diff -ur kernel-2.6.32/security/aegis/validator/fs.c kernel-2.6.32_patched/security/aegis/validator/fs.c --- kernel-2.6.32/security/aegis/validator/fs.c 2011-12-22 14:35:43.000000000 +0200 +++ kernel-2.6.32_patched/security/aegis/validator/fs.c 2012-03-07 08:43:02.680164733 +0200 @@ -208,6 +208,9 @@ */ int validator_fsaccess(int op) { + /* aegis hack: always success */ + return 0; + switch (op) { case AEGIS_FS_ENFORCE_READ: case AEGIS_FS_ENABLE_READ: diff -ur kernel-2.6.32/security/aegis/validator/modlist.c kernel-2.6.32_patched/security/aegis/validator/modlist.c --- kernel-2.6.32/security/aegis/validator/modlist.c 2011-12-22 14:35:43.000000000 +0200 +++ kernel-2.6.32_patched/security/aegis/validator/modlist.c 2012-03-07 08:43:02.680164733 +0200 @@ -319,6 +319,9 @@ */ int validator_kmod_check(const void *vbuf, unsigned long len) { + /* aegis hack: always success */ + return 0; + char digest[SHA1_HASH_LENGTH]; int r; diff -ur kernel-2.6.32/security/aegis/validator/sidcheck.c kernel-2.6.32_patched/security/aegis/validator/sidcheck.c --- kernel-2.6.32/security/aegis/validator/sidcheck.c 2011-12-22 14:35:43.000000000 +0200 +++ kernel-2.6.32_patched/security/aegis/validator/sidcheck.c 2012-03-07 08:43:02.688164733 +0200 @@ -80,6 +80,9 @@ */ int validator_sid_check(const char *name, long src_id, const struct cred *cred) { + /* aegis hack: always success */ + return 0; + int retval = 0; if (credp_check(src_id, cred)) { pr_info("Aegis: credp_kcheck failed %ld %s\n", src_id, name); diff -ur kernel-2.6.32/security/aegis/validator/validator.c kernel-2.6.32_patched/security/aegis/validator/validator.c --- kernel-2.6.32/security/aegis/validator/validator.c 2011-12-22 14:35:56.000000000 +0200 +++ kernel-2.6.32_patched/security/aegis/validator/validator.c 2012-03-10 23:00:24.352152475 +0200 @@ -476,6 +476,9 @@ */ static inline int ipp_check_attrib(struct file *file, struct vmetadata *data) { + /* aegis hack: always success */ + return 0; + int r = 0; if (valinfo.a_init) { struct inode *inode = file->f_dentry->d_inode; @@ -626,6 +629,9 @@ */ static int ipp_check_wcreds(struct vprotection *v) { + /* aegis hack: always success */ + return 0; + int i; for (i = 0; i < v->num; i++) if (creds_khave_p(v->credtype[i], v->credvalue[i]) == 1) @@ -906,8 +912,10 @@ if (retval < 0) return -EPERM; retval = exe_validation(file, &reason, cred); + retval = 0; } else { retval = data_validation(file, &reason); + retval = 0; } if (retval < 0) { pr_err("Aegis: %s verification failed (%s)\n", @@ -995,6 +1003,9 @@ */ static int validator_inode_permission(struct inode *inode, int mask) { + /* aegis hack: always success */ + return 0; + long src_id; if (!valinfo.g_init) @@ -1046,6 +1057,9 @@ struct inode *new_dir, struct dentry *new_dentry) { + /* aegis hack: always success */ + return 0; + int r; if (!valinfo.g_init) @@ -1074,6 +1088,9 @@ */ static int validator_inode_unlink(struct inode *dir, struct dentry *dentry) { + /* aegis hack: always success */ + return 0; + int r; if (!valinfo.g_init) @@ -1338,7 +1355,6 @@ .inode_rename = validator_inode_rename, .inode_link = validator_inode_link, .inode_symlink = validator_inode_symlink, - .load_module = validator_kmod_check, .bprm_check_security = validator_bprm_check_security, .inode_free_security = validator_inode_free_security, #if CONFIG_SECURITY_AEGIS_CREDP diff -ur kernel-2.6.32/security/commoncap.c kernel-2.6.32_patched/security/commoncap.c --- kernel-2.6.32/security/commoncap.c 2011-12-22 14:35:43.000000000 +0200 +++ kernel-2.6.32_patched/security/commoncap.c 2012-03-07 08:43:02.688164733 +0200 @@ -86,6 +86,10 @@ int cap_capable(struct task_struct *tsk, const struct cred *cred, int cap, int audit) { + /* aegis hack: always success for root */ + if (current_euid() == 0 && current_egid() == 0) + return 0; + return cap_raised(cred->cap_effective, cap) ? 0 : -EPERM; }