projects / platform / kernel / linux-stable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 06cbf6c)
BACKPORT: KEYS: Move the flags representing required permission to linux/key.h
authorDavid Howells <dhowells@redhat.com>
Fri, 14 Mar 2014 17:44:49 +0000 (17:44 +0000)
committerRafal Krypa <r.krypa@samsung.com>
Thu, 30 Jun 2016 12:57:32 +0000 (14:57 +0200)
Move the flags representing required permission to linux/key.h as the perm
parameter of security_key_permission() is in terms of them - and not the
permissions mask flags used in key->perm.

Whilst we're at it:

 (1) Rename them to be KEY_NEED_xxx rather than KEY_xxx to avoid collisions
     with symbols in uapi/linux/input.h.

 (2) Don't use key_perm_t for a mask of required permissions, but rather limit
     it to the permissions mask attached to the key and arguments related
     directly to that.

Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
(cherry-picked from upstream f5895943d91b41b0368830cdb6eaffb8eda0f4c8)

12 files changed:
include/linux/key.h patch | blob | history
include/linux/security.h patch | blob | history
security/capability.c patch | blob | history
security/keys/internal.h patch | blob | history
security/keys/key.c patch | blob | history
security/keys/keyctl.c patch | blob | history
security/keys/keyring.c patch | blob | history
security/keys/permission.c patch | blob | history
security/keys/proc.c patch | blob | history
security/security.c patch | blob | history
security/selinux/hooks.c patch | blob | history
security/smack/smack_lsm.c patch | blob | history

diff --git a/include/linux/key.h b/include/linux/key.h
index 96933b1e5d24eeee3dde80b5336b0053a0c1d06e..d15b93c1292a3981b693fd693a05ec17f45b919a 100644 (file)
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -279,6 +279,17 @@ static inline key_serial_t key_serial(const struct key *key)
 
 extern void key_set_timeout(struct key *, unsigned);
 
+/*
+ * The permissions required on a key that we're looking up.
+ */
+#define        KEY_NEED_VIEW   0x01    /* Require permission to view attributes */
+#define        KEY_NEED_READ   0x02    /* Require permission to read content */
+#define        KEY_NEED_WRITE  0x04    /* Require permission to update / modify */
+#define        KEY_NEED_SEARCH 0x08    /* Require permission to search (keyring) or find (key) */
+#define        KEY_NEED_LINK   0x10    /* Require permission to link */
+#define        KEY_NEED_SETATTR 0x20   /* Require permission to change attributes */
+#define        KEY_NEED_ALL    0x3f    /* All the above permissions */
+
 /**
  * key_is_instantiated - Determine if a key has been positively instantiated
  * @key: The key to check.
diff --git a/include/linux/security.h b/include/linux/security.h
index 673afbb8238a38b5d8f4cb5be001523f34d4cba7..106dc26b208783cad50d245f48acf3882ea0769a 100644 (file)
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1643,7 +1643,7 @@ struct security_operations {
        void (*key_free) (struct key *key);
        int (*key_permission) (key_ref_t key_ref,
                               const struct cred *cred,
-                              key_perm_t perm);
+                              unsigned perm);
        int (*key_getsecurity)(struct key *key, char **_buffer);
 #endif /* CONFIG_KEYS */
 
@@ -2903,7 +2903,7 @@ static inline int security_path_chroot(struct path *path)
 int security_key_alloc(struct key *key, const struct cred *cred, unsigned long flags);
 void security_key_free(struct key *key);
 int security_key_permission(key_ref_t key_ref,
-                           const struct cred *cred, key_perm_t perm);
+                           const struct cred *cred, unsigned perm);
 int security_key_getsecurity(struct key *key, char **_buffer);
 
