aboutsummaryrefslogtreecommitdiffstats
path: root/security/keys/internal.h
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2010-06-11 12:31:10 -0400
committerJames Morris <jmorris@namei.org>2010-08-02 01:34:27 -0400
commit927942aabbbe506bf9bc70a16dc5460ecc64c148 (patch)
tree2c53ccb405bd4afb03ff9f7acab892fafc7e9b0f /security/keys/internal.h
parent9156235b3427d6f01c5c95022f72f381f07583f5 (diff)
KEYS: Make /proc/keys check to see if a key is possessed before security check
Make /proc/keys check to see if the calling process possesses each key before performing the security check. The possession check can be skipped if the key doesn't have the possessor-view permission bit set. This causes the keys a process possesses to show up in /proc/keys, even if they don't have matching user/group/other view permissions. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/keys/internal.h')
-rw-r--r--security/keys/internal.h5
1 files changed, 5 insertions, 0 deletions
diff --git a/security/keys/internal.h b/security/keys/internal.h
index 38783dcf6c6..addb67b169f 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -114,6 +114,10 @@ extern key_ref_t keyring_search_aux(key_ref_t keyring_ref,
114 const void *description, 114 const void *description,
115 key_match_func_t match); 115 key_match_func_t match);
116 116
117extern key_ref_t search_my_process_keyrings(struct key_type *type,
118 const void *description,
119 key_match_func_t match,
120 const struct cred *cred);
117extern key_ref_t search_process_keyrings(struct key_type *type, 121extern key_ref_t search_process_keyrings(struct key_type *type,
118 const void *description, 122 const void *description,
119 key_match_func_t match, 123 key_match_func_t match,
@@ -134,6 +138,7 @@ extern struct key *request_key_and_link(struct key_type *type,
134 struct key *dest_keyring, 138 struct key *dest_keyring,
135 unsigned long flags); 139 unsigned long flags);
136 140
141extern int lookup_user_key_possessed(const struct key *key, const void *target);
137extern key_ref_t lookup_user_key(key_serial_t id, unsigned long flags, 142extern key_ref_t lookup_user_key(key_serial_t id, unsigned long flags,
138 key_perm_t perm); 143 key_perm_t perm);
139#define KEY_LOOKUP_CREATE 0x01 144#define KEY_LOOKUP_CREATE 0x01