keys: Add domain tag to the keyring search criteria

hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I49KW1 CVE: NA -------------------------------- Add keyring_search_tag() version of keyring_search(), that allows to specify the key domain tag. Signed-off-by: N Krzysztof Struczynski <krzysztof.struczynski@huawei.com> Reviewed-by: N Zhang Tianxing <zhangtianxing3@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>

keys: Add domain tag to the keyring search criteria
hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I49KW1 CVE: NA -------------------------------- Add keyring_search_tag() version of keyring_search(), that allows to specify the key domain tag. Signed-off-by: N Krzysztof Struczynski <krzysztof.struczynski@huawei.com> Reviewed-by: N Zhang Tianxing <zhangtianxing3@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>
d3ef5f85 · Krzysztof Struczynski · Zheng Zengkai · dc3fb393 · d3ef5f85 · d3ef5f85
隐藏空白更改
内联并排

Showing with 22 addition and 10 deletion

include/linux/key.h include/linux/key.h +13 -4

security/keys/keyring.c security/keys/keyring.c +9 -6

未找到文件。
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -417,10 +417,11 @@ extern int restrict_link_reject(struct key *keyring,

 extern int keyring_clear(struct key *keyring);

-extern key_ref_t keyring_search(key_ref_t keyring,
-				struct key_type *type,
-				const char *description,
-				bool recurse);
+extern key_ref_t keyring_search_tag(key_ref_t keyring,
+				    struct key_type *type,
+				    const char *description,
+				    struct key_tag *domain_tag,
+				    bool recurse);

 extern int keyring_add_key(struct key *keyring,
 			   struct key *key);
@@ -430,6 +431,14 @@ extern int keyring_restrict(key_ref_t keyring, const char *type,

 extern struct key *key_lookup(key_serial_t id);

+static inline key_ref_t keyring_search(key_ref_t keyring,
+				       struct key_type *type,
+				       const char *description,
+				       bool recurse)
+{
+	return keyring_search_tag(keyring, type, description, NULL, recurse);
+}
+
 static inline key_serial_t key_serial(const struct key *key)
 {
 	return key ? key->serial : 0;

--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -925,22 +925,25 @@ key_ref_t keyring_search_rcu(key_ref_t keyring_ref,
 }

 /**
- * keyring_search - Search the supplied keyring tree for a matching key
+ * keyring_search_tag - Search the supplied keyring tree for a matching key
 * @keyring: The root of the keyring tree to be searched.
 * @type: The type of keyring we want to find.
 * @description: The name of the keyring we want to find.
+ * @domain_tag: The domain_tag of the key we want to find.
 * @recurse: True to search the children of @keyring also
 *
 * As keyring_search_rcu() above, but using the current task's credentials and
 * type's default matching function and preferred search method.
 */
-key_ref_t keyring_search(key_ref_t keyring,
-			 struct key_type *type,
-			 const char *description,
-			 bool recurse)
+key_ref_t keyring_search_tag(key_ref_t keyring,
+			     struct key_type *type,
+			     const char *description,
+			     struct key_tag *domain_tag,
+			     bool recurse)
 {
 	struct keyring_search_context ctx = {
 		.index_key.type		= type,
+		.index_key.domain_tag   = domain_tag,
 		.index_key.description	= description,
 		.index_key.desc_len	= strlen(description),
 		.cred			= current_cred(),
@@ -968,7 +971,7 @@ key_ref_t keyring_search(key_ref_t keyring,
 		type->match_free(&ctx.match_data);
 	return key;
 }
-EXPORT_SYMBOL(keyring_search);
+EXPORT_SYMBOL(keyring_search_tag);

 static struct key_restriction *keyring_restriction_alloc(
 	key_restrict_link_func_t check)