forked from Qortal/Brooklyn
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
123 lines
3.2 KiB
123 lines
3.2 KiB
// SPDX-License-Identifier: GPL-2.0-or-later |
|
/* Key permission checking |
|
* |
|
* Copyright (C) 2005 Red Hat, Inc. All Rights Reserved. |
|
* Written by David Howells ([email protected]) |
|
*/ |
|
|
|
#include <linux/export.h> |
|
#include <linux/security.h> |
|
#include "internal.h" |
|
|
|
/** |
|
* key_task_permission - Check a key can be used |
|
* @key_ref: The key to check. |
|
* @cred: The credentials to use. |
|
* @need_perm: The permission required. |
|
* |
|
* Check to see whether permission is granted to use a key in the desired way, |
|
* but permit the security modules to override. |
|
* |
|
* The caller must hold either a ref on cred or must hold the RCU readlock. |
|
* |
|
* Returns 0 if successful, -EACCES if access is denied based on the |
|
* permissions bits or the LSM check. |
|
*/ |
|
int key_task_permission(const key_ref_t key_ref, const struct cred *cred, |
|
enum key_need_perm need_perm) |
|
{ |
|
struct key *key; |
|
key_perm_t kperm, mask; |
|
int ret; |
|
|
|
switch (need_perm) { |
|
default: |
|
WARN_ON(1); |
|
return -EACCES; |
|
case KEY_NEED_UNLINK: |
|
case KEY_SYSADMIN_OVERRIDE: |
|
case KEY_AUTHTOKEN_OVERRIDE: |
|
case KEY_DEFER_PERM_CHECK: |
|
goto lsm; |
|
|
|
case KEY_NEED_VIEW: mask = KEY_OTH_VIEW; break; |
|
case KEY_NEED_READ: mask = KEY_OTH_READ; break; |
|
case KEY_NEED_WRITE: mask = KEY_OTH_WRITE; break; |
|
case KEY_NEED_SEARCH: mask = KEY_OTH_SEARCH; break; |
|
case KEY_NEED_LINK: mask = KEY_OTH_LINK; break; |
|
case KEY_NEED_SETATTR: mask = KEY_OTH_SETATTR; break; |
|
} |
|
|
|
key = key_ref_to_ptr(key_ref); |
|
|
|
/* use the second 8-bits of permissions for keys the caller owns */ |
|
if (uid_eq(key->uid, cred->fsuid)) { |
|
kperm = key->perm >> 16; |
|
goto use_these_perms; |
|
} |
|
|
|
/* use the third 8-bits of permissions for keys the caller has a group |
|
* membership in common with */ |
|
if (gid_valid(key->gid) && key->perm & KEY_GRP_ALL) { |
|
if (gid_eq(key->gid, cred->fsgid)) { |
|
kperm = key->perm >> 8; |
|
goto use_these_perms; |
|
} |
|
|
|
ret = groups_search(cred->group_info, key->gid); |
|
if (ret) { |
|
kperm = key->perm >> 8; |
|
goto use_these_perms; |
|
} |
|
} |
|
|
|
/* otherwise use the least-significant 8-bits */ |
|
kperm = key->perm; |
|
|
|
use_these_perms: |
|
|
|
/* use the top 8-bits of permissions for keys the caller possesses |
|
* - possessor permissions are additive with other permissions |
|
*/ |
|
if (is_key_possessed(key_ref)) |
|
kperm |= key->perm >> 24; |
|
|
|
if ((kperm & mask) != mask) |
|
return -EACCES; |
|
|
|
/* let LSM be the final arbiter */ |
|
lsm: |
|
return security_key_permission(key_ref, cred, need_perm); |
|
} |
|
EXPORT_SYMBOL(key_task_permission); |
|
|
|
/** |
|
* key_validate - Validate a key. |
|
* @key: The key to be validated. |
|
* |
|
* Check that a key is valid, returning 0 if the key is okay, -ENOKEY if the |
|
* key is invalidated, -EKEYREVOKED if the key's type has been removed or if |
|
* the key has been revoked or -EKEYEXPIRED if the key has expired. |
|
*/ |
|
int key_validate(const struct key *key) |
|
{ |
|
unsigned long flags = READ_ONCE(key->flags); |
|
time64_t expiry = READ_ONCE(key->expiry); |
|
|
|
if (flags & (1 << KEY_FLAG_INVALIDATED)) |
|
return -ENOKEY; |
|
|
|
/* check it's still accessible */ |
|
if (flags & ((1 << KEY_FLAG_REVOKED) | |
|
(1 << KEY_FLAG_DEAD))) |
|
return -EKEYREVOKED; |
|
|
|
/* check it hasn't expired */ |
|
if (expiry) { |
|
if (ktime_get_real_seconds() >= expiry) |
|
return -EKEYEXPIRED; |
|
} |
|
|
|
return 0; |
|
} |
|
EXPORT_SYMBOL(key_validate);
|
|
|