KEYS: Add a 'trusted' flag and a 'trusted only' flag Add KEY_FLAG_TRUSTED to indicate that a key either comes from a trusted source or had a cryptographic signature chain that led back to a trusted key the kernel already possessed. Add KEY_FLAGS_TRUSTED_ONLY to indicate that a keyring will only accept links to keys marked with KEY_FLAGS_TRUSTED. Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: Kees Cook <keescook@chromium.org>

commit: 008643b86c5f33c115c84ccdda1725cac3ad50ad [log] [tgz]
author: David Howells <dhowells@redhat.com> Fri Aug 30 16:07:37 2013 +0100
committer: David Howells <dhowells@redhat.com> Wed Sep 25 17:17:01 2013 +0100
tree: 951ea0d3d7b84ce3570da17f03f45a53f3e4b35d
parent: b56e5a17b6b9acd16997960504b9940d0d7984e7 [diff] [blame]
diff --git a/kernel/system_keyring.c b/kernel/system_keyring.c
index 51c3514..5296721 100644
--- a/kernel/system_keyring.c
+++ b/kernel/system_keyring.c

@@ -40,6 +40,7 @@
 	if (IS_ERR(system_trusted_keyring))
 		panic("Can't allocate system trusted keyring\n");
 
+	set_bit(KEY_FLAG_TRUSTED_ONLY, &system_trusted_keyring->flags);
 	return 0;
 }
 
@@ -82,7 +83,8 @@
 					   plen,
 					   (KEY_POS_ALL & ~KEY_POS_SETATTR) |
 					   KEY_USR_VIEW,
-					   KEY_ALLOC_NOT_IN_QUOTA);
+					   KEY_ALLOC_NOT_IN_QUOTA |
+					   KEY_ALLOC_TRUSTED);
 		if (IS_ERR(key)) {
 			pr_err("Problem loading in-kernel X.509 certificate (%ld)\n",
 			       PTR_ERR(key));
commit	008643b86c5f33c115c84ccdda1725cac3ad50ad	[log] [tgz]
author	David Howells <dhowells@redhat.com>	Fri Aug 30 16:07:37 2013 +0100
committer	David Howells <dhowells@redhat.com>	Wed Sep 25 17:17:01 2013 +0100
tree	951ea0d3d7b84ce3570da17f03f45a53f3e4b35d
parent	b56e5a17b6b9acd16997960504b9940d0d7984e7 [diff] [blame]