diff options
author | David Howells <dhowells@redhat.com> | 2005-10-07 16:41:24 +0100 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2005-10-08 14:54:48 -0700 |
commit | 7ab501db8cb6659efdf04034e0de6b44c059a51b (patch) | |
tree | cdcf34873ab91219e17b265610a83bea213ec3c4 /security/keys | |
parent | 468ed2b0c85ec4310b429e60358213b6d077289e (diff) | |
download | kernel_samsung_smdk4412-7ab501db8cb6659efdf04034e0de6b44c059a51b.tar.gz kernel_samsung_smdk4412-7ab501db8cb6659efdf04034e0de6b44c059a51b.tar.bz2 kernel_samsung_smdk4412-7ab501db8cb6659efdf04034e0de6b44c059a51b.zip |
[PATCH] Keys: Possessor permissions should be additive
This patch makes the possessor permissions on a key additive with
user/group/other permissions on the same key.
This permits extra rights to be granted to the possessor of a key without
taking away any rights conferred by them owning the key or having common group
membership.
Signed-Off-By: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'security/keys')
-rw-r--r-- | security/keys/permission.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/security/keys/permission.c b/security/keys/permission.c index 1c3651670ce..03db073ba45 100644 --- a/security/keys/permission.c +++ b/security/keys/permission.c @@ -27,12 +27,6 @@ int key_task_permission(const key_ref_t key_ref, key = key_ref_to_ptr(key_ref); - /* use the top 8-bits of permissions for keys the caller possesses */ - if (is_key_possessed(key_ref)) { - kperm = key->perm >> 24; - goto use_these_perms; - } - /* use the second 8-bits of permissions for keys the caller owns */ if (key->uid == context->fsuid) { kperm = key->perm >> 16; @@ -61,6 +55,12 @@ int key_task_permission(const key_ref_t key_ref, kperm = key->perm; use_these_perms: + /* use the top 8-bits of permissions for keys the caller possesses + * - possessor permissions are additive with other permissions + */ + if (is_key_possessed(key_ref)) + kperm |= key->perm >> 24; + kperm = kperm & perm & KEY_ALL; return kperm == perm; |