diff options
author | David Howells <dhowells@redhat.com> | 2013-08-30 17:07:37 +0200 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2013-09-25 18:17:01 +0200 |
commit | 008643b86c5f33c115c84ccdda1725cac3ad50ad (patch) | |
tree | 951ea0d3d7b84ce3570da17f03f45a53f3e4b35d /security/keys/keyring.c | |
parent | KEYS: Separate the kernel signature checking keyring from module signing (diff) | |
download | linux-008643b86c5f33c115c84ccdda1725cac3ad50ad.tar.xz linux-008643b86c5f33c115c84ccdda1725cac3ad50ad.zip |
KEYS: Add a 'trusted' flag and a 'trusted only' flag
Add KEY_FLAG_TRUSTED to indicate that a key either comes from a trusted source
or had a cryptographic signature chain that led back to a trusted key the
kernel already possessed.
Add KEY_FLAGS_TRUSTED_ONLY to indicate that a keyring will only accept links to
keys marked with KEY_FLAGS_TRUSTED.
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'security/keys/keyring.c')
-rw-r--r-- | security/keys/keyring.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/security/keys/keyring.c b/security/keys/keyring.c index f7cdea22214f..9b6f6e09b50c 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c @@ -1183,6 +1183,10 @@ int key_link(struct key *keyring, struct key *key) key_check(keyring); key_check(key); + if (test_bit(KEY_FLAG_TRUSTED_ONLY, &keyring->flags) && + !test_bit(KEY_FLAG_TRUSTED, &key->flags)) + return -EPERM; + ret = __key_link_begin(keyring, &key->index_key, &edit); if (ret == 0) { kdebug("begun {%d,%d}", keyring->serial, atomic_read(&keyring->usage)); |