aboutsummaryrefslogtreecommitdiffstats
path: root/security/keys/internal.h
diff options
context:
space:
mode:
Diffstat (limited to 'security/keys/internal.h')
-rw-r--r--security/keys/internal.h49
1 files changed, 40 insertions, 9 deletions
diff --git a/security/keys/internal.h b/security/keys/internal.h
index 239098f0fd76..81932abefe7b 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -12,8 +12,8 @@
12#ifndef _INTERNAL_H 12#ifndef _INTERNAL_H
13#define _INTERNAL_H 13#define _INTERNAL_H
14 14
15#include <linux/sched.h>
15#include <linux/key-type.h> 16#include <linux/key-type.h>
16#include <linux/key-ui.h>
17 17
18static inline __attribute__((format(printf, 1, 2))) 18static inline __attribute__((format(printf, 1, 2)))
19void no_printk(const char *fmt, ...) 19void no_printk(const char *fmt, ...)
@@ -26,7 +26,7 @@ void no_printk(const char *fmt, ...)
26#define kleave(FMT, ...) \ 26#define kleave(FMT, ...) \
27 printk(KERN_DEBUG "<== %s()"FMT"\n", __func__, ##__VA_ARGS__) 27 printk(KERN_DEBUG "<== %s()"FMT"\n", __func__, ##__VA_ARGS__)
28#define kdebug(FMT, ...) \ 28#define kdebug(FMT, ...) \
29 printk(KERN_DEBUG "xxx" FMT"yyy\n", ##__VA_ARGS__) 29 printk(KERN_DEBUG " "FMT"\n", ##__VA_ARGS__)
30#else 30#else
31#define kenter(FMT, ...) \ 31#define kenter(FMT, ...) \
32 no_printk(KERN_DEBUG "==> %s("FMT")\n", __func__, ##__VA_ARGS__) 32 no_printk(KERN_DEBUG "==> %s("FMT")\n", __func__, ##__VA_ARGS__)
@@ -82,6 +82,9 @@ extern struct mutex key_construction_mutex;
82extern wait_queue_head_t request_key_conswq; 82extern wait_queue_head_t request_key_conswq;
83 83
84 84
85extern struct key_type *key_type_lookup(const char *type);
86extern void key_type_put(struct key_type *ktype);
87
85extern int __key_link(struct key *keyring, struct key *key); 88extern int __key_link(struct key *keyring, struct key *key);
86 89
87extern key_ref_t __keyring_search_one(key_ref_t keyring_ref, 90extern key_ref_t __keyring_search_one(key_ref_t keyring_ref,
@@ -95,7 +98,7 @@ extern struct key *keyring_search_instkey(struct key *keyring,
95typedef int (*key_match_func_t)(const struct key *, const void *); 98typedef int (*key_match_func_t)(const struct key *, const void *);
96 99
97extern key_ref_t keyring_search_aux(key_ref_t keyring_ref, 100extern key_ref_t keyring_search_aux(key_ref_t keyring_ref,
98 struct task_struct *tsk, 101 const struct cred *cred,
99 struct key_type *type, 102 struct key_type *type,
100 const void *description, 103 const void *description,
101 key_match_func_t match); 104 key_match_func_t match);
@@ -103,13 +106,13 @@ extern key_ref_t keyring_search_aux(key_ref_t keyring_ref,
103extern key_ref_t search_process_keyrings(struct key_type *type, 106extern key_ref_t search_process_keyrings(struct key_type *type,
104 const void *description, 107 const void *description,
105 key_match_func_t match, 108 key_match_func_t match,
106 struct task_struct *tsk); 109 const struct cred *cred);
107 110
108extern struct key *find_keyring_by_name(const char *name, bool skip_perm_check); 111extern struct key *find_keyring_by_name(const char *name, bool skip_perm_check);
109 112
110extern int install_user_keyrings(struct task_struct *tsk); 113extern int install_user_keyrings(void);
111extern int install_thread_keyring(struct task_struct *tsk); 114extern int install_thread_keyring_to_cred(struct cred *);
112extern int install_process_keyring(struct task_struct *tsk); 115extern int install_process_keyring_to_cred(struct cred *);
113 116
114extern struct key *request_key_and_link(struct key_type *type, 117extern struct key *request_key_and_link(struct key_type *type,
115 const char *description, 118 const char *description,
@@ -119,12 +122,39 @@ extern struct key *request_key_and_link(struct key_type *type,
119 struct key *dest_keyring, 122 struct key *dest_keyring,
120 unsigned long flags); 123 unsigned long flags);
121 124
125extern key_ref_t lookup_user_key(key_serial_t id, int create, int partial,
126 key_perm_t perm);
127
128extern long join_session_keyring(const char *name);
129
130/*
131 * check to see whether permission is granted to use a key in the desired way
132 */
133extern int key_task_permission(const key_ref_t key_ref,
134 const struct cred *cred,
135 key_perm_t perm);
136
137static inline int key_permission(const key_ref_t key_ref, key_perm_t perm)
138{
139 return key_task_permission(key_ref, current_cred(), perm);
140}
141
142/* required permissions */
143#define KEY_VIEW 0x01 /* require permission to view attributes */
144#define KEY_READ 0x02 /* require permission to read content */
145#define KEY_WRITE 0x04 /* require permission to update / modify */
146#define KEY_SEARCH 0x08 /* require permission to search (keyring) or find (key) */
147#define KEY_LINK 0x10 /* require permission to link */
148#define KEY_SETATTR 0x20 /* require permission to change attributes */
149#define KEY_ALL 0x3f /* all the above permissions */
150
122/* 151/*
123 * request_key authorisation 152 * request_key authorisation
124 */ 153 */
125struct request_key_auth { 154struct request_key_auth {
126 struct key *target_key; 155 struct key *target_key;
127 struct task_struct *context; 156 struct key *dest_keyring;
157 const struct cred *cred;
128 void *callout_info; 158 void *callout_info;
129 size_t callout_len; 159 size_t callout_len;
130 pid_t pid; 160 pid_t pid;
@@ -133,7 +163,8 @@ struct request_key_auth {
133extern struct key_type key_type_request_key_auth; 163extern struct key_type key_type_request_key_auth;
134extern struct key *request_key_auth_new(struct key *target, 164extern struct key *request_key_auth_new(struct key *target,
135 const void *callout_info, 165 const void *callout_info,
136 size_t callout_len); 166 size_t callout_len,
167 struct key *dest_keyring);
137 168
138extern struct key *key_get_instantiation_authkey(key_serial_t target_id); 169extern struct key *key_get_instantiation_authkey(key_serial_t target_id);
139 170
generated by cgit v1.2.2 (git 2.25.0) at 2026-01-01 05:34:50 -0500