/ioctls.h>
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
 
 static long do_ioctl(struct file *filp, unsigned int cmd,
 		unsigned long arg)
@@ -23,6 +26,9 @@ static long do_ioctl(struct file *filp, 
 
 	if (!filp->f_op)
 		goto out;
+	/***** TOMOYO Linux start. *****/
+	if (CheckCapabilityACL(TOMOYO_SYS_IOCTL) < 0) return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	if (filp->f_op->unlocked_ioctl) {
 		error = filp->f_op->unlocked_ioctl(filp, cmd, arg);
diff -ubBpEr linux-2.6.12-2.3.legacy_FC3/fs/namei.c linux-2.6.12-2.3.legacy_FC3-ccs/fs/namei.c
--- linux-2.6.12-2.3.legacy_FC3/fs/namei.c	2006-03-24 09:22:56.000000000 +0900
+++ linux-2.6.12-2.3.legacy_FC3-ccs/fs/namei.c	2006-03-24 09:26:42.000000000 +0900
@@ -33,6 +33,13 @@
 
 #define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE])
 
+/***** SAKURA Linux start. *****/
+#include <linux/sakura.h>
+/***** SAKURA Linux end. *****/
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
+
 /* [Feb-1997 T. Schoebel-Theuer]
  * Fundamental changes in the pathname lookup mechanisms (namei)
  * were necessary because of omirr.  The reason is that omirr needs
@@ -724,6 +731,13 @@ static fastcall int __link_path_walk(con
 
 	atomic = (lookup_flags & LOOKUP_ATOMIC);
 
+	/***** SAKURA Linux start. *****/
+	if (CheckEUID() < 0) {
+		path_release(nd);
+		return -EPERM;
+	}
+	/***** SAKURA Linux end. *****/
+
 	while (*name=='/')
 		name++;
 	if (!*name)
@@ -1317,6 +1331,9 @@ int vfs_create(struct inode *dir, struct
 	error = security_inode_create(dir, dentry, mode);
 	if (error)
 		return error;
+	/***** TOMOYO Linux start. *****/
+	if (nd && (error = CheckSingleWritePermission(TYPE_CREATE_ACL, dentry, nd->mnt)) < 0) return error;
+	/***** TOMOYO Linux end. *****/
 	DQUOT_INIT(dir);
 	error = dir->i_op->create(dir, dentry, mode, nd);
 	if (!error) {
@@ -1358,7 +1375,7 @@ int may_open(struct nameidata *nd, int a
 
 		flag &= ~O_TRUNC;
 	} else if (IS_RDONLY(inode) && (flag & FMODE_WRITE))
-		return -EROFS;
+		{ ROFS_Log_from_dentry(nd->dentry, nd->mnt, "may_open"); return -EROFS; } /***** ReadOnly Tracer *****/
 	/*
 	 * An append-only file must be opened in append mode for writing.
 	 */
@@ -1386,6 +1403,10 @@ int may_open(struct nameidata *nd, int a
 		if (error)
 			return error;
 
+ 		/***** TOMOYO Linux start. *****/
+ 		if ((error = CheckSingleWritePermission(TYPE_TRUNCATE_ACL, dentry, nd->mnt)) == 0)
+ 		/***** TOMOYO Linux end. *****/
+
 		/*
 		 * Refuse to truncate files with mandatory locks held on them.
 		 */
@@ -1405,6 +1426,68 @@ int may_open(struct nameidata *nd, int a
 	return 0;
 }
 
+/***** TOMOYO Linux start. *****/
+
+int pre_vfs_mknod(struct inode *dir, struct dentry *dentry, int mode) {
+	int error = may_create(dir, dentry, NULL);
+	if (error) return error;
+	if ((S_ISCHR(mode) || S_ISBLK(mode)) && !capable(CAP_MKNOD)) return -EPERM;
+	if (!dir->i_op || !dir->i_op->mknod) return -EPERM;
+	return 0;
+}
+EXPORT_SYMBOL(pre_vfs_mknod);
+
+static inline int pre_vfs_mkdir(struct inode *dir, struct dentry *dentry) {
+	int error = may_create(dir, dentry, NULL);
+	if (error) return error;
+	if (!dir->i_op || !dir->i_op->mkdir) return -EPERM;
+	return 0;
+}
+
+static inline int pre_vfs_rmdir(struct inode *dir, struct dentry *dentry) {
+	int error = may_delete(dir, dentry, 1);
+	if (error) return error;
+	if (!dir->i_op || !dir->i_op->rmdir) return -EPERM;
+	return 0;
+}
+
+static inline int pre_vfs_unlink(struct inode *dir, struct dentry *dentry) {
+	int error = may_delete(dir, dentry, 0);
+    if (error) return error;
+    if (!dir->i_op || !dir->i_op->unlink) return -EPERM;
+	return 0;
+}
+
+static inline int pre_vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry) {
+	struct inode *inode = old_dentry->d_inode;
+    int error;
+    if (!inode) return -ENOENT;
+    error = may_create(dir, new_dentry, NULL);
+    if (error) return error;
+    if (dir->i_sb != inode->i_sb) return -EXDEV;
+    if (IS_APPEND(inode) || IS_IMMUTABLE(inode)) return -EPERM;
+    if (!dir->i_op || !dir->i_op->link) return -EPERM;
+    if (S_ISDIR(old_dentry->d_inode->i_mode)) return -EPERM;
+	return 0;
+}
+
+static inline int pre_vfs_symlink(struct inode *dir, struct dentry *dentry) {
+    int error = may_create(dir, dentry, NULL);
+	if (error) return error;
+    if (!dir->i_op || !dir->i_op->symlink) return -EPERM;
+	return 0;
+}
+
+static inline int pre_vfs_rename(struct inode *old_dir, struct dentry *old_dentry, struct inode *new_dir, struct dentry *new_dentry) {
+	int error = 0;
+	lock_kernel();
+	if (S_ISDIR(old_dentry->d_inode->i_mode) && new_dir != old_dir) error = permission(old_dentry->d_inode, MAY_WRITE, NULL);
+	unlock_kernel();
+	return error;
+}
+
+/***** TOMOYO Linux end. *****/
+
 /*
  *	open_namei()
  *
@@ -1524,6 +1607,20 @@ ok:
 	error = may_open(nd, acc_mode, flag);
 	if (error)
 		goto exit;
+	/***** TOMOYO Linux start. *****/
+	switch (((unsigned) flag) & 3) {
+	case 1:
+		error = CheckFilePerm(pathname, 4, 0, "open_namei"); /* read */
+		break;
+	case 2:
+		error = CheckFilePerm(pathname, 2, 0, "open_namei"); /* write */
+		break;
+	case 3:
+		error = CheckFilePerm(pathname, 6, 0, "open_namei"); /* read write */
+		break;
+	}
+	if (error) goto exit;
+	/***** TOMOYO Linux end. *****/
 	return 0;
 
 exit_dput:
@@ -1531,6 +1628,7 @@ exit_dput:
 	if (nd->mnt != path.mnt)
 		mntput(path.mnt);
 exit:
+	if (error == -EROFS) ROFS_Log_from_dentry(nd->dentry, nd->mnt, "open_namei"); /***** ReadOnly Tracer *****/
 	path_release(nd);
 	return error;
 
