aboutsummaryrefslogtreecommitdiffstats
path: root/security/keys/key.c
diff options
context:
space:
mode:
authorMichael LeMay <mdlemay@epoch.ncsc.mil>2006-06-22 17:47:17 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2006-06-22 18:05:55 -0400
commitd720024e94de4e8b7f10ee83c532926f3ad5d708 (patch)
tree8f21613c29a26bfbeb334cb0104b8b998b09fbdc /security/keys/key.c
parentf893afbe1262e27e91234506f72e17716190dd2f (diff)
[PATCH] selinux: add hooks for key subsystem
Introduce SELinux hooks to support the access key retention subsystem within the kernel. Incorporate new flask headers from a modified version of the SELinux reference policy, with support for the new security class representing retained keys. Extend the "key_alloc" security hook with a task parameter representing the intended ownership context for the key being allocated. Attach security information to root's default keyrings within the SELinux initialization routine. Has passed David's testsuite. Signed-off-by: Michael LeMay <mdlemay@epoch.ncsc.mil> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org> Acked-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'security/keys/key.c')
-rw-r--r--security/keys/key.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/security/keys/key.c b/security/keys/key.c
index 3fdc49c6a02c..14a15abb7735 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -247,8 +247,8 @@ static inline void key_alloc_serial(struct key *key)
247 * instantiate the key or discard it before returning 247 * instantiate the key or discard it before returning
248 */ 248 */
249struct key *key_alloc(struct key_type *type, const char *desc, 249struct key *key_alloc(struct key_type *type, const char *desc,
250 uid_t uid, gid_t gid, key_perm_t perm, 250 uid_t uid, gid_t gid, struct task_struct *ctx,
251 int not_in_quota) 251 key_perm_t perm, int not_in_quota)
252{ 252{
253 struct key_user *user = NULL; 253 struct key_user *user = NULL;
254 struct key *key; 254 struct key *key;
@@ -318,7 +318,7 @@ struct key *key_alloc(struct key_type *type, const char *desc,
318#endif 318#endif
319 319
320 /* let the security module know about the key */ 320 /* let the security module know about the key */
321 ret = security_key_alloc(key); 321 ret = security_key_alloc(key, ctx);
322 if (ret < 0) 322 if (ret < 0)
323 goto security_error; 323 goto security_error;
324 324
@@ -822,7 +822,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
822 822
823 /* allocate a new key */ 823 /* allocate a new key */
824 key = key_alloc(ktype, description, current->fsuid, current->fsgid, 824 key = key_alloc(ktype, description, current->fsuid, current->fsgid,
825 perm, not_in_quota); 825 current, perm, not_in_quota);
826 if (IS_ERR(key)) { 826 if (IS_ERR(key)) {
827 key_ref = ERR_PTR(PTR_ERR(key)); 827 key_ref = ERR_PTR(PTR_ERR(key));
828 goto error_3; 828 goto error_3;