diff options
author | David Howells <dhowells@redhat.com> | 2013-01-17 16:25:00 +0000 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2013-01-19 01:05:17 +0000 |
commit | ff71810b38316f14ba9e97024c8c8225a4af5dbb (patch) | |
tree | a911e76b23648c641b05e32b3e60c0349f11ffa1 /security | |
parent | ebe2e946f60e0012c02a27845bdab70e34cc4202 (diff) |
KEYS: Add a 'trusted' flag and a 'trusted only' flag
Add KEY_FLAG_TRUSTED to indicate that a key either comes from a trusted source
or had a cryptographic signature chain that led back to a trusted key the
kernel already possessed.
Add KEY_FLAGS_TRUSTED_ONLY to indicate that a keyring will only accept links to
keys marked with KEY_FLAGS_TRUSTED.
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'security')
-rw-r--r-- | security/keys/key.c | 8 | ||||
-rw-r--r-- | security/keys/keyring.c | 4 |
2 files changed, 12 insertions, 0 deletions
diff --git a/security/keys/key.c b/security/keys/key.c index 8fb7c7bd4657..f3de9e4ecd57 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -299,6 +299,8 @@ struct key *key_alloc(struct key_type *type, const char *desc, if (!(flags & KEY_ALLOC_NOT_IN_QUOTA)) key->flags |= 1 << KEY_FLAG_IN_QUOTA; + if (flags & KEY_ALLOC_TRUSTED) + key->flags |= 1 << KEY_FLAG_TRUSTED; memset(&key->type_data, 0, sizeof(key->type_data)); @@ -813,6 +815,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, prep.data = payload; prep.datalen = plen; prep.quotalen = ktype->def_datalen; + prep.trusted = flags & KEY_ALLOC_TRUSTED; if (ktype->preparse) { ret = ktype->preparse(&prep); if (ret < 0) { @@ -826,6 +829,11 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, goto error_free_prep; } + key_ref = ERR_PTR(-EPERM); + if (!prep.trusted && test_bit(KEY_FLAG_TRUSTED_ONLY, &keyring->flags)) + goto error_free_prep; + flags |= prep.trusted ? KEY_ALLOC_TRUSTED : 0; + ret = __key_link_begin(keyring, ktype, description, &prealloc); if (ret < 0) { key_ref = ERR_PTR(ret); diff --git a/security/keys/keyring.c b/security/keys/keyring.c index 6ece7f2e5707..f18d7ff73bfe 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c @@ -1006,6 +1006,10 @@ int key_link(struct key *keyring, struct key *key) key_check(keyring); key_check(key); + if (test_bit(KEY_FLAG_TRUSTED_ONLY, &keyring->flags) && + !test_bit(KEY_FLAG_TRUSTED, &key->flags)) + return -EPERM; + ret = __key_link_begin(keyring, key->type, key->description, &prealloc); if (ret == 0) { ret = __key_link_check_live_key(keyring, key); |