From: Zhang Tianxing zhangtianxing3@huawei.com
hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G CVE: NA
--------------------------------
This reverts commit 14409624e2d8b4a38a0d597d295b0337c6363118.
Signed-off-by: Zhang Tianxing zhangtianxing3@huawei.com Acked-by: Xie XiuQi xiexiuqi@huawei.com Acked-by: Xiu Jianfengxiujianfeng@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- include/linux/key.h | 10 ---------- security/keys/key.c | 16 ---------------- 2 files changed, 26 deletions(-)
diff --git a/include/linux/key.h b/include/linux/key.h index 61250dfd9ccc..53684db44615 100644 --- a/include/linux/key.h +++ b/include/linux/key.h @@ -272,12 +272,6 @@ struct key { * restriction. */ struct key_restriction *restrict_link; - - /* This is set on a keyring to indicate that every key added to this - * keyring should be tagged with a given key domain tag. It is ignored - * for the non-keyring keys and can be overridden by the key-type flags. - */ - unsigned long key_alloc_domain; };
extern struct key *key_alloc(struct key_type *type, @@ -297,10 +291,6 @@ extern struct key *key_alloc(struct key_type *type, #define KEY_ALLOC_UID_KEYRING 0x0010 /* allocating a user or user session keyring */ #define KEY_ALLOC_SET_KEEP 0x0020 /* Set the KEEP flag on the key/keyring */
-/* Only one domain can be set */ -#define KEY_ALLOC_DOMAIN_IMA 0x0100 /* add IMA domain tag, based on the "current" */ -#define KEY_ALLOC_DOMAIN_MASK 0xFF00 - extern void key_revoke(struct key *key); extern void key_invalidate(struct key *key); extern void key_put(struct key *key); diff --git a/security/keys/key.c b/security/keys/key.c index d052b9a0b1fd..151ff39b6803 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -278,19 +278,6 @@ struct key *key_alloc(struct key_type *type, const char *desc, if (!key) goto no_memory_2;
- if (flags & KEY_ALLOC_DOMAIN_MASK) { - /* set alloc domain for all keys added to this keyring */ - if (type == &key_type_keyring) - key->key_alloc_domain = (flags & KEY_ALLOC_DOMAIN_MASK); - - /* set domain tag if it's not predefined for the key type */ - if ((!type->flags) && (flags & KEY_ALLOC_DOMAIN_IMA)) - /* Set it to something meaningful after adding a key - * domain to the ima namespace. - */ - key->index_key.domain_tag = NULL; - } - key->index_key.desc_len = desclen; key->index_key.description = kmemdup(desc, desclen + 1, GFP_KERNEL); if (!key->index_key.description) @@ -940,9 +927,6 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, perm |= KEY_POS_WRITE; }
- if (keyring->key_alloc_domain) - flags |= keyring->key_alloc_domain; - /* allocate a new key */ key = key_alloc(index_key.type, index_key.description, cred->fsuid, cred->fsgid, cred, perm, flags, NULL);