diff options
| -rw-r--r-- | certs/system_keyring.c | 2 | ||||
| -rw-r--r-- | include/keys/system_keyring.h | 1 | ||||
| -rw-r--r-- | include/linux/key-type.h | 1 | ||||
| -rw-r--r-- | include/linux/key.h | 21 | ||||
| -rw-r--r-- | security/integrity/digsig.c | 3 | ||||
| -rw-r--r-- | security/keys/key.c | 11 | ||||
| -rw-r--r-- | security/keys/keyring.c | 29 |
7 files changed, 9 insertions, 59 deletions
diff --git a/certs/system_keyring.c b/certs/system_keyring.c index 4e2fa8ab01d6..e460d00a7781 100644 --- a/certs/system_keyring.c +++ b/certs/system_keyring.c | |||
| @@ -31,7 +31,6 @@ extern __initconst const unsigned long system_certificate_list_size; | |||
| 31 | */ | 31 | */ |
| 32 | int restrict_link_by_builtin_trusted(struct key *keyring, | 32 | int restrict_link_by_builtin_trusted(struct key *keyring, |
| 33 | const struct key_type *type, | 33 | const struct key_type *type, |
| 34 | unsigned long flags, | ||
| 35 | const union key_payload *payload) | 34 | const union key_payload *payload) |
| 36 | { | 35 | { |
| 37 | return restrict_link_by_signature(system_trusted_keyring, | 36 | return restrict_link_by_signature(system_trusted_keyring, |
| @@ -97,7 +96,6 @@ static __init int load_system_certificate_list(void) | |||
| 97 | ((KEY_POS_ALL & ~KEY_POS_SETATTR) | | 96 | ((KEY_POS_ALL & ~KEY_POS_SETATTR) | |
| 98 | KEY_USR_VIEW | KEY_USR_READ), | 97 | KEY_USR_VIEW | KEY_USR_READ), |
| 99 | KEY_ALLOC_NOT_IN_QUOTA | | 98 | KEY_ALLOC_NOT_IN_QUOTA | |
| 100 | KEY_ALLOC_TRUSTED | | ||
| 101 | KEY_ALLOC_BUILT_IN | | 99 | KEY_ALLOC_BUILT_IN | |
| 102 | KEY_ALLOC_BYPASS_RESTRICTION); | 100 | KEY_ALLOC_BYPASS_RESTRICTION); |
| 103 | if (IS_ERR(key)) { | 101 | if (IS_ERR(key)) { |
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h index 93715913a0b1..c72330ae76df 100644 --- a/include/keys/system_keyring.h +++ b/include/keys/system_keyring.h | |||
| @@ -18,7 +18,6 @@ | |||
| 18 | 18 | ||
| 19 | extern int restrict_link_by_builtin_trusted(struct key *keyring, | 19 | extern int restrict_link_by_builtin_trusted(struct key *keyring, |
| 20 | const struct key_type *type, | 20 | const struct key_type *type, |
| 21 | unsigned long flags, | ||
| 22 | const union key_payload *payload); | 21 | const union key_payload *payload); |
| 23 | 22 | ||
| 24 | #else | 23 | #else |
diff --git a/include/linux/key-type.h b/include/linux/key-type.h index 7463355a198b..eaee981c5558 100644 --- a/include/linux/key-type.h +++ b/include/linux/key-type.h | |||
| @@ -45,7 +45,6 @@ struct key_preparsed_payload { | |||
| 45 | size_t datalen; /* Raw datalen */ | 45 | size_t datalen; /* Raw datalen */ |
| 46 | size_t quotalen; /* Quota length for proposed payload */ | 46 | size_t quotalen; /* Quota length for proposed payload */ |
| 47 | time_t expiry; /* Expiry time of key */ | 47 | time_t expiry; /* Expiry time of key */ |
| 48 | bool trusted; /* True if key is trusted */ | ||
| 49 | }; | 48 | }; |
| 50 | 49 | ||
| 51 | typedef int (*request_key_actor_t)(struct key_construction *key, | 50 | typedef int (*request_key_actor_t)(struct key_construction *key, |
diff --git a/include/linux/key.h b/include/linux/key.h index 83b603639d2e..722914798f37 100644 --- a/include/linux/key.h +++ b/include/linux/key.h | |||
