summaryrefslogtreecommitdiff
path: root/include/linux/key.h
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2013-08-30 19:07:37 +0400
committerDavid Howells <dhowells@redhat.com>2013-09-25 20:17:01 +0400
commit008643b86c5f33c115c84ccdda1725cac3ad50ad (patch)
tree951ea0d3d7b84ce3570da17f03f45a53f3e4b35d /include/linux/key.h
parentb56e5a17b6b9acd16997960504b9940d0d7984e7 (diff)
downloadlinux-008643b86c5f33c115c84ccdda1725cac3ad50ad.tar.xz
KEYS: Add a 'trusted' flag and a 'trusted only' flag
Add KEY_FLAG_TRUSTED to indicate that a key either comes from a trusted source or had a cryptographic signature chain that led back to a trusted key the kernel already possessed. Add KEY_FLAGS_TRUSTED_ONLY to indicate that a keyring will only accept links to keys marked with KEY_FLAGS_TRUSTED. Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'include/linux/key.h')
-rw-r--r--include/linux/key.h3
1 files changed, 3 insertions, 0 deletions
diff --git a/include/linux/key.h b/include/linux/key.h
index 010dbb618aca..80d677483e31 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -168,6 +168,8 @@ struct key {
#define KEY_FLAG_NEGATIVE 5 /* set if key is negative */
#define KEY_FLAG_ROOT_CAN_CLEAR 6 /* set if key can be cleared by root without permission */
#define KEY_FLAG_INVALIDATED 7 /* set if key has been invalidated */
+#define KEY_FLAG_TRUSTED 8 /* set if key is trusted */
+#define KEY_FLAG_TRUSTED_ONLY 9 /* set if keyring only accepts links to trusted keys */
/* the key type and key description string
* - the desc is used to match a key against search criteria
@@ -218,6 +220,7 @@ extern struct key *key_alloc(struct key_type *type,
#define KEY_ALLOC_IN_QUOTA 0x0000 /* add to quota, reject if would overrun */
#define KEY_ALLOC_QUOTA_OVERRUN 0x0001 /* add to quota, permit even if overrun */
#define KEY_ALLOC_NOT_IN_QUOTA 0x0002 /* not in quota */
+#define KEY_ALLOC_TRUSTED 0x0004 /* Key should be flagged as trusted */
extern void key_revoke(struct key *key);
extern void key_invalidate(struct key *key);