[PATCH] keys: Make the KEY_NEED_* perms an enum rather than a mask
Jarkko Sakkinen
jarkko.sakkinen at linux.intel.com
Thu May 14 11:00:14 UTC 2020
On Tue, 2020-05-12 at 23:33 +0100, David Howells wrote:
> Since the meaning of combining the KEY_NEED_* constants is undefined, make
> it so that you can't do that by turning them into an enum.
>
> The enum is also given some extra values to represent special
> circumstances, such as:
>
> (1) The '0' value is reserved and causes a warning to trap the parameter
> being unset.
>
> (2) The key is to be unlinked and we require no permissions on it, only
> the keyring, (this replaces the KEY_LOOKUP_FOR_UNLINK flag).
>
> (3) An override due to CAP_SYS_ADMIN.
>
> (4) An override due to an instantiation token being present.
>
> (5) The permissions check is being deferred to later key_permission()
> calls.
>
> The extra values give the opportunity for LSMs to audit these situations.
>
> Signed-off-by: David Howells <dhowells at redhat.com>
> cc: Jarkko Sakkinen <jarkko.sakkinen at linux.intel.com>
> cc: Paul Moore <paul at paul-moore.com>
> cc: Stephen Smalley <stephen.smalley.work at gmail.com>
> cc: Casey Schaufler <casey at schaufler-ca.com>
> cc: keyrings at vger.kernel.org
> cc: selinux at vger.kernel.org
So extensive comments already from Stephen and Paul that I'll just
wait for the next version (agree with the idea though).
/Jarkko
More information about the Linux-security-module-archive
mailing list