Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7fc5f36e authored by José Bollo's avatar José Bollo Committed by Casey Schaufler
Browse files

Smack: getting the Smack security context of keys 



With this commit, the LSM Smack implements the LSM
side part of the system call keyctl with the action
code KEYCTL_GET_SECURITY.

It is now possible to get the context of, for example,
the user session key using the command "keyctl security @s".

The original patch has been modified for merge.

Signed-off-by: default avatarJosé Bollo <jose.bollo@open.eurogiciel.org>
Signed-off-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
parent 7412301b

security/smack/smack_lsm.c

+31 −0
Original line number Diff line number Diff line
@@ -4000,6 +4000,36 @@ static int smack_key_permission(key_ref_t key_ref, 
	rc = smk_bu_note("key access", tkp, keyp->security, request, rc);

	return rc;

}



/*

 * smack_key_getsecurity - Smack label tagging the key

 * @key points to the key to be queried

 * @_buffer points to a pointer that should be set to point to the

 * resulting string (if no label or an error occurs).

 * Return the length of the string (including terminating NUL) or -ve if

 * an error.

 * May also return 0 (and a NULL buffer pointer) if there is no label.

 */

static int smack_key_getsecurity(struct key *key, char **_buffer)

{

	struct smack_known *skp = key->security;

	size_t length;

	char *copy;



	if (key->security == NULL) {

		*_buffer = NULL;

		return 0;

	}



	copy = kstrdup(skp->smk_known, GFP_KERNEL);

	if (copy == NULL)

		return -ENOMEM;

	length = strlen(copy) + 1;



	*_buffer = copy;

	return length;

}



#endif /* CONFIG_KEYS */



/*
@@ -4324,6 +4354,7 @@ struct security_operations smack_ops = { 
	.key_alloc = 			smack_key_alloc,

	.key_free = 			smack_key_free,

	.key_permission = 		smack_key_permission,

	.key_getsecurity =		smack_key_getsecurity,

#endif /* CONFIG_KEYS */



 /* Audit hooks */