c69e8d9c01
Use RCU to access another task's creds and to release a task's own creds. This means that it will be possible for the credentials of a task to be replaced without another task (a) requiring a full lock to read them, and (b) seeing deallocated memory. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: James Morris <jmorris@namei.org> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
110 lines
2.6 KiB
C
110 lines
2.6 KiB
C
/* permission.c: key permission determination
|
|
*
|
|
* Copyright (C) 2005 Red Hat, Inc. All Rights Reserved.
|
|
* Written by David Howells (dhowells@redhat.com)
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version
|
|
* 2 of the License, or (at your option) any later version.
|
|
*/
|
|
|
|
#include <linux/module.h>
|
|
#include <linux/security.h>
|
|
#include "internal.h"
|
|
|
|
/*****************************************************************************/
|
|
/*
|
|
* check to see whether permission is granted to use a key in the desired way,
|
|
* but permit the security modules to override
|
|
*/
|
|
int key_task_permission(const key_ref_t key_ref,
|
|
struct task_struct *context,
|
|
key_perm_t perm)
|
|
{
|
|
const struct cred *cred;
|
|
struct key *key;
|
|
key_perm_t kperm;
|
|
int ret;
|
|
|
|
key = key_ref_to_ptr(key_ref);
|
|
|
|
rcu_read_lock();
|
|
cred = __task_cred(context);
|
|
|
|
/* use the second 8-bits of permissions for keys the caller owns */
|
|
if (key->uid == cred->fsuid) {
|
|
kperm = key->perm >> 16;
|
|
goto use_these_perms;
|
|
}
|
|
|
|
/* use the third 8-bits of permissions for keys the caller has a group
|
|
* membership in common with */
|
|
if (key->gid != -1 && key->perm & KEY_GRP_ALL) {
|
|
if (key->gid == cred->fsgid) {
|
|
kperm = key->perm >> 8;
|
|
goto use_these_perms;
|
|
}
|
|
|
|
ret = groups_search(cred->group_info, key->gid);
|
|
if (ret) {
|
|
kperm = key->perm >> 8;
|
|
goto use_these_perms;
|
|
}
|
|
}
|
|
|
|
/* otherwise use the least-significant 8-bits */
|
|
kperm = key->perm;
|
|
|
|
use_these_perms:
|
|
rcu_read_lock();
|
|
|
|
/* use the top 8-bits of permissions for keys the caller possesses
|
|
* - possessor permissions are additive with other permissions
|
|
*/
|
|
if (is_key_possessed(key_ref))
|
|
kperm |= key->perm >> 24;
|
|
|
|
kperm = kperm & perm & KEY_ALL;
|
|
|
|
if (kperm != perm)
|
|
return -EACCES;
|
|
|
|
/* let LSM be the final arbiter */
|
|
return security_key_permission(key_ref, context, perm);
|
|
|
|
} /* end key_task_permission() */
|
|
|
|
EXPORT_SYMBOL(key_task_permission);
|
|
|
|
/*****************************************************************************/
|
|
/*
|
|
* validate a key
|
|
*/
|
|
int key_validate(struct key *key)
|
|
{
|
|
struct timespec now;
|
|
int ret = 0;
|
|
|
|
if (key) {
|
|
/* check it's still accessible */
|
|
ret = -EKEYREVOKED;
|
|
if (test_bit(KEY_FLAG_REVOKED, &key->flags) ||
|
|
test_bit(KEY_FLAG_DEAD, &key->flags))
|
|
goto error;
|
|
|
|
/* check it hasn't expired */
|
|
ret = 0;
|
|
if (key->expiry) {
|
|
now = current_kernel_time();
|
|
if (now.tv_sec >= key->expiry)
|
|
ret = -EKEYEXPIRED;
|
|
}
|
|
}
|
|
|
|
error:
|
|
return ret;
|
|
|
|
} /* end key_validate() */
|
|
|
|
EXPORT_SYMBOL(key_validate);
|