summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2019-07-10 21:43:43 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2019-07-10 21:43:43 -0400
commit028db3e290f15ac509084c0fc3b9d021f668f877 (patch)
tree7497244a90100f2464403063f88f83a555da03b3
parente9a83bd2322035ed9d7dcf35753d3f984d76c6a5 (diff)
Revert "Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs"
This reverts merge 0f75ef6a9cff49ff612f7ce0578bced9d0b38325 (and thus effectively commits 7a1ade847596 ("keys: Provide KEYCTL_GRANT_PERMISSION") 2e12256b9a76 ("keys: Replace uid/gid/perm permissions checking with an ACL") that the merge brought in). It turns out that it breaks booting with an encrypted volume, and Eric biggers reports that it also breaks the fscrypt tests [1] and loading of in-kernel X.509 certificates [2]. The root cause of all the breakage is likely the same, but David Howells is off email so rather than try to work it out it's getting reverted in order to not impact the rest of the merge window. [1] https://lore.kernel.org/lkml/20190710011559.GA7973@sol.localdomain/ [2] https://lore.kernel.org/lkml/20190710013225.GB7973@sol.localdomain/ Link: https://lore.kernel.org/lkml/CAHk-=wjxoeMJfeBahnWH=9zShKp2bsVy527vo3_y8HfOdhwAAw@mail.gmail.com/ Reported-by: Eric Biggers <ebiggers@kernel.org> Cc: David Howells <dhowells@redhat.com> Cc: James Morris <jmorris@namei.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--Documentation/security/keys/core.rst128
-rw-r--r--Documentation/security/keys/request-key.rst9
-rw-r--r--certs/blacklist.c7
-rw-r--r--certs/system_keyring.c12
-rw-r--r--drivers/md/dm-crypt.c2
-rw-r--r--drivers/nvdimm/security.c2
-rw-r--r--fs/afs/security.c2
-rw-r--r--fs/cifs/cifs_spnego.c25
-rw-r--r--fs/cifs/cifsacl.c28
-rw-r--r--fs/cifs/connect.c4
-rw-r--r--fs/crypto/keyinfo.c2
-rw-r--r--fs/ecryptfs/ecryptfs_kernel.h2
-rw-r--r--fs/ecryptfs/keystore.c2
-rw-r--r--fs/fscache/object-list.c2
-rw-r--r--fs/nfs/nfs4idmap.c30
-rw-r--r--fs/ubifs/auth.c2
-rw-r--r--include/linux/key.h121
-rw-r--r--include/uapi/linux/keyctl.h65
-rw-r--r--lib/digsig.c2
-rw-r--r--net/ceph/ceph_common.c2
-rw-r--r--net/dns_resolver/dns_key.c12
-rw-r--r--net/dns_resolver/dns_query.c15
-rw-r--r--net/rxrpc/key.c19
-rw-r--r--net/wireless/reg.c6
-rw-r--r--security/integrity/digsig.c31
-rw-r--r--security/integrity/digsig_asymmetric.c2
-rw-r--r--security/integrity/evm/evm_crypto.c2
-rw-r--r--security/integrity/ima/ima_mok.c13
-rw-r--r--security/integrity/integrity.h6
-rw-r--r--security/integrity/platform_certs/platform_keyring.c14
-rw-r--r--security/keys/compat.c2
-rw-r--r--security/keys/encrypted-keys/encrypted.c2
-rw-r--r--security/keys/encrypted-keys/masterkey_trusted.c2
-rw-r--r--security/keys/gc.c2
-rw-r--r--security/keys/internal.h16
-rw-r--r--security/keys/key.c29
-rw-r--r--security/keys/keyctl.c104
-rw-r--r--security/keys/keyring.c27
-rw-r--r--security/keys/permission.c361
-rw-r--r--security/keys/persistent.c27
-rw-r--r--security/keys/proc.c22
-rw-r--r--security/keys/process_keys.c86
-rw-r--r--security/keys/request_key.c34
-rw-r--r--security/keys/request_key_auth.c15
-rw-r--r--security/selinux/hooks.c16
-rw-r--r--security/smack/smack_lsm.c3
46 files changed, 325 insertions, 992 deletions
diff --git a/Documentation/security/keys/core.rst b/Documentation/security/keys/core.rst
index bc561ca95c86..d6d8b0b756b6 100644
--- a/Documentation/security/keys/core.rst
+++ b/Documentation/security/keys/core.rst
@@ -57,9 +57,9 @@ Each key has a number of attributes:
57 type provides an operation to perform a match between the description on a 57 type provides an operation to perform a match between the description on a
58 key and a criterion string. 58 key and a criterion string.
59 59
60 * Each key has an owner user ID, a group ID and an ACL. These are used to 60 * Each key has an owner user ID, a group ID and a permissions mask. These
61 control what a process may do to a key from userspace, and whether a 61 are used to control what a process may do to a key from userspace, and
62 kernel service will be able to find the key. 62 whether a kernel service will be able to find the key.
63 63
64 * Each key can be set to expire at a specific time by the key type's 64 * Each key can be set to expire at a specific time by the key type's
65 instantiation function. Keys can also be immortal. 65 instantiation function. Keys can also be immortal.
@@ -198,110 +198,43 @@ The key service provides a number of features besides keys:
198Key Access Permissions 198Key Access Permissions
199====================== 199======================
200 200
201Keys have an owner user ID, a group ID and an ACL. The ACL is made up of a 201Keys have an owner user ID, a group access ID, and a permissions mask. The mask
202sequence of ACEs that each contain three elements: 202has up to eight bits each for possessor, user, group and other access. Only
203six of each set of eight bits are defined. These permissions granted are:
203 204
204 * The type of subject. 205 * View
205 * The subject.
206 206
207 These two together indicate the subject to whom the permits are granted. 207 This permits a key or keyring's attributes to be viewed - including key
208 The type can be one of: 208 type and description.
209 209
210 * ``KEY_ACE_SUBJ_STANDARD`` 210 * Read
211 211
212 The subject is a standard 'macro' type. The subject can be one of: 212 This permits a key's payload to be viewed or a keyring's list of linked
213 213 keys.
214 * ``KEY_ACE_EVERYONE``
215
216 The permits are granted to everyone. It replaces the old 'other'
217 type on the assumption that you wouldn't grant a permission to other
218 that you you wouldn't grant to everyone else.
219
220 * ``KEY_ACE_OWNER``
221
222 The permits are granted to the owner of the key (key->uid).
223
224 * ``KEY_ACE_GROUP``
225
226 The permits are granted to the key's group (key->gid).
227
228 * ``KEY_ACE_POSSESSOR``
229
230 The permits are granted to anyone who possesses the key.
231
232 * The set of permits granted to the subject. These include:
233
234 * ``KEY_ACE_VIEW``
235
236 This permits a key or keyring's attributes to be viewed - including the
237 key type and description.
238
239 * ``KEY_ACE_READ``
240
241 This permits a key's payload to be viewed or a keyring's list of linked
242 keys.
243
244 * ``KEY_ACE_WRITE``
245
246 This permits a key's payload to be instantiated or updated, or it allows
247 a link to be added to or removed from a keyring.
248
249 * ``KEY_ACE_SEARCH``
250
251 This permits keyrings to be searched and keys to be found. Searches can
252 only recurse into nested keyrings that have search permission set.
253
254 * ``KEY_ACE_LINK``
255
256 This permits a key or keyring to be linked to. To create a link from a
257 keyring to a key, a process must have Write permission on the keyring
258 and Link permission on the key.
259
260 * ``KEY_ACE_SET_SECURITY``
261
262 This permits a key's UID, GID and permissions mask to be changed.
263 214
264 * ``KEY_ACE_INVAL`` 215 * Write
265 216
266 This permits a key to be invalidated with KEYCTL_INVALIDATE. 217 This permits a key's payload to be instantiated or updated, or it allows a
218 link to be added to or removed from a keyring.
267 219
268 * ``KEY_ACE_REVOKE`` 220 * Search
269 221
270 This permits a key to be revoked with KEYCTL_REVOKE. 222 This permits keyrings to be searched and keys to be found. Searches can
223 only recurse into nested keyrings that have search permission set.
271 224
272 * ``KEY_ACE_JOIN`` 225 * Link
273 226
274 This permits a keyring to be joined as a session by 227 This permits a key or keyring to be linked to. To create a link from a
275 KEYCTL_JOIN_SESSION_KEYRING or KEYCTL_SESSION_TO_PARENT. 228 keyring to a key, a process must have Write permission on the keyring and
229 Link permission on the key.
276 230
277 * ``KEY_ACE_CLEAR`` 231 * Set Attribute
278 232
279 This permits a keyring to be cleared. 233 This permits a key's UID, GID and permissions mask to be changed.
280 234
281For changing the ownership, group ID or permissions mask, being the owner of 235For changing the ownership, group ID or permissions mask, being the owner of
282the key or having the sysadmin capability is sufficient. 236the key or having the sysadmin capability is sufficient.
283 237
284The legacy KEYCTL_SETPERM and KEYCTL_DESCRIBE functions can only see/generate
285View, Read, Write, Search, Link and SetAttr permits, and do this for each of
286possessor, user, group and other permission sets as a 32-bit flag mask. These
287will be approximated/inferred:
288
289 SETPERM Permit Implied ACE Permit
290 =============== =======================
291 Search Inval, Join
292 Write Revoke, Clear
293 Setattr Set Security, Revoke
294
295 ACE Permit Described as
296 =============== =======================
297 Inval Search
298 Join Search
299 Revoke Write (unless Setattr)
300 Clear write
301 Set Security Setattr
302
303'Other' will be approximated as/inferred from the 'Everyone' subject.
304
305 238
306SELinux Support 239SELinux Support
307=============== 240===============
@@ -1151,8 +1084,7 @@ payload contents" for more information.
1151 1084
1152 struct key *request_key(const struct key_type *type, 1085 struct key *request_key(const struct key_type *type,
1153 const char *description, 1086 const char *description,
1154 const char *callout_info, 1087 const char *callout_info);
1155 struct key_acl *acl);
1156 1088
1157 This is used to request a key or keyring with a description that matches 1089 This is used to request a key or keyring with a description that matches
1158 the description specified according to the key type's match_preparse() 1090 the description specified according to the key type's match_preparse()
@@ -1167,8 +1099,6 @@ payload contents" for more information.
1167 If successful, the key will have been attached to the default keyring for 1099 If successful, the key will have been attached to the default keyring for
1168 implicitly obtained request-key keys, as set by KEYCTL_SET_REQKEY_KEYRING. 1100 implicitly obtained request-key keys, as set by KEYCTL_SET_REQKEY_KEYRING.
1169 1101
1170 If a key is created, it will be given the specified ACL.
1171
1172 See also Documentation/security/keys/request-key.rst. 1102 See also Documentation/security/keys/request-key.rst.
1173 1103
1174 1104
@@ -1177,8 +1107,7 @@ payload contents" for more information.
1177 struct key *request_key_tag(const struct key_type *type, 1107 struct key *request_key_tag(const struct key_type *type,
1178 const char *description, 1108 const char *description,
1179 struct key_tag *domain_tag, 1109 struct key_tag *domain_tag,
1180 const char *callout_info, 1110 const char *callout_info);
1181 struct key_acl *acl);
1182 1111
1183 This is identical to request_key(), except that a domain tag may be 1112 This is identical to request_key(), except that a domain tag may be
1184 specifies that causes search algorithm to only match keys matching that 1113 specifies that causes search algorithm to only match keys matching that
@@ -1193,8 +1122,7 @@ payload contents" for more information.
1193 struct key_tag *domain_tag, 1122 struct key_tag *domain_tag,
1194 const void *callout_info, 1123 const void *callout_info,
1195 size_t callout_len, 1124 size_t callout_len,
1196 void *aux, 1125 void *aux);
1197 struct key_acl *acl);
1198 1126
1199 This is identical to request_key_tag(), except that the auxiliary data is 1127 This is identical to request_key_tag(), except that the auxiliary data is
1200 passed to the key_type->request_key() op if it exists, and the 1128 passed to the key_type->request_key() op if it exists, and the
@@ -1267,7 +1195,7 @@ payload contents" for more information.
1267 1195
1268 struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid, 1196 struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
1269 const struct cred *cred, 1197 const struct cred *cred,
1270 struct key_acl *acl, 1198 key_perm_t perm,
1271 struct key_restriction *restrict_link, 1199 struct key_restriction *restrict_link,
1272 unsigned long flags, 1200 unsigned long flags,
1273 struct key *dest); 1201 struct key *dest);
diff --git a/Documentation/security/keys/request-key.rst b/Documentation/security/keys/request-key.rst
index f356fd06c8d5..35f2296b704a 100644
--- a/Documentation/security/keys/request-key.rst
+++ b/Documentation/security/keys/request-key.rst
@@ -11,16 +11,14 @@ The process starts by either the kernel requesting a service by calling
11 11
12 struct key *request_key(const struct key_type *type, 12 struct key *request_key(const struct key_type *type,
13 const char *description, 13 const char *description,
14 const char *callout_info, 14 const char *callout_info);
15 struct key_acl *acl);
16 15
17or:: 16or::
18 17
19 struct key *request_key_tag(const struct key_type *type, 18 struct key *request_key_tag(const struct key_type *type,
20 const char *description, 19 const char *description,
21 const struct key_tag *domain_tag, 20 const struct key_tag *domain_tag,
22 const char *callout_info, 21 const char *callout_info);
23 struct key_acl *acl);
24 22
25or:: 23or::
26 24
@@ -29,8 +27,7 @@ or::
29 const struct key_tag *domain_tag, 27 const struct key_tag *domain_tag,
30 const char *callout_info, 28 const char *callout_info,
31 size_t callout_len, 29 size_t callout_len,
32 void *aux, 30 void *aux);
33 struct key_acl *acl);
34 31
35or:: 32or::
36 33
diff --git a/certs/blacklist.c b/certs/blacklist.c
index 93d70b885f8e..ec00bf337eb6 100644
--- a/certs/blacklist.c
+++ b/certs/blacklist.c
@@ -89,7 +89,8 @@ int mark_hash_blacklisted(const char *hash)
89 hash, 89 hash,
90 NULL, 90 NULL,
91 0, 91 0,
92 &internal_key_acl, 92 ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
93 KEY_USR_VIEW),
93 KEY_ALLOC_NOT_IN_QUOTA | 94 KEY_ALLOC_NOT_IN_QUOTA |
94 KEY_ALLOC_BUILT_IN); 95 KEY_ALLOC_BUILT_IN);
95 if (IS_ERR(key)) { 96 if (IS_ERR(key)) {
@@ -148,7 +149,9 @@ static int __init blacklist_init(void)
148 keyring_alloc(".blacklist", 149 keyring_alloc(".blacklist",
149 KUIDT_INIT(0), KGIDT_INIT(0), 150 KUIDT_INIT(0), KGIDT_INIT(0),
150 current_cred(), 151 current_cred(),
151 &internal_keyring_acl, 152 (KEY_POS_ALL & ~KEY_POS_SETATTR) |
153 KEY_USR_VIEW | KEY_USR_READ |
154 KEY_USR_SEARCH,
152 KEY_ALLOC_NOT_IN_QUOTA | 155 KEY_ALLOC_NOT_IN_QUOTA |
153 KEY_FLAG_KEEP, 156 KEY_FLAG_KEEP,
154 NULL, NULL); 157 NULL, NULL);
diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index 57be78b5fdfc..1eba08a1af82 100644
--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c
@@ -99,7 +99,9 @@ static __init int system_trusted_keyring_init(void)
99 builtin_trusted_keys = 99 builtin_trusted_keys =
100 keyring_alloc(".builtin_trusted_keys", 100 keyring_alloc(".builtin_trusted_keys",
101 KUIDT_INIT(0), KGIDT_INIT(0), current_cred(), 101 KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
102 &internal_key_acl, KEY_ALLOC_NOT_IN_QUOTA, 102 ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
103 KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH),
104 KEY_ALLOC_NOT_IN_QUOTA,
103 NULL, NULL); 105 NULL, NULL);
104 if (IS_ERR(builtin_trusted_keys)) 106 if (IS_ERR(builtin_trusted_keys))
105 panic("Can't allocate builtin trusted keyring\n"); 107 panic("Can't allocate builtin trusted keyring\n");
@@ -108,7 +110,10 @@ static __init int system_trusted_keyring_init(void)
108 secondary_trusted_keys = 110 secondary_trusted_keys =
109 keyring_alloc(".secondary_trusted_keys", 111 keyring_alloc(".secondary_trusted_keys",
110 KUIDT_INIT(0), KGIDT_INIT(0), current_cred(), 112 KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
111 &internal_writable_keyring_acl, KEY_ALLOC_NOT_IN_QUOTA, 113 ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
114 KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH |
115 KEY_USR_WRITE),
116 KEY_ALLOC_NOT_IN_QUOTA,
112 get_builtin_and_secondary_restriction(), 117 get_builtin_and_secondary_restriction(),
113 NULL); 118 NULL);
114 if (IS_ERR(secondary_trusted_keys)) 119 if (IS_ERR(secondary_trusted_keys))
@@ -158,7 +163,8 @@ static __init int load_system_certificate_list(void)
158 NULL, 163 NULL,
159 p, 164 p,
160 plen, 165 plen,
161 &internal_key_acl, 166 ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
167 KEY_USR_VIEW | KEY_USR_READ),
162 KEY_ALLOC_NOT_IN_QUOTA | 168 KEY_ALLOC_NOT_IN_QUOTA |
163 KEY_ALLOC_BUILT_IN | 169 KEY_ALLOC_BUILT_IN |
164 KEY_ALLOC_BYPASS_RESTRICTION); 170 KEY_ALLOC_BYPASS_RESTRICTION);
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index 0fd3ca9bfe54..1b16d34bb785 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -2035,7 +2035,7 @@ static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string
2035 return -ENOMEM; 2035 return -ENOMEM;
2036 2036
2037 key = request_key(key_string[0] == 'l' ? &key_type_logon : &key_type_user, 2037 key = request_key(key_string[0] == 'l' ? &key_type_logon : &key_type_user,
2038 key_desc + 1, NULL, NULL); 2038 key_desc + 1, NULL);
2039 if (IS_ERR(key)) { 2039 if (IS_ERR(key)) {
2040 kzfree(new_key_string); 2040 kzfree(new_key_string);
2041 return PTR_ERR(key); 2041 return PTR_ERR(key);
diff --git a/drivers/nvdimm/security.c b/drivers/nvdimm/security.c
index 99a5708b37e3..a570f2263a42 100644
--- a/drivers/nvdimm/security.c
+++ b/drivers/nvdimm/security.c
@@ -55,7 +55,7 @@ static struct key *nvdimm_request_key(struct nvdimm *nvdimm)
55 struct device *dev = &nvdimm->dev; 55 struct device *dev = &nvdimm->dev;
56 56
57 sprintf(desc, "%s%s", NVDIMM_PREFIX, nvdimm->dimm_id); 57 sprintf(desc, "%s%s", NVDIMM_PREFIX, nvdimm->dimm_id);
58 key = request_key(&key_type_encrypted, desc, "", NULL); 58 key = request_key(&key_type_encrypted, desc, "");
59 if (IS_ERR(key)) { 59 if (IS_ERR(key)) {
60 if (PTR_ERR(key) == -ENOKEY) 60 if (PTR_ERR(key) == -ENOKEY)
61 dev_dbg(dev, "request_key() found no key\n"); 61 dev_dbg(dev, "request_key() found no key\n");
diff --git a/fs/afs/security.c b/fs/afs/security.c
index 8866703b2e6c..71e71c07568f 100644
--- a/fs/afs/security.c
+++ b/fs/afs/security.c
@@ -28,7 +28,7 @@ struct key *afs_request_key(struct afs_cell *cell)
28 28
29 _debug("key %s", cell->anonymous_key->description); 29 _debug("key %s", cell->anonymous_key->description);
30 key = request_key(&key_type_rxrpc, cell->anonymous_key->description, 30 key = request_key(&key_type_rxrpc, cell->anonymous_key->description,
31 NULL, NULL); 31 NULL);
32 if (IS_ERR(key)) { 32 if (IS_ERR(key)) {
33 if (PTR_ERR(key) != -ENOKEY) { 33 if (PTR_ERR(key) != -ENOKEY) {
34 _leave(" = %ld", PTR_ERR(key)); 34 _leave(" = %ld", PTR_ERR(key));
diff --git a/fs/cifs/cifs_spnego.c b/fs/cifs/cifs_spnego.c
index d1b439ad0f1a..7f01c6e60791 100644
