aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux
diff options
context:
space:
mode:
authorMichael LeMay <mdlemay@epoch.ncsc.mil>2006-06-26 03:24:57 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2006-06-26 12:58:18 -0400
commit4eb582cf1fbd7b9e5f466e3718a59c957e75254e (patch)
tree4387e460a50efa8d46a54526d0cf0959c0e3b428 /security/selinux
parent06ec7be557a1259611d6093a00463c42650dc71a (diff)
[PATCH] keys: add a way to store the appropriate context for newly-created keys
Add a /proc/<pid>/attr/keycreate entry that stores the appropriate context for newly-created keys. Modify the selinux_key_alloc hook to make use of the new entry. Update the flask headers to include a new "setkeycreate" permission for processes. Update the flask headers to include a new "create" permission for keys. Use the create permission to restrict which SIDs each task can assign to newly-created keys. Add a new parameter to the security hook "security_key_alloc" to indicate whether it is being invoked by the kernel, or from userspace. If it is being invoked by the kernel, the security hook should never fail. Update the documentation to reflect these changes. Signed-off-by: Michael LeMay <mdlemay@epoch.ncsc.mil> Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'security/selinux')
-rw-r--r--security/selinux/hooks.c35
-rw-r--r--security/selinux/include/av_perm_to_string.h2
-rw-r--r--security/selinux/include/av_permissions.h3
-rw-r--r--security/selinux/include/objsec.h1
4 files changed, 34 insertions, 7 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 13384fef0d60..0d8b27513bdc 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1099,6 +1099,17 @@ static int may_create(struct inode *dir,
1099 FILESYSTEM__ASSOCIATE, &ad); 1099 FILESYSTEM__ASSOCIATE, &ad);
1100} 1100}
1101 1101
1102/* Check whether a task can create a key. */
1103static int may_create_key(u32 ksid,
1104 struct task_struct *ctx)
1105{
1106 struct task_security_struct *tsec;
1107
1108 tsec = ctx->security;
1109
1110 return avc_has_perm(tsec->sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);
1111}
1112
1102#define MAY_LINK 0 1113#define MAY_LINK 0
1103#define MAY_UNLINK 1 1114#define MAY_UNLINK 1
1104#define MAY_RMDIR 2 1115#define MAY_RMDIR 2
@@ -4150,6 +4161,8 @@ static int selinux_getprocattr(struct task_struct *p,
4150 sid = tsec->exec_sid; 4161 sid = tsec->exec_sid;
4151 else if (!strcmp(name, "fscreate")) 4162 else if (!strcmp(name, "fscreate"))
4152 sid = tsec->create_sid; 4163 sid = tsec->create_sid;
4164 else if (!strcmp(name, "keycreate"))
4165 sid = tsec->keycreate_sid;
4153 else 4166 else
4154 return -EINVAL; 4167 return -EINVAL;
4155 4168
@@ -4182,6 +4195,8 @@ static int selinux_setprocattr(struct task_struct *p,
4182 error = task_has_perm(current, p, PROCESS__SETEXEC); 4195 error = task_has_perm(current, p, PROCESS__SETEXEC);
4183 else if (!strcmp(name, "fscreate")) 4196 else if (!strcmp(name, "fscreate"))
4184 error = task_has_perm(current, p, PROCESS__SETFSCREATE); 4197 error = task_has_perm(current, p, PROCESS__SETFSCREATE);
4198 else if (!strcmp(name, "keycreate"))
4199 error = task_has_perm(current, p, PROCESS__SETKEYCREATE);
4185 else if (!strcmp(name, "current")) 4200 else if (!strcmp(name, "current"))
4186 error = task_has_perm(current, p, PROCESS__SETCURRENT); 4201 error = task_has_perm(current, p, PROCESS__SETCURRENT);
4187 else 4202 else
@@ -4211,7 +4226,12 @@ static int selinux_setprocattr(struct task_struct *p,
4211 tsec->exec_sid = sid; 4226 tsec->exec_sid = sid;
4212 else if (!strcmp(name, "fscreate")) 4227 else if (!strcmp(name, "fscreate"))
4213 tsec->create_sid = sid; 4228 tsec->create_sid = sid;
4214 else if (!strcmp(name, "current")) { 4229 else if (!strcmp(name, "keycreate")) {
4230 error = may_create_key(sid, p);
4231 if (error)
4232 return error;
4233 tsec->keycreate_sid = sid;
4234 } else if (!strcmp(name, "current")) {
