--- zzzz-none-000/linux-2.6.19.2/ipc/shm.c	2007-01-10 19:10:37.000000000 +0000
+++ davinci-8020-5505/linux-2.6.19.2/ipc/shm.c	2007-01-19 14:42:56.000000000 +0000
@@ -37,6 +37,7 @@
 #include <linux/seq_file.h>
 #include <linux/mutex.h>
 #include <linux/nsproxy.h>
+#include <linux/grsecurity.h>
 
 #include <asm/uaccess.h>
 
@@ -67,6 +68,14 @@
 static int sysvipc_shm_proc_show(struct seq_file *s, void *it);
 #endif
 
+#ifdef CONFIG_GRKERNSEC
+extern int gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
+			   const time_t shm_createtime, const uid_t cuid,
+			   const int shmid);
+extern int gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
+			   const time_t shm_createtime);
+#endif
+
 static void __ipc_init __shm_init_ns(struct ipc_namespace *ns, struct ipc_ids *ids)
 {
 	ns->ids[IPC_SHM_IDS] = ids;
@@ -79,6 +88,8 @@
 
 static void do_shm_rmid(struct ipc_namespace *ns, struct shmid_kernel *shp)
 {
+	gr_log_shmrm(shp->shm_perm.uid, shp->shm_perm.cuid);
+
 	if (shp->shm_nattch){
 		shp->shm_perm.mode |= SHM_DEST;
 		/* Do not find it any more */
@@ -116,7 +127,6 @@
 	}
 	mutex_unlock(&shm_ids(ns).mutex);
 
-	ipc_fini_ids(ns->ids[IPC_SHM_IDS]);
 	kfree(ns->ids[IPC_SHM_IDS]);
 	ns->ids[IPC_SHM_IDS] = NULL;
 }
@@ -216,6 +226,17 @@
 	shp->shm_lprid = current->tgid;
 	shp->shm_dtim = get_seconds();
 	shp->shm_nattch--;
+#ifdef CONFIG_GRKERNSEC_SHM
+	if (grsec_enable_shm) {
+		if (shp->shm_nattch == 0) {
+			shp->shm_perm.mode |= SHM_DEST;
+			shm_destroy(ns, shp);
+		} else
+			shm_unlock(shp);
+		mutex_unlock(&shm_ids(ns).mutex);
+		return;
+	}
+#endif
 	if(shp->shm_nattch == 0 &&
 	   shp->shm_perm.mode & SHM_DEST)
 		shm_destroy(ns, shp);
@@ -326,6 +347,9 @@
 	shp->shm_lprid = 0;
 	shp->shm_atim = shp->shm_dtim = 0;
 	shp->shm_ctim = get_seconds();
+#ifdef CONFIG_GRKERNSEC
+	shp->shm_createtime = get_seconds();
+#endif
 	shp->shm_segsz = size;
 	shp->shm_nattch = 0;
 	shp->id = shm_buildid(ns, id, shp->shm_perm.seq);
@@ -385,6 +409,8 @@
 	}
 	mutex_unlock(&shm_ids(ns).mutex);
 
+	gr_log_shmget(err, shmflg, size);
+
 	return err;
 }
 
@@ -842,9 +868,27 @@
 		return err;
 	}
 		
+#ifdef CONFIG_GRKERNSEC
+	if (!gr_handle_shmat(shp->shm_cprid, shp->shm_lapid, shp->shm_createtime,
+			     shp->shm_perm.cuid, shmid)) {
+		shm_unlock(shp);
+		return -EACCES;
+	}
+
+	if (!gr_chroot_shmat(shp->shm_cprid, shp->shm_lapid, shp->shm_createtime)) {
+		shm_unlock(shp);
+		return -EACCES;
+	}
+#endif
+
 	file = shp->shm_file;
 	size = i_size_read(file->f_dentry->d_inode);
 	shp->shm_nattch++;
+
+#ifdef CONFIG_GRKERNSEC
+	shp->shm_lapid = current->pid;
+#endif
+
 	shm_unlock(shp);
 
 	down_write(&current->mm->mmap_sem);
@@ -1014,3 +1058,27 @@
 			  shp->shm_ctim);
 }
 #endif
+
+void gr_shm_exit(struct task_struct *task)
+{
+#ifdef CONFIG_GRKERNSEC_SHM
+	int i;
+	struct shmid_kernel *shp;
+	struct ipc_namespace *ns;
+
+	ns = current->nsproxy->ipc_ns;
+
+	if (!grsec_enable_shm)
+		return;
+
+	for (i = 0; i <= shm_ids(ns).max_id; i++) {
+		shp = shm_get(ns, i);
+		if (shp && (shp->shm_cprid == task->pid) &&
+		    (shp->shm_nattch <= 0)) {
+			shp->shm_perm.mode |= SHM_DEST;
+			shm_destroy(ns, shp);
+		}
+	}
+#endif
+	return;
+}