diff options
author | David Howells <dhowells@redhat.com> | 2010-06-11 12:31:10 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2010-08-02 01:34:27 -0400 |
commit | 927942aabbbe506bf9bc70a16dc5460ecc64c148 (patch) | |
tree | 2c53ccb405bd4afb03ff9f7acab892fafc7e9b0f /security/keys/internal.h | |
parent | 9156235b3427d6f01c5c95022f72f381f07583f5 (diff) |
KEYS: Make /proc/keys check to see if a key is possessed before security check
Make /proc/keys check to see if the calling process possesses each key before
performing the security check. The possession check can be skipped if the key
doesn't have the possessor-view permission bit set.
This causes the keys a process possesses to show up in /proc/keys, even if they
don't have matching user/group/other view permissions.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/keys/internal.h')
-rw-r--r-- | security/keys/internal.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/security/keys/internal.h b/security/keys/internal.h index 38783dcf6c6..addb67b169f 100644 --- a/security/keys/internal.h +++ b/security/keys/internal.h | |||
@@ -114,6 +114,10 @@ extern key_ref_t keyring_search_aux(key_ref_t keyring_ref, | |||
114 | const void *description, | 114 | const void *description, |
115 | key_match_func_t match); | 115 | key_match_func_t match); |
116 | 116 | ||
117 | extern key_ref_t search_my_process_keyrings(struct key_type *type, | ||
118 | const void *description, | ||
119 | key_match_func_t match, | ||
120 | const struct cred *cred); | ||
117 | extern key_ref_t search_process_keyrings(struct key_type *type, | 121 | extern key_ref_t search_process_keyrings(struct key_type *type, |
118 | const void *description, | 122 | const void *description, |
119 | key_match_func_t match, | 123 | key_match_func_t match, |
@@ -134,6 +138,7 @@ extern struct key *request_key_and_link(struct key_type *type, | |||
134 | struct key *dest_keyring, | 138 | struct key *dest_keyring, |
135 | unsigned long flags); | 139 | unsigned long flags); |
136 | 140 | ||
141 | extern int lookup_user_key_possessed(const struct key *key, const void *target); | ||
137 | extern key_ref_t lookup_user_key(key_serial_t id, unsigned long flags, | 142 | extern key_ref_t lookup_user_key(key_serial_t id, unsigned long flags, |
138 | key_perm_t perm); | 143 | key_perm_t perm); |
139 | #define KEY_LOOKUP_CREATE 0x01 | 144 | #define KEY_LOOKUP_CREATE 0x01 |