[PATCH] selinux: add hooks for key subsystem Introduce SELinux hooks to support the access key retention subsystem within the kernel. Incorporate new flask headers from a modified version of the SELinux reference policy, with support for the new security class representing retained keys. Extend the "key_alloc" security hook with a task parameter representing the intended ownership context for the key being allocated. Attach security information to root's default keyrings within the SELinux initialization routine. Has passed David's testsuite. Signed-off-by: Michael LeMay <mdlemay@epoch.ncsc.mil> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org> Acked-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>

commit: d720024e94de4e8b7f10ee83c532926f3ad5d708 [log] [tgz]
author: Michael LeMay <mdlemay@epoch.ncsc.mil> Thu Jun 22 14:47:17 2006 -0700
committer: Linus Torvalds <torvalds@g5.osdl.org> Thu Jun 22 15:05:55 2006 -0700
tree: 8f21613c29a26bfbeb334cb0104b8b998b09fbdc
parent: f893afbe1262e27e91234506f72e17716190dd2f [diff] [blame]
diff --git a/security/selinux/include/flask.h b/security/selinux/include/flask.h
index a0eb9e2..95887ae 100644
--- a/security/selinux/include/flask.h
+++ b/security/selinux/include/flask.h

@@ -62,6 +62,7 @@
 #define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET           55
 #define SECCLASS_APPLETALK_SOCKET                        56
 #define SECCLASS_PACKET                                  57
+#define SECCLASS_KEY                                     58
 
 /*
  * Security identifier indices for initial entities
commit	d720024e94de4e8b7f10ee83c532926f3ad5d708	[log] [tgz]
author	Michael LeMay <mdlemay@epoch.ncsc.mil>	Thu Jun 22 14:47:17 2006 -0700
committer	Linus Torvalds <torvalds@g5.osdl.org>	Thu Jun 22 15:05:55 2006 -0700
tree	8f21613c29a26bfbeb334cb0104b8b998b09fbdc
parent	f893afbe1262e27e91234506f72e17716190dd2f [diff] [blame]