aboutsummaryrefslogtreecommitdiffstats
path: root/toj
diff options
context:
space:
mode:
authorpzread <netfirewall@gmail.com>2013-04-12 00:22:24 +0800
committerpzread <netfirewall@gmail.com>2013-04-12 00:22:24 +0800
commitb7f29ae6f2818405bbb043cf986c95cad07d2232 (patch)
tree7974d476d085819c40d70e28548ad7ae5c952830 /toj
parentef7aaacd92194b24dbd747ba8e7ac3c9a608b69f (diff)
downloadtaiwan-online-judge-b7f29ae6f2818405bbb043cf986c95cad07d2232.tar
taiwan-online-judge-b7f29ae6f2818405bbb043cf986c95cad07d2232.tar.gz
taiwan-online-judge-b7f29ae6f2818405bbb043cf986c95cad07d2232.tar.bz2
taiwan-online-judge-b7f29ae6f2818405bbb043cf986c95cad07d2232.tar.lz
taiwan-online-judge-b7f29ae6f2818405bbb043cf986c95cad07d2232.tar.xz
taiwan-online-judge-b7f29ae6f2818405bbb043cf986c95cad07d2232.tar.zst
taiwan-online-judge-b7f29ae6f2818405bbb043cf986c95cad07d2232.zip
Test new security hook
Diffstat (limited to 'toj')
-rwxr-xr-xtoj/center/src/Makefile5
-rw-r--r--toj/center/src/judge.h10
-rwxr-xr-xtoj/center/src/judgk_security.c2478
-rwxr-xr-xtoj/center/src/judgk_security.h190
-rw-r--r--toj/center/src/judgk_security_asm.S57
5 files changed, 110 insertions, 2630 deletions
diff --git a/toj/center/src/Makefile b/toj/center/src/Makefile
index 2c4f637..5dfadda 100755
--- a/toj/center/src/Makefile
+++ b/toj/center/src/Makefile
@@ -1,8 +1,8 @@
ifneq ($(KERNELRELEASE),)
- judgk-objs := judgk_mod.o judgk_proc.o judgk_syscall.o judgk_syscall_asm.o judgk_security.o judgk_hyperio.o
+ judgk-objs := judgk_mod.o judgk_proc.o judgk_syscall.o judgk_syscall_asm.o judgk_security.o judgk_security_asm.o judgk_hyperio.o
obj-m := judgk.o
else
- KERNEL_SOURCE := /lib/modules/$(shell uname -r)/build
+ KERNEL_SOURCE := /usr/lib/modules/3.8.4-1-ARCH/build
PWD := $(shell pwd)
default:
${MAKE} -C ${KERNEL_SOURCE} M=${PWD} modules
@@ -21,6 +21,7 @@ default:
mv jmod_test_check.so ../jmod/jmod_test/
tar -jcvf ../tmp/jmodpack/jmod_test.tar.bz2 -C ../jmod/jmod_test .
+ g++ -shared -fPIC -fvisibility=hidden -O2 sprout_tar_check.cpp -o ../pro/15/private/check.so
clean:
${MAKE} -C ${KERNEL_SOURCE} SUBDIRS=${PWD} clean
endif
diff --git a/toj/center/src/judge.h b/toj/center/src/judge.h
index 5183942..1b5a885 100644
--- a/toj/center/src/judge.h
+++ b/toj/center/src/judge.h
@@ -32,12 +32,18 @@ public:
judge_pro_info *pro_info;
int lang;
char *set_data;
+ int set_len;
- judge_submit_info(int subid,judge_pro_info *pro_info,int lang,char *set_data){
+ judge_submit_info(int subid,judge_pro_info *pro_info,int lang,char *set_data,int set_len){
this->subid = subid;
this->pro_info = pro_info;
this->lang = lang;
- this->set_data = set_data;
+ this->set_data = new char[set_len];
+ memcpy(this->set_data,set_data,set_len);
+ this->set_len = set_len;
+ }
+ ~judge_submit_info(){
+ delete this->set_data;
}
};
diff --git a/toj/center/src/judgk_security.c b/toj/center/src/judgk_security.c
index 4f0612a..342aaad 100755
--- a/toj/center/src/judgk_security.c
+++ b/toj/center/src/judgk_security.c
@@ -2,6 +2,7 @@
#include<linux/security.h>
#include<linux/sched.h>
#include<linux/hardirq.h>
+#include<linux/vmalloc.h>
#include<asm/uaccess.h>
#include"judge_def.h"
@@ -9,186 +10,52 @@
#include"judgk_security.h"
int judgk_security_hook(){
+ int i;
+
+ int count;
+ size_t len;
+ unsigned long *ori_array;
+ unsigned long *hook_array;
+ void *addr;
security_init_hook();
ori_sops = (struct security_operations*)*security_hook_addr;
memcpy(&hook_sops,ori_sops,sizeof(struct security_operations));
- hook_sops.ptrace_access_check = hook_ptrace_access_check;
- hook_sops.ptrace_traceme = hook_ptrace_traceme;
- hook_sops.capget = hook_capget;
- hook_sops.capset = hook_capset;
+ count = (sizeof(hook_sops) - sizeof(hook_sops.name)) / sizeof(unsigned long);
+ len = (judgk_security_blockend - judgk_security_block) + sizeof(unsigned long);
+ security_block_code = __vmalloc(((((len * count - 1) >> PAGE_SHIFT) + 1) << PAGE_SHIFT),GFP_KERNEL | GFP_ATOMIC,PAGE_KERNEL_EXEC);
+
+ judgk_security_checkaddr = (unsigned long)security_check;
+
+ ori_array = (unsigned long*)(((char*)ori_sops) + sizeof(hook_sops.name));
+ hook_array = (unsigned long*)(((char*)&hook_sops) + sizeof(hook_sops.name));
+ for(i = 0;i < count;i++){
+ addr = (((char*)security_block_code) + len * i);
+ memcpy(addr,&ori_array[i],sizeof(unsigned long));
+ memcpy(((char*)addr + sizeof(unsigned long)),judgk_security_block,len - sizeof(unsigned long));
+ hook_array[i] = (unsigned long)addr + sizeof(unsigned long);
+ }
+
//hook_sops.capable = hook_capable;
- hook_sops.quotactl = hook_quotactl;
- hook_sops.quota_on = hook_quota_on;
- hook_sops.syslog = hook_syslog;
- hook_sops.settime = hook_settime;
- hook_sops.vm_enough_memory = hook_vm_enough_memory;
//hook_sops.bprm_set_creds = hook_bprm_set_creds;
//hook_sops.bprm_check_security = hook_bprm_check_security;
//hook_sops.bprm_secureexec = hook_bprm_secureexec;
//hook_sops.bprm_committing_creds = hook_bprm_committing_creds;
//hook_sops.bprm_committed_creds = hook_bprm_committed_creds;
- hook_sops.sb_alloc_security = hook_sb_alloc_security;
- hook_sops.sb_free_security = hook_sb_free_security;
- hook_sops.sb_copy_data = hook_sb_copy_data;
- hook_sops.sb_remount = hook_sb_remount;
- hook_sops.sb_kern_mount = hook_sb_kern_mount;
- hook_sops.sb_show_options = hook_sb_show_options;
- hook_sops.sb_statfs = hook_sb_statfs;
- hook_sops.sb_mount = hook_sb_mount;
- hook_sops.sb_umount = hook_sb_umount;
- hook_sops.sb_pivotroot = hook_sb_pivotroot;
- hook_sops.sb_set_mnt_opts = hook_sb_set_mnt_opts;
- hook_sops.sb_clone_mnt_opts = hook_sb_clone_mnt_opts;
- hook_sops.sb_parse_opts_str = hook_sb_parse_opts_str;
- hook_sops.path_unlink = hook_path_unlink;
- hook_sops.path_mkdir = hook_path_mkdir;
- hook_sops.path_rmdir = hook_path_rmdir;
- hook_sops.path_mknod = hook_path_mknod;
- hook_sops.path_truncate = hook_path_truncate;
- hook_sops.path_symlink = hook_path_symlink;
- hook_sops.path_link = hook_path_link;
- hook_sops.path_rename = hook_path_rename;
- hook_sops.path_chmod = hook_path_chmod;
- hook_sops.path_chown = hook_path_chown;
- hook_sops.path_chroot = hook_path_chroot;
//hook_sops.inode_alloc_security = hook_inode_alloc_security;
//hook_sops.inode_free_security = hook_inode_free_security;
- hook_sops.inode_init_security = hook_inode_init_security;
- hook_sops.inode_create = hook_inode_create;
- hook_sops.inode_link = hook_inode_link;
- hook_sops.inode_unlink = hook_inode_unlink;
- hook_sops.inode_symlink = hook_inode_symlink;
- hook_sops.inode_mkdir = hook_inode_mkdir;
- hook_sops.inode_rmdir = hook_inode_rmdir;
- hook_sops.inode_mknod = hook_inode_mknod;
- hook_sops.inode_rename = hook_inode_rename;
- hook_sops.inode_readlink = hook_inode_readlink;
//hook_sops.inode_follow_link = hook_inode_follow_link;
- hook_sops.inode_permission = hook_inode_permission;
- hook_sops.inode_setattr = hook_inode_setattr;
//hook_sops.inode_getattr = hook_inode_getattr;
- hook_sops.inode_setxattr = hook_inode_setxattr;
- hook_sops.inode_post_setxattr = hook_inode_post_setxattr;
- hook_sops.inode_getxattr = hook_inode_getxattr;
- hook_sops.inode_listxattr = hook_inode_listxattr;
- hook_sops.inode_removexattr = hook_inode_removexattr;
- hook_sops.inode_need_killpriv = hook_inode_need_killpriv;
- hook_sops.inode_killpriv = hook_inode_killpriv;
- hook_sops.inode_getsecurity = hook_inode_getsecurity;
- hook_sops.inode_setsecurity = hook_inode_setsecurity;
- hook_sops.inode_listsecurity = hook_inode_listsecurity;
- hook_sops.inode_getsecid = hook_inode_getsecid;
- hook_sops.file_permission = hook_file_permission;
//hook_sops.file_alloc_security = hook_file_alloc_security;
//hook_sops.file_free_security = hook_file_free_security;
- hook_sops.file_ioctl = hook_file_ioctl;
//hook_sops.mmap_addr = hook_mmap_addr;
//hook_sops.mmap_file = hook_mmap_file;
//hook_sops.file_mprotect = hook_file_mprotect;
- hook_sops.file_lock = hook_file_lock;
- hook_sops.file_fcntl = hook_file_fcntl;
- hook_sops.file_set_fowner = hook_file_set_fowner;
- hook_sops.file_send_sigiotask = hook_file_send_sigiotask;
- hook_sops.file_receive = hook_file_receive;
- hook_sops.file_open = hook_file_open;
- hook_sops.task_create = hook_task_create;
//hook_sops.task_free = hook_task_free;
- hook_sops.cred_alloc_blank = hook_cred_alloc_blank;
//hook_sops.cred_free = hook_cred_free;
//hook_sops.cred_prepare = hook_cred_prepare;
- hook_sops.cred_transfer = hook_cred_transfer;
- hook_sops.kernel_act_as = hook_kernel_act_as;
- hook_sops.kernel_create_files_as = hook_kernel_create_files_as;
- hook_sops.kernel_module_request = hook_kernel_module_request;
- hook_sops.task_fix_setuid = hook_task_fix_setuid;
- hook_sops.task_setpgid = hook_task_setpgid;
- hook_sops.task_getpgid = hook_task_getpgid;
- hook_sops.task_getsid = hook_task_getsid;
- hook_sops.task_getsecid = hook_task_getsecid;
- hook_sops.task_setnice = hook_task_setnice;
- hook_sops.task_setioprio = hook_task_setioprio;
- hook_sops.task_getioprio = hook_task_getioprio;
- hook_sops.task_setrlimit = hook_task_setrlimit;
- hook_sops.task_setscheduler = hook_task_setscheduler;
- hook_sops.task_getscheduler = hook_task_getscheduler;
- hook_sops.task_movememory = hook_task_movememory;
- hook_sops.task_kill = hook_task_kill;
- hook_sops.task_wait = hook_task_wait;
- hook_sops.task_prctl = hook_task_prctl;
