diff options
| author | Jeff Garzik <jgarzik@pobox.com> | 2005-10-11 01:48:37 -0400 |
|---|---|---|
| committer | Jeff Garzik <jgarzik@pobox.com> | 2005-10-11 01:48:37 -0400 |
| commit | 1a04392bd6439876b1552793389cbb5be356ea54 (patch) | |
| tree | 12af7b77e3b0848127f2d2871778c9c1f315578a /security/keys/permission.c | |
| parent | 68399bb5080c1d96f2110b0a040b39d3ccd7a18a (diff) | |
| parent | 3c92c2ba33cd7d666c5f83cc32aa590e794e91b0 (diff) | |
| download | kernel_samsung_espresso10-1a04392bd6439876b1552793389cbb5be356ea54.zip kernel_samsung_espresso10-1a04392bd6439876b1552793389cbb5be356ea54.tar.gz kernel_samsung_espresso10-1a04392bd6439876b1552793389cbb5be356ea54.tar.bz2 | |
Merge branch 'master'
Diffstat (limited to 'security/keys/permission.c')
| -rw-r--r-- | security/keys/permission.c | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/security/keys/permission.c b/security/keys/permission.c new file mode 100644 index 0000000..03db073 --- /dev/null +++ b/security/keys/permission.c @@ -0,0 +1,70 @@ +/* permission.c: key permission determination + * + * Copyright (C) 2005 Red Hat, Inc. All Rights Reserved. + * Written by David Howells (dhowells@redhat.com) + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version + * 2 of the License, or (at your option) any later version. + */ + +#include <linux/module.h> +#include "internal.h" + +/*****************************************************************************/ +/* + * check to see whether permission is granted to use a key in the desired way, + * but permit the security modules to override + */ +int key_task_permission(const key_ref_t key_ref, + struct task_struct *context, + key_perm_t perm) +{ + struct key *key; + key_perm_t kperm; + int ret; + + key = key_ref_to_ptr(key_ref); + + /* use the second 8-bits of permissions for keys the caller owns */ + if (key->uid == context->fsuid) { + kperm = key->perm >> 16; + goto use_these_perms; + } + + /* use the third 8-bits of permissions for keys the caller has a group + * membership in common with */ + if (key->gid != -1 && key->perm & KEY_GRP_ALL) { + if (key->gid == context->fsgid) { + kperm = key->perm >> 8; + goto use_these_perms; + } + + task_lock(context); + ret = groups_search(context->group_info, key->gid); + task_unlock(context); + + if (ret) { + kperm = key->perm >> 8; + goto use_these_perms; + } + } + + /* otherwise use the least-significant 8-bits */ + kperm = key->perm; + +use_these_perms: + /* use the top 8-bits of permissions for keys the caller possesses + * - possessor permissions are additive with other permissions + */ + if (is_key_possessed(key_ref)) + kperm |= key->perm >> 24; + + kperm = kperm & perm & KEY_ALL; + + return kperm == perm; + +} /* end key_task_permission() */ + +EXPORT_SYMBOL(key_task_permission); |