diff options
author | Mat Martineau <mathew.j.martineau@linux.intel.com> | 2016-05-07 00:38:17 +0200 |
---|---|---|
committer | Mat Martineau <mathew.j.martineau@linux.intel.com> | 2017-04-04 23:10:11 +0200 |
commit | efba797b977c99bc6e0c301299272c80fb8b287f (patch) | |
tree | 746410c0909fee9a126c418df1dd51b85a3a94ec /include | |
parent | KEYS: Use structure to capture key restriction function and data (diff) | |
download | linux-efba797b977c99bc6e0c301299272c80fb8b287f.tar.xz linux-efba797b977c99bc6e0c301299272c80fb8b287f.zip |
KEYS: Add an optional lookup_restriction hook to key_type
The restrict_link functions used to validate keys as they are linked
to a keyring can be associated with specific key types. Each key type
may be loaded (or not) at runtime, so lookup of restrict_link
functions needs to be part of the key type implementation to ensure
that the requested keys can be examined.
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/key-type.h | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/include/linux/key-type.h b/include/linux/key-type.h index eaee981c5558..8496cf64575c 100644 --- a/include/linux/key-type.h +++ b/include/linux/key-type.h @@ -147,6 +147,14 @@ struct key_type { */ request_key_actor_t request_key; + /* Look up a keyring access restriction (optional) + * + * - NULL is a valid return value (meaning the requested restriction + * is known but will never block addition of a key) + * - should return -EINVAL if the restriction is unknown + */ + struct key_restriction *(*lookup_restriction)(const char *params); + /* internal fields */ struct list_head link; /* link in types list */ struct lock_class_key lock_class; /* key->sem lock class */ |