- hook_sops.task_to_inode = hook_task_to_inode;
- hook_sops.ipc_permission = hook_ipc_permission;
- hook_sops.ipc_getsecid = hook_ipc_getsecid;
- hook_sops.msg_msg_alloc_security = hook_msg_msg_alloc_security;
- hook_sops.msg_msg_free_security = hook_msg_msg_free_security;
- hook_sops.msg_queue_alloc_security = hook_msg_queue_alloc_security;
- hook_sops.msg_queue_free_security = hook_msg_queue_free_security;
- hook_sops.msg_queue_associate = hook_msg_queue_associate;
- hook_sops.msg_queue_msgctl = hook_msg_queue_msgctl;
- hook_sops.msg_queue_msgsnd = hook_msg_queue_msgsnd;
- hook_sops.msg_queue_msgrcv = hook_msg_queue_msgrcv;
- hook_sops.shm_alloc_security = hook_shm_alloc_security;
- hook_sops.shm_free_security = hook_shm_free_security;
- hook_sops.shm_associate = hook_shm_associate;
- hook_sops.shm_shmctl = hook_shm_shmctl;
- hook_sops.shm_shmat = hook_shm_shmat;
- hook_sops.sem_alloc_security = hook_sem_alloc_security;
- hook_sops.sem_free_security = hook_sem_free_security;
- hook_sops.sem_associate = hook_sem_associate;
- hook_sops.sem_semctl = hook_sem_semctl;
- hook_sops.sem_semop = hook_sem_semop;
- hook_sops.netlink_send = hook_netlink_send;
- hook_sops.d_instantiate = hook_d_instantiate;
- hook_sops.getprocattr = hook_getprocattr;
- hook_sops.setprocattr = hook_setprocattr;
- hook_sops.secid_to_secctx = hook_secid_to_secctx;
- hook_sops.secctx_to_secid = hook_secctx_to_secid;
- hook_sops.release_secctx = hook_release_secctx;
- hook_sops.inode_notifysecctx = hook_inode_notifysecctx;
- hook_sops.inode_setsecctx = hook_inode_setsecctx;
- hook_sops.inode_getsecctx = hook_inode_getsecctx;
- hook_sops.unix_stream_connect = hook_unix_stream_connect;
- hook_sops.unix_may_send = hook_unix_may_send;
- hook_sops.socket_create = hook_socket_create;
- hook_sops.socket_post_create = hook_socket_post_create;
- hook_sops.socket_bind = hook_socket_bind;
- hook_sops.socket_connect = hook_socket_connect;
- hook_sops.socket_listen = hook_socket_listen;
- hook_sops.socket_accept = hook_socket_accept;
- hook_sops.socket_sendmsg = hook_socket_sendmsg;
- hook_sops.socket_recvmsg = hook_socket_recvmsg;
- hook_sops.socket_getsockname = hook_socket_getsockname;
- hook_sops.socket_getpeername = hook_socket_getpeername;
- hook_sops.socket_getsockopt = hook_socket_getsockopt;
- hook_sops.socket_setsockopt = hook_socket_setsockopt;
- hook_sops.socket_shutdown = hook_socket_shutdown;
- hook_sops.socket_sock_rcv_skb = hook_socket_sock_rcv_skb;
- hook_sops.socket_getpeersec_stream = hook_socket_getpeersec_stream;
- hook_sops.socket_getpeersec_dgram = hook_socket_getpeersec_dgram;
- hook_sops.sk_alloc_security = hook_sk_alloc_security;
- hook_sops.sk_free_security = hook_sk_free_security;
- hook_sops.sk_clone_security = hook_sk_clone_security;
- hook_sops.sk_getsecid = hook_sk_getsecid;
- hook_sops.sock_graft = hook_sock_graft;
- hook_sops.inet_conn_request = hook_inet_conn_request;
- hook_sops.inet_csk_clone = hook_inet_csk_clone;
- hook_sops.inet_conn_established = hook_inet_conn_established;
- hook_sops.secmark_relabel_packet = hook_secmark_relabel_packet;
- hook_sops.secmark_refcount_inc = hook_secmark_refcount_inc;
- hook_sops.secmark_refcount_dec = hook_secmark_refcount_dec;
- hook_sops.req_classify_flow = hook_req_classify_flow;
- hook_sops.tun_dev_create = hook_tun_dev_create;
- hook_sops.tun_dev_attach = hook_tun_dev_attach;
- hook_sops.key_alloc = hook_key_alloc;
- hook_sops.key_free = hook_key_free;
- hook_sops.key_permission = hook_key_permission;
- hook_sops.key_getsecurity = hook_key_getsecurity;
- hook_sops.audit_rule_init = hook_audit_rule_init;
- hook_sops.audit_rule_known = hook_audit_rule_known;
- hook_sops.audit_rule_match = hook_audit_rule_match;
- hook_sops.audit_rule_free = hook_audit_rule_free;
*security_hook_addr = (unsigned long)&hook_sops;
@@ -277,6 +144,19 @@ static int security_init_hook(){
return 0;
}
+static unsigned long security_check(void){
+ struct judgk_proc_info *info;
+
+ info = judgk_proc_task_lookup(current);
+ if(likely(info == NULL || in_interrupt())){
+ return 0;
+ }
+
+ pr_alert("judgk:PID %d Security block\n",current->tgid);
+
+ security_hook_rf(info);
+ return -EACCES;
+}
static inline void security_hook_rf(struct judgk_proc_info *info){
info->status = JUDGE_RF;
send_sig(SIGKILL,current,0);
@@ -405,2289 +285,3 @@ static int hook_vm_enough_memory(struct mm_struct *mm,long pages){
}
return ori_sops->vm_enough_memory(mm,pages);
}
-
-
-
-
-static int hook_ptrace_access_check(struct task_struct *child,unsigned int mode){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->ptrace_access_check(child,mode);
- }
-
- pr_alert("judgk:PID %d ptrace_access_check\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_ptrace_traceme(struct task_struct *parent){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->ptrace_traceme(parent);
- }
-
- pr_alert("judgk:PID %d ptrace_traceme\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_capget(struct task_struct *target,kernel_cap_t *effective,kernel_cap_t *inheritable,kernel_cap_t *permitted){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->capget(target,effective,inheritable,permitted);
- }
-
- pr_alert("judgk:PID %d capget\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_capset(struct cred *new,const struct cred *old,const kernel_cap_t *effective,const kernel_cap_t *inheritable,const kernel_cap_t *permitted){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->capset(new,old,effective,inheritable,permitted);
- }
-
- pr_alert("judgk:PID %d capset\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-/*static int hook_capable(const struct cred *cred,struct user_namespace *ns,int cap,int audit){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->capable(cred,ns,cap,audit);
- }
-
- pr_alert("judgk:PID %d capable\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}*/
-static int hook_quotactl(int cmds,int type,int id,struct super_block *sb){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->quotactl(cmds,type,id,sb);
- }
-
- pr_alert("judgk:PID %d quotactl\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_quota_on(struct dentry *dentry){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->quota_on(dentry);
- }
-
- pr_alert("judgk:PID %d quota_on\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_syslog(int type){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->syslog(type);
- }
-
- pr_alert("judgk:PID %d syslog\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_settime(const struct timespec *ts,const struct timezone *tz){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->settime(ts,tz);
- }
-
- pr_alert("judgk:PID %d settime\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-/*static int hook_bprm_set_creds(struct linux_binprm *bprm){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->bprm_set_creds(bprm);
- }
-
- pr_alert("judgk:PID %d bprm_set_creds\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_bprm_check_security(struct linux_binprm *bprm){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->bprm_check_security(bprm);
- }
-
- pr_alert("judgk:PID %d bprm_check_security\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_bprm_secureexec(struct linux_binprm *bprm){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->bprm_secureexec(bprm);
- }
-
- pr_alert("judgk:PID %d bprm_secureexec\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static void hook_bprm_committing_creds(struct linux_binprm *bprm){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->bprm_committing_creds(bprm);
- }
-
- pr_alert("judgk:PID %d bprm_committing_creds\n",current->tgid);
-
- security_hook_rf(info);
-}
-static void hook_bprm_committed_creds(struct linux_binprm *bprm){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->bprm_committed_creds(bprm);
- }
-
- pr_alert("judgk:PID %d bprm_committed_creds\n",current->tgid);
-
- security_hook_rf(info);
-}*/
-static int hook_sb_alloc_security(struct super_block *sb){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->sb_alloc_security(sb);
- }
-
- pr_alert("judgk:PID %d sb_alloc_security\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static void hook_sb_free_security(struct super_block *sb){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->sb_free_security(sb);
- }
-
- pr_alert("judgk:PID %d sb_free_security\n",current->tgid);
-
- security_hook_rf(info);
-}
-static int hook_sb_copy_data(char *orig,char *copy){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->sb_copy_data(orig,copy);
- }
-
- pr_alert("judgk:PID %d sb_copy_data\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_sb_remount(struct super_block *sb,void *data){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->sb_remount(sb,data);
- }
-
- pr_alert("judgk:PID %d sb_remount\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_sb_kern_mount(struct super_block *sb,int flags,void *data){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->sb_kern_mount(sb,flags,data);
- }
-
- pr_alert("judgk:PID %d sb_kern_mount\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_sb_show_options(struct seq_file *m,struct super_block *sb){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->sb_show_options(m,sb);
- }
-
