forked from ~ljy/RK356X_SDK_RELEASE

blame | history | patch | commit | commitdiff
hc
2024-02-20 102a0743326a03cd1a1202ceda21e175b7d3575c 
 kernel/security/keys/permission.c
....@@ -1,15 +1,11 @@
1
+// SPDX-License-Identifier: GPL-2.0-or-later
12 /* Key permission checking
23  *
34  * Copyright (C) 2005 Red Hat, Inc. All Rights Reserved.
45  * Written by David Howells (dhowells@redhat.com)
5
- *
6
- * This program is free software; you can redistribute it and/or
7
- * modify it under the terms of the GNU General Public License
8
- * as published by the Free Software Foundation; either version
9
- * 2 of the License, or (at your option) any later version.
106  */
117 
12
-#include <linux/module.h>
8
+#include <linux/export.h>
139 #include <linux/security.h>
1410 #include "internal.h"
1511 
....@@ -17,7 +13,7 @@
1713  * key_task_permission - Check a key can be used
1814  * @key_ref: The key to check.
1915  * @cred: The credentials to use.
20
- * @perm: The permissions to check for.
16
+ * @need_perm: The permission required.
2117  *
2218  * Check to see whether permission is granted to use a key in the desired way,
2319  * but permit the security modules to override.
....@@ -28,11 +24,29 @@
2824  * permissions bits or the LSM check.
2925  */
3026 int key_task_permission(const key_ref_t key_ref, const struct cred *cred,
31
-			unsigned perm)
27
+			enum key_need_perm need_perm)
3228 {
3329 	struct key *key;
34
-	key_perm_t kperm;
30
+	key_perm_t kperm, mask;
3531 	int ret;
32
+
33
+	switch (need_perm) {
34
+	default:
35
+		WARN_ON(1);
36
+		return -EACCES;
37
+	case KEY_NEED_UNLINK:
38
+	case KEY_SYSADMIN_OVERRIDE:
39
+	case KEY_AUTHTOKEN_OVERRIDE:
40
+	case KEY_DEFER_PERM_CHECK:
41
+		goto lsm;
42
+
43
+	case KEY_NEED_VIEW:	mask = KEY_OTH_VIEW;	break;
44
+	case KEY_NEED_READ:	mask = KEY_OTH_READ;	break;
45
+	case KEY_NEED_WRITE:	mask = KEY_OTH_WRITE;	break;
46
+	case KEY_NEED_SEARCH:	mask = KEY_OTH_SEARCH;	break;
47
+	case KEY_NEED_LINK:	mask = KEY_OTH_LINK;	break;
48
+	case KEY_NEED_SETATTR:	mask = KEY_OTH_SETATTR;	break;
49
+	}
3650 
3751 	key = key_ref_to_ptr(key_ref);
3852 
....@@ -68,13 +82,12 @@
6882 	if (is_key_possessed(key_ref))
6983 		kperm |= key->perm >> 24;
7084 
71
-	kperm = kperm & perm & KEY_NEED_ALL;
72
-
73
-	if (kperm != perm)
85
+	if ((kperm & mask) != mask)
7486 		return -EACCES;
7587 
7688 	/* let LSM be the final arbiter */
77
-	return security_key_permission(key_ref, cred, perm);
89
+lsm:
90
+	return security_key_permission(key_ref, cred, need_perm);
7891 }
7992 EXPORT_SYMBOL(key_task_permission);
8093