diff options
| author | David Howells <dhowells@redhat.com> | 2014-03-14 17:44:49 +0000 |
|---|---|---|
| committer | Stephane Desneux <stephane.desneux@open.eurogiciel.org> | 2015-02-04 11:23:18 +0100 |
| commit | 6612de0cca37ebc4dfd7a30bbec75d4bc9bf2765 (patch) | |
| tree | abd8d144e3f1b4fd66fc4950803ae1d535091813 /include/linux | |
| parent | 52b6e3606115f4d17250a46591512e65e1d81803 (diff) | |
| download | kernel-common-6612de0cca37ebc4dfd7a30bbec75d4bc9bf2765.tar.gz kernel-common-6612de0cca37ebc4dfd7a30bbec75d4bc9bf2765.tar.bz2 kernel-common-6612de0cca37ebc4dfd7a30bbec75d4bc9bf2765.zip | |
KEYS: Move the flags representing required permission to linux/key.h
Move the flags representing required permission to linux/key.h as the perm
parameter of security_key_permission() is in terms of them - and not the
permissions mask flags used in key->perm.
Whilst we're at it:
(1) Rename them to be KEY_NEED_xxx rather than KEY_xxx to avoid collisions
with symbols in uapi/linux/input.h.
(2) Don't use key_perm_t for a mask of required permissions, but rather limit
it to the permissions mask attached to the key and arguments related
directly to that.
Change-Id: Id9de84f93e5dd668a3b8ba00fc2440c6d6c6f988
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Origin: upstream
Diffstat (limited to 'include/linux')
| -rw-r--r-- | include/linux/key.h | 11 | ||||
| -rw-r--r-- | include/linux/security.h | 6 |
2 files changed, 14 insertions, 3 deletions
diff --git a/include/linux/key.h b/include/linux/key.h index 80d677483e31..cd0abb8c9c33 100644 --- a/include/linux/key.h +++ b/include/linux/key.h @@ -309,6 +309,17 @@ static inline key_serial_t key_serial(const struct key *key) extern void key_set_timeout(struct key *, unsigned); +/* + * The permissions required on a key that we're looking up. + */ +#define KEY_NEED_VIEW 0x01 /* Require permission to view attributes */ +#define KEY_NEED_READ 0x02 /* Require permission to read content */ +#define KEY_NEED_WRITE 0x04 /* Require permission to update / modify */ +#define KEY_NEED_SEARCH 0x08 /* Require permission to search (keyring) or find (key) */ +#define KEY_NEED_LINK 0x10 /* Require permission to link */ +#define KEY_NEED_SETATTR 0x20 /* Require permission to change attributes */ +#define KEY_NEED_ALL 0x3f /* All the above permissions */ + /** * key_is_instantiated - Determine if a key has been positively instantiated * @key: The key to check. diff --git a/include/linux/security.h b/include/linux/security.h index 2fc42d191f79..6726006bc766 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1708,7 +1708,7 @@ struct security_operations { void (*key_free) (struct key *key); int (*key_permission) (key_ref_t key_ref, const struct cred *cred, - key_perm_t perm); + unsigned perm); int (*key_getsecurity)(struct key *key, char **_buffer); #endif /* CONFIG_KEYS */ @@ -3030,7 +3030,7 @@ static inline int security_path_chroot(struct path *path) int security_key_alloc(struct key *key, const struct cred *cred, unsigned long flags); void security_key_free(struct key *key); int security_key_permission(key_ref_t key_ref, - const struct cred *cred, key_perm_t perm); + const struct cred *cred, unsigned perm); int security_key_getsecurity(struct key *key, char **_buffer); #else @@ -3048,7 +3048,7 @@ static inline void security_key_free(struct key *key) static inline int security_key_permission(key_ref_t key_ref, const struct cred *cred, - key_perm_t perm) + unsigned perm) { return 0; } |