- pr_alert("judgk:PID %d sb_show_options\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_sb_statfs(struct dentry *dentry){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->sb_statfs(dentry);
- }
-
- pr_alert("judgk:PID %d sb_statfs\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_sb_mount(const char *dev_name,struct path *path,const char *type,unsigned long flags,void *data){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->sb_mount(dev_name,path,type,flags,data);
- }
-
- pr_alert("judgk:PID %d sb_mount\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_sb_umount(struct vfsmount *mnt,int flags){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->sb_umount(mnt,flags);
- }
-
- pr_alert("judgk:PID %d sb_umount\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_sb_pivotroot(struct path *old_path,struct path *new_path){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->sb_pivotroot(old_path,new_path);
- }
-
- pr_alert("judgk:PID %d sb_pivotroot\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_sb_set_mnt_opts(struct super_block *sb,struct security_mnt_opts *opts){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->sb_set_mnt_opts(sb,opts);
- }
-
- pr_alert("judgk:PID %d sb_set_mnt_opts\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static void hook_sb_clone_mnt_opts(const struct super_block *oldsb,struct super_block *newsb){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->sb_clone_mnt_opts(oldsb,newsb);
- }
-
- pr_alert("judgk:PID %d sb_clone_mnt_opts\n",current->tgid);
-
- security_hook_rf(info);
-}
-static int hook_sb_parse_opts_str(char *options,struct security_mnt_opts *opts){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->sb_parse_opts_str(options,opts);
- }
-
- pr_alert("judgk:PID %d sb_parse_opts_str\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_path_unlink(struct path *dir,struct dentry *dentry){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->path_unlink(dir,dentry);
- }
-
- pr_alert("judgk:PID %d path_unlink\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_path_mkdir(struct path *dir,struct dentry *dentry,umode_t mode){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->path_mkdir(dir,dentry,mode);
- }
-
- pr_alert("judgk:PID %d path_mkdir\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_path_rmdir(struct path *dir,struct dentry *dentry){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->path_rmdir(dir,dentry);
- }
-
- pr_alert("judgk:PID %d path_rmdir\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_path_mknod(struct path *dir,struct dentry *dentry,umode_t mode,unsigned int dev){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->path_mknod(dir,dentry,mode,dev);
- }
-
- pr_alert("judgk:PID %d path_mknod\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_path_truncate(struct path *path){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->path_truncate(path);
- }
-
- pr_alert("judgk:PID %d path_truncate\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_path_symlink(struct path *dir,struct dentry *dentry,const char *old_name){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->path_symlink(dir,dentry,old_name);
- }
-
- pr_alert("judgk:PID %d path_symlink\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_path_link(struct dentry *old_dentry,struct path *new_dir,struct dentry *new_dentry){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->path_link(old_dentry,new_dir,new_dentry);
- }
-
- pr_alert("judgk:PID %d path_link\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_path_rename(struct path *old_dir,struct dentry *old_dentry,struct path *new_dir,struct dentry *new_dentry){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->path_rename(old_dir,old_dentry,new_dir,new_dentry);
- }
-
- pr_alert("judgk:PID %d path_rename\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_path_chmod(struct path *path,umode_t mode){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->path_chmod(path,mode);
- }
-
- pr_alert("judgk:PID %d path_chmod\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_path_chown(struct path *path,kuid_t uid,kgid_t gid){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->path_chown(path,uid,gid);
- }
-
- pr_alert("judgk:PID %d path_chown\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_path_chroot(struct path *path){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->path_chroot(path);
- }
-
- pr_alert("judgk:PID %d path_chroot\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-/*static int hook_inode_alloc_security(struct inode *inode){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->inode_alloc_security(inode);
- }
-
- pr_alert("judgk:PID %d inode_alloc_security\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static void hook_inode_free_security(struct inode *inode){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->inode_free_security(inode);
- }
-
- pr_alert("judgk:PID %d inode_free_security\n",current->tgid);
-
- security_hook_rf(info);
-}*/
-static int hook_inode_init_security(struct inode *inode,struct inode *dir,const struct qstr *qstr,char **name,void **value,size_t *len){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->inode_init_security(inode,dir,qstr,name,value,len);
- }
-
- pr_alert("judgk:PID %d inode_init_security\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_inode_create(struct inode *dir,struct dentry *dentry,umode_t mode){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->inode_create(dir,dentry,mode);
- }
-
- pr_alert("judgk:PID %d inode_create\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_inode_link(struct dentry *old_dentry,struct inode *dir,struct dentry *new_dentry){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->inode_link(old_dentry,dir,new_dentry);
- }
-
- pr_alert("judgk:PID %d inode_link\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_inode_unlink(struct inode *dir,struct dentry *dentry){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->inode_unlink(dir,dentry);
- }
-
- pr_alert("judgk:PID %d inode_unlink\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_inode_symlink(struct inode *dir,struct dentry *dentry,const char *old_name){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->inode_symlink(dir,dentry,old_name);
- }
-
- pr_alert("judgk:PID %d inode_symlink\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_inode_mkdir(struct inode *dir,struct dentry *dentry,umode_t mode){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->inode_mkdir(dir,dentry,mode);
- }
-
- pr_alert("judgk:PID %d inode_mkdir\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_inode_rmdir(struct inode *dir,struct dentry *dentry){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->inode_rmdir(dir,dentry);
- }
-
- pr_alert("judgk:PID %d inode_rmdir\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_inode_mknod(struct inode *dir,struct dentry *dentry,umode_t mode,dev_t dev){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->inode_mknod(dir,dentry,mode,dev);
- }
-
- pr_alert("judgk:PID %d inode_mknod\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_inode_rename(struct inode *old_dir,struct dentry *old_dentry,struct inode *new_dir,struct dentry *new_dentry){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->inode_rename(old_dir,old_dentry,new_dir,new_dentry);
- }
-
- pr_alert("judgk:PID %d inode_rename\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_inode_readlink(struct dentry *dentry){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->inode_readlink(dentry);
- }
-
- pr_alert("judgk:PID %d inode_readlink\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-/*static int hook_inode_follow_link(struct dentry *dentry,struct nameidata *nd){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->inode_follow_link(dentry,nd);
- }
-
- pr_alert("judgk:PID %d inode_follow_link\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}*/
-static int hook_inode_setattr(struct dentry *dentry,struct iattr *attr){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->inode_setattr(dentry,attr);
- }
-
- pr_alert("judgk:PID %d inode_setattr\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-/*static int hook_inode_getattr(struct vfsmount *mnt,struct dentry *dentry){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->inode_getattr(mnt,dentry);
- }
-
- pr_alert("judgk:PID %d inode_getattr\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}*/
-static int hook_inode_setxattr(struct dentry *dentry,const char *name,const void *value,size_t size,int flags){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->inode_setxattr(dentry,name,value,size,flags);
- }
-
- pr_alert("judgk:PID %d inode_setxattr\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static void hook_inode_post_setxattr(struct dentry *dentry,const char *name,const void *value,size_t size,int flags){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->inode_post_setxattr(dentry,name,value,size,flags);
- }
-
- pr_alert("judgk:PID %d inode_post_setxattr\n",current->tgid);
-
- security_hook_rf(info);
-}
-static int hook_inode_getxattr(struct dentry *dentry,const char *name){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->inode_getxattr(dentry,name);
- }
-
