leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

KEYS: Add a 'trusted' flag and a 'trusted only' flag

Browse Source 
Add KEY_FLAG_TRUSTED to indicate that a key either comes from a trusted source
or had a cryptographic signature chain that led back to a trusted key the
kernel already possessed.

Add KEY_FLAGS_TRUSTED_ONLY to indicate that a keyring will only accept links to
keys marked with KEY_FLAGS_TRUSTED.

Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
This commit is contained in:
David Howells
2013-08-30 16:07:37 +01:00
parent b56e5a17b6
commit 008643b86c
5 changed files with 19 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
security/keys/keyring.c
View File

@@ -1183,6 +1183,10 @@ int key_link(struct key *keyring, struct key *key)
key_check(keyring);
key_check(key);
if (test_bit(KEY_FLAG_TRUSTED_ONLY, &keyring->flags) &&
!test_bit(KEY_FLAG_TRUSTED, &key->flags))
return -EPERM;
ret = __key_link_begin(keyring, &key->index_key, &edit);
if (ret == 0) {
kdebug("begun {%d,%d}", keyring->serial, atomic_read(&keyring->usage));