@@ -1644,6 +1742,12 @@ asmlinkage long sys_mknod(const char __u
 
 	if (S_ISDIR(mode))
 		return -EPERM;
+	/***** TOMOYO Linux start. *****/
+	if (S_ISCHR(mode) && CheckCapabilityACL(TOMOYO_CREATE_CHAR_DEV)) return -EPERM;
+	if (S_ISBLK(mode) && CheckCapabilityACL(TOMOYO_CREATE_BLOCK_DEV)) return -EPERM;
+	if (S_ISFIFO(mode) && CheckCapabilityACL(TOMOYO_CREATE_FIFO)) return -EPERM;
+	if (S_ISSOCK(mode) && CheckCapabilityACL(TOMOYO_CREATE_UNIX_SOCKET)) return -EPERM;
+	/***** TOMOYO Linux end. *****/
 	tmp = getname(filename);
 	if (IS_ERR(tmp))
 		return PTR_ERR(tmp);
@@ -1662,10 +1766,16 @@ asmlinkage long sys_mknod(const char __u
 			error = vfs_create(nd.dentry->d_inode,dentry,mode,&nd);
 			break;
 		case S_IFCHR: case S_IFBLK:
+			/***** TOMOYO Linux start. *****/
+ 			if ((error = pre_vfs_mknod(nd.dentry->d_inode, dentry, mode)) == 0 && (error = CheckSingleWritePermission(S_ISCHR(mode) ? TYPE_MKCHAR_ACL : TYPE_MKBLOCK_ACL, dentry, nd.mnt)) == 0)
+ 			/***** TOMOYO Linux end. *****/
 			error = vfs_mknod(nd.dentry->d_inode,dentry,mode,
 					new_decode_dev(dev));
 			break;
 		case S_IFIFO: case S_IFSOCK:
+			/***** TOMOYO Linux start. *****/
+ 			if ((error = pre_vfs_mknod(nd.dentry->d_inode, dentry, mode)) == 0 && (error = CheckSingleWritePermission(S_ISFIFO(mode) ? TYPE_MKFIFO_ACL : TYPE_MKSOCK_ACL, dentry, nd.mnt)) == 0)
+ 			/***** TOMOYO Linux end. *****/
 			error = vfs_mknod(nd.dentry->d_inode,dentry,mode,0);
 			break;
 		case S_IFDIR:
@@ -1674,6 +1784,7 @@ asmlinkage long sys_mknod(const char __u
 		default:
 			error = -EINVAL;
 		}
+		if (error == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "sys_mknod"); /***** ReadOnly Tracer *****/
 		dput(dentry);
 	}
 	up(&nd.dentry->d_inode->i_sem);
@@ -1727,7 +1838,11 @@ asmlinkage long sys_mkdir(const char __u
 		if (!IS_ERR(dentry)) {
 			if (!IS_POSIXACL(nd.dentry->d_inode))
 				mode &= ~current->fs->umask;
+ 			/***** TOMOYO Linux start. *****/
+ 			if ((error = pre_vfs_mkdir(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_MKDIR_ACL, dentry, nd.mnt)) == 0)
+ 			/***** TOMOYO Linux end. *****/
 			error = vfs_mkdir(nd.dentry->d_inode, dentry, mode);
+			if (error == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "sys_mkdir"); /***** ReadOnly Tracer *****/
 			dput(dentry);
 		}
 		up(&nd.dentry->d_inode->i_sem);
@@ -1831,7 +1946,11 @@ asmlinkage long sys_rmdir(const char __u
 	dentry = lookup_hash(&nd.last, nd.dentry);
 	error = PTR_ERR(dentry);
 	if (!IS_ERR(dentry)) {
+		/***** TOMOYO Linux start. *****/
+		if ((error = pre_vfs_rmdir(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_RMDIR_ACL, dentry, nd.mnt)) == 0)
+		/***** TOMOYO Linux end. *****/
 		error = vfs_rmdir(nd.dentry->d_inode, dentry);
+		if (error == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "sys_rmdir"); /***** ReadOnly Tracer *****/
 		dput(dentry);
 	}
 	up(&nd.dentry->d_inode->i_sem);
@@ -1885,6 +2004,9 @@ asmlinkage long sys_unlink(const char __
 	struct dentry *dentry;
 	struct nameidata nd;
 	struct inode *inode = NULL;
+	/***** TOMOYO Linux start. *****/
+	if (CheckCapabilityACL(TOMOYO_SYS_UNLINK)) return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	name = getname(pathname);
 	if(IS_ERR(name))
@@ -1906,7 +2028,11 @@ asmlinkage long sys_unlink(const char __
 		inode = dentry->d_inode;
 		if (inode)
 			atomic_inc(&inode->i_count);
+		/***** TOMOYO Linux start. *****/
+ 		if ((error = pre_vfs_unlink(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_UNLINK_ACL, dentry, nd.mnt)) == 0)
+ 		/***** TOMOYO Linux end. *****/
 		error = vfs_unlink(nd.dentry->d_inode, dentry);
+		if (error == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "sys_unlink"); /***** ReadOnly Tracer *****/
 	exit2:
 		dput(dentry);
 	}
@@ -1953,6 +2079,9 @@ asmlinkage long sys_symlink(const char _
 	int error = 0;
 	char * from;
 	char * to;
+	/***** TOMOYO Linux start. *****/
+	if (CheckCapabilityACL(TOMOYO_SYS_SYMLINK)) return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	from = getname(oldname);
 	if(IS_ERR(from))
@@ -1969,7 +2098,11 @@ asmlinkage long sys_symlink(const char _
 		dentry = lookup_create(&nd, 0);
 		error = PTR_ERR(dentry);
 		if (!IS_ERR(dentry)) {
+			/***** TOMOYO Linux start. *****/
+ 			if ((error = pre_vfs_symlink(nd.dentry->d_inode, dentry)) == 0 && (error = CheckSingleWritePermission(TYPE_SYMLINK_ACL, dentry, nd.mnt)) == 0)
+ 			/***** TOMOYO Linux end. *****/
 			error = vfs_symlink(nd.dentry->d_inode, dentry, from, S_IALLUGO);
+			if (error == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "vfs_symlink"); /***** ReadOnly Tracer *****/
 			dput(dentry);
 		}
 		up(&nd.dentry->d_inode->i_sem);
@@ -2036,6 +2169,9 @@ asmlinkage long sys_link(const char __us
 	struct nameidata nd, old_nd;
 	int error;
 	char * to;
+	/***** TOMOYO Linux start. *****/
+	if (CheckCapabilityACL(TOMOYO_SYS_LINK)) return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	to = getname(newname);
 	if (IS_ERR(to))
@@ -2053,7 +2189,11 @@ asmlinkage long sys_link(const char __us
 	new_dentry = lookup_create(&nd, 0);
 	error = PTR_ERR(new_dentry);
 	if (!IS_ERR(new_dentry)) {
+		/***** TOMOYO Linux start. *****/
+		if ((error = pre_vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry)) == 0 && (error = CheckDoubleWritePermission(TYPE_LINK_ACL, old_nd.dentry, old_nd.mnt, new_dentry, nd.mnt)) == 0)
+		/***** TOMOYO Linux end. *****/
 		error = vfs_link(old_nd.dentry, nd.dentry->d_inode, new_dentry);
+		if (error == -EROFS) ROFS_Log_from_dentry(new_dentry, nd.mnt, "vfs_link"); /***** ReadOnly Tracer *****/
 		dput(new_dentry);
 	}
 	up(&nd.dentry->d_inode->i_sem);
@@ -2275,6 +2415,13 @@ static inline int do_rename(const char *
 	if (new_dentry == trap)
 		goto exit5;
 
