From: David Howells <dhowells@redhat.com>
To: zohar@linux.vnet.ibm.com
Cc: dhowells@redhat.com, linux-security-module@vger.kernel.org,
keyrings@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [RFC PATCH 10/12] KEYS: Remove KEY_FLAG_TRUSTED and KEY_ALLOC_TRUSTED [ver #3]
Date: Wed, 09 Mar 2016 11:19:25 +0000 [thread overview]
Message-ID: <20160309111925.28811.65968.stgit@warthog.procyon.org.uk> (raw)
In-Reply-To: <20160309111814.28811.95697.stgit@warthog.procyon.org.uk>
Remove KEY_FLAG_TRUSTED and KEY_ALLOC_TRUSTED as they're no longer
meaningful. Also we can drop the trusted flag from the preparse structure.
Given this, we no longer need to pass the key flags through to
restrict_link().
Further, we can now get rid of keyring_restrict_trusted_only() also.
Signed-off-by: David Howells <dhowells@redhat.com>
---
certs/system_keyring.c | 2 --
include/keys/system_keyring.h | 1 -
include/linux/key-type.h | 1 -
include/linux/key.h | 21 +++++----------------
security/integrity/digsig.c | 3 +--
security/keys/key.c | 11 ++---------
security/keys/keyring.c | 29 +----------------------------
7 files changed, 9 insertions(+), 59 deletions(-)
diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index 4e2fa8ab01d6..e460d00a7781 100644
--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c
@@ -31,7 +31,6 @@ extern __initconst const unsigned long system_certificate_list_size;
*/
int restrict_link_by_builtin_trusted(struct key *keyring,
const struct key_type *type,
- unsigned long flags,
const union key_payload *payload)
{
return restrict_link_by_signature(system_trusted_keyring,
@@ -97,7 +96,6 @@ static __init int load_system_certificate_list(void)
((KEY_POS_ALL & ~KEY_POS_SETATTR) |
KEY_USR_VIEW | KEY_USR_READ),
KEY_ALLOC_NOT_IN_QUOTA |
- KEY_ALLOC_TRUSTED |
KEY_ALLOC_BUILT_IN |
KEY_ALLOC_BYPASS_RESTRICTION);
if (IS_ERR(key)) {
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
index 93715913a0b1..c72330ae76df 100644
--- a/include/keys/system_keyring.h
+++ b/include/keys/system_keyring.h
@@ -18,7 +18,6 @@
extern int restrict_link_by_builtin_trusted(struct key *keyring,
const struct key_type *type,
- unsigned long flags,
const union key_payload *payload);
#else
diff --git a/include/linux/key-type.h b/include/linux/key-type.h
index 7463355a198b..eaee981c5558 100644
--- a/include/linux/key-type.h
+++ b/include/linux/key-type.h
@@ -45,7 +45,6 @@ struct key_preparsed_payload {
size_t datalen; /* Raw datalen */
size_t quotalen; /* Quota length for proposed payload */
time_t expiry; /* Expiry time of key */
- bool trusted; /* True if key is trusted */
};
typedef int (*request_key_actor_t)(struct key_construction *key,
diff --git a/include/linux/key.h b/include/linux/key.h
index 83b603639d2e..722914798f37 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -173,10 +173,9 @@ struct key {
#define KEY_FLAG_NEGATIVE 5 /* set if key is negative */
#define KEY_FLAG_ROOT_CAN_CLEAR 6 /* set if key can be cleared by root without permission */
#define KEY_FLAG_INVALIDATED 7 /* set if key has been invalidated */
-#define KEY_FLAG_TRUSTED 8 /* set if key is trusted */
-#define KEY_FLAG_BUILTIN 9 /* set if key is built in to the kernel */
-#define KEY_FLAG_ROOT_CAN_INVAL 10 /* set if key can be invalidated by root without permission */
-#define KEY_FLAG_KEEP 11 /* set if key should not be removed */
+#define KEY_FLAG_BUILTIN 8 /* set if key is built in to the kernel */
+#define KEY_FLAG_ROOT_CAN_INVAL 9 /* set if key can be invalidated by root without permission */
+#define KEY_FLAG_KEEP 10 /* set if key should not be removed */
/* the key type and key description string
* - the desc is used to match a key against search criteria
@@ -217,7 +216,6 @@ struct key {
*/
int (*restrict_link)(struct key *keyring,
const struct key_type *type,
- unsigned long flags,
const union key_payload *payload);
};
@@ -229,16 +227,14 @@ extern struct key *key_alloc(struct key_type *type,
unsigned long flags,
int (*restrict_link)(struct key *,
const struct key_type *,
- unsigned long,
const union key_payload *));
#define KEY_ALLOC_IN_QUOTA 0x0000 /* add to quota, reject if would overrun */
#define KEY_ALLOC_QUOTA_OVERRUN 0x0001 /* add to quota, permit even if overrun */
