KEYS: Add a 'trusted' flag and a 'trusted only' flag

[karo-tx-linux.git] / security / keys / keyring.c

diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index f7cdea22214fb2774b69a28cab82d50703fc1c0b..9b6f6e09b50ccdb82b55d88b493c41fd9920c66a 100644 (file)
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -1183,6 +1183,10 @@ int key_link(struct key *keyring, struct key *key)
        key_check(keyring);
        key_check(key);
 
+       if (test_bit(KEY_FLAG_TRUSTED_ONLY, &keyring->flags) &&
+           !test_bit(KEY_FLAG_TRUSTED, &key->flags))
+               return -EPERM;
+
        ret = __key_link_begin(keyring, &key->index_key, &edit);
        if (ret == 0) {
                kdebug("begun {%d,%d}", keyring->serial, atomic_read(&keyring->usage));