Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
KEYS: Add an alloc flag to convey the builtinness of a key
Add KEY_ALLOC_BUILT_IN to convey that a key should have KEY_FLAG_BUILTIN
set rather than setting it after the fact.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
+5
-2
+2
-2
certs/system_keyring.c
+2
-2
certs/system_keyring.c
···
84
84
((KEY_POS_ALL & ~KEY_POS_SETATTR) |
85
85
KEY_USR_VIEW | KEY_USR_READ),
86
86
KEY_ALLOC_NOT_IN_QUOTA |
87
-
KEY_ALLOC_TRUSTED);
87
+
KEY_ALLOC_TRUSTED |
88
+
KEY_ALLOC_BUILT_IN);
88
89
if (IS_ERR(key)) {
89
90
pr_err("Problem loading in-kernel X.509 certificate (%ld)\n",
90
91
PTR_ERR(key));
91
92
} else {
92
-
set_bit(KEY_FLAG_BUILTIN, &key_ref_to_ptr(key)->flags);
93
93
pr_notice("Loaded X.509 cert '%s'\n",
94
94
key_ref_to_ptr(key)->description);
95
95
key_ref_put(key);
+1
include/linux/key.h
+1
include/linux/key.h
···
219
219
#define KEY_ALLOC_QUOTA_OVERRUN 0x0001 /* add to quota, permit even if overrun */
220
220
#define KEY_ALLOC_NOT_IN_QUOTA 0x0002 /* not in quota */
221
221
#define KEY_ALLOC_TRUSTED 0x0004 /* Key should be flagged as trusted */
222
+
#define KEY_ALLOC_BUILT_IN 0x0008 /* Key is built into kernel */
222
223
223
224
extern void key_revoke(struct key *key);
224
225
extern void key_invalidate(struct key *key);
+2
security/keys/key.c
+2
security/keys/key.c