aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/linux/keyctl.h1
-rw-r--r--include/linux/security.h20
2 files changed, 20 insertions, 1 deletions
diff --git a/include/linux/keyctl.h b/include/linux/keyctl.h
index 3365945640c9..656ee6b77a4a 100644
--- a/include/linux/keyctl.h
+++ b/include/linux/keyctl.h
@@ -49,5 +49,6 @@
49#define KEYCTL_SET_REQKEY_KEYRING 14 /* set default request-key keyring */ 49#define KEYCTL_SET_REQKEY_KEYRING 14 /* set default request-key keyring */
50#define KEYCTL_SET_TIMEOUT 15 /* set key timeout */ 50#define KEYCTL_SET_TIMEOUT 15 /* set key timeout */
51#define KEYCTL_ASSUME_AUTHORITY 16 /* assume request_key() authorisation */ 51#define KEYCTL_ASSUME_AUTHORITY 16 /* assume request_key() authorisation */
52#define KEYCTL_GET_SECURITY 17 /* get key security label */
52 53
53#endif /* _LINUX_KEYCTL_H */ 54#endif /* _LINUX_KEYCTL_H */
diff --git a/include/linux/security.h b/include/linux/security.h
index 3ebcdd00b17d..adb09d893ae0 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1009,6 +1009,17 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1009 * @perm describes the combination of permissions required of this key. 1009 * @perm describes the combination of permissions required of this key.
1010 * Return 1 if permission granted, 0 if permission denied and -ve it the 1010 * Return 1 if permission granted, 0 if permission denied and -ve it the
1011 * normal permissions model should be effected. 1011 * normal permissions model should be effected.
1012 * @key_getsecurity:
1013 * Get a textual representation of the security context attached to a key
1014 * for the purposes of honouring KEYCTL_GETSECURITY. This function
1015 * allocates the storage for the NUL-terminated string and the caller
1016 * should free it.
1017 * @key points to the key to be queried.
1018 * @_buffer points to a pointer that should be set to point to the
1019 * resulting string (if no label or an error occurs).
1020 * Return the length of the string (including terminating NUL) or -ve if
1021 * an error.
1022 * May also return 0 (and a NULL buffer pointer) if there is no label.
1012 * 1023 *
1013 * Security hooks affecting all System V IPC operations. 1024 * Security hooks affecting all System V IPC operations.
1014 * 1025 *
@@ -1538,7 +1549,7 @@ struct security_operations {
1538 int (*key_permission) (key_ref_t key_ref, 1549 int (*key_permission) (key_ref_t key_ref,
1539 struct task_struct *context, 1550 struct task_struct *context,
1540 key_perm_t perm); 1551 key_perm_t perm);
1541 1552 int (*key_getsecurity)(struct key *key, char **_buffer);
1542#endif /* CONFIG_KEYS */ 1553#endif /* CONFIG_KEYS */
1543 1554
1544#ifdef CONFIG_AUDIT 1555#ifdef CONFIG_AUDIT
@@ -2732,6 +2743,7 @@ int security_key_alloc(struct key *key, struct task_struct *tsk, unsigned long f
2732void security_key_free(struct key *key); 2743void security_key_free(struct key *key);
2733int security_key_permission(key_ref_t key_ref, 2744int security_key_permission(key_ref_t key_ref,
2734 struct task_struct *context, key_perm_t perm); 2745 struct task_struct *context, key_perm_t perm);
2746int security_key_getsecurity(struct key *key, char **_buffer);
2735 2747
2736#else 2748#else
2737 2749
@@ -2753,6 +2765,12 @@ static inline int security_key_permission(key_ref_t key_ref,
2753 return 0; 2765 return 0;
2754} 2766}
2755 2767
2768static inline int security_key_getsecurity(struct key *key, char **_buffer)
2769{
2770 *_buffer = NULL;
2771 return 0;
2772}
2773
2756#endif 2774#endif
2757#endif /* CONFIG_KEYS */ 2775#endif /* CONFIG_KEYS */
2758 2776