| @@ -173,10 +173,9 @@ struct key { | |||
| 173 | #define KEY_FLAG_NEGATIVE 5 /* set if key is negative */ | 173 | #define KEY_FLAG_NEGATIVE 5 /* set if key is negative */ |
| 174 | #define KEY_FLAG_ROOT_CAN_CLEAR 6 /* set if key can be cleared by root without permission */ | 174 | #define KEY_FLAG_ROOT_CAN_CLEAR 6 /* set if key can be cleared by root without permission */ |
| 175 | #define KEY_FLAG_INVALIDATED 7 /* set if key has been invalidated */ | 175 | #define KEY_FLAG_INVALIDATED 7 /* set if key has been invalidated */ |
| 176 | #define KEY_FLAG_TRUSTED 8 /* set if key is trusted */ | 176 | #define KEY_FLAG_BUILTIN 8 /* set if key is built in to the kernel */ |
| 177 | #define KEY_FLAG_BUILTIN 9 /* set if key is built in to the kernel */ | 177 | #define KEY_FLAG_ROOT_CAN_INVAL 9 /* set if key can be invalidated by root without permission */ |
| 178 | #define KEY_FLAG_ROOT_CAN_INVAL 10 /* set if key can be invalidated by root without permission */ | 178 | #define KEY_FLAG_KEEP 10 /* set if key should not be removed */ |
| 179 | #define KEY_FLAG_KEEP 11 /* set if key should not be removed */ | ||
| 180 | 179 | ||
| 181 | /* the key type and key description string | 180 | /* the key type and key description string |
| 182 | * - the desc is used to match a key against search criteria | 181 | * - the desc is used to match a key against search criteria |
| @@ -217,7 +216,6 @@ struct key { | |||
| 217 | */ | 216 | */ |
| 218 | int (*restrict_link)(struct key *keyring, | 217 | int (*restrict_link)(struct key *keyring, |
| 219 | const struct key_type *type, | 218 | const struct key_type *type, |
| 220 | unsigned long flags, | ||
| 221 | const union key_payload *payload); | 219 | const union key_payload *payload); |
| 222 | }; | 220 | }; |
| 223 | 221 | ||
| @@ -229,16 +227,14 @@ extern struct key *key_alloc(struct key_type *type, | |||
| 229 | unsigned long flags, | 227 | unsigned long flags, |
| 230 | int (*restrict_link)(struct key *, | 228 | int (*restrict_link)(struct key *, |
| 231 | const struct key_type *, | 229 | const struct key_type *, |
| 232 | unsigned long, | ||
| 233 | const union key_payload *)); | 230 | const union key_payload *)); |
| 234 | 231 | ||
| 235 | 232 | ||
| 236 | #define KEY_ALLOC_IN_QUOTA 0x0000 /* add to quota, reject if would overrun */ | 233 | #define KEY_ALLOC_IN_QUOTA 0x0000 /* add to quota, reject if would overrun */ |
| 237 | #define KEY_ALLOC_QUOTA_OVERRUN 0x0001 /* add to quota, permit even if overrun */ | 234 | #define KEY_ALLOC_QUOTA_OVERRUN 0x0001 /* add to quota, permit even if overrun */ |
| 238 | #define KEY_ALLOC_NOT_IN_QUOTA 0x0002 /* not in quota */ | 235 | #define KEY_ALLOC_NOT_IN_QUOTA 0x0002 /* not in quota */ |
| 239 | #define KEY_ALLOC_TRUSTED 0x0004 /* Key should be flagged as trusted */ | 236 | #define KEY_ALLOC_BUILT_IN 0x0004 /* Key is built into kernel */ |
| 240 | #define KEY_ALLOC_BUILT_IN 0x0008 /* Key is built into kernel */ | 237 | #define KEY_ALLOC_BYPASS_RESTRICTION 0x0008 /* Override the check on restricted keyrings */ |
| 241 | #define KEY_ALLOC_BYPASS_RESTRICTION 0x0010 /* Override the check on restricted keyrings */ | ||
