tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'keys-20140314' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs into next
+59
-52
+11
include/linux/key.h
+11
include/linux/key.h
···
309
309
310
310
extern void key_set_timeout(struct key *, unsigned);
311
311
312
+
/*
313
+
* The permissions required on a key that we're looking up.
314
+
*/
315
+
#define KEY_NEED_VIEW 0x01 /* Require permission to view attributes */
316
+
#define KEY_NEED_READ 0x02 /* Require permission to read content */
317
+
#define KEY_NEED_WRITE 0x04 /* Require permission to update / modify */
318
+
#define KEY_NEED_SEARCH 0x08 /* Require permission to search (keyring) or find (key) */
319
+
#define KEY_NEED_LINK 0x10 /* Require permission to link */
320
+
#define KEY_NEED_SETATTR 0x20 /* Require permission to change attributes */
321
+
#define KEY_NEED_ALL 0x3f /* All the above permissions */
322
+
312
323
/**
313
324
* key_is_instantiated - Determine if a key has been positively instantiated
314
325
* @key: The key to check.
+3
-3
include/linux/security.h
+3
-3
include/linux/security.h
···
1708
1708
void (*key_free) (struct key *key);
1709
1709
int (*key_permission) (key_ref_t key_ref,
1710
1710
const struct cred *cred,
1711
-
key_perm_t perm);
1711
+
unsigned perm);
1712
1712
int (*key_getsecurity)(struct key *key, char **_buffer);
1713
1713
#endif /* CONFIG_KEYS */
1714
1714
···
3030
3030
int security_key_alloc(struct key *key, const struct cred *cred, unsigned long flags);
3031
3031
void security_key_free(struct key *key);
3032
3032
int security_key_permission(key_ref_t key_ref,
3033
-
const struct cred *cred, key_perm_t perm);
3033
+
const struct cred *cred, unsigned perm);
3034
3034
int security_key_getsecurity(struct key *key, char **_buffer);
3035
3035
3036
3036
#else
···
3048
3048
3049
3049
static inline int security_key_permission(key_ref_t key_ref,
3050
3050
const struct cred *cred,
3051
-
key_perm_t perm)
3051
+
unsigned perm)
3052
3052
{
3053
3053
return 0;
3054
3054
}
+1
-1
security/capability.c
+1
-1
security/capability.c
+1
-10
security/keys/internal.h
+1
-10
security/keys/internal.h
···
176
176
/*
177
177
* Check to see whether permission is granted to use a key in the desired way.
178
178
*/
179
-
static inline int key_permission(const key_ref_t key_ref, key_perm_t perm)
179
+
static inline int key_permission(const key_ref_t key_ref, unsigned perm)
180
180
{
181
181
return key_task_permission(key_ref, current_cred(), perm);
182
182
}
183
-
184
-
/* required permissions */
185
-
#define KEY_VIEW 0x01 /* require permission to view attributes */
186
-
#define KEY_READ 0x02 /* require permission to read content */
187
-
#define KEY_WRITE 0x04 /* require permission to update / modify */
188
-
#define KEY_SEARCH 0x08 /* require permission to search (keyring) or find (key) */
189
-
#define KEY_LINK 0x10 /* require permission to link */
190
-
#define KEY_SETATTR 0x20 /* require permission to change attributes */
191
-
#define KEY_ALL 0x3f /* all the above permissions */
192
183
193
184
/*
194
185
* Authorisation record for request_key().
