summaryrefslogtreecommitdiff
path: root/security/keys/internal.h
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2010-06-11 17:31:10 +0100
committerJames Morris <jmorris@namei.org>2010-08-02 15:34:27 +1000
commit927942aabbbe506bf9bc70a16dc5460ecc64c148 (patch)
tree2c53ccb405bd4afb03ff9f7acab892fafc7e9b0f /security/keys/internal.h
parent9156235b3427d6f01c5c95022f72f381f07583f5 (diff)
downloadlwn-927942aabbbe506bf9bc70a16dc5460ecc64c148.tar.gz
lwn-927942aabbbe506bf9bc70a16dc5460ecc64c148.zip
KEYS: Make /proc/keys check to see if a key is possessed before security check
Make /proc/keys check to see if the calling process possesses each key before performing the security check. The possession check can be skipped if the key doesn't have the possessor-view permission bit set. This causes the keys a process possesses to show up in /proc/keys, even if they don't have matching user/group/other view permissions. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/keys/internal.h')
-rw-r--r--security/keys/internal.h5
1 files changed, 5 insertions, 0 deletions
diff --git a/security/keys/internal.h b/security/keys/internal.h
index 38783dcf6c61..addb67b169f4 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -114,6 +114,10 @@ extern key_ref_t keyring_search_aux(key_ref_t keyring_ref,
const void *description,
key_match_func_t match);
+extern key_ref_t search_my_process_keyrings(struct key_type *type,
+ const void *description,
+ key_match_func_t match,
+ const struct cred *cred);
extern key_ref_t search_process_keyrings(struct key_type *type,
const void *description,
key_match_func_t match,
@@ -134,6 +138,7 @@ extern struct key *request_key_and_link(struct key_type *type,
struct key *dest_keyring,
unsigned long flags);
+extern int lookup_user_key_possessed(const struct key *key, const void *target);
extern key_ref_t lookup_user_key(key_serial_t id, unsigned long flags,
key_perm_t perm);
#define KEY_LOOKUP_CREATE 0x01