[RFC PATCH 25/30] keys: Allow to set key domain tag separately from the key type

From: <krzysztof.struczynski@huawei.com>
To: <linux-integrity@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
	<containers@lists.linux-foundation.org>,
	<linux-security-module@vger.kernel.org>
Cc: <zohar@linux.ibm.com>, <stefanb@linux.vnet.ibm.com>,
	<sunyuqiong1988@gmail.com>, <mkayaalp@cs.binghamton.edu>,
	<dmitry.kasatkin@gmail.com>, <serge@hallyn.com>,
	<jmorris@namei.org>, <christian@brauner.io>,
	<silviu.vlasceanu@huawei.com>, <roberto.sassu@huawei.com>,
	Krzysztof Struczynski <krzysztof.struczynski@huawei.com>
Subject: [RFC PATCH 25/30] keys: Allow to set key domain tag separately from the key type
Date: Tue, 18 Aug 2020 17:42:25 +0200	[thread overview]
Message-ID: <20200818154230.14016-16-krzysztof.struczynski@huawei.com> (raw)
In-Reply-To: <20200818154230.14016-1-krzysztof.struczynski@huawei.com>

From: Krzysztof Struczynski <krzysztof.struczynski@huawei.com>

Add KEY_ALLOC_DOMAIN_* flags so that the key domain tag can be
specified on the key creation. This is done to separate the
key domain setting from the key type.

If applied to the keyring, it will set the requested domain tag for
every key added to that keyring.

IMA uses the existing key_type_asymmetric for appraisal, but also has
to specify the key domain to bind appraisal key with the ima namespace.

Signed-off-by: Krzysztof Struczynski <krzysztof.struczynski@huawei.com>
---
 include/linux/key.h | 10 ++++++++++
 security/keys/key.c | 16 ++++++++++++++++
 2 files changed, 26 insertions(+)

diff --git a/include/linux/key.h b/include/linux/key.h
index 223ab9d76d15..47430cd7fbc6 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -272,6 +272,12 @@ struct key {
 	 * restriction.
 	 */
 	struct key_restriction *restrict_link;
+
+	/* This is set on a keyring to indicate that every key added to this
+	 * keyring should be tagged with a given key domain tag. It is ignored
+	 * for the non-keyring keys and can be overridden by the key-type flags.
+	 */
+	unsigned long key_alloc_domain;
 };
 
 extern struct key *key_alloc(struct key_type *type,
@@ -290,6 +296,10 @@ extern struct key *key_alloc(struct key_type *type,
 #define KEY_ALLOC_BYPASS_RESTRICTION	0x0008	/* Override the check on restricted keyrings */
 #define KEY_ALLOC_UID_KEYRING		0x0010	/* allocating a user or user session keyring */
 
+/* Only one domain can be set */
+#define KEY_ALLOC_DOMAIN_IMA		0x0100  /* add IMA domain tag, based on the "current" */
+#define KEY_ALLOC_DOMAIN_MASK		0xFF00
+
 extern void key_revoke(struct key *key);
 extern void key_invalidate(struct key *key);
 extern void key_put(struct key *key);
diff --git a/security/keys/key.c b/security/keys/key.c
index e282c6179b21..1b0183d33bbc 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -278,6 +278,19 @@ struct key *key_alloc(struct key_type *type, const char *desc,
 	if (!key)
 		goto no_memory_2;
 
+	if (flags & KEY_ALLOC_DOMAIN_MASK) {
+		/* set alloc domain for all keys added to this keyring */
+		if (type == &key_type_keyring)
+			key->key_alloc_domain = (flags & KEY_ALLOC_DOMAIN_MASK);
+
+		/* set domain tag if it's not predefined for the key type */
+		if ((!type->flags) && (flags & KEY_ALLOC_DOMAIN_IMA))
+			/* Set it to something meaningful after adding a key
+			 * domain to the ima namespace.
+			 */
+			key->index_key.domain_tag = NULL;
+	}
+
 	key->index_key.desc_len = desclen;
 	key->index_key.description = kmemdup(desc, desclen + 1, GFP_KERNEL);
 	if (!key->index_key.description)
@@ -925,6 +938,9 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
 			perm |= KEY_POS_WRITE;
 	}
 
+	if (keyring->key_alloc_domain)
+		flags |= keyring->key_alloc_domain;
+
 	/* allocate a new key */
 	key = key_alloc(index_key.type, index_key.description,
 			cred->fsuid, cred->fsgid, cred, perm, flags, NULL);
-- 
2.20.1

