Add a flag to drop access to the session keyring Now that chrome os is moving over to ext4 based directory encryption, the encryption keys are stored in the session keyring. Applications that don't need to access the encrypted user data directory don't need access to this keyring. Add a flag for applications to drop access to the session keyring when they don't need it. Bug: crbug.com/682419 TEST=autotest in a later CL Change-Id: I3cb8f120d9f4891d9a13f7fe342b0388e9975605 Signed-off-by: Chirantan Ekbote <chirantan@google.com>

commit: 866bb3acc5b62235567171dfed9205a5b8c3e039 [log] [tgz]
author: Chirantan Ekbote <chirantan@google.com> Tue Feb 07 12:26:42 2017 -0800
committer: Treehugger Robot <treehugger-gerrit@google.com> Wed Feb 08 22:36:39 2017 +0000
tree: 51dd76e302d8fc1b8f3ac45470dfe3d2c0939bc7
parent: 959f656840f8b1b9d053be124e89d32dac8272e7 [diff] [blame]
diff --git a/libminijail.h b/libminijail.h
index 14aeece..2bf3024 100644
--- a/libminijail.h
+++ b/libminijail.h

@@ -61,6 +61,8 @@
 void minijail_reset_signal_mask(struct minijail *j);
 void minijail_namespace_vfs(struct minijail *j);
 void minijail_namespace_enter_vfs(struct minijail *j, const char *ns_path);
+void minijail_new_session_keyring(struct minijail *j);
+
 /*
  * This option is *dangerous* as it negates most of the functionality of
  * minijail_namespace_vfs(). You very likely don't need this.
commit	866bb3acc5b62235567171dfed9205a5b8c3e039	[log] [tgz]
author	Chirantan Ekbote <chirantan@google.com>	Tue Feb 07 12:26:42 2017 -0800
committer	Treehugger Robot <treehugger-gerrit@google.com>	Wed Feb 08 22:36:39 2017 +0000
tree	51dd76e302d8fc1b8f3ac45470dfe3d2c0939bc7
parent	959f656840f8b1b9d053be124e89d32dac8272e7 [diff] [blame]