+3
-3
security/keys/key.c
+3
-3
security/keys/key.c
···
714
714
int ret;
715
715
716
716
/* need write permission on the key to update it */
717
-
ret = key_permission(key_ref, KEY_WRITE);
717
+
ret = key_permission(key_ref, KEY_NEED_WRITE);
718
718
if (ret < 0)
719
719
goto error;
720
720
···
838
838
839
839
/* if we're going to allocate a new key, we're going to have
840
840
* to modify the keyring */
841
-
ret = key_permission(keyring_ref, KEY_WRITE);
841
+
ret = key_permission(keyring_ref, KEY_NEED_WRITE);
842
842
if (ret < 0) {
843
843
key_ref = ERR_PTR(ret);
844
844
goto error_link_end;
···
928
928
key_check(key);
929
929
930
930
/* the key must be writable */
931
-
ret = key_permission(key_ref, KEY_WRITE);
931
+
ret = key_permission(key_ref, KEY_NEED_WRITE);
932
932
if (ret < 0)
933
933
goto error;
934
934
+22
-22
security/keys/keyctl.c
+22
-22
security/keys/keyctl.c
···
111
111
}
112
112
113
113
/* find the target keyring (which must be writable) */
114
-
keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE);
114
+
keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE);
115
115
if (IS_ERR(keyring_ref)) {
116
116
ret = PTR_ERR(keyring_ref);
117
117
goto error3;
···
195
195
dest_ref = NULL;
196
196
if (destringid) {
197
197
dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE,
198
-
KEY_WRITE);
198
+
KEY_NEED_WRITE);
199
199
if (IS_ERR(dest_ref)) {
200
200
ret = PTR_ERR(dest_ref);
201
201
goto error3;
···
253
253
long ret;
254
254
255
255
lflags = create ? KEY_LOOKUP_CREATE : 0;
256
-
key_ref = lookup_user_key(id, lflags, KEY_SEARCH);
256
+
key_ref = lookup_user_key(id, lflags, KEY_NEED_SEARCH);
257
257
if (IS_ERR(key_ref)) {
258
258
ret = PTR_ERR(key_ref);
259
259
goto error;
···
334
334
}
335
335
336
336
/* find the target key (which must be writable) */
337
-
key_ref = lookup_user_key(id, 0, KEY_WRITE);
337
+
key_ref = lookup_user_key(id, 0, KEY_NEED_WRITE);
338
338
if (IS_ERR(key_ref)) {
339
339
ret = PTR_ERR(key_ref);
340
340
goto error2;
···
365
365
key_ref_t key_ref;
366
366
long ret;
367
367
368
-
key_ref = lookup_user_key(id, 0, KEY_WRITE);
368
+
key_ref = lookup_user_key(id, 0, KEY_NEED_WRITE);
369
369
if (IS_ERR(key_ref)) {
370
370
ret = PTR_ERR(key_ref);
371
371
if (ret != -EACCES)
372
372
goto error;
373
-
key_ref = lookup_user_key(id, 0, KEY_SETATTR);
373
+
key_ref = lookup_user_key(id, 0, KEY_NEED_SETATTR);
374
374
if (IS_ERR(key_ref)) {
375
375
ret = PTR_ERR(key_ref);
376
376
goto error;
···
401
401
402
402
kenter("%d", id);
403
403
404
-
key_ref = lookup_user_key(id, 0, KEY_SEARCH);
404
+
key_ref = lookup_user_key(id, 0, KEY_NEED_SEARCH);
405
405
if (IS_ERR(key_ref)) {
406
406
ret = PTR_ERR(key_ref);
407
407
goto error;
···
428
428
key_ref_t keyring_ref;
429
429
long ret;
430
430
431
-
keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE);
431
+
keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE);
432
432
if (IS_ERR(keyring_ref)) {
433
433
ret = PTR_ERR(keyring_ref);
434
434
···
470
470
key_ref_t keyring_ref, key_ref;
471
471
long ret;
472
472
473
-
keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE);
473
+
keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE);
474
474
if (IS_ERR(keyring_ref)) {
475
475
ret = PTR_ERR(keyring_ref);
476
476
goto error;
477
477
}
478
478
479
-
key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE, KEY_LINK);
479
+
key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE, KEY_NEED_LINK);
480
480
if (IS_ERR(key_ref)) {
481
481
ret = PTR_ERR(key_ref);
482
482
goto error2;
···
505
505
key_ref_t keyring_ref, key_ref;
506
506
long ret;
507
507
508
-
keyring_ref = lookup_user_key(ringid, 0, KEY_WRITE);
508
+
keyring_ref = lookup_user_key(ringid, 0, KEY_NEED_WRITE);
509
509
if (IS_ERR(keyring_ref)) {
510
510
ret = PTR_ERR(keyring_ref);
511
511
goto error;
···
548
548
char *tmpbuf;
549
549
long ret;
550
550
551
-
key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_VIEW);
551
+
key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_NEED_VIEW);
552
552
if (IS_ERR(key_ref)) {
553
553
/* viewing a key under construction is permitted if we have the
554
554
* authorisation token handy */
···
639
639
}
640
640
