[PATCH] Smack: getting the Smack security context of keys

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] Smack: getting the Smack security context of keys
@ 2015-02-17 14:41 José Bollo
  2015-03-25 14:42 ` Casey Schaufler
  0 siblings, 1 reply; 2+ messages in thread
From: José Bollo @ 2015-02-17 14:41 UTC (permalink / raw)
  To: Casey Schaufler, James Morris, Serge E. Hallyn,
	linux-security-module, linux-kernel

With this commit, the LSM Smack implements the LSM
side part of the system call keyctl with the action
code KEYCTL_GET_SECURITY.

It is now possible to get the context of, for example,
the user session key using the command "keyctl security @s".

Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
---
 security/smack/smack_lsm.c | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index fa64740..c1ff996 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -3208,6 +3208,35 @@ static int smack_key_permission(key_ref_t
key_ref,
        return smk_access(tsp, keyp->security,
                                 MAY_READWRITE, &ad);
 }
+
+/*
+ * smack_key_getsecurity - Smack label tagging the key
+ * @key points to the key to be queried
+ * @_buffer points to a pointer that should be set to point to the
+ * resulting string (if no label or an error occurs).
+ * Return the length of the string (including terminating NUL) or -ve
if
+ * an error.
+ * May also return 0 (and a NULL buffer pointer) if there is no label.
+ */
+static int smack_key_getsecurity(struct key *key, char **_buffer)
+{
+       int length;
+       char *copy;
+
+       if (key->security == NULL) {
+               *_buffer = NULL;
+               return 0;
+       }
+
+       length = (int)strlen(key->security) + 1;
+       copy = kmalloc((size_t)length, GFP_KERNEL);
+       if (copy == NULL)
+               return -ENOMEM;
+
+       memcpy(copy, key->security, (size_t)length);
+       *_buffer = copy;
+       return length;
+}
 #endif /* CONFIG_KEYS */
 
 /*
@@ -3514,6 +3543,7 @@ struct security_operations smack_ops = {
        .key_alloc =                    smack_key_alloc,
        .key_free =                     smack_key_free,
        .key_permission =               smack_key_permission,
+       .key_getsecurity =              smack_key_getsecurity,
 #endif /* CONFIG_KEYS */
 
  /* Audit hooks */
-- 
2.1.2



^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] Smack: getting the Smack security context of keys
  2015-02-17 14:41 [PATCH] Smack: getting the Smack security context of keys José Bollo
@ 2015-03-25 14:42 ` Casey Schaufler
  0 siblings, 0 replies; 2+ messages in thread
From: Casey Schaufler @ 2015-03-25 14:42 UTC (permalink / raw)
  To: José Bollo, James Morris, Serge E. Hallyn,
	linux-security-module, linux-kernel

On 2/17/2015 6:41 AM, José Bollo wrote:
> With this commit, the LSM Smack implements the LSM
> side part of the system call keyctl with the action
> code KEYCTL_GET_SECURITY.
>
> It is now possible to get the context of, for example,
> the user session key using the command "keyctl security @s".
>
> Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>

Applied to git://git.gitorious.org/smack-next/kernel.git#smack-for-4.1

> ---
>  security/smack/smack_lsm.c | 30 ++++++++++++++++++++++++++++++
>  1 file changed, 30 insertions(+)
>
> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> index fa64740..c1ff996 100644
> --- a/security/smack/smack_lsm.c
> +++ b/security/smack/smack_lsm.c
> @@ -3208,6 +3208,35 @@ static int smack_key_permission(key_ref_t
> key_ref,
>         return smk_access(tsp, keyp->security,
>                                  MAY_READWRITE, &ad);
>  }
> +
> +/*
> + * smack_key_getsecurity - Smack label tagging the key
> + * @key points to the key to be queried
> + * @_buffer points to a pointer that should be set to point to the
> + * resulting string (if no label or an error occurs).
> + * Return the length of the string (including terminating NUL) or -ve
> if
> + * an error.
> + * May also return 0 (and a NULL buffer pointer) if there is no label.
> + */
> +static int smack_key_getsecurity(struct key *key, char **_buffer)
> +{
> +       int length;
> +       char *copy;
> +
> +       if (key->security == NULL) {
> +               *_buffer = NULL;
> +               return 0;
> +       }
> +
> +       length = (int)strlen(key->security) + 1;
> +       copy = kmalloc((size_t)length, GFP_KERNEL);
> +       if (copy == NULL)
> +               return -ENOMEM;
> +
> +       memcpy(copy, key->security, (size_t)length);
> +       *_buffer = copy;
> +       return length;
> +}
>  #endif /* CONFIG_KEYS */
>  
>  /*
> @@ -3514,6 +3543,7 @@ struct security_operations smack_ops = {
>         .key_alloc =                    smack_key_alloc,
>         .key_free =                     smack_key_free,
>         .key_permission =               smack_key_permission,
> +       .key_getsecurity =              smack_key_getsecurity,
>  #endif /* CONFIG_KEYS */
>  
>   /* Audit hooks */


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2015-03-25 14:42 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-02-17 14:41 [PATCH] Smack: getting the Smack security context of keys José Bollo
2015-03-25 14:42 ` Casey Schaufler

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox