From patchwork Thu Mar 30 23:50:20 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mat Martineau X-Patchwork-Id: 9655299 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 045F86034C for ; Thu, 30 Mar 2017 23:50:37 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EB0CD2867F for ; Thu, 30 Mar 2017 23:50:36 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DDF8A28683; Thu, 30 Mar 2017 23:50:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8B29F2867F for ; Thu, 30 Mar 2017 23:50:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934691AbdC3Xuf (ORCPT ); Thu, 30 Mar 2017 19:50:35 -0400 Received: from mga11.intel.com ([192.55.52.93]:25154 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933350AbdC3Xud (ORCPT ); Thu, 30 Mar 2017 19:50:33 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=intel.com; i=@intel.com; q=dns/txt; s=intel; t=1490917832; x=1522453832; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=gWC8meFo6ka8jYMEqDR/Lo7jt5fde6V3Mb2zbuS9Uqs=; b=v+8K2culCOiX6ramHnj6NvZ6tMicV5YZ7IXRfzxSG4R7tvL2/Xx82aep 27Z45QLGD/KMuI4Z4xl3PFN1D7qJnQ==; Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Mar 2017 16:50:29 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.36,249,1486454400"; d="scan'208";a="82507816" Received: from mjmartin-nuc02.sea.intel.com ([10.252.134.39]) by fmsmga005.fm.intel.com with ESMTP; 30 Mar 2017 16:50:29 -0700 From: Mat Martineau To: keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, dhowells@redhat.com Cc: Mat Martineau , zohar@linux.vnet.ibm.com Subject: [PATCH v13 03/10] KEYS: Add a key restriction struct Date: Thu, 30 Mar 2017 16:50:20 -0700 Message-Id: <20170330235027.6879-4-mathew.j.martineau@linux.intel.com> X-Mailer: git-send-email 2.12.2 In-Reply-To: <20170330235027.6879-1-mathew.j.martineau@linux.intel.com> References: <20170330235027.6879-1-mathew.j.martineau@linux.intel.com> Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Key link restrictions require restriction-specific data as well as a restriction-specific function pointer. As a first step toward replacing the restrict_link pointer in struct key, define a more general key_restriction structure that captures the required function, key, and key type pointers. Key type modules should not be pinned on account of this key type pointer because the pointer will be cleared by the garbage collector if the key type is unregistered. Signed-off-by: Mat Martineau --- include/linux/key.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/include/linux/key.h b/include/linux/key.h index 59cad0268fa7..9fd726642846 100644 --- a/include/linux/key.h +++ b/include/linux/key.h @@ -131,6 +131,12 @@ typedef int (*key_restrict_link_func_t)(struct key *dest_keyring, const union key_payload *payload, struct key *restriction_key); +struct key_restriction { + key_restrict_link_func_t check; + struct key *key; + struct key_type *keytype; +}; + /*****************************************************************************/ /* * authentication token / access credential / keyring