xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

KEYS: Skip key state checks when checking for possession

Browse Source 
Skip key state checks (invalidation, revocation and expiration) when checking
for possession.  Without this, keys that have been marked invalid, revoked
keys and expired keys are not given a possession attribute - which means the
possessor is not granted any possession permits and cannot do anything with
them unless they also have one a user, group or other permit.

This causes failures in the keyutils test suite's revocation and expiration
tests now that commit 96b5c8fea6 reduced the
initial permissions granted to a key.

The failures are due to accesses to revoked and expired keys being given
EACCES instead of EKEYREVOKED or EKEYEXPIRED.

Signed-off-by: David Howells <dhowells@redhat.com>
This commit is contained in:
David Howells
2013-09-24 10:35:13 +01:00
parent 5a5f2acfd0
commit 61ea0c0ba9
4 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
security/keys/request_key_auth.c
View File

@@ -247,7 +247,7 @@ struct key *key_get_instantiation_authkey(key_serial_t target_id)
&key_type_request_key_auth,
(void *) (unsigned long) target_id,
key_get_instantiation_authkey_match,
cred);
false, cred);
if (IS_ERR(authkey_ref)) {
authkey = ERR_CAST(authkey_ref);