• David Howells's avatar
    [PATCH] Keys: Add LSM hooks for key management [try #3] · 29db9190
    David Howells authored
    The attached patch adds LSM hooks for key management facilities. The notable
    changes are:
    
     (1) The key struct now supports a security pointer for the use of security
         modules. This will permit key labelling and restrictions on which
         programs may access a key.
    
     (2) Security modules get a chance to note (or abort) the allocation of a key.
    
     (3) The key permission checking can now be enhanced by the security modules;
         the permissions check consults LSM if all other checks bear out.
    
     (4) The key permissions checking functions now return an error code rather
         than a boolean value.
    
     (5) An extra permission has been added to govern the modification of
         attributes (UID, GID, permissions).
    
    Note that there isn't an LSM hook specifically for each keyctl() operation,
    but rather the permissions hook allows control of individual operations based
    on the permission request bits.
    
    Key management access control through LSM is enabled by automatically if both
    CONFIG_KEYS and CONFIG_SECURITY are enabled.
    
    This should be applied on top of the patch ensubjected:
    
    	[PATCH] Keys: Possessor permissions should be additive
    Signed-Off-By: default avatarDavid Howells <dhowells@redhat.com>
    Signed-off-by: default avatarChris Wright <chrisw@osdl.org>
    Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
    29db9190
key.c 24.7 KB