Smack: getting the Smack security context of keys
With this commit, the LSM Smack implements the LSM side part of the system call keyctl with the action code KEYCTL_GET_SECURITY. It is now possible to get the context of, for example, the user session key using the command "keyctl security @s". The original patch has been modified for merge. Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
This commit is contained in:
parent
7412301b76
commit
7fc5f36e98
|
@ -4000,6 +4000,36 @@ static int smack_key_permission(key_ref_t key_ref,
|
|||
rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
|
||||
return rc;
|
||||
}
|
||||
|
||||
/*
|
||||
* smack_key_getsecurity - Smack label tagging the key
|
||||
* @key points to the key to be queried
|
||||
* @_buffer points to a pointer that should be set to point to the
|
||||
* resulting string (if no label or an error occurs).
|
||||
* Return the length of the string (including terminating NUL) or -ve if
|
||||
* an error.
|
||||
* May also return 0 (and a NULL buffer pointer) if there is no label.
|
||||
*/
|
||||
static int smack_key_getsecurity(struct key *key, char **_buffer)
|
||||
{
|
||||
struct smack_known *skp = key->security;
|
||||
size_t length;
|
||||
char *copy;
|
||||
|
||||
if (key->security == NULL) {
|
||||
*_buffer = NULL;
|
||||
return 0;
|
||||
}
|
||||
|
||||
copy = kstrdup(skp->smk_known, GFP_KERNEL);
|
||||
if (copy == NULL)
|
||||
return -ENOMEM;
|
||||
length = strlen(copy) + 1;
|
||||
|
||||
*_buffer = copy;
|
||||
return length;
|
||||
}
|
||||
|
||||
#endif /* CONFIG_KEYS */
|
||||
|
||||
/*
|
||||
|
@ -4324,6 +4354,7 @@ struct security_operations smack_ops = {
|
|||
.key_alloc = smack_key_alloc,
|
||||
.key_free = smack_key_free,
|
||||
.key_permission = smack_key_permission,
|
||||
.key_getsecurity = smack_key_getsecurity,
|
||||
#endif /* CONFIG_KEYS */
|
||||
|
||||
/* Audit hooks */
|
||||
|
|
Loading…
Reference in New Issue