- pr_alert("judgk:PID %d inode_getxattr\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_inode_listxattr(struct dentry *dentry){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->inode_listxattr(dentry);
- }
-
- pr_alert("judgk:PID %d inode_listxattr\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_inode_removexattr(struct dentry *dentry,const char *name){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->inode_removexattr(dentry,name);
- }
-
- pr_alert("judgk:PID %d inode_removexattr\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_inode_need_killpriv(struct dentry *dentry){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->inode_need_killpriv(dentry);
- }
-
- pr_alert("judgk:PID %d inode_need_killpriv\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_inode_killpriv(struct dentry *dentry){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->inode_killpriv(dentry);
- }
-
- pr_alert("judgk:PID %d inode_killpriv\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_inode_getsecurity(const struct inode *inode,const char *name,void **buffer,bool alloc){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->inode_getsecurity(inode,name,buffer,alloc);
- }
-
- pr_alert("judgk:PID %d inode_getsecurity\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_inode_setsecurity(struct inode *inode,const char *name,const void *value,size_t size,int flags){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->inode_setsecurity(inode,name,value,size,flags);
- }
-
- pr_alert("judgk:PID %d inode_setsecurity\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_inode_listsecurity(struct inode *inode,char *buffer,size_t buffer_size){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->inode_listsecurity(inode,buffer,buffer_size);
- }
-
- pr_alert("judgk:PID %d inode_listsecurity\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static void hook_inode_getsecid(const struct inode *inode,u32 *secid){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->inode_getsecid(inode,secid);
- }
-
- pr_alert("judgk:PID %d inode_getsecid\n",current->tgid);
-
- security_hook_rf(info);
-}
-/*static int hook_file_alloc_security(struct file *file){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->file_alloc_security(file);
- }
-
- pr_alert("judgk:PID %d file_alloc_security\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static void hook_file_free_security(struct file *file){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->file_free_security(file);
- }
-
- pr_alert("judgk:PID %d file_free_security\n",current->tgid);
-
- security_hook_rf(info);
-}
-static int hook_mmap_addr(unsigned long addr){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->mmap_addr(addr);
- }
-
- pr_alert("judgk:PID %d mmap_addr\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_mmap_file(struct file *file,unsigned long reqprot,unsigned long prot,unsigned long flags){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->mmap_file(file,reqprot,prot,flags);
- }
-
- pr_alert("judgk:PID %d mmap_file\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_file_mprotect(struct vm_area_struct *vma,unsigned long reqprot,unsigned long prot){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->file_mprotect(vma,reqprot,prot);
- }
-
- pr_alert("judgk:PID %d file_mprotect\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}*/
-static int hook_file_lock(struct file *file,unsigned int cmd){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->file_lock(file,cmd);
- }
-
- pr_alert("judgk:PID %d file_lock\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_file_fcntl(struct file *file,unsigned int cmd,unsigned long arg){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->file_fcntl(file,cmd,arg);
- }
-
- pr_alert("judgk:PID %d file_fcntl\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_file_set_fowner(struct file *file){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->file_set_fowner(file);
- }
-
- pr_alert("judgk:PID %d file_set_fowner\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_file_send_sigiotask(struct task_struct *tsk,struct fown_struct *fown,int sig){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->file_send_sigiotask(tsk,fown,sig);
- }
-
- pr_alert("judgk:PID %d file_send_sigiotask\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_file_receive(struct file *file){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->file_receive(file);
- }
-
- pr_alert("judgk:PID %d file_receive\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_task_create(unsigned long clone_flags){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->task_create(clone_flags);
- }
-
- pr_alert("judgk:PID %d task_create\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-/*static void hook_task_free(struct task_struct *task){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->task_free(task);
- }
-
- pr_alert("judgk:PID %d task_free\n",current->tgid);
-
- security_hook_rf(info);
-}*/
-static int hook_cred_alloc_blank(struct cred *cred,gfp_t gfp){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->cred_alloc_blank(cred,gfp);
- }
-
- pr_alert("judgk:PID %d cred_alloc_blank\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-/*static void hook_cred_free(struct cred *cred){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->cred_free(cred);
- }
-
- pr_alert("judgk:PID %d cred_free\n",current->tgid);
-
- security_hook_rf(info);
-}
-static int hook_cred_prepare(struct cred *new,const struct cred *old,gfp_t gfp){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->cred_prepare(new,old,gfp);
- }
-
- pr_alert("judgk:PID %d cred_prepare\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}*/
-static void hook_cred_transfer(struct cred *new,const struct cred *old){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->cred_transfer(new,old);
- }
-
- pr_alert("judgk:PID %d cred_transfer\n",current->tgid);
-
- security_hook_rf(info);
-}
-static int hook_kernel_act_as(struct cred *new,u32 secid){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->kernel_act_as(new,secid);
- }
-
- pr_alert("judgk:PID %d kernel_act_as\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_kernel_create_files_as(struct cred *new,struct inode *inode){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->kernel_create_files_as(new,inode);
- }
-
- pr_alert("judgk:PID %d kernel_create_files_as\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_kernel_module_request(char *kmod_name){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->kernel_module_request(kmod_name);
- }
-
- pr_alert("judgk:PID %d kernel_module_request\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_task_fix_setuid(struct cred *new,const struct cred *old,int flags){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->task_fix_setuid(new,old,flags);
- }
-
- pr_alert("judgk:PID %d task_fix_setuid\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_task_setpgid(struct task_struct *p,pid_t pgid){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->task_setpgid(p,pgid);
- }
-
- pr_alert("judgk:PID %d task_setpgid\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_task_getpgid(struct task_struct *p){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->task_getpgid(p);
- }
-
- pr_alert("judgk:PID %d task_getpgid\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_task_getsid(struct task_struct *p){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->task_getsid(p);
- }
-
- pr_alert("judgk:PID %d task_getsid\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static void hook_task_getsecid(struct task_struct *p,u32 *secid){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->task_getsecid(p,secid);
- }
-
- pr_alert("judgk:PID %d task_getsecid\n",current->tgid);
-
- security_hook_rf(info);
-}
-static int hook_task_setnice(struct task_struct *p,int nice){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->task_setnice(p,nice);
- }
-
- pr_alert("judgk:PID %d task_setnice\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_task_setioprio(struct task_struct *p,int ioprio){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->task_setioprio(p,ioprio);
- }
-
- pr_alert("judgk:PID %d task_setioprio\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_task_getioprio(struct task_struct *p){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->task_getioprio(p);
- }
-
- pr_alert("judgk:PID %d task_getioprio\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_task_setrlimit(struct task_struct *p,unsigned int resource,struct rlimit *new_rlim){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->task_setrlimit(p,resource,new_rlim);
- }
-
- pr_alert("judgk:PID %d task_setrlimit\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_task_setscheduler(struct task_struct *p){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->task_setscheduler(p);
- }
-
- pr_alert("judgk:PID %d task_setscheduler\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_task_getscheduler(struct task_struct *p){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->task_getscheduler(p);
- }
-
- pr_alert("judgk:PID %d task_getscheduler\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_task_movememory(struct task_struct *p){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->task_movememory(p);
