~hc/RK356X_SDK_RELEASE.git

..	..	@@ -1,13 +1,8 @@
	1	+/* SPDX-License-Identifier: GPL-2.0-or-later */
1	2	/* Authentication token and access key management
2	3	*
3	4	* Copyright (C) 2004, 2007 Red Hat, Inc. All Rights Reserved.
4	5	* Written by David Howells (dhowells@redhat.com)
5		- *
6		- * This program is free software; you can redistribute it and/or
7		- * modify it under the terms of the GNU General Public License
8		- * as published by the Free Software Foundation; either version
9		- * 2 of the License, or (at your option) any later version.
10		- *
11	6	*
12	7	* See Documentation/security/keys/core.rst for information on keys/keyrings.
13	8	*/
..	..	@@ -36,6 +31,7 @@
36	31	typedef uint32_t key_perm_t;
37	32
38	33	struct key;
	34	+struct net;
39	35
40	36	#ifdef CONFIG_KEYS
41	37
..	..	@@ -75,6 +71,23 @@
75	71
76	72	#define KEY_PERM_UNDEF 0xffffffff
77	73
	74	+/*
	75	+ * The permissions required on a key that we're looking up.
	76	+ */
	77	+enum key_need_perm {
	78	+ KEY_NEED_UNSPECIFIED, /* Needed permission unspecified */
	79	+ KEY_NEED_VIEW, /* Require permission to view attributes */
	80	+ KEY_NEED_READ, /* Require permission to read content */
	81	+ KEY_NEED_WRITE, /* Require permission to update / modify */
	82	+ KEY_NEED_SEARCH, /* Require permission to search (keyring) or find (key) */
	83	+ KEY_NEED_LINK, /* Require permission to link */
	84	+ KEY_NEED_SETATTR, /* Require permission to change attributes */
	85	+ KEY_NEED_UNLINK, /* Require permission to unlink key */
	86	+ KEY_SYSADMIN_OVERRIDE, /* Special: override by CAP_SYS_ADMIN */
	87	+ KEY_AUTHTOKEN_OVERRIDE, /* Special: override by possession of auth token */
	88	+ KEY_DEFER_PERM_CHECK, /* Special: permission check is deferred */
	89	+};
	90	+
78	91	struct seq_file;
79	92	struct user_struct;
80	93	struct signal_struct;
..	..	@@ -82,13 +95,34 @@
82	95
83	96	struct key_type;
84	97	struct key_owner;
	98	+struct key_tag;
85	99	struct keyring_list;
86	100	struct keyring_name;
87	101
	102	+struct key_tag {
	103	+ struct rcu_head rcu;
	104	+ refcount_t usage;
	105	+ bool removed; /* T when subject removed */
	106	+};
	107	+
88	108	struct keyring_index_key {
	109	+ /* [!] If this structure is altered, the union in struct key must change too! */
	110	+ unsigned long hash; /* Hash value */
	111	+ union {
	112	+ struct {
	113	+#ifdef __LITTLE_ENDIAN /* Put desc_len at the LSB of x */
	114	+ u16 desc_len;
	115	+ char desc[sizeof(long) - 2]; /* First few chars of description */
	116	+#else
	117	+ char desc[sizeof(long) - 2]; /* First few chars of description */
	118	+ u16 desc_len;
	119	+#endif
	120	+ };
	121	+ unsigned long x;
	122	+ };
89	123	struct key_type *type;
	124	+ struct key_tag domain_tag; / Domain of operation */
90	125	const char *description;
91		- size_t desc_len;
92	126	};
93	127
94	128	union key_payload {
..	..	@@ -159,6 +193,9 @@
159	193	struct list_head graveyard_link;
160	194	struct rb_node serial_node;
161	195	};
	196	+#ifdef CONFIG_KEY_NOTIFICATIONS
	197	+ struct watch_list watchers; / Entities watching this key for changes */
	198	+#endif
162	199	struct rw_semaphore sem; /* change vs change sem */
163	200	struct key_user user; / owner of this key */
164	201	void security; / security data for this key */
..	..	@@ -202,7 +239,10 @@
202	239	union {
203	240	struct keyring_index_key index_key;
204	241	struct {
	242	+ unsigned long hash;
	243	+ unsigned long len_desc;
205	244	struct key_type type; / type of key */
	245	+ struct key_tag domain_tag; / Domain of operation */
206	246	char *description;
207	247	};
208	248	};
..	..	@@ -254,6 +294,8 @@
254	294	extern void key_revoke(struct key *key);
255	295	extern void key_invalidate(struct key *key);
256	296	extern void key_put(struct key *key);
	297	+extern bool key_put_tag(struct key_tag *tag);
	298	+extern void key_remove_domain(struct key_tag *domain_tag);
257	299
258	300	static inline struct key __key_get(struct key key)
259	301	{
..	..	@@ -271,26 +313,68 @@
271	313	key_put(key_ref_to_ptr(key_ref));
272	314	}
273	315
274		-extern struct key request_key(struct key_type type,
275		- const char *description,
276		- const char *callout_info);
	316	+extern struct key request_key_tag(struct key_type type,
	317	+ const char *description,
	318	+ struct key_tag *domain_tag,
	319	+ const char *callout_info);
	320	+
	321	+extern struct key request_key_rcu(struct key_type type,
	322	+ const char *description,
	323	+ struct key_tag *domain_tag);
277	324
278	325	extern struct key request_key_with_auxdata(struct key_type type,
279	326	const char *description,
	327	+ struct key_tag *domain_tag,
280	328	const void *callout_info,
281	329	size_t callout_len,
282	330	void *aux);
283	331
284		-extern struct key request_key_async(struct key_type type,
285		- const char *description,
286		- const void *callout_info,
287		- size_t callout_len);
	332	+/**
	333	+ * request_key - Request a key and wait for construction
	334	+ * @type: Type of key.
