diff options
author | Mat Martineau <mathew.j.martineau@linux.intel.com> | 2016-05-06 15:38:17 -0700 |
---|---|---|
committer | Mat Martineau <mathew.j.martineau@linux.intel.com> | 2017-04-04 14:10:11 -0700 |
commit | efba797b977c99bc6e0c301299272c80fb8b287f (patch) | |
tree | 746410c0909fee9a126c418df1dd51b85a3a94ec /include/linux/key-type.h | |
parent | 2b6aa412ff23a02ac777ad307249c60a839cfd25 (diff) |
KEYS: Add an optional lookup_restriction hook to key_type
The restrict_link functions used to validate keys as they are linked
to a keyring can be associated with specific key types. Each key type
may be loaded (or not) at runtime, so lookup of restrict_link
functions needs to be part of the key type implementation to ensure
that the requested keys can be examined.
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Diffstat (limited to 'include/linux/key-type.h')
-rw-r--r-- | include/linux/key-type.h | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/include/linux/key-type.h b/include/linux/key-type.h index eaee981c5558..8496cf64575c 100644 --- a/include/linux/key-type.h +++ b/include/linux/key-type.h @@ -147,6 +147,14 @@ struct key_type { */ request_key_actor_t request_key; + /* Look up a keyring access restriction (optional) + * + * - NULL is a valid return value (meaning the requested restriction + * is known but will never block addition of a key) + * - should return -EINVAL if the restriction is unknown + */ + struct key_restriction *(*lookup_restriction)(const char *params); + /* internal fields */ struct list_head link; /* link in types list */ struct lock_class_key lock_class; /* key->sem lock class */ |