- }
-
- pr_alert("judgk:PID %d task_movememory\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_task_kill(struct task_struct *p,struct siginfo *siginfo,int sig,u32 secid){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->task_kill(p,siginfo,sig,secid);
- }
-
- pr_alert("judgk:PID %d task_kill\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_task_wait(struct task_struct *p){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->task_wait(p);
- }
-
- pr_alert("judgk:PID %d task_wait\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_task_prctl(int option,unsigned long arg2,unsigned long arg3,unsigned long arg4,unsigned long arg5){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->task_prctl(option,arg2,arg3,arg4,arg5);
- }
-
- pr_alert("judgk:PID %d task_prctl\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static void hook_task_to_inode(struct task_struct *p,struct inode *inode){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->task_to_inode(p,inode);
- }
-
- pr_alert("judgk:PID %d task_to_inode\n",current->tgid);
-
- security_hook_rf(info);
-}
-static int hook_ipc_permission(struct kern_ipc_perm *ipcp,short flag){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->ipc_permission(ipcp,flag);
- }
-
- pr_alert("judgk:PID %d ipc_permission\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static void hook_ipc_getsecid(struct kern_ipc_perm *ipcp,u32 *secid){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->ipc_getsecid(ipcp,secid);
- }
-
- pr_alert("judgk:PID %d ipc_getsecid\n",current->tgid);
-
- security_hook_rf(info);
-}
-static int hook_msg_msg_alloc_security(struct msg_msg *msg){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->msg_msg_alloc_security(msg);
- }
-
- pr_alert("judgk:PID %d msg_msg_alloc_security\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static void hook_msg_msg_free_security(struct msg_msg *msg){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->msg_msg_free_security(msg);
- }
-
- pr_alert("judgk:PID %d msg_msg_free_security\n",current->tgid);
-
- security_hook_rf(info);
-}
-static int hook_msg_queue_alloc_security(struct msg_queue *msq){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->msg_queue_alloc_security(msq);
- }
-
- pr_alert("judgk:PID %d msg_queue_alloc_security\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static void hook_msg_queue_free_security(struct msg_queue *msq){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->msg_queue_free_security(msq);
- }
-
- pr_alert("judgk:PID %d msg_queue_free_security\n",current->tgid);
-
- security_hook_rf(info);
-}
-static int hook_msg_queue_associate(struct msg_queue *msq,int msqflg){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->msg_queue_associate(msq,msqflg);
- }
-
- pr_alert("judgk:PID %d msg_queue_associate\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_msg_queue_msgctl(struct msg_queue *msq,int cmd){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->msg_queue_msgctl(msq,cmd);
- }
-
- pr_alert("judgk:PID %d msg_queue_msgctl\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_msg_queue_msgsnd(struct msg_queue *msq,struct msg_msg *msg,int msqflg){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->msg_queue_msgsnd(msq,msg,msqflg);
- }
-
- pr_alert("judgk:PID %d msg_queue_msgsnd\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_msg_queue_msgrcv(struct msg_queue *msq,struct msg_msg *msg,struct task_struct *target,long type,int mode){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->msg_queue_msgrcv(msq,msg,target,type,mode);
- }
-
- pr_alert("judgk:PID %d msg_queue_msgrcv\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_shm_alloc_security(struct shmid_kernel *shp){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->shm_alloc_security(shp);
- }
-
- pr_alert("judgk:PID %d shm_alloc_security\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static void hook_shm_free_security(struct shmid_kernel *shp){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->shm_free_security(shp);
- }
-
- pr_alert("judgk:PID %d shm_free_security\n",current->tgid);
-
- security_hook_rf(info);
-}
-static int hook_shm_associate(struct shmid_kernel *shp,int shmflg){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->shm_associate(shp,shmflg);
- }
-
- pr_alert("judgk:PID %d shm_associate\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_shm_shmctl(struct shmid_kernel *shp,int cmd){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->shm_shmctl(shp,cmd);
- }
-
- pr_alert("judgk:PID %d shm_shmctl\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_shm_shmat(struct shmid_kernel *shp,char __user *shmaddr,int shmflg){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->shm_shmat(shp,shmaddr,shmflg);
- }
-
- pr_alert("judgk:PID %d shm_shmat\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_sem_alloc_security(struct sem_array *sma){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->sem_alloc_security(sma);
- }
-
- pr_alert("judgk:PID %d sem_alloc_security\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static void hook_sem_free_security(struct sem_array *sma){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->sem_free_security(sma);
- }
-
- pr_alert("judgk:PID %d sem_free_security\n",current->tgid);
-
- security_hook_rf(info);
-}
-static int hook_sem_associate(struct sem_array *sma,int semflg){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->sem_associate(sma,semflg);
- }
-
- pr_alert("judgk:PID %d sem_associate\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_sem_semctl(struct sem_array *sma,int cmd){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->sem_semctl(sma,cmd);
- }
-
- pr_alert("judgk:PID %d sem_semctl\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_sem_semop(struct sem_array *sma,struct sembuf *sops,unsigned nsops,int alter){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->sem_semop(sma,sops,nsops,alter);
- }
-
- pr_alert("judgk:PID %d sem_semop\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_netlink_send(struct sock *sk,struct sk_buff *skb){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->netlink_send(sk,skb);
- }
-
- pr_alert("judgk:PID %d netlink_send\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_getprocattr(struct task_struct *p,char *name,char **value){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->getprocattr(p,name,value);
- }
-
- pr_alert("judgk:PID %d getprocattr\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_setprocattr(struct task_struct *p,char *name,void *value,size_t size){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->setprocattr(p,name,value,size);
- }
-
- pr_alert("judgk:PID %d setprocattr\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_secid_to_secctx(u32 secid,char **secdata,u32 *seclen){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->secid_to_secctx(secid,secdata,seclen);
- }
-
- pr_alert("judgk:PID %d secid_to_secctx\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_secctx_to_secid(const char *secdata,u32 seclen,u32 *secid){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->secctx_to_secid(secdata,seclen,secid);
- }
-
- pr_alert("judgk:PID %d secctx_to_secid\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static void hook_release_secctx(char *secdata,u32 seclen){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->release_secctx(secdata,seclen);
- }
-
- pr_alert("judgk:PID %d release_secctx\n",current->tgid);
-
- security_hook_rf(info);
-}
-static int hook_inode_notifysecctx(struct inode *inode,void *ctx,u32 ctxlen){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->inode_notifysecctx(inode,ctx,ctxlen);
- }
-
- pr_alert("judgk:PID %d inode_notifysecctx\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_inode_setsecctx(struct dentry *dentry,void *ctx,u32 ctxlen){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->inode_setsecctx(dentry,ctx,ctxlen);
- }
-
- pr_alert("judgk:PID %d inode_setsecctx\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_inode_getsecctx(struct inode *inode,void **ctx,u32 *ctxlen){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->inode_getsecctx(inode,ctx,ctxlen);
- }
-
- pr_alert("judgk:PID %d inode_getsecctx\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_unix_stream_connect(struct sock *sock,struct sock *other,struct sock *newsk){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->unix_stream_connect(sock,other,newsk);
- }
-
- pr_alert("judgk:PID %d unix_stream_connect\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_unix_may_send(struct socket *sock,struct socket *other){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->unix_may_send(sock,other);
- }
-
- pr_alert("judgk:PID %d unix_may_send\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_socket_create(int family,int type,int protocol,int kern){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->socket_create(family,type,protocol,kern);
- }
-
- pr_alert("judgk:PID %d socket_create\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_socket_post_create(struct socket *sock,int family,int type,int protocol,int kern){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->socket_post_create(sock,family,type,protocol,kern);
- }
