Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5d2787cf authored Feb 09, 2016 by David Howells

KEYS: Add an alloc flag to convey the builtinness of a key



Add KEY_ALLOC_BUILT_IN to convey that a key should have KEY_FLAG_BUILTIN
set rather than setting it after the fact.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

parent 411a6f58

certs/system_keyring.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -84,12 +84,12 @@ static __init int load_system_certificate_list(void)
		((KEY_POS_ALL & ~KEY_POS_SETATTR) \|
		KEY_USR_VIEW \| KEY_USR_READ),
		KEY_ALLOC_NOT_IN_QUOTA \|
		KEY_ALLOC_TRUSTED);
		KEY_ALLOC_TRUSTED \|
		KEY_ALLOC_BUILT_IN);
		if (IS_ERR(key)) {
		pr_err("Problem loading in-kernel X.509 certificate (%ld)\n",
		PTR_ERR(key));
		} else {
		set_bit(KEY_FLAG_BUILTIN, &key_ref_to_ptr(key)->flags);
		pr_notice("Loaded X.509 cert '%s'\n",
		key_ref_to_ptr(key)->description);
		key_ref_put(key);

include/linux/key.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -219,6 +219,7 @@ extern struct key key_alloc(struct key_type type,
		#define KEY_ALLOC_QUOTA_OVERRUN 0x0001 /* add to quota, permit even if overrun */
		#define KEY_ALLOC_NOT_IN_QUOTA 0x0002 /* not in quota */
		#define KEY_ALLOC_TRUSTED 0x0004 /* Key should be flagged as trusted */
		#define KEY_ALLOC_BUILT_IN 0x0008 /* Key is built into kernel */

		extern void key_revoke(struct key *key);
		extern void key_invalidate(struct key *key);

security/keys/key.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -296,6 +296,8 @@ struct key key_alloc(struct key_type type, const char *desc,
		key->flags \|= 1 << KEY_FLAG_IN_QUOTA;
		if (flags & KEY_ALLOC_TRUSTED)
		key->flags \|= 1 << KEY_FLAG_TRUSTED;
		if (flags & KEY_ALLOC_BUILT_IN)
		key->flags \|= 1 << KEY_FLAG_BUILTIN;

		#ifdef KEY_DEBUGGING
		key->magic = KEY_DEBUG_MAGIC;