1 files changed, 19 insertions, 1 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 3ebcdd00b17d..adb09d893ae0 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1009,6 +1009,17 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
 *      @perm describes the combination of permissions required of this key.
 *      Return 1 if permission granted, 0 if permission denied and -ve it the
 *      normal permissions model should be effected.
+ * @key_getsecurity:
+ *      Get a textual representation of the security context attached to a key
+ *      for the purposes of honouring KEYCTL_GETSECURITY.  This function
+ *      allocates the storage for the NUL-terminated string and the caller
+ *      should free it.
+ *      @key points to the key to be queried.
+ *      @_buffer points to a pointer that should be set to point to the
+ *       resulting string (if no label or an error occurs).
+ *      Return the length of the string (including terminating NUL) or -ve if
+ *      an error.
+ *      May also return 0 (and a NULL buffer pointer) if there is no label.
 *
 * Security hooks affecting all System V IPC operations.
 *
@@ -1538,7 +1549,7 @@ struct security_operations {
        int (*key_permission) (key_ref_t key_ref,
                               struct task_struct *context,
                               key_perm_t perm);
+        int (*key_getsecurity)(struct key *key, char **_buffer);
 #endif  /* CONFIG_KEYS */
 #ifdef CONFIG_AUDIT
@@ -2732,6 +2743,7 @@ int security_key_alloc(struct key *key, struct task_struct *tsk, unsigned long f
 void security_key_free(struct key *key);
 int security_key_permission(key_ref_t key_ref,
                            struct task_struct *context, key_perm_t perm);
+int security_key_getsecurity(struct key *key, char **_buffer);
 #else
@@ -2753,6 +2765,12 @@ static inline int security_key_permission(key_ref_t key_ref,
        return 0;
 }
+static inline int security_key_getsecurity(struct key *key, char **_buffer)
+{
+        *_buffer = NULL;
+        return 0;
+}
 #endif
 #endif /* CONFIG_KEYS */

diff --git a/include/linux/security.h b/include/linux/security.h index 3ebcdd00b17d..adb09d893ae0 100644 --- a/include/linux/security.h +++ b/include/linux/security.h
@@ -1009,6 +1009,17 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1009	* @perm describes the combination of permissions required of this key.	1009	* @perm describes the combination of permissions required of this key.
1010	* Return 1 if permission granted, 0 if permission denied and -ve it the	1010	* Return 1 if permission granted, 0 if permission denied and -ve it the
1011	* normal permissions model should be effected.	1011	* normal permissions model should be effected.
		1012	* @key_getsecurity:
		1013	* Get a textual representation of the security context attached to a key
		1014	* for the purposes of honouring KEYCTL_GETSECURITY. This function
		1015	* allocates the storage for the NUL-terminated string and the caller
		1016	* should free it.
		1017	* @key points to the key to be queried.
		1018	* @_buffer points to a pointer that should be set to point to the
		1019	* resulting string (if no label or an error occurs).
		1020	* Return the length of the string (including terminating NUL) or -ve if
		1021	* an error.
		1022	* May also return 0 (and a NULL buffer pointer) if there is no label.
1012	*	1023	*
1013	* Security hooks affecting all System V IPC operations.	1024	* Security hooks affecting all System V IPC operations.
1014	*	1025	*
@@ -1538,7 +1549,7 @@ struct security_operations {
1538	int (*key_permission) (key_ref_t key_ref,	1549	int (*key_permission) (key_ref_t key_ref,
1539	struct task_struct *context,	1550	struct task_struct *context,
1540	key_perm_t perm);	1551	key_perm_t perm);
1541		1552	int (key_getsecurity)(struct key key, char **_buffer);
1542	#endif /* CONFIG_KEYS */	1553	#endif /* CONFIG_KEYS */
1543		1554
1544	#ifdef CONFIG_AUDIT	1555	#ifdef CONFIG_AUDIT
@@ -2732,6 +2743,7 @@ int security_key_alloc(struct key key, struct task_struct tsk, unsigned long f
2732	void security_key_free(struct key *key);	2743	void security_key_free(struct key *key);
2733	int security_key_permission(key_ref_t key_ref,	2744	int security_key_permission(key_ref_t key_ref,
2734	struct task_struct *context, key_perm_t perm);	2745	struct task_struct *context, key_perm_t perm);
		2746	int security_key_getsecurity(struct key key, char *_buffer);
2735		2747
2736	#else	2748	#else
2737		2749
@@ -2753,6 +2765,12 @@ static inline int security_key_permission(key_ref_t key_ref,
2753	return 0;	2765	return 0;
2754	}	2766	}
2755		2767
		2768	static inline int security_key_getsecurity(struct key key, char *_buffer)
		2769	{
		2770	*_buffer = NULL;
		2771	return 0;
		2772	}
		2773
2756	#endif	2774	#endif
2757	#endif /* CONFIG_KEYS */	2775	#endif /* CONFIG_KEYS */
2758		2776