summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorMichael LeMay <mdlemay@epoch.ncsc.mil>2006-06-22 14:47:17 -0700
committerLinus Torvalds <torvalds@g5.osdl.org>2006-06-22 15:05:55 -0700
commitd720024e94de4e8b7f10ee83c532926f3ad5d708 (patch)
tree8f21613c29a26bfbeb334cb0104b8b998b09fbdc /include
parentf893afbe1262e27e91234506f72e17716190dd2f (diff)
downloadop-kernel-dev-d720024e94de4e8b7f10ee83c532926f3ad5d708.zip
op-kernel-dev-d720024e94de4e8b7f10ee83c532926f3ad5d708.tar.gz
[PATCH] selinux: add hooks for key subsystem
Introduce SELinux hooks to support the access key retention subsystem within the kernel. Incorporate new flask headers from a modified version of the SELinux reference policy, with support for the new security class representing retained keys. Extend the "key_alloc" security hook with a task parameter representing the intended ownership context for the key being allocated. Attach security information to root's default keyrings within the SELinux initialization routine. Has passed David's testsuite. Signed-off-by: Michael LeMay <mdlemay@epoch.ncsc.mil> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org> Acked-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'include')
-rw-r--r--include/linux/key.h18
-rw-r--r--include/linux/security.h10
2 files changed, 19 insertions, 9 deletions
diff --git a/include/linux/key.h b/include/linux/key.h
index cbf464a..8c275d1 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -241,8 +241,9 @@ extern void unregister_key_type(struct key_type *ktype);
extern struct key *key_alloc(struct key_type *type,
const char *desc,
- uid_t uid, gid_t gid, key_perm_t perm,
- int not_in_quota);
+ uid_t uid, gid_t gid,
+ struct task_struct *ctx,
+ key_perm_t perm, int not_in_quota);
extern int key_payload_reserve(struct key *key, size_t datalen);
extern int key_instantiate_and_link(struct key *key,
const void *data,
@@ -292,7 +293,9 @@ extern int key_unlink(struct key *keyring,
struct key *key);
extern struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
- int not_in_quota, struct key *dest);
+ struct task_struct *ctx,
+ int not_in_quota,
+ struct key *dest);
extern int keyring_clear(struct key *keyring);
@@ -313,7 +316,8 @@ extern void keyring_replace_payload(struct key *key, void *replacement);
* the userspace interface
*/
extern struct key root_user_keyring, root_session_keyring;
-extern int alloc_uid_keyring(struct user_struct *user);
+extern int alloc_uid_keyring(struct user_struct *user,
+ struct task_struct *ctx);
extern void switch_uid_keyring(struct user_struct *new_user);
extern int copy_keys(unsigned long clone_flags, struct task_struct *tsk);
extern int copy_thread_group_keys(struct task_struct *tsk);
@@ -342,7 +346,7 @@ extern void key_init(void);
#define make_key_ref(k) ({ NULL; })
#define key_ref_to_ptr(k) ({ NULL; })
#define is_key_possessed(k) 0
-#define alloc_uid_keyring(u) 0
+#define alloc_uid_keyring(u,c) 0
#define switch_uid_keyring(u) do { } while(0)
#define __install_session_keyring(t, k) ({ NULL; })
#define copy_keys(f,t) 0
@@ -355,6 +359,10 @@ extern void key_init(void);
#define key_fsgid_changed(t) do { } while(0)
#define key_init() do { } while(0)
+/* Initial keyrings */
+extern struct key root_user_keyring;
+extern struct key root_session_keyring;
+
#endif /* CONFIG_KEYS */
#endif /* __KERNEL__ */
#endif /* _LINUX_KEY_H */
diff --git a/include/linux/security.h b/include/linux/security.h
index 4dfb1b8..47722d3 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1313,7 +1313,7 @@ struct security_operations {
/* key management security hooks */
#ifdef CONFIG_KEYS
- int (*key_alloc)(struct key *key);
+ int (*key_alloc)(struct key *key, struct task_struct *tsk);
void (*key_free)(struct key *key);
int (*key_permission)(key_ref_t key_ref,
struct task_struct *context,
@@ -3008,9 +3008,10 @@ static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid
#ifdef CONFIG_KEYS
#ifdef CONFIG_SECURITY
-static inline int security_key_alloc(struct key *key)
+static inline int security_key_alloc(struct key *key,
+ struct task_struct *tsk)
{
- return security_ops->key_alloc(key);
+ return security_ops->key_alloc(key, tsk);
}
static inline void security_key_free(struct key *key)
@@ -3027,7 +3028,8 @@ static inline int security_key_permission(key_ref_t key_ref,
#else
-static inline int security_key_alloc(struct key *key)
+static inline int security_key_alloc(struct key *key,
+ struct task_struct *tsk)
{
return 0;
}
OpenPOWER on IntegriCloud