diff options
| author | José Bollo <jose.bollo@open.eurogiciel.org> | 2015-02-17 09:41:22 -0500 |
|---|---|---|
| committer | Casey Schaufler <casey@schaufler-ca.com> | 2015-03-23 16:19:47 -0400 |
| commit | 7fc5f36e980a8f4830efdae3858f6e64eee538b7 (patch) | |
| tree | 5d3eeefafa8aa7c07a47c08287411d00a9f9b4a7 /security | |
| parent | 7412301b76bd53ee53b860f611fc3b5b1c2245b5 (diff) | |
Smack: getting the Smack security context of keys
With this commit, the LSM Smack implements the LSM
side part of the system call keyctl with the action
code KEYCTL_GET_SECURITY.
It is now possible to get the context of, for example,
the user session key using the command "keyctl security @s".
The original patch has been modified for merge.
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security')
| -rw-r--r-- | security/smack/smack_lsm.c | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index a097dc7d4669..e2d1a7b073c0 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
| @@ -4000,6 +4000,36 @@ static int smack_key_permission(key_ref_t key_ref, | |||
| 4000 | rc = smk_bu_note("key access", tkp, keyp->security, request, rc); | 4000 | rc = smk_bu_note("key access", tkp, keyp->security, request, rc); |
| 4001 | return rc; | 4001 | return rc; |
| 4002 | } | 4002 | } |
| 4003 | |||
| 4004 | /* | ||
| 4005 | * smack_key_getsecurity - Smack label tagging the key | ||
| 4006 | * @key points to the key to be queried | ||
| 4007 | * @_buffer points to a pointer that should be set to point to the | ||
| 4008 | * resulting string (if no label or an error occurs). | ||
| 4009 | * Return the length of the string (including terminating NUL) or -ve if | ||
| 4010 | * an error. | ||
| 4011 | * May also return 0 (and a NULL buffer pointer) if there is no label. | ||
| 4012 | */ | ||
| 4013 | static int smack_key_getsecurity(struct key *key, char **_buffer) | ||
| 4014 | { | ||
| 4015 | struct smack_known *skp = key->security; | ||
| 4016 | size_t length; | ||
| 4017 | char *copy; | ||
| 4018 | |||
| 4019 | if (key->security == NULL) { | ||
| 4020 | *_buffer = NULL; | ||
| 4021 | return 0; | ||
| 4022 | } | ||
| 4023 | |||
| 4024 | copy = kstrdup(skp->smk_known, GFP_KERNEL); | ||
| 4025 | if (copy == NULL) | ||
| 4026 | return -ENOMEM; | ||
| 4027 | length = strlen(copy) + 1; | ||
| 4028 | |||
| 4029 | *_buffer = copy; | ||
| 4030 | return length; | ||
| 4031 | } | ||
| 4032 | |||
| 4003 | #endif /* CONFIG_KEYS */ | 4033 | #endif /* CONFIG_KEYS */ |
| 4004 | 4034 | ||
| 4005 | /* | 4035 | /* |
| @@ -4324,6 +4354,7 @@ struct security_operations smack_ops = { | |||
| 4324 | .key_alloc = smack_key_alloc, | 4354 | .key_alloc = smack_key_alloc, |
| 4325 | .key_free = smack_key_free, | 4355 | .key_free = smack_key_free, |
| 4326 | .key_permission = smack_key_permission, | 4356 | .key_permission = smack_key_permission, |
| 4357 | .key_getsecurity = smack_key_getsecurity, | ||
| 4327 | #endif /* CONFIG_KEYS */ | 4358 | #endif /* CONFIG_KEYS */ |
| 4328 | 4359 | ||
| 4329 | /* Audit hooks */ | 4360 | /* Audit hooks */ |