path: root/Documentation/security/keys.txt
diff options
authorMat Martineau <mathew.j.martineau@linux.intel.com>2016-05-06 15:38:17 -0700
committerMat Martineau <mathew.j.martineau@linux.intel.com>2017-04-04 14:10:11 -0700
commitefba797b977c99bc6e0c301299272c80fb8b287f (patch)
tree746410c0909fee9a126c418df1dd51b85a3a94ec /Documentation/security/keys.txt
parentKEYS: Use structure to capture key restriction function and data (diff)
KEYS: Add an optional lookup_restriction hook to key_type
The restrict_link functions used to validate keys as they are linked to a keyring can be associated with specific key types. Each key type may be loaded (or not) at runtime, so lookup of restrict_link functions needs to be part of the key type implementation to ensure that the requested keys can be examined. Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Diffstat (limited to 'Documentation/security/keys.txt')
1 files changed, 9 insertions, 0 deletions
diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt
index e35de987fc48..5fe04a7cc03d 100644
--- a/Documentation/security/keys.txt
+++ b/Documentation/security/keys.txt
@@ -1445,6 +1445,15 @@ The structure has a number of fields, some of which are mandatory:
The authorisation key.
+ (*) struct key_restriction *(*lookup_restriction)(const char *params);
+ This optional method is used to enable userspace configuration of keyring
+ restrictions. The restriction parameter string (not including the key type
+ name) is passed in, and this method returns a pointer to a key_restriction
+ structure containing the relevant functions and data to evaluate each
+ attempted key link operation. If there is no match, -EINVAL is returned.