From: mathew.j.martineau@linux.intel.com (Mat Martineau)
To: linux-security-module@vger.kernel.org
Subject: [PATCH v13 03/10] KEYS: Add a key restriction struct
Date: Thu, 30 Mar 2017 16:50:20 -0700 [thread overview]
Message-ID: <20170330235027.6879-4-mathew.j.martineau@linux.intel.com> (raw)
In-Reply-To: <20170330235027.6879-1-mathew.j.martineau@linux.intel.com>
Key link restrictions require restriction-specific data as well as a
restriction-specific function pointer. As a first step toward replacing
the restrict_link pointer in struct key, define a more general
key_restriction structure that captures the required function, key, and
key type pointers. Key type modules should not be pinned on account of
this key type pointer because the pointer will be cleared by the garbage
collector if the key type is unregistered.
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
---
include/linux/key.h | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/include/linux/key.h b/include/linux/key.h
index 59cad0268fa7..9fd726642846 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -131,6 +131,12 @@ typedef int (*key_restrict_link_func_t)(struct key *dest_keyring,
const union key_payload *payload,
struct key *restriction_key);
+struct key_restriction {
+ key_restrict_link_func_t check;
+ struct key *key;
+ struct key_type *keytype;
+};
+
/*****************************************************************************/
/*
* authentication token / access credential / keyring
--
2.12.1
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-03-30 23:50 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-30 23:50 [PATCH v13 00/10] Make keyring link restrictions accessible from userspace Mat Martineau
2017-03-30 23:50 ` [PATCH v13 01/10] KEYS: Use a typedef for restrict_link function pointers Mat Martineau
2017-03-30 23:50 ` [PATCH v13 02/10] KEYS: Split role of the keyring pointer for keyring restrict functions Mat Martineau
2017-03-30 23:50 ` Mat Martineau [this message]
2017-03-30 23:50 ` [PATCH v13 04/10] KEYS: Use structure to capture key restriction function and data Mat Martineau
2017-03-30 23:50 ` [PATCH v13 05/10] KEYS: Add an optional lookup_restriction hook to key_type Mat Martineau
2017-03-30 23:50 ` [PATCH v13 06/10] KEYS: Consistent ordering for __key_link_begin and restrict check Mat Martineau
2017-03-30 23:50 ` [PATCH v13 07/10] KEYS: Add KEYCTL_RESTRICT_KEYRING Mat Martineau
2017-03-30 23:50 ` [PATCH v13 08/10] KEYS: Add a lookup_restriction function for the asymmetric key type Mat Martineau
2017-03-30 23:50 ` [PATCH v13 09/10] KEYS: Restrict asymmetric key linkage using a specific keychain Mat Martineau
2017-03-30 23:50 ` [PATCH v13 10/10] KEYS: Keyring asymmetric key restrict method with chaining Mat Martineau
2017-04-03 15:24 ` [PATCH v13 00/10] Make keyring link restrictions accessible from userspace David Howells
2017-04-03 15:59 ` David Howells
2017-04-03 20:25 ` Mat Martineau
2017-04-03 23:02 ` David Howells
2017-04-04 7:28 ` David Howells
2017-04-04 7:30 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170330235027.6879-4-mathew.j.martineau@linux.intel.com \
--to=mathew.j.martineau@linux.intel.com \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).