641
641
/* get the keyring at which to begin the search */
642
-
keyring_ref = lookup_user_key(ringid, 0, KEY_SEARCH);
642
+
keyring_ref = lookup_user_key(ringid, 0, KEY_NEED_SEARCH);
643
643
if (IS_ERR(keyring_ref)) {
644
644
ret = PTR_ERR(keyring_ref);
645
645
goto error2;
···
649
649
dest_ref = NULL;
650
650
if (destringid) {
651
651
dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE,
652
-
KEY_WRITE);
652
+
KEY_NEED_WRITE);
653
653
if (IS_ERR(dest_ref)) {
654
654
ret = PTR_ERR(dest_ref);
655
655
goto error3;
···
676
676
677
677
/* link the resulting key to the destination keyring if we can */
678
678
if (dest_ref) {
679
-
ret = key_permission(key_ref, KEY_LINK);
679
+
ret = key_permission(key_ref, KEY_NEED_LINK);
680
680
if (ret < 0)
681
681
goto error6;
682
682
···
727
727
key = key_ref_to_ptr(key_ref);
728
728
729
729
/* see if we can read it directly */
730
-
ret = key_permission(key_ref, KEY_READ);
730
+
ret = key_permission(key_ref, KEY_NEED_READ);
731
731
if (ret == 0)
732
732
goto can_read_key;
733
733
if (ret != -EACCES)
···
799
799
goto error;
800
800
801
801
key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL,
802
-
KEY_SETATTR);
802
+
KEY_NEED_SETATTR);
803
803
if (IS_ERR(key_ref)) {
804
804
ret = PTR_ERR(key_ref);
805
805
goto error;
···
905
905
goto error;
906
906
907
907
key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL,
908
-
KEY_SETATTR);
908
+
KEY_NEED_SETATTR);
909
909
if (IS_ERR(key_ref)) {
910
910
ret = PTR_ERR(key_ref);
911
911
goto error;
···
947
947
948
948
/* if a specific keyring is nominated by ID, then use that */
949
949
if (ringid > 0) {
950
-
dkref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE);
950
+
dkref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE);
951
951
if (IS_ERR(dkref))
952
952
return PTR_ERR(dkref);
953
953
*_dest_keyring = key_ref_to_ptr(dkref);
···
1315
1315
long ret;
1316
1316
1317
1317
key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL,
1318
-
KEY_SETATTR);
1318
+
KEY_NEED_SETATTR);
1319
1319
if (IS_ERR(key_ref)) {
1320
1320
/* setting the timeout on a key under construction is permitted
1321
1321
* if we have the authorisation token handy */
···
1418
1418
char *context;
1419
1419
long ret;
1420
1420
1421
-
key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_VIEW);
1421
+
key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_NEED_VIEW);
1422
1422
if (IS_ERR(key_ref)) {
1423
1423
if (PTR_ERR(key_ref) != -EACCES)
1424
1424
return PTR_ERR(key_ref);
···
1482
1482
struct cred *cred;
1483
1483
int ret;
1484
1484
1485
-
keyring_r = lookup_user_key(KEY_SPEC_SESSION_KEYRING, 0, KEY_LINK);
1485
+
keyring_r = lookup_user_key(KEY_SPEC_SESSION_KEYRING, 0, KEY_NEED_LINK);
1486
1486
if (IS_ERR(keyring_r))
1487
1487
return PTR_ERR(keyring_r);
1488
1488
+4
-4
security/keys/keyring.c
+4
-4
security/keys/keyring.c
···
541
541
/* key must have search permissions */
542
542
if (!(ctx->flags & KEYRING_SEARCH_NO_CHECK_PERM) &&
543
543
key_task_permission(make_key_ref(key, ctx->possessed),
544
-
ctx->cred, KEY_SEARCH) < 0) {
544
+
ctx->cred, KEY_NEED_SEARCH) < 0) {
545
545
ctx->result = ERR_PTR(-EACCES);
546
546
kleave(" = %d [!perm]", ctx->skipped_ret);
547
547
goto skipped;
···
721
721
/* Search a nested keyring */
722
722
if (!(ctx->flags & KEYRING_SEARCH_NO_CHECK_PERM) &&
723
723
key_task_permission(make_key_ref(key, ctx->possessed),
724
-
ctx->cred, KEY_SEARCH) < 0)
724
+
ctx->cred, KEY_NEED_SEARCH) < 0)
725
725
continue;
726
726
727
727
/* stack the current position */
···
843
843
return ERR_PTR(-ENOTDIR);
844
844
845
845
if (!(ctx->flags & KEYRING_SEARCH_NO_CHECK_PERM)) {
846
-
err = key_task_permission(keyring_ref, ctx->cred, KEY_SEARCH);
846
+
err = key_task_permission(keyring_ref, ctx->cred, KEY_NEED_SEARCH);
847
847
if (err < 0)
848
848
return ERR_PTR(err);
849
849
}
···
973
973
974
974
if (!skip_perm_check &&
975
975
key_permission(make_key_ref(keyring, 0),
976
-
KEY_SEARCH) < 0)
976
+
KEY_NEED_SEARCH) < 0)
977
977
continue;
978
978
979
979
/* we've got a match but we might end up racing with
+2
-2
security/keys/permission.c
+2
-2
security/keys/permission.c
···
28
28
* permissions bits or the LSM check.
