diff options
author | Mat Martineau <mathew.j.martineau@linux.intel.com> | 2016-08-30 11:33:13 -0700 |
---|---|---|
committer | Mat Martineau <mathew.j.martineau@linux.intel.com> | 2017-04-03 10:24:56 -0700 |
commit | aaf66c883813f0078e3dafe7d20d1461321ac14f (patch) | |
tree | 5198162cc55309f8653a0a333c2cbdffc64debad /security/keys/key.c | |
parent | 469ff8f7d46d75b36de68a0411a2ce80109ad00b (diff) |
KEYS: Split role of the keyring pointer for keyring restrict functions
The first argument to the restrict_link_func_t functions was a keyring
pointer. These functions are called by the key subsystem with this
argument set to the destination keyring, but restrict_link_by_signature
expects a pointer to the relevant trusted keyring.
Restrict functions may need something other than a single struct key
pointer to allow or reject key linkage, so the data used to make that
decision (such as the trust keyring) is moved to a new, fourth
argument. The first argument is now always the destination keyring.
Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Diffstat (limited to 'security/keys/key.c')
-rw-r--r-- | security/keys/key.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/security/keys/key.c b/security/keys/key.c index 08dfa13f6a85..27fc1bb40034 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -499,7 +499,7 @@ int key_instantiate_and_link(struct key *key, if (keyring) { if (keyring->restrict_link) { ret = keyring->restrict_link(keyring, key->type, - &prep.payload); + &prep.payload, NULL); if (ret < 0) goto error; } @@ -851,7 +851,8 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, index_key.desc_len = strlen(index_key.description); if (restrict_link) { - ret = restrict_link(keyring, index_key.type, &prep.payload); + ret = restrict_link(keyring, index_key.type, &prep.payload, + NULL); if (ret < 0) { key_ref = ERR_PTR(ret); goto error_free_prep; |