| 242 | 238 | ||
| 243 | extern void key_revoke(struct key *key); | 239 | extern void key_revoke(struct key *key); |
| 244 | extern void key_invalidate(struct key *key); | 240 | extern void key_invalidate(struct key *key); |
| @@ -309,18 +305,11 @@ extern struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid | |||
| 309 | unsigned long flags, | 305 | unsigned long flags, |
| 310 | int (*restrict_link)(struct key *, | 306 | int (*restrict_link)(struct key *, |
| 311 | const struct key_type *, | 307 | const struct key_type *, |
| 312 | unsigned long, | ||
| 313 | const union key_payload *), | 308 | const union key_payload *), |
| 314 | struct key *dest); | 309 | struct key *dest); |
| 315 | 310 | ||
| 316 | extern int keyring_restrict_trusted_only(struct key *keyring, | ||
| 317 | const struct key_type *type, | ||
| 318 | unsigned long, | ||
| 319 | const union key_payload *payload); | ||
| 320 | |||
| 321 | extern int restrict_link_reject(struct key *keyring, | 311 | extern int restrict_link_reject(struct key *keyring, |
| 322 | const struct key_type *type, | 312 | const struct key_type *type, |
| 323 | unsigned long flags, | ||
| 324 | const union key_payload *payload); | 313 | const union key_payload *payload); |
| 325 | 314 | ||
| 326 | extern int keyring_clear(struct key *keyring); | 315 | extern int keyring_clear(struct key *keyring); |
diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c index d647178c6bbd..98ee4c752cf5 100644 --- a/security/integrity/digsig.c +++ b/security/integrity/digsig.c | |||
| @@ -51,12 +51,11 @@ static bool init_keyring __initdata; | |||
| 51 | */ | 51 | */ |
| 52 | static int restrict_link_by_ima_mok(struct key *keyring, | 52 | static int restrict_link_by_ima_mok(struct key *keyring, |
| 53 | const struct key_type *type, | 53 | const struct key_type *type, |
| 54 | unsigned long flags, | ||
| 55 | const union key_payload *payload) | 54 | const union key_payload *payload) |
| 56 | { | 55 | { |
| 57 | int ret; | 56 | int ret; |
| 58 | 57 | ||
| 59 | ret = restrict_link_by_builtin_trusted(keyring, type, flags, payload); | 58 | ret = restrict_link_by_builtin_trusted(keyring, type, payload); |
| 60 | if (ret != -ENOKEY) | 59 | if (ret != -ENOKEY) |
| 61 | return ret; | 60 | return ret; |
| 62 | 61 | ||
diff --git a/security/keys/key.c b/security/keys/key.c index deb881754e03..bd5a272f28a6 100644 --- a/security/keys/key.c +++ b/security/keys/key.c | |||
| @@ -227,7 +227,6 @@ struct key *key_alloc(struct key_type *type, const char *desc, | |||
| 227 | key_perm_t perm, unsigned long flags, | 227 | key_perm_t perm, unsigned long flags, |
| 228 | int (*restrict_link)(struct key *, | 228 | int (*restrict_link)(struct key *, |
| 229 | const struct key_type *, | 229 | const struct key_type *, |
| 230 | unsigned long, | ||
| 231 | const union key_payload *)) | 230 | const union key_payload *)) |
| 232 | { | 231 | { |
| 233 | struct key_user *user = NULL; | 232 | struct key_user *user = NULL; |
| @@ -300,8 +299,6 @@ struct key *key_alloc(struct key_type *type, const char *desc, | |||
| 300 | 299 | ||
| 301 | if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) | 300 | if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) |