+	/***** TOMOYO Linux start. *****/
+ 	if ((error = pre_vfs_rename(old_dir->d_inode, old_dentry, new_dir->d_inode, new_dentry)) < 0 ||
+ 		(error = CheckDoubleWritePermission(TYPE_RENAME_ACL, old_dentry, oldnd.mnt, new_dentry, newnd.mnt)) < 0) {
+ 		goto exit5;
+ 	}
+ 	/***** TOMOYO Linux end. *****/
+ 
 	error = vfs_rename(old_dir->d_inode, old_dentry,
 				   new_dir->d_inode, new_dentry);
 exit5:
@@ -2288,6 +2435,7 @@ exit2:
 exit1:
 	path_release(&oldnd);
 exit:
+	if (error == -EROFS) ROFS_Log(oldname, "do_rename"); /***** ReadOnly Tracer *****/
 	return error;
 }
 
@@ -2296,6 +2444,9 @@ asmlinkage long sys_rename(const char __
 	int error;
 	char * from;
 	char * to;
+	/***** TOMOYO Linux start. *****/
+	if (CheckCapabilityACL(TOMOYO_SYS_RENAME)) return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	from = getname(oldname);
 	if(IS_ERR(from))
diff -ubBpEr linux-2.6.12-2.3.legacy_FC3/fs/namespace.c linux-2.6.12-2.3.legacy_FC3-ccs/fs/namespace.c
--- linux-2.6.12-2.3.legacy_FC3/fs/namespace.c	2006-03-24 09:22:54.000000000 +0900
+++ linux-2.6.12-2.3.legacy_FC3-ccs/fs/namespace.c	2006-03-24 09:26:42.000000000 +0900
@@ -24,6 +24,12 @@
 #include <linux/mount.h>
 #include <asm/uaccess.h>
 #include <asm/unistd.h>
+/***** SAKURA Linux start. *****/
+#include <linux/sakura.h>
+/***** SAKURA Linux end. *****/
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
 
 extern int __init init_rootfs(void);
 
@@ -373,6 +379,10 @@ static int do_umount(struct vfsmount *mn
 	if (retval)
 		return retval;
 
+	/***** SAKURA Linux start. *****/
+	if (SAKURA_MayUmount(mnt) < 0) return -EPERM;
+	/***** SAKURA Linux end. *****/
+
 	/*
 	 * Allow userspace to request a mountpoint be expired rather than
 	 * unmounting unconditionally. Unmount only happens if:
@@ -469,6 +479,9 @@ asmlinkage long sys_umount(char __user *
 {
 	struct nameidata nd;
 	int retval;
+	/***** TOMOYO Linux start. *****/
+	if (CheckCapabilityACL(TOMOYO_SYS_UMOUNT)) return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	retval = __user_walk(name, LOOKUP_FOLLOW, &nd);
 	if (retval)
@@ -634,6 +647,10 @@ static int do_loopback(struct nameidata 
 	down_write(&current->namespace->sem);
 	err = -EINVAL;
 	if (check_mnt(nd->mnt) && (!recurse || check_mnt(old_nd.mnt))) {
+		/***** SAKURA Linux start. *****/
+		err = -EPERM;
+		if (SAKURA_MayMount(nd) < 0 || CheckTaskCapability(SAKURA_DISABLE_MOUNT) < 0) goto out;
+		/***** SAKURA Linux end. *****/
 		err = -ENOMEM;
 		if (recurse)
 			mnt = copy_tree(old_nd.mnt, old_nd.dentry);
@@ -655,7 +672,9 @@ static int do_loopback(struct nameidata 
 		} else
 			mntput(mnt);
 	}
-
+	/***** SAKURA Linux start. *****/
+ out:
+	/***** SAKURA Linux end. *****/
 	up_write(&current->namespace->sem);
 	path_release(&old_nd);
 	return err;
@@ -711,7 +730,10 @@ static int do_move_mount(struct nameidat
 	err = -EINVAL;
 	if (!check_mnt(nd->mnt) || !check_mnt(old_nd.mnt))
 		goto out;
-
+	/***** SAKURA Linux start. *****/
+	err = -EPERM;
+	if (SAKURA_MayUmount(old_nd.mnt) < 0 || SAKURA_MayMount(nd) < 0 || CheckTaskCapability(SAKURA_DISABLE_MOUNT) < 0) goto out;
+	/***** SAKURA Linux end. *****/
 	err = -ENOENT;
 	down(&nd->dentry->d_inode->i_sem);
 	if (IS_DEADDIR(nd->dentry->d_inode))
@@ -805,6 +827,10 @@ int do_add_mount(struct vfsmount *newmnt
 	err = -EINVAL;
 	if (S_ISLNK(newmnt->mnt_root->d_inode->i_mode))
 		goto unlock;
+	/***** SAKURA Linux start. *****/
+	err = -EPERM;
+	if (SAKURA_MayMount(nd) < 0 || CheckTaskCapability(SAKURA_DISABLE_MOUNT) < 0) goto unlock;
+	/***** SAKURA Linux end. *****/
 
 	newmnt->mnt_flags = mnt_flags;
 	err = graft_tree(newmnt, nd);
@@ -1154,6 +1180,9 @@ asmlinkage long sys_mount(char __user * 
 	unsigned long type_page;
 	unsigned long dev_page;
 	char *dir_page;
+	/***** TOMOYO Linux start. *****/
+	if (CheckCapabilityACL(TOMOYO_SYS_MOUNT)) return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	retval = copy_mount_options (type, &type_page);
 	if (retval < 0)
@@ -1172,6 +1201,15 @@ asmlinkage long sys_mount(char __user * 
 	if (retval < 0)
 		goto out3;
 
+	/***** SAKURA Linux start. *****/
+	retval = -EPERM;
+	if (CheckMountPermission((char *) dev_page, dir_page, (char *) type_page, &flags) < 0 ||
+ 		CheckTaskCapability(SAKURA_DISABLE_MOUNT) < 0) {
+		free_page(data_page);
+		goto out3;
+	}
+	/***** SAKURA Linux end. *****/
+
 	lock_kernel();
 	retval = do_mount((char*)dev_page, dir_page, (char*)type_page,
 			  flags, (void*)data_page);
@@ -1287,6 +1325,10 @@ asmlinkage long sys_pivot_root(const cha
 	if (!capable(CAP_SYS_ADMIN))
 		return -EPERM;
 
+	/***** SAKURA Linux start. *****/
+	if (CheckPivotRootPermission() < 0 || CheckTaskCapability(SAKURA_DISABLE_PIVOTROOT) < 0) return -EPERM;
+	/***** SAKURA Linux end. *****/
+
 	lock_kernel();
 
 	error = __user_walk(new_root, LOOKUP_FOLLOW|LOOKUP_DIRECTORY, &new_nd);
diff -ubBpEr linux-2.6.12-2.3.legacy_FC3/fs/open.c linux-2.6.12-2.3.legacy_FC3-ccs/fs/open.c
--- linux-2.6.12-2.3.legacy_FC3/fs/open.c	2006-03-24 09:22:56.000000000 +0900
+++ linux-2.6.12-2.3.legacy_FC3-ccs/fs/open.c	2006-03-24 09:26:42.000000000 +0900
@@ -26,6 +26,13 @@
 
 #include <asm/unistd.h>
 
+/***** SAKURA Linux start. *****/
+#include <linux/sakura.h>
+/***** SAKURA Linux end. *****/
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
+
 int vfs_statfs(struct super_block *sb, struct kstatfs *buf)
 {
 	int retval = -ENODEV;
@@ -257,6 +264,9 @@ static inline long do_sys_truncate(const
 	if (error)
 		goto dput_and_out;
 
