summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Documentation/security/keys.txt5
-rw-r--r--include/linux/key.h16
-rw-r--r--security/keys/key.c8
-rw-r--r--security/keys/keyring.c4
4 files changed, 11 insertions, 22 deletions
diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt
index 0e03baf271bd..4502237b12a7 100644
--- a/Documentation/security/keys.txt
+++ b/Documentation/security/keys.txt
@@ -1032,10 +1032,7 @@ payload contents" for more information.
struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
const struct cred *cred,
key_perm_t perm,
- int (*restrict_link)(struct key *,
- const struct key_type *,
- unsigned long,
- const union key_payload *),
+ key_restrict_link_func_t restrict_link,
unsigned long flags,
struct key *dest);
diff --git a/include/linux/key.h b/include/linux/key.h
index 9d9fac583dd3..3bb327043869 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -127,6 +127,10 @@ static inline bool is_key_possessed(const key_ref_t key_ref)
return (unsigned long) key_ref & 1UL;
}
+typedef int (*key_restrict_link_func_t)(struct key *keyring,
+ const struct key_type *type,
+ const union key_payload *payload);
+
/*****************************************************************************/
/*
* authentication token / access credential / keyring
@@ -215,9 +219,7 @@ struct key {
* overrides this, allowing the kernel to add extra keys without
* restriction.
*/
- int (*restrict_link)(struct key *keyring,
- const struct key_type *type,
- const union key_payload *payload);
+ key_restrict_link_func_t restrict_link;
};
extern struct key *key_alloc(struct key_type *type,
@@ -226,9 +228,7 @@ extern struct key *key_alloc(struct key_type *type,
const struct cred *cred,
key_perm_t perm,
unsigned long flags,
- int (*restrict_link)(struct key *,
- const struct key_type *,
- const union key_payload *));
+ key_restrict_link_func_t restrict_link);
#define KEY_ALLOC_IN_QUOTA 0x0000 /* add to quota, reject if would overrun */
@@ -304,9 +304,7 @@ extern struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid
const struct cred *cred,
key_perm_t perm,
unsigned long flags,
- int (*restrict_link)(struct key *,
- const struct key_type *,
- const union key_payload *),
+ key_restrict_link_func_t restrict_link,
struct key *dest);
extern int restrict_link_reject(struct key *keyring,
diff --git a/security/keys/key.c b/security/keys/key.c
index b4958b36fa27..08dfa13f6a85 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -225,9 +225,7 @@ serial_exists:
struct key *key_alloc(struct key_type *type, const char *desc,
kuid_t uid, kgid_t gid, const struct cred *cred,
key_perm_t perm, unsigned long flags,
- int (*restrict_link)(struct key *,
- const struct key_type *,
- const union key_payload *))
+ key_restrict_link_func_t restrict_link)
{
struct key_user *user = NULL;
struct key *key;
@@ -806,9 +804,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
struct key *keyring, *key = NULL;
key_ref_t key_ref;
int ret;
- int (*restrict_link)(struct key *,
- const struct key_type *,
- const union key_payload *) = NULL;
+ key_restrict_link_func_t restrict_link = NULL;
/* look up the key type to see if it's one of the registered kernel
* types */
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index 3d95f7d02ba1..1b29ac759bf7 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -492,9 +492,7 @@ static long keyring_read(const struct key *keyring,
struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid,
const struct cred *cred, key_perm_t perm,
unsigned long flags,
- int (*restrict_link)(struct key *,
- const struct key_type *,
- const union key_payload *),
+ key_restrict_link_func_t restrict_link,
struct key *dest)
{
struct key *keyring;