-
- pr_alert("judgk:PID %d socket_post_create\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_socket_bind(struct socket *sock,struct sockaddr *address,int addrlen){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->socket_bind(sock,address,addrlen);
- }
-
- pr_alert("judgk:PID %d socket_bind\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_socket_connect(struct socket *sock,struct sockaddr *address,int addrlen){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->socket_connect(sock,address,addrlen);
- }
-
- pr_alert("judgk:PID %d socket_connect\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_socket_listen(struct socket *sock,int backlog){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->socket_listen(sock,backlog);
- }
-
- pr_alert("judgk:PID %d socket_listen\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_socket_accept(struct socket *sock,struct socket *newsock){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->socket_accept(sock,newsock);
- }
-
- pr_alert("judgk:PID %d socket_accept\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_socket_sendmsg(struct socket *sock,struct msghdr *msg,int size){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->socket_sendmsg(sock,msg,size);
- }
-
- pr_alert("judgk:PID %d socket_sendmsg\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_socket_recvmsg(struct socket *sock,struct msghdr *msg,int size,int flags){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->socket_recvmsg(sock,msg,size,flags);
- }
-
- pr_alert("judgk:PID %d socket_recvmsg\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_socket_getsockname(struct socket *sock){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->socket_getsockname(sock);
- }
-
- pr_alert("judgk:PID %d socket_getsockname\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_socket_getpeername(struct socket *sock){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->socket_getpeername(sock);
- }
-
- pr_alert("judgk:PID %d socket_getpeername\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_socket_getsockopt(struct socket *sock,int level,int optname){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->socket_getsockopt(sock,level,optname);
- }
-
- pr_alert("judgk:PID %d socket_getsockopt\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_socket_setsockopt(struct socket *sock,int level,int optname){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->socket_setsockopt(sock,level,optname);
- }
-
- pr_alert("judgk:PID %d socket_setsockopt\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_socket_shutdown(struct socket *sock,int how){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->socket_shutdown(sock,how);
- }
-
- pr_alert("judgk:PID %d socket_shutdown\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_socket_sock_rcv_skb(struct sock *sk,struct sk_buff *skb){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->socket_sock_rcv_skb(sk,skb);
- }
-
- pr_alert("judgk:PID %d socket_sock_rcv_skb\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_socket_getpeersec_stream(struct socket *sock,char __user *optval,int __user *optlen,unsigned len){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->socket_getpeersec_stream(sock,optval,optlen,len);
- }
-
- pr_alert("judgk:PID %d socket_getpeersec_stream\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_socket_getpeersec_dgram(struct socket *sock,struct sk_buff *skb,u32 *secid){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->socket_getpeersec_dgram(sock,skb,secid);
- }
-
- pr_alert("judgk:PID %d socket_getpeersec_dgram\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_sk_alloc_security(struct sock *sk,int family,gfp_t priority){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->sk_alloc_security(sk,family,priority);
- }
-
- pr_alert("judgk:PID %d sk_alloc_security\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static void hook_sk_free_security(struct sock *sk){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->sk_free_security(sk);
- }
-
- pr_alert("judgk:PID %d sk_free_security\n",current->tgid);
-
- security_hook_rf(info);
-}
-static void hook_sk_clone_security(const struct sock *sk,struct sock *newsk){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->sk_clone_security(sk,newsk);
- }
-
- pr_alert("judgk:PID %d sk_clone_security\n",current->tgid);
-
- security_hook_rf(info);
-}
-static void hook_sk_getsecid(struct sock *sk,u32 *secid){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->sk_getsecid(sk,secid);
- }
-
- pr_alert("judgk:PID %d sk_getsecid\n",current->tgid);
-
- security_hook_rf(info);
-}
-static void hook_sock_graft(struct sock *sk,struct socket *parent){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->sock_graft(sk,parent);
- }
-
- pr_alert("judgk:PID %d sock_graft\n",current->tgid);
-
- security_hook_rf(info);
-}
-static int hook_inet_conn_request(struct sock *sk,struct sk_buff *skb,struct request_sock *req){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->inet_conn_request(sk,skb,req);
- }
-
- pr_alert("judgk:PID %d inet_conn_request\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static void hook_inet_csk_clone(struct sock *newsk,const struct request_sock *req){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->inet_csk_clone(newsk,req);
- }
-
- pr_alert("judgk:PID %d inet_csk_clone\n",current->tgid);
-
- security_hook_rf(info);
-}
-static void hook_inet_conn_established(struct sock *sk,struct sk_buff *skb){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->inet_conn_established(sk,skb);
- }
-
- pr_alert("judgk:PID %d inet_conn_established\n",current->tgid);
-
- security_hook_rf(info);
-}
-static int hook_secmark_relabel_packet(u32 secid){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->secmark_relabel_packet(secid);
- }
-
- pr_alert("judgk:PID %d secmark_relabel_packet\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static void hook_secmark_refcount_inc(){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->secmark_refcount_inc();
- }
-
- pr_alert("judgk:PID %d secmark_refcount_inc\n",current->tgid);
-
- security_hook_rf(info);
-}
-static void hook_secmark_refcount_dec(){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->secmark_refcount_dec();
- }
-
- pr_alert("judgk:PID %d secmark_refcount_dec\n",current->tgid);
-
- security_hook_rf(info);
-}
-static void hook_req_classify_flow(const struct request_sock *req,struct flowi *fl){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->req_classify_flow(req,fl);
- }
-
- pr_alert("judgk:PID %d req_classify_flow\n",current->tgid);
-
- security_hook_rf(info);
-}
-static int hook_tun_dev_create(){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->tun_dev_create();
- }
-
- pr_alert("judgk:PID %d tun_dev_create\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_tun_dev_attach(struct sock *sk,void *security){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->tun_dev_attach(sk,security);
- }
-
- pr_alert("judgk:PID %d tun_dev_attach\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-/*static int hook_xfrm_policy_alloc_security(struct xfrm_sec_ctx **ctxp,struct xfrm_user_sec_ctx *sec_ctx){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->xfrm_policy_alloc_security(ctxp,sec_ctx);
- }
-
- pr_alert("judgk:PID %d xfrm_policy_alloc_security\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_xfrm_policy_clone_security(struct xfrm_sec_ctx *old_ctx,struct xfrm_sec_ctx **new_ctx){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->xfrm_policy_clone_security(old_ctx,new_ctx);
- }
-
- pr_alert("judgk:PID %d xfrm_policy_clone_security\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static void hook_xfrm_policy_free_security(struct xfrm_sec_ctx *ctx){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->xfrm_policy_free_security(ctx);
- }
-
- pr_alert("judgk:PID %d xfrm_policy_free_security\n",current->tgid);
-
- security_hook_rf(info);
-}
-static int hook_xfrm_policy_delete_security(struct xfrm_sec_ctx *ctx){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->xfrm_policy_delete_security(ctx);
- }
-
- pr_alert("judgk:PID %d xfrm_policy_delete_security\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_xfrm_state_alloc_security(struct xfrm_state *x,struct xfrm_user_sec_ctx *sec_ctx,u32 secid){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->xfrm_state_alloc_security(x,sec_ctx,secid);
- }
-
- pr_alert("judgk:PID %d xfrm_state_alloc_security\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static void hook_xfrm_state_free_security(struct xfrm_state *x){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->xfrm_state_free_security(x);
- }
-
- pr_alert("judgk:PID %d xfrm_state_free_security\n",current->tgid);
-
- security_hook_rf(info);
-}
-static int hook_xfrm_state_delete_security(struct xfrm_state *x){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->xfrm_state_delete_security(x);
- }
-
- pr_alert("judgk:PID %d xfrm_state_delete_security\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx,u32 fl_secid,u8 dir){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->xfrm_policy_lookup(ctx,fl_secid,dir);
- }
-