29
29
*/
30
30
int key_task_permission(const key_ref_t key_ref, const struct cred *cred,
31
-
key_perm_t perm)
31
+
unsigned perm)
32
32
{
33
33
struct key *key;
34
34
key_perm_t kperm;
···
68
68
if (is_key_possessed(key_ref))
69
69
kperm |= key->perm >> 24;
70
70
71
-
kperm = kperm & perm & KEY_ALL;
71
+
kperm = kperm & perm & KEY_NEED_ALL;
72
72
73
73
if (kperm != perm)
74
74
return -EACCES;
+2
-2
security/keys/persistent.c
+2
-2
security/keys/persistent.c
···
108
108
return PTR_ERR(persistent_ref);
109
109
110
110
found:
111
-
ret = key_task_permission(persistent_ref, current_cred(), KEY_LINK);
111
+
ret = key_task_permission(persistent_ref, current_cred(), KEY_NEED_LINK);
112
112
if (ret == 0) {
113
113
persistent = key_ref_to_ptr(persistent_ref);
114
114
ret = key_link(key_ref_to_ptr(dest_ref), persistent);
···
151
151
}
152
152
153
153
/* There must be a destination keyring */
154
-
dest_ref = lookup_user_key(destid, KEY_LOOKUP_CREATE, KEY_WRITE);
154
+
dest_ref = lookup_user_key(destid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE);
155
155
if (IS_ERR(dest_ref))
156
156
return PTR_ERR(dest_ref);
157
157
if (key_ref_to_ptr(dest_ref)->type != &key_type_keyring) {
+1
-1
security/keys/proc.c
+1
-1
security/keys/proc.c
···
218
218
* - the caller holds a spinlock, and thus the RCU read lock, making our
219
219
* access to __current_cred() safe
220
220
*/
221
-
rc = key_task_permission(key_ref, ctx.cred, KEY_VIEW);
221
+
rc = key_task_permission(key_ref, ctx.cred, KEY_NEED_VIEW);
222
222
if (rc < 0)
223
223
return 0;
224
224
+1
-1
security/security.c
+1
-1
security/security.c
+1
-1
security/selinux/hooks.c
+1
-1
security/selinux/hooks.c
+7
-2
security/smack/smack_lsm.c
+7
-2
security/smack/smack_lsm.c
···
3506
3506
* an error code otherwise
3507
3507
*/
3508
3508
static int smack_key_permission(key_ref_t key_ref,
3509
-
const struct cred *cred, key_perm_t perm)
3509
+
const struct cred *cred, unsigned perm)
3510
3510
{
3511
3511
struct key *keyp;
3512
3512
struct smk_audit_info ad;
3513
3513
struct smack_known *tkp = smk_of_task(cred->security);
3514
+
int request = 0;
3514
3515
3515
3516
keyp = key_ref_to_ptr(key_ref);
3516
3517
if (keyp == NULL)
···
3532
3531
ad.a.u.key_struct.key = keyp->serial;
3533
3532
ad.a.u.key_struct.key_desc = keyp->description;
3534
3533
#endif
3535
-
return smk_access(tkp, keyp->security, MAY_READWRITE, &ad);
3534
+
if (perm & KEY_NEED_READ)
3535
+
request = MAY_READ;
3536
+
if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR))
3537
+
request = MAY_WRITE;
3538
+
return smk_access(tkp, keyp->security, request, &ad);
3536
3539
}
3537
3540
#endif /* CONFIG_KEYS */
3538
3541