aboutsummaryrefslogtreecommitdiffstats
path: root/security/keys/keyring.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/keys/keyring.c')
-rw-r--r--security/keys/keyring.c15
1 files changed, 8 insertions, 7 deletions
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index a9ab8affc092..ed851574d073 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -16,6 +16,7 @@
16#include <linux/security.h> 16#include <linux/security.h>
17#include <linux/seq_file.h> 17#include <linux/seq_file.h>
18#include <linux/err.h> 18#include <linux/err.h>
19#include <keys/keyring-type.h>
19#include <asm/uaccess.h> 20#include <asm/uaccess.h>
20#include "internal.h" 21#include "internal.h"
21 22
@@ -244,14 +245,14 @@ static long keyring_read(const struct key *keyring,
244 * allocate a keyring and link into the destination keyring 245 * allocate a keyring and link into the destination keyring
245 */ 246 */
246struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid, 247struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
247 struct task_struct *ctx, unsigned long flags, 248 const struct cred *cred, unsigned long flags,
248 struct key *dest) 249 struct key *dest)
249{ 250{
250 struct key *keyring; 251 struct key *keyring;
251 int ret; 252 int ret;
252 253
253 keyring = key_alloc(&key_type_keyring, description, 254 keyring = key_alloc(&key_type_keyring, description,
254 uid, gid, ctx, 255 uid, gid, cred,
255 (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL, 256 (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL,
256 flags); 257 flags);
257 258
@@ -280,7 +281,7 @@ struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
280 * - we propagate the possession attribute from the keyring ref to the key ref 281 * - we propagate the possession attribute from the keyring ref to the key ref
281 */ 282 */
282key_ref_t keyring_search_aux(key_ref_t keyring_ref, 283key_ref_t keyring_search_aux(key_ref_t keyring_ref,
283 struct task_struct *context, 284 const struct cred *cred,
284 struct key_type *type, 285 struct key_type *type,
285 const void *description, 286 const void *description,
286 key_match_func_t match) 287 key_match_func_t match)
@@ -303,7 +304,7 @@ key_ref_t keyring_search_aux(key_ref_t keyring_ref,
303 key_check(keyring); 304 key_check(keyring);
304 305
305 /* top keyring must have search permission to begin the search */ 306 /* top keyring must have search permission to begin the search */
306 err = key_task_permission(keyring_ref, context, KEY_SEARCH); 307 err = key_task_permission(keyring_ref, cred, KEY_SEARCH);
307 if (err < 0) { 308 if (err < 0) {
308 key_ref = ERR_PTR(err); 309 key_ref = ERR_PTR(err);
309 goto error; 310 goto error;
@@ -376,7 +377,7 @@ descend:
376 377
377 /* key must have search permissions */ 378 /* key must have search permissions */
378 if (key_task_permission(make_key_ref(key, possessed), 379 if (key_task_permission(make_key_ref(key, possessed),
379 context, KEY_SEARCH) < 0) 380 cred, KEY_SEARCH) < 0)
380 continue; 381 continue;
381 382
382 /* we set a different error code if we pass a negative key */ 383 /* we set a different error code if we pass a negative key */
@@ -403,7 +404,7 @@ ascend:
403 continue; 404 continue;
404 405
405 if (key_task_permission(make_key_ref(key, possessed), 406 if (key_task_permission(make_key_ref(key, possessed),
406 context, KEY_SEARCH) < 0) 407 cred, KEY_SEARCH) < 0)
407 continue; 408 continue;
408 409
409 /* stack the current position */ 410 /* stack the current position */
@@ -458,7 +459,7 @@ key_ref_t keyring_search(key_ref_t keyring,
458 if (!type->match) 459 if (!type->match)
459 return ERR_PTR(-ENOKEY); 460 return ERR_PTR(-ENOKEY);
460 461
461 return keyring_search_aux(keyring, current, 462 return keyring_search_aux(keyring, current->cred,
462 type, description, type->match); 463 type, description, type->match);
463 464
464} /* end keyring_search() */ 465} /* end keyring_search() */
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-05 22:02:05 -0500