--- a/fs/cifs/cifs_spnego.c
+++ b/fs/cifs/cifs_spnego.c
@@ -32,25 +32,6 @@
32#include "cifsproto.h" 32#include "cifsproto.h"
33static const struct cred *spnego_cred; 33static const struct cred *spnego_cred;
34 34
35static struct key_acl cifs_spnego_key_acl = {
36 .usage = REFCOUNT_INIT(1),
37 .nr_ace = 2,
38 .possessor_viewable = true,
39 .aces = {
40 KEY_POSSESSOR_ACE(KEY_ACE_VIEW | KEY_ACE_SEARCH | KEY_ACE_READ),
41 KEY_OWNER_ACE(KEY_ACE_VIEW),
42 }
43};
44
45static struct key_acl cifs_spnego_keyring_acl = {
46 .usage = REFCOUNT_INIT(1),
47 .nr_ace = 2,
48 .aces = {
49 KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_WRITE),
50 KEY_OWNER_ACE(KEY_ACE_VIEW | KEY_ACE_READ | KEY_ACE_CLEAR),
51 }
52};
53
54/* create a new cifs key */ 35/* create a new cifs key */
55static int 36static int
56cifs_spnego_key_instantiate(struct key *key, struct key_preparsed_payload *prep) 37cifs_spnego_key_instantiate(struct key *key, struct key_preparsed_payload *prep)
@@ -189,8 +170,7 @@ cifs_get_spnego_key(struct cifs_ses *sesInfo)
189 170
190 cifs_dbg(FYI, "key description = %s\n", description); 171 cifs_dbg(FYI, "key description = %s\n", description);
191 saved_cred = override_creds(spnego_cred); 172 saved_cred = override_creds(spnego_cred);
192 spnego_key = request_key(&cifs_spnego_key_type, description, "", 173 spnego_key = request_key(&cifs_spnego_key_type, description, "");
193 &cifs_spnego_key_acl);
194 revert_creds(saved_cred); 174 revert_creds(saved_cred);
195 175
196#ifdef CONFIG_CIFS_DEBUG2 176#ifdef CONFIG_CIFS_DEBUG2
@@ -227,7 +207,8 @@ init_cifs_spnego(void)
227 207
228 keyring = keyring_alloc(".cifs_spnego", 208 keyring = keyring_alloc(".cifs_spnego",
229 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred, 209 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred,
230 &cifs_spnego_keyring_acl, 210 (KEY_POS_ALL & ~KEY_POS_SETATTR) |
211 KEY_USR_VIEW | KEY_USR_READ,
231 KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL); 212 KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
232 if (IS_ERR(keyring)) { 213 if (IS_ERR(keyring)) {
233 ret = PTR_ERR(keyring); 214 ret = PTR_ERR(keyring);
diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c
index 78eed72f3af0..1d377b7f2860 100644
--- a/fs/cifs/cifsacl.c
+++ b/fs/cifs/cifsacl.c
@@ -33,25 +33,6 @@
33#include "cifsproto.h" 33#include "cifsproto.h"
34#include "cifs_debug.h" 34#include "cifs_debug.h"
35 35
36static struct key_acl cifs_idmap_key_acl = {
37 .usage = REFCOUNT_INIT(1),
38 .nr_ace = 2,
39 .possessor_viewable = true,
40 .aces = {
41 KEY_POSSESSOR_ACE(KEY_ACE_VIEW | KEY_ACE_SEARCH | KEY_ACE_READ),
42 KEY_OWNER_ACE(KEY_ACE_VIEW),
43 }
44};
45
46static struct key_acl cifs_idmap_keyring_acl = {
47 .usage = REFCOUNT_INIT(1),
48 .nr_ace = 2,
49 .aces = {
50 KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_WRITE),
51 KEY_OWNER_ACE(KEY_ACE_VIEW | KEY_ACE_READ),
52 }
53};
54
55/* security id for everyone/world system group */ 36/* security id for everyone/world system group */
56static const struct cifs_sid sid_everyone = { 37static const struct cifs_sid sid_everyone = {
57 1, 1, {0, 0, 0, 0, 0, 1}, {0} }; 38 1, 1, {0, 0, 0, 0, 0, 1}, {0} };
@@ -317,8 +298,7 @@ id_to_sid(unsigned int cid, uint sidtype, struct cifs_sid *ssid)
317 298
318 rc = 0; 299 rc = 0;
319 saved_cred = override_creds(root_cred); 300 saved_cred = override_creds(root_cred);
320 sidkey = request_key(&cifs_idmap_key_type, desc, "", 301 sidkey = request_key(&cifs_idmap_key_type, desc, "");
321 &cifs_idmap_key_acl);
322 if (IS_ERR(sidkey)) { 302 if (IS_ERR(sidkey)) {
323 rc = -EINVAL; 303 rc = -EINVAL;
324 cifs_dbg(FYI, "%s: Can't map %cid %u to a SID\n", 304 cifs_dbg(FYI, "%s: Can't map %cid %u to a SID\n",
@@ -423,8 +403,7 @@ try_upcall_to_get_id:
423 return -ENOMEM; 403 return -ENOMEM;
424 404
425 saved_cred = override_creds(root_cred); 405 saved_cred = override_creds(root_cred);
426 sidkey = request_key(&cifs_idmap_key_type, sidstr, "", 406 sidkey = request_key(&cifs_idmap_key_type, sidstr, "");
427 &cifs_idmap_key_acl);
428 if (IS_ERR(sidkey)) { 407 if (IS_ERR(sidkey)) {
429 rc = -EINVAL; 408 rc = -EINVAL;
430 cifs_dbg(FYI, "%s: Can't map SID %s to a %cid\n", 409 cifs_dbg(FYI, "%s: Can't map SID %s to a %cid\n",
@@ -502,7 +481,8 @@ init_cifs_idmap(void)
502 481
503 keyring = keyring_alloc(".cifs_idmap", 482 keyring = keyring_alloc(".cifs_idmap",
504 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred, 483 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred,
505 &cifs_idmap_keyring_acl, 484 (KEY_POS_ALL & ~KEY_POS_SETATTR) |
485 KEY_USR_VIEW | KEY_USR_READ,
506 KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL); 486 KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
507 if (IS_ERR(keyring)) { 487 if (IS_ERR(keyring)) {
508 ret = PTR_ERR(keyring); 488 ret = PTR_ERR(keyring);
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index ae6bae2ecb5d..714a359c7c8d 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -2992,7 +2992,7 @@ cifs_set_cifscreds(struct smb_vol *vol, struct cifs_ses *ses)
2992 } 2992 }
2993 2993
2994 cifs_dbg(FYI, "%s: desc=%s\n", __func__, desc); 2994 cifs_dbg(FYI, "%s: desc=%s\n", __func__, desc);
2995 key = request_key(&key_type_logon, desc, "", NULL); 2995 key = request_key(&key_type_logon, desc, "");
2996 if (IS_ERR(key)) { 2996 if (IS_ERR(key)) {
2997 if (!ses->domainName) { 2997 if (!ses->domainName) {
2998 cifs_dbg(FYI, "domainName is NULL\n"); 2998 cifs_dbg(FYI, "domainName is NULL\n");
@@ -3003,7 +3003,7 @@ cifs_set_cifscreds(struct smb_vol *vol, struct cifs_ses *ses)
3003 /* didn't work, try to find a domain key */ 3003 /* didn't work, try to find a domain key */
3004 sprintf(desc, "cifs:d:%s", ses->domainName); 3004 sprintf(desc, "cifs:d:%s", ses->domainName);
3005 cifs_dbg(FYI, "%s: desc=%s\n", __func__, desc); 3005 cifs_dbg(FYI, "%s: desc=%s\n", __func__, desc);
3006 key = request_key(&key_type_logon, desc, "", NULL); 3006 key = request_key(&key_type_logon, desc, "");
3007 if (IS_ERR(key)) { 3007 if (IS_ERR(key)) {
3008 rc = PTR_ERR(key); 3008 rc = PTR_ERR(key);
3009 goto out_err; 3009 goto out_err;
diff --git a/fs/crypto/keyinfo.c b/fs/crypto/keyinfo.c
index 4f85af8ab239..dcd91a3fbe49 100644
--- a/fs/crypto/keyinfo.c
+++ b/fs/crypto/keyinfo.c
@@ -92,7 +92,7 @@ find_and_lock_process_key(const char *prefix,
92 if (!description) 92 if (!description)
93 return ERR_PTR(-ENOMEM); 93 return ERR_PTR(-ENOMEM);
94 94
95 key = request_key(&key_type_logon, description, NULL, NULL); 95 key = request_key(&key_type_logon, description, NULL);
96 kfree(description); 96 kfree(description);
97 if (IS_ERR(key)) 97 if (IS_ERR(key))
98 return key; 98 return key;
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index 67844fe41a61..1c1a56be7ea2 100644
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -91,7 +91,7 @@ ecryptfs_get_encrypted_key_payload_data(struct key *key)
91 91
92static inline struct key *ecryptfs_get_encrypted_key(char *sig) 92static inline struct key *ecryptfs_get_encrypted_key(char *sig)
93{ 93{
94 return request_key(&key_type_encrypted, sig, NULL, NULL); 94 return request_key(&key_type_encrypted, sig, NULL);
95} 95}
96 96
97#else 97#else
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index ba382f135918..9536e592e25a 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -1610,7 +1610,7 @@ int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key,
1610{ 1610{
1611 int rc = 0; 1611 int rc = 0;
1612 1612
1613 (*auth_tok_key) = request_key(&key_type_user, sig, NULL, NULL); 1613 (*auth_tok_key) = request_key(&key_type_user, sig, NULL);
1614 if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) { 1614 if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
1615 (*auth_tok_key) = ecryptfs_get_encrypted_key(sig); 1615 (*auth_tok_key) = ecryptfs_get_encrypted_key(sig);
1616 if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) { 1616 if (!(*auth_tok_key) || IS_ERR(*auth_tok_key)) {
diff --git a/fs/fscache/object-list.c b/fs/fscache/object-list.c
index 67b7bda5647a..72ebfe578f40 100644
--- a/fs/fscache/object-list.c
+++ b/fs/fscache/object-list.c
@@ -317,7 +317,7 @@ static void fscache_objlist_config(struct fscache_objlist_data *data)
317 const char *buf; 317 const char *buf;
318 int len; 318 int len;
319 319
320 key = request_key(&key_type_user, "fscache:objlist", NULL, NULL); 320 key = request_key(&key_type_user, "fscache:objlist", NULL);
321 if (IS_ERR(key)) 321 if (IS_ERR(key))
322 goto no_config; 322 goto no_config;
323 323
diff --git a/fs/nfs/nfs4idmap.c b/fs/nfs/nfs4idmap.c
index 69679f4f2e6c..1e7296395d71 100644
--- a/fs/nfs/nfs4idmap.c
+++ b/fs/nfs/nfs4idmap.c
@@ -72,25 +72,6 @@ struct idmap {
72 const struct cred *cred; 72 const struct cred *cred;
73}; 73};
74 74
75static struct key_acl nfs_idmap_key_acl = {
76 .usage = REFCOUNT_INIT(1),
77 .nr_ace = 2,
78 .possessor_viewable = true,
79 .aces = {
80 KEY_POSSESSOR_ACE(KEY_ACE_VIEW | KEY_ACE_SEARCH | KEY_ACE_READ),
81 KEY_OWNER_ACE(KEY_ACE_VIEW),
82 }
83};
84
85static struct key_acl nfs_idmap_keyring_acl = {
86 .usage = REFCOUNT_INIT(1),
87 .nr_ace = 2,
88 .aces = {
89 KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_WRITE),
90 KEY_OWNER_ACE(KEY_ACE_VIEW | KEY_ACE_READ),
91 }
92};
93
94static struct user_namespace *idmap_userns(const struct idmap *idmap) 75static struct user_namespace *idmap_userns(const struct idmap *idmap)
95{ 76{
96 if (idmap && idmap->cred) 77 if (idmap && idmap->cred)
@@ -227,7 +208,8 @@ int nfs_idmap_init(void)
227 208
228 keyring = keyring_alloc(".id_resolver", 209 keyring = keyring_alloc(".id_resolver",
229 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred, 210 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred,
230 &nfs_idmap_keyring_acl, 211 (KEY_POS_ALL & ~KEY_POS_SETATTR) |
212 KEY_USR_VIEW | KEY_USR_READ,
231 KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL); 213 KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
232 if (IS_ERR(keyring)) { 214 if (IS_ERR(keyring)) {
233 ret = PTR_ERR(keyring); 215 ret = PTR_ERR(keyring);
@@ -305,13 +287,11 @@ static struct key *nfs_idmap_request_key(const char *name, size_t namelen,
305 return ERR_PTR(ret); 287 return ERR_PTR(ret);
306 288
307 if (!idmap->cred || idmap->cred->user_ns == &init_user_ns) 289 if (!idmap->cred || idmap->cred->user_ns == &init_user_ns)
308 rkey = request_key(&key_type_id_resolver, desc, "", 290 rkey = request_key(&key_type_id_resolver, desc, "");
309 &nfs_idmap_key_acl);
310 if (IS_ERR(rkey)) { 291 if (IS_ERR(rkey)) {
311 mutex_lock(&idmap->idmap_mutex); 292 mutex_lock(&idmap->idmap_mutex);
312 rkey = request_key_with_auxdata(&key_type_id_resolver_legacy, 293 rkey = request_key_with_auxdata(&key_type_id_resolver_legacy,
313 desc, NULL, "", 0, idmap, 294 desc, NULL, "", 0, idmap);
314 &nfs_idmap_key_acl);
315 mutex_unlock(&idmap->idmap_mutex); 295 mutex_unlock(&idmap->idmap_mutex);
316 } 296 }
317 if (!IS_ERR(rkey)) 297 if (!IS_ERR(rkey))
@@ -340,6 +320,8 @@ static ssize_t nfs_idmap_get_key(const char *name, size_t namelen,
340 } 320 }
341 321
342 rcu_read_lock(); 322 rcu_read_lock();
323 rkey->perm |= KEY_USR_VIEW;
324
343 ret = key_validate(rkey); 325 ret = key_validate(rkey);
344 if (ret < 0) 326 if (ret < 0)
345 goto out_up; 327 goto out_up;
diff --git a/fs/ubifs/auth.c b/fs/ubifs/auth.c
index 38718026ad0b..60f43b93d06e 100644
--- a/fs/ubifs/auth.c
+++ b/fs/ubifs/auth.c
@@ -227,7 +227,7 @@ int ubifs_init_authentication(struct ubifs_info *c)
227 snprintf(hmac_name, CRYPTO_MAX_ALG_NAME, "hmac(%s)", 227 snprintf(hmac_name, CRYPTO_MAX_ALG_NAME, "hmac(%s)",
228 c->auth_hash_name); 228 c->auth_hash_name);
229 229
230 keyring_key = request_key(&key_type_logon, c->auth_key_name, NULL, NULL); 230 keyring_key = request_key(&key_type_logon, c->auth_key_name, NULL);
231 231
232 if (IS_ERR(keyring_key)) { 232 if (IS_ERR(keyring_key)) {
233 ubifs_err(c, "Failed to request key: %ld", 233 ubifs_err(c, "Failed to request key: %ld",
diff --git a/include/linux/key.h b/include/linux/key.h
index 6fef6684501f..91f391cd272e 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -27,15 +27,50 @@
27/* key handle serial number */ 27/* key handle serial number */
28typedef int32_t key_serial_t; 28typedef int32_t key_serial_t;
29 29
30/* key handle permissions mask */
31typedef uint32_t key_perm_t;
32
30struct key; 33struct key;
31struct net; 34struct net;
32 35
33#ifdef CONFIG_KEYS 36#ifdef CONFIG_KEYS
34 37
35#include <linux/keyctl.h>
36
37#undef KEY_DEBUGGING 38#undef KEY_DEBUGGING
38 39
40#define KEY_POS_VIEW 0x01000000 /* possessor can view a key's attributes */
41#define KEY_POS_READ 0x02000000 /* possessor can read key payload / view keyring */
42#define KEY_POS_WRITE 0x04000000 /* possessor can update key payload / add link to keyring */
43#define KEY_POS_SEARCH 0x08000000 /* possessor can find a key in search / search a keyring */
44#define KEY_POS_LINK 0x10000000 /* possessor can create a link to a key/keyring */
45#define KEY_POS_SETATTR 0x20000000 /* possessor can set key attributes */
46#define KEY_POS_ALL 0x3f000000
47
48#define KEY_USR_VIEW 0x00010000 /* user permissions... */
49#define KEY_USR_READ 0x00020000
50#define KEY_USR_WRITE 0x00040000
51#define KEY_USR_SEARCH 0x00080000
52#define KEY_USR_LINK 0x00100000
53#define KEY_USR_SETATTR 0x00200000
54#define KEY_USR_ALL 0x003f0000
55
56#define KEY_GRP_VIEW 0x00000100 /* group permissions... */
57#define KEY_GRP_READ 0x00000200
58#define KEY_GRP_WRITE 0x00000400
59#define KEY_GRP_SEARCH 0x00000800
60#define KEY_GRP_LINK 0x00001000
61#define KEY_GRP_SETATTR 0x00002000
62#define KEY_GRP_ALL 0x00003f00
63
64#define KEY_OTH_VIEW 0x00000001 /* third party permissions... */
65#define KEY_OTH_READ 0x00000002
66#define KEY_OTH_WRITE 0x00000004
67#define KEY_OTH_SEARCH 0x00000008
68#define KEY_OTH_LINK 0x00000010
69#define KEY_OTH_SETATTR 0x00000020
70#define KEY_OTH_ALL 0x0000003f
71
72#define KEY_PERM_UNDEF 0xffffffff
73
39struct seq_file; 74struct seq_file;
40struct user_struct; 75struct user_struct;
41struct signal_struct; 76struct signal_struct;
@@ -78,36 +113,6 @@ union key_payload {
78 void *data[4]; 113 void *data[4];
79}; 114};
80 115
81struct key_ace {
82 unsigned int type;
83 unsigned int perm;
84 union {
85 kuid_t uid;
86 kgid_t gid;
87 unsigned int subject_id;
88 };
89};
90
91struct key_acl {
92 refcount_t usage;
93 unsigned short nr_ace;
94 bool possessor_viewable;
95 struct rcu_head rcu;
96 struct key_ace aces[];
97};
98
99#define KEY_POSSESSOR_ACE(perms) { \
100 .type = KEY_ACE_SUBJ_STANDARD, \
101 .perm = perms, \
102 .subject_id = KEY_ACE_POSSESSOR \
103 }
104
105#define KEY_OWNER_ACE(perms) { \
106 .type = KEY_ACE_SUBJ_STANDARD, \
107 .perm = perms, \
108 .subject_id = KEY_ACE_OWNER \
109 }
110
111/*****************************************************************************/ 116/*****************************************************************************/
112/* 117/*
113 * key reference with possession attribute handling 118 * key reference with possession attribute handling
@@ -174,7 +179,6 @@ struct key {
174 struct rw_semaphore sem; /* change vs change sem */ 179 struct rw_semaphore sem; /* change vs change sem */
175 struct key_user *user; /* owner of this key */ 180 struct key_user *user; /* owner of this key */
176 void *security; /* security data for this key */ 181 void *security; /* security data for this key */
177 struct key_acl __rcu *acl;
178 union { 182 union {
179 time64_t expiry; /* time at which key expires (or 0) */ 183 time64_t expiry; /* time at which key expires (or 0) */
180 time64_t revoked_at; /* time at which key was revoked */ 184 time64_t revoked_at; /* time at which key was revoked */
@@ -182,6 +186,7 @@ struct key {
182 time64_t last_used_at; /* last time used for LRU keyring discard */ 186 time64_t last_used_at; /* last time used for LRU keyring discard */
183 kuid_t uid; 187 kuid_t uid;
184 kgid_t gid; 188 kgid_t gid;
189 key_perm_t perm; /* access permissions */
185 unsigned short quotalen; /* length added to quota */ 190 unsigned short quotalen; /* length added to quota */
186 unsigned short datalen; /* payload data length 191 unsigned short datalen; /* payload data length
187 * - may not match RCU dereferenced payload 192 * - may not match RCU dereferenced payload
@@ -205,7 +210,6 @@ struct key {
205#define KEY_FLAG_ROOT_CAN_INVAL 7 /* set if key can be invalidated by root without permission */ 210#define KEY_FLAG_ROOT_CAN_INVAL 7 /* set if key can be invalidated by root without permission */
206#define KEY_FLAG_KEEP 8 /* set if key should not be removed */ 211#define KEY_FLAG_KEEP 8 /* set if key should not be removed */
207#define KEY_FLAG_UID_KEYRING 9 /* set if key is a user or user session keyring */ 212#define KEY_FLAG_UID_KEYRING 9 /* set if key is a user or user session keyring */
208#define KEY_FLAG_HAS_ACL 10 /* Set if KEYCTL_SETACL called on key */
209 213
210 /* the key type and key description string 214 /* the key type and key description string
211 * - the desc is used to match a key against search criteria 215 * - the desc is used to match a key against search criteria
@@ -254,7 +258,7 @@ extern struct key *key_alloc(struct key_type *type,
254 const char *desc, 258 const char *desc,
255 kuid_t uid, kgid_t gid, 259 kuid_t uid, kgid_t gid,
256 const struct cred *cred, 260 const struct cred *cred,
257 struct key_acl *acl, 261 key_perm_t perm,
258 unsigned long flags, 262 unsigned long flags,
259 struct key_restriction *restrict_link); 263 struct key_restriction *restrict_link);
260 264
@@ -291,8 +295,7 @@ static inline void key_ref_put(key_ref_t key_ref)
291extern struct key *request_key_tag(struct key_type *type, 295extern struct key *request_key_tag(struct key_type *type,
292 const char *description, 296 const char *description,
293 struct key_tag *domain_tag, 297 struct key_tag *domain_tag,
294 const char *callout_info, 298 const char *callout_info);
295 struct key_acl *acl);
296 299
297extern struct key *request_key_rcu(struct key_type *type, 300extern struct key *request_key_rcu(struct key_type *type,
298 const char *description, 301 const char *description,
@@ -303,24 +306,21 @@ extern struct key *request_key_with_auxdata(struct key_type *type,
303 struct key_tag *domain_tag, 306 struct key_tag *domain_tag,
304 const void *callout_info, 307 const void *callout_info,
305 size_t callout_len, 308 size_t callout_len,
306 void *aux, 309 void *aux);
307 struct key_acl *acl);
308 310
309/** 311/**
310 * request_key - Request a key and wait for construction 312 * request_key - Request a key and wait for construction
311 * @type: Type of key. 313 * @type: Type of key.
