diff options
author | José Bollo <jose.bollo@open.eurogiciel.org> | 2015-02-17 15:41:22 +0100 |
---|---|---|
committer | Casey Schaufler <casey@schaufler-ca.com> | 2015-03-23 21:19:47 +0100 |
commit | 7fc5f36e980a8f4830efdae3858f6e64eee538b7 (patch) | |
tree | 5d3eeefafa8aa7c07a47c08287411d00a9f9b4a7 /security | |
parent | Smack: Assign smack_known_web as default smk_in label for kernel thread's socket (diff) | |
download | linux-7fc5f36e980a8f4830efdae3858f6e64eee538b7.tar.xz linux-7fc5f36e980a8f4830efdae3858f6e64eee538b7.zip |
Smack: getting the Smack security context of keys
With this commit, the LSM Smack implements the LSM
side part of the system call keyctl with the action
code KEYCTL_GET_SECURITY.
It is now possible to get the context of, for example,
the user session key using the command "keyctl security @s".
The original patch has been modified for merge.
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/smack/smack_lsm.c | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index a097dc7d4669..e2d1a7b073c0 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4000,6 +4000,36 @@ static int smack_key_permission(key_ref_t key_ref, rc = smk_bu_note("key access", tkp, keyp->security, request, rc); return rc; } + +/* + * smack_key_getsecurity - Smack label tagging the key + * @key points to the key to be queried + * @_buffer points to a pointer that should be set to point to the + * resulting string (if no label or an error occurs). + * Return the length of the string (including terminating NUL) or -ve if + * an error. + * May also return 0 (and a NULL buffer pointer) if there is no label. + */ +static int smack_key_getsecurity(struct key *key, char **_buffer) +{ + struct smack_known *skp = key->security; + size_t length; + char *copy; + + if (key->security == NULL) { + *_buffer = NULL; + return 0; + } + + copy = kstrdup(skp->smk_known, GFP_KERNEL); + if (copy == NULL) + return -ENOMEM; + length = strlen(copy) + 1; + + *_buffer = copy; + return length; +} + #endif /* CONFIG_KEYS */ /* @@ -4324,6 +4354,7 @@ struct security_operations smack_ops = { .key_alloc = smack_key_alloc, .key_free = smack_key_free, .key_permission = smack_key_permission, + .key_getsecurity = smack_key_getsecurity, #endif /* CONFIG_KEYS */ /* Audit hooks */ |