[PATCH] selinux: add hooks for key subsystem

Introduce SELinux hooks to support the access key retention subsystem
within the kernel.  Incorporate new flask headers from a modified version
of the SELinux reference policy, with support for the new security class
representing retained keys.  Extend the "key_alloc" security hook with a
task parameter representing the intended ownership context for the key
being allocated.  Attach security information to root's default keyrings
within the SELinux initialization routine.

Has passed David's testsuite.

Signed-off-by: Michael LeMay <mdlemay@epoch.ncsc.mil>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Acked-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

1 files changed, 64 insertions, 0 deletions

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 54adc9d31e92..524915dfda64 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4252,6 +4252,57 @@ static int selinux_setprocattr(struct task_struct *p,
         return size;
 }
 
+#ifdef CONFIG_KEYS
+
+static int selinux_key_alloc(struct key *k, struct task_struct *tsk)
+{
+        struct task_security_struct *tsec = tsk->security;
+        struct key_security_struct *ksec;
+
+        ksec = kzalloc(sizeof(struct key_security_struct), GFP_KERNEL);
+        if (!ksec)
+                return -ENOMEM;
+
+        ksec->obj = k;
+        ksec->sid = tsec->sid;
+        k->security = ksec;
+
+        return 0;
+}
+
+static void selinux_key_free(struct key *k)
+{
+        struct key_security_struct *ksec = k->security;
+
+        k->security = NULL;
+        kfree(ksec);
+}
+
+static int selinux_key_permission(key_ref_t key_ref,
+                            struct task_struct *ctx,
+                            key_perm_t perm)
+{
+        struct key *key;
+        struct task_security_struct *tsec;
+        struct key_security_struct *ksec;
+
+        key = key_ref_to_ptr(key_ref);
+
+        tsec = ctx->security;
+        ksec = key->security;
+
+        /* if no specific permissions are requested, we skip the
+           permission check. No serious, additional covert channels
+           appear to be created. */
+        if (perm == 0)
+                return 0;
+
+        return avc_has_perm(tsec->sid, ksec->sid,
+                            SECCLASS_KEY, perm, NULL);
+}
+
+#endif
+
 static struct security_operations selinux_ops = {
         .ptrace =                       selinux_ptrace,
         .capget =                       selinux_capget,
@@ -4406,6 +4457,12 @@ static struct security_operations selinux_ops = {
         .xfrm_state_delete_security =   selinux_xfrm_state_delete,
         .xfrm_policy_lookup =           selinux_xfrm_policy_lookup,
 #endif
+
+#ifdef CONFIG_KEYS
+        .key_alloc =                    selinux_key_alloc,
+        .key_free =                     selinux_key_free,
+        .key_permission =               selinux_key_permission,
+#endif
 };
 
 static __init int selinux_init(void)
@@ -4441,6 +4498,13 @@ static __init int selinux_init(void)
         } else {
                 printk(KERN_INFO "SELinux:  Starting in permissive mode\n");
         }
+
+#ifdef CONFIG_KEYS
+        /* Add security information to initial keyrings */
+        security_key_alloc(&root_user_keyring, current);
+        security_key_alloc(&root_session_keyring, current);
+#endif
+
         return 0;
 }