keys: allow clients to set key perms in key_create_or_update()

The key_create_or_update() function provided by the keyring code has a default set of permissions that are always applied to the key when created. This might not be desirable to all clients. Here's a patch that adds a "perm" parameter to the function to address this, which can be set to KEY_PERM_UNDEF to revert to the current behaviour. Signed-off-by: Arun Raghavan <arunsr@cse.iitk.ac.in> Signed-off-by: David Howells <dhowells@redhat.com> Cc: Satyam Sharma <ssatyam@cse.iitk.ac.in> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Arun Raghavan <arunsr@cse.iitk.ac.in> 2008-04-29 04:01:28 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2008-04-29 11:06:16 -0400
commit: 6b79ccb5144f9ffb4d4596c23e7570238dd12abc (patch)
tree: e674339e9f86c3607304496792b417b0ed66de6f /security
parent: da91d2ef9fe4fd84cc0a8a729201d38e40ac9f2e (diff)
2 files changed, 12 insertions, 9 deletions
diff --git a/security/keys/key.c b/security/keys/key.c
index 654d23baf352..d98c61953be6 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -757,11 +757,11 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
                               const char *description,
                               const void *payload,
                               size_t plen,
+                               key_perm_t perm,
                               unsigned long flags)
 {
        struct key_type *ktype;
        struct key *keyring, *key = NULL;
-        key_perm_t perm;
        key_ref_t key_ref;
        int ret;
@@ -806,15 +806,17 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
                        goto found_matching_key;
        }
-        /* decide on the permissions we want */
+        /* if the client doesn't provide, decide on the permissions we want */
-        perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR;
+        if (perm == KEY_PERM_UNDEF) {
-        perm |= KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_LINK | KEY_USR_SETATTR;
+                perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR;
+                perm |= KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_LINK | KEY_USR_SETATTR;
-        if (ktype->read)
+                if (ktype->read)
-                perm |= KEY_POS_READ | KEY_USR_READ;
+                        perm |= KEY_POS_READ | KEY_USR_READ;
-        if (ktype == &key_type_keyring || ktype->update)
+                if (ktype == &key_type_keyring || ktype->update)
-                perm |= KEY_USR_WRITE;
+                        perm |= KEY_USR_WRITE;
+        }
        /* allocate a new key */
        key = key_alloc(ktype, description, current->fsuid, current->fsgid,
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index 56e963b700b9..993be634a5ef 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -112,7 +112,8 @@ asmlinkage long sys_add_key(const char __user *_type,
        /* create or update the requested key and add it to the target
         * keyring */
        key_ref = key_create_or_update(keyring_ref, type, description,
-                                       payload, plen, KEY_ALLOC_IN_QUOTA);
+                                       payload, plen, KEY_PERM_UNDEF,
+                                       KEY_ALLOC_IN_QUOTA);
        if (!IS_ERR(key_ref)) {
                ret = key_ref_to_ptr(key_ref)->serial;
                key_ref_put(key_ref);
author	Arun Raghavan <arunsr@cse.iitk.ac.in>	2008-04-29 04:01:28 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2008-04-29 11:06:16 -0400
commit	6b79ccb5144f9ffb4d4596c23e7570238dd12abc (patch)
tree	e674339e9f86c3607304496792b417b0ed66de6f /security
parent	da91d2ef9fe4fd84cc0a8a729201d38e40ac9f2e (diff)