--- linux-2.2.15/kernel/signal.c	Thu May  4 02:16:53 2000
+++ linux-2.2.15-rsbac-1.0.9b/kernel/signal.c	Mon Jun  5 16:34:54 2000
@@ -15,6 +15,11 @@
 
 #include <asm/uaccess.h>
 
+/* RSBAC */
+#ifdef CONFIG_RSBAC
+#include <rsbac/adf.h>
+#endif
+
 /*
  * SLAB caches for signal bits.
  */
@@ -255,6 +260,12 @@
 	unsigned long flags;
 	int ret;
 
+        /* RSBAC */
+        #ifdef CONFIG_RSBAC
+        union rsbac_target_id_t       rsbac_target_id;
+        union rsbac_attribute_value_t rsbac_attribute_value;
+        #endif
+
 #if DEBUG_SIG
 printk("SIG queue (%s:%d): %d ", t->comm, t->pid, sig);
 #endif
@@ -262,13 +273,33 @@
 	ret = -EINVAL;
 	if (sig < 0 || sig > _NSIG)
 		goto out_nolock;
+
+        /* RSBAC */
+        #ifdef CONFIG_RSBAC
+        if (rsbac_debug_aef)
+          printk(KERN_DEBUG "send_sig_info() [sys_kill etc.]: calling ADF\n");
+        rsbac_target_id.process = t->pid;
+        rsbac_attribute_value.signal = sig;
+        #endif
+
 	/* The somewhat baroque permissions check... */
 	ret = -EPERM;
 	if ((!info || ((unsigned long)info != 1 && SI_FROMUSER(info)))
 	    && ((sig != SIGCONT) || (current->session != t->session))
 	    && (current->euid ^ t->suid) && (current->euid ^ t->uid)
 	    && (current->uid ^ t->suid) && (current->uid ^ t->uid)
-	    && !capable(CAP_KILL))
+	    && (   !capable(CAP_KILL)
+		/* RSBAC */
+		#ifdef CONFIG_RSBAC
+		|| !rsbac_adf_request(R_SEND_SIGNAL,
+				      current->pid,
+				      T_PROCESS,
+				      rsbac_target_id,
+				      A_signal,
+				      rsbac_attribute_value)
+		#endif
+	       )
+	    )
 		goto out_nolock;
 
 	/* The null signal is a permissions and process existance probe.