keyctl: add support for KEYCTL_RESTRICT_KEYRING operation

* keyctl.c (keyctl_restrict_keyring): New function. (SYS_FUNC(keyctl)): Use it to implement KEYCTL_RESTRICT_KEYRING support. * NEWS: Mention this. * tests/keyctl.c (main): Check KEYCTL_RESTRICT_KEYRING decoding.
2017-07-21 11:07:55 +00:00 · 2017-07-21 11:07:55 +00:00 · 6f51a6d00d
commit 6f51a6d00d
parent 5112bb0083
3 changed files with 46 additions and 0 deletions
--- a/1
+++ b/1
@ -9,6 +9,7 @@ Noteworthy changes in release ?.?? (????-??-??)
    IPV6_ADD_MEMBERSHIP, IPV6_DROP_MEMBERSHIP, IPV6_JOIN_ANYCAST,
    IPV6_LEAVE_ANYCAST, MCAST_JOIN_GROUP, and MCAST_LEAVE_GROUP options
    of setsockopt syscall.
+  * Implemented decoding of KEYCTL_RESTRICT_KEYRING operation of keyctl syscall.
  * Enhanced decoding of UFFDIO_API ioctl command.
  * Implemented decoding of linux socket filter programs specified
    for SO_ATTACH_FILTER and SO_ATTACH_REUSEPORT_CBPF socket options.
--- a/keyctl.c
+++ b/keyctl.c
@ -263,6 +263,19 @@ keyctl_dh_compute(struct tcb *tcp, kernel_ulong_t params, kernel_ulong_t buf,
 	}
 }

+static void
+keyctl_restrict_keyring(struct tcb *const tcp,
+			const key_serial_t id,
+			const kernel_ulong_t addr1,
+			const kernel_ulong_t addr2)
+{
+	print_keyring_serial_number(id);
+	tprints(", ");
+	printstr(tcp, addr1);
+	tprints(", ");
+	printstr(tcp, addr2);
+}
+
 #include "xlat/key_reqkeys.h"
 #include "xlat/keyctl_commands.h"

@ -363,6 +376,10 @@ SYS_FUNC(keyctl)
 		keyctl_dh_compute(tcp, arg2, arg3, arg4);
 		return 0;

+	case KEYCTL_RESTRICT_KEYRING:
+		keyctl_restrict_keyring(tcp, arg2, arg3, arg4);
+		break;
+
 	default:
 		tprintf("%#" PRI_klx ", %#" PRI_klx
 			", %#" PRI_klx ", %#" PRI_klx,
--- a/tests/keyctl.c
+++ b/tests/keyctl.c
@ -506,6 +506,34 @@ main(void)
 		  sizeof(long_type_str), long_desc, NULL, NULL,
 		  sizeof(kernel_ulong_t), bogus_key3, bogus_key3_str, NULL);

+	/* KEYCTL_RESTRICT_KEYRING */
+
+	do_keyctl(ARG_STR(KEYCTL_RESTRICT_KEYRING),
+		  sizeof(int32_t), ARG_STR(KEY_SPEC_REQUESTOR_KEYRING), NULL,
+		  sizeof(char *), ARG_STR(NULL), NULL,
+		  sizeof(char *), ARG_STR(NULL), NULL,
+			  NULL);
+	do_keyctl(ARG_STR(KEYCTL_RESTRICT_KEYRING),
+		  sizeof(int32_t), bogus_key1, NULL, "%d",
+		  sizeof(char *), (char *) 0xfffffacefffffeedULL, NULL, ptr_fmt,
+		  sizeof(char *), (char *) 0xfffff00dfffff157ULL, NULL, ptr_fmt,
+			  NULL);
+	do_keyctl(ARG_STR(KEYCTL_RESTRICT_KEYRING),
+		  sizeof(int32_t), bogus_key2, NULL, "%d",
+		  sizeof(char *), bogus_str, NULL, ptr_fmt,
+		  sizeof(char *), bogus_desc, NULL, ptr_fmt,
+			  NULL);
+	do_keyctl(ARG_STR(KEYCTL_RESTRICT_KEYRING),
+		  sizeof(kernel_ulong_t), bogus_key3, bogus_key3_str, NULL,
+		  sizeof(short_type_str), short_type, NULL, NULL,
+		  sizeof(short_desc_str), short_desc, NULL, NULL,
+			  NULL);
+	do_keyctl(ARG_STR(KEYCTL_RESTRICT_KEYRING),
+		  sizeof(int32_t), 0, NULL, "%d",
+		  sizeof(long_type_str), long_type, NULL, NULL,
+		  sizeof(long_type_str), long_desc, NULL, NULL,
+			  NULL);
+
 	buf_in_arg = false;