4215 struct av_decision avd; 4235 struct av_decision avd;
4216 4236
4217 if (sid == 0) 4237 if (sid == 0)
@@ -4275,7 +4295,10 @@ static int selinux_key_alloc(struct key *k, struct task_struct *tsk,
4275 return -ENOMEM; 4295 return -ENOMEM;
4276 4296
4277 ksec->obj = k; 4297 ksec->obj = k;
4278 ksec->sid = tsec->sid; 4298 if (tsec->keycreate_sid)
4299 ksec->sid = tsec->keycreate_sid;
4300 else
4301 ksec->sid = tsec->sid;
4279 k->security = ksec; 4302 k->security = ksec;
4280 4303
4281 return 0; 4304 return 0;
@@ -4514,10 +4537,10 @@ static __init int selinux_init(void)
4514 4537
4515#ifdef CONFIG_KEYS 4538#ifdef CONFIG_KEYS
4516 /* Add security information to initial keyrings */ 4539 /* Add security information to initial keyrings */
4517 security_key_alloc(&root_user_keyring, current, 4540 selinux_key_alloc(&root_user_keyring, current,
4518 KEY_ALLOC_NOT_IN_QUOTA); 4541 KEY_ALLOC_NOT_IN_QUOTA);
4519 security_key_alloc(&root_session_keyring, current, 4542 selinux_key_alloc(&root_session_keyring, current,
4520 KEY_ALLOC_NOT_IN_QUOTA); 4543 KEY_ALLOC_NOT_IN_QUOTA);
4521#endif 4544#endif
4522 4545
4523 return 0; 4546 return 0;
diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h
index bc020bde6c86..e777578ccd9d 100644
--- a/security/selinux/include/av_perm_to_string.h
+++ b/security/selinux/include/av_perm_to_string.h
@@ -72,6 +72,7 @@
72 S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem") 72 S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem")
73 S_(SECCLASS_PROCESS, PROCESS__EXECSTACK, "execstack") 73 S_(SECCLASS_PROCESS, PROCESS__EXECSTACK, "execstack")
74 S_(SECCLASS_PROCESS, PROCESS__EXECHEAP, "execheap") 74 S_(SECCLASS_PROCESS, PROCESS__EXECHEAP, "execheap")
75 S_(SECCLASS_PROCESS, PROCESS__SETKEYCREATE, "setkeycreate")
75 S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue") 76 S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue")
76 S_(SECCLASS_MSG, MSG__SEND, "send") 77 S_(SECCLASS_MSG, MSG__SEND, "send")
77 S_(SECCLASS_MSG, MSG__RECEIVE, "receive") 78 S_(SECCLASS_MSG, MSG__RECEIVE, "receive")
@@ -248,3 +249,4 @@
248 S_(SECCLASS_KEY, KEY__SEARCH, "search") 249 S_(SECCLASS_KEY, KEY__SEARCH, "search")
249 S_(SECCLASS_KEY, KEY__LINK, "link") 250 S_(SECCLASS_KEY, KEY__LINK, "link")
250 S_(SECCLASS_KEY, KEY__SETATTR, "setattr") 251 S_(SECCLASS_KEY, KEY__SETATTR, "setattr")
252 S_(SECCLASS_KEY, KEY__CREATE, "create")
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h
index 1205227a3a33..1e1678023b68 100644
--- a/security/selinux/include/av_permissions.h
+++ b/security/selinux/include/av_permissions.h
@@ -467,6 +467,7 @@
467#define PROCESS__EXECMEM 0x02000000UL 467#define PROCESS__EXECMEM 0x02000000UL
468#define PROCESS__EXECSTACK 0x04000000UL 468#define PROCESS__EXECSTACK 0x04000000UL
469#define PROCESS__EXECHEAP 0x08000000UL 469#define PROCESS__EXECHEAP 0x08000000UL
470#define PROCESS__SETKEYCREATE 0x10000000UL
470 471
471#define IPC__CREATE 0x00000001UL 472#define IPC__CREATE 0x00000001UL
472#define IPC__DESTROY 0x00000002UL 473#define IPC__DESTROY 0x00000002UL
@@ -966,4 +967,4 @@
966#define KEY__SEARCH 0x00000008UL 967#define KEY__SEARCH 0x00000008UL
967#define KEY__LINK 0x00000010UL 968#define KEY__LINK 0x00000010UL
968#define KEY__SETATTR 0x00000020UL 969#define KEY__SETATTR 0x00000020UL
969 970#define KEY__CREATE 0x00000040UL
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index 8f5547ad1856..191b3e4484ce 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -32,6 +32,7 @@ struct task_security_struct {
32 u32 sid; /* current SID */ 32 u32 sid; /* current SID */
33 u32 exec_sid; /* exec SID */ 33 u32 exec_sid; /* exec SID */
34 u32 create_sid; /* fscreate SID */ 34 u32 create_sid; /* fscreate SID */
35 u32 keycreate_sid; /* keycreate SID */
35 u32 ptrace_sid; /* SID of ptrace parent */ 36 u32 ptrace_sid; /* SID of ptrace parent */
36}; 37};
37 38