diff options
author | David Howells <dhowells@redhat.com> | 2013-08-30 11:07:37 -0400 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2013-09-25 12:17:01 -0400 |
commit | 008643b86c5f33c115c84ccdda1725cac3ad50ad (patch) | |
tree | 951ea0d3d7b84ce3570da17f03f45a53f3e4b35d /security/keys/key.c | |
parent | b56e5a17b6b9acd16997960504b9940d0d7984e7 (diff) |
KEYS: Add a 'trusted' flag and a 'trusted only' flag
Add KEY_FLAG_TRUSTED to indicate that a key either comes from a trusted source
or had a cryptographic signature chain that led back to a trusted key the
kernel already possessed.
Add KEY_FLAGS_TRUSTED_ONLY to indicate that a keyring will only accept links to
keys marked with KEY_FLAGS_TRUSTED.
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'security/keys/key.c')
-rw-r--r-- | security/keys/key.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/security/keys/key.c b/security/keys/key.c index a819b5c7d4ec..d331ea9ef380 100644 --- a/security/keys/key.c +++ b/security/keys/key.c | |||
@@ -300,6 +300,8 @@ struct key *key_alloc(struct key_type *type, const char *desc, | |||
300 | 300 | ||
301 | if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) | 301 | if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) |
302 | key->flags |= 1 << KEY_FLAG_IN_QUOTA; | 302 | key->flags |= 1 << KEY_FLAG_IN_QUOTA; |
303 | if (flags & KEY_ALLOC_TRUSTED) | ||
304 | key->flags |= 1 << KEY_FLAG_TRUSTED; | ||
303 | 305 | ||
304 | memset(&key->type_data, 0, sizeof(key->type_data)); | 306 | memset(&key->type_data, 0, sizeof(key->type_data)); |
305 | 307 | ||
@@ -813,6 +815,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, | |||
813 | prep.data = payload; | 815 | prep.data = payload; |
814 | prep.datalen = plen; | 816 | prep.datalen = plen; |
815 | prep.quotalen = index_key.type->def_datalen; | 817 | prep.quotalen = index_key.type->def_datalen; |
818 | prep.trusted = flags & KEY_ALLOC_TRUSTED; | ||
816 | if (index_key.type->preparse) { | 819 | if (index_key.type->preparse) { |
817 | ret = index_key.type->preparse(&prep); | 820 | ret = index_key.type->preparse(&prep); |
818 | if (ret < 0) { | 821 | if (ret < 0) { |
@@ -827,6 +830,11 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, | |||
827 | } | 830 | } |
828 | index_key.desc_len = strlen(index_key.description); | 831 | index_key.desc_len = strlen(index_key.description); |
829 | 832 | ||
833 | key_ref = ERR_PTR(-EPERM); | ||
834 | if (!prep.trusted && test_bit(KEY_FLAG_TRUSTED_ONLY, &keyring->flags)) | ||
835 | goto error_free_prep; | ||
836 | flags |= prep.trusted ? KEY_ALLOC_TRUSTED : 0; | ||
837 | |||
830 | ret = __key_link_begin(keyring, &index_key, &edit); | 838 | ret = __key_link_begin(keyring, &index_key, &edit); |
831 | if (ret < 0) { | 839 | if (ret < 0) { |
832 | key_ref = ERR_PTR(ret); | 840 | key_ref = ERR_PTR(ret); |