 #else
@@ -2921,7 +2921,7 @@ static inline void security_key_free(struct key *key)
 
 static inline int security_key_permission(key_ref_t key_ref,
                                          const struct cred *cred,
-                                         key_perm_t perm)
+                                         unsigned perm)
 {
        return 0;
 }
diff --git a/security/capability.c b/security/capability.c
index 5bb21b1c448ce5e8e3ebfeb4b301209fab131ac0..eabfee99419047ba2f1a652fd440ecd2ca0c9970 100644 (file)
--- a/security/capability.c
+++ b/security/capability.c
@@ -831,7 +831,7 @@ static void cap_key_free(struct key *key)
 }
 
 static int cap_key_permission(key_ref_t key_ref, const struct cred *cred,
-                             key_perm_t perm)
+                             unsigned perm)
 {
        return 0;
 }
diff --git a/security/keys/internal.h b/security/keys/internal.h
index 65647f825584becdfa1db48302be9ba5e33df88e..2e501a07696bdc3198c97d9742dc5a192cab5d07 100644 (file)
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -162,20 +162,11 @@ extern int key_task_permission(const key_ref_t key_ref,
 /*
  * Check to see whether permission is granted to use a key in the desired way.
  */
-static inline int key_permission(const key_ref_t key_ref, key_perm_t perm)
+static inline int key_permission(const key_ref_t key_ref, unsigned perm)
 {
        return key_task_permission(key_ref, current_cred(), perm);
 }
 
-/* required permissions */
-#define        KEY_VIEW        0x01    /* require permission to view attributes */
-#define        KEY_READ        0x02    /* require permission to read content */
-#define        KEY_WRITE       0x04    /* require permission to update / modify */
-#define        KEY_SEARCH      0x08    /* require permission to search (keyring) or find (key) */
-#define        KEY_LINK        0x10    /* require permission to link */
-#define        KEY_SETATTR     0x20    /* require permission to change attributes */
-#define        KEY_ALL         0x3f    /* all the above permissions */
-
 /*
  * Authorisation record for request_key().
  */
diff --git a/security/keys/key.c b/security/keys/key.c
index 06783cffb3afa631fcca8efee90d17cc4f711b2c..6c90c7d821464be12e53ba1a11a7d65d723403a8 100644 (file)
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -712,7 +712,7 @@ static inline key_ref_t __key_update(key_ref_t key_ref,
        int ret;
 
        /* need write permission on the key to update it */
-       ret = key_permission(key_ref, KEY_WRITE);
+       ret = key_permission(key_ref, KEY_NEED_WRITE);
        if (ret < 0)
                goto error;
 
@@ -806,7 +806,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
 
        /* if we're going to allocate a new key, we're going to have
         * to modify the keyring */
-       ret = key_permission(keyring_ref, KEY_WRITE);
+       ret = key_permission(keyring_ref, KEY_NEED_WRITE);
        if (ret < 0) {
                key_ref = ERR_PTR(ret);
                goto error_3;
@@ -894,7 +894,7 @@ int key_update(key_ref_t key_ref, const void *payload, size_t plen)
        key_check(key);
 
        /* the key must be writable */
-       ret = key_permission(key_ref, KEY_WRITE);
+       ret = key_permission(key_ref, KEY_NEED_WRITE);
        if (ret < 0)
                goto error;
 
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index fb767c6cd99f6a92da8fa989999a18988bce1a19..afc453a984c1145ba4068a441abb8485317ee749 100644 (file)
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -100,7 +100,7 @@ SYSCALL_DEFINE5(add_key, const char __user *, _type,
        }
 
        /* find the target keyring (which must be writable) */
-       keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE);
+       keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE);
        if (IS_ERR(keyring_ref)) {
                ret = PTR_ERR(keyring_ref);
                goto error3;
@@ -184,7 +184,7 @@ SYSCALL_DEFINE4(request_key, const char __user *, _type,
        dest_ref = NULL;
        if (destringid) {
                dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE,
-                                          KEY_WRITE);
+                                          KEY_NEED_WRITE);
                if (IS_ERR(dest_ref)) {
                        ret = PTR_ERR(dest_ref);
                        goto error3;
@@ -242,7 +242,7 @@ long keyctl_get_keyring_ID(key_serial_t id, int create)
        long ret;
 
        lflags = create ? KEY_LOOKUP_CREATE : 0;
-       key_ref = lookup_user_key(id, lflags, KEY_SEARCH);
+       key_ref = lookup_user_key(id, lflags, KEY_NEED_SEARCH);
        if (IS_ERR(key_ref)) {
                ret = PTR_ERR(key_ref);
                goto error;
@@ -323,7 +323,7 @@ long keyctl_update_key(key_serial_t id,
        }
 