312 * @description: The searchable description of the key. 314 * @description: The searchable description of the key.
313 * @callout_info: The data to pass to the instantiation upcall (or NULL). 315 * @callout_info: The data to pass to the instantiation upcall (or NULL).
314 * @acl: The ACL to attach to a new key (or NULL).
315 * 316 *
316 * As for request_key_tag(), but with the default global domain tag. 317 * As for request_key_tag(), but with the default global domain tag.
317 */ 318 */
318static inline struct key *request_key(struct key_type *type, 319static inline struct key *request_key(struct key_type *type,
319 const char *description, 320 const char *description,
320 const char *callout_info, 321 const char *callout_info)
321 struct key_acl *acl)
322{ 322{
323 return request_key_tag(type, description, NULL, callout_info, acl); 323 return request_key_tag(type, description, NULL, callout_info);
324} 324}
325 325
326#ifdef CONFIG_NET 326#ifdef CONFIG_NET
@@ -330,7 +330,6 @@ static inline struct key *request_key(struct key_type *type,
330 * @description: The searchable description of the key. 330 * @description: The searchable description of the key.
331 * @net: The network namespace that is the key's domain of operation. 331 * @net: The network namespace that is the key's domain of operation.
332 * @callout_info: The data to pass to the instantiation upcall (or NULL). 332 * @callout_info: The data to pass to the instantiation upcall (or NULL).
333 * @acl: The ACL to attach to a new key (or NULL).
334 * 333 *
335 * As for request_key() except that it does not add the returned key to a 334 * As for request_key() except that it does not add the returned key to a
336 * keyring if found, new keys are always allocated in the user's quota, the 335 * keyring if found, new keys are always allocated in the user's quota, the
@@ -340,8 +339,8 @@ static inline struct key *request_key(struct key_type *type,
340 * Furthermore, it then works as wait_for_key_construction() to wait for the 339 * Furthermore, it then works as wait_for_key_construction() to wait for the
341 * completion of keys undergoing construction with a non-interruptible wait. 340 * completion of keys undergoing construction with a non-interruptible wait.
342 */ 341 */
343#define request_key_net(type, description, net, callout_info, acl) \ 342#define request_key_net(type, description, net, callout_info) \
344 request_key_tag(type, description, net->key_domain, callout_info, acl); 343 request_key_tag(type, description, net->key_domain, callout_info);
345#endif /* CONFIG_NET */ 344#endif /* CONFIG_NET */
346 345
347extern int wait_for_key_construction(struct key *key, bool intr); 346extern int wait_for_key_construction(struct key *key, bool intr);
@@ -353,7 +352,7 @@ extern key_ref_t key_create_or_update(key_ref_t keyring,
353 const char *description, 352 const char *description,
354 const void *payload, 353 const void *payload,
355 size_t plen, 354 size_t plen,
356 struct key_acl *acl, 355 key_perm_t perm,
357 unsigned long flags); 356 unsigned long flags);
358 357
359extern int key_update(key_ref_t key, 358extern int key_update(key_ref_t key,
@@ -373,7 +372,7 @@ extern int key_unlink(struct key *keyring,
373 372
374extern struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid, 373extern struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid,
375 const struct cred *cred, 374 const struct cred *cred,
376 struct key_acl *acl, 375 key_perm_t perm,
377 unsigned long flags, 376 unsigned long flags,
378 struct key_restriction *restrict_link, 377 struct key_restriction *restrict_link,
379 struct key *dest); 378 struct key *dest);
@@ -406,29 +405,19 @@ static inline key_serial_t key_serial(const struct key *key)
406extern void key_set_timeout(struct key *, unsigned); 405extern void key_set_timeout(struct key *, unsigned);
407 406
408extern key_ref_t lookup_user_key(key_serial_t id, unsigned long flags, 407extern key_ref_t lookup_user_key(key_serial_t id, unsigned long flags,
409 u32 desired_perm); 408 key_perm_t perm);
410extern void key_free_user_ns(struct user_namespace *); 409extern void key_free_user_ns(struct user_namespace *);
411 410
412/* 411/*
413 * The permissions required on a key that we're looking up. 412 * The permissions required on a key that we're looking up.
414 */ 413 */
415#define KEY_NEED_VIEW 0x001 /* Require permission to view attributes */ 414#define KEY_NEED_VIEW 0x01 /* Require permission to view attributes */
416#define KEY_NEED_READ 0x002 /* Require permission to read content */ 415#define KEY_NEED_READ 0x02 /* Require permission to read content */
417#define KEY_NEED_WRITE 0x004 /* Require permission to update / modify */ 416#define KEY_NEED_WRITE 0x04 /* Require permission to update / modify */
418#define KEY_NEED_SEARCH 0x008 /* Require permission to search (keyring) or find (key) */ 417#define KEY_NEED_SEARCH 0x08 /* Require permission to search (keyring) or find (key) */
419#define KEY_NEED_LINK 0x010 /* Require permission to link */ 418#define KEY_NEED_LINK 0x10 /* Require permission to link */
420#define KEY_NEED_SETSEC 0x020 /* Require permission to set owner, group, ACL */ 419#define KEY_NEED_SETATTR 0x20 /* Require permission to change attributes */
421#define KEY_NEED_INVAL 0x040 /* Require permission to invalidate key */ 420#define KEY_NEED_ALL 0x3f /* All the above permissions */
422#define KEY_NEED_REVOKE 0x080 /* Require permission to revoke key */
423#define KEY_NEED_JOIN 0x100 /* Require permission to join keyring as session */
424#define KEY_NEED_CLEAR 0x200 /* Require permission to clear a keyring */
425#define KEY_NEED_ALL 0x3ff
426
427#define OLD_KEY_NEED_SETATTR 0x20 /* Used to be Require permission to change attributes */
428
429extern struct key_acl internal_key_acl;
430extern struct key_acl internal_keyring_acl;
431extern struct key_acl internal_writable_keyring_acl;
432 421
433static inline short key_read_state(const struct key *key) 422static inline short key_read_state(const struct key *key)
434{ 423{
diff --git a/include/uapi/linux/keyctl.h b/include/uapi/linux/keyctl.h
index 1f7a4e737214..ed3d5893830d 100644
--- a/include/uapi/linux/keyctl.h
+++ b/include/uapi/linux/keyctl.h
@@ -15,69 +15,6 @@
15 15
16#include <linux/types.h> 16#include <linux/types.h>
17 17
18/*
19 * Keyring permission grant definitions
20 */
21enum key_ace_subject_type {
22 KEY_ACE_SUBJ_STANDARD = 0, /* subject is one of key_ace_standard_subject */
23 nr__key_ace_subject_type
24};
25
26enum key_ace_standard_subject {
27 KEY_ACE_EVERYONE = 0, /* Everyone, including owner and group */
28 KEY_ACE_GROUP = 1, /* The key's group */
29 KEY_ACE_OWNER = 2, /* The owner of the key */
30 KEY_ACE_POSSESSOR = 3, /* Any process that possesses of the key */
31 nr__key_ace_standard_subject
32};
33
34#define KEY_ACE_VIEW 0x00000001 /* Can describe the key */
35#define KEY_ACE_READ 0x00000002 /* Can read the key content */
36#define KEY_ACE_WRITE 0x00000004 /* Can update/modify the key content */
37#define KEY_ACE_SEARCH 0x00000008 /* Can find the key by search */
38#define KEY_ACE_LINK 0x00000010 /* Can make a link to the key */
39#define KEY_ACE_SET_SECURITY 0x00000020 /* Can set owner, group, ACL */
40#define KEY_ACE_INVAL 0x00000040 /* Can invalidate the key */
41#define KEY_ACE_REVOKE 0x00000080 /* Can revoke the key */
42#define KEY_ACE_JOIN 0x00000100 /* Can join keyring */
43#define KEY_ACE_CLEAR 0x00000200 /* Can clear keyring */
44#define KEY_ACE__PERMS 0xffffffff
45
46/*
47 * Old-style permissions mask, deprecated in favour of ACL.
48 */
49#define KEY_POS_VIEW 0x01000000 /* possessor can view a key's attributes */
50#define KEY_POS_READ 0x02000000 /* possessor can read key payload / view keyring */
51#define KEY_POS_WRITE 0x04000000 /* possessor can update key payload / add link to keyring */
52#define KEY_POS_SEARCH 0x08000000 /* possessor can find a key in search / search a keyring */
53#define KEY_POS_LINK 0x10000000 /* possessor can create a link to a key/keyring */
54#define KEY_POS_SETATTR 0x20000000 /* possessor can set key attributes */
55#define KEY_POS_ALL 0x3f000000
56
57#define KEY_USR_VIEW 0x00010000 /* user permissions... */
58#define KEY_USR_READ 0x00020000
59#define KEY_USR_WRITE 0x00040000
60#define KEY_USR_SEARCH 0x00080000
61#define KEY_USR_LINK 0x00100000
62#define KEY_USR_SETATTR 0x00200000
63#define KEY_USR_ALL 0x003f0000
64
65#define KEY_GRP_VIEW 0x00000100 /* group permissions... */
66#define KEY_GRP_READ 0x00000200
67#define KEY_GRP_WRITE 0x00000400
68#define KEY_GRP_SEARCH 0x00000800
69#define KEY_GRP_LINK 0x00001000
70#define KEY_GRP_SETATTR 0x00002000
71#define KEY_GRP_ALL 0x00003f00
72
73#define KEY_OTH_VIEW 0x00000001 /* third party permissions... */
74#define KEY_OTH_READ 0x00000002
75#define KEY_OTH_WRITE 0x00000004
76#define KEY_OTH_SEARCH 0x00000008
77#define KEY_OTH_LINK 0x00000010
78#define KEY_OTH_SETATTR 0x00000020
79#define KEY_OTH_ALL 0x0000003f
80
81/* special process keyring shortcut IDs */ 18/* special process keyring shortcut IDs */
82#define KEY_SPEC_THREAD_KEYRING -1 /* - key ID for thread-specific keyring */ 19#define KEY_SPEC_THREAD_KEYRING -1 /* - key ID for thread-specific keyring */
83#define KEY_SPEC_PROCESS_KEYRING -2 /* - key ID for process-specific keyring */ 20#define KEY_SPEC_PROCESS_KEYRING -2 /* - key ID for process-specific keyring */
@@ -132,7 +69,6 @@ enum key_ace_standard_subject {
132#define KEYCTL_RESTRICT_KEYRING 29 /* Restrict keys allowed to link to a keyring */ 69#define KEYCTL_RESTRICT_KEYRING 29 /* Restrict keys allowed to link to a keyring */
133#define KEYCTL_MOVE 30 /* Move keys between keyrings */ 70#define KEYCTL_MOVE 30 /* Move keys between keyrings */
134#define KEYCTL_CAPABILITIES 31 /* Find capabilities of keyrings subsystem */ 71#define KEYCTL_CAPABILITIES 31 /* Find capabilities of keyrings subsystem */
135#define KEYCTL_GRANT_PERMISSION 32 /* Grant a permit to a key */
136 72
137/* keyctl structures */ 73/* keyctl structures */
138struct keyctl_dh_params { 74struct keyctl_dh_params {
@@ -194,6 +130,5 @@ struct keyctl_pkey_params {
194#define KEYCTL_CAPS0_MOVE 0x80 /* KEYCTL_MOVE supported */ 130#define KEYCTL_CAPS0_MOVE 0x80 /* KEYCTL_MOVE supported */
195#define KEYCTL_CAPS1_NS_KEYRING_NAME 0x01 /* Keyring names are per-user_namespace */ 131#define KEYCTL_CAPS1_NS_KEYRING_NAME 0x01 /* Keyring names are per-user_namespace */
196#define KEYCTL_CAPS1_NS_KEY_TAG 0x02 /* Key indexing can include a namespace tag */ 132#define KEYCTL_CAPS1_NS_KEY_TAG 0x02 /* Key indexing can include a namespace tag */
197#define KEYCTL_CAPS1_ACL_ALTERABLE 0x04 /* Keys have internal ACL that can be altered */
198 133
199#endif /* _LINUX_KEYCTL_H */ 134#endif /* _LINUX_KEYCTL_H */
diff --git a/lib/digsig.c b/lib/digsig.c
index ab0800f98eaf..e0627c3e53b2 100644
--- a/lib/digsig.c
+++ b/lib/digsig.c
@@ -224,7 +224,7 @@ int digsig_verify(struct key *keyring, const char *sig, int siglen,
224 else 224 else
225 key = key_ref_to_ptr(kref); 225 key = key_ref_to_ptr(kref);
226 } else { 226 } else {
227 key = request_key(&key_type_user, name, NULL, NULL); 227 key = request_key(&key_type_user, name, NULL);
228 } 228 }
229 if (IS_ERR(key)) { 229 if (IS_ERR(key)) {
230 pr_err("key not found, id: %s\n", name); 230 pr_err("key not found, id: %s\n", name);
diff --git a/net/ceph/ceph_common.c b/net/ceph/ceph_common.c
index 38de80d01aae..1c811c74bfc0 100644
--- a/net/ceph/ceph_common.c
+++ b/net/ceph/ceph_common.c
@@ -306,7 +306,7 @@ static int get_secret(struct ceph_crypto_key *dst, const char *name) {
306 int err = 0; 306 int err = 0;
307 struct ceph_crypto_key *ckey; 307 struct ceph_crypto_key *ckey;
308 308
309 ukey = request_key(&key_type_ceph, name, NULL, NULL); 309 ukey = request_key(&key_type_ceph, name, NULL);
310 if (IS_ERR(ukey)) { 310 if (IS_ERR(ukey)) {
311 /* request_key errors don't map nicely to mount(2) 311 /* request_key errors don't map nicely to mount(2)
312 errors; don't even try, but still printk */ 312 errors; don't even try, but still printk */
diff --git a/net/dns_resolver/dns_key.c b/net/dns_resolver/dns_key.c
index 6b201531b165..3e1a90669006 100644
--- a/net/dns_resolver/dns_key.c
+++ b/net/dns_resolver/dns_key.c
@@ -46,15 +46,6 @@ const struct cred *dns_resolver_cache;
46 46
47#define DNS_ERRORNO_OPTION "dnserror" 47#define DNS_ERRORNO_OPTION "dnserror"
48 48
49static struct key_acl dns_keyring_acl = {
50 .usage = REFCOUNT_INIT(1),
51 .nr_ace = 2,
52 .aces = {
53 KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_WRITE),
54 KEY_OWNER_ACE(KEY_ACE_VIEW | KEY_ACE_READ | KEY_ACE_CLEAR),
55 }
56};
57
58/* 49/*
59 * Preparse instantiation data for a dns_resolver key. 50 * Preparse instantiation data for a dns_resolver key.
