nc/platform/linux-types/linux/key.rs
1// Copyright (c) 2020 Xu Shaohua <shaohua@biofan.org>. All rights reserved.
2// Use of this source is governed by Apache-2.0 License that can be found
3// in the LICENSE file.
4
5//! From `linux/key.h`
6
7#![allow(clippy::module_name_repetitions)]
8
9/// key handle serial number
10pub type key_serial_t = i32;
11
12/// key handle permissions mask
13pub type key_perm_t = u32;
14
15/// possessor can view a key's attributes
16pub const KEY_POS_VIEW: i32 = 0x0100_0000;
17/// possessor can read key payload / view keyring
18pub const KEY_POS_READ: i32 = 0x0200_0000;
19/// possessor can update key payload / add link to keyring
20pub const KEY_POS_WRITE: i32 = 0x0400_0000;
21/// possessor can find a key in search / search a keyring
22pub const KEY_POS_SEARCH: i32 = 0x0800_0000;
23/// possessor can create a link to a key/keyring
24pub const KEY_POS_LINK: i32 = 0x1000_0000;
25/// possessor can set key attributes
26pub const KEY_POS_SETATTR: i32 = 0x2000_0000;
27pub const KEY_POS_ALL: i32 = 0x3f00_0000;
28
29/// user permissions...
30pub const KEY_USR_VIEW: i32 = 0x0001_0000;
31pub const KEY_USR_READ: i32 = 0x0002_0000;
32pub const KEY_USR_WRITE: i32 = 0x0004_0000;
33pub const KEY_USR_SEARCH: i32 = 0x0008_0000;
34pub const KEY_USR_LINK: i32 = 0x0010_0000;
35pub const KEY_USR_SETATTR: i32 = 0x0020_0000;
36pub const KEY_USR_ALL: i32 = 0x003f_0000;
37
38/// group permissions...
39pub const KEY_GRP_VIEW: i32 = 0x0000_0100;
40pub const KEY_GRP_READ: i32 = 0x0000_0200;
41pub const KEY_GRP_WRITE: i32 = 0x0000_0400;
42pub const KEY_GRP_SEARCH: i32 = 0x0000_0800;
43pub const KEY_GRP_LINK: i32 = 0x0000_1000;
44pub const KEY_GRP_SETATTR: i32 = 0x0000_2000;
45pub const KEY_GRP_ALL: i32 = 0x0000_3f00;
46
47/// third party permissions...
48pub const KEY_OTH_VIEW: i32 = 0x0000_0001;
49pub const KEY_OTH_READ: i32 = 0x0000_0002;
50pub const KEY_OTH_WRITE: i32 = 0x0000_0004;
51pub const KEY_OTH_SEARCH: i32 = 0x0000_0008;
52pub const KEY_OTH_LINK: i32 = 0x0000_0010;
53pub const KEY_OTH_SETATTR: i32 = 0x0000_0020;
54pub const KEY_OTH_ALL: i32 = 0x0000_003f;
55
56#[allow(overflowing_literals)]
57pub const KEY_PERM_UNDEF: i32 = 0xffff_ffff;
58
59//struct keyring_index_key {
60// struct key_type *type;
61// const char *description;
62// size_t desc_len;
63//};
64//
65//union key_payload {
66// void __rcu *rcu_data0;
67// void *data[4];
68//};
69
70/*
71 * key reference with possession attribute handling
72 *
73 * NOTE! key_ref_t is a typedef'd pointer to a type that is not actually
74 * defined. This is because we abuse the bottom bit of the reference to carry a
75 * flag to indicate whether the calling process possesses that key in one of
76 * its keyrings.
77 *
78 * the key_ref_t has been made a separate type so that the compiler can reject
79 * attempts to dereference it without proper conversion.
80 *
81 * the three functions are used to assemble and disassemble references
82 */
83//typedef struct __key_reference_with_attributes *key_ref_t;
84
85//struct key_restriction {
86// key_restrict_link_func_t check;
87// struct key *key;
88// struct key_type *keytype;
89//};
90
91pub const KEY_IS_UNINSTANTIATED: i32 = 0;
92/// Positively instantiated
93pub const KEY_IS_POSITIVE: i32 = 1;
94
95/// authentication token / access credential / keyring
96/// - types of key include:
97/// - keyrings
98/// - disk encryption IDs
99/// - Kerberos TGTs and tickets
100pub const KEY_DEBUG_MAGIC: u32 = 0x1827_3645;
101/// set if key type has been deleted
102pub const KEY_FLAG_DEAD: i32 = 0;
103/// set if key had been revoked
104pub const KEY_FLAG_REVOKED: i32 = 1;
105/// set if key consumes quota
106pub const KEY_FLAG_IN_QUOTA: i32 = 2;
107/// set if key is being constructed in userspace
108pub const KEY_FLAG_USER_CONSTRUCT: i32 = 3;
109/// set if key can be cleared by root without permission
110pub const KEY_FLAG_ROOT_CAN_CLEAR: i32 = 4;
111/// set if key has been invalidated
112pub const KEY_FLAG_INVALIDATED: i32 = 5;
113/// set if key is built in to the kernel
114pub const KEY_FLAG_BUILTIN: i32 = 6;
115/// set if key can be invalidated by root without permission
116pub const KEY_FLAG_ROOT_CAN_INVAL: i32 = 7;
117/// set if key should not be removed
118pub const KEY_FLAG_KEEP: i32 = 8;
119/// set if key is a user or user session keyring
120pub const KEY_FLAG_UID_KEYRING: i32 = 9;
121
122/// add to quota, reject if would overrun
123pub const KEY_ALLOC_IN_QUOTA: i32 = 0x0000;
124/// add to quota, permit even if overrun
125pub const KEY_ALLOC_QUOTA_OVERRUN: i32 = 0x0001;
126/// not in quota
127pub const KEY_ALLOC_NOT_IN_QUOTA: i32 = 0x0002;
128/// Key is built into kernel
129pub const KEY_ALLOC_BUILT_IN: i32 = 0x0004;
130/// Override the check on restricted keyrings
131pub const KEY_ALLOC_BYPASS_RESTRICTION: i32 = 0x0008;
132/// allocating a user or user session keyring
133pub const KEY_ALLOC_UID_KEYRING: i32 = 0x0010;
134
135/// The permissions required on a key that we're looking up.
136/// Require permission to view attributes
137pub const KEY_NEED_VIEW: i32 = 0x01;
138/// Require permission to read content
139pub const KEY_NEED_READ: i32 = 0x02;
140/// Require permission to update / modify
141pub const KEY_NEED_WRITE: i32 = 0x04;
142/// Require permission to search (keyring) or find (key)
143pub const KEY_NEED_SEARCH: i32 = 0x08;
144/// Require permission to link
145pub const KEY_NEED_LINK: i32 = 0x10;
146/// Require permission to change attributes
147pub const KEY_NEED_SETATTR: i32 = 0x20;
148/// All the above permissions
149pub const KEY_NEED_ALL: i32 = 0x3f;