[PATCH] retrieving smack context of keys
From: José Bollo
Date: Tue Feb 10 2015 - 10:46:47 EST
PATCH for kernel 3.14.28
The LSM Smack isn't currently implementing the retrieval
of the contexts of the keys.
In other words, the LSM Samck doesn't implement the LSM side
part of the system call keyctl for the function KEYCTL_GET_SECURITY.
It is causing difficulties when trying to investigate reasons of some
system failures. For example, it is currently impossible to get the context
of the user session key using the command "keyctl security @s".
This patch (attached) is obvious, it simply implements the missing part of
the LSM Smack.
I tested and it works fine.
Best regards
Josà bollo
From af6307c38154b96f007bc2c3db01e192a69f9baf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@xxxxxxxxxxxxxxxxxxx>
Date: Sat, 15 Nov 2014 11:19:23 +0100
Subject: [PATCH] Smack: adding retrieval of key's context
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Change-Id: I140648f08dd8fd991be6a9b3a2e649a3677c1be5
Signed-off-by: Josà Bollo <jose.bollo@xxxxxxxxxxxxxxxxxxx>
---
security/smack/smack_lsm.c | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 47ed6a4..285d908 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -3657,6 +3657,35 @@ static int smack_key_permission(key_ref_t key_ref,
request = MAY_WRITE;
return smk_access(tkp, keyp->security, request, &ad);
}
+
+/*
+ * smack_key_getsecurity - Smack label tagging the key
+ * @key points to the key to be queried
+ * @_buffer points to a pointer that should be set to point to the
+ * resulting string (if no label or an error occurs).
+ * Return the length of the string (including terminating NUL) or -ve if
+ * an error.
+ * May also return 0 (and a NULL buffer pointer) if there is no label.
+ */
+static int smack_key_getsecurity(struct key *key, char **_buffer)
+{
+ int length;
+ char *copy;
+
+ if (key->security == NULL) {
+ *_buffer = NULL;
+ return 0;
+ }
+
+ length = (int)strlen(key->security) + 1;
+ copy = kmalloc((size_t)length, GFP_KERNEL);
+ if (copy == NULL)
+ return -ENOMEM;
+
+ memcpy(copy, key->security, (size_t)length);
+ *_buffer = copy;
+ return length;
+}
#endif /* CONFIG_KEYS */
/*
@@ -3971,6 +4000,7 @@ struct security_operations smack_ops = {
.key_alloc = smack_key_alloc,
.key_free = smack_key_free,
.key_permission = smack_key_permission,
+ .key_getsecurity = smack_key_getsecurity,
#endif /* CONFIG_KEYS */
/* Audit hooks */
--
2.1.2