diff options
| author | Rusty Russell <rusty@rustcorp.com.au> | 2008-12-29 22:32:35 +0100 |
|---|---|---|
| committer | Rusty Russell <rusty@rustcorp.com.au> | 2008-12-29 22:32:35 +0100 |
| commit | 33edcf133ba93ecba2e4b6472e97b689895d805c (patch) | |
| tree | 327d7a20acef64005e7c5ccbfa1265be28aeb6ac /security/keys/permission.c | |
| parent | cpumask: Replace cpu_coregroup_map with cpu_coregroup_mask (diff) | |
| parent | Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/p... (diff) | |
| download | linux-33edcf133ba93ecba2e4b6472e97b689895d805c.tar.xz linux-33edcf133ba93ecba2e4b6472e97b689895d805c.zip | |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6
Diffstat (limited to 'security/keys/permission.c')
| -rw-r--r-- | security/keys/permission.c | 29 |
1 files changed, 17 insertions, 12 deletions
diff --git a/security/keys/permission.c b/security/keys/permission.c index 3b41f9b52537..5d9fc7b93f2e 100644 --- a/security/keys/permission.c +++ b/security/keys/permission.c @@ -14,12 +14,19 @@ #include "internal.h" /*****************************************************************************/ -/* - * check to see whether permission is granted to use a key in the desired way, - * but permit the security modules to override +/** + * key_task_permission - Check a key can be used + * @key_ref: The key to check + * @cred: The credentials to use + * @perm: The permissions to check for + * + * Check to see whether permission is granted to use a key in the desired way, + * but permit the security modules to override. + * + * The caller must hold either a ref on cred or must hold the RCU readlock or a + * spinlock. */ -int key_task_permission(const key_ref_t key_ref, - struct task_struct *context, +int key_task_permission(const key_ref_t key_ref, const struct cred *cred, key_perm_t perm) { struct key *key; @@ -29,7 +36,7 @@ int key_task_permission(const key_ref_t key_ref, key = key_ref_to_ptr(key_ref); /* use the second 8-bits of permissions for keys the caller owns */ - if (key->uid == context->fsuid) { + if (key->uid == cred->fsuid) { kperm = key->perm >> 16; goto use_these_perms; } @@ -37,15 +44,12 @@ int key_task_permission(const key_ref_t key_ref, /* use the third 8-bits of permissions for keys the caller has a group * membership in common with */ if (key->gid != -1 && key->perm & KEY_GRP_ALL) { - if (key->gid == context->fsgid) { + if (key->gid == cred->fsgid) { kperm = key->perm >> 8; goto use_these_perms; } - task_lock(context); - ret = groups_search(context->group_info, key->gid); - task_unlock(context); - + ret = groups_search(cred->group_info, key->gid); if (ret) { kperm = key->perm >> 8; goto use_these_perms; @@ -56,6 +60,7 @@ int key_task_permission(const key_ref_t key_ref, kperm = key->perm; use_these_perms: + /* use the top 8-bits of permissions for keys the caller possesses * - possessor permissions are additive with other permissions */ @@ -68,7 +73,7 @@ use_these_perms: return -EACCES; /* let LSM be the final arbiter */ - return security_key_permission(key_ref, context, perm); + return security_key_permission(key_ref, cred, perm); } /* end key_task_permission() */ |