+	/***** TOMOYO Linux start. *****/
+	if ((error = CheckSingleWritePermission(TYPE_TRUNCATE_ACL, nd.dentry, nd.mnt)) == 0)
+	/***** TOMOYO Linux end. *****/
 	error = locks_verify_truncate(inode, NULL, length);
 	if (!error) {
 		DQUOT_INIT(inode);
@@ -265,6 +275,7 @@ static inline long do_sys_truncate(const
 	put_write_access(inode);
 
 dput_and_out:
+	if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "do_sys_truncate"); /***** ReadOnly Tracer *****/
 	path_release(&nd);
 out:
 	return error;
@@ -310,10 +321,14 @@ static inline long do_sys_ftruncate(unsi
 	if (IS_APPEND(inode))
 		goto out_putf;
 
+	/***** TOMOYO Linux start. *****/
+	if ((error = CheckSingleWritePermission(TYPE_TRUNCATE_ACL, dentry, file->f_vfsmnt)) == 0)
+	/***** TOMOYO Linux end. *****/
 	error = locks_verify_truncate(inode, file, length);
 	if (!error)
 		error = do_truncate(dentry, length);
 out_putf:
+	if (error == -EROFS) ROFS_Log_from_dentry(file->f_dentry, file->f_vfsmnt, "do_sys_ftruncate"); /***** ReadOnly Tracer *****/
 	fput(file);
 out:
 	return error;
@@ -395,6 +410,7 @@ asmlinkage long sys_utime(char __user * 
 	error = notify_change(nd.dentry, &newattrs);
 	up(&inode->i_sem);
 dput_and_out:
+	if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_utime"); /***** ReadOnly Tracer *****/
 	path_release(&nd);
 out:
 	return error;
@@ -448,6 +464,7 @@ long do_utimes(char __user * filename, s
 	error = notify_change(nd.dentry, &newattrs);
 	up(&inode->i_sem);
 dput_and_out:
+	if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_utimes"); /***** ReadOnly Tracer *****/
 	path_release(&nd);
 out:
 	return error;
@@ -505,6 +522,9 @@ asmlinkage long sys_access(const char __
 		if(!res && (mode & S_IWOTH) && IS_RDONLY(nd.dentry->d_inode)
 		   && !special_file(nd.dentry->d_inode->i_mode))
 			res = -EROFS;
+#if 0
+		if (res == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_access"); /***** ReadOnly Tracer *****/
+#endif
 		path_release(&nd);
 	}
 
@@ -572,6 +592,9 @@ asmlinkage long sys_chroot(const char __
 {
 	struct nameidata nd;
 	int error;
+	/***** TOMOYO Linux start. *****/
+	if (CheckCapabilityACL(TOMOYO_SYS_CHROOT)) return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	error = __user_walk(filename, LOOKUP_FOLLOW | LOOKUP_DIRECTORY | LOOKUP_NOALT, &nd);
 	if (error)
@@ -585,6 +608,19 @@ asmlinkage long sys_chroot(const char __
 	if (!capable(CAP_SYS_CHROOT))
 		goto dput_and_out;
 
+	/***** SAKURA Linux start. *****/
+    {
+        char *name = getname(filename);
+        if (!IS_ERR(name)) {
+            error = CheckChRootPermission(name) | CheckTaskCapability(SAKURA_DISABLE_CHROOT);
+            putname(name);
+        } else {
+            error = PTR_ERR(name);
+        }
+        if (error < 0) goto dput_and_out;
+    }
+	/***** SAKURA Linux end. *****/
+
 	set_fs_root(current->fs, nd.mnt, nd.dentry);
 	set_fs_altroot();
 	error = 0;
@@ -626,6 +662,7 @@ asmlinkage long sys_fchmod(unsigned int 
 	up(&inode->i_sem);
 
 out_putf:
+	if (err == -EROFS) ROFS_Log_from_dentry(file->f_dentry, file->f_vfsmnt, "sys_fchmod"); /***** ReadOnly Tracer *****/
 	fput(file);
 out:
 	return err;
@@ -660,6 +697,7 @@ asmlinkage long sys_chmod(const char __u
 	up(&inode->i_sem);
 
 dput_and_out:
+	if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_chmod"); /***** ReadOnly Tracer *****/
 	path_release(&nd);
 out:
 	return error;
@@ -708,6 +746,7 @@ asmlinkage long sys_chown(const char __u
 	error = user_path_walk(filename, &nd);
 	if (!error) {
 		error = chown_common(nd.dentry, user, group);
+		if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_chown"); /***** ReadOnly Tracer *****/
 		path_release(&nd);
 	}
 	return error;
@@ -721,6 +760,7 @@ asmlinkage long sys_lchown(const char __
 	error = user_path_walk_link(filename, &nd);
 	if (!error) {
 		error = chown_common(nd.dentry, user, group);
+		if (error == -EROFS) ROFS_Log_from_dentry(nd.dentry, nd.mnt, "sys_lchown"); /***** ReadOnly Tracer *****/
 		path_release(&nd);
 	}
 	return error;
@@ -735,6 +775,7 @@ asmlinkage long sys_fchown(unsigned int 
 	file = fget(fd);
 	if (file) {
 		error = chown_common(file->f_dentry, user, group);
+		if (error == -EROFS) ROFS_Log_from_dentry(file->f_dentry, file->f_vfsmnt, "sys_fchown"); /***** ReadOnly Tracer *****/
 		fput(file);
 	}
 	return error;
@@ -1044,6 +1085,9 @@ EXPORT_SYMBOL(sys_close);
  */
 asmlinkage long sys_vhangup(void)
 {
+	/***** TOMOYO Linux start. *****/
+	if (CheckCapabilityACL(TOMOYO_SYS_VHANGUP) == 0)
+	/***** TOMOYO Linux end. *****/
 	if (capable(CAP_SYS_TTY_CONFIG)) {
 		tty_vhangup(current->signal->tty);
 		return 0;
diff -ubBpEr linux-2.6.12-2.3.legacy_FC3/fs/proc/Makefile linux-2.6.12-2.3.legacy_FC3-ccs/fs/proc/Makefile
--- linux-2.6.12-2.3.legacy_FC3/fs/proc/Makefile	2005-06-18 04:48:29.000000000 +0900
+++ linux-2.6.12-2.3.legacy_FC3-ccs/fs/proc/Makefile	2006-03-24 09:26:42.000000000 +0900
@@ -12,3 +12,6 @@ proc-y       += inode.o root.o base.o ge
 
 proc-$(CONFIG_PROC_KCORE)	+= kcore.o
 proc-$(CONFIG_PROC_DEVICETREE)	+= proc_devtree.o
+
+proc-$(CONFIG_SAKURA) += ccs_proc.o
+proc-$(CONFIG_TOMOYO) += ccs_proc.o
diff -ubBpEr linux-2.6.12-2.3.legacy_FC3/fs/proc/proc_misc.c linux-2.6.12-2.3.legacy_FC3-ccs/fs/proc/proc_misc.c
--- linux-2.6.12-2.3.legacy_FC3/fs/proc/proc_misc.c	2005-06-18 04:48:29.000000000 +0900
+++ linux-2.6.12-2.3.legacy_FC3-ccs/fs/proc/proc_misc.c	2006-03-24 09:36:08.000000000 +0900
@@ -617,4 +617,13 @@ void __init proc_misc_init(void)
 			entry->proc_fops = &ppc_htab_operations;
 	}
 #endif
+	/***** CCS start. *****/
+#if defined(CONFIG_SAKURA) || defined(CONFIG_TOMOYO)
+	{
+		extern void CCSProc_Init(void);
+		CCSProc_Init();
+		printk("Hook version: 2.6.12-2.3.legacy_FC3 2006/04/19\n");
+	}
+#endif
+	/***** CCS end. *****/
 }
diff -ubBpEr linux-2.6.12-2.3.legacy_FC3/include/linux/init_task.h linux-2.6.12-2.3.legacy_FC3-ccs/include/linux/init_task.h
--- linux-2.6.12-2.3.legacy_FC3/include/linux/init_task.h	2005-06-18 04:48:29.000000000 +0900
+++ linux-2.6.12-2.3.legacy_FC3-ccs/include/linux/init_task.h	2006-03-24 09:26:42.000000000 +0900
@@ -111,6 +111,12 @@ extern struct group_info init_groups;
 	.switch_lock	= SPIN_LOCK_UNLOCKED,				\
 	.journal_info	= NULL,						\
 	.cpu_timers	= INIT_CPU_TIMERS(tsk.cpu_timers),		\
+	/***** TOMOYO Linux start. *****/        \
+	.domain_info = &KERNEL_DOMAIN,           \
+	/***** TOMOYO Linux end. *****/          \
+	/***** SAKURA Linux start. *****/        \
+	.dropped_capability = 0,                 \
+	/***** SAKURA Linux end. *****/          \
 }
 
