The restrict_link functions used to validate keys as they are linked
to a keyring can be associated with specific key types. Each key type
may be loaded (or not) at runtime, so lookup of restrict_link
functions needs to be part of the key type implementation to ensure
that the requested keys can be examined.
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
The authorisation key.
+ (*) struct key_restriction *(*lookup_restriction)(const char *params);
+
+ This optional method is used to enable userspace configuration of keyring
+ restrictions. The restriction parameter string (not including the key type
+ name) is passed in, and this method returns a pointer to a key_restriction
+ structure containing the relevant functions and data to evaluate each
+ attempted key link operation. If there is no match, -EINVAL is returned.
+
+
============================
REQUEST-KEY CALLBACK SERVICE
============================
*/
request_key_actor_t request_key;
+ /* Look up a keyring access restriction (optional)
+ *
+ * - NULL is a valid return value (meaning the requested restriction
+ * is known but will never block addition of a key)
+ * - should return -EINVAL if the restriction is unknown
+ */
+ struct key_restriction *(*lookup_restriction)(const char *params);
+
/* internal fields */
struct list_head link; /* link in types list */
struct lock_class_key lock_class; /* key->sem lock class */
projects / users / dwmw2 / linux.git / commitdiff