#define KEY_ALLOC_NOT_IN_QUOTA 0x0002 /* not in quota */
-#define KEY_ALLOC_TRUSTED 0x0004 /* Key should be flagged as trusted */
-#define KEY_ALLOC_BUILT_IN 0x0008 /* Key is built into kernel */
-#define KEY_ALLOC_BYPASS_RESTRICTION 0x0010 /* Override the check on restricted keyrings */
+#define KEY_ALLOC_BUILT_IN 0x0004 /* Key is built into kernel */
+#define KEY_ALLOC_BYPASS_RESTRICTION 0x0008 /* Override the check on restricted keyrings */
extern void key_revoke(struct key *key);
extern void key_invalidate(struct key *key);
@@ -309,18 +305,11 @@ extern struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid
unsigned long flags,
int (*restrict_link)(struct key *,
const struct key_type *,
- unsigned long,
const union key_payload *),
struct key *dest);
-extern int keyring_restrict_trusted_only(struct key *keyring,
- const struct key_type *type,
- unsigned long,
- const union key_payload *payload);
-
extern int restrict_link_reject(struct key *keyring,
const struct key_type *type,
- unsigned long flags,
const union key_payload *payload);
extern int keyring_clear(struct key *keyring);
diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
index d647178c6bbd..98ee4c752cf5 100644
--- a/security/integrity/digsig.c
+++ b/security/integrity/digsig.c
@@ -51,12 +51,11 @@ static bool init_keyring __initdata;
*/
static int restrict_link_by_ima_mok(struct key *keyring,
const struct key_type *type,
- unsigned long flags,
const union key_payload *payload)
{
int ret;
- ret = restrict_link_by_builtin_trusted(keyring, type, flags, payload);
+ ret = restrict_link_by_builtin_trusted(keyring, type, payload);
if (ret != -ENOKEY)
return ret;
diff --git a/security/keys/key.c b/security/keys/key.c
index deb881754e03..bd5a272f28a6 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -227,7 +227,6 @@ struct key *key_alloc(struct key_type *type, const char *desc,
key_perm_t perm, unsigned long flags,
int (*restrict_link)(struct key *,
const struct key_type *,
- unsigned long,
const union key_payload *))
{
struct key_user *user = NULL;
@@ -300,8 +299,6 @@ struct key *key_alloc(struct key_type *type, const char *desc,
if (!(flags & KEY_ALLOC_NOT_IN_QUOTA))
key->flags |= 1 << KEY_FLAG_IN_QUOTA;
- if (flags & KEY_ALLOC_TRUSTED)
- key->flags |= 1 << KEY_FLAG_TRUSTED;
if (flags & KEY_ALLOC_BUILT_IN)
key->flags |= 1 << KEY_FLAG_BUILTIN;
@@ -504,7 +501,7 @@ int key_instantiate_and_link(struct key *key,
if (keyring) {
if (keyring->restrict_link) {
ret = keyring->restrict_link(keyring, key->type,
- key->flags, &prep.payload);
+ &prep.payload);
if (ret < 0)
goto error;
}
@@ -811,7 +808,6 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
int ret;
int (*restrict_link)(struct key *,
const struct key_type *,
- unsigned long,
const union key_payload *) = NULL;
/* look up the key type to see if it's one of the registered kernel
@@ -843,7 +839,6 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
prep.data = payload;
prep.datalen = plen;
prep.quotalen = index_key.type->def_datalen;
- prep.trusted = flags & KEY_ALLOC_TRUSTED;
prep.expiry = TIME_T_MAX;
if (index_key.type->preparse) {
ret = index_key.type->preparse(&prep);
@@ -860,9 +855,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
index_key.desc_len = strlen(index_key.description);
if (restrict_link) {
- unsigned long kflags = prep.trusted ? KEY_FLAG_TRUSTED : 0;
- ret = restrict_link(keyring,
- index_key.type, kflags, &prep.payload);
+ ret = restrict_link(keyring, index_key.type, &prep.payload);
if (ret < 0) {
key_ref = ERR_PTR(ret);
goto error_free_prep;
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index d2d1f3378008..c91e4e0cea08 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -494,7 +494,6 @@ struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid,
unsigned long flags,
int (*restrict_link)(struct key *,
const struct key_type *,
- unsigned long,
const union key_payload *),
struct key *dest)
{
@@ -516,33 +515,9 @@ struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid,
EXPORT_SYMBOL(keyring_alloc);
/**
- * keyring_restrict_trusted_only - Restrict additions to a keyring to trusted keys only
- * @keyring: The keyring being added to.
