From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S932974AbcAHSfT (ORCPT <rfc822;w@1wt.eu>);
	Fri, 8 Jan 2016 13:35:19 -0500
Received: from mx1.redhat.com ([209.132.183.28]:40819 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S932954AbcAHSfP (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Fri, 8 Jan 2016 13:35:15 -0500
Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley
 Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United
 Kingdom.
 Registered in England and Wales under Company Registration No. 3798903
Subject: [RFC PATCH 15/15] KEYS: Remove KEY_FLAG_TRUSTED
From: David Howells <dhowells@redhat.com>
To: zohar@linux.vnet.ibm.com
Cc: dhowells@redhat.com, linux-security-module@vger.kernel.org,
        keyrings@vger.kernel.org, petkan@mip-labs.com,
        linux-kernel@vger.kernel.org
Date: Fri, 08 Jan 2016 18:35:13 +0000
Message-ID: <20160108183513.25960.61864.stgit@warthog.procyon.org.uk>
In-Reply-To: <20160108183319.25960.49807.stgit@warthog.procyon.org.uk>
References: <20160108183319.25960.49807.stgit@warthog.procyon.org.uk>
User-Agent: StGit/0.17.1-dirty
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Remove KEY_FLAG_TRUSTED as it's no longer meaningful.

Given this, we no longer need to pass the key flags through to
restrict_link().

Further, we can now get rid of keyring_restrict_trusted_only() also.

Signed-off-by: David Howells <dhowells@redhat.com>
---

 certs/system_keyring.c        |    1 -
 include/keys/system_keyring.h |    1 -
 include/linux/key.h           |   15 +++------------
 security/integrity/digsig.c   |    4 +---
 security/keys/key.c           |   10 ++--------
 security/keys/keyring.c       |   28 +---------------------------
 6 files changed, 7 insertions(+), 52 deletions(-)

diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index 6e069246c168..5463a73bb47a 100644
--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c
@@ -31,7 +31,6 @@ extern __initconst const unsigned long system_certificate_list_size;
  */
 int restrict_link_by_system_trusted(struct key *keyring,
 				    const struct key_type *type,
-				    unsigned long flags,
 				    const union key_payload *payload)
 {
 	return public_key_restrict_link(system_trusted_keyring, type, payload);
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
index 8c63f88b47b1..95077292792b 100644
--- a/include/keys/system_keyring.h
+++ b/include/keys/system_keyring.h
@@ -18,7 +18,6 @@
 
 extern int restrict_link_by_system_trusted(struct key *keyring,
 					   const struct key_type *type,
-					   unsigned long flags,
 					   const union key_payload *payload);
 #endif
 
diff --git a/include/linux/key.h b/include/linux/key.h
index c331b8bed035..f05768f6934e 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -173,10 +173,9 @@ struct key {
 #define KEY_FLAG_NEGATIVE	5	/* set if key is negative */
 #define KEY_FLAG_ROOT_CAN_CLEAR	6	/* set if key can be cleared by root without permission */
 #define KEY_FLAG_INVALIDATED	7	/* set if key has been invalidated */
-#define KEY_FLAG_TRUSTED	8	/* set if key is trusted */
-#define KEY_FLAG_BUILTIN	9	/* set if key is built in to the kernel */
-#define KEY_FLAG_ROOT_CAN_INVAL	10	/* set if key can be invalidated by root without permission */
-#define KEY_FLAG_KEEP		11	/* set if key should not be removed */
+#define KEY_FLAG_BUILTIN	8	/* set if key is built in to the kernel */
+#define KEY_FLAG_ROOT_CAN_INVAL	9	/* set if key can be invalidated by root without permission */
+#define KEY_FLAG_KEEP		10	/* set if key should not be removed */
 
 	/* the key type and key description string
 	 * - the desc is used to match a key against search criteria
@@ -217,7 +216,6 @@ struct key {
 	 */
 	int (*restrict_link)(struct key *keyring,
 			     const struct key_type *type,
-			     unsigned long flags,
 			     const union key_payload *payload);
 };
 
@@ -229,7 +227,6 @@ extern struct key *key_alloc(struct key_type *type,
 			     unsigned long flags,
 			     int (*restrict_link)(struct key *,
 						  const struct key_type *,
-						  unsigned long,
 						  const union key_payload *));
 
 
@@ -309,15 +306,9 @@ extern struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid
 				 unsigned long flags,
 				 int (*restrict_link)(struct key *,
 						      const struct key_type *,
-						      unsigned long,
 						      const union key_payload *),
 				 struct key *dest);
 
