git/linux-cryptodev-2.6
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git synced 2026-04-18 03:23:53 -04:00
Code Issues Packages Projects Releases Wiki Activity

KEYS: Use structure to capture key restriction function and data

Browse Source 
Replace struct key's restrict_link function pointer with a pointer to
the new struct key_restriction. The structure contains pointers to the
restriction function as well as relevant data for evaluating the
restriction.

The garbage collector checks restrict_link->keytype when key types are
unregistered. Restrictions involving a removed key type are converted
to use restrict_link_reject so that restrictions cannot be removed by
unregistering key types.

Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
This commit is contained in:
Mat Martineau
2016-08-31 16:05:43 -07:00
parent e9cc0f689a
commit 2b6aa412ff
9 changed files with 144 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
Documentation/security/keys.txt
View File

@@ -1032,7 +1032,7 @@ payload contents" for more information.
struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
const struct cred *cred,
key_perm_t perm,
key_restrict_link_func_t restrict_link,
struct key_restriction *restrict_link,
unsigned long flags,
struct key *dest);
@@ -1044,14 +1044,17 @@ payload contents" for more information.
KEY_ALLOC_NOT_IN_QUOTA in flags if the keyring shouldn't be accounted
towards the user's quota). Error ENOMEM can also be returned.
If restrict_link not NULL, it should point to a function that will be
called each time an attempt is made to link a key into the new keyring.
This function is called to check whether a key may be added into the keying
or not. Callers of key_create_or_update() within the kernel can pass
KEY_ALLOC_BYPASS_RESTRICTION to suppress the check. An example of using
this is to manage rings of cryptographic keys that are set up when the
kernel boots where userspace is also permitted to add keys - provided they
can be verified by a key the kernel already has.
If restrict_link is not NULL, it should point to a structure that contains
the function that will be called each time an attempt is made to link a
key into the new keyring. The structure may also contain a key pointer
and an associated key type. The function is called to check whether a key
may be added into the keyring or not. The key type is used by the garbage
collector to clean up function or data pointers in this structure if the
given key type is unregistered. Callers of key_create_or_update() within
the kernel can pass KEY_ALLOC_BYPASS_RESTRICTION to suppress the check.
An example of using this is to manage rings of cryptographic keys that are
set up when the kernel boots where userspace is also permitted to add keys
- provided they can be verified by a key the kernel already has.
When called, the restriction function will be passed the keyring being
added to, the key type, the payload of the key being added, and data to be