[PATCH] keys: Make the KEY_NEED_* perms an enum rather than a mask

Jarkko Sakkinen jarkko.sakkinen at linux.intel.com
Thu May 14 11:00:14 UTC 2020

On Tue, 2020-05-12 at 23:33 +0100, David Howells wrote:
> Since the meaning of combining the KEY_NEED_* constants is undefined, make
> it so that you can't do that by turning them into an enum.
> The enum is also given some extra values to represent special
> circumstances, such as:
>  (1) The '0' value is reserved and causes a warning to trap the parameter
>      being unset.
>  (2) The key is to be unlinked and we require no permissions on it, only
>      the keyring, (this replaces the KEY_LOOKUP_FOR_UNLINK flag).
>  (3) An override due to CAP_SYS_ADMIN.
>  (4) An override due to an instantiation token being present.
>  (5) The permissions check is being deferred to later key_permission()
>      calls.
> The extra values give the opportunity for LSMs to audit these situations.
> Signed-off-by: David Howells <dhowells at redhat.com>
> cc: Jarkko Sakkinen <jarkko.sakkinen at linux.intel.com>
> cc: Paul Moore <paul at paul-moore.com>
> cc: Stephen Smalley <stephen.smalley.work at gmail.com>
> cc: Casey Schaufler <casey at schaufler-ca.com>
> cc: keyrings at vger.kernel.org
> cc: selinux at vger.kernel.org

So extensive comments already from Stephen and Paul that I'll just
wait for the next version (agree with the idea though).


More information about the Linux-security-module-archive mailing list