KEYS: Add a new keyctl op to reject a key with a specified error code (fdd1b945) · Commits · e / devices / android_kernel_fairphone_FP3

Documentation/keys-request-key.txt

+5 −4

Original line number	Diff line number	Diff line
		@@ -127,14 +127,15 @@ This is because process A's keyrings can't simply be attached to
		of them, and (b) it requires the same UID/GID/Groups all the way through.


		======================
		NEGATIVE INSTANTIATION
		======================
		====================================
		NEGATIVE INSTANTIATION AND REJECTION
		====================================

		Rather than instantiating a key, it is possible for the possessor of an
		authorisation key to negatively instantiate a key that's under construction.
		This is a short duration placeholder that causes any attempt at re-requesting
		the key whilst it exists to fail with error ENOKEY.
		the key whilst it exists to fail with error ENOKEY if negated or the specified
		error if rejected.

		This is provided to prevent excessive repeated spawning of /sbin/request-key
		processes for a key that will never be obtainable.

+8 −2

Original line number	Diff line number	Diff line
		@@ -657,6 +657,8 @@ The keyctl syscall functions are:

		long keyctl(KEYCTL_NEGATE, key_serial_t key,
		unsigned timeout, key_serial_t keyring);
		long keyctl(KEYCTL_REJECT, key_serial_t key,
		unsigned timeout, unsigned error, key_serial_t keyring);

		If the kernel calls back to userspace to complete the instantiation of a
		key, userspace should use this call mark the key as negative before the
		@@ -669,6 +671,10 @@ The keyctl syscall functions are:
		that keyring, however all the constraints applying in KEYCTL_LINK apply in
		this case too.

		If the key is rejected, future searches for it will return the specified
		error code until the rejected key expires. Negating the key is the same
		as rejecting the key with ENOKEY as the error code.


		(*) Set the default request-key destination keyring.

		@@ -1240,8 +1246,8 @@ example, the KDE desktop manager).
		The program (or whatever it calls) should finish construction of the key by
		calling KEYCTL_INSTANTIATE, which also permits it to cache the key in one of
		the keyrings (probably the session ring) before returning. Alternatively, the
		key can be marked as negative with KEYCTL_NEGATE; this also permits the key to
		be cached in one of the keyrings.
		key can be marked as negative with KEYCTL_NEGATE or KEYCTL_REJECT; this also
		permits the key to be cached in one of the keyrings.

		If it returns with the key remaining in the unconstructed state, the key will
		be marked as being negative, it will be added to the session keyring, and an

+10 −1

Original line number	Diff line number	Diff line
		@@ -105,11 +105,20 @@ extern int key_instantiate_and_link(struct key *key,
		size_t datalen,
		struct key *keyring,
		struct key *instkey);
		extern int key_negate_and_link(struct key *key,
		extern int key_reject_and_link(struct key *key,
		unsigned timeout,
		unsigned error,
		struct key *keyring,
		struct key *instkey);
		extern void complete_request_key(struct key_construction *cons, int error);

		static inline int key_negate_and_link(struct key *key,
		unsigned timeout,
		struct key *keyring,
		struct key *instkey)
		{
		return key_reject_and_link(key, timeout, ENOKEY, keyring, instkey);
		}

		#endif /* CONFIG_KEYS */
		#endif /* _LINUX_KEY_TYPE_H */

+1 −0

+1 −0

Original line number	Diff line number	Diff line
		@@ -53,5 +53,6 @@
		#define KEYCTL_ASSUME_AUTHORITY 16 /* assume request_key() authorisation */
		#define KEYCTL_GET_SECURITY 17 /* get key security label */
		#define KEYCTL_SESSION_TO_PARENT 18 /* apply session keyring to parent process */
		#define KEYCTL_REJECT 19 /* reject a partially constructed key */

		#endif /* _LINUX_KEYCTL_H */