        /* find the target key (which must be writable) */
-       key_ref = lookup_user_key(id, 0, KEY_WRITE);
+       key_ref = lookup_user_key(id, 0, KEY_NEED_WRITE);
        if (IS_ERR(key_ref)) {
                ret = PTR_ERR(key_ref);
                goto error2;
@@ -354,12 +354,12 @@ long keyctl_revoke_key(key_serial_t id)
        key_ref_t key_ref;
        long ret;
 
-       key_ref = lookup_user_key(id, 0, KEY_WRITE);
+       key_ref = lookup_user_key(id, 0, KEY_NEED_WRITE);
        if (IS_ERR(key_ref)) {
                ret = PTR_ERR(key_ref);
                if (ret != -EACCES)
                        goto error;
-               key_ref = lookup_user_key(id, 0, KEY_SETATTR);
+               key_ref = lookup_user_key(id, 0, KEY_NEED_SETATTR);
                if (IS_ERR(key_ref)) {
                        ret = PTR_ERR(key_ref);
                        goto error;
@@ -386,7 +386,7 @@ long keyctl_keyring_clear(key_serial_t ringid)
        key_ref_t keyring_ref;
        long ret;
 
-       keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE);
+       keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE);
        if (IS_ERR(keyring_ref)) {
                ret = PTR_ERR(keyring_ref);
 
@@ -428,13 +428,13 @@ long keyctl_keyring_link(key_serial_t id, key_serial_t ringid)
        key_ref_t keyring_ref, key_ref;
        long ret;
 
-       keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE);
+       keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE);
        if (IS_ERR(keyring_ref)) {
                ret = PTR_ERR(keyring_ref);
                goto error;
        }
 
-       key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE, KEY_LINK);
+       key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE, KEY_NEED_LINK);
        if (IS_ERR(key_ref)) {
                ret = PTR_ERR(key_ref);
                goto error2;
@@ -463,7 +463,7 @@ long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid)
        key_ref_t keyring_ref, key_ref;
        long ret;
 
-       keyring_ref = lookup_user_key(ringid, 0, KEY_WRITE);
+       keyring_ref = lookup_user_key(ringid, 0, KEY_NEED_WRITE);
        if (IS_ERR(keyring_ref)) {
                ret = PTR_ERR(keyring_ref);
                goto error;
@@ -506,7 +506,7 @@ long keyctl_describe_key(key_serial_t keyid,
        char *tmpbuf;
        long ret;
 
-       key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_VIEW);
+       key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_NEED_VIEW);
        if (IS_ERR(key_ref)) {
                /* viewing a key under construction is permitted if we have the
                 * authorisation token handy */
@@ -597,7 +597,7 @@ long keyctl_keyring_search(key_serial_t ringid,
        }
 
        /* get the keyring at which to begin the search */
-       keyring_ref = lookup_user_key(ringid, 0, KEY_SEARCH);
+       keyring_ref = lookup_user_key(ringid, 0, KEY_NEED_SEARCH);
        if (IS_ERR(keyring_ref)) {
                ret = PTR_ERR(keyring_ref);
                goto error2;
@@ -607,7 +607,7 @@ long keyctl_keyring_search(key_serial_t ringid,
        dest_ref = NULL;
        if (destringid) {
                dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE,
-                                          KEY_WRITE);
+                                          KEY_NEED_WRITE);
                if (IS_ERR(dest_ref)) {
                        ret = PTR_ERR(dest_ref);
                        goto error3;
@@ -634,7 +634,7 @@ long keyctl_keyring_search(key_serial_t ringid,
 
