keyctl: add support for KEYCTL_RESTRICT_KEYRING operation

* keyctl.c (keyctl_restrict_keyring): New function.
(SYS_FUNC(keyctl)): Use it to implement KEYCTL_RESTRICT_KEYRING support.
* NEWS: Mention this.
* tests/keyctl.c (main): Check KEYCTL_RESTRICT_KEYRING decoding.

diff --git a/NEWS b/NEWS
index 161a941856aff69f7301108508841e8be780bec3..88229fb7fb01e388e63a41d054cfeb9b77ab94d2 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,7 @@ Noteworthy changes in release ?.?? (????-??-??)
     IPV6_ADD_MEMBERSHIP, IPV6_DROP_MEMBERSHIP, IPV6_JOIN_ANYCAST,
     IPV6_LEAVE_ANYCAST, MCAST_JOIN_GROUP, and MCAST_LEAVE_GROUP options
     of setsockopt syscall.
+  * Implemented decoding of KEYCTL_RESTRICT_KEYRING operation of keyctl syscall.
   * Enhanced decoding of UFFDIO_API ioctl command.
   * Implemented decoding of linux socket filter programs specified
     for SO_ATTACH_FILTER and SO_ATTACH_REUSEPORT_CBPF socket options.

diff --git a/keyctl.c b/keyctl.c
index 3165fcd7e3a9c1763e7851493b26d8532c0a065d..a11bd3d3a2a266abae4db1acd01eecaf9bced6c9 100644 (file)
--- a/keyctl.c
+++ b/keyctl.c
@@ -263,6 +263,19 @@ keyctl_dh_compute(struct tcb *tcp, kernel_ulong_t params, kernel_ulong_t buf,
        }
 }
 
+static void
+keyctl_restrict_keyring(struct tcb *const tcp,
+                       const key_serial_t id,
+                       const kernel_ulong_t addr1,
+                       const kernel_ulong_t addr2)
+{
+       print_keyring_serial_number(id);
+       tprints(", ");
+       printstr(tcp, addr1);
+       tprints(", ");
+       printstr(tcp, addr2);
+}
+
 #include "xlat/key_reqkeys.h"
 #include "xlat/keyctl_commands.h"
 
@@ -363,6 +376,10 @@ SYS_FUNC(keyctl)
                keyctl_dh_compute(tcp, arg2, arg3, arg4);
                return 0;
 
+       case KEYCTL_RESTRICT_KEYRING:
+               keyctl_restrict_keyring(tcp, arg2, arg3, arg4);
+               break;
+
        default:
                tprintf("%#" PRI_klx ", %#" PRI_klx
                        ", %#" PRI_klx ", %#" PRI_klx,

diff --git a/tests/keyctl.c b/tests/keyctl.c
index bfc6d50835be3cf62c46c64fff1a30da10b862db..cb70e79cb1d911e86dcd337f7f759785587c8c1b 100644 (file)
--- a/tests/keyctl.c
+++ b/tests/keyctl.c
@@ -506,6 +506,34 @@ main(void)
                  sizeof(long_type_str), long_desc, NULL, NULL,
                  sizeof(kernel_ulong_t), bogus_key3, bogus_key3_str, NULL);
 
+       /* KEYCTL_RESTRICT_KEYRING */
+
+       do_keyctl(ARG_STR(KEYCTL_RESTRICT_KEYRING),
+                 sizeof(int32_t), ARG_STR(KEY_SPEC_REQUESTOR_KEYRING), NULL,
+                 sizeof(char *), ARG_STR(NULL), NULL,
+                 sizeof(char *), ARG_STR(NULL), NULL,
+                         NULL);
+       do_keyctl(ARG_STR(KEYCTL_RESTRICT_KEYRING),
+                 sizeof(int32_t), bogus_key1, NULL, "%d",
+                 sizeof(char *), (char *) 0xfffffacefffffeedULL, NULL, ptr_fmt,
+                 sizeof(char *), (char *) 0xfffff00dfffff157ULL, NULL, ptr_fmt,
+                         NULL);
+       do_keyctl(ARG_STR(KEYCTL_RESTRICT_KEYRING),
+                 sizeof(int32_t), bogus_key2, NULL, "%d",
+                 sizeof(char *), bogus_str, NULL, ptr_fmt,
+                 sizeof(char *), bogus_desc, NULL, ptr_fmt,
+                         NULL);
+       do_keyctl(ARG_STR(KEYCTL_RESTRICT_KEYRING),
+                 sizeof(kernel_ulong_t), bogus_key3, bogus_key3_str, NULL,
+                 sizeof(short_type_str), short_type, NULL, NULL,
+                 sizeof(short_desc_str), short_desc, NULL, NULL,
+                         NULL);
+       do_keyctl(ARG_STR(KEYCTL_RESTRICT_KEYRING),
+                 sizeof(int32_t), 0, NULL, "%d",
+                 sizeof(long_type_str), long_type, NULL, NULL,
+                 sizeof(long_type_str), long_desc, NULL, NULL,
+                         NULL);
+
        buf_in_arg = false;