| permission.c (292dd876ee765c478b27c93cc51e93a558ed58bf) | permission.c (b6dff3ec5e116e3af6f537d4caedcad6b9e5082a) |
|---|---|
| 1/* permission.c: key permission determination 2 * 3 * Copyright (C) 2005 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version --- 8 unchanged lines hidden (view full) --- 17/* 18 * check to see whether permission is granted to use a key in the desired way, 19 * but permit the security modules to override 20 */ 21int key_task_permission(const key_ref_t key_ref, 22 struct task_struct *context, 23 key_perm_t perm) 24{ | 1/* permission.c: key permission determination 2 * 3 * Copyright (C) 2005 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version --- 8 unchanged lines hidden (view full) --- 17/* 18 * check to see whether permission is granted to use a key in the desired way, 19 * but permit the security modules to override 20 */ 21int key_task_permission(const key_ref_t key_ref, 22 struct task_struct *context, 23 key_perm_t perm) 24{ |
| 25 struct cred *cred = context->cred; |
|
| 25 struct key *key; 26 key_perm_t kperm; 27 int ret; 28 29 key = key_ref_to_ptr(key_ref); 30 31 /* use the second 8-bits of permissions for keys the caller owns */ | 26 struct key *key; 27 key_perm_t kperm; 28 int ret; 29 30 key = key_ref_to_ptr(key_ref); 31 32 /* use the second 8-bits of permissions for keys the caller owns */ |
| 32 if (key->uid == context->fsuid) { | 33 if (key->uid == cred->fsuid) { |
| 33 kperm = key->perm >> 16; 34 goto use_these_perms; 35 } 36 37 /* use the third 8-bits of permissions for keys the caller has a group 38 * membership in common with */ 39 if (key->gid != -1 && key->perm & KEY_GRP_ALL) { | 34 kperm = key->perm >> 16; 35 goto use_these_perms; 36 } 37 38 /* use the third 8-bits of permissions for keys the caller has a group 39 * membership in common with */ 40 if (key->gid != -1 && key->perm & KEY_GRP_ALL) { |
| 40 if (key->gid == context->fsgid) { | 41 if (key->gid == cred->fsgid) { |
| 41 kperm = key->perm >> 8; 42 goto use_these_perms; 43 } 44 | 42 kperm = key->perm >> 8; 43 goto use_these_perms; 44 } 45 |
| 45 task_lock(context); 46 ret = groups_search(context->group_info, key->gid); 47 task_unlock(context); | 46 spin_lock(&cred->lock); 47 ret = groups_search(cred->group_info, key->gid); 48 spin_unlock(&cred->lock); |
| 48 49 if (ret) { 50 kperm = key->perm >> 8; 51 goto use_these_perms; 52 } 53 } 54 55 /* otherwise use the least-significant 8-bits */ --- 52 unchanged lines hidden --- | 49 50 if (ret) { 51 kperm = key->perm >> 8; 52 goto use_these_perms; 53 } 54 } 55 56 /* otherwise use the least-significant 8-bits */ --- 52 unchanged lines hidden --- |