linux-hardened/security/keys
Mat Martineau 6563c91fd6 KEYS: Add KEYCTL_RESTRICT_KEYRING
Keyrings recently gained restrict_link capabilities that allow
individual keys to be validated prior to linking.  This functionality
was only available using internal kernel APIs.

With the KEYCTL_RESTRICT_KEYRING command existing keyrings can be
configured to check the content of keys before they are linked, and
then allow or disallow linkage of that key to the keyring.

To restrict a keyring, call:

  keyctl(KEYCTL_RESTRICT_KEYRING, key_serial_t keyring, const char *type,
         const char *restriction)

where 'type' is the name of a registered key type and 'restriction' is a
string describing how key linkage is to be restricted. The restriction
option syntax is specific to each key type.

Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
2017-04-04 14:10:12 -07:00
..
encrypted-keys KEYS: Differentiate uses of rcu_dereference_key() and user_key_payload() 2017-03-02 10:09:00 +11:00
big_key.c KEYS: Sort out big_key initialisation 2016-10-27 16:03:27 +11:00
compat.c KEYS: Add KEYCTL_RESTRICT_KEYRING 2017-04-04 14:10:12 -07:00
dh.c KEYS: Differentiate uses of rcu_dereference_key() and user_key_payload() 2017-03-02 10:09:00 +11:00
gc.c KEYS: Use structure to capture key restriction function and data 2017-04-04 14:10:10 -07:00
internal.h KEYS: Add KEYCTL_RESTRICT_KEYRING 2017-04-04 14:10:12 -07:00
Kconfig security/keys: make BIG_KEYS dependent on stdrng. 2016-10-27 16:03:33 +11:00
key.c KEYS: Consistent ordering for __key_link_begin and restrict check 2017-04-04 14:10:11 -07:00
keyctl.c KEYS: Add KEYCTL_RESTRICT_KEYRING 2017-04-04 14:10:12 -07:00
keyring.c KEYS: Add KEYCTL_RESTRICT_KEYRING 2017-04-04 14:10:12 -07:00
Makefile KEYS: Add KEYCTL_DH_COMPUTE command 2016-04-12 19:54:58 +01:00
permission.c KEYS: Move the flags representing required permission to linux/key.h 2014-03-14 17:44:49 +00:00
persistent.c sched/headers: Prepare to remove <linux/cred.h> inclusion from <linux/sched.h> 2017-03-02 08:42:31 +01:00
proc.c security, keys: convert key_user.usage from atomic_t to refcount_t 2017-04-03 10:49:06 +10:00
process_keys.c security, keys: convert key_user.usage from atomic_t to refcount_t 2017-04-03 10:49:06 +10:00
request_key.c Make static usermode helper binaries constant 2017-01-19 12:59:45 +01:00
request_key_auth.c security, keys: convert key.usage from atomic_t to refcount_t 2017-04-03 10:49:05 +10:00
sysctl.c security: Convert use of typedef ctl_table to struct ctl_table 2014-04-15 13:39:58 +10:00
trusted.c KEYS: Differentiate uses of rcu_dereference_key() and user_key_payload() 2017-03-02 10:09:00 +11:00
trusted.h keys, trusted: move struct trusted_key_options to trusted-type.h 2015-10-19 01:01:21 +02:00
user_defined.c KEYS: Differentiate uses of rcu_dereference_key() and user_key_payload() 2017-03-02 10:09:00 +11:00