> +int key_task_permission(const key_ref_t key_ref,
> + struct task_struct *context,
> + key_perm_t perm)
> +{
> + struct key *key;
> + key_perm_t kperm;
> + int ret;
> +
> + /* let the security module have first say
> + * - it should return:
> + * +ve to grant access
> + * 0 to deny access
> + * -ve to fall back to normal permission checking
> + */
> + ret = security_key_permission(key_ref, context, perm);
> + if (ret >= 0)
> + return ret;
Hmm, my only problem here is that this is nonstandard compared to
expected return values from other security_ authorization hooks.
Could this be switched to
-ve : deny access (and return the error)
0: grant access
+ve: fall back to normal permission checking
Actually that's still nonstandard. On the whole, LSM only
restricts, does not authorize, with capable() being the notable
exception. Is there good reason to allow LSMs to fully authorize
in this case?
thanks,
-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]