xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert "Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs"

Browse Source 
This reverts merge 0f75ef6a9c (and thus
effectively commits

   7a1ade8475 ("keys: Provide KEYCTL_GRANT_PERMISSION")
   2e12256b9a ("keys: Replace uid/gid/perm permissions checking with an ACL")

that the merge brought in).

It turns out that it breaks booting with an encrypted volume, and Eric
biggers reports that it also breaks the fscrypt tests [1] and loading of
in-kernel X.509 certificates [2].

The root cause of all the breakage is likely the same, but David Howells
is off email so rather than try to work it out it's getting reverted in
order to not impact the rest of the merge window.

 [1] https://lore.kernel.org/lkml/20190710011559.GA7973@sol.localdomain/
 [2] https://lore.kernel.org/lkml/20190710013225.GB7973@sol.localdomain/

Link: https://lore.kernel.org/lkml/CAHk-=wjxoeMJfeBahnWH=9zShKp2bsVy527vo3_y8HfOdhwAAw@mail.gmail.com/
Reported-by: Eric Biggers <ebiggers@kernel.org>
Cc: David Howells <dhowells@redhat.com>
Cc: James Morris <jmorris@namei.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
Linus Torvalds
2019-07-10 18:43:43 -07:00
parent e9a83bd232
commit 028db3e290
46 changed files with 325 additions and 992 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
security/selinux/hooks.c
View File

@@ -6502,7 +6502,6 @@ static int selinux_key_permission(key_ref_t key_ref,
{
struct key *key;
struct key_security_struct *ksec;
unsigned oldstyle_perm;
u32 sid;
/* if no specific permissions are requested, we skip the
@@ -6511,26 +6510,13 @@ static int selinux_key_permission(key_ref_t key_ref,
if (perm == 0)
return 0;
oldstyle_perm = perm & (KEY_NEED_VIEW | KEY_NEED_READ | KEY_NEED_WRITE |
KEY_NEED_SEARCH | KEY_NEED_LINK);
if (perm & KEY_NEED_SETSEC)
oldstyle_perm |= OLD_KEY_NEED_SETATTR;
if (perm & KEY_NEED_INVAL)
oldstyle_perm |= KEY_NEED_SEARCH;
if (perm & KEY_NEED_REVOKE && !(perm & OLD_KEY_NEED_SETATTR))
oldstyle_perm |= KEY_NEED_WRITE;
if (perm & KEY_NEED_JOIN)
oldstyle_perm |= KEY_NEED_SEARCH;
if (perm & KEY_NEED_CLEAR)
oldstyle_perm |= KEY_NEED_WRITE;
sid = cred_sid(cred);
key = key_ref_to_ptr(key_ref);
ksec = key->security;
return avc_has_perm(&selinux_state,
sid, ksec->sid, SECCLASS_KEY, oldstyle_perm, NULL);
sid, ksec->sid, SECCLASS_KEY, perm, NULL);
}
static int selinux_key_getsecurity(struct key *key, char **_buffer)