diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2014-06-10 10:05:36 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2014-06-10 10:05:36 -0700 |
commit | fad0701eaa091beb8ce5ef2eef04b5e833617368 (patch) | |
tree | 788297c7b05b167599265013ef8ec473a0d367fe /include/linux | |
parent | d53b47c08d8fda1892f47393de8eeab4e34b3188 (diff) | |
parent | f9b2a735bdddf836214b5dca74f6ca7712e5a08c (diff) |
Merge branch 'serge-next-1' of git://git.kernel.org/pub/scm/linux/kernel/git/sergeh/linux-security
Pull security layer updates from Serge Hallyn:
"This is a merge of James Morris' security-next tree from 3.14 to
yesterday's master, plus four patches from Paul Moore which are in
linux-next, plus one patch from Mimi"
* 'serge-next-1' of git://git.kernel.org/pub/scm/linux/kernel/git/sergeh/linux-security:
ima: audit log files opened with O_DIRECT flag
selinux: conditionally reschedule in hashtab_insert while loading selinux policy
selinux: conditionally reschedule in mls_convert_context while loading selinux policy
selinux: reject setexeccon() on MNT_NOSUID applications with -EACCES
selinux: Report permissive mode in avc: denied messages.
Warning in scanf string typing
Smack: Label cgroup files for systemd
Smack: Verify read access on file open - v3
security: Convert use of typedef ctl_table to struct ctl_table
Smack: bidirectional UDS connect check
Smack: Correctly remove SMACK64TRANSMUTE attribute
SMACK: Fix handling value==NULL in post setxattr
bugfix patch for SMACK
Smack: adds smackfs/ptrace interface
Smack: unify all ptrace accesses in the smack
Smack: fix the subject/object order in smack_ptrace_traceme()
Minor improvement of 'smack_sb_kern_mount'
smack: fix key permission verification
KEYS: Move the flags representing required permission to linux/key.h
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/key.h | 11 | ||||
-rw-r--r-- | include/linux/security.h | 6 |
2 files changed, 14 insertions, 3 deletions
diff --git a/include/linux/key.h b/include/linux/key.h index 3ae45f09589b..017b0826642f 100644 --- a/include/linux/key.h +++ b/include/linux/key.h @@ -309,6 +309,17 @@ static inline key_serial_t key_serial(const struct key *key) extern void key_set_timeout(struct key *, unsigned); +/* + * The permissions required on a key that we're looking up. + */ +#define KEY_NEED_VIEW 0x01 /* Require permission to view attributes */ +#define KEY_NEED_READ 0x02 /* Require permission to read content */ +#define KEY_NEED_WRITE 0x04 /* Require permission to update / modify */ +#define KEY_NEED_SEARCH 0x08 /* Require permission to search (keyring) or find (key) */ +#define KEY_NEED_LINK 0x10 /* Require permission to link */ +#define KEY_NEED_SETATTR 0x20 /* Require permission to change attributes */ +#define KEY_NEED_ALL 0x3f /* All the above permissions */ + /** * key_is_instantiated - Determine if a key has been positively instantiated * @key: The key to check. diff --git a/include/linux/security.h b/include/linux/security.h index 6478ce3252c7..9c6b9722ff48 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1708,7 +1708,7 @@ struct security_operations { void (*key_free) (struct key *key); int (*key_permission) (key_ref_t key_ref, const struct cred *cred, - key_perm_t perm); + unsigned perm); int (*key_getsecurity)(struct key *key, char **_buffer); #endif /* CONFIG_KEYS */ @@ -3034,7 +3034,7 @@ static inline int security_path_chroot(struct path *path) int security_key_alloc(struct key *key, const struct cred *cred, unsigned long flags); void security_key_free(struct key *key); int security_key_permission(key_ref_t key_ref, - const struct cred *cred, key_perm_t perm); + const struct cred *cred, unsigned perm); int security_key_getsecurity(struct key *key, char **_buffer); #else @@ -3052,7 +3052,7 @@ static inline void security_key_free(struct key *key) static inline int security_key_permission(key_ref_t key_ref, const struct cred *cred, - key_perm_t perm) + unsigned perm) { return 0; } |