diff options
author | David Howells <dhowells@redhat.com> | 2011-03-11 17:57:23 +0000 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2011-03-17 11:59:32 +1100 |
commit | 78b7280cce23293f7570ad52c1ffe1485c6d9669 (patch) | |
tree | f3051c5fe69cb41e88f9470dead8534dda3e94e0 /include/linux/key.h | |
parent | c151694b2c48d956ac8c8c59c6927f89cc29ef70 (diff) | |
download | linux-78b7280cce23293f7570ad52c1ffe1485c6d9669.tar.gz linux-78b7280cce23293f7570ad52c1ffe1485c6d9669.tar.bz2 linux-78b7280cce23293f7570ad52c1ffe1485c6d9669.zip |
KEYS: Improve /proc/keys
Improve /proc/keys by:
(1) Don't attempt to summarise the payload of a negated key. It won't have
one. To this end, a helper function - key_is_instantiated() has been
added that allows the caller to find out whether the key is positively
instantiated (as opposed to being uninstantiated or negatively
instantiated).
(2) Do show keys that are negative, expired or revoked rather than hiding
them. This requires an override flag (no_state_check) to be passed to
search_my_process_keyrings() and keyring_search_aux() to suppress this
check.
Without this, keys that are possessed by the caller, but only grant
permissions to the caller if possessed are skipped as the possession check
fails.
Keys that are visible due to user, group or other checks are visible with
or without this patch.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'include/linux/key.h')
-rw-r--r-- | include/linux/key.h | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/include/linux/key.h b/include/linux/key.h index b2bb01719561..ef19b99aff98 100644 --- a/include/linux/key.h +++ b/include/linux/key.h @@ -276,6 +276,19 @@ static inline key_serial_t key_serial(struct key *key) return key ? key->serial : 0; } +/** + * key_is_instantiated - Determine if a key has been positively instantiated + * @key: The key to check. + * + * Return true if the specified key has been positively instantiated, false + * otherwise. + */ +static inline bool key_is_instantiated(const struct key *key) +{ + return test_bit(KEY_FLAG_INSTANTIATED, &key->flags) && + !test_bit(KEY_FLAG_NEGATIVE, &key->flags); +} + #define rcu_dereference_key(KEY) \ (rcu_dereference_protected((KEY)->payload.rcudata, \ rwsem_is_locked(&((struct key *)(KEY))->sem))) |