- pr_alert("judgk:PID %d xfrm_policy_lookup\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_xfrm_state_pol_flow_match(struct xfrm_state *x,struct xfrm_policy *xp,const struct flowi *fl){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->xfrm_state_pol_flow_match(x,xp,fl);
- }
-
- pr_alert("judgk:PID %d xfrm_state_pol_flow_match\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_xfrm_decode_session(struct sk_buff *skb,u32 *secid,int ckall){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->xfrm_decode_session(skb,secid,ckall);
- }
-
- pr_alert("judgk:PID %d xfrm_decode_session\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}*/
-static int hook_key_alloc(struct key *key,const struct cred *cred,unsigned long flags){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->key_alloc(key,cred,flags);
- }
-
- pr_alert("judgk:PID %d key_alloc\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static void hook_key_free(struct key *key){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->key_free(key);
- }
-
- pr_alert("judgk:PID %d key_free\n",current->tgid);
-
- security_hook_rf(info);
-}
-static int hook_key_permission(key_ref_t key_ref,const struct cred *cred,key_perm_t perm){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->key_permission(key_ref,cred,perm);
- }
-
- pr_alert("judgk:PID %d key_permission\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_key_getsecurity(struct key *key,char **_buffer){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->key_getsecurity(key,_buffer);
- }
-
- pr_alert("judgk:PID %d key_getsecurity\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_audit_rule_init(u32 field,u32 op,char *rulestr,void **lsmrule){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->audit_rule_init(field,op,rulestr,lsmrule);
- }
-
- pr_alert("judgk:PID %d audit_rule_init\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_audit_rule_known(struct audit_krule *krule){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->audit_rule_known(krule);
- }
-
- pr_alert("judgk:PID %d audit_rule_known\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static int hook_audit_rule_match(u32 secid,u32 field,u32 op,void *lsmrule,struct audit_context *actx){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->audit_rule_match(secid,field,op,lsmrule,actx);
- }
-
- pr_alert("judgk:PID %d audit_rule_match\n",current->tgid);
-
- security_hook_rf(info);
- return -EACCES;
-}
-static void hook_audit_rule_free(void *lsmrule){
- struct judgk_proc_info *info;
-
- info = judgk_proc_task_lookup(current);
- if(likely(info == NULL || in_interrupt())){
- return ori_sops->audit_rule_free(lsmrule);
- }
-
- pr_alert("judgk:PID %d audit_rule_free\n",current->tgid);
-
- security_hook_rf(info);
-}
diff --git a/toj/center/src/judgk_security.h b/toj/center/src/judgk_security.h
index 16d2534..1816786 100755
--- a/toj/center/src/judgk_security.h
+++ b/toj/center/src/judgk_security.h
@@ -1,197 +1,19 @@
static int security_init_hook(void);
+static unsigned long security_check(void);
static inline void security_hook_rf(struct judgk_proc_info *info);
static unsigned long security_meminfo_ino;
static unsigned long* security_hook_addr;
static struct security_operations *ori_sops;
static struct security_operations hook_sops;
+static void *security_block_code;
int judgk_security_hook(void);
int judgk_security_unhook(void);
+unsigned long judgk_security_checkaddr;
+
extern struct judgk_proc_info* judgk_proc_task_lookup(struct task_struct *task);
+extern void judgk_security_block(void);
+extern void judgk_security_blockend(void);
-static int hook_ptrace_access_check(struct task_struct *child,unsigned int mode);
-static int hook_ptrace_traceme(struct task_struct *parent);
-static int hook_capget(struct task_struct *target,kernel_cap_t *effective,kernel_cap_t *inheritable,kernel_cap_t *permitted);
-static int hook_capset(struct cred *new,const struct cred *old,const kernel_cap_t *effective,const kernel_cap_t *inheritable,const kernel_cap_t *permitted);
-//static int hook_capable(const struct cred *cred,struct user_namespace *ns,int cap,int audit);
-static int hook_quotactl(int cmds,int type,int id,struct super_block *sb);
-static int hook_quota_on(struct dentry *dentry);
-static int hook_syslog(int type);
-static int hook_settime(const struct timespec *ts,const struct timezone *tz);
-static int hook_vm_enough_memory(struct mm_struct *mm,long pages);
-//static int hook_bprm_set_creds(struct linux_binprm *bprm);
-//static int hook_bprm_check_security(struct linux_binprm *bprm);
-//static int hook_bprm_secureexec(struct linux_binprm *bprm);
-//static void hook_bprm_committing_creds(struct linux_binprm *bprm);
-//static void hook_bprm_committed_creds(struct linux_binprm *bprm);
-static int hook_sb_alloc_security(struct super_block *sb);
-static void hook_sb_free_security(struct super_block *sb);
-static int hook_sb_copy_data(char *orig,char *copy);
-static int hook_sb_remount(struct super_block *sb,void *data);
-static int hook_sb_kern_mount(struct super_block *sb,int flags,void *data);
-static int hook_sb_show_options(struct seq_file *m,struct super_block *sb);
-static int hook_sb_statfs(struct dentry *dentry);
-static int hook_sb_mount(const char *dev_name,struct path *path,const char *type,unsigned long flags,void *data);
-static int hook_sb_umount(struct vfsmount *mnt,int flags);
-static int hook_sb_pivotroot(struct path *old_path,struct path *new_path);
-static int hook_sb_set_mnt_opts(struct super_block *sb,struct security_mnt_opts *opts);
-static void hook_sb_clone_mnt_opts(const struct super_block *oldsb,struct super_block *newsb);
-static int hook_sb_parse_opts_str(char *options,struct security_mnt_opts *opts);
-static int hook_path_unlink(struct path *dir,struct dentry *dentry);
-static int hook_path_mkdir(struct path *dir,struct dentry *dentry,umode_t mode);
-static int hook_path_rmdir(struct path *dir,struct dentry *dentry);
-static int hook_path_mknod(struct path *dir,struct dentry *dentry,umode_t mode,unsigned int dev);
-static int hook_path_truncate(struct path *path);
-static int hook_path_symlink(struct path *dir,struct dentry *dentry,const char *old_name);
-static int hook_path_link(struct dentry *old_dentry,struct path *new_dir,struct dentry *new_dentry);
-static int hook_path_rename(struct path *old_dir,struct dentry *old_dentry,struct path *new_dir,struct dentry *new_dentry);
-static int hook_path_chmod(struct path *path,umode_t mode);
-static int hook_path_chown(struct path *path,kuid_t uid,kgid_t gid);
-static int hook_path_chroot(struct path *path);
-//static int hook_inode_alloc_security(struct inode *inode);
-//static void hook_inode_free_security(struct inode *inode);
-static int hook_inode_init_security(struct inode *inode,struct inode *dir,const struct qstr *qstr,char **name,void **value,size_t *len);
-static int hook_inode_create(struct inode *dir,struct dentry *dentry,umode_t mode);
-static int hook_inode_link(struct dentry *old_dentry,struct inode *dir,struct dentry *new_dentry);
-static int hook_inode_unlink(struct inode *dir,struct dentry *dentry);
-static int hook_inode_symlink(struct inode *dir,struct dentry *dentry,const char *old_name);
-static int hook_inode_mkdir(struct inode *dir,struct dentry *dentry,umode_t mode);
-static int hook_inode_rmdir(struct inode *dir,struct dentry *dentry);
-static int hook_inode_mknod(struct inode *dir,struct dentry *dentry,umode_t mode,dev_t dev);
-static int hook_inode_rename(struct inode *old_dir,struct dentry *old_dentry,struct inode *new_dir,struct dentry *new_dentry);
-static int hook_inode_readlink(struct dentry *dentry);
-//static int hook_inode_follow_link(struct dentry *dentry,struct nameidata *nd);
-static int hook_inode_permission(struct inode *inode,int mask);
-static int hook_inode_setattr(struct dentry *dentry,struct iattr *attr);
-//static int hook_inode_getattr(struct vfsmount *mnt,struct dentry *dentry);
-static int hook_inode_setxattr(struct dentry *dentry,const char *name,const void *value,size_t size,int flags);
-static void hook_inode_post_setxattr(struct dentry *dentry,const char *name,const void *value,size_t size,int flags);
-static int hook_inode_getxattr(struct dentry *dentry,const char *name);
-static int hook_inode_listxattr(struct dentry *dentry);
-static int hook_inode_removexattr(struct dentry *dentry,const char *name);
-static int hook_inode_need_killpriv(struct dentry *dentry);
-static int hook_inode_killpriv(struct dentry *dentry);
-static int hook_inode_getsecurity(const struct inode *inode,const char *name,void **buffer,bool alloc);
-static int hook_inode_setsecurity(struct inode *inode,const char *name,const void *value,size_t size,int flags);
-static int hook_inode_listsecurity(struct inode *inode,char *buffer,size_t buffer_size);
-static void hook_inode_getsecid(const struct inode *inode,u32 *secid);
-static int hook_file_permission(struct file *file,int mask);
-//static int hook_file_alloc_security(struct file *file);
-//static void hook_file_free_security(struct file *file);
-static int hook_file_ioctl(struct file *file,unsigned int cmd,unsigned long arg);
-//static int hook_mmap_addr(unsigned long addr);
-//static int hook_mmap_file(struct file *file,unsigned long reqprot,unsigned long prot,unsigned long flags);
-//static int hook_file_mprotect(struct vm_area_struct *vma,unsigned long reqprot,unsigned long prot);
