summaryrefslogtreecommitdiffstats
path: root/include/linux/key-ui.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/linux/key-ui.h')
-rw-r--r--include/linux/key-ui.h97
1 files changed, 97 insertions, 0 deletions
diff --git a/include/linux/key-ui.h b/include/linux/key-ui.h
new file mode 100644
index 000000000000..60cc7b762e78
--- /dev/null
+++ b/include/linux/key-ui.h
@@ -0,0 +1,97 @@
+/* key-ui.h: key userspace interface stuff for use by keyfs
+ *
+ * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ */
+
+#ifndef _LINUX_KEY_UI_H
+#define _LINUX_KEY_UI_H
+
+#include <linux/key.h>
+
+/* the key tree */
+extern struct rb_root key_serial_tree;
+extern spinlock_t key_serial_lock;
+
+/* required permissions */
+#define KEY_VIEW 0x01 /* require permission to view attributes */
+#define KEY_READ 0x02 /* require permission to read content */
+#define KEY_WRITE 0x04 /* require permission to update / modify */
+#define KEY_SEARCH 0x08 /* require permission to search (keyring) or find (key) */
+#define KEY_LINK 0x10 /* require permission to link */
+#define KEY_ALL 0x1f /* all the above permissions */
+
+/*
+ * the keyring payload contains a list of the keys to which the keyring is
+ * subscribed
+ */
+struct keyring_list {
+ unsigned maxkeys; /* max keys this list can hold */
+ unsigned nkeys; /* number of keys currently held */
+ struct key *keys[0];
+};
+
+
+/*
+ * check to see whether permission is granted to use a key in the desired way
+ */
+static inline int key_permission(const struct key *key, key_perm_t perm)
+{
+ key_perm_t kperm;
+
+ if (key->uid == current->fsuid)
+ kperm = key->perm >> 16;
+ else if (key->gid != -1 &&
+ key->perm & KEY_GRP_ALL &&
+ in_group_p(key->gid)
+ )
+ kperm = key->perm >> 8;
+ else
+ kperm = key->perm;
+
+ kperm = kperm & perm & KEY_ALL;
+
+ return kperm == perm;
+}
+
+/*
+ * check to see whether permission is granted to use a key in at least one of
+ * the desired ways
+ */
+static inline int key_any_permission(const struct key *key, key_perm_t perm)
+{
+ key_perm_t kperm;
+
+ if (key->uid == current->fsuid)
+ kperm = key->perm >> 16;
+ else if (key->gid != -1 &&
+ key->perm & KEY_GRP_ALL &&
+ in_group_p(key->gid)
+ )
+ kperm = key->perm >> 8;
+ else
+ kperm = key->perm;
+
+ kperm = kperm & perm & KEY_ALL;
+
+ return kperm != 0;
+}
+
+
+extern struct key *lookup_user_key(key_serial_t id, int create, int part,
+ key_perm_t perm);
+
+extern long join_session_keyring(const char *name);
+
+extern struct key_type *key_type_lookup(const char *type);
+extern void key_type_put(struct key_type *ktype);
+
+#define key_negative_timeout 60 /* default timeout on a negative key's existence */
+
+
+#endif /* _LINUX_KEY_UI_H */