forked from analogdevicesinc/linux
-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[PATCH] Keys: Split key permissions checking into a .c file
The attached patch splits key permissions checking out of key-ui.h and moves it into a .c file. It's quite large and called quite a lot, and it's about to get bigger with the addition of LSM support for keys... key_any_permission() is also discarded as it's no longer used. Signed-Off-By: David Howells <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
- Loading branch information
Showing
3 changed files
with
76 additions
and
86 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
/* permission.c: key permission determination | ||
* | ||
* Copyright (C) 2005 Red Hat, Inc. All Rights Reserved. | ||
* Written by David Howells ([email protected]) | ||
* | ||
* This program is free software; you can redistribute it and/or | ||
* modify it under the terms of the GNU General Public License | ||
* as published by the Free Software Foundation; either version | ||
* 2 of the License, or (at your option) any later version. | ||
*/ | ||
|
||
#include <linux/module.h> | ||
#include "internal.h" | ||
|
||
/*****************************************************************************/ | ||
/* | ||
* check to see whether permission is granted to use a key in the desired way, | ||
* but permit the security modules to override | ||
*/ | ||
int key_task_permission(const key_ref_t key_ref, | ||
struct task_struct *context, | ||
key_perm_t perm) | ||
{ | ||
struct key *key; | ||
key_perm_t kperm; | ||
int ret; | ||
|
||
key = key_ref_to_ptr(key_ref); | ||
|
||
/* use the top 8-bits of permissions for keys the caller possesses */ | ||
if (is_key_possessed(key_ref)) { | ||
kperm = key->perm >> 24; | ||
goto use_these_perms; | ||
} | ||
|
||
/* use the second 8-bits of permissions for keys the caller owns */ | ||
if (key->uid == context->fsuid) { | ||
kperm = key->perm >> 16; | ||
goto use_these_perms; | ||
} | ||
|
||
/* use the third 8-bits of permissions for keys the caller has a group | ||
* membership in common with */ | ||
if (key->gid != -1 && key->perm & KEY_GRP_ALL) { | ||
if (key->gid == context->fsgid) { | ||
kperm = key->perm >> 8; | ||
goto use_these_perms; | ||
} | ||
|
||
task_lock(context); | ||
ret = groups_search(context->group_info, key->gid); | ||
task_unlock(context); | ||
|
||
if (ret) { | ||
kperm = key->perm >> 8; | ||
goto use_these_perms; | ||
} | ||
} | ||
|
||
/* otherwise use the least-significant 8-bits */ | ||
kperm = key->perm; | ||
|
||
use_these_perms: | ||
kperm = kperm & perm & KEY_ALL; | ||
|
||
return kperm == perm; | ||
|
||
} /* end key_task_permission() */ | ||
|
||
EXPORT_SYMBOL(key_task_permission); |