xref: /kernel/linux/linux-5.10/fs/crypto/keyring.c

9  * This file implements management of fscrypt master keys in the
29 /* The master encryption keys for a filesystem (->s_master_keys) */
149  * mainly for simplicity of presentation in /proc/keys when read by a non-root
151  * users, since users should keep their encryption keys confidential.
205  * Release all encryption keys that have been added to the filesystem, along
210  * accesses have been allowed, this function may need to evict keys from the
287 		return NULL; /* No keyring yet, so no keys yet. */
465 	 * applicable for v1 policy keys, which have NULL ->mk_users.)
622  * completely restrict the use of such keys; they can be used by any kernel API
623  * that accepts "logon" keys and doesn't require a specific service prefix.
626  * where userspace needs to re-add keys after the filesystem is unmounted and
646 	/* Don't allow fscrypt v1 keys to be used as v2 keys and vice versa. */
672  * keyrings and the inability to properly remove keys.  This works by having
677  * prevents a malicious user from adding too many keys.  Finally, we forbid a
704 	 * Only root can add keys that are identified by an arbitrary descriptor
777  * enough for any use cases where encryption policies are being set using keys
964  * For more details, see the "Removing keys" section of
987 	 * Only root can add and remove keys that are identified by an arbitrary
1001 	if (mk->mk_users && mk->mk_users->keys.nr_leaves_on_tree != 0) {
1010 		if (mk->mk_users->keys.nr_leaves_on_tree != 0) {
1081  * In addition, for v2 policy keys we allow applications to determine, via
1133 		arg.user_count = mk->mk_users->keys.nr_leaves_on_tree;

Indexes created Thu Nov 07 10:32:03 CST 2024