Merge tag 'keys-20140314' of... (b13cebe7) · Commits · 方亚芬 / linux

include/linux/key.h

+11 −0

Original line number	Diff line number	Diff line
		@@ -309,6 +309,17 @@ static inline key_serial_t key_serial(const struct key *key)

		extern void key_set_timeout(struct key *, unsigned);

		/*
		* The permissions required on a key that we're looking up.
		*/
		#define KEY_NEED_VIEW 0x01 /* Require permission to view attributes */
		#define KEY_NEED_READ 0x02 /* Require permission to read content */
		#define KEY_NEED_WRITE 0x04 /* Require permission to update / modify */
		#define KEY_NEED_SEARCH 0x08 /* Require permission to search (keyring) or find (key) */
		#define KEY_NEED_LINK 0x10 /* Require permission to link */
		#define KEY_NEED_SETATTR 0x20 /* Require permission to change attributes */
		#define KEY_NEED_ALL 0x3f /* All the above permissions */

		/**
		* key_is_instantiated - Determine if a key has been positively instantiated
		* @key: The key to check.

+3 −3

Original line number	Diff line number	Diff line
		@@ -1708,7 +1708,7 @@ struct security_operations {
		void (key_free) (struct key key);
		int (*key_permission) (key_ref_t key_ref,
		const struct cred *cred,
		key_perm_t perm);
		unsigned perm);
		int (key_getsecurity)(struct key key, char **_buffer);
		#endif /* CONFIG_KEYS */

		@@ -3030,7 +3030,7 @@ static inline int security_path_chroot(struct path *path)
		int security_key_alloc(struct key key, const struct cred cred, unsigned long flags);
		void security_key_free(struct key *key);
		int security_key_permission(key_ref_t key_ref,
		const struct cred *cred, key_perm_t perm);
		const struct cred *cred, unsigned perm);
		int security_key_getsecurity(struct key key, char *_buffer);

		#else
		@@ -3048,7 +3048,7 @@ static inline void security_key_free(struct key *key)

		static inline int security_key_permission(key_ref_t key_ref,
		const struct cred *cred,
		key_perm_t perm)
		unsigned perm)
		{
		return 0;
		}

+1 −1

Original line number	Diff line number	Diff line
		@@ -879,7 +879,7 @@ static void cap_key_free(struct key *key)
		}

		static int cap_key_permission(key_ref_t key_ref, const struct cred *cred,
		key_perm_t perm)
		unsigned perm)
		{
		return 0;
		}

+1 −10

Original line number	Diff line number	Diff line
		@@ -176,20 +176,11 @@ extern int key_task_permission(const key_ref_t key_ref,
		/*
		* Check to see whether permission is granted to use a key in the desired way.
		*/
		static inline int key_permission(const key_ref_t key_ref, key_perm_t perm)
		static inline int key_permission(const key_ref_t key_ref, unsigned perm)
		{
		return key_task_permission(key_ref, current_cred(), perm);
		}

		/* required permissions */
		#define KEY_VIEW 0x01 /* require permission to view attributes */
		#define KEY_READ 0x02 /* require permission to read content */
		#define KEY_WRITE 0x04 /* require permission to update / modify */
		#define KEY_SEARCH 0x08 /* require permission to search (keyring) or find (key) */
		#define KEY_LINK 0x10 /* require permission to link */
		#define KEY_SETATTR 0x20 /* require permission to change attributes */
		#define KEY_ALL 0x3f /* all the above permissions */

		/*
		* Authorisation record for request_key().
		*/

+3 −3

Original line number	Diff line number	Diff line
		@@ -714,7 +714,7 @@ static inline key_ref_t __key_update(key_ref_t key_ref,
		int ret;

		/* need write permission on the key to update it */
		ret = key_permission(key_ref, KEY_WRITE);
		ret = key_permission(key_ref, KEY_NEED_WRITE);
		if (ret < 0)
		goto error;

		@@ -838,7 +838,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,

		/* if we're going to allocate a new key, we're going to have
		* to modify the keyring */
		ret = key_permission(keyring_ref, KEY_WRITE);
		ret = key_permission(keyring_ref, KEY_NEED_WRITE);
		if (ret < 0) {
		key_ref = ERR_PTR(ret);
		goto error_link_end;
		@@ -928,7 +928,7 @@ int key_update(key_ref_t key_ref, const void *payload, size_t plen)
		key_check(key);

		/* the key must be writable */
		ret = key_permission(key_ref, KEY_WRITE);
		ret = key_permission(key_ref, KEY_NEED_WRITE);
		if (ret < 0)
		goto error;