1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150

// Copyright (c) 2020 Xu Shaohua <shaohua@biofan.org>. All rights reserved.
// Use of this source is governed by Apache-2.0 License that can be found
// in the LICENSE file.

//! From `linux/key.h`

#![allow(clippy::module_name_repetitions)]

/// key handle serial number
pub type key_serial_t = i32;

/// key handle permissions mask
pub type key_perm_t = u32;

/// possessor can view a key's attributes
pub const KEY_POS_VIEW: i32 = 0x0100_0000;
/// possessor can read key payload / view keyring
pub const KEY_POS_READ: i32 = 0x0200_0000;
/// possessor can update key payload / add link to keyring
pub const KEY_POS_WRITE: i32 = 0x0400_0000;
/// possessor can find a key in search / search a keyring
pub const KEY_POS_SEARCH: i32 = 0x0800_0000;
/// possessor can create a link to a key/keyring
pub const KEY_POS_LINK: i32 = 0x1000_0000;
/// possessor can set key attributes
pub const KEY_POS_SETATTR: i32 = 0x2000_0000;
pub const KEY_POS_ALL: i32 = 0x3f00_0000;

/// user permissions...
pub const KEY_USR_VIEW: i32 = 0x0001_0000;
pub const KEY_USR_READ: i32 = 0x0002_0000;
pub const KEY_USR_WRITE: i32 = 0x0004_0000;
pub const KEY_USR_SEARCH: i32 = 0x0008_0000;
pub const KEY_USR_LINK: i32 = 0x0010_0000;
pub const KEY_USR_SETATTR: i32 = 0x0020_0000;
pub const KEY_USR_ALL: i32 = 0x003f_0000;

/// group permissions...
pub const KEY_GRP_VIEW: i32 = 0x0000_0100;
pub const KEY_GRP_READ: i32 = 0x0000_0200;
pub const KEY_GRP_WRITE: i32 = 0x0000_0400;
pub const KEY_GRP_SEARCH: i32 = 0x0000_0800;
pub const KEY_GRP_LINK: i32 = 0x0000_1000;
pub const KEY_GRP_SETATTR: i32 = 0x0000_2000;
pub const KEY_GRP_ALL: i32 = 0x0000_3f00;

/// third party permissions...
pub const KEY_OTH_VIEW: i32 = 0x0000_0001;
pub const KEY_OTH_READ: i32 = 0x0000_0002;
pub const KEY_OTH_WRITE: i32 = 0x0000_0004;
pub const KEY_OTH_SEARCH: i32 = 0x0000_0008;
pub const KEY_OTH_LINK: i32 = 0x0000_0010;
pub const KEY_OTH_SETATTR: i32 = 0x0000_0020;
pub const KEY_OTH_ALL: i32 = 0x0000_003f;

#[allow(overflowing_literals)]
pub const KEY_PERM_UNDEF: i32 = 0xffff_ffff;

//struct keyring_index_key {
//	struct key_type		*type;
//	const char		*description;
//	size_t			desc_len;
//};
//
//union key_payload {
//	void __rcu		*rcu_data0;
//	void			*data[4];
//};

/*
 * key reference with possession attribute handling
 *
 * NOTE! key_ref_t is a typedef'd pointer to a type that is not actually
 * defined. This is because we abuse the bottom bit of the reference to carry a
 * flag to indicate whether the calling process possesses that key in one of
 * its keyrings.
 *
 * the key_ref_t has been made a separate type so that the compiler can reject
 * attempts to dereference it without proper conversion.
 *
 * the three functions are used to assemble and disassemble references
 */
//typedef struct __key_reference_with_attributes *key_ref_t;

//struct key_restriction {
//	key_restrict_link_func_t check;
//	struct key *key;
//	struct key_type *keytype;
//};

pub const KEY_IS_UNINSTANTIATED: i32 = 0;
/// Positively instantiated
pub const KEY_IS_POSITIVE: i32 = 1;

/// authentication token / access credential / keyring
/// - types of key include:
/// - keyrings
/// - disk encryption IDs
/// - Kerberos TGTs and tickets

pub const KEY_DEBUG_MAGIC: u32 = 0x1827_3645;
/// set if key type has been deleted
pub const KEY_FLAG_DEAD: i32 = 0;
/// set if key had been revoked
pub const KEY_FLAG_REVOKED: i32 = 1;
/// set if key consumes quota
pub const KEY_FLAG_IN_QUOTA: i32 = 2;
/// set if key is being constructed in userspace
pub const KEY_FLAG_USER_CONSTRUCT: i32 = 3;
/// set if key can be cleared by root without permission
pub const KEY_FLAG_ROOT_CAN_CLEAR: i32 = 4;
/// set if key has been invalidated
pub const KEY_FLAG_INVALIDATED: i32 = 5;
/// set if key is built in to the kernel
pub const KEY_FLAG_BUILTIN: i32 = 6;
/// set if key can be invalidated by root without permission
pub const KEY_FLAG_ROOT_CAN_INVAL: i32 = 7;
/// set if key should not be removed
pub const KEY_FLAG_KEEP: i32 = 8;
/// set if key is a user or user session keyring
pub const KEY_FLAG_UID_KEYRING: i32 = 9;

/// add to quota, reject if would overrun
pub const KEY_ALLOC_IN_QUOTA: i32 = 0x0000;
/// add to quota, permit even if overrun
pub const KEY_ALLOC_QUOTA_OVERRUN: i32 = 0x0001;
/// not in quota
pub const KEY_ALLOC_NOT_IN_QUOTA: i32 = 0x0002;
/// Key is built into kernel
pub const KEY_ALLOC_BUILT_IN: i32 = 0x0004;
/// Override the check on restricted keyrings
pub const KEY_ALLOC_BYPASS_RESTRICTION: i32 = 0x0008;
/// allocating a user or user session keyring
pub const KEY_ALLOC_UID_KEYRING: i32 = 0x0010;

/// The permissions required on a key that we're looking up.
/// Require permission to view attributes
pub const KEY_NEED_VIEW: i32 = 0x01;
/// Require permission to read content
pub const KEY_NEED_READ: i32 = 0x02;
/// Require permission to update / modify
pub const KEY_NEED_WRITE: i32 = 0x04;
/// Require permission to search (keyring) or find (key)
pub const KEY_NEED_SEARCH: i32 = 0x08;
/// Require permission to link
pub const KEY_NEED_LINK: i32 = 0x10;
/// Require permission to change attributes
pub const KEY_NEED_SETATTR: i32 = 0x20;
/// All the above permissions
pub const KEY_NEED_ALL: i32 = 0x3f;