]>
Commit | Line | Data |
---|---|---|
2874c5fd | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
973c9f4f | 2 | /* Key permission checking |
468ed2b0 DH |
3 | * |
4 | * Copyright (C) 2005 Red Hat, Inc. All Rights Reserved. | |
5 | * Written by David Howells (dhowells@redhat.com) | |
468ed2b0 DH |
6 | */ |
7 | ||
876979c9 | 8 | #include <linux/export.h> |
29db9190 | 9 | #include <linux/security.h> |
468ed2b0 DH |
10 | #include "internal.h" |
11 | ||
d84f4f99 DH |
12 | /** |
13 | * key_task_permission - Check a key can be used | |
973c9f4f DH |
14 | * @key_ref: The key to check. |
15 | * @cred: The credentials to use. | |
8c0637e9 | 16 | * @need_perm: The permission required. |
d84f4f99 DH |
17 | * |
18 | * Check to see whether permission is granted to use a key in the desired way, | |
19 | * but permit the security modules to override. | |
20 | * | |
973c9f4f DH |
21 | * The caller must hold either a ref on cred or must hold the RCU readlock. |
22 | * | |
23 | * Returns 0 if successful, -EACCES if access is denied based on the | |
24 | * permissions bits or the LSM check. | |
468ed2b0 | 25 | */ |
d84f4f99 | 26 | int key_task_permission(const key_ref_t key_ref, const struct cred *cred, |
8c0637e9 | 27 | enum key_need_perm need_perm) |
468ed2b0 | 28 | { |
028db3e2 | 29 | struct key *key; |
8c0637e9 | 30 | key_perm_t kperm, mask; |
028db3e2 | 31 | int ret; |
468ed2b0 | 32 | |
8c0637e9 DH |
33 | switch (need_perm) { |
34 | default: | |
35 | WARN_ON(1); | |
36 | return -EACCES; | |
37 | case KEY_NEED_UNLINK: | |
38 | case KEY_SYSADMIN_OVERRIDE: | |
39 | case KEY_AUTHTOKEN_OVERRIDE: | |
40 | case KEY_DEFER_PERM_CHECK: | |
41 | goto lsm; | |
42 | ||
43 | case KEY_NEED_VIEW: mask = KEY_OTH_VIEW; break; | |
44 | case KEY_NEED_READ: mask = KEY_OTH_READ; break; | |
45 | case KEY_NEED_WRITE: mask = KEY_OTH_WRITE; break; | |
46 | case KEY_NEED_SEARCH: mask = KEY_OTH_SEARCH; break; | |
47 | case KEY_NEED_LINK: mask = KEY_OTH_LINK; break; | |
48 | case KEY_NEED_SETATTR: mask = KEY_OTH_SETATTR; break; | |
49 | } | |
50 | ||
468ed2b0 DH |
51 | key = key_ref_to_ptr(key_ref); |
52 | ||
028db3e2 LT |
53 | /* use the second 8-bits of permissions for keys the caller owns */ |
54 | if (uid_eq(key->uid, cred->fsuid)) { | |
55 | kperm = key->perm >> 16; | |
56 | goto use_these_perms; | |
57 | } | |
468ed2b0 | 58 | |
028db3e2 LT |
59 | /* use the third 8-bits of permissions for keys the caller has a group |
60 | * membership in common with */ | |
61 | if (gid_valid(key->gid) && key->perm & KEY_GRP_ALL) { | |
62 | if (gid_eq(key->gid, cred->fsgid)) { | |
63 | kperm = key->perm >> 8; | |
64 | goto use_these_perms; | |
65 | } | |
468ed2b0 | 66 | |
028db3e2 LT |
67 | ret = groups_search(cred->group_info, key->gid); |
68 | if (ret) { | |
69 | kperm = key->perm >> 8; | |
70 | goto use_these_perms; | |
468ed2b0 DH |
71 | } |
72 | } | |
73 | ||
028db3e2 LT |
74 | /* otherwise use the least-significant 8-bits */ |
75 | kperm = key->perm; | |
76 | ||
77 | use_these_perms: | |
c69e8d9c | 78 | |
028db3e2 LT |
79 | /* use the top 8-bits of permissions for keys the caller possesses |
80 | * - possessor permissions are additive with other permissions | |
81 | */ | |
82 | if (is_key_possessed(key_ref)) | |
83 | kperm |= key->perm >> 24; | |
7ab501db | 84 | |
8c0637e9 | 85 | if ((kperm & mask) != mask) |
028db3e2 LT |
86 | return -EACCES; |
87 | ||
88 | /* let LSM be the final arbiter */ | |
8c0637e9 DH |
89 | lsm: |
90 | return security_key_permission(key_ref, cred, need_perm); | |
a8b17ed0 | 91 | } |
468ed2b0 | 92 | EXPORT_SYMBOL(key_task_permission); |
b5f545c8 | 93 | |
973c9f4f DH |
94 | /** |
95 | * key_validate - Validate a key. | |
96 | * @key: The key to be validated. | |
97 | * | |
fd75815f DH |
98 | * Check that a key is valid, returning 0 if the key is okay, -ENOKEY if the |
99 | * key is invalidated, -EKEYREVOKED if the key's type has been removed or if | |
100 | * the key has been revoked or -EKEYEXPIRED if the key has expired. | |
b5f545c8 | 101 | */ |
b404aef7 | 102 | int key_validate(const struct key *key) |
b5f545c8 | 103 | { |
1823d475 | 104 | unsigned long flags = READ_ONCE(key->flags); |
074d5898 | 105 | time64_t expiry = READ_ONCE(key->expiry); |
b404aef7 DH |
106 | |
107 | if (flags & (1 << KEY_FLAG_INVALIDATED)) | |
108 | return -ENOKEY; | |
109 | ||
110 | /* check it's still accessible */ | |
111 | if (flags & ((1 << KEY_FLAG_REVOKED) | | |
112 | (1 << KEY_FLAG_DEAD))) | |
113 | return -EKEYREVOKED; | |
114 | ||
115 | /* check it hasn't expired */ | |
1823d475 | 116 | if (expiry) { |
074d5898 | 117 | if (ktime_get_real_seconds() >= expiry) |
b404aef7 | 118 | return -EKEYEXPIRED; |
b5f545c8 DH |
119 | } |
120 | ||
b404aef7 | 121 | return 0; |
a8b17ed0 | 122 | } |
b5f545c8 | 123 | EXPORT_SYMBOL(key_validate); |