 
diff -ubBpEr linux-2.6.12-2.3.legacy_FC3/include/linux/sched.h linux-2.6.12-2.3.legacy_FC3-ccs/include/linux/sched.h
--- linux-2.6.12-2.3.legacy_FC3/include/linux/sched.h	2006-03-24 09:22:54.000000000 +0900
+++ linux-2.6.12-2.3.legacy_FC3-ccs/include/linux/sched.h	2006-03-24 09:26:42.000000000 +0900
@@ -39,6 +39,11 @@ struct exec_domain;
 extern int exec_shield;
 extern int print_fatal_signals;
 
+/***** TOMOYO Linux start. *****/
+struct domain_info;
+extern struct domain_info KERNEL_DOMAIN;
+/***** TOMOYO Linux end. *****/
+
 /*
  * cloning flags:
  */
@@ -754,6 +759,12 @@ struct task_struct {
 	nodemask_t mems_allowed;
 	int cpuset_mems_generation;
 #endif
+	/***** TOMOYO Linux start. *****/
+	struct domain_info *domain_info;
+	/***** TOMOYO Linux end. *****/
+	/***** SAKURA Linux start. *****/
+	unsigned int dropped_capability;
+	/***** SAKURA Linux end. *****/
 };
 
 static inline pid_t process_group(struct task_struct *tsk)
diff -ubBpEr linux-2.6.12-2.3.legacy_FC3/kernel/kmod.c linux-2.6.12-2.3.legacy_FC3-ccs/kernel/kmod.c
--- linux-2.6.12-2.3.legacy_FC3/kernel/kmod.c	2006-03-24 09:22:54.000000000 +0900
+++ linux-2.6.12-2.3.legacy_FC3-ccs/kernel/kmod.c	2006-03-24 09:26:42.000000000 +0900
@@ -139,6 +139,13 @@ int __exec_usermodehelper(char *path, ch
 	recalc_sigpending();
 	spin_unlock_irq(&current->sighand->siglock);
 
+	/***** TOMOYO Linux start. *****/
+	current->domain_info = &KERNEL_DOMAIN;
+	/***** TOMOYO Linux start. *****/
+	/***** SAKURA Linux start. *****/
+	current->dropped_capability = 0;
+	/***** SAKURA Linux end. *****/
+
 	retval = -EPERM;
 	if (current->fs->root)
 		retval = execve(path, argv, envp);
diff -ubBpEr linux-2.6.12-2.3.legacy_FC3/kernel/module.c linux-2.6.12-2.3.legacy_FC3-ccs/kernel/module.c
--- linux-2.6.12-2.3.legacy_FC3/kernel/module.c	2006-03-24 09:22:55.000000000 +0900
+++ linux-2.6.12-2.3.legacy_FC3-ccs/kernel/module.c	2006-03-24 09:26:42.000000000 +0900
@@ -39,6 +39,9 @@
 #include <asm/semaphore.h>
 #include <asm/cacheflush.h>
 #include "module-verify.h"
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
 
 #if 0
 #define DEBUGP printk
@@ -538,7 +541,9 @@ sys_delete_module(const char __user *nam
 
 	if (!capable(CAP_SYS_MODULE))
 		return -EPERM;
-
+	/***** TOMOYO Linux start. *****/
+	if (CheckCapabilityACL(TOMOYO_USE_KERNEL_MODULE)) return -EPERM;
+	/***** TOMOYO Linux end. *****/
 	if (strncpy_from_user(name, name_user, MODULE_NAME_LEN-1) < 0)
 		return -EFAULT;
 	name[MODULE_NAME_LEN-1] = '\0';
@@ -1777,7 +1782,9 @@ sys_init_module(void __user *umod,
 	/* Must have permission */
 	if (!capable(CAP_SYS_MODULE))
 		return -EPERM;
-
+	/***** TOMOYO Linux start. *****/
+	if (CheckCapabilityACL(TOMOYO_USE_KERNEL_MODULE)) return -EPERM;
+	/***** TOMOYO Linux end. *****/
 	/* Only one module load at a time, please */
 	if (down_interruptible(&module_mutex) != 0)
 		return -EINTR;
diff -ubBpEr linux-2.6.12-2.3.legacy_FC3/kernel/sched.c linux-2.6.12-2.3.legacy_FC3-ccs/kernel/sched.c
--- linux-2.6.12-2.3.legacy_FC3/kernel/sched.c	2006-03-24 09:22:55.000000000 +0900
+++ linux-2.6.12-2.3.legacy_FC3-ccs/kernel/sched.c	2006-03-24 09:26:42.000000000 +0900
@@ -50,6 +50,9 @@
 #include <asm/tlb.h>
 
 #include <asm/unistd.h>
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
 
 /*
  * Convert user-nice values [ -20 ... 0 ... 19 ]
@@ -3252,6 +3255,9 @@ asmlinkage long sys_nice(int increment)
 {
 	int retval;
 	long nice;
+	/***** TOMOYO Linux start. *****/
+	if (CheckCapabilityACL(TOMOYO_SYS_NICE)) return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	/*
 	 * Setpriority might change our priority at the same moment.
diff -ubBpEr linux-2.6.12-2.3.legacy_FC3/kernel/signal.c linux-2.6.12-2.3.legacy_FC3-ccs/kernel/signal.c
--- linux-2.6.12-2.3.legacy_FC3/kernel/signal.c	2006-03-24 09:22:56.000000000 +0900
+++ linux-2.6.12-2.3.legacy_FC3-ccs/kernel/signal.c	2006-03-24 09:26:42.000000000 +0900
@@ -29,6 +29,9 @@
 #include <asm/uaccess.h>
 #include <asm/unistd.h>
 #include <asm/siginfo.h>
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
 
 /*
  * SLAB caches for signal bits.
@@ -2288,6 +2291,10 @@ asmlinkage long
 sys_kill(int pid, int sig)
 {
 	struct siginfo info;
+	/***** TOMOYO Linux start. *****/
+	if (sig && CheckCapabilityACL(TOMOYO_SYS_KILL) < 0) return -EPERM;
+	if (sig && CheckSignalACL(sig, pid) < 0) return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	info.si_signo = sig;
 	info.si_errno = 0;
@@ -2318,6 +2325,11 @@ asmlinkage long sys_tgkill(int tgid, int
 	if (pid <= 0 || tgid <= 0)
 		return -EINVAL;
 
+	/***** TOMOYO Linux start. *****/
+	if (sig && CheckCapabilityACL(TOMOYO_SYS_KILL) < 0) return -EPERM;
+	if (sig && CheckSignalACL(sig, pid) < 0) return -EPERM;
+	/***** TOMOYO Linux end. *****/
+	
 	info.si_signo = sig;
 	info.si_errno = 0;
 	info.si_code = SI_TKILL;
@@ -2358,6 +2370,10 @@ sys_tkill(int pid, int sig)
 	if (pid <= 0)
 		return -EINVAL;
 
