Message ID | 20170303002559.8280-5-mathew.j.martineau@linux.intel.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Mat Martineau <mathew.j.martineau@linux.intel.com> wrote: > +struct key_restriction { > + key_restrict_link_func_t check; > + void (*free_data)(void *data); > + void *data; > + struct key_type *keytype; > +}; What happens if the key_type gets removed? You may need to pin the module that implements the key_type. David -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
David Howells <dhowells@redhat.com> wrote: > What happens if the key_type gets removed? > > You may need to pin the module that implements the key_type. This appears to be addressed in the next patch. It might be worth a note in the patch description to this effect. David -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/include/linux/key.h b/include/linux/key.h index c4016bc314f7..771eda3385e0 100644 --- a/include/linux/key.h +++ b/include/linux/key.h @@ -131,6 +131,13 @@ typedef int (*key_restrict_link_func_t)(struct key *dest_keyring, const union key_payload *payload, void *data); +struct key_restriction { + key_restrict_link_func_t check; + void (*free_data)(void *data); + void *data; + struct key_type *keytype; +}; + /*****************************************************************************/ /* * authentication token / access credential / keyring
Key link restrictions require restriction-specific data as well as a restriction-specific function pointer. As a first step toward replacing the restrict_link pointer in struct key, define a more general key_restriction structure that captures the function and data, as well as a data freeing function and key type information for use in garbage collection. Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com> --- include/linux/key.h | 7 +++++++ 1 file changed, 7 insertions(+)