KEYS: Remove KEY_FLAG_TRUSTED and KEY_ALLOC_TRUSTED

 */

int restrict_link_by_builtin_trusted(struct key *keyring,

				     const struct key_type *type,

				     unsigned long flags,

				     const union key_payload *payload)

{

	return restrict_link_by_signature(system_trusted_keyring,

					   ((KEY_POS_ALL & ~KEY_POS_SETATTR) |

					   KEY_USR_VIEW | KEY_USR_READ),

					   KEY_ALLOC_NOT_IN_QUOTA |

					   KEY_ALLOC_TRUSTED |

					   KEY_ALLOC_BUILT_IN |

					   KEY_ALLOC_BYPASS_RESTRICTION);

		if (IS_ERR(key)) {

extern int restrict_link_by_builtin_trusted(struct key *keyring,

					    const struct key_type *type,

					    unsigned long flags,

					    const union key_payload *payload);

#else

	size_t		datalen;	/* Raw datalen */

	size_t		quotalen;	/* Quota length for proposed payload */

	time_t		expiry;		/* Expiry time of key */

	bool		trusted;	/* True if key is trusted */

};

typedef int (*request_key_actor_t)(struct key_construction *key,

#define KEY_FLAG_NEGATIVE	5	/* set if key is negative */

#define KEY_FLAG_ROOT_CAN_CLEAR	6	/* set if key can be cleared by root without permission */

#define KEY_FLAG_INVALIDATED	7	/* set if key has been invalidated */

#define KEY_FLAG_TRUSTED	8	/* set if key is trusted */

#define KEY_FLAG_BUILTIN	9	/* set if key is built in to the kernel */

#define KEY_FLAG_ROOT_CAN_INVAL	10	/* set if key can be invalidated by root without permission */

#define KEY_FLAG_KEEP		11	/* set if key should not be removed */

#define KEY_FLAG_BUILTIN	8	/* set if key is built in to the kernel */

#define KEY_FLAG_ROOT_CAN_INVAL	9	/* set if key can be invalidated by root without permission */

#define KEY_FLAG_KEEP		10	/* set if key should not be removed */

	/* the key type and key description string

	 * - the desc is used to match a key against search criteria

	 */

	int (*restrict_link)(struct key *keyring,

			     const struct key_type *type,

			     unsigned long flags,

			     const union key_payload *payload);

};

			     unsigned long flags,

			     int (*restrict_link)(struct key *,

						  const struct key_type *,

						  unsigned long,

						  const union key_payload *));

#define KEY_ALLOC_IN_QUOTA		0x0000	/* add to quota, reject if would overrun */

#define KEY_ALLOC_QUOTA_OVERRUN		0x0001	/* add to quota, permit even if overrun */

#define KEY_ALLOC_NOT_IN_QUOTA		0x0002	/* not in quota */

#define KEY_ALLOC_TRUSTED		0x0004	/* Key should be flagged as trusted */

#define KEY_ALLOC_BUILT_IN		0x0008	/* Key is built into kernel */

#define KEY_ALLOC_BYPASS_RESTRICTION	0x0010	/* Override the check on restricted keyrings */

#define KEY_ALLOC_BUILT_IN		0x0004	/* Key is built into kernel */

#define KEY_ALLOC_BYPASS_RESTRICTION	0x0008	/* Override the check on restricted keyrings */

extern void key_revoke(struct key *key);

extern void key_invalidate(struct key *key);

				 unsigned long flags,

				 int (*restrict_link)(struct key *,

						      const struct key_type *,

						      unsigned long,

						      const union key_payload *),

				 struct key *dest);

extern int keyring_restrict_trusted_only(struct key *keyring,

					 const struct key_type *type,

					 unsigned long,

					 const union key_payload *payload);

extern int restrict_link_reject(struct key *keyring,

				const struct key_type *type,

				unsigned long flags,

				const union key_payload *payload);

extern int keyring_clear(struct key *keyring);

 */

static int restrict_link_by_ima_mok(struct key *keyring,

				    const struct key_type *type,

				    unsigned long flags,

				    const union key_payload *payload)

{

	int ret;

	ret = restrict_link_by_builtin_trusted(keyring, type, flags, payload);

	ret = restrict_link_by_builtin_trusted(keyring, type, payload);

	if (ret != -ENOKEY)

		return ret;