+	/***** TOMOYO Linux start. *****/
+	if (sig && CheckCapabilityACL(TOMOYO_SYS_KILL) < 0) return -EPERM;
+	if (sig && CheckSignalACL(sig, pid) < 0) return -EPERM;
+	/***** TOMOYO Linux end. *****/
 	info.si_signo = sig;
 	info.si_errno = 0;
 	info.si_code = SI_TKILL;
diff -ubBpEr linux-2.6.12-2.3.legacy_FC3/kernel/sys.c linux-2.6.12-2.3.legacy_FC3-ccs/kernel/sys.c
--- linux-2.6.12-2.3.legacy_FC3/kernel/sys.c	2005-06-18 04:48:29.000000000 +0900
+++ linux-2.6.12-2.3.legacy_FC3-ccs/kernel/sys.c	2006-03-24 09:26:42.000000000 +0900
@@ -33,6 +33,9 @@
 #include <asm/uaccess.h>
 #include <asm/io.h>
 #include <asm/unistd.h>
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
 
 #ifndef SET_UNALIGN_CTL
 # define SET_UNALIGN_CTL(a,b)	(-EINVAL)
@@ -252,6 +255,9 @@ asmlinkage long sys_setpriority(int whic
 
 	if (which > 2 || which < 0)
 		goto out;
+	/***** TOMOYO Linux start. *****/
+	if (CheckCapabilityACL(TOMOYO_SYS_NICE)) return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	/* normalize: avoid signed division (rounding problems) */
 	error = -ESRCH;
@@ -383,6 +389,9 @@ asmlinkage long sys_reboot(int magic1, i
 			magic2 != LINUX_REBOOT_MAGIC2B &&
 	                magic2 != LINUX_REBOOT_MAGIC2C))
 		return -EINVAL;
+	/***** TOMOYO Linux start. *****/
+	if (CheckCapabilityACL(TOMOYO_SYS_REBOOT)) return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	lock_kernel();
 	switch (cmd) {
@@ -1385,6 +1394,9 @@ asmlinkage long sys_sethostname(char __u
 		return -EPERM;
 	if (len < 0 || len > __NEW_UTS_LEN)
 		return -EINVAL;
+	/***** TOMOYO Linux start. *****/
+	if (CheckCapabilityACL(TOMOYO_SYS_SETHOSTNAME)) return -EPERM;
+	/***** TOMOYO Linux end. *****/
 	down_write(&uts_sem);
 	errno = -EFAULT;
 	if (!copy_from_user(tmp, name, len)) {
@@ -1430,6 +1442,9 @@ asmlinkage long sys_setdomainname(char _
 		return -EPERM;
 	if (len < 0 || len > __NEW_UTS_LEN)
 		return -EINVAL;
+	/***** TOMOYO Linux start. *****/
+	if (CheckCapabilityACL(TOMOYO_SYS_SETHOSTNAME)) return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	down_write(&uts_sem);
 	errno = -EFAULT;
diff -ubBpEr linux-2.6.12-2.3.legacy_FC3/kernel/sysctl.c linux-2.6.12-2.3.legacy_FC3-ccs/kernel/sysctl.c
--- linux-2.6.12-2.3.legacy_FC3/kernel/sysctl.c	2006-03-24 09:22:56.000000000 +0900
+++ linux-2.6.12-2.3.legacy_FC3-ccs/kernel/sysctl.c	2006-03-24 09:28:59.000000000 +0900
@@ -44,6 +44,9 @@
 
 #include <asm/uaccess.h>
 #include <asm/processor.h>
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
 
 #ifdef CONFIG_ROOT_NFS
 #include <linux/nfs_fs.h>
@@ -1052,6 +1055,87 @@ void __init sysctl_init(void)
 #endif
 }
 
+/***** TOMOYO Linux start. *****/
+static int try_parse_table(int __user *name, int nlen, void __user *oldval, void __user *newval, ctl_table *table)
+{
+	int n;
+	int error = -ENOMEM;
+	int op = 0;
+	char *buffer = kmalloc(PAGE_SIZE, GFP_KERNEL);
+	if (oldval) op |= 004;
+	if (newval) op |= 002;
+	if (!op) { /* Neither read nor write */
+		error = 0;
+		goto out;
+	}
+	if (!buffer) goto out;
+	memset(buffer, 0, PAGE_SIZE);
+	snprintf(buffer, PAGE_SIZE - 1, "/proc/sys");
+ repeat:
+	if (!nlen) {
+		error = -ENOTDIR;
+		goto out;
+	}
+	if (get_user(n, name)) {
+		error = -EFAULT;
+		goto out;
+	}
+	for ( ; table->ctl_name; table++) {
+		if (n == table->ctl_name || table->ctl_name == CTL_ANY) {
+			int pos = strlen(buffer);
+			const char *cp = table->procname;
+			error = -ENOMEM;
+			if (cp) {
+				if (pos + 1 >= PAGE_SIZE - 1) goto out;
+				buffer[pos++] = '/';
+				while (*cp) {
+					const unsigned char c = * (const unsigned char *) cp;
+					if (c == '\\') {
+						if (pos + 2 >= PAGE_SIZE - 1) goto out;
+						buffer[pos++] = '\\';
+						buffer[pos++] = '\\';
+					} else if (c > ' ' && c < 127) {
+						if (pos + 1 >= PAGE_SIZE - 1) goto out;
+						buffer[pos++] = c;
+					} else {
+						if (pos + 4 >= PAGE_SIZE - 1) goto out;
+						buffer[pos++] = '\\';
+						buffer[pos++] = (c >> 6) + '0';
+						buffer[pos++] = ((c >> 3) & 7) + '0';
+						buffer[pos++] = (c & 7) + '0';
+					}
+					cp++;
+				}
+			} else {
+				/* Assume nobody assigns "=\$=" for procname. */
+				snprintf(buffer + pos, PAGE_SIZE - pos - 1, "/=%d=", table->ctl_name);
+				if (memchr(buffer, '\0', PAGE_SIZE - 2) == NULL) goto out;
+			}
+			if (table->child) {
+				if (table->strategy) {
+					/* printk("sysctl='%s'\n", buffer); */
+					if (CheckFilePerm(buffer, op, 1, "sysctl")) {
+						error = -EPERM;
+						goto out;
+					}
+				}
+				name++;
+				nlen--;
+				table = table->child;
+				goto repeat;
+			}
+			/* printk("sysctl='%s'\n", buffer); */
+			error = CheckFilePerm(buffer, op, 1, "sysctl");
+			goto out;
+		}
+	}
+	error = -ENOTDIR;
+ out:
+	kfree(buffer);
+	return error;
+}
+/***** TOMOYO Linux end. *****/
+
 int do_sysctl(int __user *name, int nlen, void __user *oldval, size_t __user *oldlenp,
 	       void __user *newval, size_t newlen)
 {
@@ -1077,6 +1161,9 @@ int do_sysctl(int __user *name, int nlen
 
 		spin_unlock(&sysctl_lock);
 
+		/***** TOMOYO Linux start. *****/
+		if ((error = try_parse_table(name, nlen, oldval, newval, head->ctl_table)) == 0)
+		/***** TOMOYO Linux end. *****/
 		error = parse_table(name, nlen, oldval, oldlenp, 
 					newval, newlen, head->ctl_table,
 					&context);
@@ -1150,6 +1237,12 @@ repeat:
 				if (ctl_perm(table, 001))
 					return -EPERM;
 				if (table->strategy) {
+					/***** TOMOYO Linux start. *****/
+					int op = 0;
+					if (oldval) op |= 004;
+					if (newval) op |= 002;
+					if (ctl_perm(table, op)) return -EPERM;
+					/***** TOMOYO Linux end. *****/
 					error = table->strategy(
 						table, name, nlen,
 						oldval, oldlenp,
@@ -2234,7 +2327,7 @@ int sysctl_string(ctl_table *table, int 
 			len--;
 		((char *) table->data)[len] = 0;
 	}
-	return 0;
+	return 1;
 }
 
