diff options
Diffstat (limited to 'security/keys/keyring.c')
-rw-r--r-- | security/keys/keyring.c | 27 |
1 files changed, 9 insertions, 18 deletions
diff --git a/security/keys/keyring.c b/security/keys/keyring.c index 3b5458f23a95..febf36c6ddc5 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c @@ -515,19 +515,11 @@ static long keyring_read(const struct key *keyring, return ret; } -/** - * keyring_alloc - Allocate a keyring and link into the destination - * @description: The key description to allow the key to be searched out. - * @uid: The owner of the new key. - * @gid: The group ID for the new key's group permissions. - * @cred: The credentials specifying UID namespace. - * @acl: The ACL to attach to the new key. - * @flags: Flags specifying quota properties. - * @restrict_link: Optional link restriction for new keyrings. - * @dest: Destination keyring. +/* + * Allocate a keyring and link into the destination keyring. */ struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid, - const struct cred *cred, struct key_acl *acl, + const struct cred *cred, key_perm_t perm, unsigned long flags, struct key_restriction *restrict_link, struct key *dest) @@ -536,7 +528,7 @@ struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid, int ret; keyring = key_alloc(&key_type_keyring, description, - uid, gid, cred, acl, flags, restrict_link); + uid, gid, cred, perm, flags, restrict_link); if (!IS_ERR(keyring)) { ret = key_instantiate_and_link(keyring, NULL, 0, dest, NULL); if (ret < 0) { @@ -1140,11 +1132,10 @@ found: /* * Find a keyring with the specified name. * - * Only keyrings that have nonzero refcount, are not revoked, and are owned by - * a user in the current user namespace are considered. If @uid_keyring is - * %true, the keyring additionally must have been allocated as a user or user - * session keyring; otherwise, it must grant JOIN permission directly to the - * caller (ie. not through possession). + * Only keyrings that have nonzero refcount, are not revoked, and are owned by a + * user in the current user namespace are considered. If @uid_keyring is %true, + * the keyring additionally must have been allocated as a user or user session + * keyring; otherwise, it must grant Search permission directly to the caller. * * Returns a pointer to the keyring with the keyring's refcount having being * incremented on success. -ENOKEY is returned if a key could not be found. @@ -1178,7 +1169,7 @@ struct key *find_keyring_by_name(const char *name, bool uid_keyring) continue; } else { if (key_permission(make_key_ref(keyring, 0), - KEY_NEED_JOIN) < 0) + KEY_NEED_SEARCH) < 0) continue; } |