60 * 51 *
@@ -352,7 +343,8 @@ static int __init init_dns_resolver(void)
352 343
353 keyring = keyring_alloc(".dns_resolver", 344 keyring = keyring_alloc(".dns_resolver",
354 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred, 345 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred,
355 &dns_keyring_acl, 346 (KEY_POS_ALL & ~KEY_POS_SETATTR) |
347 KEY_USR_VIEW | KEY_USR_READ,
356 KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL); 348 KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
357 if (IS_ERR(keyring)) { 349 if (IS_ERR(keyring)) {
358 ret = PTR_ERR(keyring); 350 ret = PTR_ERR(keyring);
diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c
index 236baf2bfa4c..cab4e0df924f 100644
--- a/net/dns_resolver/dns_query.c
+++ b/net/dns_resolver/dns_query.c
@@ -47,16 +47,6 @@
47 47
48#include "internal.h" 48#include "internal.h"
49 49
50static struct key_acl dns_key_acl = {
51 .usage = REFCOUNT_INIT(1),
52 .nr_ace = 2,
53 .possessor_viewable = true,
54 .aces = {
55 KEY_POSSESSOR_ACE(KEY_ACE_VIEW | KEY_ACE_SEARCH | KEY_ACE_READ),
56 KEY_OWNER_ACE(KEY_ACE_VIEW | KEY_ACE_INVAL),
57 }
58};
59
60/** 50/**
61 * dns_query - Query the DNS 51 * dns_query - Query the DNS
62 * @net: The network namespace to operate in. 52 * @net: The network namespace to operate in.
@@ -135,8 +125,7 @@ int dns_query(struct net *net,
135 * add_key() to preinstall malicious redirections 125 * add_key() to preinstall malicious redirections
136 */ 126 */
137 saved_cred = override_creds(dns_resolver_cache); 127 saved_cred = override_creds(dns_resolver_cache);
138 rkey = request_key_net(&key_type_dns_resolver, desc, net, options, 128 rkey = request_key_net(&key_type_dns_resolver, desc, net, options);
139 &dns_key_acl);
140 revert_creds(saved_cred); 129 revert_creds(saved_cred);
141 kfree(desc); 130 kfree(desc);
142 if (IS_ERR(rkey)) { 131 if (IS_ERR(rkey)) {
@@ -146,6 +135,8 @@ int dns_query(struct net *net,
146 135
147 down_read(&rkey->sem); 136 down_read(&rkey->sem);
148 set_bit(KEY_FLAG_ROOT_CAN_INVAL, &rkey->flags); 137 set_bit(KEY_FLAG_ROOT_CAN_INVAL, &rkey->flags);
138 rkey->perm |= KEY_USR_VIEW;
139
149 ret = key_validate(rkey); 140 ret = key_validate(rkey);
150 if (ret < 0) 141 if (ret < 0)
151 goto put; 142 goto put;
diff --git a/net/rxrpc/key.c b/net/rxrpc/key.c
index 2032f6a8225e..6c3f35fac42d 100644
--- a/net/rxrpc/key.c
+++ b/net/rxrpc/key.c
@@ -23,14 +23,6 @@
23#include <keys/user-type.h> 23#include <keys/user-type.h>
24#include "ar-internal.h" 24#include "ar-internal.h"
25 25
26static struct key_acl rxrpc_null_key_acl = {
27 .usage = REFCOUNT_INIT(1),
28 .nr_ace = 1,
29 .aces = {
30 KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_READ),
31 }
32};
33
34static int rxrpc_vet_description_s(const char *); 26static int rxrpc_vet_description_s(const char *);
35static int rxrpc_preparse(struct key_preparsed_payload *); 27static int rxrpc_preparse(struct key_preparsed_payload *);
36static int rxrpc_preparse_s(struct key_preparsed_payload *); 28static int rxrpc_preparse_s(struct key_preparsed_payload *);
@@ -918,8 +910,7 @@ int rxrpc_request_key(struct rxrpc_sock *rx, char __user *optval, int optlen)
918 if (IS_ERR(description)) 910 if (IS_ERR(description))
919 return PTR_ERR(description); 911 return PTR_ERR(description);
920 912
921 key = request_key_net(&key_type_rxrpc, description, sock_net(&rx->sk), 913 key = request_key_net(&key_type_rxrpc, description, sock_net(&rx->sk), NULL);
922 NULL, NULL);
923 if (IS_ERR(key)) { 914 if (IS_ERR(key)) {
924 kfree(description); 915 kfree(description);
925 _leave(" = %ld", PTR_ERR(key)); 916 _leave(" = %ld", PTR_ERR(key));
@@ -950,8 +941,7 @@ int rxrpc_server_keyring(struct rxrpc_sock *rx, char __user *optval,
950 if (IS_ERR(description)) 941 if (IS_ERR(description))
951 return PTR_ERR(description); 942 return PTR_ERR(description);
952 943
953 key = request_key_net(&key_type_keyring, description, sock_net(&rx->sk), 944 key = request_key_net(&key_type_keyring, description, sock_net(&rx->sk), NULL);
954 NULL, NULL);
955 if (IS_ERR(key)) { 945 if (IS_ERR(key)) {
956 kfree(description); 946 kfree(description);
957 _leave(" = %ld", PTR_ERR(key)); 947 _leave(" = %ld", PTR_ERR(key));
@@ -984,8 +974,7 @@ int rxrpc_get_server_data_key(struct rxrpc_connection *conn,
984 _enter(""); 974 _enter("");
985 975
986 key = key_alloc(&key_type_rxrpc, "x", 976 key = key_alloc(&key_type_rxrpc, "x",
987 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred, 977 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred, 0,
988 &internal_key_acl,
989 KEY_ALLOC_NOT_IN_QUOTA, NULL); 978 KEY_ALLOC_NOT_IN_QUOTA, NULL);
990 if (IS_ERR(key)) { 979 if (IS_ERR(key)) {
991 _leave(" = -ENOMEM [alloc %ld]", PTR_ERR(key)); 980 _leave(" = -ENOMEM [alloc %ld]", PTR_ERR(key));
@@ -1033,7 +1022,7 @@ struct key *rxrpc_get_null_key(const char *keyname)
1033 1022
1034 key = key_alloc(&key_type_rxrpc, keyname, 1023 key = key_alloc(&key_type_rxrpc, keyname,
1035 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred, 1024 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred,
1036 &rxrpc_null_key_acl, KEY_ALLOC_NOT_IN_QUOTA, NULL); 1025 KEY_POS_SEARCH, KEY_ALLOC_NOT_IN_QUOTA, NULL);
1037 if (IS_ERR(key)) 1026 if (IS_ERR(key))
1038 return key; 1027 return key;
1039 1028
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index 298fe91557f7..4831ad745f91 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -741,7 +741,8 @@ static void __init load_keys_from_buffer(const u8 *p, unsigned int buflen)
741 741
742 key = key_create_or_update(make_key_ref(builtin_regdb_keys, 1), 742 key = key_create_or_update(make_key_ref(builtin_regdb_keys, 1),
743 "asymmetric", NULL, p, plen, 743 "asymmetric", NULL, p, plen,
744 &internal_key_acl, 744 ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
745 KEY_USR_VIEW | KEY_USR_READ),
745 KEY_ALLOC_NOT_IN_QUOTA | 746 KEY_ALLOC_NOT_IN_QUOTA |
746 KEY_ALLOC_BUILT_IN | 747 KEY_ALLOC_BUILT_IN |
747 KEY_ALLOC_BYPASS_RESTRICTION); 748 KEY_ALLOC_BYPASS_RESTRICTION);
@@ -767,7 +768,8 @@ static int __init load_builtin_regdb_keys(void)
767 builtin_regdb_keys = 768 builtin_regdb_keys =
768 keyring_alloc(".builtin_regdb_keys", 769 keyring_alloc(".builtin_regdb_keys",
769 KUIDT_INIT(0), KGIDT_INIT(0), current_cred(), 770 KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
770 &internal_keyring_acl, 771 ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
772 KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH),
771 KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL); 773 KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
772 if (IS_ERR(builtin_regdb_keys)) 774 if (IS_ERR(builtin_regdb_keys))
773 return PTR_ERR(builtin_regdb_keys); 775 return PTR_ERR(builtin_regdb_keys);
diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
index f9f3c8ffe786..868ade3e8970 100644
--- a/security/integrity/digsig.c
+++ b/security/integrity/digsig.c
@@ -47,8 +47,7 @@ int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
47 47
48 if (!keyring[id]) { 48 if (!keyring[id]) {
49 keyring[id] = 49 keyring[id] =
50 request_key(&key_type_keyring, keyring_name[id], 50 request_key(&key_type_keyring, keyring_name[id], NULL);
51 NULL, NULL);
52 if (IS_ERR(keyring[id])) { 51 if (IS_ERR(keyring[id])) {
53 int err = PTR_ERR(keyring[id]); 52 int err = PTR_ERR(keyring[id]);
54 pr_err("no %s keyring: %d\n", keyring_name[id], err); 53 pr_err("no %s keyring: %d\n", keyring_name[id], err);
@@ -71,14 +70,14 @@ int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
71} 70}
72 71
73static int __init __integrity_init_keyring(const unsigned int id, 72static int __init __integrity_init_keyring(const unsigned int id,
74 struct key_acl *acl, 73 key_perm_t perm,
75 struct key_restriction *restriction) 74 struct key_restriction *restriction)
76{ 75{
77 const struct cred *cred = current_cred(); 76 const struct cred *cred = current_cred();
78 int err = 0; 77 int err = 0;
79 78
80 keyring[id] = keyring_alloc(keyring_name[id], KUIDT_INIT(0), 79 keyring[id] = keyring_alloc(keyring_name[id], KUIDT_INIT(0),
81 KGIDT_INIT(0), cred, acl, 80 KGIDT_INIT(0), cred, perm,
82 KEY_ALLOC_NOT_IN_QUOTA, restriction, NULL); 81 KEY_ALLOC_NOT_IN_QUOTA, restriction, NULL);
83 if (IS_ERR(keyring[id])) { 82 if (IS_ERR(keyring[id])) {
84 err = PTR_ERR(keyring[id]); 83 err = PTR_ERR(keyring[id]);
@@ -96,7 +95,10 @@ static int __init __integrity_init_keyring(const unsigned int id,
96int __init integrity_init_keyring(const unsigned int id) 95int __init integrity_init_keyring(const unsigned int id)
97{ 96{
98 struct key_restriction *restriction; 97 struct key_restriction *restriction;
99 struct key_acl *acl = &internal_keyring_acl; 98 key_perm_t perm;
99
100 perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW
101 | KEY_USR_READ | KEY_USR_SEARCH;
100 102
101 if (id == INTEGRITY_KEYRING_PLATFORM) { 103 if (id == INTEGRITY_KEYRING_PLATFORM) {
102 restriction = NULL; 104 restriction = NULL;
@@ -111,14 +113,14 @@ int __init integrity_init_keyring(const unsigned int id)
111 return -ENOMEM; 113 return -ENOMEM;
112 114
113 restriction->check = restrict_link_to_ima; 115 restriction->check = restrict_link_to_ima;
114 acl = &internal_writable_keyring_acl; 116 perm |= KEY_USR_WRITE;
115 117
116out: 118out:
117 return __integrity_init_keyring(id, acl, restriction); 119 return __integrity_init_keyring(id, perm, restriction);
118} 120}
119 121
120static int __init integrity_add_key(const unsigned int id, const void *data, 122int __init integrity_add_key(const unsigned int id, const void *data,
121 off_t size, struct key_acl *acl) 123 off_t size, key_perm_t perm)
122{ 124{
123 key_ref_t key; 125 key_ref_t key;
124 int rc = 0; 126 int rc = 0;
@@ -127,7 +129,7 @@ static int __init integrity_add_key(const unsigned int id, const void *data,
127 return -EINVAL; 129 return -EINVAL;
128 130
129 key = key_create_or_update(make_key_ref(keyring[id], 1), "asymmetric", 131 key = key_create_or_update(make_key_ref(keyring[id], 1), "asymmetric",
130 NULL, data, size, acl ?: &internal_key_acl, 132 NULL, data, size, perm,
131 KEY_ALLOC_NOT_IN_QUOTA); 133 KEY_ALLOC_NOT_IN_QUOTA);
132 if (IS_ERR(key)) { 134 if (IS_ERR(key)) {
133 rc = PTR_ERR(key); 135 rc = PTR_ERR(key);
@@ -147,6 +149,7 @@ int __init integrity_load_x509(const unsigned int id, const char *path)
147 void *data; 149 void *data;
148 loff_t size; 150 loff_t size;
149 int rc; 151 int rc;
152 key_perm_t perm;
150 153
151 rc = kernel_read_file_from_path(path, &data, &size, 0, 154 rc = kernel_read_file_from_path(path, &data, &size, 0,
152 READING_X509_CERTIFICATE); 155 READING_X509_CERTIFICATE);
@@ -155,19 +158,21 @@ int __init integrity_load_x509(const unsigned int id, const char *path)
155 return rc; 158 return rc;
156 } 159 }
157 160
161 perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW | KEY_USR_READ;
162
158 pr_info("Loading X.509 certificate: %s\n", path); 163 pr_info("Loading X.509 certificate: %s\n", path);
159 rc = integrity_add_key(id, data, size, NULL); 164 rc = integrity_add_key(id, (const void *)data, size, perm);
160 165
161 vfree(data); 166 vfree(data);
162 return rc; 167 return rc;
163} 168}
164 169
165int __init integrity_load_cert(const unsigned int id, const char *source, 170int __init integrity_load_cert(const unsigned int id, const char *source,
166 const void *data, size_t len, struct key_acl *acl) 171 const void *data, size_t len, key_perm_t perm)
167{ 172{
168 if (!data) 173 if (!data)
169 return -EINVAL; 174 return -EINVAL;
170 175
171 pr_info("Loading X.509 certificate: %s\n", source); 176 pr_info("Loading X.509 certificate: %s\n", source);
172 return integrity_add_key(id, data, len, acl); 177 return integrity_add_key(id, data, len, perm);
173} 178}
diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c
index a29df775fdd8..55aec161d0e1 100644
--- a/security/integrity/digsig_asymmetric.c
+++ b/security/integrity/digsig_asymmetric.c
@@ -53,7 +53,7 @@ static struct key *request_asymmetric_key(struct key *keyring, uint32_t keyid)
53 else 53 else
54 key = key_ref_to_ptr(kref); 54 key = key_ref_to_ptr(kref);
55 } else { 55 } else {
56 key = request_key(&key_type_asymmetric, name, NULL, NULL); 56 key = request_key(&key_type_asymmetric, name, NULL);
57 } 57 }
58 58
59 if (IS_ERR(key)) { 59 if (IS_ERR(key)) {
diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
index 466eebd3b4aa..d485f6fc908e 100644
--- a/security/integrity/evm/evm_crypto.c
+++ b/security/integrity/evm/evm_crypto.c
@@ -356,7 +356,7 @@ int evm_init_key(void)
356 struct encrypted_key_payload *ekp; 356 struct encrypted_key_payload *ekp;
357 int rc; 357 int rc;
358 358
359 evm_key = request_key(&key_type_encrypted, EVMKEY, NULL, NULL); 359 evm_key = request_key(&key_type_encrypted, EVMKEY, NULL);
360 if (IS_ERR(evm_key)) 360 if (IS_ERR(evm_key))
361 return -ENOENT; 361 return -ENOENT;
362 362
diff --git a/security/integrity/ima/ima_mok.c b/security/integrity/ima/ima_mok.c
index b52ae1476ec3..36cadadbfba4 100644
--- a/security/integrity/ima/ima_mok.c
+++ b/security/integrity/ima/ima_mok.c
@@ -16,15 +16,6 @@
16#include <keys/system_keyring.h> 16#include <keys/system_keyring.h>
17 17
18 18
19static struct key_acl integrity_blacklist_keyring_acl = {
20 .usage = REFCOUNT_INIT(1),
21 .nr_ace = 2,
22 .aces = {
23 KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_WRITE),
24 KEY_OWNER_ACE(KEY_ACE_VIEW | KEY_ACE_READ | KEY_ACE_WRITE | KEY_ACE_SEARCH),
25 }
26};
27
28struct key *ima_blacklist_keyring; 19struct key *ima_blacklist_keyring;
29 20
30/* 21/*
@@ -44,7 +35,9 @@ __init int ima_mok_init(void)
44 35
45 ima_blacklist_keyring = keyring_alloc(".ima_blacklist", 36 ima_blacklist_keyring = keyring_alloc(".ima_blacklist",
46 KUIDT_INIT(0), KGIDT_INIT(0), current_cred(), 37 KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
47 &integrity_blacklist_keyring_acl, 38 (KEY_POS_ALL & ~KEY_POS_SETATTR) |
39 KEY_USR_VIEW | KEY_USR_READ |
40 KEY_USR_WRITE | KEY_USR_SEARCH,
48 KEY_ALLOC_NOT_IN_QUOTA, 41 KEY_ALLOC_NOT_IN_QUOTA,
49 restriction, NULL); 42 restriction, NULL);
50 43
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index 875c6a7a5af1..ed12d8e13d04 100644
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h
@@ -12,8 +12,6 @@
12#include <linux/key.h> 12#include <linux/key.h>
13#include <linux/audit.h> 13#include <linux/audit.h>
14 14
15struct key_acl;
16
17/* iint action cache flags */ 15/* iint action cache flags */
18#define IMA_MEASURE 0x00000001 16#define IMA_MEASURE 0x00000001
19#define IMA_MEASURED 0x00000002 17#define IMA_MEASURED 0x00000002
@@ -157,7 +155,7 @@ int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
157int __init integrity_init_keyring(const unsigned int id); 155int __init integrity_init_keyring(const unsigned int id);
158int __init integrity_load_x509(const unsigned int id, const char *path); 156int __init integrity_load_x509(const unsigned int id, const char *path);
159int __init integrity_load_cert(const unsigned int id, const char *source, 157int __init integrity_load_cert(const unsigned int id, const char *source,
160 const void *data, size_t len, struct key_acl *acl); 158 const void *data, size_t len, key_perm_t perm);
161#else 159#else
162 160
163static inline int integrity_digsig_verify(const unsigned int id, 161static inline int integrity_digsig_verify(const unsigned int id,
@@ -175,7 +173,7 @@ static inline int integrity_init_keyring(const unsigned int id)
175static inline int __init integrity_load_cert(const unsigned int id, 173static inline int __init integrity_load_cert(const unsigned int id,
176 const char *source, 174 const char *source,
177 const void *data, size_t len, 175 const void *data, size_t len,
178 struct key_acl *acl) 176 key_perm_t perm)
179{ 177{
180 return 0; 178 return 0;
181} 179}
diff --git a/security/integrity/platform_certs/platform_keyring.c b/security/integrity/platform_certs/platform_keyring.c
index 7646e35f2d91..bcafd7387729 100644
--- a/security/integrity/platform_certs/platform_keyring.c
+++ b/security/integrity/platform_certs/platform_keyring.c
@@ -14,15 +14,6 @@
14#include <linux/slab.h> 14#include <linux/slab.h>
15#include "../integrity.h" 15#include "../integrity.h"
16 16
17static struct key_acl platform_key_acl = {
18 .usage = REFCOUNT_INIT(1),
19 .nr_ace = 2,
20 .aces = {
21 KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_READ),
22 KEY_OWNER_ACE(KEY_ACE_VIEW),
23 }
24};
25
26/** 17/**
27 * add_to_platform_keyring - Add to platform keyring without validation. 18 * add_to_platform_keyring - Add to platform keyring without validation.
