From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757921AbcATS7r (ORCPT ); Wed, 20 Jan 2016 13:59:47 -0500 Received: from e23smtp06.au.ibm.com ([202.81.31.148]:49266 "EHLO e23smtp06.au.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754638AbcATS7p (ORCPT ); Wed, 20 Jan 2016 13:59:45 -0500 X-IBM-Helo: d23dlp03.au.ibm.com X-IBM-MailFrom: zohar@linux.vnet.ibm.com X-IBM-RcptTo: keyrings@vger.kernel.org;linux-kernel@vger.kernel.org;linux-security-module@vger.kernel.org Message-ID: <1453316302.2858.11.camel@linux.vnet.ibm.com> Subject: Re: [RFC PATCH 01/20] KEYS: Add an alloc flag to convey the builtinness of a key [ver #2] From: Mimi Zohar To: David Howells Cc: linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, petkan@mip-labs.com, linux-kernel@vger.kernel.org Date: Wed, 20 Jan 2016 13:58:22 -0500 In-Reply-To: <20160119113034.23238.24311.stgit@warthog.procyon.org.uk> References: <20160119113026.23238.4498.stgit@warthog.procyon.org.uk> <20160119113034.23238.24311.stgit@warthog.procyon.org.uk> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.12.11 (3.12.11-1.fc21) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-TM-AS-MML: disable X-Content-Scanned: Fidelis XPS MAILER x-cbid: 16012018-0021-0000-0000-000002912B83 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2016-01-19 at 11:30 +0000, David Howells wrote: > Add KEY_ALLOC_BUILT_IN to convey that a key should have KEY_FLAG_BUILTIN > set rather than setting it after the fact. > > Signed-off-by: David Howells Acked-by: Mimi Zohar > --- > > certs/system_keyring.c | 4 ++-- > include/linux/key.h | 1 + > security/keys/key.c | 2 ++ > 3 files changed, 5 insertions(+), 2 deletions(-) > > diff --git a/certs/system_keyring.c b/certs/system_keyring.c > index 2570598b784d..f4180326c2e1 100644 > --- a/certs/system_keyring.c > +++ b/certs/system_keyring.c > @@ -84,12 +84,12 @@ static __init int load_system_certificate_list(void) > ((KEY_POS_ALL & ~KEY_POS_SETATTR) | > KEY_USR_VIEW | KEY_USR_READ), > KEY_ALLOC_NOT_IN_QUOTA | > - KEY_ALLOC_TRUSTED); > + KEY_ALLOC_TRUSTED | > + KEY_ALLOC_BUILT_IN); > if (IS_ERR(key)) { > pr_err("Problem loading in-kernel X.509 certificate (%ld)\n", > PTR_ERR(key)); > } else { > - set_bit(KEY_FLAG_BUILTIN, &key_ref_to_ptr(key)->flags); > pr_notice("Loaded X.509 cert '%s'\n", > key_ref_to_ptr(key)->description); > key_ref_put(key); > diff --git a/include/linux/key.h b/include/linux/key.h > index 7321ab8ef949..5f5b1129dc92 100644 > --- a/include/linux/key.h > +++ b/include/linux/key.h > @@ -219,6 +219,7 @@ extern struct key *key_alloc(struct key_type *type, > #define KEY_ALLOC_QUOTA_OVERRUN 0x0001 /* add to quota, permit even if overrun */ > #define KEY_ALLOC_NOT_IN_QUOTA 0x0002 /* not in quota */ > #define KEY_ALLOC_TRUSTED 0x0004 /* Key should be flagged as trusted */ > +#define KEY_ALLOC_BUILT_IN 0x0008 /* Key is built into kernel */ > > extern void key_revoke(struct key *key); > extern void key_invalidate(struct key *key); > diff --git a/security/keys/key.c b/security/keys/key.c > index 07a87311055c..48dbfa543bcb 100644 > --- a/security/keys/key.c > +++ b/security/keys/key.c > @@ -296,6 +296,8 @@ struct key *key_alloc(struct key_type *type, const char *desc, > key->flags |= 1 << KEY_FLAG_IN_QUOTA; > if (flags & KEY_ALLOC_TRUSTED) > key->flags |= 1 << KEY_FLAG_TRUSTED; > + if (flags & KEY_ALLOC_BUILT_IN) > + key->flags |= 1 << KEY_FLAG_BUILTIN; > > #ifdef KEY_DEBUGGING > key->magic = KEY_DEBUG_MAGIC;