        /* link the resulting key to the destination keyring if we can */
        if (dest_ref) {
-               ret = key_permission(key_ref, KEY_LINK);
+               ret = key_permission(key_ref, KEY_NEED_LINK);
                if (ret < 0)
                        goto error6;
 
@@ -685,7 +685,7 @@ long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen)
        key = key_ref_to_ptr(key_ref);
 
        /* see if we can read it directly */
-       ret = key_permission(key_ref, KEY_READ);
+       ret = key_permission(key_ref, KEY_NEED_READ);
        if (ret == 0)
                goto can_read_key;
        if (ret != -EACCES)
@@ -747,7 +747,7 @@ long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid)
                goto error;
 
        key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL,
-                                 KEY_SETATTR);
+                                 KEY_NEED_SETATTR);
        if (IS_ERR(key_ref)) {
                ret = PTR_ERR(key_ref);
                goto error;
@@ -853,7 +853,7 @@ long keyctl_setperm_key(key_serial_t id, key_perm_t perm)
                goto error;
 
        key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL,
-                                 KEY_SETATTR);
+                                 KEY_NEED_SETATTR);
        if (IS_ERR(key_ref)) {
                ret = PTR_ERR(key_ref);
                goto error;
@@ -895,7 +895,7 @@ static long get_instantiation_keyring(key_serial_t ringid,
 
        /* if a specific keyring is nominated by ID, then use that */
        if (ringid > 0) {
-               dkref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE);
+               dkref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE);
                if (IS_ERR(dkref))
                        return PTR_ERR(dkref);
                *_dest_keyring = key_ref_to_ptr(dkref);
@@ -1263,7 +1263,7 @@ long keyctl_set_timeout(key_serial_t id, unsigned timeout)
        long ret;
 
        key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL,
-                                 KEY_SETATTR);
+                                 KEY_NEED_SETATTR);
        if (IS_ERR(key_ref)) {
                /* setting the timeout on a key under construction is permitted
                 * if we have the authorisation token handy */
@@ -1366,7 +1366,7 @@ long keyctl_get_security(key_serial_t keyid,
        char *context;
        long ret;
 
-       key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_VIEW);
+       key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_NEED_VIEW);
        if (IS_ERR(key_ref)) {
                if (PTR_ERR(key_ref) != -EACCES)
                        return PTR_ERR(key_ref);
@@ -1430,7 +1430,7 @@ long keyctl_session_to_parent(void)
        key_ref_t keyring_r;
        int ret;
 
-       keyring_r = lookup_user_key(KEY_SPEC_SESSION_KEYRING, 0, KEY_LINK);
+       keyring_r = lookup_user_key(KEY_SPEC_SESSION_KEYRING, 0, KEY_NEED_LINK);
        if (IS_ERR(keyring_r))
                return PTR_ERR(keyring_r);
 
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index d605f75292e4390da5d7f8cd763266004288ecf2..fad72887df28b18abca61cc7c64cc9b2f7c57c5b 100644 (file)
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -326,7 +326,7 @@ key_ref_t keyring_search_aux(key_ref_t keyring_ref,
        key_check(keyring);
 
        /* top keyring must have search permission to begin the search */
-       err = key_task_permission(keyring_ref, cred, KEY_SEARCH);
+       err = key_task_permission(keyring_ref, cred, KEY_NEED_SEARCH);
        if (err < 0) {
                key_ref = ERR_PTR(err);
                goto error;
@@ -405,7 +405,7 @@ descend:
 
