KEYS: Add a facility to restrict new links into a keyring

	struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,

				  const struct cred *cred,

				  key_perm_t perm,

				  int (*restrict_link)(struct key *,

						       const struct key_type *,

						       unsigned long,

						       const union key_payload *),

				  unsigned long flags,

				  struct key *dest);

    KEY_ALLOC_NOT_IN_QUOTA in flags if the keyring shouldn't be accounted

    towards the user's quota).  Error ENOMEM can also be returned.

    If restrict_link not NULL, it should point to a function that will be

    called each time an attempt is made to link a key into the new keyring.

    This function is called to check whether a key may be added into the keying

    or not.  Callers of key_create_or_update() within the kernel can pass

    KEY_ALLOC_BYPASS_RESTRICTION to suppress the check.  An example of using

    this is to manage rings of cryptographic keys that are set up when the

    kernel boots where userspace is also permitted to add keys - provided they

    can be verified by a key the kernel already has.

    When called, the restriction function will be passed the keyring being

    added to, the key flags value and the type and payload of the key being

    added.  Note that when a new key is being created, this is called between

    payload preparsing and actual key creation.  The function should return 0

    to allow the link or an error to reject it.

    A convenience function, restrict_link_reject, exists to always return

    -EPERM to in this case.

(*) To check the validity of a key, this function can be called:

			      KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),

			      ((KEY_POS_ALL & ~KEY_POS_SETATTR) |

			      KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH),

			      KEY_ALLOC_NOT_IN_QUOTA, NULL);

			      KEY_ALLOC_NOT_IN_QUOTA,

			      keyring_restrict_trusted_only, NULL);

	if (IS_ERR(system_trusted_keyring))

		panic("Can't allocate system trusted keyring\n");

	set_bit(KEY_FLAG_TRUSTED_ONLY, &system_trusted_keyring->flags);

	return 0;

}

					   KEY_USR_VIEW | KEY_USR_READ),

					   KEY_ALLOC_NOT_IN_QUOTA |

					   KEY_ALLOC_TRUSTED |

					   KEY_ALLOC_BUILT_IN);

					   KEY_ALLOC_BUILT_IN |

					   KEY_ALLOC_BYPASS_RESTRICTION);

		if (IS_ERR(key)) {

			pr_err("Problem loading in-kernel X.509 certificate (%ld)\n",

			       PTR_ERR(key));

				GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred,

				(KEY_POS_ALL & ~KEY_POS_SETATTR) |

				KEY_USR_VIEW | KEY_USR_READ,

				KEY_ALLOC_NOT_IN_QUOTA, NULL);

				KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);

	if (IS_ERR(keyring)) {

		ret = PTR_ERR(keyring);

		goto failed_put_cred;

				GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred,

				(KEY_POS_ALL & ~KEY_POS_SETATTR) |

				KEY_USR_VIEW | KEY_USR_READ,

				KEY_ALLOC_NOT_IN_QUOTA, NULL);

				KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);

	if (IS_ERR(keyring)) {

		ret = PTR_ERR(keyring);

		goto failed_put_cred;

#define KEY_FLAG_ROOT_CAN_CLEAR	6	/* set if key can be cleared by root without permission */

#define KEY_FLAG_INVALIDATED	7	/* set if key has been invalidated */

#define KEY_FLAG_TRUSTED	8	/* set if key is trusted */

#define KEY_FLAG_TRUSTED_ONLY	9	/* set if keyring only accepts links to trusted keys */

#define KEY_FLAG_BUILTIN	10	/* set if key is builtin */

#define KEY_FLAG_ROOT_CAN_INVAL	11	/* set if key can be invalidated by root without permission */

#define KEY_FLAG_KEEP		12	/* set if key should not be removed */

#define KEY_FLAG_BUILTIN	9	/* set if key is built in to the kernel */

#define KEY_FLAG_ROOT_CAN_INVAL	10	/* set if key can be invalidated by root without permission */

#define KEY_FLAG_KEEP		11	/* set if key should not be removed */

	/* the key type and key description string

	 * - the desc is used to match a key against search criteria

		};

		int reject_error;

	};

	/* This is set on a keyring to restrict the addition of a link to a key

	 * to it.  If this method isn't provided then it is assumed that the

	 * keyring is open to any addition.  It is ignored for non-keyring

	 * keys.

	 *

	 * This is intended for use with rings of trusted keys whereby addition

	 * to the keyring needs to be controlled.  KEY_ALLOC_BYPASS_RESTRICTION

	 * overrides this, allowing the kernel to add extra keys without

	 * restriction.

	 */

	int (*restrict_link)(struct key *keyring,

			     const struct key_type *type,

			     unsigned long flags,

			     const union key_payload *payload);

};

extern struct key *key_alloc(struct key_type *type,

			     kuid_t uid, kgid_t gid,

			     const struct cred *cred,

			     key_perm_t perm,

			     unsigned long flags);

			     unsigned long flags,

			     int (*restrict_link)(struct key *,

						  const struct key_type *,

						  unsigned long,

						  const union key_payload *));

#define KEY_ALLOC_IN_QUOTA		0x0000	/* add to quota, reject if would overrun */

#define KEY_ALLOC_NOT_IN_QUOTA		0x0002	/* not in quota */

#define KEY_ALLOC_TRUSTED		0x0004	/* Key should be flagged as trusted */

#define KEY_ALLOC_BUILT_IN		0x0008	/* Key is built into kernel */

#define KEY_ALLOC_BYPASS_RESTRICTION	0x0010	/* Override the check on restricted keyrings */

extern void key_revoke(struct key *key);

extern void key_invalidate(struct key *key);

				 const struct cred *cred,

				 key_perm_t perm,

				 unsigned long flags,

				 int (*restrict_link)(struct key *,

						      const struct key_type *,

						      unsigned long,

						      const union key_payload *),

				 struct key *dest);

extern int keyring_restrict_trusted_only(struct key *keyring,

					 const struct key_type *type,

					 unsigned long,

					 const union key_payload *payload);

extern int restrict_link_reject(struct key *keyring,

				const struct key_type *type,

				unsigned long flags,

				const union key_payload *payload);

extern int keyring_clear(struct key *keyring);

extern key_ref_t keyring_search(key_ref_t keyring,