KEYS: Add a 'trusted' flag and a 'trusted only' flag

Add KEY_FLAG_TRUSTED to indicate that a key either comes from a trusted source
or had a cryptographic signature chain that led back to a trusted key the
kernel already possessed.

Add KEY_FLAGS_TRUSTED_ONLY to indicate that a keyring will only accept links to
keys marked with KEY_FLAGS_TRUSTED.

Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Kees Cook <keescook@chromium.org>

1 files changed, 3 insertions, 1 deletions

diff --git a/kernel/system_keyring.c b/kernel/system_keyring.c
index 51c35141a13a..5296721eca5b 100644
--- a/kernel/system_keyring.c
+++ b/kernel/system_keyring.c
@@ -40,6 +40,7 @@ static __init int system_trusted_keyring_init(void)
         if (IS_ERR(system_trusted_keyring))
                 panic("Can't allocate system trusted keyring\n");
 
+        set_bit(KEY_FLAG_TRUSTED_ONLY, &system_trusted_keyring->flags);
         return 0;
 }
 
@@ -82,7 +83,8 @@ static __init int load_system_certificate_list(void)
                                            plen,
                                            (KEY_POS_ALL & ~KEY_POS_SETATTR) |
                                            KEY_USR_VIEW,
-                                           KEY_ALLOC_NOT_IN_QUOTA);
+                                           KEY_ALLOC_NOT_IN_QUOTA |
+                                           KEY_ALLOC_TRUSTED);
                 if (IS_ERR(key)) {
                         pr_err("Problem loading in-kernel X.509 certificate (%ld)\n",
                                PTR_ERR(key));