-extern int keyring_restrict_trusted_only(struct key *keyring,
-					 const struct key_type *type,
-					 unsigned long,
-					 const union key_payload *payload);
-
 extern int keyring_clear(struct key *keyring);
 
 extern key_ref_t keyring_search(key_ref_t keyring,
diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
index c802556f8f1c..ba0f3c364168 100644
--- a/security/integrity/digsig.c
+++ b/security/integrity/digsig.c
@@ -50,12 +50,11 @@ static bool init_keyring __initdata;
  */
 static int restrict_link_by_ima_mok(struct key *keyring,
 				    const struct key_type *type,
-				    unsigned long flags,
 				    const union key_payload *payload)
 {
 	int ret;
 
-	ret = restrict_link_by_system_trusted(keyring, type, flags, payload);
+	ret = restrict_link_by_system_trusted(keyring, type, payload);
 	if (ret != -ENOKEY)
 		return ret;
 
@@ -96,7 +95,6 @@ int __init integrity_init_keyring(const unsigned int id)
 {
 	int (*restrict_link)(struct key *,
 			     const struct key_type *,
-			     unsigned long,
 			     const union key_payload *) = NULL;
 	const struct cred *cred = current_cred();
 	int err = 0;
diff --git a/security/keys/key.c b/security/keys/key.c
index deb881754e03..b757531e8638 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -227,7 +227,6 @@ struct key *key_alloc(struct key_type *type, const char *desc,
 		      key_perm_t perm, unsigned long flags,
 		      int (*restrict_link)(struct key *,
 					   const struct key_type *,
-					   unsigned long,
 					   const union key_payload *))
 {
 	struct key_user *user = NULL;
@@ -300,8 +299,6 @@ struct key *key_alloc(struct key_type *type, const char *desc,
 
 	if (!(flags & KEY_ALLOC_NOT_IN_QUOTA))
 		key->flags |= 1 << KEY_FLAG_IN_QUOTA;
-	if (flags & KEY_ALLOC_TRUSTED)
-		key->flags |= 1 << KEY_FLAG_TRUSTED;
 	if (flags & KEY_ALLOC_BUILT_IN)
 		key->flags |= 1 << KEY_FLAG_BUILTIN;
 
@@ -504,7 +501,7 @@ int key_instantiate_and_link(struct key *key,
 	if (keyring) {
 		if (keyring->restrict_link) {
 			ret = keyring->restrict_link(keyring, key->type,
-						     key->flags, &prep.payload);
+						     &prep.payload);
 			if (ret < 0)
 				goto error;
 		}
@@ -811,7 +808,6 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
 	int ret;
 	int (*restrict_link)(struct key *,
 			     const struct key_type *,
-			     unsigned long,
 			     const union key_payload *) = NULL;
 
 	/* look up the key type to see if it's one of the registered kernel
@@ -860,9 +856,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
 	index_key.desc_len = strlen(index_key.description);
 
 	if (restrict_link) {
-		unsigned long kflags = prep.trusted ? KEY_FLAG_TRUSTED : 0;
-		ret = restrict_link(keyring,
-				    index_key.type, kflags, &prep.payload);
+		ret = restrict_link(keyring, index_key.type, &prep.payload);
 		if (ret < 0) {
 			key_ref = ERR_PTR(ret);
 			goto error_free_prep;
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index ea023ca6d217..68f02cd4e921 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -494,7 +494,6 @@ struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid,
 			  unsigned long flags,
 			  int (*restrict_link)(struct key *,
 					       const struct key_type *,
-					       unsigned long,
 					       const union key_payload *),
 			  struct key *dest)
 {
@@ -515,30 +514,6 @@ struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid,
 }
 EXPORT_SYMBOL(keyring_alloc);
 
-/**
- * keyring_restrict_trusted_only - Restrict additions to a keyring to trusted keys only
- * @keyring: The keyring being added to.
- * @type: The type of key being added.
- * @flags: The key flags.
- * @payload: The payload of the key intended to be added.
- *
- * Reject the addition of any links to a keyring that point to keys that aren't
- * marked as being trusted.  It can be overridden by passing
- * KEY_ALLOC_BYPASS_RESTRICTION to key_instantiate_and_link() when adding a key
- * to a keyring.
- *
- * This is meant to be passed as the restrict_link parameter to
- * keyring_alloc().
- */
-int keyring_restrict_trusted_only(struct key *keyring,
-				  const struct key_type *type,
-				  unsigned long flags,
-				  const union key_payload *payload)
-{
-	
-	return flags & KEY_FLAG_TRUSTED ? 0 : -EPERM;
-}
-
 /*
  * By default, we keys found by getting an exact match on their descriptions.
  */
@@ -1227,8 +1202,7 @@ static int __key_link_check_restriction(struct key *keyring, struct key *key)
 {
 	if (!keyring->restrict_link)
 		return 0;
-	return keyring->restrict_link(keyring,
-				      key->type, key->flags, &key->payload);
+	return keyring->restrict_link(keyring, key->type, &key->payload);
 }
 
 /**