-static int hook_file_lock(struct file *file,unsigned int cmd);
-static int hook_file_fcntl(struct file *file,unsigned int cmd,unsigned long arg);
-static int hook_file_set_fowner(struct file *file);
-static int hook_file_send_sigiotask(struct task_struct *tsk,struct fown_struct *fown,int sig);
-static int hook_file_receive(struct file *file);
-static int hook_file_open(struct file *file,const struct cred *cred);
-static int hook_task_create(unsigned long clone_flags);
-//static void hook_task_free(struct task_struct *task);
-static int hook_cred_alloc_blank(struct cred *cred,gfp_t gfp);
-//static void hook_cred_free(struct cred *cred);
-//static int hook_cred_prepare(struct cred *new,const struct cred *old,gfp_t gfp);
-static void hook_cred_transfer(struct cred *new,const struct cred *old);
-static int hook_kernel_act_as(struct cred *new,u32 secid);
-static int hook_kernel_create_files_as(struct cred *new,struct inode *inode);
-static int hook_kernel_module_request(char *kmod_name);
-static int hook_task_fix_setuid(struct cred *new,const struct cred *old,int flags);
-static int hook_task_setpgid(struct task_struct *p,pid_t pgid);
-static int hook_task_getpgid(struct task_struct *p);
-static int hook_task_getsid(struct task_struct *p);
-static void hook_task_getsecid(struct task_struct *p,u32 *secid);
-static int hook_task_setnice(struct task_struct *p,int nice);
-static int hook_task_setioprio(struct task_struct *p,int ioprio);
-static int hook_task_getioprio(struct task_struct *p);
-static int hook_task_setrlimit(struct task_struct *p,unsigned int resource,struct rlimit *new_rlim);
-static int hook_task_setscheduler(struct task_struct *p);
-static int hook_task_getscheduler(struct task_struct *p);
-static int hook_task_movememory(struct task_struct *p);
-static int hook_task_kill(struct task_struct *p,struct siginfo *siginfo,int sig,u32 secid);
-static int hook_task_wait(struct task_struct *p);
-static int hook_task_prctl(int option,unsigned long arg2,unsigned long arg3,unsigned long arg4,unsigned long arg5);
-static void hook_task_to_inode(struct task_struct *p,struct inode *inode);
-static int hook_ipc_permission(struct kern_ipc_perm *ipcp,short flag);
-static void hook_ipc_getsecid(struct kern_ipc_perm *ipcp,u32 *secid);
-static int hook_msg_msg_alloc_security(struct msg_msg *msg);
-static void hook_msg_msg_free_security(struct msg_msg *msg);
-static int hook_msg_queue_alloc_security(struct msg_queue *msq);
-static void hook_msg_queue_free_security(struct msg_queue *msq);
-static int hook_msg_queue_associate(struct msg_queue *msq,int msqflg);
-static int hook_msg_queue_msgctl(struct msg_queue *msq,int cmd);
-static int hook_msg_queue_msgsnd(struct msg_queue *msq,struct msg_msg *msg,int msqflg);
-static int hook_msg_queue_msgrcv(struct msg_queue *msq,struct msg_msg *msg,struct task_struct *target,long type,int mode);
-static int hook_shm_alloc_security(struct shmid_kernel *shp);
-static void hook_shm_free_security(struct shmid_kernel *shp);
-static int hook_shm_associate(struct shmid_kernel *shp,int shmflg);
-static int hook_shm_shmctl(struct shmid_kernel *shp,int cmd);
-static int hook_shm_shmat(struct shmid_kernel *shp,char __user *shmaddr,int shmflg);
-static int hook_sem_alloc_security(struct sem_array *sma);
-static void hook_sem_free_security(struct sem_array *sma);
-static int hook_sem_associate(struct sem_array *sma,int semflg);
-static int hook_sem_semctl(struct sem_array *sma,int cmd);
-static int hook_sem_semop(struct sem_array *sma,struct sembuf *sops,unsigned nsops,int alter);
-static int hook_netlink_send(struct sock *sk,struct sk_buff *skb);
-static void hook_d_instantiate(struct dentry *dentry,struct inode *inode);
-static int hook_getprocattr(struct task_struct *p,char *name,char **value);
-static int hook_setprocattr(struct task_struct *p,char *name,void *value,size_t size);
-static int hook_secid_to_secctx(u32 secid,char **secdata,u32 *seclen);
-static int hook_secctx_to_secid(const char *secdata,u32 seclen,u32 *secid);
-static void hook_release_secctx(char *secdata,u32 seclen);
-static int hook_inode_notifysecctx(struct inode *inode,void *ctx,u32 ctxlen);
-static int hook_inode_setsecctx(struct dentry *dentry,void *ctx,u32 ctxlen);
-static int hook_inode_getsecctx(struct inode *inode,void **ctx,u32 *ctxlen);
-static int hook_unix_stream_connect(struct sock *sock,struct sock *other,struct sock *newsk);
-static int hook_unix_may_send(struct socket *sock,struct socket *other);
-static int hook_socket_create(int family,int type,int protocol,int kern);
-static int hook_socket_post_create(struct socket *sock,int family,int type,int protocol,int kern);
-static int hook_socket_bind(struct socket *sock,struct sockaddr *address,int addrlen);
-static int hook_socket_connect(struct socket *sock,struct sockaddr *address,int addrlen);
-static int hook_socket_listen(struct socket *sock,int backlog);
-static int hook_socket_accept(struct socket *sock,struct socket *newsock);
-static int hook_socket_sendmsg(struct socket *sock,struct msghdr *msg,int size);
-static int hook_socket_recvmsg(struct socket *sock,struct msghdr *msg,int size,int flags);
-static int hook_socket_getsockname(struct socket *sock);
-static int hook_socket_getpeername(struct socket *sock);
-static int hook_socket_getsockopt(struct socket *sock,int level,int optname);
-static int hook_socket_setsockopt(struct socket *sock,int level,int optname);
-static int hook_socket_shutdown(struct socket *sock,int how);
-static int hook_socket_sock_rcv_skb(struct sock *sk,struct sk_buff *skb);
-static int hook_socket_getpeersec_stream(struct socket *sock,char __user *optval,int __user *optlen,unsigned len);
-static int hook_socket_getpeersec_dgram(struct socket *sock,struct sk_buff *skb,u32 *secid);
-static int hook_sk_alloc_security(struct sock *sk,int family,gfp_t priority);
-static void hook_sk_free_security(struct sock *sk);
-static void hook_sk_clone_security(const struct sock *sk,struct sock *newsk);
-static void hook_sk_getsecid(struct sock *sk,u32 *secid);
-static void hook_sock_graft(struct sock *sk,struct socket *parent);
-static int hook_inet_conn_request(struct sock *sk,struct sk_buff *skb,struct request_sock *req);
-static void hook_inet_csk_clone(struct sock *newsk,const struct request_sock *req);
-static void hook_inet_conn_established(struct sock *sk,struct sk_buff *skb);
-static int hook_secmark_relabel_packet(u32 secid);
-static void hook_secmark_refcount_inc(void);
-static void hook_secmark_refcount_dec(void);
-static void hook_req_classify_flow(const struct request_sock *req,struct flowi *fl);
-static int hook_tun_dev_create(void);
-static int hook_tun_dev_attach(struct sock *sk,void *security);
-/*static int hook_xfrm_policy_alloc_security(struct xfrm_sec_ctx **ctxp,struct xfrm_user_sec_ctx *sec_ctx);
-static int hook_xfrm_policy_clone_security(struct xfrm_sec_ctx *old_ctx,struct xfrm_sec_ctx **new_ctx);
-static void hook_xfrm_policy_free_security(struct xfrm_sec_ctx *ctx);
-static int hook_xfrm_policy_delete_security(struct xfrm_sec_ctx *ctx);
-static int hook_xfrm_state_alloc_security(struct xfrm_state *x,struct xfrm_user_sec_ctx *sec_ctx,u32 secid);
-static void hook_xfrm_state_free_security(struct xfrm_state *x);
-static int hook_xfrm_state_delete_security(struct xfrm_state *x);
-static int hook_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx,u32 fl_secid,u8 dir);
-static int hook_xfrm_state_pol_flow_match(struct xfrm_state *x,struct xfrm_policy *xp,const struct flowi *fl);
-static int hook_xfrm_decode_session(struct sk_buff *skb,u32 *secid,int ckall);*/
-static int hook_key_alloc(struct key *key,const struct cred *cred,unsigned long flags);
-static void hook_key_free(struct key *key);
-static int hook_key_permission(key_ref_t key_ref,const struct cred *cred,key_perm_t perm);
-static int hook_key_getsecurity(struct key *key,char **_buffer);
-static int hook_audit_rule_init(u32 field,u32 op,char *rulestr,void **lsmrule);
-static int hook_audit_rule_known(struct audit_krule *krule);
-static int hook_audit_rule_match(u32 secid,u32 field,u32 op,void *lsmrule,struct audit_context *actx);
-static void hook_audit_rule_free(void *lsmrule);
diff --git a/toj/center/src/judgk_security_asm.S b/toj/center/src/judgk_security_asm.S
new file mode 100644
index 0000000..80edf37
--- /dev/null
+++ b/toj/center/src/judgk_security_asm.S
@@ -0,0 +1,57 @@
+.code64
+.section .data //Don't run these code, just data for copy
+.global judgk_security_block
+.global judgk_security_blockend
+.extern judgk_security_checkaddr
+
+//First 8 bytes is original function address
+judgk_security_block:
+ push %rbx
+ push %rcx
+ push %rdx
+ push %rsi
+ push %rdi
+ push %rbp
+ push %r8
+ push %r9
+ push %r10
+ push %r11
+ push %r12
+ push %r13
+ push %r14
+ push %r15
+ pushfq
+
+ callq *(judgk_security_checkaddr)
+
+ popfq
+ pop %r15
+ pop %r14
+ pop %r13
+ pop %r12
+ pop %r11
+ pop %r10
+ pop %r9
+ pop %r8
+ pop %rbp
+ pop %rdi
+ pop %rsi
+ pop %rdx
+ pop %rcx
+ pop %rbx
+
+ test %rax,%rax
+ jnz .block
+
+ call .getrip
+.offset:
+ sub $(.offset - judgk_security_block + 8),%rax
+ jmp *(%rax)
+
+.block:
+ ret
+
+.getrip:
+ mov (%rsp),%rax
+ ret
+judgk_security_blockend: