[PATCH] keys: add a way to store the appropriate context for newly-created keys

as well; SELinux is simply invoked after all basic permission checks have been

performed.

Each key is labeled with the same context as the task to which it belongs.

Typically, this is the same task that was running when the key was created.

The default keyrings are handled differently, but in a way that is very

intuitive:

 (*) The user and user session keyrings that are created when the user logs in

     are currently labeled with the context of the login manager.

 (*) The keyrings associated with new threads are each labeled with the context

     of their associated thread, and both session and process keyrings are

     handled similarly.

The value of the file /proc/self/attr/keycreate influences the labeling of

newly-created keys.  If the contents of that file correspond to an SELinux

security context, then the key will be assigned that context.  Otherwise, the

key will be assigned the current context of the task that invoked the key

creation request.  Tasks must be granted explicit permission to assign a

particular context to newly-created keys, using the "create" permission in the

key security class.

The default keyrings associated with users will be labeled with the default

context of the user if and only if the login programs have been instrumented to

properly initialize keycreate during the login process.  Otherwise, they will

be labeled with the context of the login program itself.

Note, however, that the default keyrings associated with the root user are

labeled with the default kernel context, since they are created early in the

boot process, before root has a chance to log in.

The keyrings associated with new threads are each labeled with the context of

their associated thread, and both session and process keyrings are handled

similarly.

================

NEW PROCFS FILES

	PROC_TGID_ATTR_PREV,

	PROC_TGID_ATTR_EXEC,

	PROC_TGID_ATTR_FSCREATE,

	PROC_TGID_ATTR_KEYCREATE,

#endif

#ifdef CONFIG_AUDITSYSCALL

	PROC_TGID_LOGINUID,

	PROC_TID_ATTR_PREV,

	PROC_TID_ATTR_EXEC,

	PROC_TID_ATTR_FSCREATE,

	PROC_TID_ATTR_KEYCREATE,

#endif

#ifdef CONFIG_AUDITSYSCALL

	PROC_TID_LOGINUID,

	E(PROC_TGID_ATTR_PREV,     "prev",     S_IFREG|S_IRUGO),

	E(PROC_TGID_ATTR_EXEC,     "exec",     S_IFREG|S_IRUGO|S_IWUGO),

	E(PROC_TGID_ATTR_FSCREATE, "fscreate", S_IFREG|S_IRUGO|S_IWUGO),

	E(PROC_TGID_ATTR_KEYCREATE, "keycreate", S_IFREG|S_IRUGO|S_IWUGO),

	{0,0,NULL,0}

};

static struct pid_entry tid_attr_stuff[] = {

	E(PROC_TID_ATTR_PREV,      "prev",     S_IFREG|S_IRUGO),

	E(PROC_TID_ATTR_EXEC,      "exec",     S_IFREG|S_IRUGO|S_IWUGO),

	E(PROC_TID_ATTR_FSCREATE,  "fscreate", S_IFREG|S_IRUGO|S_IWUGO),

	E(PROC_TID_ATTR_KEYCREATE, "keycreate", S_IFREG|S_IRUGO|S_IWUGO),

	{0,0,NULL,0}

};

#endif

		case PROC_TGID_ATTR_EXEC:

		case PROC_TID_ATTR_FSCREATE:

		case PROC_TGID_ATTR_FSCREATE:

		case PROC_TID_ATTR_KEYCREATE:

		case PROC_TGID_ATTR_KEYCREATE:

			inode->i_fop = &proc_pid_attr_operations;

			break;

#endif

			    FILESYSTEM__ASSOCIATE, &ad);

}

/* Check whether a task can create a key. */

static int may_create_key(u32 ksid,

			  struct task_struct *ctx)

{

	struct task_security_struct *tsec;

	tsec = ctx->security;

	return avc_has_perm(tsec->sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);

}

#define MAY_LINK   0

#define MAY_UNLINK 1

#define MAY_RMDIR  2

		sid = tsec->exec_sid;

	else if (!strcmp(name, "fscreate"))

		sid = tsec->create_sid;

	else if (!strcmp(name, "keycreate"))

		sid = tsec->keycreate_sid;

	else

		return -EINVAL;

		error = task_has_perm(current, p, PROCESS__SETEXEC);

	else if (!strcmp(name, "fscreate"))

		error = task_has_perm(current, p, PROCESS__SETFSCREATE);

	else if (!strcmp(name, "keycreate"))

		error = task_has_perm(current, p, PROCESS__SETKEYCREATE);

	else if (!strcmp(name, "current"))

		error = task_has_perm(current, p, PROCESS__SETCURRENT);

	else

		tsec->exec_sid = sid;

	else if (!strcmp(name, "fscreate"))

		tsec->create_sid = sid;

	else if (!strcmp(name, "current")) {

	else if (!strcmp(name, "keycreate")) {

		error = may_create_key(sid, p);

		if (error)

			return error;

		tsec->keycreate_sid = sid;

	} else if (!strcmp(name, "current")) {

		struct av_decision avd;

		if (sid == 0)

		return -ENOMEM;

	ksec->obj = k;

	if (tsec->keycreate_sid)

		ksec->sid = tsec->keycreate_sid;

	else

		ksec->sid = tsec->sid;

	k->security = ksec;

#ifdef CONFIG_KEYS

	/* Add security information to initial keyrings */

	security_key_alloc(&root_user_keyring, current,

	selinux_key_alloc(&root_user_keyring, current,

			  KEY_ALLOC_NOT_IN_QUOTA);

	security_key_alloc(&root_session_keyring, current,

	selinux_key_alloc(&root_session_keyring, current,

			  KEY_ALLOC_NOT_IN_QUOTA);

#endif

   S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem")

   S_(SECCLASS_PROCESS, PROCESS__EXECSTACK, "execstack")

   S_(SECCLASS_PROCESS, PROCESS__EXECHEAP, "execheap")

   S_(SECCLASS_PROCESS, PROCESS__SETKEYCREATE, "setkeycreate")

   S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue")

   S_(SECCLASS_MSG, MSG__SEND, "send")

   S_(SECCLASS_MSG, MSG__RECEIVE, "receive")

   S_(SECCLASS_KEY, KEY__SEARCH, "search")

   S_(SECCLASS_KEY, KEY__LINK, "link")

   S_(SECCLASS_KEY, KEY__SETATTR, "setattr")

   S_(SECCLASS_KEY, KEY__CREATE, "create")

#define PROCESS__EXECMEM                          0x02000000UL

#define PROCESS__EXECSTACK                        0x04000000UL

#define PROCESS__EXECHEAP                         0x08000000UL

#define PROCESS__SETKEYCREATE                     0x10000000UL

#define IPC__CREATE                               0x00000001UL

#define IPC__DESTROY                              0x00000002UL

#define KEY__SEARCH                               0x00000008UL

#define KEY__LINK                                 0x00000010UL

#define KEY__SETATTR                              0x00000020UL

#define KEY__CREATE                               0x00000040UL