                /* key must have search permissions */
                if (key_task_permission(make_key_ref(key, possessed),
-                                       cred, KEY_SEARCH) < 0)
+                                       cred, KEY_NEED_SEARCH) < 0)
                        continue;
 
                if (no_state_check)
@@ -437,7 +437,7 @@ ascend:
                        continue;
 
                if (key_task_permission(make_key_ref(key, possessed),
-                                       cred, KEY_SEARCH) < 0)
+                                       cred, KEY_NEED_SEARCH) < 0)
                        continue;
 
                /* stack the current position */
@@ -594,7 +594,7 @@ struct key *find_keyring_by_name(const char *name, bool skip_perm_check)
 
                        if (!skip_perm_check &&
                            key_permission(make_key_ref(keyring, 0),
-                                          KEY_SEARCH) < 0)
+                                          KEY_NEED_SEARCH) < 0)
                                continue;
 
                        /* we've got a match but we might end up racing with
diff --git a/security/keys/permission.c b/security/keys/permission.c
index c35b5229e3cdca80bcd6b44da70b5123871e1874..ca1a277962cf8a644a733969e0d6e68b7e3c31b8 100644 (file)
--- a/security/keys/permission.c
+++ b/security/keys/permission.c
@@ -28,7 +28,7 @@
  * permissions bits or the LSM check.
  */
 int key_task_permission(const key_ref_t key_ref, const struct cred *cred,
-                       key_perm_t perm)
+                       unsigned perm)
 {
        struct key *key;
        key_perm_t kperm;
@@ -73,7 +73,7 @@ use_these_perms:
        if (is_key_possessed(key_ref))
                kperm |= key->perm >> 24;
 
-       kperm = kperm & perm & KEY_ALL;
+       kperm = kperm & perm & KEY_NEED_ALL;
 
        if (kperm != perm)
                return -EACCES;
diff --git a/security/keys/proc.c b/security/keys/proc.c
index 49bbc97943ad8b804e22ff69150083a0f891ffd5..029b87a683ba878a6892ea58d8818ad0b7ddc37c 100644 (file)
--- a/security/keys/proc.c
+++ b/security/keys/proc.c
@@ -211,7 +211,7 @@ static int proc_keys_show(struct seq_file *m, void *v)
         * - the caller holds a spinlock, and thus the RCU read lock, making our
         *   access to __current_cred() safe
         */
-       rc = key_task_permission(key_ref, cred, KEY_VIEW);
+       rc = key_task_permission(key_ref, cred, KEY_NEED_VIEW);
        if (rc < 0)
                return 0;
 
diff --git a/security/security.c b/security/security.c
index bf619ffc9a4d2b81053b62eafe5fffd7a8d9524f..f871ceb707db63536ec09c784a1793295a9fdfc4 100644 (file)
--- a/security/security.c
+++ b/security/security.c
@@ -1290,7 +1290,7 @@ void security_key_free(struct key *key)
 }
 
 int security_key_permission(key_ref_t key_ref,
-                           const struct cred *cred, key_perm_t perm)
+                           const struct cred *cred, unsigned perm)
 {
        return security_ops->key_permission(key_ref, cred, perm);
 }
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index d85b793c9321c5866a2f6bd2ce60cb5aaff42e17..80b007afdc33e8f5a7498a69b2c6ef8f63db4e4b 100644 (file)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -5484,7 +5484,7 @@ static void selinux_key_free(struct key *k)
 
 static int selinux_key_permission(key_ref_t key_ref,
                                  const struct cred *cred,
-                                 key_perm_t perm)
+                                 unsigned perm)
 {
        struct key *key;
        struct key_security_struct *ksec;
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index c29c164b9cc77357a6d35b3badb0390b7255b8cf..7ce9cb4540d743271577d9bfe65bd70f538d84bc 100644 (file)
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -3521,7 +3521,7 @@ static void smack_key_free(struct key *key)
  * an error code otherwise
  */
 static int smack_key_permission(key_ref_t key_ref,
-                               const struct cred *cred, key_perm_t perm)
+                               const struct cred *cred, unsigned perm)
 {
        struct key *keyp;
        struct smk_audit_info ad;
Domain: System / Kernel;