Merge tag 'keys-20140314' of...

extern void key_set_timeout(struct key *, unsigned);

/*

 * The permissions required on a key that we're looking up.

 */

#define	KEY_NEED_VIEW	0x01	/* Require permission to view attributes */

#define	KEY_NEED_READ	0x02	/* Require permission to read content */

#define	KEY_NEED_WRITE	0x04	/* Require permission to update / modify */

#define	KEY_NEED_SEARCH	0x08	/* Require permission to search (keyring) or find (key) */

#define	KEY_NEED_LINK	0x10	/* Require permission to link */

#define	KEY_NEED_SETATTR 0x20	/* Require permission to change attributes */

#define	KEY_NEED_ALL	0x3f	/* All the above permissions */

/**

 * key_is_instantiated - Determine if a key has been positively instantiated

 * @key: The key to check.

	void (*key_free) (struct key *key);

	int (*key_permission) (key_ref_t key_ref,

			       const struct cred *cred,

			       key_perm_t perm);

			       unsigned perm);

	int (*key_getsecurity)(struct key *key, char **_buffer);

#endif	/* CONFIG_KEYS */

int security_key_alloc(struct key *key, const struct cred *cred, unsigned long flags);

void security_key_free(struct key *key);

int security_key_permission(key_ref_t key_ref,

			    const struct cred *cred, key_perm_t perm);

			    const struct cred *cred, unsigned perm);

int security_key_getsecurity(struct key *key, char **_buffer);

#else

static inline int security_key_permission(key_ref_t key_ref,

					  const struct cred *cred,

					  key_perm_t perm)

					  unsigned perm)

{

	return 0;

}

}

static int cap_key_permission(key_ref_t key_ref, const struct cred *cred,

			      key_perm_t perm)

			      unsigned perm)

{

	return 0;

}

/*

 * Check to see whether permission is granted to use a key in the desired way.

 */

static inline int key_permission(const key_ref_t key_ref, key_perm_t perm)

static inline int key_permission(const key_ref_t key_ref, unsigned perm)

{

	return key_task_permission(key_ref, current_cred(), perm);

}

/* required permissions */

#define	KEY_VIEW	0x01	/* require permission to view attributes */

#define	KEY_READ	0x02	/* require permission to read content */

#define	KEY_WRITE	0x04	/* require permission to update / modify */

#define	KEY_SEARCH	0x08	/* require permission to search (keyring) or find (key) */

#define	KEY_LINK	0x10	/* require permission to link */

#define	KEY_SETATTR	0x20	/* require permission to change attributes */

#define	KEY_ALL		0x3f	/* all the above permissions */

/*

 * Authorisation record for request_key().

 */

	int ret;

	/* need write permission on the key to update it */

	ret = key_permission(key_ref, KEY_WRITE);

	ret = key_permission(key_ref, KEY_NEED_WRITE);

	if (ret < 0)

		goto error;

	/* if we're going to allocate a new key, we're going to have

	 * to modify the keyring */

	ret = key_permission(keyring_ref, KEY_WRITE);

	ret = key_permission(keyring_ref, KEY_NEED_WRITE);

	if (ret < 0) {

		key_ref = ERR_PTR(ret);

		goto error_link_end;

	key_check(key);

	/* the key must be writable */

	ret = key_permission(key_ref, KEY_WRITE);

	ret = key_permission(key_ref, KEY_NEED_WRITE);

	if (ret < 0)

		goto error;