28 * @source: Source of key 19 * @source: Source of key
@@ -35,10 +26,13 @@ static struct key_acl platform_key_acl = {
35void __init add_to_platform_keyring(const char *source, const void *data, 26void __init add_to_platform_keyring(const char *source, const void *data,
36 size_t len) 27 size_t len)
37{ 28{
29 key_perm_t perm;
38 int rc; 30 int rc;
39 31
32 perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW;
33
40 rc = integrity_load_cert(INTEGRITY_KEYRING_PLATFORM, source, data, len, 34 rc = integrity_load_cert(INTEGRITY_KEYRING_PLATFORM, source, data, len,
41 &platform_key_acl); 35 perm);
42 if (rc) 36 if (rc)
43 pr_info("Error adding keys to platform keyring %s\n", source); 37 pr_info("Error adding keys to platform keyring %s\n", source);
44} 38}
diff --git a/security/keys/compat.c b/security/keys/compat.c
index b0e59546e7bd..9bcc404131aa 100644
--- a/security/keys/compat.c
+++ b/security/keys/compat.c
@@ -157,8 +157,6 @@ COMPAT_SYSCALL_DEFINE5(keyctl, u32, option,
157 157
158 case KEYCTL_MOVE: 158 case KEYCTL_MOVE:
159 return keyctl_keyring_move(arg2, arg3, arg4, arg5); 159 return keyctl_keyring_move(arg2, arg3, arg4, arg5);
160 case KEYCTL_GRANT_PERMISSION:
161 return keyctl_grant_permission(arg2, arg3, arg4, arg5);
162 160
163 case KEYCTL_CAPABILITIES: 161 case KEYCTL_CAPABILITIES:
164 return keyctl_capabilities(compat_ptr(arg2), arg3); 162 return keyctl_capabilities(compat_ptr(arg2), arg3);
diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
index 9df560e477c2..60720f58cbe0 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -304,7 +304,7 @@ static struct key *request_user_key(const char *master_desc, const u8 **master_k
304 const struct user_key_payload *upayload; 304 const struct user_key_payload *upayload;
305 struct key *ukey; 305 struct key *ukey;
306 306
307 ukey = request_key(&key_type_user, master_desc, NULL, NULL); 307 ukey = request_key(&key_type_user, master_desc, NULL);
308 if (IS_ERR(ukey)) 308 if (IS_ERR(ukey))
309 goto error; 309 goto error;
310 310
diff --git a/security/keys/encrypted-keys/masterkey_trusted.c b/security/keys/encrypted-keys/masterkey_trusted.c
index d649f2f29475..c68528aa49c6 100644
--- a/security/keys/encrypted-keys/masterkey_trusted.c
+++ b/security/keys/encrypted-keys/masterkey_trusted.c
@@ -30,7 +30,7 @@ struct key *request_trusted_key(const char *trusted_desc,
30 struct trusted_key_payload *tpayload; 30 struct trusted_key_payload *tpayload;
31 struct key *tkey; 31 struct key *tkey;
32 32
33 tkey = request_key(&key_type_trusted, trusted_desc, NULL, NULL); 33 tkey = request_key(&key_type_trusted, trusted_desc, NULL);
34 if (IS_ERR(tkey)) 34 if (IS_ERR(tkey))
35 goto error; 35 goto error;
36 36
diff --git a/security/keys/gc.c b/security/keys/gc.c
index 48c3e124c272..671dd730ecfc 100644
--- a/security/keys/gc.c
+++ b/security/keys/gc.c
@@ -151,7 +151,6 @@ static noinline void key_gc_unused_keys(struct list_head *keys)
151 151
152 key_user_put(key->user); 152 key_user_put(key->user);
153 key_put_tag(key->domain_tag); 153 key_put_tag(key->domain_tag);
154 key_put_acl(rcu_access_pointer(key->acl));
155 kfree(key->description); 154 kfree(key->description);
156 155
157 memzero_explicit(key, sizeof(*key)); 156 memzero_explicit(key, sizeof(*key));
@@ -221,6 +220,7 @@ continue_scanning:
221 if (key->type == key_gc_dead_keytype) { 220 if (key->type == key_gc_dead_keytype) {
222 gc_state |= KEY_GC_FOUND_DEAD_KEY; 221 gc_state |= KEY_GC_FOUND_DEAD_KEY;
223 set_bit(KEY_FLAG_DEAD, &key->flags); 222 set_bit(KEY_FLAG_DEAD, &key->flags);
223 key->perm = 0;
224 goto skip_dead_key; 224 goto skip_dead_key;
225 } else if (key->type == &key_type_keyring && 225 } else if (key->type == &key_type_keyring &&
226 key->restrict_link) { 226 key->restrict_link) {
diff --git a/security/keys/internal.h b/security/keys/internal.h
index e0c5bb8b1685..c039373488bd 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -84,11 +84,8 @@ extern struct rb_root key_serial_tree;
84extern spinlock_t key_serial_lock; 84extern spinlock_t key_serial_lock;
85extern struct mutex key_construction_mutex; 85extern struct mutex key_construction_mutex;
86extern wait_queue_head_t request_key_conswq; 86extern wait_queue_head_t request_key_conswq;
87extern struct key_acl default_key_acl;
88extern struct key_acl joinable_keyring_acl;
89 87
90extern void key_set_index_key(struct keyring_index_key *index_key); 88extern void key_set_index_key(struct keyring_index_key *index_key);
91
92extern struct key_type *key_type_lookup(const char *type); 89extern struct key_type *key_type_lookup(const char *type);
93extern void key_type_put(struct key_type *ktype); 90extern void key_type_put(struct key_type *ktype);
94 91
@@ -159,7 +156,6 @@ extern struct key *request_key_and_link(struct key_type *type,
159 const void *callout_info, 156 const void *callout_info,
160 size_t callout_len, 157 size_t callout_len,
161 void *aux, 158 void *aux,
162 struct key_acl *acl,
163 struct key *dest_keyring, 159 struct key *dest_keyring,
164 unsigned long flags); 160 unsigned long flags);
165 161
@@ -183,10 +179,7 @@ extern void key_gc_keytype(struct key_type *ktype);
183 179
184extern int key_task_permission(const key_ref_t key_ref, 180extern int key_task_permission(const key_ref_t key_ref,
185 const struct cred *cred, 181 const struct cred *cred,
186 u32 desired_perm); 182 key_perm_t perm);
187extern unsigned int key_acl_to_perm(const struct key_acl *acl);
188extern long key_set_acl(struct key *key, struct key_acl *acl);
189extern void key_put_acl(struct key_acl *acl);
190 183
191/* 184/*
192 * Check to see whether permission is granted to use a key in the desired way. 185 * Check to see whether permission is granted to use a key in the desired way.
@@ -233,7 +226,7 @@ extern long keyctl_keyring_search(key_serial_t, const char __user *,
233 const char __user *, key_serial_t); 226 const char __user *, key_serial_t);
234extern long keyctl_read_key(key_serial_t, char __user *, size_t); 227extern long keyctl_read_key(key_serial_t, char __user *, size_t);
235extern long keyctl_chown_key(key_serial_t, uid_t, gid_t); 228extern long keyctl_chown_key(key_serial_t, uid_t, gid_t);
236extern long keyctl_setperm_key(key_serial_t, unsigned int); 229extern long keyctl_setperm_key(key_serial_t, key_perm_t);
237extern long keyctl_instantiate_key(key_serial_t, const void __user *, 230extern long keyctl_instantiate_key(key_serial_t, const void __user *,
238 size_t, key_serial_t); 231 size_t, key_serial_t);
239extern long keyctl_negate_key(key_serial_t, unsigned, key_serial_t); 232extern long keyctl_negate_key(key_serial_t, unsigned, key_serial_t);
@@ -338,11 +331,6 @@ static inline long keyctl_pkey_e_d_s(int op,
338 331
339extern long keyctl_capabilities(unsigned char __user *_buffer, size_t buflen); 332extern long keyctl_capabilities(unsigned char __user *_buffer, size_t buflen);
340 333
341extern long keyctl_grant_permission(key_serial_t keyid,
342 enum key_ace_subject_type type,
343 unsigned int subject,
344 unsigned int perm);
345
346/* 334/*
347 * Debugging key validation 335 * Debugging key validation
348 */ 336 */
diff --git a/security/keys/key.c b/security/keys/key.c
index 519211a996e7..764f4c57913e 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -195,7 +195,7 @@ serial_exists:
195 * @uid: The owner of the new key. 195 * @uid: The owner of the new key.
196 * @gid: The group ID for the new key's group permissions. 196 * @gid: The group ID for the new key's group permissions.
197 * @cred: The credentials specifying UID namespace. 197 * @cred: The credentials specifying UID namespace.
198 * @acl: The ACL to attach to the new key. 198 * @perm: The permissions mask of the new key.
199 * @flags: Flags specifying quota properties. 199 * @flags: Flags specifying quota properties.
200 * @restrict_link: Optional link restriction for new keyrings. 200 * @restrict_link: Optional link restriction for new keyrings.
201 * 201 *
@@ -223,7 +223,7 @@ serial_exists:
223 */ 223 */
224struct key *key_alloc(struct key_type *type, const char *desc, 224struct key *key_alloc(struct key_type *type, const char *desc,
225 kuid_t uid, kgid_t gid, const struct cred *cred, 225 kuid_t uid, kgid_t gid, const struct cred *cred,
226 struct key_acl *acl, unsigned long flags, 226 key_perm_t perm, unsigned long flags,
227 struct key_restriction *restrict_link) 227 struct key_restriction *restrict_link)
228{ 228{
229 struct key_user *user = NULL; 229 struct key_user *user = NULL;
@@ -246,9 +246,6 @@ struct key *key_alloc(struct key_type *type, const char *desc,
246 desclen = strlen(desc); 246 desclen = strlen(desc);
247 quotalen = desclen + 1 + type->def_datalen; 247 quotalen = desclen + 1 + type->def_datalen;
248 248
249 if (!acl)
250 acl = &default_key_acl;
251
252 /* get hold of the key tracking for this user */ 249 /* get hold of the key tracking for this user */
253 user = key_user_lookup(uid); 250 user = key_user_lookup(uid);
254 if (!user) 251 if (!user)
@@ -295,8 +292,7 @@ struct key *key_alloc(struct key_type *type, const char *desc,
295 key->datalen = type->def_datalen; 292 key->datalen = type->def_datalen;
296 key->uid = uid; 293 key->uid = uid;
297 key->gid = gid; 294 key->gid = gid;
298 refcount_inc(&acl->usage); 295 key->perm = perm;
299 rcu_assign_pointer(key->acl, acl);
300 key->restrict_link = restrict_link; 296 key->restrict_link = restrict_link;
301 key->last_used_at = ktime_get_real_seconds(); 297 key->last_used_at = ktime_get_real_seconds();
302 298
@@ -791,7 +787,7 @@ error:
791 * @description: The searchable description for the key. 787 * @description: The searchable description for the key.
792 * @payload: The data to use to instantiate or update the key. 788 * @payload: The data to use to instantiate or update the key.
793 * @plen: The length of @payload. 789 * @plen: The length of @payload.
794 * @acl: The ACL to attach if a key is created. 790 * @perm: The permissions mask for a new key.
795 * @flags: The quota flags for a new key. 791 * @flags: The quota flags for a new key.
796 * 792 *
797 * Search the destination keyring for a key of the same description and if one 793 * Search the destination keyring for a key of the same description and if one
@@ -814,7 +810,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
814 const char *description, 810 const char *description,
815 const void *payload, 811 const void *payload,
816 size_t plen, 812 size_t plen,
817 struct key_acl *acl, 813 key_perm_t perm,
818 unsigned long flags) 814 unsigned long flags)
819{ 815{
820 struct keyring_index_key index_key = { 816 struct keyring_index_key index_key = {
@@ -911,9 +907,22 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
911 goto found_matching_key; 907 goto found_matching_key;
912 } 908 }
913 909
910 /* if the client doesn't provide, decide on the permissions we want */
911 if (perm == KEY_PERM_UNDEF) {
912 perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR;
913 perm |= KEY_USR_VIEW;
914
915 if (index_key.type->read)
916 perm |= KEY_POS_READ;
917
918 if (index_key.type == &key_type_keyring ||
919 index_key.type->update)
920 perm |= KEY_POS_WRITE;
921 }
922
914 /* allocate a new key */ 923 /* allocate a new key */
915 key = key_alloc(index_key.type, index_key.description, 924 key = key_alloc(index_key.type, index_key.description,
916 cred->fsuid, cred->fsgid, cred, acl, flags, NULL); 925 cred->fsuid, cred->fsgid, cred, perm, flags, NULL);
917 if (IS_ERR(key)) { 926 if (IS_ERR(key)) {
918 key_ref = ERR_CAST(key); 927 key_ref = ERR_CAST(key);
919 goto error_link_end; 928 goto error_link_end;
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index c2dd66d556d4..9b898c969558 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -37,8 +37,7 @@ static const unsigned char keyrings_capabilities[2] = {
37 KEYCTL_CAPS0_MOVE 37 KEYCTL_CAPS0_MOVE
38 ), 38 ),
39 [1] = (KEYCTL_CAPS1_NS_KEYRING_NAME | 39 [1] = (KEYCTL_CAPS1_NS_KEYRING_NAME |
40 KEYCTL_CAPS1_NS_KEY_TAG | 40 KEYCTL_CAPS1_NS_KEY_TAG),
41 KEYCTL_CAPS1_ACL_ALTERABLE),
42}; 41};
43 42
44static int key_get_type_from_user(char *type, 43static int key_get_type_from_user(char *type,
@@ -131,7 +130,8 @@ SYSCALL_DEFINE5(add_key, const char __user *, _type,
131 /* create or update the requested key and add it to the target 130 /* create or update the requested key and add it to the target
132 * keyring */ 131 * keyring */
133 key_ref = key_create_or_update(keyring_ref, type, description, 132 key_ref = key_create_or_update(keyring_ref, type, description,
134 payload, plen, NULL, KEY_ALLOC_IN_QUOTA); 133 payload, plen, KEY_PERM_UNDEF,
134 KEY_ALLOC_IN_QUOTA);
135 if (!IS_ERR(key_ref)) { 135 if (!IS_ERR(key_ref)) {
136 ret = key_ref_to_ptr(key_ref)->serial; 136 ret = key_ref_to_ptr(key_ref)->serial;
137 key_ref_put(key_ref); 137 key_ref_put(key_ref);
@@ -221,8 +221,7 @@ SYSCALL_DEFINE4(request_key, const char __user *, _type,
221 221
222 /* do the search */ 222 /* do the search */
223 key = request_key_and_link(ktype, description, NULL, callout_info, 223 key = request_key_and_link(ktype, description, NULL, callout_info,
224 callout_len, NULL, NULL, 224 callout_len, NULL, key_ref_to_ptr(dest_ref),
225 key_ref_to_ptr(dest_ref),
226 KEY_ALLOC_IN_QUOTA); 225 KEY_ALLOC_IN_QUOTA);
227 if (IS_ERR(key)) { 226 if (IS_ERR(key)) {
228 ret = PTR_ERR(key); 227 ret = PTR_ERR(key);
@@ -384,10 +383,16 @@ long keyctl_revoke_key(key_serial_t id)
384 struct key *key; 383 struct key *key;
385 long ret; 384 long ret;
386 385
387 key_ref = lookup_user_key(id, 0, KEY_NEED_REVOKE); 386 key_ref = lookup_user_key(id, 0, KEY_NEED_WRITE);
388 if (IS_ERR(key_ref)) { 387 if (IS_ERR(key_ref)) {
389 ret = PTR_ERR(key_ref); 388 ret = PTR_ERR(key_ref);
390 goto error; 389 if (ret != -EACCES)
390 goto error;
391 key_ref = lookup_user_key(id, 0, KEY_NEED_SETATTR);
392 if (IS_ERR(key_ref)) {
393 ret = PTR_ERR(key_ref);
394 goto error;
395 }
391 } 396 }
392 397
393 key = key_ref_to_ptr(key_ref); 398 key = key_ref_to_ptr(key_ref);
@@ -421,7 +426,7 @@ long keyctl_invalidate_key(key_serial_t id)
421 426
422 kenter("%d", id); 427 kenter("%d", id);
423 428
424 key_ref = lookup_user_key(id, 0, KEY_NEED_INVAL); 429 key_ref = lookup_user_key(id, 0, KEY_NEED_SEARCH);
425 if (IS_ERR(key_ref)) { 430 if (IS_ERR(key_ref)) {
426 ret = PTR_ERR(key_ref); 431 ret = PTR_ERR(key_ref);
427 432
@@ -466,7 +471,7 @@ long keyctl_keyring_clear(key_serial_t ringid)
466 struct key *keyring; 471 struct key *keyring;
467 long ret; 472 long ret;
468 473
469 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_CLEAR); 474 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE);
470 if (IS_ERR(keyring_ref)) { 475 if (IS_ERR(keyring_ref)) {
471 ret = PTR_ERR(keyring_ref); 476 ret = PTR_ERR(keyring_ref);
472 477
@@ -641,7 +646,6 @@ long keyctl_describe_key(key_serial_t keyid,
641 size_t buflen) 646 size_t buflen)
642{ 647{
643 struct key *key, *instkey; 648 struct key *key, *instkey;
644 unsigned int perm;
645 key_ref_t key_ref; 649 key_ref_t key_ref;
646 char *infobuf; 650 char *infobuf;
647 long ret; 651 long ret;
@@ -671,10 +675,6 @@ okay:
671 key = key_ref_to_ptr(key_ref); 675 key = key_ref_to_ptr(key_ref);
672 desclen = strlen(key->description); 676 desclen = strlen(key->description);
673 677
674 rcu_read_lock();
675 perm = key_acl_to_perm(rcu_dereference(key->acl));
676 rcu_read_unlock();
677
678 /* calculate how much information we're going to return */ 678 /* calculate how much information we're going to return */
679 ret = -ENOMEM; 679 ret = -ENOMEM;
680 infobuf = kasprintf(GFP_KERNEL, 680 infobuf = kasprintf(GFP_KERNEL,
@@ -682,7 +682,7 @@ okay:
682 key->type->name, 682 key->type->name,
683 from_kuid_munged(current_user_ns(), key->uid), 683 from_kuid_munged(current_user_ns(), key->uid),
684 from_kgid_munged(current_user_ns(), key->gid), 684 from_kgid_munged(current_user_ns(), key->gid),
685 perm); 685 key->perm);
686 if (!infobuf) 686 if (!infobuf)
687 goto error2; 687 goto error2;
688 infolen = strlen(infobuf); 688 infolen = strlen(infobuf);
@@ -899,7 +899,7 @@ long keyctl_chown_key(key_serial_t id, uid_t user, gid_t group)
899 goto error; 899 goto error;
900 900
901 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, 901 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL,
902 KEY_NEED_SETSEC); 902 KEY_NEED_SETATTR);
903 if (IS_ERR(key_ref)) { 903 if (IS_ERR(key_ref)) {
904 ret = PTR_ERR(key_ref); 904 ret = PTR_ERR(key_ref);
905 goto error; 905 goto error;
@@ -994,25 +994,18 @@ quota_overrun:
994 * the key need not be fully instantiated yet. If the caller does not have 994 * the key need not be fully instantiated yet. If the caller does not have
995 * sysadmin capability, it may only change the permission on keys that it owns. 995 * sysadmin capability, it may only change the permission on keys that it owns.
