aboutsummaryrefslogtreecommitdiffstats
path: root/security/keys/key.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/keys/key.c')
-rw-r--r--security/keys/key.c25
1 files changed, 13 insertions, 12 deletions
diff --git a/security/keys/key.c b/security/keys/key.c
index a6ca39ed3b0..f76c8a546fd 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -218,7 +218,7 @@ serial_exists:
218 * instantiate the key or discard it before returning 218 * instantiate the key or discard it before returning
219 */ 219 */
220struct key *key_alloc(struct key_type *type, const char *desc, 220struct key *key_alloc(struct key_type *type, const char *desc,
221 uid_t uid, gid_t gid, struct task_struct *ctx, 221 uid_t uid, gid_t gid, const struct cred *cred,
222 key_perm_t perm, unsigned long flags) 222 key_perm_t perm, unsigned long flags)
223{ 223{
224 struct key_user *user = NULL; 224 struct key_user *user = NULL;
@@ -294,7 +294,7 @@ struct key *key_alloc(struct key_type *type, const char *desc,
294#endif 294#endif
295 295
296 /* let the security module know about the key */ 296 /* let the security module know about the key */
297 ret = security_key_alloc(key, ctx, flags); 297 ret = security_key_alloc(key, cred, flags);
298 if (ret < 0) 298 if (ret < 0)
299 goto security_error; 299 goto security_error;
300 300
@@ -391,7 +391,7 @@ static int __key_instantiate_and_link(struct key *key,
391 const void *data, 391 const void *data,
392 size_t datalen, 392 size_t datalen,
393 struct key *keyring, 393 struct key *keyring,
394 struct key *instkey) 394 struct key *authkey)
395{ 395{
396 int ret, awaken; 396 int ret, awaken;
397 397
@@ -421,8 +421,8 @@ static int __key_instantiate_and_link(struct key *key,
421 ret = __key_link(keyring, key); 421 ret = __key_link(keyring, key);
422 422
423 /* disable the authorisation key */ 423 /* disable the authorisation key */
424 if (instkey) 424 if (authkey)
425 key_revoke(instkey); 425 key_revoke(authkey);
426 } 426 }
427 } 427 }
428 428
@@ -444,14 +444,14 @@ int key_instantiate_and_link(struct key *key,
444 const void *data, 444 const void *data,
445 size_t datalen, 445 size_t datalen,
446 struct key *keyring, 446 struct key *keyring,
447 struct key *instkey) 447 struct key *authkey)
448{ 448{
449 int ret; 449 int ret;
450 450
451 if (keyring) 451 if (keyring)
452 down_write(&keyring->sem); 452 down_write(&keyring->sem);
453 453
454 ret = __key_instantiate_and_link(key, data, datalen, keyring, instkey); 454 ret = __key_instantiate_and_link(key, data, datalen, keyring, authkey);
455 455
456 if (keyring) 456 if (keyring)
457 up_write(&keyring->sem); 457 up_write(&keyring->sem);
@@ -469,7 +469,7 @@ EXPORT_SYMBOL(key_instantiate_and_link);
469int key_negate_and_link(struct key *key, 469int key_negate_and_link(struct key *key,
470 unsigned timeout, 470 unsigned timeout,
471 struct key *keyring, 471 struct key *keyring,
472 struct key *instkey) 472 struct key *authkey)
473{ 473{
474 struct timespec now; 474 struct timespec now;
475 int ret, awaken; 475 int ret, awaken;
@@ -504,8 +504,8 @@ int key_negate_and_link(struct key *key,
504 ret = __key_link(keyring, key); 504 ret = __key_link(keyring, key);
505 505
506 /* disable the authorisation key */ 506 /* disable the authorisation key */
507 if (instkey) 507 if (authkey)
508 key_revoke(instkey); 508 key_revoke(authkey);
509 } 509 }
510 510
511 mutex_unlock(&key_construction_mutex); 511 mutex_unlock(&key_construction_mutex);
@@ -743,6 +743,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
743 key_perm_t perm, 743 key_perm_t perm,
744 unsigned long flags) 744 unsigned long flags)
745{ 745{
746 const struct cred *cred = current_cred();
746 struct key_type *ktype; 747 struct key_type *ktype;
747 struct key *keyring, *key = NULL; 748 struct key *keyring, *key = NULL;
748 key_ref_t key_ref; 749 key_ref_t key_ref;
@@ -802,8 +803,8 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
802 } 803 }
803 804
804 /* allocate a new key */ 805 /* allocate a new key */
805 key = key_alloc(ktype, description, current_fsuid(), current_fsgid(), 806 key = key_alloc(ktype, description, cred->fsuid, cred->fsgid, cred,
806 current, perm, flags); 807 perm, flags);
807 if (IS_ERR(key)) { 808 if (IS_ERR(key)) {
808 key_ref = ERR_CAST(key); 809 key_ref = ERR_CAST(key);
809 goto error_3; 810 goto error_3;