diff options
| author | David Howells <dhowells@redhat.com> | 2016-02-09 16:40:46 +0000 |
|---|---|---|
| committer | Oleksandr Suvorov <oleksandr.suvorov@toradex.com> | 2020-05-25 13:57:20 +0300 |
| commit | daed9e3e1730eb8b8a36f47ab0fd145379d4cfed (patch) | |
| tree | 0329f5eb0f00b414ac2e12b010baec2dcc60833c | |
| parent | a059662670a95b75b4b1720138c9bfcd7988b1df (diff) | |
KEYS: Add an alloc flag to convey the builtinness of a key
commit 5d2787cf0b210d2925e8d44e2e79241385249d6b upstream
Add KEY_ALLOC_BUILT_IN to convey that a key should have KEY_FLAG_BUILTIN
set rather than setting it after the fact.
Tuned for toradex_vf_4.4-next
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@toradex.com>
| -rw-r--r-- | certs/system_keyring.c | 4 | ||||
| -rw-r--r-- | include/linux/key.h | 1 | ||||
| -rw-r--r-- | security/keys/key.c | 2 |
3 files changed, 5 insertions, 2 deletions
diff --git a/certs/system_keyring.c b/certs/system_keyring.c index 2570598b784d..f4180326c2e1 100644 --- a/certs/system_keyring.c +++ b/certs/system_keyring.c @@ -84,12 +84,12 @@ static __init int load_system_certificate_list(void) ((KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW | KEY_USR_READ), KEY_ALLOC_NOT_IN_QUOTA | - KEY_ALLOC_TRUSTED); + KEY_ALLOC_TRUSTED | + KEY_ALLOC_BUILT_IN); if (IS_ERR(key)) { pr_err("Problem loading in-kernel X.509 certificate (%ld)\n", PTR_ERR(key)); } else { - set_bit(KEY_FLAG_BUILTIN, &key_ref_to_ptr(key)->flags); pr_notice("Loaded X.509 cert '%s'\n", key_ref_to_ptr(key)->description); key_ref_put(key); diff --git a/include/linux/key.h b/include/linux/key.h index af071ca73079..25862d2c1587 100644 --- a/include/linux/key.h +++ b/include/linux/key.h @@ -222,6 +222,7 @@ extern struct key *key_alloc(struct key_type *type, #define KEY_ALLOC_QUOTA_OVERRUN 0x0001 /* add to quota, permit even if overrun */ #define KEY_ALLOC_NOT_IN_QUOTA 0x0002 /* not in quota */ #define KEY_ALLOC_TRUSTED 0x0004 /* Key should be flagged as trusted */ +#define KEY_ALLOC_BUILT_IN 0x0008 /* Key is built into kernel */ #define KEY_ALLOC_UID_KEYRING 0x0010 /* allocating a user or user session keyring */ extern void key_revoke(struct key *key); diff --git a/security/keys/key.c b/security/keys/key.c index b5c8324ecf62..b362b11a8f31 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -296,6 +296,8 @@ struct key *key_alloc(struct key_type *type, const char *desc, key->flags |= 1 << KEY_FLAG_IN_QUOTA; if (flags & KEY_ALLOC_TRUSTED) key->flags |= 1 << KEY_FLAG_TRUSTED; + if (flags & KEY_ALLOC_BUILT_IN) + key->flags |= 1 << KEY_FLAG_BUILTIN; if (flags & KEY_ALLOC_UID_KEYRING) key->flags |= 1 << KEY_FLAG_UID_KEYRING; |