996 */ 996 */
997long keyctl_setperm_key(key_serial_t id, unsigned int perm) 997long keyctl_setperm_key(key_serial_t id, key_perm_t perm)
998{ 998{
999 struct key_acl *acl;
1000 struct key *key; 999 struct key *key;
1001 key_ref_t key_ref; 1000 key_ref_t key_ref;
1002 long ret; 1001 long ret;
1003 int nr, i, j;
1004 1002
1003 ret = -EINVAL;
1005 if (perm & ~(KEY_POS_ALL | KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL)) 1004 if (perm & ~(KEY_POS_ALL | KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL))
1006 return -EINVAL; 1005 goto error;
1007
1008 nr = 0;
1009 if (perm & KEY_POS_ALL) nr++;
1010 if (perm & KEY_USR_ALL) nr++;
1011 if (perm & KEY_GRP_ALL) nr++;
1012 if (perm & KEY_OTH_ALL) nr++;
1013 1006
1014 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, 1007 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL,
1015 KEY_NEED_SETSEC); 1008 KEY_NEED_SETATTR);
1016 if (IS_ERR(key_ref)) { 1009 if (IS_ERR(key_ref)) {
1017 ret = PTR_ERR(key_ref); 1010 ret = PTR_ERR(key_ref);
1018 goto error; 1011 goto error;
@@ -1020,45 +1013,17 @@ long keyctl_setperm_key(key_serial_t id, unsigned int perm)
1020 1013
1021 key = key_ref_to_ptr(key_ref); 1014 key = key_ref_to_ptr(key_ref);
1022 1015
1023 ret = -EOPNOTSUPP; 1016 /* make the changes with the locks held to prevent chown/chmod races */
1024 if (test_bit(KEY_FLAG_HAS_ACL, &key->flags)) 1017 ret = -EACCES;
1025 goto error_key; 1018 down_write(&key->sem);
1026 1019
1027 ret = -ENOMEM; 1020 /* if we're not the sysadmin, we can only change a key that we own */
1028 acl = kzalloc(struct_size(acl, aces, nr), GFP_KERNEL); 1021 if (capable(CAP_SYS_ADMIN) || uid_eq(key->uid, current_fsuid())) {
1029 if (!acl) 1022 key->perm = perm;
1030 goto error_key; 1023 ret = 0;
1031
1032 refcount_set(&acl->usage, 1);
1033 acl->nr_ace = nr;
1034 j = 0;
1035 for (i = 0; i < 4; i++) {
1036 struct key_ace *ace = &acl->aces[j];
1037 unsigned int subset = (perm >> (i * 8)) & KEY_OTH_ALL;
1038
1039 if (!subset)
1040 continue;
1041 ace->type = KEY_ACE_SUBJ_STANDARD;
1042 ace->subject_id = KEY_ACE_EVERYONE + i;
1043 ace->perm = subset;
1044 if (subset & (KEY_OTH_WRITE | KEY_OTH_SETATTR))
1045 ace->perm |= KEY_ACE_REVOKE;
1046 if (subset & KEY_OTH_SEARCH)
1047 ace->perm |= KEY_ACE_INVAL;
1048 if (key->type == &key_type_keyring) {
1049 if (subset & KEY_OTH_SEARCH)
1050 ace->perm |= KEY_ACE_JOIN;
1051 if (subset & KEY_OTH_WRITE)
1052 ace->perm |= KEY_ACE_CLEAR;
1053 }
1054 j++;
1055 } 1024 }
1056 1025
1057 /* make the changes with the locks held to prevent chown/chmod races */
1058 down_write(&key->sem);
1059 ret = key_set_acl(key, acl);
1060 up_write(&key->sem); 1026 up_write(&key->sem);
1061error_key:
1062 key_put(key); 1027 key_put(key);
1063error: 1028error:
1064 return ret; 1029 return ret;
@@ -1423,7 +1388,7 @@ long keyctl_set_timeout(key_serial_t id, unsigned timeout)
1423 long ret; 1388 long ret;
1424 1389
1425 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, 1390 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL,
1426 KEY_NEED_SETSEC); 1391 KEY_NEED_SETATTR);
1427 if (IS_ERR(key_ref)) { 1392 if (IS_ERR(key_ref)) {
1428 /* setting the timeout on a key under construction is permitted 1393 /* setting the timeout on a key under construction is permitted
1429 * if we have the authorisation token handy */ 1394 * if we have the authorisation token handy */
@@ -1574,7 +1539,7 @@ long keyctl_get_security(key_serial_t keyid,
1574 * Attempt to install the calling process's session keyring on the process's 1539 * Attempt to install the calling process's session keyring on the process's
1575 * parent process. 1540 * parent process.
1576 * 1541 *
1577 * The keyring must exist and must grant the caller JOIN permission, and the 1542 * The keyring must exist and must grant the caller LINK permission, and the
1578 * parent process must be single-threaded and must have the same effective 1543 * parent process must be single-threaded and must have the same effective
1579 * ownership as this process and mustn't be SUID/SGID. 1544 * ownership as this process and mustn't be SUID/SGID.
1580 * 1545 *
@@ -1591,7 +1556,7 @@ long keyctl_session_to_parent(void)
1591 struct cred *cred; 1556 struct cred *cred;
1592 int ret; 1557 int ret;
1593 1558
1594 keyring_r = lookup_user_key(KEY_SPEC_SESSION_KEYRING, 0, KEY_NEED_JOIN); 1559 keyring_r = lookup_user_key(KEY_SPEC_SESSION_KEYRING, 0, KEY_NEED_LINK);
1595 if (IS_ERR(keyring_r)) 1560 if (IS_ERR(keyring_r))
1596 return PTR_ERR(keyring_r); 1561 return PTR_ERR(keyring_r);
1597 1562
@@ -1693,7 +1658,7 @@ long keyctl_restrict_keyring(key_serial_t id, const char __user *_type,
1693 char *restriction = NULL; 1658 char *restriction = NULL;
1694 long ret; 1659 long ret;
1695 1660
1696 key_ref = lookup_user_key(id, 0, KEY_NEED_SETSEC); 1661 key_ref = lookup_user_key(id, 0, KEY_NEED_SETATTR);
1697 if (IS_ERR(key_ref)) 1662 if (IS_ERR(key_ref))
1698 return PTR_ERR(key_ref); 1663 return PTR_ERR(key_ref);
1699 1664
@@ -1799,7 +1764,7 @@ SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3,
1799 1764
1800 case KEYCTL_SETPERM: 1765 case KEYCTL_SETPERM:
1801 return keyctl_setperm_key((key_serial_t) arg2, 1766 return keyctl_setperm_key((key_serial_t) arg2,
1802 (unsigned int)arg3); 1767 (key_perm_t) arg3);
1803 1768
1804 case KEYCTL_INSTANTIATE: 1769 case KEYCTL_INSTANTIATE:
1805 return keyctl_instantiate_key((key_serial_t) arg2, 1770 return keyctl_instantiate_key((key_serial_t) arg2,
@@ -1888,11 +1853,6 @@ SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3,
1888 (key_serial_t)arg3, 1853 (key_serial_t)arg3,
1889 (key_serial_t)arg4, 1854 (key_serial_t)arg4,
1890 (unsigned int)arg5); 1855 (unsigned int)arg5);
1891 case KEYCTL_GRANT_PERMISSION:
1892 return keyctl_grant_permission((key_serial_t)arg2,
1893 (enum key_ace_subject_type)arg3,
1894 (unsigned int)arg4,
1895 (unsigned int)arg5);
1896 1856
1897 case KEYCTL_CAPABILITIES: 1857 case KEYCTL_CAPABILITIES:
1898 return keyctl_capabilities((unsigned char __user *)arg2, (size_t)arg3); 1858 return keyctl_capabilities((unsigned char __user *)arg2, (size_t)arg3);
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index 3b5458f23a95..febf36c6ddc5 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -515,19 +515,11 @@ static long keyring_read(const struct key *keyring,
515 return ret; 515 return ret;
516} 516}
517 517
518/** 518/*
519 * keyring_alloc - Allocate a keyring and link into the destination 519 * Allocate a keyring and link into the destination keyring.
520 * @description: The key description to allow the key to be searched out.
521 * @uid: The owner of the new key.
522 * @gid: The group ID for the new key's group permissions.
523 * @cred: The credentials specifying UID namespace.
524 * @acl: The ACL to attach to the new key.
525 * @flags: Flags specifying quota properties.
526 * @restrict_link: Optional link restriction for new keyrings.
527 * @dest: Destination keyring.
528 */ 520 */
529struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid, 521struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid,
530 const struct cred *cred, struct key_acl *acl, 522 const struct cred *cred, key_perm_t perm,
531 unsigned long flags, 523 unsigned long flags,
532 struct key_restriction *restrict_link, 524 struct key_restriction *restrict_link,
533 struct key *dest) 525 struct key *dest)
@@ -536,7 +528,7 @@ struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid,
536 int ret; 528 int ret;
537 529
538 keyring = key_alloc(&key_type_keyring, description, 530 keyring = key_alloc(&key_type_keyring, description,
539 uid, gid, cred, acl, flags, restrict_link); 531 uid, gid, cred, perm, flags, restrict_link);
540 if (!IS_ERR(keyring)) { 532 if (!IS_ERR(keyring)) {
541 ret = key_instantiate_and_link(keyring, NULL, 0, dest, NULL); 533 ret = key_instantiate_and_link(keyring, NULL, 0, dest, NULL);
542 if (ret < 0) { 534 if (ret < 0) {
@@ -1140,11 +1132,10 @@ found:
1140/* 1132/*
1141 * Find a keyring with the specified name. 1133 * Find a keyring with the specified name.
1142 * 1134 *
1143 * Only keyrings that have nonzero refcount, are not revoked, and are owned by 1135 * Only keyrings that have nonzero refcount, are not revoked, and are owned by a
1144 * a user in the current user namespace are considered. If @uid_keyring is 1136 * user in the current user namespace are considered. If @uid_keyring is %true,
1145 * %true, the keyring additionally must have been allocated as a user or user 1137 * the keyring additionally must have been allocated as a user or user session
1146 * session keyring; otherwise, it must grant JOIN permission directly to the 1138 * keyring; otherwise, it must grant Search permission directly to the caller.
1147 * caller (ie. not through possession).
1148 * 1139 *
1149 * Returns a pointer to the keyring with the keyring's refcount having being 1140 * Returns a pointer to the keyring with the keyring's refcount having being
1150 * incremented on success. -ENOKEY is returned if a key could not be found. 1141 * incremented on success. -ENOKEY is returned if a key could not be found.
@@ -1178,7 +1169,7 @@ struct key *find_keyring_by_name(const char *name, bool uid_keyring)
1178 continue; 1169 continue;
1179 } else { 1170 } else {
1180 if (key_permission(make_key_ref(keyring, 0), 1171 if (key_permission(make_key_ref(keyring, 0),
1181 KEY_NEED_JOIN) < 0) 1172 KEY_NEED_SEARCH) < 0)
1182 continue; 1173 continue;
1183 } 1174 }
1184 1175
diff --git a/security/keys/permission.c b/security/keys/permission.c
index fd8a5dc6910a..085f907b64ac 100644
--- a/security/keys/permission.c
+++ b/security/keys/permission.c
@@ -7,67 +7,13 @@
7 7
8#include <linux/export.h> 8#include <linux/export.h>
9#include <linux/security.h> 9#include <linux/security.h>
10#include <linux/user_namespace.h>
11#include <linux/uaccess.h>
12#include "internal.h" 10#include "internal.h"
13 11
14struct key_acl default_key_acl = {
15 .usage = REFCOUNT_INIT(1),
16 .nr_ace = 2,
17 .possessor_viewable = true,
18 .aces = {
19 KEY_POSSESSOR_ACE(KEY_ACE__PERMS & ~KEY_ACE_JOIN),
20 KEY_OWNER_ACE(KEY_ACE_VIEW),
21 }
22};
23EXPORT_SYMBOL(default_key_acl);
24
25struct key_acl joinable_keyring_acl = {
26 .usage = REFCOUNT_INIT(1),
27 .nr_ace = 2,
28 .possessor_viewable = true,
29 .aces = {
30 KEY_POSSESSOR_ACE(KEY_ACE__PERMS & ~KEY_ACE_JOIN),
31 KEY_OWNER_ACE(KEY_ACE_VIEW | KEY_ACE_READ | KEY_ACE_LINK | KEY_ACE_JOIN),
32 }
33};
34EXPORT_SYMBOL(joinable_keyring_acl);
35
36struct key_acl internal_key_acl = {
37 .usage = REFCOUNT_INIT(1),
38 .nr_ace = 2,
39 .aces = {
40 KEY_POSSESSOR_ACE(KEY_ACE_SEARCH),
41 KEY_OWNER_ACE(KEY_ACE_VIEW | KEY_ACE_READ | KEY_ACE_SEARCH),
42 }
43};
44EXPORT_SYMBOL(internal_key_acl);
45
46struct key_acl internal_keyring_acl = {
47 .usage = REFCOUNT_INIT(1),
48 .nr_ace = 2,
49 .aces = {
50 KEY_POSSESSOR_ACE(KEY_ACE_SEARCH),
51 KEY_OWNER_ACE(KEY_ACE_VIEW | KEY_ACE_READ | KEY_ACE_SEARCH),
52 }
53};
54EXPORT_SYMBOL(internal_keyring_acl);
55
56struct key_acl internal_writable_keyring_acl = {
57 .usage = REFCOUNT_INIT(1),
58 .nr_ace = 2,
59 .aces = {
60 KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_WRITE),
61 KEY_OWNER_ACE(KEY_ACE_VIEW | KEY_ACE_READ | KEY_ACE_WRITE | KEY_ACE_SEARCH),
62 }
63};
64EXPORT_SYMBOL(internal_writable_keyring_acl);
65
66/** 12/**
67 * key_task_permission - Check a key can be used 13 * key_task_permission - Check a key can be used
68 * @key_ref: The key to check. 14 * @key_ref: The key to check.
69 * @cred: The credentials to use. 15 * @cred: The credentials to use.
70 * @desired_perm: The permission to check for. 16 * @perm: The permissions to check for.
71 * 17 *
72 * Check to see whether permission is granted to use a key in the desired way, 18 * Check to see whether permission is granted to use a key in the desired way,
73 * but permit the security modules to override. 19 * but permit the security modules to override.
@@ -78,73 +24,53 @@ EXPORT_SYMBOL(internal_writable_keyring_acl);
78 * permissions bits or the LSM check. 24 * permissions bits or the LSM check.
79 */ 25 */
80int key_task_permission(const key_ref_t key_ref, const struct cred *cred, 26int key_task_permission(const key_ref_t key_ref, const struct cred *cred,
81 unsigned int desired_perm) 27 unsigned perm)
82{ 28{
83 const struct key_acl *acl; 29 struct key *key;
84 const struct key *key; 30 key_perm_t kperm;
85 unsigned int allow = 0; 31 int ret;
86 int i;
87
88 BUILD_BUG_ON(KEY_NEED_VIEW != KEY_ACE_VIEW ||
89 KEY_NEED_READ != KEY_ACE_READ ||
90 KEY_NEED_WRITE != KEY_ACE_WRITE ||
91 KEY_NEED_SEARCH != KEY_ACE_SEARCH ||
92 KEY_NEED_LINK != KEY_ACE_LINK ||
93 KEY_NEED_SETSEC != KEY_ACE_SET_SECURITY ||
94 KEY_NEED_INVAL != KEY_ACE_INVAL ||
95 KEY_NEED_REVOKE != KEY_ACE_REVOKE ||
96 KEY_NEED_JOIN != KEY_ACE_JOIN ||
97 KEY_NEED_CLEAR != KEY_ACE_CLEAR);
98 32
99 key = key_ref_to_ptr(key_ref); 33 key = key_ref_to_ptr(key_ref);
100 34
101 rcu_read_lock(); 35 /* use the second 8-bits of permissions for keys the caller owns */
102 36 if (uid_eq(key->uid, cred->fsuid)) {
103 acl = rcu_dereference(key->acl); 37 kperm = key->perm >> 16;
104 if (!acl || acl->nr_ace == 0) 38 goto use_these_perms;
105 goto no_access_rcu; 39 }
106 40
107 for (i = 0; i < acl->nr_ace; i++) { 41 /* use the third 8-bits of permissions for keys the caller has a group
108 const struct key_ace *ace = &acl->aces[i]; 42 * membership in common with */
43 if (gid_valid(key->gid) && key->perm & KEY_GRP_ALL) {
44 if (gid_eq(key->gid, cred->fsgid)) {
45 kperm = key->perm >> 8;
46 goto use_these_perms;
47 }
109 48
110 switch (ace->type) { 49 ret = groups_search(cred->group_info, key->gid);
111 case KEY_ACE_SUBJ_STANDARD: 50 if (ret) {
112 switch (ace->subject_id) { 51 kperm = key->perm >> 8;
113 case KEY_ACE_POSSESSOR: 52 goto use_these_perms;
114 if (is_key_possessed(key_ref))
115 allow |= ace->perm;
116 break;
117 case KEY_ACE_OWNER:
118 if (uid_eq(key->uid, cred->fsuid))
119 allow |= ace->perm;
120 break;
121 case KEY_ACE_GROUP:
122 if (gid_valid(key->gid)) {
123 if (gid_eq(key->gid, cred->fsgid))
124 allow |= ace->perm;
125 else if (groups_search(cred->group_info, key->gid))
126 allow |= ace->perm;
127 }
128 break;
129 case KEY_ACE_EVERYONE:
130 allow |= ace->perm;
131 break;
132 }
133 break;
134 } 53 }
135 } 54 }
136 55
137 rcu_read_unlock(); 56 /* otherwise use the least-significant 8-bits */
57 kperm = key->perm;
58
59use_these_perms:
138 60
139 if (!(allow & desired_perm)) 61 /* use the top 8-bits of permissions for keys the caller possesses
140 goto no_access; 62 * - possessor permissions are additive with other permissions
63 */
64 if (is_key_possessed(key_ref))
65 kperm |= key->perm >> 24;
141 66
142 return security_key_permission(key_ref, cred, desired_perm); 67 kperm = kperm & perm & KEY_NEED_ALL;
143 68
144no_access_rcu: 69 if (kperm != perm)
145 rcu_read_unlock(); 70 return -EACCES;
146no_access: 71
147 return -EACCES; 72 /* let LSM be the final arbiter */
73 return security_key_permission(key_ref, cred, perm);
148} 74}
149EXPORT_SYMBOL(key_task_permission); 75EXPORT_SYMBOL(key_task_permission);
150 76
@@ -178,218 +104,3 @@ int key_validate(const struct key *key)
178 return 0; 104 return 0;
179} 105}
180EXPORT_SYMBOL(key_validate); 106EXPORT_SYMBOL(key_validate);
181
182/*
183 * Roughly render an ACL to an old-style permissions mask. We cannot
184 * accurately render what the ACL, particularly if it has ACEs that represent
185 * subjects outside of { poss, user, group, other }.
186 */
187unsigned int key_acl_to_perm(const struct key_acl *acl)
188{
189 unsigned int perm = 0, tperm;
190 int i;
191
192 BUILD_BUG_ON(KEY_OTH_VIEW != KEY_ACE_VIEW ||
193 KEY_OTH_READ != KEY_ACE_READ ||
194 KEY_OTH_WRITE != KEY_ACE_WRITE ||
195 KEY_OTH_SEARCH != KEY_ACE_SEARCH ||
196 KEY_OTH_LINK != KEY_ACE_LINK ||
197 KEY_OTH_SETATTR != KEY_ACE_SET_SECURITY);
198
199 if (!acl || acl->nr_ace == 0)
200 return 0;
201
202 for (i = 0; i < acl->nr_ace; i++) {
203 const struct key_ace *ace = &acl->aces[i];
204
205 switch (ace->type) {
206 case KEY_ACE_SUBJ_STANDARD:
207 tperm = ace->perm & KEY_OTH_ALL;
208
209 /* Invalidation and joining were allowed by SEARCH */
210 if (ace->perm & (KEY_ACE_INVAL | KEY_ACE_JOIN))
211 tperm |= KEY_OTH_SEARCH;
212
213 /* Revocation was allowed by either SETATTR or WRITE */
214 if ((ace->perm & KEY_ACE_REVOKE) && !(tperm & KEY_OTH_SETATTR))
215 tperm |= KEY_OTH_WRITE;
216
217 /* Clearing was allowed by WRITE */
218 if (ace->perm & KEY_ACE_CLEAR)
219 tperm |= KEY_OTH_WRITE;
220
221 switch (ace->subject_id) {
222 case KEY_ACE_POSSESSOR:
223 perm |= tperm << 24;
224 break;
225 case KEY_ACE_OWNER:
226 perm |= tperm << 16;
227 break;
228 case KEY_ACE_GROUP:
229 perm |= tperm << 8;
230 break;
231 case KEY_ACE_EVERYONE:
232 perm |= tperm << 0;
233 break;
234 }
235 }
236 }
237
238 return perm;
239}
240
241/*
242 * Destroy a key's ACL.
