diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/keyctl.h | 1 | ||||
-rw-r--r-- | include/linux/security.h | 20 |
2 files changed, 20 insertions, 1 deletions
diff --git a/include/linux/keyctl.h b/include/linux/keyctl.h index 3365945640c9..656ee6b77a4a 100644 --- a/include/linux/keyctl.h +++ b/include/linux/keyctl.h | |||
@@ -49,5 +49,6 @@ | |||
49 | #define KEYCTL_SET_REQKEY_KEYRING 14 /* set default request-key keyring */ | 49 | #define KEYCTL_SET_REQKEY_KEYRING 14 /* set default request-key keyring */ |
50 | #define KEYCTL_SET_TIMEOUT 15 /* set key timeout */ | 50 | #define KEYCTL_SET_TIMEOUT 15 /* set key timeout */ |
51 | #define KEYCTL_ASSUME_AUTHORITY 16 /* assume request_key() authorisation */ | 51 | #define KEYCTL_ASSUME_AUTHORITY 16 /* assume request_key() authorisation */ |
52 | #define KEYCTL_GET_SECURITY 17 /* get key security label */ | ||
52 | 53 | ||
53 | #endif /* _LINUX_KEYCTL_H */ | 54 | #endif /* _LINUX_KEYCTL_H */ |
diff --git a/include/linux/security.h b/include/linux/security.h index 3ebcdd00b17d..adb09d893ae0 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -1009,6 +1009,17 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
1009 | * @perm describes the combination of permissions required of this key. | 1009 | * @perm describes the combination of permissions required of this key. |
1010 | * Return 1 if permission granted, 0 if permission denied and -ve it the | 1010 | * Return 1 if permission granted, 0 if permission denied and -ve it the |
1011 | * normal permissions model should be effected. | 1011 | * normal permissions model should be effected. |
1012 | * @key_getsecurity: | ||
1013 | * Get a textual representation of the security context attached to a key | ||
1014 | * for the purposes of honouring KEYCTL_GETSECURITY. This function | ||
1015 | * allocates the storage for the NUL-terminated string and the caller | ||
1016 | * should free it. | ||
1017 | * @key points to the key to be queried. | ||
1018 | * @_buffer points to a pointer that should be set to point to the | ||
1019 | * resulting string (if no label or an error occurs). | ||
1020 | * Return the length of the string (including terminating NUL) or -ve if | ||
1021 | * an error. | ||
1022 | * May also return 0 (and a NULL buffer pointer) if there is no label. | ||
1012 | * | 1023 | * |
1013 | * Security hooks affecting all System V IPC operations. | 1024 | * Security hooks affecting all System V IPC operations. |
1014 | * | 1025 | * |
@@ -1538,7 +1549,7 @@ struct security_operations { | |||
1538 | int (*key_permission) (key_ref_t key_ref, | 1549 | int (*key_permission) (key_ref_t key_ref, |
1539 | struct task_struct *context, | 1550 | struct task_struct *context, |
1540 | key_perm_t perm); | 1551 | key_perm_t perm); |
1541 | 1552 | int (*key_getsecurity)(struct key *key, char **_buffer); | |
1542 | #endif /* CONFIG_KEYS */ | 1553 | #endif /* CONFIG_KEYS */ |
1543 | 1554 | ||
1544 | #ifdef CONFIG_AUDIT | 1555 | #ifdef CONFIG_AUDIT |
@@ -2732,6 +2743,7 @@ int security_key_alloc(struct key *key, struct task_struct *tsk, unsigned long f | |||
2732 | void security_key_free(struct key *key); | 2743 | void security_key_free(struct key *key); |
2733 | int security_key_permission(key_ref_t key_ref, | 2744 | int security_key_permission(key_ref_t key_ref, |
2734 | struct task_struct *context, key_perm_t perm); | 2745 | struct task_struct *context, key_perm_t perm); |
2746 | int security_key_getsecurity(struct key *key, char **_buffer); | ||
2735 | 2747 | ||
2736 | #else | 2748 | #else |
2737 | 2749 | ||
@@ -2753,6 +2765,12 @@ static inline int security_key_permission(key_ref_t key_ref, | |||
2753 | return 0; | 2765 | return 0; |
2754 | } | 2766 | } |
2755 | 2767 | ||
2768 | static inline int security_key_getsecurity(struct key *key, char **_buffer) | ||
2769 | { | ||
2770 | *_buffer = NULL; | ||
2771 | return 0; | ||
2772 | } | ||
2773 | |||
2756 | #endif | 2774 | #endif |
2757 | #endif /* CONFIG_KEYS */ | 2775 | #endif /* CONFIG_KEYS */ |
2758 | 2776 | ||