mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-11-26 13:44:15 +08:00
876979c930
Historically a lot of these existed because we did not have a distinction between what was modular code and what was providing support to modules via EXPORT_SYMBOL and friends. That changed when we forked out support for the latter into the export.h file. This means we should be able to reduce the usage of module.h in code that is obj-y Makefile or bool Kconfig. The advantage in removing such instances is that module.h itself sources about 15 other headers; adding significantly to what we feed cpp, and it can obscure what headers we are effectively using. Since module.h might have been the implicit source for init.h (for __init) and for export.h (for EXPORT_SYMBOL) we consider each instance for the presence of either and replace as needed. Cc: James Morris <jmorris@namei.org> Cc: "Serge E. Hallyn" <serge@hallyn.com> Cc: John Johansen <john.johansen@canonical.com> Cc: Mimi Zohar <zohar@linux.ibm.com> Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com> Cc: David Howells <dhowells@redhat.com> Cc: linux-security-module@vger.kernel.org Cc: linux-integrity@vger.kernel.org Cc: keyrings@vger.kernel.org Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: James Morris <james.morris@microsoft.com>
111 lines
2.9 KiB
C
111 lines
2.9 KiB
C
/* Key permission checking
|
|
*
|
|
* Copyright (C) 2005 Red Hat, Inc. All Rights Reserved.
|
|
* Written by David Howells (dhowells@redhat.com)
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version
|
|
* 2 of the License, or (at your option) any later version.
|
|
*/
|
|
|
|
#include <linux/export.h>
|
|
#include <linux/security.h>
|
|
#include "internal.h"
|
|
|
|
/**
|
|
* key_task_permission - Check a key can be used
|
|
* @key_ref: The key to check.
|
|
* @cred: The credentials to use.
|
|
* @perm: The permissions to check for.
|
|
*
|
|
* Check to see whether permission is granted to use a key in the desired way,
|
|
* but permit the security modules to override.
|
|
*
|
|
* The caller must hold either a ref on cred or must hold the RCU readlock.
|
|
*
|
|
* Returns 0 if successful, -EACCES if access is denied based on the
|
|
* permissions bits or the LSM check.
|
|
*/
|
|
int key_task_permission(const key_ref_t key_ref, const struct cred *cred,
|
|
unsigned perm)
|
|
{
|
|
struct key *key;
|
|
key_perm_t kperm;
|
|
int ret;
|
|
|
|
key = key_ref_to_ptr(key_ref);
|
|
|
|
/* use the second 8-bits of permissions for keys the caller owns */
|
|
if (uid_eq(key->uid, cred->fsuid)) {
|
|
kperm = key->perm >> 16;
|
|
goto use_these_perms;
|
|
}
|
|
|
|
/* use the third 8-bits of permissions for keys the caller has a group
|
|
* membership in common with */
|
|
if (gid_valid(key->gid) && key->perm & KEY_GRP_ALL) {
|
|
if (gid_eq(key->gid, cred->fsgid)) {
|
|
kperm = key->perm >> 8;
|
|
goto use_these_perms;
|
|
}
|
|
|
|
ret = groups_search(cred->group_info, key->gid);
|
|
if (ret) {
|
|
kperm = key->perm >> 8;
|
|
goto use_these_perms;
|
|
}
|
|
}
|
|
|
|
/* otherwise use the least-significant 8-bits */
|
|
kperm = key->perm;
|
|
|
|
use_these_perms:
|
|
|
|
/* use the top 8-bits of permissions for keys the caller possesses
|
|
* - possessor permissions are additive with other permissions
|
|
*/
|
|
if (is_key_possessed(key_ref))
|
|
kperm |= key->perm >> 24;
|
|
|
|
kperm = kperm & perm & KEY_NEED_ALL;
|
|
|
|
if (kperm != perm)
|
|
return -EACCES;
|
|
|
|
/* let LSM be the final arbiter */
|
|
return security_key_permission(key_ref, cred, perm);
|
|
}
|
|
EXPORT_SYMBOL(key_task_permission);
|
|
|
|
/**
|
|
* key_validate - Validate a key.
|
|
* @key: The key to be validated.
|
|
*
|
|
* Check that a key is valid, returning 0 if the key is okay, -ENOKEY if the
|
|
* key is invalidated, -EKEYREVOKED if the key's type has been removed or if
|
|
* the key has been revoked or -EKEYEXPIRED if the key has expired.
|
|
*/
|
|
int key_validate(const struct key *key)
|
|
{
|
|
unsigned long flags = READ_ONCE(key->flags);
|
|
time64_t expiry = READ_ONCE(key->expiry);
|
|
|
|
if (flags & (1 << KEY_FLAG_INVALIDATED))
|
|
return -ENOKEY;
|
|
|
|
/* check it's still accessible */
|
|
if (flags & ((1 << KEY_FLAG_REVOKED) |
|
|
(1 << KEY_FLAG_DEAD)))
|
|
return -EKEYREVOKED;
|
|
|
|
/* check it hasn't expired */
|
|
if (expiry) {
|
|
if (ktime_get_real_seconds() >= expiry)
|
|
return -EKEYEXPIRED;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
EXPORT_SYMBOL(key_validate);
|