aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/linux/key.h3
-rw-r--r--security/keys/key.c18
-rw-r--r--security/keys/keyctl.c3
3 files changed, 15 insertions, 9 deletions
diff --git a/include/linux/key.h b/include/linux/key.h
index 163f864b6bd4..8b0bd3393abc 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -67,6 +67,8 @@ struct key;
67#define KEY_OTH_SETATTR 0x00000020 67#define KEY_OTH_SETATTR 0x00000020
68#define KEY_OTH_ALL 0x0000003f 68#define KEY_OTH_ALL 0x0000003f
69 69
70#define KEY_PERM_UNDEF 0xffffffff
71
70struct seq_file; 72struct seq_file;
71struct user_struct; 73struct user_struct;
72struct signal_struct; 74struct signal_struct;
@@ -232,6 +234,7 @@ extern key_ref_t key_create_or_update(key_ref_t keyring,
232 const char *description, 234 const char *description,
233 const void *payload, 235 const void *payload,
234 size_t plen, 236 size_t plen,
237 key_perm_t perm,
235 unsigned long flags); 238 unsigned long flags);
236 239
237extern int key_update(key_ref_t key, 240extern int key_update(key_ref_t key,
diff --git a/security/keys/key.c b/security/keys/key.c
index 654d23baf352..d98c61953be6 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -757,11 +757,11 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
757 const char *description, 757 const char *description,
758 const void *payload, 758 const void *payload,
759 size_t plen, 759 size_t plen,
760 key_perm_t perm,
760 unsigned long flags) 761 unsigned long flags)
761{ 762{
762 struct key_type *ktype; 763 struct key_type *ktype;
763 struct key *keyring, *key = NULL; 764 struct key *keyring, *key = NULL;
764 key_perm_t perm;
765 key_ref_t key_ref; 765 key_ref_t key_ref;
766 int ret; 766 int ret;
767 767
@@ -806,15 +806,17 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
806 goto found_matching_key; 806 goto found_matching_key;
807 } 807 }
808 808
809 /* decide on the permissions we want */ 809 /* if the client doesn't provide, decide on the permissions we want */
810 perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR; 810 if (perm == KEY_PERM_UNDEF) {
811 perm |= KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_LINK | KEY_USR_SETATTR; 811 perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR;
812 perm |= KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_LINK | KEY_USR_SETATTR;
812 813
813 if (ktype->read) 814 if (ktype->read)
814 perm |= KEY_POS_READ | KEY_USR_READ; 815 perm |= KEY_POS_READ | KEY_USR_READ;
815 816
816 if (ktype == &key_type_keyring || ktype->update) 817 if (ktype == &key_type_keyring || ktype->update)
817 perm |= KEY_USR_WRITE; 818 perm |= KEY_USR_WRITE;
819 }
818 820
819 /* allocate a new key */ 821 /* allocate a new key */
820 key = key_alloc(ktype, description, current->fsuid, current->fsgid, 822 key = key_alloc(ktype, description, current->fsuid, current->fsgid,
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index 56e963b700b9..993be634a5ef 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -112,7 +112,8 @@ asmlinkage long sys_add_key(const char __user *_type,
112 /* create or update the requested key and add it to the target 112 /* create or update the requested key and add it to the target
113 * keyring */ 113 * keyring */
114 key_ref = key_create_or_update(keyring_ref, type, description, 114 key_ref = key_create_or_update(keyring_ref, type, description,
115 payload, plen, KEY_ALLOC_IN_QUOTA); 115 payload, plen, KEY_PERM_UNDEF,
116 KEY_ALLOC_IN_QUOTA);
116 if (!IS_ERR(key_ref)) { 117 if (!IS_ERR(key_ref)) {
117 ret = key_ref_to_ptr(key_ref)->serial; 118 ret = key_ref_to_ptr(key_ref)->serial;
118 key_ref_put(key_ref); 119 key_ref_put(key_ref);
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-22 06:53:04 -0500