[PATCH] selinux: add hooks for key subsystem

Introduce SELinux hooks to support the access key retention subsystem
within the kernel.  Incorporate new flask headers from a modified version
of the SELinux reference policy, with support for the new security class
representing retained keys.  Extend the "key_alloc" security hook with a
task parameter representing the intended ownership context for the key
being allocated.  Attach security information to root's default keyrings
within the SELinux initialization routine.

Has passed David's testsuite.

Signed-off-by: Michael LeMay <mdlemay@epoch.ncsc.mil>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Acked-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

1 files changed, 4 insertions, 2 deletions

diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index f030a0ccbb93..eab66a06ca53 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -48,7 +48,8 @@ static int call_sbin_request_key(struct key *key,
         /* allocate a new session keyring */
         sprintf(desc, "_req.%u", key->serial);
 
-        keyring = keyring_alloc(desc, current->fsuid, current->fsgid, 1, NULL);
+        keyring = keyring_alloc(desc, current->fsuid, current->fsgid,
+                                current, 1, NULL);
         if (IS_ERR(keyring)) {
                 ret = PTR_ERR(keyring);
                 goto error_alloc;
@@ -137,7 +138,8 @@ static struct key *__request_key_construction(struct key_type *type,
 
         /* create a key and add it to the queue */
         key = key_alloc(type, description,
-                        current->fsuid, current->fsgid, KEY_POS_ALL, 0);
+                        current->fsuid, current->fsgid,
+                        current, KEY_POS_ALL, 0);
         if (IS_ERR(key))
                 goto alloc_failed;