KEYS: Use structure to capture key restriction function and data
Replace struct key's restrict_link function pointer with a pointer to
the new struct key_restriction. The structure contains pointers to the
restriction function as well as relevant data for evaluating the
restriction.
The garbage collector checks restrict_link->keytype when key types are
unregistered. Restrictions involving a removed key type are converted
to use restrict_link_reject so that restrictions cannot be removed by
unregistering key types.
Signed-off-by: 
Mat Martineau <mathew.j.martineau@linux.intel.com>
Showing
- Documentation/security/keys.txt 12 additions, 9 deletionsDocumentation/security/keys.txt
- certs/system_keyring.c 20 additions, 1 deletioncerts/system_keyring.c
- include/linux/key.h 4 additions, 4 deletionsinclude/linux/key.h
- security/integrity/digsig.c 8 additions, 1 deletionsecurity/integrity/digsig.c
- security/integrity/ima/ima_mok.c 10 additions, 1 deletionsecurity/integrity/ima/ima_mok.c
- security/keys/gc.c 11 additions, 0 deletionssecurity/keys/gc.c
- security/keys/internal.h 2 additions, 0 deletionssecurity/keys/internal.h
- security/keys/key.c 14 additions, 9 deletionssecurity/keys/key.c
- security/keys/keyring.c 63 additions, 5 deletionssecurity/keys/keyring.c
Loading
Please register or sign in to comment