diff options
Diffstat (limited to 'security/keys/keyring.c')
| -rw-r--r-- | security/keys/keyring.c | 29 |
1 files changed, 1 insertions, 28 deletions
diff --git a/security/keys/keyring.c b/security/keys/keyring.c index d2d1f3378008..c91e4e0cea08 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c | |||
| @@ -494,7 +494,6 @@ struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid, | |||
| 494 | unsigned long flags, | 494 | unsigned long flags, |
| 495 | int (*restrict_link)(struct key *, | 495 | int (*restrict_link)(struct key *, |
| 496 | const struct key_type *, | 496 | const struct key_type *, |
| 497 | unsigned long, | ||
| 498 | const union key_payload *), | 497 | const union key_payload *), |
| 499 | struct key *dest) | 498 | struct key *dest) |
| 500 | { | 499 | { |
| @@ -516,33 +515,9 @@ struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid, | |||
| 516 | EXPORT_SYMBOL(keyring_alloc); | 515 | EXPORT_SYMBOL(keyring_alloc); |
| 517 | 516 | ||
| 518 | /** | 517 | /** |
| 519 | * keyring_restrict_trusted_only - Restrict additions to a keyring to trusted keys only | ||
| 520 | * @keyring: The keyring being added to. | ||
| 521 | * @type: The type of key being added. | ||
| 522 | * @flags: The key flags. | ||
| 523 | * @payload: The payload of the key intended to be added. | ||
| 524 | * | ||
| 525 | * Reject the addition of any links to a keyring that point to keys that aren't | ||
| 526 | * marked as being trusted. It can be overridden by passing | ||
| 527 | * KEY_ALLOC_BYPASS_RESTRICTION to key_instantiate_and_link() when adding a key | ||
| 528 | * to a keyring. | ||
| 529 | * | ||
| 530 | * This is meant to be passed as the restrict_link parameter to | ||
| 531 | * keyring_alloc(). | ||
| 532 | */ | ||
| 533 | int keyring_restrict_trusted_only(struct key *keyring, | ||
| 534 | const struct key_type *type, | ||
| 535 | unsigned long flags, | ||
| 536 | const union key_payload *payload) | ||
| 537 | { | ||
| 538 | return flags & KEY_FLAG_TRUSTED ? 0 : -EPERM; | ||
| 539 | } | ||
| 540 | |||
| 541 | /** | ||
| 542 | * restrict_link_reject - Give -EPERM to restrict link | 518 | * restrict_link_reject - Give -EPERM to restrict link |
| 543 | * @keyring: The keyring being added to. | 519 | * @keyring: The keyring being added to. |
| 544 | * @type: The type of key being added. | 520 | * @type: The type of key being added. |
| 545 | * @flags: The key flags. | ||
| 546 | * @payload: The payload of the key intended to be added. | 521 | * @payload: The payload of the key intended to be added. |
| 547 | * | 522 | * |
| 548 | * Reject the addition of any links to a keyring. It can be overridden by | 523 | * Reject the addition of any links to a keyring. It can be overridden by |
| @@ -554,7 +529,6 @@ int keyring_restrict_trusted_only(struct key *keyring, | |||
| 554 | */ | 529 | */ |
| 555 | int restrict_link_reject(struct key *keyring, | 530 | int restrict_link_reject(struct key *keyring, |
| 556 | const struct key_type *type, | 531 | const struct key_type *type, |
| 557 | unsigned long flags, | ||
| 558 | const union key_payload *payload) | 532 | const union key_payload *payload) |
| 559 | { | 533 | { |
| 560 | return -EPERM; | 534 | return -EPERM; |
| @@ -1248,8 +1222,7 @@ static int __key_link_check_restriction(struct key *keyring, struct key *key) | |||
| 1248 | { | 1222 | { |
| 1249 | if (!keyring->restrict_link) | 1223 | if (!keyring->restrict_link) |
| 1250 | return 0; | 1224 | return 0; |
| 1251 | return keyring->restrict_link(keyring, | 1225 | return keyring->restrict_link(keyring, key->type, &key->payload); |
| 1252 | key->type, key->flags, &key->payload); | ||
| 1253 | } | 1226 | } |
| 1254 | 1227 | ||
| 1255 | /** | 1228 | /** |