 /*
diff -ubBpEr linux-2.6.12-2.3.legacy_FC3/kernel/time.c linux-2.6.12-2.3.legacy_FC3-ccs/kernel/time.c
--- linux-2.6.12-2.3.legacy_FC3/kernel/time.c	2005-06-18 04:48:29.000000000 +0900
+++ linux-2.6.12-2.3.legacy_FC3-ccs/kernel/time.c	2006-03-24 09:26:42.000000000 +0900
@@ -38,6 +38,9 @@
 
 #include <asm/uaccess.h>
 #include <asm/unistd.h>
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
 
 /* 
  * The timezone where the local system is located.  Used as a default by some
@@ -90,6 +93,9 @@ asmlinkage long sys_stime(time_t __user 
 	err = security_settime(&tv, NULL);
 	if (err)
 		return err;
+	/***** TOMOYO Linux start. *****/
+	if (CheckCapabilityACL(TOMOYO_SYS_SETTIME)) return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	do_settimeofday(&tv);
 	return 0;
@@ -157,6 +163,9 @@ int do_sys_settimeofday(struct timespec 
 	error = security_settime(tv, tz);
 	if (error)
 		return error;
+	/***** TOMOYO Linux start. *****/
+	if (CheckCapabilityACL(TOMOYO_SYS_SETTIME)) return -EPERM;
+	/***** TOMOYO Linux end. *****/
 
 	if (tz) {
 		/* SMP safe, global irq locking makes it work. */
@@ -235,6 +244,9 @@ int do_adjtimex(struct timex *txc)
 	/* In order to modify anything, you gotta be super-user! */
 	if (txc->modes && !capable(CAP_SYS_TIME))
 		return -EPERM;
+	/***** TOMOYO Linux start. *****/
+	if (txc->modes && CheckCapabilityACL(TOMOYO_SYS_SETTIME)) return -EPERM;
+	/***** TOMOYO Linux end. *****/
 		
 	/* Now we validate the data before disabling interrupts */
 
diff -ubBpEr linux-2.6.12-2.3.legacy_FC3/net/ipv4/tcp_ipv4.c linux-2.6.12-2.3.legacy_FC3-ccs/net/ipv4/tcp_ipv4.c
--- linux-2.6.12-2.3.legacy_FC3/net/ipv4/tcp_ipv4.c	2006-03-24 09:22:54.000000000 +0900
+++ linux-2.6.12-2.3.legacy_FC3-ccs/net/ipv4/tcp_ipv4.c	2006-03-24 09:26:42.000000000 +0900
@@ -74,6 +74,9 @@
 #include <linux/stddef.h>
 #include <linux/proc_fs.h>
 #include <linux/seq_file.h>
+/***** SAKURA Linux start. *****/
+#include <linux/sakura.h>
+/***** SAKURA Linux end. *****/
 
 extern int sysctl_ip_dynaddr;
 int sysctl_tcp_tw_reuse;
@@ -232,6 +235,9 @@ static int tcp_v4_get_port(struct sock *
 				rover = low;
 			head = &tcp_bhash[tcp_bhashfn(rover)];
 			spin_lock(&head->lock);
+			/***** SAKURA Linux start. *****/
+			if (SAKURA_MayAutobind(rover) < 0) goto next;
+			/***** SAKURA Linux end. *****/
 			tb_for_each(tb, node, &head->chain)
 				if (tb->port == rover)
 					goto next;
@@ -672,6 +678,9 @@ static inline int tcp_v4_hash_connect(st
  		local_bh_disable();
 		for (i = 1; i <= range; i++) {
 			port = low + (i + offset) % range;
+			/***** SAKURA Linux start. *****/
+			if (SAKURA_MayAutobind(port) < 0) continue;
+			/***** SAKURA Linux end. *****/
  			head = &tcp_bhash[tcp_bhashfn(port)];
  			spin_lock(&head->lock);
 
diff -ubBpEr linux-2.6.12-2.3.legacy_FC3/net/ipv4/udp.c linux-2.6.12-2.3.legacy_FC3-ccs/net/ipv4/udp.c
--- linux-2.6.12-2.3.legacy_FC3/net/ipv4/udp.c	2005-06-18 04:48:29.000000000 +0900
+++ linux-2.6.12-2.3.legacy_FC3-ccs/net/ipv4/udp.c	2006-03-24 09:26:42.000000000 +0900
@@ -107,6 +107,9 @@
 #include <net/inet_common.h>
 #include <net/checksum.h>
 #include <net/xfrm.h>
+/***** SAKURA Linux start. *****/
+#include <linux/sakura.h>
+/***** SAKURA Linux end. *****/
 
 /*
  *	Snmp MIB for the UDP layer
@@ -138,6 +141,9 @@ static int udp_v4_get_port(struct sock *
 		for (i = 0; i < UDP_HTABLE_SIZE; i++, result++) {
 			struct hlist_head *list;
 			int size;
+			/***** SAKURA Linux start. *****/
+			if (SAKURA_MayAutobind(result) < 0) continue;
+			/***** SAKURA Linux end. *****/
 
 			list = &udp_hash[result & (UDP_HTABLE_SIZE - 1)];
 			if (hlist_empty(list)) {
@@ -161,6 +167,9 @@ static int udp_v4_get_port(struct sock *
 				result = sysctl_local_port_range[0]
 					+ ((result - sysctl_local_port_range[0]) &
 					   (UDP_HTABLE_SIZE - 1));
+			/***** SAKURA Linux start. *****/
+			if (SAKURA_MayAutobind(result) < 0) continue;
+			/***** SAKURA Linux end. *****/
 			if (!udp_lport_inuse(result))
 				break;
 		}
diff -ubBpEr linux-2.6.12-2.3.legacy_FC3/net/ipv6/tcp_ipv6.c linux-2.6.12-2.3.legacy_FC3-ccs/net/ipv6/tcp_ipv6.c
--- linux-2.6.12-2.3.legacy_FC3/net/ipv6/tcp_ipv6.c	2005-06-18 04:48:29.000000000 +0900
+++ linux-2.6.12-2.3.legacy_FC3-ccs/net/ipv6/tcp_ipv6.c	2006-03-24 09:26:42.000000000 +0900
@@ -63,6 +63,9 @@
 
 #include <linux/proc_fs.h>
 #include <linux/seq_file.h>
+/***** SAKURA Linux start. *****/
+#include <linux/sakura.h>
+/***** SAKURA Linux end. *****/
 
 static void	tcp_v6_send_reset(struct sk_buff *skb);
 static void	tcp_v6_or_send_ack(struct sk_buff *skb, struct open_request *req);
@@ -148,6 +151,9 @@ static int tcp_v6_get_port(struct sock *
 				rover = low;
 			head = &tcp_bhash[tcp_bhashfn(rover)];
 			spin_lock(&head->lock);
+			/***** SAKURA Linux start. *****/
+			if (SAKURA_MayAutobind(rover) < 0) goto next;
+			/***** SAKURA Linux end. *****/
 			tb_for_each(tb, node, &head->chain)
 				if (tb->port == rover)
 					goto next;
@@ -551,6 +557,9 @@ static int tcp_v6_hash_connect(struct so
  		local_bh_disable();
 		for (i = 1; i <= range; i++) {
 			port = low + (i + offset) % range;
+			/***** SAKURA Linux start. *****/
+			if (SAKURA_MayAutobind(port) < 0) continue;
+			/***** SAKURA Linux end. *****/
  			head = &tcp_bhash[tcp_bhashfn(port)];
  			spin_lock(&head->lock);
 
diff -ubBpEr linux-2.6.12-2.3.legacy_FC3/net/ipv6/udp.c linux-2.6.12-2.3.legacy_FC3-ccs/net/ipv6/udp.c
--- linux-2.6.12-2.3.legacy_FC3/net/ipv6/udp.c	2006-03-24 09:22:56.000000000 +0900
+++ linux-2.6.12-2.3.legacy_FC3-ccs/net/ipv6/udp.c	2006-03-24 09:26:42.000000000 +0900
@@ -57,6 +57,9 @@
 
