X-Git-Url: http://pilppa.org/gitweb/?a=blobdiff_plain;f=security%2Fkeys%2Finternal.h;h=81932abefe7b1b3120c06c44365c07f889a397ec;hb=14a3c4ab0e58d143c7928c9eb2f2610205e13bf2;hp=239098f0fd763f846b593de4432f4b887f3fa702;hpb=b19b3c74c7bbec45a848631b8f970ac110665a01;p=linux-2.6-omap-h63xx.git diff --git a/security/keys/internal.h b/security/keys/internal.h index 239098f0fd7..81932abefe7 100644 --- a/security/keys/internal.h +++ b/security/keys/internal.h @@ -12,8 +12,8 @@ #ifndef _INTERNAL_H #define _INTERNAL_H +#include #include -#include static inline __attribute__((format(printf, 1, 2))) void no_printk(const char *fmt, ...) @@ -26,7 +26,7 @@ void no_printk(const char *fmt, ...) #define kleave(FMT, ...) \ printk(KERN_DEBUG "<== %s()"FMT"\n", __func__, ##__VA_ARGS__) #define kdebug(FMT, ...) \ - printk(KERN_DEBUG "xxx" FMT"yyy\n", ##__VA_ARGS__) + printk(KERN_DEBUG " "FMT"\n", ##__VA_ARGS__) #else #define kenter(FMT, ...) \ no_printk(KERN_DEBUG "==> %s("FMT")\n", __func__, ##__VA_ARGS__) @@ -82,6 +82,9 @@ extern struct mutex key_construction_mutex; extern wait_queue_head_t request_key_conswq; +extern struct key_type *key_type_lookup(const char *type); +extern void key_type_put(struct key_type *ktype); + extern int __key_link(struct key *keyring, struct key *key); extern key_ref_t __keyring_search_one(key_ref_t keyring_ref, @@ -95,7 +98,7 @@ extern struct key *keyring_search_instkey(struct key *keyring, typedef int (*key_match_func_t)(const struct key *, const void *); extern key_ref_t keyring_search_aux(key_ref_t keyring_ref, - struct task_struct *tsk, + const struct cred *cred, struct key_type *type, const void *description, key_match_func_t match); @@ -103,13 +106,13 @@ extern key_ref_t keyring_search_aux(key_ref_t keyring_ref, extern key_ref_t search_process_keyrings(struct key_type *type, const void *description, key_match_func_t match, - struct task_struct *tsk); + const struct cred *cred); extern struct key *find_keyring_by_name(const char *name, bool skip_perm_check); -extern int install_user_keyrings(struct task_struct *tsk); -extern int install_thread_keyring(struct task_struct *tsk); -extern int install_process_keyring(struct task_struct *tsk); +extern int install_user_keyrings(void); +extern int install_thread_keyring_to_cred(struct cred *); +extern int install_process_keyring_to_cred(struct cred *); extern struct key *request_key_and_link(struct key_type *type, const char *description, @@ -119,12 +122,39 @@ extern struct key *request_key_and_link(struct key_type *type, struct key *dest_keyring, unsigned long flags); +extern key_ref_t lookup_user_key(key_serial_t id, int create, int partial, + key_perm_t perm); + +extern long join_session_keyring(const char *name); + +/* + * check to see whether permission is granted to use a key in the desired way + */ +extern int key_task_permission(const key_ref_t key_ref, + const struct cred *cred, + key_perm_t perm); + +static inline int key_permission(const key_ref_t key_ref, key_perm_t perm) +{ + return key_task_permission(key_ref, current_cred(), perm); +} + +/* required permissions */ +#define KEY_VIEW 0x01 /* require permission to view attributes */ +#define KEY_READ 0x02 /* require permission to read content */ +#define KEY_WRITE 0x04 /* require permission to update / modify */ +#define KEY_SEARCH 0x08 /* require permission to search (keyring) or find (key) */ +#define KEY_LINK 0x10 /* require permission to link */ +#define KEY_SETATTR 0x20 /* require permission to change attributes */ +#define KEY_ALL 0x3f /* all the above permissions */ + /* * request_key authorisation */ struct request_key_auth { struct key *target_key; - struct task_struct *context; + struct key *dest_keyring; + const struct cred *cred; void *callout_info; size_t callout_len; pid_t pid; @@ -133,7 +163,8 @@ struct request_key_auth { extern struct key_type key_type_request_key_auth; extern struct key *request_key_auth_new(struct key *target, const void *callout_info, - size_t callout_len); + size_t callout_len, + struct key *dest_keyring); extern struct key *key_get_instantiation_authkey(key_serial_t target_id);