From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754985AbbCYOmN (ORCPT ); Wed, 25 Mar 2015 10:42:13 -0400 Received: from smtp103.biz.mail.bf1.yahoo.com ([98.139.221.62]:20984 "EHLO smtp103.biz.mail.bf1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754964AbbCYOmJ (ORCPT ); Wed, 25 Mar 2015 10:42:09 -0400 X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: lM6kUY4VM1kJ1SOk0qe313uy4bzlU8sHW5.xbIIS3zatSn4 bYKdXM2I5P.XQtDvIsmSIYm22x.JjUDLfmn6Dtm8IFVtMDIBlvwT6nzWSKcz hKq2ig7hSfRSpWQdFarha3JLt2oYeclEnvh5meORUcaZjXcT7bWP7uYZd8_N VGA0_qraP5E3e3YarUg.GamRDl.n5Y0b9KPGIkPv9V_mpTgEkJcphrg.7AdU iEUdZ8WH57EOFQMY2d.sauOrHXzX4BCZdRyWScq.Yy4bipGHJSf8_0EytJAN fObuiinsCuOdjvGtly.7Fiz.gwwHYHoIcDpa8TaRNxYr18ii5ZZ5lUf07d.6 QVnIxpJKDgQTR76iDvq4L2N4KYbcydBexeCAXQBFg7tbLKKfX1KiXobtX1Xh 9ALt.wvR_Y2OFG3GnMtNl_ge9h0rl2KtQ4u.mLwiwcalOmpItlplIsN.unjc GTx92VW2T5fbH9t6GMOKjT9tyZXFNDBNMbCWR0LDAgsbaG.qAK_WAz4NUDP1 Dvwjo3JJy7TeHU0mumNcj3bYgcJVw_Z8J6BkQgf1FVChMEJ1_OdRyjDVh3tB k4KqX_WlGbaWNkiPpVB6_ESLnMch75pPrf.uyAjhtZFlPoyUlJzUEStOP3d0 HZgA1O33TrejW X-Yahoo-SMTP: OIJXglSswBDfgLtXluJ6wiAYv6_cnw-- Message-ID: <5512C93E.2010906@schaufler-ca.com> Date: Wed, 25 Mar 2015 07:42:06 -0700 From: Casey Schaufler User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: =?UTF-8?B?Sm9zw6kgQm9sbG8=?= , James Morris , "Serge E. Hallyn" , linux-security-module , linux-kernel Subject: Re: [PATCH] Smack: getting the Smack security context of keys References: <1424184082.12824.10.camel@open.eurogiciel.org> In-Reply-To: <1424184082.12824.10.camel@open.eurogiciel.org> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2/17/2015 6:41 AM, José Bollo wrote: > With this commit, the LSM Smack implements the LSM > side part of the system call keyctl with the action > code KEYCTL_GET_SECURITY. > > It is now possible to get the context of, for example, > the user session key using the command "keyctl security @s". > > Signed-off-by: José Bollo Applied to git://git.gitorious.org/smack-next/kernel.git#smack-for-4.1 > --- > security/smack/smack_lsm.c | 30 ++++++++++++++++++++++++++++++ > 1 file changed, 30 insertions(+) > > diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c > index fa64740..c1ff996 100644 > --- a/security/smack/smack_lsm.c > +++ b/security/smack/smack_lsm.c > @@ -3208,6 +3208,35 @@ static int smack_key_permission(key_ref_t > key_ref, > return smk_access(tsp, keyp->security, > MAY_READWRITE, &ad); > } > + > +/* > + * smack_key_getsecurity - Smack label tagging the key > + * @key points to the key to be queried > + * @_buffer points to a pointer that should be set to point to the > + * resulting string (if no label or an error occurs). > + * Return the length of the string (including terminating NUL) or -ve > if > + * an error. > + * May also return 0 (and a NULL buffer pointer) if there is no label. > + */ > +static int smack_key_getsecurity(struct key *key, char **_buffer) > +{ > + int length; > + char *copy; > + > + if (key->security == NULL) { > + *_buffer = NULL; > + return 0; > + } > + > + length = (int)strlen(key->security) + 1; > + copy = kmalloc((size_t)length, GFP_KERNEL); > + if (copy == NULL) > + return -ENOMEM; > + > + memcpy(copy, key->security, (size_t)length); > + *_buffer = copy; > + return length; > +} > #endif /* CONFIG_KEYS */ > > /* > @@ -3514,6 +3543,7 @@ struct security_operations smack_ops = { > .key_alloc = smack_key_alloc, > .key_free = smack_key_free, > .key_permission = smack_key_permission, > + .key_getsecurity = smack_key_getsecurity, > #endif /* CONFIG_KEYS */ > > /* Audit hooks */