diff options
author | Mat Martineau <mathew.j.martineau@linux.intel.com> | 2016-08-30 11:33:13 -0700 |
---|---|---|
committer | Mat Martineau <mathew.j.martineau@linux.intel.com> | 2017-04-03 10:24:56 -0700 |
commit | aaf66c883813f0078e3dafe7d20d1461321ac14f (patch) | |
tree | 5198162cc55309f8653a0a333c2cbdffc64debad /include/keys | |
parent | 469ff8f7d46d75b36de68a0411a2ce80109ad00b (diff) | |
download | lwn-aaf66c883813f0078e3dafe7d20d1461321ac14f.tar.gz lwn-aaf66c883813f0078e3dafe7d20d1461321ac14f.zip |
KEYS: Split role of the keyring pointer for keyring restrict functions
The first argument to the restrict_link_func_t functions was a keyring
pointer. These functions are called by the key subsystem with this
argument set to the destination keyring, but restrict_link_by_signature
expects a pointer to the relevant trusted keyring.
Restrict functions may need something other than a single struct key
pointer to allow or reject key linkage, so the data used to make that
decision (such as the trust keyring) is moved to a new, fourth
argument. The first argument is now always the destination keyring.
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Diffstat (limited to 'include/keys')
-rw-r--r-- | include/keys/system_keyring.h | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h index 0d8762622ab9..359c2f936004 100644 --- a/include/keys/system_keyring.h +++ b/include/keys/system_keyring.h @@ -18,7 +18,8 @@ extern int restrict_link_by_builtin_trusted(struct key *keyring, const struct key_type *type, - const union key_payload *payload); + const union key_payload *payload, + struct key *restriction_key); #else #define restrict_link_by_builtin_trusted restrict_link_reject @@ -28,7 +29,8 @@ extern int restrict_link_by_builtin_trusted(struct key *keyring, extern int restrict_link_by_builtin_and_secondary_trusted( struct key *keyring, const struct key_type *type, - const union key_payload *payload); + const union key_payload *payload, + struct key *restriction_key); #else #define restrict_link_by_builtin_and_secondary_trusted restrict_link_by_builtin_trusted #endif |