 #include <linux/proc_fs.h>
 #include <linux/seq_file.h>
+/***** SAKURA Linux start. *****/
+#include <linux/sakura.h>
+/***** SAKURA Linux end. *****/
 
 DEFINE_SNMP_STAT(struct udp_mib, udp_stats_in6);
 
@@ -80,6 +83,9 @@ static int udp_v6_get_port(struct sock *
 		for (i = 0; i < UDP_HTABLE_SIZE; i++, result++) {
 			int size;
 			struct hlist_head *list;
+			/***** SAKURA Linux start. *****/
+			if (SAKURA_MayAutobind(result) < 0) continue;
+			/***** SAKURA Linux end. *****/
 
 			list = &udp_hash[result & (UDP_HTABLE_SIZE - 1)];
 			if (hlist_empty(list)) {
@@ -103,6 +109,9 @@ static int udp_v6_get_port(struct sock *
 				result = sysctl_local_port_range[0]
 					+ ((result - sysctl_local_port_range[0]) &
 					   (UDP_HTABLE_SIZE - 1));
+			/***** SAKURA Linux start. *****/
+			if (SAKURA_MayAutobind(result) < 0) continue;
+			/***** SAKURA Linux end. *****/
 			if (!udp_lport_inuse(result))
 				break;
 		}
diff -ubBpEr linux-2.6.12-2.3.legacy_FC3/net/socket.c linux-2.6.12-2.3.legacy_FC3-ccs/net/socket.c
--- linux-2.6.12-2.3.legacy_FC3/net/socket.c	2006-03-24 09:22:56.000000000 +0900
+++ linux-2.6.12-2.3.legacy_FC3-ccs/net/socket.c	2006-03-24 09:26:42.000000000 +0900
@@ -96,6 +96,11 @@
 #include <net/sock.h>
 #include <linux/netfilter.h>
 
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+#include <linux/tomoyo_socket.h>
+/***** TOMOYO Linux end. *****/
+
 static int sock_no_open(struct inode *irrelevant, struct file *dontcare);
 static ssize_t sock_aio_read(struct kiocb *iocb, char __user *buf,
 			 size_t size, loff_t pos);
@@ -555,7 +560,9 @@ static inline int __sock_sendmsg(struct 
 	err = security_socket_sendmsg(sock, msg, size);
 	if (err)
 		return err;
-
+	/***** TOMOYO Linux start. *****/
+	if (CheckSocketSendMsgPermission(sock, (struct sockaddr *) msg->msg_name, msg->msg_namelen)) return -EPERM;
+	/***** TOMOYO Linux start. *****/
 	return sock->ops->sendmsg(iocb, sock, msg, size);
 }
 
@@ -1110,6 +1117,10 @@ static int __sock_create(int family, int
 		family = PF_PACKET;
 	}
 
+	/***** TOMOYO Linux start. *****/
+	if ((err = CheckSocketCreatePermission(family, type, protocol)) < 0) return err;
+	/***** TOMOYO Linux end. *****/
+
 	err = security_socket_create(family, type, protocol, kern);
 	if (err)
 		return err;
@@ -1304,6 +1315,9 @@ asmlinkage long sys_bind(int fd, struct 
 				sockfd_put(sock);
 				return err;
 			}
+			/***** TOMOYO Linux start. *****/
+			if ((err = CheckSocketBindPermission(sock, (struct sockaddr *) address, addrlen)) == 0)
+			/***** TOMOYO Linux end. *****/
 			err = sock->ops->bind(sock, (struct sockaddr *)address, addrlen);
 		}
 		sockfd_put(sock);
@@ -1334,7 +1348,9 @@ asmlinkage long sys_listen(int fd, int b
 			sockfd_put(sock);
 			return err;
 		}
-
+		/***** TOMOYO Linux start. *****/
+		if ((err = CheckSocketListenPermission(sock)) == 0)
+		/***** TOMOYO Linux end. *****/
 		err=sock->ops->listen(sock, backlog);
 		sockfd_put(sock);
 	}
@@ -1440,7 +1456,9 @@ asmlinkage long sys_connect(int fd, stru
 	err = security_socket_connect(sock, (struct sockaddr *)address, addrlen);
 	if (err)
 		goto out_put;
-
+	/***** TOMOYO Linux start. *****/
+	if ((err = CheckSocketConnectPermission(sock, (struct sockaddr *) address, addrlen)) == 0)
+	/***** TOMOYO Linux end. *****/
 	err = sock->ops->connect(sock, (struct sockaddr *) address, addrlen,
 				 sock->file->f_flags);
 out_put:
diff -ubBpEr linux-2.6.12-2.3.legacy_FC3/net/unix/af_unix.c linux-2.6.12-2.3.legacy_FC3-ccs/net/unix/af_unix.c
--- linux-2.6.12-2.3.legacy_FC3/net/unix/af_unix.c	2005-06-18 04:48:29.000000000 +0900
+++ linux-2.6.12-2.3.legacy_FC3-ccs/net/unix/af_unix.c	2006-03-24 09:26:42.000000000 +0900
@@ -117,6 +117,12 @@
 #include <linux/mount.h>
 #include <net/checksum.h>
 #include <linux/security.h>
+/***** SAKURA Linux start. *****/
+#include <linux/sakura.h>
+/***** SAKURA Linux end. *****/
+/***** TOMOYO Linux start. *****/
+#include <linux/tomoyo.h>
+/***** TOMOYO Linux end. *****/
 
 int sysctl_unix_max_dgram_qlen = 10;
 
@@ -738,6 +744,10 @@ static int unix_bind(struct socket *sock
 		err = unix_autobind(sock);
 		goto out;
 	}
+	/***** TOMOYO Linux start. *****/
+	err = -EPERM;
+	if (sunaddr->sun_path[0] && CheckCapabilityACL(TOMOYO_CREATE_UNIX_SOCKET)) goto out;
+	/***** TOMOYO Linux end. *****/
 
 	err = unix_mkname(sunaddr, addr_len, &hash);
 	if (err < 0)
@@ -781,7 +791,11 @@ static int unix_bind(struct socket *sock
 		 */
 		mode = S_IFSOCK |
 		       (SOCK_INODE(sock)->i_mode & ~current->fs->umask);
+		/***** TOMOYO Linux start. *****/
+		if ((err = pre_vfs_mknod(nd.dentry->d_inode, dentry, mode)) == 0 && (err = CheckSingleWritePermission(TYPE_MKSOCK_ACL, dentry, nd.mnt)) == 0)
+		/***** TOMOYO Linux end. *****/
 		err = vfs_mknod(nd.dentry->d_inode, dentry, mode, 0);
+		if (err == -EROFS) ROFS_Log_from_dentry(dentry, nd.mnt, "unix_bind"); /***** ReadOnly Tracer *****/
 		if (err)
 			goto out_mknod_dput;
 		up(&nd.dentry->d_inode->i_sem);
