diff options
| author | Michael LeMay <mdlemay@epoch.ncsc.mil> | 2006-06-22 17:47:17 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-06-22 18:05:55 -0400 |
| commit | d720024e94de4e8b7f10ee83c532926f3ad5d708 (patch) | |
| tree | 8f21613c29a26bfbeb334cb0104b8b998b09fbdc /include/linux/security.h | |
| parent | f893afbe1262e27e91234506f72e17716190dd2f (diff) | |
[PATCH] selinux: add hooks for key subsystem
Introduce SELinux hooks to support the access key retention subsystem
within the kernel. Incorporate new flask headers from a modified version
of the SELinux reference policy, with support for the new security class
representing retained keys. Extend the "key_alloc" security hook with a
task parameter representing the intended ownership context for the key
being allocated. Attach security information to root's default keyrings
within the SELinux initialization routine.
Has passed David's testsuite.
Signed-off-by: Michael LeMay <mdlemay@epoch.ncsc.mil>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Acked-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'include/linux/security.h')
| -rw-r--r-- | include/linux/security.h | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 4dfb1b84a9b3..47722d355532 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
| @@ -1313,7 +1313,7 @@ struct security_operations { | |||
| 1313 | 1313 | ||
| 1314 | /* key management security hooks */ | 1314 | /* key management security hooks */ |
| 1315 | #ifdef CONFIG_KEYS | 1315 | #ifdef CONFIG_KEYS |
| 1316 | int (*key_alloc)(struct key *key); | 1316 | int (*key_alloc)(struct key *key, struct task_struct *tsk); |
| 1317 | void (*key_free)(struct key *key); | 1317 | void (*key_free)(struct key *key); |
| 1318 | int (*key_permission)(key_ref_t key_ref, | 1318 | int (*key_permission)(key_ref_t key_ref, |
| 1319 | struct task_struct *context, | 1319 | struct task_struct *context, |
| @@ -3008,9 +3008,10 @@ static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid | |||
| 3008 | 3008 | ||
| 3009 | #ifdef CONFIG_KEYS | 3009 | #ifdef CONFIG_KEYS |
| 3010 | #ifdef CONFIG_SECURITY | 3010 | #ifdef CONFIG_SECURITY |
| 3011 | static inline int security_key_alloc(struct key *key) | 3011 | static inline int security_key_alloc(struct key *key, |
| 3012 | struct task_struct *tsk) | ||
| 3012 | { | 3013 | { |
| 3013 | return security_ops->key_alloc(key); | 3014 | return security_ops->key_alloc(key, tsk); |
| 3014 | } | 3015 | } |
| 3015 | 3016 | ||
| 3016 | static inline void security_key_free(struct key *key) | 3017 | static inline void security_key_free(struct key *key) |
| @@ -3027,7 +3028,8 @@ static inline int security_key_permission(key_ref_t key_ref, | |||
| 3027 | 3028 | ||
| 3028 | #else | 3029 | #else |
| 3029 | 3030 | ||
| 3030 | static inline int security_key_alloc(struct key *key) | 3031 | static inline int security_key_alloc(struct key *key, |
| 3032 | struct task_struct *tsk) | ||
| 3031 | { | 3033 | { |
| 3032 | return 0; | 3034 | return 0; |
| 3033 | } | 3035 | } |