diff options
author | Michael LeMay <mdlemay@epoch.ncsc.mil> | 2006-06-22 17:47:17 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-06-22 18:05:55 -0400 |
commit | d720024e94de4e8b7f10ee83c532926f3ad5d708 (patch) | |
tree | 8f21613c29a26bfbeb334cb0104b8b998b09fbdc /security/keys/key.c | |
parent | f893afbe1262e27e91234506f72e17716190dd2f (diff) |
[PATCH] selinux: add hooks for key subsystem
Introduce SELinux hooks to support the access key retention subsystem
within the kernel. Incorporate new flask headers from a modified version
of the SELinux reference policy, with support for the new security class
representing retained keys. Extend the "key_alloc" security hook with a
task parameter representing the intended ownership context for the key
being allocated. Attach security information to root's default keyrings
within the SELinux initialization routine.
Has passed David's testsuite.
Signed-off-by: Michael LeMay <mdlemay@epoch.ncsc.mil>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Acked-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'security/keys/key.c')
-rw-r--r-- | security/keys/key.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/security/keys/key.c b/security/keys/key.c index 3fdc49c6a02c..14a15abb7735 100644 --- a/security/keys/key.c +++ b/security/keys/key.c | |||
@@ -247,8 +247,8 @@ static inline void key_alloc_serial(struct key *key) | |||
247 | * instantiate the key or discard it before returning | 247 | * instantiate the key or discard it before returning |
248 | */ | 248 | */ |
249 | struct key *key_alloc(struct key_type *type, const char *desc, | 249 | struct key *key_alloc(struct key_type *type, const char *desc, |
250 | uid_t uid, gid_t gid, key_perm_t perm, | 250 | uid_t uid, gid_t gid, struct task_struct *ctx, |
251 | int not_in_quota) | 251 | key_perm_t perm, int not_in_quota) |
252 | { | 252 | { |
253 | struct key_user *user = NULL; | 253 | struct key_user *user = NULL; |
254 | struct key *key; | 254 | struct key *key; |
@@ -318,7 +318,7 @@ struct key *key_alloc(struct key_type *type, const char *desc, | |||
318 | #endif | 318 | #endif |
319 | 319 | ||
320 | /* let the security module know about the key */ | 320 | /* let the security module know about the key */ |
321 | ret = security_key_alloc(key); | 321 | ret = security_key_alloc(key, ctx); |
322 | if (ret < 0) | 322 | if (ret < 0) |
323 | goto security_error; | 323 | goto security_error; |
324 | 324 | ||
@@ -822,7 +822,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, | |||
822 | 822 | ||
823 | /* allocate a new key */ | 823 | /* allocate a new key */ |
824 | key = key_alloc(ktype, description, current->fsuid, current->fsgid, | 824 | key = key_alloc(ktype, description, current->fsuid, current->fsgid, |
825 | perm, not_in_quota); | 825 | current, perm, not_in_quota); |
826 | if (IS_ERR(key)) { | 826 | if (IS_ERR(key)) { |
827 | key_ref = ERR_PTR(PTR_ERR(key)); | 827 | key_ref = ERR_PTR(PTR_ERR(key)); |
828 | goto error_3; | 828 | goto error_3; |