KEYS: Use structure to capture key restriction function and data
authorMat Martineau <mathew.j.martineau@linux.intel.com>
Wed, 31 Aug 2016 23:05:43 +0000 (16:05 -0700)
committerMat Martineau <mathew.j.martineau@linux.intel.com>
Tue, 4 Apr 2017 21:10:10 +0000 (14:10 -0700)
commit2b6aa412ff23a02ac777ad307249c60a839cfd25
tree317dced64727a10b3ce09ca84ac8e153c7dabf77
parente9cc0f689a7c0c9be6fed6861b3a3f49ad0e7a52
KEYS: Use structure to capture key restriction function and data

Replace struct key's restrict_link function pointer with a pointer to
the new struct key_restriction. The structure contains pointers to the
restriction function as well as relevant data for evaluating the
restriction.

The garbage collector checks restrict_link->keytype when key types are
unregistered. Restrictions involving a removed key type are converted
to use restrict_link_reject so that restrictions cannot be removed by
unregistering key types.

Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Documentation/security/keys.txt
certs/system_keyring.c
include/linux/key.h
security/integrity/digsig.c
security/integrity/ima/ima_mok.c
security/keys/gc.c
security/keys/internal.h
security/keys/key.c
security/keys/keyring.c