android_kernel_xiaomi_sm8350/net
David Howells 5ac7eace2d KEYS: Add a facility to restrict new links into a keyring
Add a facility whereby proposed new links to be added to a keyring can be
vetted, permitting them to be rejected if necessary.  This can be used to
block public keys from which the signature cannot be verified or for which
the signature verification fails.  It could also be used to provide
blacklisting.

This affects operations like add_key(), KEYCTL_LINK and KEYCTL_INSTANTIATE.

To this end:

 (1) A function pointer is added to the key struct that, if set, points to
     the vetting function.  This is called as:

	int (*restrict_link)(struct key *keyring,
			     const struct key_type *key_type,
			     unsigned long key_flags,
			     const union key_payload *key_payload),

     where 'keyring' will be the keyring being added to, key_type and
     key_payload will describe the key being added and key_flags[*] can be
     AND'ed with KEY_FLAG_TRUSTED.

     [*] This parameter will be removed in a later patch when
     	 KEY_FLAG_TRUSTED is removed.

     The function should return 0 to allow the link to take place or an
     error (typically -ENOKEY, -ENOPKG or -EKEYREJECTED) to reject the
     link.

     The pointer should not be set directly, but rather should be set
     through keyring_alloc().

     Note that if called during add_key(), preparse is called before this
     method, but a key isn't actually allocated until after this function
     is called.

 (2) KEY_ALLOC_BYPASS_RESTRICTION is added.  This can be passed to
     key_create_or_update() or key_instantiate_and_link() to bypass the
     restriction check.

 (3) KEY_FLAG_TRUSTED_ONLY is removed.  The entire contents of a keyring
     with this restriction emplaced can be considered 'trustworthy' by
     virtue of being in the keyring when that keyring is consulted.

 (4) key_alloc() and keyring_alloc() take an extra argument that will be
     used to set restrict_link in the new key.  This ensures that the
     pointer is set before the key is published, thus preventing a window
     of unrestrictedness.  Normally this argument will be NULL.

 (5) As a temporary affair, keyring_restrict_trusted_only() is added.  It
     should be passed to keyring_alloc() as the extra argument instead of
     setting KEY_FLAG_TRUSTED_ONLY on a keyring.  This will be replaced in
     a later patch with functions that look in the appropriate places for
     authoritative keys.

Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
2016-04-11 22:37:37 +01:00
..
6lowpan 6lowpan: iphc: fix SAM/DAM bit comment 2016-03-10 19:51:29 +01:00
9p net/9p: convert to new CQ API 2016-03-10 20:54:09 -05:00
802
8021q vlan: propagate gso_max_segs 2016-03-17 21:05:01 -04:00
appletalk
atm
ax25 ax25: add link layer header validation function 2016-03-09 22:13:01 -05:00
batman-adv
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2016-03-19 10:05:34 -07:00
bridge bridge: Allow set bridge ageing time when switchdev disabled 2016-03-30 15:38:13 -04:00
caif net: caif: fix misleading indentation 2016-03-14 13:09:50 -04:00
can
ceph Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2016-03-26 15:53:16 -07:00
core tun, bpf: fix suspicious RCU usage in tun_{attach, detach}_filter 2016-04-01 14:33:46 -04:00
dcb
dccp tcp/dccp: remove obsolete WARN_ON() in icmp handlers 2016-03-17 21:06:40 -04:00
decnet
dns_resolver KEYS: Add a facility to restrict new links into a keyring 2016-04-11 22:37:37 +01:00
dsa net: dsa: refine netdev event notifier 2016-03-14 16:05:32 -04:00
ethernet
hsr
ieee802154
ipv4 gro: Allow tunnel stacking in the case of FOU/GUE 2016-03-30 16:02:33 -04:00
ipv6 ipv6: udp: fix UDP_MIB_IGNOREDMULTI updates 2016-03-30 19:01:33 -04:00
ipx
irda
iucv
kcm kcm: Add receive message timeout 2016-03-09 16:36:15 -05:00
key
l2tp
l3mdev
lapb
llc
mac80211 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-03-08 12:34:12 -05:00
mac802154 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2016-03-19 10:05:34 -07:00
mpls
netfilter netfilter: nfnetlink_queue: honor NFQA_CFG_F_FAIL_OPEN when netlink unicast fails 2016-03-28 17:59:20 +02:00
netlabel netlabel: do not initialise statics to NULL 2016-03-07 11:08:26 -05:00
netlink netlink: add support for NIC driver ioctls 2016-03-22 15:45:44 -04:00
netrom
nfc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2016-03-19 10:05:34 -07:00
openvswitch Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 2016-03-28 15:38:59 -04:00
packet packet: validate variable length ll headers 2016-03-09 22:13:01 -05:00
phonet
rds Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2016-03-19 10:05:34 -07:00
rfkill
rose
rxrpc KEYS: Add a facility to restrict new links into a keyring 2016-04-11 22:37:37 +01:00
sched cls_bpf: reset class and reuse major in da 2016-03-18 19:35:21 -04:00
sctp sctp: really allow using GFP_KERNEL on sctp_packet_transmit 2016-03-30 15:41:22 -04:00
sunrpc Various bugfixes, a RDMA update from Chuck Lever, and support for a new 2016-03-24 10:41:00 -07:00
switchdev switchdev: fix typo in comments/doc 2016-03-24 14:51:24 -04:00
tipc tipc: make sure IPv6 header fits in skb headroom 2016-03-14 12:23:12 -04:00
unix
vmw_vsock AF_VSOCK: Shrink the area influenced by prepare_to_wait 2016-03-22 16:18:41 -04:00
wimax
wireless Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2016-03-19 10:05:34 -07:00
x25
xfrm xfrm: Fix crash observed during device unregistration and decryption 2016-03-24 14:29:36 -04:00
compat.c
Kconfig Make DST_CACHE a silent config option 2016-03-21 22:56:38 -04:00
Makefile kcm: Kernel Connection Multiplexor module 2016-03-09 16:36:14 -05:00
socket.c net: Fix use after free in the recvmmsg exit path 2016-03-14 12:41:49 -04:00
sysctl_net.c