aboutsummaryrefslogtreecommitdiffstats
path: root/security/keys/permission.c
diff options
context:
space:
mode:
authorJames Morris <jmorris@namei.org>2008-12-24 19:40:09 -0500
committerJames Morris <jmorris@namei.org>2008-12-24 19:40:09 -0500
commitcbacc2c7f066a1e01b33b0e27ae5efbf534bc2db (patch)
tree90d1093131d2a3543a8b3b1f3364e7c6f4081a93 /security/keys/permission.c
parent4a6908a3a050aacc9c3a2f36b276b46c0629ad91 (diff)
parent74192246910ff4fb95309ba1a683215644beeb62 (diff)
Merge branch 'next' into for-linus
Diffstat (limited to 'security/keys/permission.c')
-rw-r--r--security/keys/permission.c29
1 files changed, 17 insertions, 12 deletions
diff --git a/security/keys/permission.c b/security/keys/permission.c
index 3b41f9b52537..5d9fc7b93f2e 100644
--- a/security/keys/permission.c
+++ b/security/keys/permission.c
@@ -14,12 +14,19 @@
14#include "internal.h" 14#include "internal.h"
15 15
16/*****************************************************************************/ 16/*****************************************************************************/
17/* 17/**
18 * check to see whether permission is granted to use a key in the desired way, 18 * key_task_permission - Check a key can be used
19 * but permit the security modules to override 19 * @key_ref: The key to check
20 * @cred: The credentials to use
21 * @perm: The permissions to check for
22 *
23 * Check to see whether permission is granted to use a key in the desired way,
24 * but permit the security modules to override.
25 *
26 * The caller must hold either a ref on cred or must hold the RCU readlock or a
27 * spinlock.
20 */ 28 */
21int key_task_permission(const key_ref_t key_ref, 29int key_task_permission(const key_ref_t key_ref, const struct cred *cred,
22 struct task_struct *context,
23 key_perm_t perm) 30 key_perm_t perm)
24{ 31{
25 struct key *key; 32 struct key *key;
@@ -29,7 +36,7 @@ int key_task_permission(const key_ref_t key_ref,
29 key = key_ref_to_ptr(key_ref); 36 key = key_ref_to_ptr(key_ref);
30 37
31 /* use the second 8-bits of permissions for keys the caller owns */ 38 /* use the second 8-bits of permissions for keys the caller owns */
32 if (key->uid == context->fsuid) { 39 if (key->uid == cred->fsuid) {
33 kperm = key->perm >> 16; 40 kperm = key->perm >> 16;
34 goto use_these_perms; 41 goto use_these_perms;
35 } 42 }
@@ -37,15 +44,12 @@ int key_task_permission(const key_ref_t key_ref,
37 /* use the third 8-bits of permissions for keys the caller has a group 44 /* use the third 8-bits of permissions for keys the caller has a group
38 * membership in common with */ 45 * membership in common with */
39 if (key->gid != -1 && key->perm & KEY_GRP_ALL) { 46 if (key->gid != -1 && key->perm & KEY_GRP_ALL) {
40 if (key->gid == context->fsgid) { 47 if (key->gid == cred->fsgid) {
41 kperm = key->perm >> 8; 48 kperm = key->perm >> 8;
42 goto use_these_perms; 49 goto use_these_perms;
43 } 50 }
44 51
45 task_lock(context); 52 ret = groups_search(cred->group_info, key->gid);
46 ret = groups_search(context->group_info, key->gid);
47 task_unlock(context);
48
49 if (ret) { 53 if (ret) {
50 kperm = key->perm >> 8; 54 kperm = key->perm >> 8;
51 goto use_these_perms; 55 goto use_these_perms;
@@ -56,6 +60,7 @@ int key_task_permission(const key_ref_t key_ref,
56 kperm = key->perm; 60 kperm = key->perm;
57 61
58use_these_perms: 62use_these_perms:
63
59 /* use the top 8-bits of permissions for keys the caller possesses 64 /* use the top 8-bits of permissions for keys the caller possesses
60 * - possessor permissions are additive with other permissions 65 * - possessor permissions are additive with other permissions
61 */ 66 */
@@ -68,7 +73,7 @@ use_these_perms:
68 return -EACCES; 73 return -EACCES;
69 74
70 /* let LSM be the final arbiter */ 75 /* let LSM be the final arbiter */
71 return security_key_permission(key_ref, context, perm); 76 return security_key_permission(key_ref, cred, perm);
72 77
73} /* end key_task_permission() */ 78} /* end key_task_permission() */
74 79