KEYS: Add a 'trusted' flag and a 'trusted only' flag

Add KEY_FLAG_TRUSTED to indicate that a key either comes from a trusted source or had a cryptographic signature chain that led back to a trusted key the kernel already possessed. Add KEY_FLAGS_TRUSTED_ONLY to indicate that a keyring will only accept links to keys marked with KEY_FLAGS_TRUSTED. Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: Kees Cook <keescook@chromium.org>
author: David Howells <dhowells@redhat.com> 2013-08-30 16:07:37 +0100
committer: David Howells <dhowells@redhat.com> 2013-09-25 17:17:01 +0100
commit: 008643b86c5f33c115c84ccdda1725cac3ad50ad (patch)
tree: 951ea0d3d7b84ce3570da17f03f45a53f3e4b35d /security/keys/keyring.c
parent: KEYS: Separate the kernel signature checking keyring from module signing (diff)
download: linux-dev-008643b86c5f33c115c84ccdda1725cac3ad50ad.tar.xz
linux-dev-008643b86c5f33c115c84ccdda1725cac3ad50ad.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index f7cdea22214f..9b6f6e09b50c 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -1183,6 +1183,10 @@ int key_link(struct key *keyring, struct key *key)
 	key_check(keyring);
 	key_check(key);
 
+	if (test_bit(KEY_FLAG_TRUSTED_ONLY, &keyring->flags) &&
+	    !test_bit(KEY_FLAG_TRUSTED, &key->flags))
+		return -EPERM;
+
 	ret = __key_link_begin(keyring, &key->index_key, &edit);
 	if (ret == 0) {
 		kdebug("begun {%d,%d}", keyring->serial, atomic_read(&keyring->usage));
author	David Howells <dhowells@redhat.com>	2013-08-30 16:07:37 +0100
committer	David Howells <dhowells@redhat.com>	2013-09-25 17:17:01 +0100
commit	008643b86c5f33c115c84ccdda1725cac3ad50ad (patch)
tree	951ea0d3d7b84ce3570da17f03f45a53f3e4b35d /security/keys/keyring.c
parent	KEYS: Separate the kernel signature checking keyring from module signing (diff)
download	linux-dev-008643b86c5f33c115c84ccdda1725cac3ad50ad.tar.xz linux-dev-008643b86c5f33c115c84ccdda1725cac3ad50ad.zip