| 302 | key->flags |= 1 << KEY_FLAG_IN_QUOTA; | 301 | key->flags |= 1 << KEY_FLAG_IN_QUOTA; |
| 303 | if (flags & KEY_ALLOC_TRUSTED) | ||
| 304 | key->flags |= 1 << KEY_FLAG_TRUSTED; | ||
| 305 | if (flags & KEY_ALLOC_BUILT_IN) | 302 | if (flags & KEY_ALLOC_BUILT_IN) |
| 306 | key->flags |= 1 << KEY_FLAG_BUILTIN; | 303 | key->flags |= 1 << KEY_FLAG_BUILTIN; |
| 307 | 304 | ||
| @@ -504,7 +501,7 @@ int key_instantiate_and_link(struct key *key, | |||
| 504 | if (keyring) { | 501 | if (keyring) { |
| 505 | if (keyring->restrict_link) { | 502 | if (keyring->restrict_link) { |
| 506 | ret = keyring->restrict_link(keyring, key->type, | 503 | ret = keyring->restrict_link(keyring, key->type, |
| 507 | key->flags, &prep.payload); | 504 | &prep.payload); |
| 508 | if (ret < 0) | 505 | if (ret < 0) |
| 509 | goto error; | 506 | goto error; |
| 510 | } | 507 | } |
| @@ -811,7 +808,6 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, | |||
| 811 | int ret; | 808 | int ret; |
| 812 | int (*restrict_link)(struct key *, | 809 | int (*restrict_link)(struct key *, |
| 813 | const struct key_type *, | 810 | const struct key_type *, |
| 814 | unsigned long, | ||
| 815 | const union key_payload *) = NULL; | 811 | const union key_payload *) = NULL; |
| 816 | 812 | ||
| 817 | /* look up the key type to see if it's one of the registered kernel | 813 | /* look up the key type to see if it's one of the registered kernel |
| @@ -843,7 +839,6 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, | |||
| 843 | prep.data = payload; | 839 | prep.data = payload; |
| 844 | prep.datalen = plen; | 840 | prep.datalen = plen; |
| 845 | prep.quotalen = index_key.type->def_datalen; | 841 | prep.quotalen = index_key.type->def_datalen; |
| 846 | prep.trusted = flags & KEY_ALLOC_TRUSTED; | ||
| 847 | prep.expiry = TIME_T_MAX; | 842 | prep.expiry = TIME_T_MAX; |
| 848 | if (index_key.type->preparse) { | 843 | if (index_key.type->preparse) { |
| 849 | ret = index_key.type->preparse(&prep); | 844 | ret = index_key.type->preparse(&prep); |
| @@ -860,9 +855,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, | |||
| 860 | index_key.desc_len = strlen(index_key.description); | 855 | index_key.desc_len = strlen(index_key.description); |
| 861 | 856 | ||
| 862 | if (restrict_link) { | 857 | if (restrict_link) { |
| 863 | unsigned long kflags = prep.trusted ? KEY_FLAG_TRUSTED : 0; | 858 | ret = restrict_link(keyring, index_key.type, &prep.payload); |
| 864 | ret = restrict_link(keyring, | ||
| 865 | index_key.type, kflags, &prep.payload); | ||
| 866 | if (ret < 0) { | 859 | if (ret < 0) { |
| 867 | key_ref = ERR_PTR(ret); | 860 | key_ref = ERR_PTR(ret); |
| 868 | goto error_free_prep; | 861 | goto error_free_prep; |
diff --git a/security/keys/keyring.c b/security/keys/keyring.c index d2d1f3378008..c91e4e0cea08 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c | |||
| @@ -494,7 +494,6 @@ struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid, | |||
| 494 | unsigned long flags, | 494 | unsigned long flags, |
| 495 | int (*restrict_link)(struct key *, | 495 | int (*restrict_link)(struct key *, |
