git/linux-cryptodev-2.6
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git synced 2026-05-02 18:17:50 -04:00
Code Issues Packages Projects Releases Wiki Activity

KEYS: Split role of the keyring pointer for keyring restrict functions

Browse Source 
The first argument to the restrict_link_func_t functions was a keyring
pointer. These functions are called by the key subsystem with this
argument set to the destination keyring, but restrict_link_by_signature
expects a pointer to the relevant trusted keyring.

Restrict functions may need something other than a single struct key
pointer to allow or reject key linkage, so the data used to make that
decision (such as the trust keyring) is moved to a new, fourth
argument. The first argument is now always the destination keyring.

Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
This commit is contained in:
Mat Martineau
2016-08-30 11:33:13 -07:00
parent 469ff8f7d4
commit aaf66c8838
8 changed files with 39 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
security/keys/key.c
View File

@@ -499,7 +499,7 @@ int key_instantiate_and_link(struct key *key,
if (keyring) {
if (keyring->restrict_link) {
ret = keyring->restrict_link(keyring, key->type,
&prep.payload);
&prep.payload, NULL);
if (ret < 0)
goto error;
}
@@ -851,7 +851,8 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
index_key.desc_len = strlen(index_key.description);
if (restrict_link) {
ret = restrict_link(keyring, index_key.type, &prep.payload);
ret = restrict_link(keyring, index_key.type, &prep.payload,
NULL);
if (ret < 0) {
key_ref = ERR_PTR(ret);
goto error_free_prep;

6
security/keys/keyring.c
View File

@@ -517,6 +517,7 @@ EXPORT_SYMBOL(keyring_alloc);
* @keyring: The keyring being added to.
* @type: The type of key being added.
* @payload: The payload of the key intended to be added.
* @data: Additional data for evaluating restriction.
*
* Reject the addition of any links to a keyring. It can be overridden by
* passing KEY_ALLOC_BYPASS_RESTRICTION to key_instantiate_and_link() when
@@ -527,7 +528,8 @@ EXPORT_SYMBOL(keyring_alloc);
*/
int restrict_link_reject(struct key *keyring,
const struct key_type *type,
const union key_payload *payload)
const union key_payload *payload,
struct key *restriction_key)
{
return -EPERM;
}
@@ -1220,7 +1222,7 @@ static int __key_link_check_restriction(struct key *keyring, struct key *key)
{
if (!keyring->restrict_link)
return 0;
return keyring->restrict_link(keyring, key->type, &key->payload);
return keyring->restrict_link(keyring, key->type, &key->payload, NULL);
}
/**