- * @type: The type of key being added.
- * @flags: The key flags.
- * @payload: The payload of the key intended to be added.
- *
- * Reject the addition of any links to a keyring that point to keys that aren't
- * marked as being trusted. It can be overridden by passing
- * KEY_ALLOC_BYPASS_RESTRICTION to key_instantiate_and_link() when adding a key
- * to a keyring.
- *
- * This is meant to be passed as the restrict_link parameter to
- * keyring_alloc().
- */
-int keyring_restrict_trusted_only(struct key *keyring,
- const struct key_type *type,
- unsigned long flags,
- const union key_payload *payload)
-{
- return flags & KEY_FLAG_TRUSTED ? 0 : -EPERM;
-}
-
-/**
* restrict_link_reject - Give -EPERM to restrict link
* @keyring: The keyring being added to.
* @type: The type of key being added.
- * @flags: The key flags.
* @payload: The payload of the key intended to be added.
*
* Reject the addition of any links to a keyring. It can be overridden by
@@ -554,7 +529,6 @@ int keyring_restrict_trusted_only(struct key *keyring,
*/
int restrict_link_reject(struct key *keyring,
const struct key_type *type,
- unsigned long flags,
const union key_payload *payload)
{
return -EPERM;
@@ -1248,8 +1222,7 @@ static int __key_link_check_restriction(struct key *keyring, struct key *key)
{
if (!keyring->restrict_link)
return 0;
- return keyring->restrict_link(keyring,
- key->type, key->flags, &key->payload);
+ return keyring->restrict_link(keyring, key->type, &key->payload);
}
/**
next prev parent reply other threads:[~2016-03-09 11:21 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-09 11:18 [RFC PATCH 00/12] KEYS: Restrict additions to 'trusted' keyrings [ver #3] David Howells
2016-03-09 11:18 ` [RFC PATCH 01/12] KEYS: Generalise system_verify_data() to provide access to internal content " David Howells
2016-03-09 11:18 ` [RFC PATCH 02/12] PKCS#7: Make trust determination dependent on contents of trust keyring " David Howells
2016-03-09 11:18 ` [RFC PATCH 03/12] KEYS: Add a facility to restrict new links into a " David Howells
2016-03-09 11:18 ` [RFC PATCH 04/12] KEYS: Move x509_request_asymmetric_key() to asymmetric_type.c " David Howells
2016-03-09 11:18 ` [RFC PATCH 05/12] KEYS: Generalise x509_request_asymmetric_key() " David Howells
2016-03-09 11:18 ` [RFC PATCH 06/12] X.509: Use verify_signature() if we have a struct key * to use " David Howells
2016-03-09 11:19 ` [RFC PATCH 07/12] X.509: Move the trust validation code out to its own file " David Howells
2016-03-09 11:19 ` [RFC PATCH 08/12] KEYS: Make the system trusted keyring depend on the asymmetric key type " David Howells
2016-03-09 11:19 ` [RFC PATCH 09/12] KEYS: Move the point of trust determination to __key_link() " David Howells
2016-03-09 11:19 ` David Howells [this message]
2016-03-09 11:19 ` [RFC PATCH 11/12] certs: Add a secondary system keyring that can be added to dynamically " David Howells
2016-04-06 0:37 ` Mimi Zohar
2016-04-06 16:12 ` David Howells
2016-03-09 11:19 ` [RFC PATCH 12/12] IMA: Use the the system trusted keyrings instead of .ima_mok " David Howells
2016-03-28 11:59 ` Mimi Zohar
2016-03-30 16:19 ` David Howells
2016-03-31 12:21 ` Mimi Zohar
2016-03-31 15:18 ` David Howells
2016-03-31 15:55 ` Mimi Zohar
2016-03-31 22:18 ` Mimi Zohar
2016-04-01 14:33 ` David Howells
2016-04-01 16:49 ` Mimi Zohar
2016-04-01 14:06 ` David Howells
2016-04-01 17:07 ` Mimi Zohar
2016-04-05 20:48 ` Mimi Zohar
2016-04-06 16:13 ` David Howells
2016-04-06 16:47 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160309111925.28811.65968.stgit@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox