1 files changed, 39 insertions, 0 deletions
diff --git a/Documentation/keys.txt b/Documentation/keys.txt
index aaa01b0e3ee9..3bbe157b45e4 100644
--- a/Documentation/keys.txt
+++ b/Documentation/keys.txt
@@ -19,6 +19,7 @@ This document has the following sections:
        - Key overview
        - Key service overview
        - Key access permissions
+        - SELinux support
        - New procfs files
        - Userspace system call interface
        - Kernel services
@@ -232,6 +233,34 @@ For changing the ownership, group ID or permissions mask, being the owner of
 the key or having the sysadmin capability is sufficient.
+===============
+SELINUX SUPPORT
+===============
+The security class "key" has been added to SELinux so that mandatory access
+controls can be applied to keys created within various contexts.  This support
+is preliminary, and is likely to change quite significantly in the near future.
+Currently, all of the basic permissions explained above are provided in SELinux
+as well; SE Linux is simply invoked after all basic permission checks have been
+performed.
+Each key is labeled with the same context as the task to which it belongs.
+Typically, this is the same task that was running when the key was created.
+The default keyrings are handled differently, but in a way that is very
+intuitive:
+ (*) The user and user session keyrings that are created when the user logs in
+     are currently labeled with the context of the login manager.
+ (*) The keyrings associated with new threads are each labeled with the context
+     of their associated thread, and both session and process keyrings are
+     handled similarly.
+Note, however, that the default keyrings associated with the root user are
+labeled with the default kernel context, since they are created early in the
+boot process, before root has a chance to log in.
 ================
 NEW PROCFS FILES
 ================
@@ -935,6 +964,16 @@ The structure has a number of fields, some of which are mandatory:
     It is not safe to sleep in this method; the caller may hold spinlocks.
+ (*) void (*revoke)(struct key *key);
+     This method is optional.  It is called to discard part of the payload
+     data upon a key being revoked.  The caller will have the key semaphore
+     write-locked.
+     It is safe to sleep in this method, though care should be taken to avoid
+     a deadlock against the key semaphore.
 (*) void (*destroy)(struct key *key);
     This method is optional. It is called to discard the payload data on a key

diff --git a/Documentation/keys.txt b/Documentation/keys.txt index aaa01b0e3ee9..3bbe157b45e4 100644 --- a/Documentation/keys.txt +++ b/Documentation/keys.txt
@@ -19,6 +19,7 @@ This document has the following sections:
19	- Key overview	19	- Key overview
20	- Key service overview	20	- Key service overview
21	- Key access permissions	21	- Key access permissions
		22	- SELinux support
22	- New procfs files	23	- New procfs files
23	- Userspace system call interface	24	- Userspace system call interface
24	- Kernel services	25	- Kernel services
@@ -232,6 +233,34 @@ For changing the ownership, group ID or permissions mask, being the owner of
232	the key or having the sysadmin capability is sufficient.	233	the key or having the sysadmin capability is sufficient.
233		234
234		235
		236	===============
		237	SELINUX SUPPORT
		238	===============
		239
		240	The security class "key" has been added to SELinux so that mandatory access
		241	controls can be applied to keys created within various contexts. This support
		242	is preliminary, and is likely to change quite significantly in the near future.
		243	Currently, all of the basic permissions explained above are provided in SELinux
		244	as well; SE Linux is simply invoked after all basic permission checks have been
		245	performed.
		246
		247	Each key is labeled with the same context as the task to which it belongs.
		248	Typically, this is the same task that was running when the key was created.
		249	The default keyrings are handled differently, but in a way that is very
		250	intuitive:
		251
		252	(*) The user and user session keyrings that are created when the user logs in
		253	are currently labeled with the context of the login manager.
		254
		255	(*) The keyrings associated with new threads are each labeled with the context
		256	of their associated thread, and both session and process keyrings are
		257	handled similarly.
		258
		259	Note, however, that the default keyrings associated with the root user are
		260	labeled with the default kernel context, since they are created early in the
		261	boot process, before root has a chance to log in.
		262
		263
235	================	264	================
236	NEW PROCFS FILES	265	NEW PROCFS FILES
237	================	266	================
@@ -935,6 +964,16 @@ The structure has a number of fields, some of which are mandatory:
935	It is not safe to sleep in this method; the caller may hold spinlocks.	964	It is not safe to sleep in this method; the caller may hold spinlocks.
936		965
937		966
		967	() void (revoke)(struct key *key);
		968
		969	This method is optional. It is called to discard part of the payload
		970	data upon a key being revoked. The caller will have the key semaphore
		971	write-locked.
		972
		973	It is safe to sleep in this method, though care should be taken to avoid
		974	a deadlock against the key semaphore.
		975
		976
938	() void (destroy)(struct key *key);	977	() void (destroy)(struct key *key);
939		978
940	This method is optional. It is called to discard the payload data on a key	979	This method is optional. It is called to discard the payload data on a key