	335	+ * @description: The searchable description of the key.
	336	+ * @callout_info: The data to pass to the instantiation upcall (or NULL).
	337	+ *
	338	+ * As for request_key_tag(), but with the default global domain tag.
	339	+ */
	340	+static inline struct key request_key(struct key_type type,
	341	+ const char *description,
	342	+ const char *callout_info)
	343	+{
	344	+ return request_key_tag(type, description, NULL, callout_info);
	345	+}
288	346
289		-extern struct key request_key_async_with_auxdata(struct key_type type,
290		- const char *description,
291		- const void *callout_info,
292		- size_t callout_len,
293		- void *aux);
	347	+#ifdef CONFIG_NET
	348	+/**
	349	+ * request_key_net - Request a key for a net namespace and wait for construction
	350	+ * @type: Type of key.
	351	+ * @description: The searchable description of the key.
	352	+ * @net: The network namespace that is the key's domain of operation.
	353	+ * @callout_info: The data to pass to the instantiation upcall (or NULL).
	354	+ *
	355	+ * As for request_key() except that it does not add the returned key to a
	356	+ * keyring if found, new keys are always allocated in the user's quota, the
	357	+ * callout_info must be a NUL-terminated string and no auxiliary data can be
	358	+ * passed. Only keys that operate the specified network namespace are used.
	359	+ *
	360	+ * Furthermore, it then works as wait_for_key_construction() to wait for the
	361	+ * completion of keys undergoing construction with a non-interruptible wait.
	362	+ */
	363	+#define request_key_net(type, description, net, callout_info) \
	364	+ request_key_tag(type, description, net->key_domain, callout_info);
	365	+
	366	+/**
	367	+ * request_key_net_rcu - Request a key for a net namespace under RCU conditions
	368	+ * @type: Type of key.
	369	+ * @description: The searchable description of the key.
	370	+ * @net: The network namespace that is the key's domain of operation.
	371	+ *
	372	+ * As for request_key_rcu() except that only keys that operate the specified
	373	+ * network namespace are used.
	374	+ */
	375	+#define request_key_net_rcu(type, description, net) \
	376	+ request_key_rcu(type, description, net->key_domain);
	377	+#endif /* CONFIG_NET */
294	378
295	379	extern int wait_for_key_construction(struct key *key, bool intr);
296	380
..	..	@@ -311,6 +395,11 @@
311	395	extern int key_link(struct key *keyring,
312	396	struct key *key);
313	397
	398	+extern int key_move(struct key *key,
	399	+ struct key *from_keyring,
	400	+ struct key *to_keyring,
	401	+ unsigned int flags);
	402	+
314	403	extern int key_unlink(struct key *keyring,
315	404	struct key *key);
316	405
..	..	@@ -330,7 +419,8 @@
330	419
331	420	extern key_ref_t keyring_search(key_ref_t keyring,
332	421	struct key_type *type,
333		- const char *description);
	422	+ const char *description,
	423	+ bool recurse);
334	424
335	425	extern int keyring_add_key(struct key *keyring,
336	426	struct key *key);
..	..	@@ -348,18 +438,8 @@
348	438	extern void key_set_timeout(struct key *, unsigned);
349	439
350	440	extern key_ref_t lookup_user_key(key_serial_t id, unsigned long flags,
351		- key_perm_t perm);
352		-
353		-/*
354		- * The permissions required on a key that we're looking up.
355		- */
356		-#define KEY_NEED_VIEW 0x01 /* Require permission to view attributes */
357		-#define KEY_NEED_READ 0x02 /* Require permission to read content */
358		-#define KEY_NEED_WRITE 0x04 /* Require permission to update / modify */
359		-#define KEY_NEED_SEARCH 0x08 /* Require permission to search (keyring) or find (key) */
360		-#define KEY_NEED_LINK 0x10 /* Require permission to link */
361		-#define KEY_NEED_SETATTR 0x20 /* Require permission to change attributes */
362		-#define KEY_NEED_ALL 0x3f /* All the above permissions */
	441	+ enum key_need_perm need_perm);
	442	+extern void key_free_user_ns(struct user_namespace *);
363	443
364	444	static inline short key_read_state(const struct key *key)
365	445	{
..	..	@@ -403,8 +483,8 @@
403	483	* the userspace interface
404	484	*/
405	485	extern int install_thread_keyring_to_cred(struct cred *cred);
406		-extern void key_fsuid_changed(struct task_struct *tsk);
407		-extern void key_fsgid_changed(struct task_struct *tsk);
	486	+extern void key_fsuid_changed(struct cred *new_cred);
	487	+extern void key_fsgid_changed(struct cred *new_cred);
408	488	extern void key_init(void);
409	489
410	490	#else /* CONFIG_KEYS */
..	..	@@ -419,9 +499,11 @@
419	499	#define make_key_ref(k, p) NULL
420	500	#define key_ref_to_ptr(k) NULL
421	501	#define is_key_possessed(k) 0
422		-#define key_fsuid_changed(t) do { } while(0)
423		-#define key_fsgid_changed(t) do { } while(0)
	502	+#define key_fsuid_changed(c) do { } while(0)
	503	+#define key_fsgid_changed(c) do { } while(0)
424	504	#define key_init() do { } while(0)
	505	+#define key_free_user_ns(ns) do { } while(0)
	506	+#define key_remove_domain(d) do { } while(0)
425	507
426	508	#endif /* CONFIG_KEYS */
427	509	#endif /* __KERNEL__ */