243 */
244void key_put_acl(struct key_acl *acl)
245{
246 if (acl && refcount_dec_and_test(&acl->usage))
247 kfree_rcu(acl, rcu);
248}
249
250/*
251 * Try to set the ACL. This either attaches or discards the proposed ACL.
252 */
253long key_set_acl(struct key *key, struct key_acl *acl)
254{
255 int i;
256
257 /* If we're not the sysadmin, we can only change a key that we own. */
258 if (!capable(CAP_SYS_ADMIN) && !uid_eq(key->uid, current_fsuid())) {
259 key_put_acl(acl);
260 return -EACCES;
261 }
262
263 for (i = 0; i < acl->nr_ace; i++) {
264 const struct key_ace *ace = &acl->aces[i];
265 if (ace->type == KEY_ACE_SUBJ_STANDARD &&
266 ace->subject_id == KEY_ACE_POSSESSOR) {
267 if (ace->perm & KEY_ACE_VIEW)
268 acl->possessor_viewable = true;
269 break;
270 }
271 }
272
273 rcu_swap_protected(key->acl, acl, lockdep_is_held(&key->sem));
274 key_put_acl(acl);
275 return 0;
276}
277
278/*
279 * Allocate a new ACL with an extra ACE slot.
280 */
281static struct key_acl *key_alloc_acl(const struct key_acl *old_acl, int nr, int skip)
282{
283 struct key_acl *acl;
284 int nr_ace, i, j = 0;
285
286 nr_ace = old_acl->nr_ace + nr;
287 if (nr_ace > 16)
288 return ERR_PTR(-EINVAL);
289
290 acl = kzalloc(struct_size(acl, aces, nr_ace), GFP_KERNEL);
291 if (!acl)
292 return ERR_PTR(-ENOMEM);
293
294 refcount_set(&acl->usage, 1);
295 acl->nr_ace = nr_ace;
296 for (i = 0; i < old_acl->nr_ace; i++) {
297 if (i == skip)
298 continue;
299 acl->aces[j] = old_acl->aces[i];
300 j++;
301 }
302 return acl;
303}
304
305/*
306 * Generate the revised ACL.
307 */
308static long key_change_acl(struct key *key, struct key_ace *new_ace)
309{
310 struct key_acl *acl, *old;
311 int i;
312
313 old = rcu_dereference_protected(key->acl, lockdep_is_held(&key->sem));
314
315 for (i = 0; i < old->nr_ace; i++)
316 if (old->aces[i].type == new_ace->type &&
317 old->aces[i].subject_id == new_ace->subject_id)
318 goto found_match;
319
320 if (new_ace->perm == 0)
321 return 0; /* No permissions to remove. Add deny record? */
322
323 acl = key_alloc_acl(old, 1, -1);
324 if (IS_ERR(acl))
325 return PTR_ERR(acl);
326 acl->aces[i] = *new_ace;
327 goto change;
328
329found_match:
330 if (new_ace->perm == 0)
331 goto delete_ace;
332 if (new_ace->perm == old->aces[i].perm)
333 return 0;
334 acl = key_alloc_acl(old, 0, -1);
335 if (IS_ERR(acl))
336 return PTR_ERR(acl);
337 acl->aces[i].perm = new_ace->perm;
338 goto change;
339
340delete_ace:
341 acl = key_alloc_acl(old, -1, i);
342 if (IS_ERR(acl))
343 return PTR_ERR(acl);
344 goto change;
345
346change:
347 return key_set_acl(key, acl);
348}
349
350/*
351 * Add, alter or remove (if perm == 0) an ACE in a key's ACL.
352 */
353long keyctl_grant_permission(key_serial_t keyid,
354 enum key_ace_subject_type type,
355 unsigned int subject,
356 unsigned int perm)
357{
358 struct key_ace new_ace;
359 struct key *key;
360 key_ref_t key_ref;
361 long ret;
362
363 new_ace.type = type;
364 new_ace.perm = perm;
365
366 switch (type) {
367 case KEY_ACE_SUBJ_STANDARD:
368 if (subject >= nr__key_ace_standard_subject)
369 return -ENOENT;
370 new_ace.subject_id = subject;
371 break;
372
373 default:
374 return -ENOENT;
375 }
376
377 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_NEED_SETSEC);
378 if (IS_ERR(key_ref)) {
379 ret = PTR_ERR(key_ref);
380 goto error;
381 }
382
383 key = key_ref_to_ptr(key_ref);
384
385 down_write(&key->sem);
386
387 /* If we're not the sysadmin, we can only change a key that we own */
388 ret = -EACCES;
389 if (capable(CAP_SYS_ADMIN) || uid_eq(key->uid, current_fsuid()))
390 ret = key_change_acl(key, &new_ace);
391 up_write(&key->sem);
392 key_put(key);
393error:
394 return ret;
395}
diff --git a/security/keys/persistent.c b/security/keys/persistent.c
index 8171c90d4c9a..97af230aa4b2 100644
--- a/security/keys/persistent.c
+++ b/security/keys/persistent.c
@@ -12,27 +12,6 @@
12 12
13unsigned persistent_keyring_expiry = 3 * 24 * 3600; /* Expire after 3 days of non-use */ 13unsigned persistent_keyring_expiry = 3 * 24 * 3600; /* Expire after 3 days of non-use */
14 14
15static struct key_acl persistent_register_keyring_acl = {
16 .usage = REFCOUNT_INIT(1),
17 .nr_ace = 2,
18 .aces = {
19 KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_WRITE),
20 KEY_OWNER_ACE(KEY_ACE_VIEW | KEY_ACE_READ),
21 }
22};
23
24static struct key_acl persistent_keyring_acl = {
25 .usage = REFCOUNT_INIT(1),
26 .nr_ace = 2,
27 .possessor_viewable = true,
28 .aces = {
29 KEY_POSSESSOR_ACE(KEY_ACE_VIEW | KEY_ACE_READ | KEY_ACE_WRITE |
30 KEY_ACE_SEARCH | KEY_ACE_LINK |
31 KEY_ACE_CLEAR | KEY_ACE_INVAL),
32 KEY_OWNER_ACE(KEY_ACE_VIEW | KEY_ACE_READ),
33 }
34};
35
36/* 15/*
37 * Create the persistent keyring register for the current user namespace. 16 * Create the persistent keyring register for the current user namespace.
38 * 17 *
@@ -43,7 +22,8 @@ static int key_create_persistent_register(struct user_namespace *ns)
43 struct key *reg = keyring_alloc(".persistent_register", 22 struct key *reg = keyring_alloc(".persistent_register",
44 KUIDT_INIT(0), KGIDT_INIT(0), 23 KUIDT_INIT(0), KGIDT_INIT(0),
45 current_cred(), 24 current_cred(),
46 &persistent_register_keyring_acl, 25 ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
26 KEY_USR_VIEW | KEY_USR_READ),
47 KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL); 27 KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
48 if (IS_ERR(reg)) 28 if (IS_ERR(reg))
49 return PTR_ERR(reg); 29 return PTR_ERR(reg);
@@ -76,7 +56,8 @@ static key_ref_t key_create_persistent(struct user_namespace *ns, kuid_t uid,
76 56
77 persistent = keyring_alloc(index_key->description, 57 persistent = keyring_alloc(index_key->description,
78 uid, INVALID_GID, current_cred(), 58 uid, INVALID_GID, current_cred(),
79 &persistent_keyring_acl, 59 ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
60 KEY_USR_VIEW | KEY_USR_READ),
80 KEY_ALLOC_NOT_IN_QUOTA, NULL, 61 KEY_ALLOC_NOT_IN_QUOTA, NULL,
81 ns->persistent_keyring_register); 62 ns->persistent_keyring_register);
82 if (IS_ERR(persistent)) 63 if (IS_ERR(persistent))
diff --git a/security/keys/proc.c b/security/keys/proc.c
index b394ad1e874b..415f3f1c2da0 100644
--- a/security/keys/proc.c
+++ b/security/keys/proc.c
@@ -110,13 +110,11 @@ static struct key *find_ge_key(struct seq_file *p, key_serial_t id)
110} 110}
111 111
112static void *proc_keys_start(struct seq_file *p, loff_t *_pos) 112static void *proc_keys_start(struct seq_file *p, loff_t *_pos)
113 __acquires(rcu)
114 __acquires(key_serial_lock) 113 __acquires(key_serial_lock)
115{ 114{
116 key_serial_t pos = *_pos; 115 key_serial_t pos = *_pos;
117 struct key *key; 116 struct key *key;
118 117
119 rcu_read_lock();
120 spin_lock(&key_serial_lock); 118 spin_lock(&key_serial_lock);
121 119
122 if (*_pos > INT_MAX) 120 if (*_pos > INT_MAX)
@@ -146,15 +144,12 @@ static void *proc_keys_next(struct seq_file *p, void *v, loff_t *_pos)
146 144
147static void proc_keys_stop(struct seq_file *p, void *v) 145static void proc_keys_stop(struct seq_file *p, void *v)
148 __releases(key_serial_lock) 146 __releases(key_serial_lock)
149 __releases(rcu)
150{ 147{
151 spin_unlock(&key_serial_lock); 148 spin_unlock(&key_serial_lock);
152 rcu_read_unlock();
153} 149}
154 150
155static int proc_keys_show(struct seq_file *m, void *v) 151static int proc_keys_show(struct seq_file *m, void *v)
156{ 152{
157 const struct key_acl *acl;
158 struct rb_node *_p = v; 153 struct rb_node *_p = v;
159 struct key *key = rb_entry(_p, struct key, serial_node); 154 struct key *key = rb_entry(_p, struct key, serial_node);
160 unsigned long flags; 155 unsigned long flags;
@@ -162,7 +157,6 @@ static int proc_keys_show(struct seq_file *m, void *v)
162 time64_t now, expiry; 157 time64_t now, expiry;
163 char xbuf[16]; 158 char xbuf[16];
164 short state; 159 short state;
165 bool check_pos;
166 u64 timo; 160 u64 timo;
167 int rc; 161 int rc;
168 162
@@ -176,15 +170,15 @@ static int proc_keys_show(struct seq_file *m, void *v)
176 KEYRING_SEARCH_RECURSE), 170 KEYRING_SEARCH_RECURSE),
177 }; 171 };
178 172
179 acl = rcu_dereference(key->acl); 173 key_ref = make_key_ref(key, 0);
180 check_pos = acl->possessor_viewable;
181 174
182 /* determine if the key is possessed by this process (a test we can 175 /* determine if the key is possessed by this process (a test we can
183 * skip if the key does not indicate the possessor can view it 176 * skip if the key does not indicate the possessor can view it
184 */ 177 */
185 key_ref = make_key_ref(key, 0); 178 if (key->perm & KEY_POS_VIEW) {
186 if (check_pos) { 179 rcu_read_lock();
187 skey_ref = search_cred_keyrings_rcu(&ctx); 180 skey_ref = search_cred_keyrings_rcu(&ctx);
181 rcu_read_unlock();
188 if (!IS_ERR(skey_ref)) { 182 if (!IS_ERR(skey_ref)) {
189 key_ref_put(skey_ref); 183 key_ref_put(skey_ref);
190 key_ref = make_key_ref(key, 1); 184 key_ref = make_key_ref(key, 1);
@@ -194,10 +188,12 @@ static int proc_keys_show(struct seq_file *m, void *v)
194 /* check whether the current task is allowed to view the key */ 188 /* check whether the current task is allowed to view the key */
195 rc = key_task_permission(key_ref, ctx.cred, KEY_NEED_VIEW); 189 rc = key_task_permission(key_ref, ctx.cred, KEY_NEED_VIEW);
196 if (rc < 0) 190 if (rc < 0)
197 goto out; 191 return 0;
198 192
199 now = ktime_get_real_seconds(); 193 now = ktime_get_real_seconds();
200 194
195 rcu_read_lock();
196
201 /* come up with a suitable timeout value */ 197 /* come up with a suitable timeout value */
202 expiry = READ_ONCE(key->expiry); 198 expiry = READ_ONCE(key->expiry);
203 if (expiry == 0) { 199 if (expiry == 0) {
@@ -236,7 +232,7 @@ static int proc_keys_show(struct seq_file *m, void *v)
236 showflag(flags, 'i', KEY_FLAG_INVALIDATED), 232 showflag(flags, 'i', KEY_FLAG_INVALIDATED),
237 refcount_read(&key->usage), 233 refcount_read(&key->usage),
238 xbuf, 234 xbuf,
239 key_acl_to_perm(acl), 235 key->perm,
240 from_kuid_munged(seq_user_ns(m), key->uid), 236 from_kuid_munged(seq_user_ns(m), key->uid),
241 from_kgid_munged(seq_user_ns(m), key->gid), 237 from_kgid_munged(seq_user_ns(m), key->gid),
242 key->type->name); 238 key->type->name);
@@ -247,7 +243,7 @@ static int proc_keys_show(struct seq_file *m, void *v)
247 key->type->describe(key, m); 243 key->type->describe(key, m);
248 seq_putc(m, '\n'); 244 seq_putc(m, '\n');
249 245
250out: 246 rcu_read_unlock();
251 return 0; 247 return 0;
252} 248}
253 249
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index aa3bfcadbc66..09541de31f2f 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -32,47 +32,6 @@ struct key_user root_key_user = {
32 .uid = GLOBAL_ROOT_UID, 32 .uid = GLOBAL_ROOT_UID,
33}; 33};
34 34
35static struct key_acl user_reg_keyring_acl = {
36 .usage = REFCOUNT_INIT(1),
37 .possessor_viewable = true,
38 .nr_ace = 2,
39 .aces = {
40 KEY_POSSESSOR_ACE(KEY_ACE_WRITE | KEY_ACE_SEARCH),
41 KEY_OWNER_ACE(KEY_ACE_VIEW | KEY_ACE_READ),
42 }
43};
44
45static struct key_acl user_keyring_acl = {
46 .usage = REFCOUNT_INIT(1),
47 .possessor_viewable = true,
48 .nr_ace = 2,
49 .aces = {
50 KEY_POSSESSOR_ACE(KEY_ACE_VIEW | KEY_ACE_READ | KEY_ACE_WRITE |
51 KEY_ACE_SEARCH | KEY_ACE_LINK),
52 KEY_OWNER_ACE(KEY_ACE__PERMS & ~(KEY_ACE_JOIN | KEY_ACE_SET_SECURITY)),
53 }
54};
55
56static struct key_acl session_keyring_acl = {
57 .usage = REFCOUNT_INIT(1),
58 .possessor_viewable = true,
59 .nr_ace = 2,
60 .aces = {
61 KEY_POSSESSOR_ACE(KEY_ACE__PERMS & ~KEY_ACE_JOIN),
62 KEY_OWNER_ACE(KEY_ACE_VIEW | KEY_ACE_READ),
63 }
64};
65
66static struct key_acl thread_and_process_keyring_acl = {
67 .usage = REFCOUNT_INIT(1),
68 .possessor_viewable = true,
69 .nr_ace = 2,
70 .aces = {
71 KEY_POSSESSOR_ACE(KEY_ACE__PERMS & ~(KEY_ACE_JOIN | KEY_ACE_SET_SECURITY)),
72 KEY_OWNER_ACE(KEY_ACE_VIEW),
73 }
74};
75
76/* 35/*
77 * Get or create a user register keyring. 36 * Get or create a user register keyring.
78 */ 37 */
@@ -92,8 +51,11 @@ static struct key *get_user_register(struct user_namespace *user_ns)
92 if (!reg_keyring) { 51 if (!reg_keyring) {
93 reg_keyring = keyring_alloc(".user_reg", 52 reg_keyring = keyring_alloc(".user_reg",
94 user_ns->owner, INVALID_GID, 53 user_ns->owner, INVALID_GID,
95 &init_cred, &user_reg_keyring_acl, 54 &init_cred,
96 0, NULL, NULL); 55 KEY_POS_WRITE | KEY_POS_SEARCH |
56 KEY_USR_VIEW | KEY_USR_READ,
57 0,
58 NULL, NULL);
97 if (!IS_ERR(reg_keyring)) 59 if (!IS_ERR(reg_keyring))
98 smp_store_release(&user_ns->user_keyring_register, 60 smp_store_release(&user_ns->user_keyring_register,
99 reg_keyring); 61 reg_keyring);
@@ -115,11 +77,14 @@ int look_up_user_keyrings(struct key **_user_keyring,
115 const struct cred *cred = current_cred(); 77 const struct cred *cred = current_cred();
116 struct user_namespace *user_ns = current_user_ns(); 78 struct user_namespace *user_ns = current_user_ns();
117 struct key *reg_keyring, *uid_keyring, *session_keyring; 79 struct key *reg_keyring, *uid_keyring, *session_keyring;
80 key_perm_t user_keyring_perm;
118 key_ref_t uid_keyring_r, session_keyring_r; 81 key_ref_t uid_keyring_r, session_keyring_r;
119 uid_t uid = from_kuid(user_ns, cred->user->uid); 82 uid_t uid = from_kuid(user_ns, cred->user->uid);
120 char buf[20]; 83 char buf[20];
121 int ret; 84 int ret;
122 85
86 user_keyring_perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL;
87
123 kenter("%u", uid); 88 kenter("%u", uid);
124 89
125 reg_keyring = get_user_register(user_ns); 90 reg_keyring = get_user_register(user_ns);
@@ -139,7 +104,7 @@ int look_up_user_keyrings(struct key **_user_keyring,
139 kdebug("_uid %p", uid_keyring_r); 104 kdebug("_uid %p", uid_keyring_r);
140 if (uid_keyring_r == ERR_PTR(-EAGAIN)) { 105 if (uid_keyring_r == ERR_PTR(-EAGAIN)) {
141 uid_keyring = keyring_alloc(buf, cred->user->uid, INVALID_GID, 106 uid_keyring = keyring_alloc(buf, cred->user->uid, INVALID_GID,
142 cred, &user_keyring_acl, 107 cred, user_keyring_perm,
143 KEY_ALLOC_UID_KEYRING | 108 KEY_ALLOC_UID_KEYRING |
144 KEY_ALLOC_IN_QUOTA, 109 KEY_ALLOC_IN_QUOTA,
145 NULL, reg_keyring); 110 NULL, reg_keyring);
@@ -161,7 +126,7 @@ int look_up_user_keyrings(struct key **_user_keyring,
161 kdebug("_uid_ses %p", session_keyring_r); 126 kdebug("_uid_ses %p", session_keyring_r);
162 if (session_keyring_r == ERR_PTR(-EAGAIN)) { 127 if (session_keyring_r == ERR_PTR(-EAGAIN)) {
163 session_keyring = keyring_alloc(buf, cred->user->uid, INVALID_GID, 128 session_keyring = keyring_alloc(buf, cred->user->uid, INVALID_GID,
164 cred, &user_keyring_acl, 129 cred, user_keyring_perm,
165 KEY_ALLOC_UID_KEYRING | 130 KEY_ALLOC_UID_KEYRING |
166 KEY_ALLOC_IN_QUOTA, 131 KEY_ALLOC_IN_QUOTA,
167 NULL, NULL); 132 NULL, NULL);
@@ -261,7 +226,7 @@ int install_thread_keyring_to_cred(struct cred *new)
261 return 0; 226 return 0;
262 227
263 keyring = keyring_alloc("_tid", new->uid, new->gid, new, 228 keyring = keyring_alloc("_tid", new->uid, new->gid, new,
264 &thread_and_process_keyring_acl, 229 KEY_POS_ALL | KEY_USR_VIEW,
265 KEY_ALLOC_QUOTA_OVERRUN, 230 KEY_ALLOC_QUOTA_OVERRUN,
266 NULL, NULL); 231 NULL, NULL);
267 if (IS_ERR(keyring)) 232 if (IS_ERR(keyring))
@@ -308,7 +273,7 @@ int install_process_keyring_to_cred(struct cred *new)
308 return 0; 273 return 0;
309 274
310 keyring = keyring_alloc("_pid", new->uid, new->gid, new, 275 keyring = keyring_alloc("_pid", new->uid, new->gid, new,
311 &thread_and_process_keyring_acl, 276 KEY_POS_ALL | KEY_USR_VIEW,
312 KEY_ALLOC_QUOTA_OVERRUN, 277 KEY_ALLOC_QUOTA_OVERRUN,
313 NULL, NULL); 278 NULL, NULL);
314 if (IS_ERR(keyring)) 279 if (IS_ERR(keyring))
@@ -363,7 +328,8 @@ int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
363 flags = KEY_ALLOC_IN_QUOTA; 328 flags = KEY_ALLOC_IN_QUOTA;
364 329
365 keyring = keyring_alloc("_ses", cred->uid, cred->gid, cred, 330 keyring = keyring_alloc("_ses", cred->uid, cred->gid, cred,
366 &session_keyring_acl, flags, NULL, NULL); 331 KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ,
332 flags, NULL, NULL);
367 if (IS_ERR(keyring)) 333 if (IS_ERR(keyring))
368 return PTR_ERR(keyring); 334 return PTR_ERR(keyring);
369 } else { 335 } else {
@@ -643,7 +609,7 @@ bool lookup_user_key_possessed(const struct key *key,
643 * returned key reference. 609 * returned key reference.
