Revert "keys: Allow to set key domain tag separately from the key type"

hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G CVE: NA -------------------------------- This reverts commit 14409624. Signed-off-by: N Zhang Tianxing <zhangtianxing3@huawei.com> Acked-by: N Xie XiuQi <xiexiuqi@huawei.com> Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>

Revert "keys: Allow to set key domain tag separately from the key type"
hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G CVE: NA -------------------------------- This reverts commit 14409624. Signed-off-by: N Zhang Tianxing <zhangtianxing3@huawei.com> Acked-by: N Xie XiuQi <xiexiuqi@huawei.com> Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>
f0220ffe · Zhang Tianxing · Zheng Zengkai · 799e1bde · f0220ffe · f0220ffe
隐藏空白更改
内联并排

Showing with 0 addition and 26 deletion

include/linux/key.h include/linux/key.h +0 -10

security/keys/key.c security/keys/key.c +0 -16

未找到文件。
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -272,12 +272,6 @@ struct key {
 	 * restriction.
 	 */
 	struct key_restriction *restrict_link;
-
-	/* This is set on a keyring to indicate that every key added to this
-	 * keyring should be tagged with a given key domain tag. It is ignored
-	 * for the non-keyring keys and can be overridden by the key-type flags.
-	 */
-	unsigned long key_alloc_domain;
 };

 extern struct key *key_alloc(struct key_type *type,
@@ -297,10 +291,6 @@ extern struct key *key_alloc(struct key_type *type,
 #define KEY_ALLOC_UID_KEYRING		0x0010	/* allocating a user or user session keyring */
 #define KEY_ALLOC_SET_KEEP		0x0020	/* Set the KEEP flag on the key/keyring */

-/* Only one domain can be set */
-#define KEY_ALLOC_DOMAIN_IMA		0x0100  /* add IMA domain tag, based on the "current" */
-#define KEY_ALLOC_DOMAIN_MASK		0xFF00
-
 extern void key_revoke(struct key *key);
 extern void key_invalidate(struct key *key);
 extern void key_put(struct key *key);

--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -278,19 +278,6 @@ struct key *key_alloc(struct key_type *type, const char *desc,
 	if (!key)
 		goto no_memory_2;

-	if (flags & KEY_ALLOC_DOMAIN_MASK) {
-		/* set alloc domain for all keys added to this keyring */
-		if (type == &key_type_keyring)
-			key->key_alloc_domain = (flags & KEY_ALLOC_DOMAIN_MASK);
-
-		/* set domain tag if it's not predefined for the key type */
-		if ((!type->flags) && (flags & KEY_ALLOC_DOMAIN_IMA))
-			/* Set it to something meaningful after adding a key
-			 * domain to the ima namespace.
-			 */
-			key->index_key.domain_tag = NULL;
-	}
-
 	key->index_key.desc_len = desclen;
 	key->index_key.description = kmemdup(desc, desclen + 1, GFP_KERNEL);
 	if (!key->index_key.description)
@@ -940,9 +927,6 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
 			perm |= KEY_POS_WRITE;
 	}

-	if (keyring->key_alloc_domain)
-		flags |= keyring->key_alloc_domain;
-
 	/* allocate a new key */
 	key = key_alloc(index_key.type, index_key.description,
 			cred->fsuid, cred->fsgid, cred, perm, flags, NULL);