| 496 | const struct key_type *, | 496 | const struct key_type *, |
| 497 | unsigned long, | ||
| 498 | const union key_payload *), | 497 | const union key_payload *), |
| 499 | struct key *dest) | 498 | struct key *dest) |
| 500 | { | 499 | { |
| @@ -516,33 +515,9 @@ struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid, | |||
| 516 | EXPORT_SYMBOL(keyring_alloc); | 515 | EXPORT_SYMBOL(keyring_alloc); |
| 517 | 516 | ||
| 518 | /** | 517 | /** |
| 519 | * keyring_restrict_trusted_only - Restrict additions to a keyring to trusted keys only | ||
| 520 | * @keyring: The keyring being added to. | ||
| 521 | * @type: The type of key being added. | ||
| 522 | * @flags: The key flags. | ||
| 523 | * @payload: The payload of the key intended to be added. | ||
| 524 | * | ||
| 525 | * Reject the addition of any links to a keyring that point to keys that aren't | ||
| 526 | * marked as being trusted. It can be overridden by passing | ||
| 527 | * KEY_ALLOC_BYPASS_RESTRICTION to key_instantiate_and_link() when adding a key | ||
| 528 | * to a keyring. | ||
| 529 | * | ||
| 530 | * This is meant to be passed as the restrict_link parameter to | ||
| 531 | * keyring_alloc(). | ||
| 532 | */ | ||
| 533 | int keyring_restrict_trusted_only(struct key *keyring, | ||
| 534 | const struct key_type *type, | ||
| 535 | unsigned long flags, | ||
| 536 | const union key_payload *payload) | ||
| 537 | { | ||
| 538 | return flags & KEY_FLAG_TRUSTED ? 0 : -EPERM; | ||
| 539 | } | ||
| 540 | |||
| 541 | /** | ||
| 542 | * restrict_link_reject - Give -EPERM to restrict link | 518 | * restrict_link_reject - Give -EPERM to restrict link |
| 543 | * @keyring: The keyring being added to. | 519 | * @keyring: The keyring being added to. |
| 544 | * @type: The type of key being added. | 520 | * @type: The type of key being added. |
| 545 | * @flags: The key flags. | ||
| 546 | * @payload: The payload of the key intended to be added. | 521 | * @payload: The payload of the key intended to be added. |
| 547 | * | 522 | * |
| 548 | * Reject the addition of any links to a keyring. It can be overridden by | 523 | * Reject the addition of any links to a keyring. It can be overridden by |
| @@ -554,7 +529,6 @@ int keyring_restrict_trusted_only(struct key *keyring, | |||
| 554 | */ | 529 | */ |
| 555 | int restrict_link_reject(struct key *keyring, | 530 | int restrict_link_reject(struct key *keyring, |
| 556 | const struct key_type *type, | 531 | const struct key_type *type, |
| 557 | unsigned long flags, | ||
| 558 | const union key_payload *payload) | 532 | const union key_payload *payload) |
| 559 | { | 533 | { |
| 560 | return -EPERM; | 534 | return -EPERM; |
| @@ -1248,8 +1222,7 @@ static int __key_link_check_restriction(struct key *keyring, struct key *key) | |||
| 1248 | { | 1222 | { |
| 1249 | if (!keyring->restrict_link) | 1223 | if (!keyring->restrict_link) |
| 1250 | return 0; | 1224 | return 0; |
| 1251 | return keyring->restrict_link(keyring, | 1225 | return keyring->restrict_link(keyring, key->type, &key->payload); |
| 1252 | key->type, key->flags, &key->payload); | ||
| 1253 | } | 1226 | } |
| 1254 | 1227 | ||
| 1255 | /** | 1228 | /** |