644 */ 610 */
645key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, 611key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
646 unsigned int desired_perm) 612 key_perm_t perm)
647{ 613{
648 struct keyring_search_context ctx = { 614 struct keyring_search_context ctx = {
649 .match_data.cmp = lookup_user_key_possessed, 615 .match_data.cmp = lookup_user_key_possessed,
@@ -818,12 +784,12 @@ try_again:
818 case -ERESTARTSYS: 784 case -ERESTARTSYS:
819 goto invalid_key; 785 goto invalid_key;
820 default: 786 default:
821 if (desired_perm) 787 if (perm)
822 goto invalid_key; 788 goto invalid_key;
823 case 0: 789 case 0:
824 break; 790 break;
825 } 791 }
826 } else if (desired_perm) { 792 } else if (perm) {
827 ret = key_validate(key); 793 ret = key_validate(key);
828 if (ret < 0) 794 if (ret < 0)
829 goto invalid_key; 795 goto invalid_key;
@@ -835,11 +801,9 @@ try_again:
835 goto invalid_key; 801 goto invalid_key;
836 802
837 /* check the permissions */ 803 /* check the permissions */
838 if (desired_perm) { 804 ret = key_task_permission(key_ref, ctx.cred, perm);
839 ret = key_task_permission(key_ref, ctx.cred, desired_perm); 805 if (ret < 0)
840 if (ret < 0) 806 goto invalid_key;
841 goto invalid_key;
842 }
843 807
844 key->last_used_at = ktime_get_real_seconds(); 808 key->last_used_at = ktime_get_real_seconds();
845 809
@@ -904,13 +868,13 @@ long join_session_keyring(const char *name)
904 if (PTR_ERR(keyring) == -ENOKEY) { 868 if (PTR_ERR(keyring) == -ENOKEY) {
905 /* not found - try and create a new one */ 869 /* not found - try and create a new one */
906 keyring = keyring_alloc( 870 keyring = keyring_alloc(
907 name, old->uid, old->gid, old, &joinable_keyring_acl, 871 name, old->uid, old->gid, old,
872 KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_LINK,
908 KEY_ALLOC_IN_QUOTA, NULL, NULL); 873 KEY_ALLOC_IN_QUOTA, NULL, NULL);
909 if (IS_ERR(keyring)) { 874 if (IS_ERR(keyring)) {
910 ret = PTR_ERR(keyring); 875 ret = PTR_ERR(keyring);
911 goto error2; 876 goto error2;
912 } 877 }
913 goto no_perm_test;
914 } else if (IS_ERR(keyring)) { 878 } else if (IS_ERR(keyring)) {
915 ret = PTR_ERR(keyring); 879 ret = PTR_ERR(keyring);
916 goto error2; 880 goto error2;
@@ -919,12 +883,6 @@ long join_session_keyring(const char *name)
919 goto error3; 883 goto error3;
920 } 884 }
921 885
922 ret = key_task_permission(make_key_ref(keyring, false), old,
923 KEY_NEED_JOIN);
924 if (ret < 0)
925 goto error3;
926
927no_perm_test:
928 /* we've got a keyring - now to install it */ 886 /* we've got a keyring - now to install it */
929 ret = install_session_keyring_to_cred(new, keyring); 887 ret = install_session_keyring_to_cred(new, keyring);
930 if (ret < 0) 888 if (ret < 0)
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index 46c5187ce03f..7325f382dbf4 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -135,7 +135,8 @@ static int call_sbin_request_key(struct key *authkey, void *aux)
135 135
136 cred = get_current_cred(); 136 cred = get_current_cred();
137 keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred, 137 keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred,
138 NULL, KEY_ALLOC_QUOTA_OVERRUN, NULL, NULL); 138 KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ,
139 KEY_ALLOC_QUOTA_OVERRUN, NULL, NULL);
139 put_cred(cred); 140 put_cred(cred);
140 if (IS_ERR(keyring)) { 141 if (IS_ERR(keyring)) {
141 ret = PTR_ERR(keyring); 142 ret = PTR_ERR(keyring);
@@ -366,11 +367,11 @@ static int construct_alloc_key(struct keyring_search_context *ctx,
366 struct key *dest_keyring, 367 struct key *dest_keyring,
367 unsigned long flags, 368 unsigned long flags,
368 struct key_user *user, 369 struct key_user *user,
369 struct key_acl *acl,
370 struct key **_key) 370 struct key **_key)
371{ 371{
372 struct assoc_array_edit *edit = NULL; 372 struct assoc_array_edit *edit = NULL;
373 struct key *key; 373 struct key *key;
374 key_perm_t perm;
374 key_ref_t key_ref; 375 key_ref_t key_ref;
375 int ret; 376 int ret;
376 377
@@ -380,9 +381,17 @@ static int construct_alloc_key(struct keyring_search_context *ctx,
380 *_key = NULL; 381 *_key = NULL;
381 mutex_lock(&user->cons_lock); 382 mutex_lock(&user->cons_lock);
382 383
384 perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR;
385 perm |= KEY_USR_VIEW;
386 if (ctx->index_key.type->read)
387 perm |= KEY_POS_READ;
388 if (ctx->index_key.type == &key_type_keyring ||
389 ctx->index_key.type->update)
390 perm |= KEY_POS_WRITE;
391
383 key = key_alloc(ctx->index_key.type, ctx->index_key.description, 392 key = key_alloc(ctx->index_key.type, ctx->index_key.description,
384 ctx->cred->fsuid, ctx->cred->fsgid, ctx->cred, 393 ctx->cred->fsuid, ctx->cred->fsgid, ctx->cred,
385 acl, flags, NULL); 394 perm, flags, NULL);
386 if (IS_ERR(key)) 395 if (IS_ERR(key))
387 goto alloc_failed; 396 goto alloc_failed;
388 397
@@ -465,7 +474,6 @@ static struct key *construct_key_and_link(struct keyring_search_context *ctx,
465 const char *callout_info, 474 const char *callout_info,
466 size_t callout_len, 475 size_t callout_len,
467 void *aux, 476 void *aux,
468 struct key_acl *acl,
469 struct key *dest_keyring, 477 struct key *dest_keyring,
470 unsigned long flags) 478 unsigned long flags)
471{ 479{
@@ -488,7 +496,7 @@ static struct key *construct_key_and_link(struct keyring_search_context *ctx,
488 goto error_put_dest_keyring; 496 goto error_put_dest_keyring;
489 } 497 }
490 498
491 ret = construct_alloc_key(ctx, dest_keyring, flags, user, acl, &key); 499 ret = construct_alloc_key(ctx, dest_keyring, flags, user, &key);
492 key_user_put(user); 500 key_user_put(user);
493 501
494 if (ret == 0) { 502 if (ret == 0) {
@@ -526,7 +534,6 @@ error:
526 * @callout_info: The data to pass to the instantiation upcall (or NULL). 534 * @callout_info: The data to pass to the instantiation upcall (or NULL).
527 * @callout_len: The length of callout_info. 535 * @callout_len: The length of callout_info.
528 * @aux: Auxiliary data for the upcall. 536 * @aux: Auxiliary data for the upcall.
529 * @acl: The ACL to attach if a new key is created.
530 * @dest_keyring: Where to cache the key. 537 * @dest_keyring: Where to cache the key.
531 * @flags: Flags to key_alloc(). 538 * @flags: Flags to key_alloc().
532 * 539 *
@@ -554,7 +561,6 @@ struct key *request_key_and_link(struct key_type *type,
554 const void *callout_info, 561 const void *callout_info,
555 size_t callout_len, 562 size_t callout_len,
556 void *aux, 563 void *aux,
557 struct key_acl *acl,
558 struct key *dest_keyring, 564 struct key *dest_keyring,
559 unsigned long flags) 565 unsigned long flags)
560{ 566{
@@ -629,7 +635,7 @@ struct key *request_key_and_link(struct key_type *type,
629 goto error_free; 635 goto error_free;
630 636
631 key = construct_key_and_link(&ctx, callout_info, callout_len, 637 key = construct_key_and_link(&ctx, callout_info, callout_len,
632 aux, acl, dest_keyring, flags); 638 aux, dest_keyring, flags);
633 } 639 }
634 640
635error_free: 641error_free:
@@ -672,7 +678,6 @@ EXPORT_SYMBOL(wait_for_key_construction);
672 * @description: The searchable description of the key. 678 * @description: The searchable description of the key.
673 * @domain_tag: The domain in which the key operates. 679 * @domain_tag: The domain in which the key operates.
674 * @callout_info: The data to pass to the instantiation upcall (or NULL). 680 * @callout_info: The data to pass to the instantiation upcall (or NULL).
675 * @acl: The ACL to attach if a new key is created.
676 * 681 *
677 * As for request_key_and_link() except that it does not add the returned key 682 * As for request_key_and_link() except that it does not add the returned key
678 * to a keyring if found, new keys are always allocated in the user's quota, 683 * to a keyring if found, new keys are always allocated in the user's quota,
@@ -685,8 +690,7 @@ EXPORT_SYMBOL(wait_for_key_construction);
685struct key *request_key_tag(struct key_type *type, 690struct key *request_key_tag(struct key_type *type,
686 const char *description, 691 const char *description,
687 struct key_tag *domain_tag, 692 struct key_tag *domain_tag,
688 const char *callout_info, 693 const char *callout_info)
689 struct key_acl *acl)
690{ 694{
691 struct key *key; 695 struct key *key;
692 size_t callout_len = 0; 696 size_t callout_len = 0;
@@ -696,7 +700,7 @@ struct key *request_key_tag(struct key_type *type,
696 callout_len = strlen(callout_info); 700 callout_len = strlen(callout_info);
697 key = request_key_and_link(type, description, domain_tag, 701 key = request_key_and_link(type, description, domain_tag,
698 callout_info, callout_len, 702 callout_info, callout_len,
699 NULL, acl, NULL, KEY_ALLOC_IN_QUOTA); 703 NULL, NULL, KEY_ALLOC_IN_QUOTA);
700 if (!IS_ERR(key)) { 704 if (!IS_ERR(key)) {
701 ret = wait_for_key_construction(key, false); 705 ret = wait_for_key_construction(key, false);
702 if (ret < 0) { 706 if (ret < 0) {
@@ -716,7 +720,6 @@ EXPORT_SYMBOL(request_key_tag);
716 * @callout_info: The data to pass to the instantiation upcall (or NULL). 720 * @callout_info: The data to pass to the instantiation upcall (or NULL).
717 * @callout_len: The length of callout_info. 721 * @callout_len: The length of callout_info.
718 * @aux: Auxiliary data for the upcall. 722 * @aux: Auxiliary data for the upcall.
719 * @acl: The ACL to attach if a new key is created.
720 * 723 *
721 * As for request_key_and_link() except that it does not add the returned key 724 * As for request_key_and_link() except that it does not add the returned key
722 * to a keyring if found and new keys are always allocated in the user's quota. 725 * to a keyring if found and new keys are always allocated in the user's quota.
@@ -729,15 +732,14 @@ struct key *request_key_with_auxdata(struct key_type *type,
729 struct key_tag *domain_tag, 732 struct key_tag *domain_tag,
730 const void *callout_info, 733 const void *callout_info,
731 size_t callout_len, 734 size_t callout_len,
732 void *aux, 735 void *aux)
733 struct key_acl *acl)
734{ 736{
735 struct key *key; 737 struct key *key;
736 int ret; 738 int ret;
737 739
738 key = request_key_and_link(type, description, domain_tag, 740 key = request_key_and_link(type, description, domain_tag,
739 callout_info, callout_len, 741 callout_info, callout_len,
740 aux, acl, NULL, KEY_ALLOC_IN_QUOTA); 742 aux, NULL, KEY_ALLOC_IN_QUOTA);
741 if (!IS_ERR(key)) { 743 if (!IS_ERR(key)) {
742 ret = wait_for_key_construction(key, false); 744 ret = wait_for_key_construction(key, false);
743 if (ret < 0) { 745 if (ret < 0) {
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
index 27e437d94b81..e73ec040e250 100644
--- a/security/keys/request_key_auth.c
+++ b/security/keys/request_key_auth.c
@@ -24,17 +24,6 @@ static void request_key_auth_revoke(struct key *);
24static void request_key_auth_destroy(struct key *); 24static void request_key_auth_destroy(struct key *);
25static long request_key_auth_read(const struct key *, char __user *, size_t); 25static long request_key_auth_read(const struct key *, char __user *, size_t);
26 26
27static struct key_acl request_key_auth_acl = {
28 .usage = REFCOUNT_INIT(1),
29 .nr_ace = 2,
30 .possessor_viewable = true,
31 .aces = {
32 KEY_POSSESSOR_ACE(KEY_ACE_VIEW | KEY_ACE_READ | KEY_ACE_SEARCH |
33 KEY_ACE_LINK),
34 KEY_OWNER_ACE(KEY_ACE_VIEW),
35 }
36};
37
38/* 27/*
39 * The request-key authorisation key type definition. 28 * The request-key authorisation key type definition.
40 */ 29 */
@@ -221,8 +210,8 @@ struct key *request_key_auth_new(struct key *target, const char *op,
221 210
222 authkey = key_alloc(&key_type_request_key_auth, desc, 211 authkey = key_alloc(&key_type_request_key_auth, desc,
223 cred->fsuid, cred->fsgid, cred, 212 cred->fsuid, cred->fsgid, cred,
224 &request_key_auth_acl, 213 KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH | KEY_POS_LINK |
225 KEY_ALLOC_NOT_IN_QUOTA, NULL); 214 KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA, NULL);
226 if (IS_ERR(authkey)) { 215 if (IS_ERR(authkey)) {
227 ret = PTR_ERR(authkey); 216 ret = PTR_ERR(authkey);
228 goto error_free_rka; 217 goto error_free_rka;
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 4bef86ed463b..74dd46de01b6 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -6502,7 +6502,6 @@ static int selinux_key_permission(key_ref_t key_ref,
6502{ 6502{
6503 struct key *key; 6503 struct key *key;
6504 struct key_security_struct *ksec; 6504 struct key_security_struct *ksec;
6505 unsigned oldstyle_perm;
6506 u32 sid; 6505 u32 sid;
6507 6506
6508 /* if no specific permissions are requested, we skip the 6507 /* if no specific permissions are requested, we skip the
@@ -6511,26 +6510,13 @@ static int selinux_key_permission(key_ref_t key_ref,
6511 if (perm == 0) 6510 if (perm == 0)
6512 return 0; 6511 return 0;
6513 6512
6514 oldstyle_perm = perm & (KEY_NEED_VIEW | KEY_NEED_READ | KEY_NEED_WRITE |
6515 KEY_NEED_SEARCH | KEY_NEED_LINK);
6516 if (perm & KEY_NEED_SETSEC)
6517 oldstyle_perm |= OLD_KEY_NEED_SETATTR;
6518 if (perm & KEY_NEED_INVAL)
6519 oldstyle_perm |= KEY_NEED_SEARCH;
6520 if (perm & KEY_NEED_REVOKE && !(perm & OLD_KEY_NEED_SETATTR))
6521 oldstyle_perm |= KEY_NEED_WRITE;
6522 if (perm & KEY_NEED_JOIN)
6523 oldstyle_perm |= KEY_NEED_SEARCH;
6524 if (perm & KEY_NEED_CLEAR)
6525 oldstyle_perm |= KEY_NEED_WRITE;
6526
6527 sid = cred_sid(cred); 6513 sid = cred_sid(cred);
6528 6514
6529 key = key_ref_to_ptr(key_ref); 6515 key = key_ref_to_ptr(key_ref);
6530 ksec = key->security; 6516 ksec = key->security;
6531 6517
6532 return avc_has_perm(&selinux_state, 6518 return avc_has_perm(&selinux_state,
6533 sid, ksec->sid, SECCLASS_KEY, oldstyle_perm, NULL); 6519 sid, ksec->sid, SECCLASS_KEY, perm, NULL);
6534} 6520}
6535 6521
6536static int selinux_key_getsecurity(struct key *key, char **_buffer) 6522static int selinux_key_getsecurity(struct key *key, char **_buffer)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 50c536cad85b..4c5e5a438f8b 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -4284,8 +4284,7 @@ static int smack_key_permission(key_ref_t key_ref,
4284#endif 4284#endif
4285 if (perm & (KEY_NEED_READ | KEY_NEED_SEARCH | KEY_NEED_VIEW)) 4285 if (perm & (KEY_NEED_READ | KEY_NEED_SEARCH | KEY_NEED_VIEW))
4286 request |= MAY_READ; 4286 request |= MAY_READ;
4287 if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETSEC | 4287 if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR))
4288 KEY_NEED_INVAL | KEY_NEED_REVOKE | KEY_NEED_CLEAR))
4289 request |= MAY_WRITE; 4288 request |= MAY_WRITE;
4290 rc = smk_access(tkp, keyp->security, request, &ad); 4289 rc = smk_access(tkp, keyp->security, request, &ad);
4291 rc = smk_bu_note("key access", tkp, keyp->security, request, rc); 4290 rc = smk_bu_note("key access", tkp, keyp->security, request, rc);