diff options
| author | David Howells <dhowells@redhat.com> | 2013-09-24 10:35:17 +0100 |
|---|---|---|
| committer | David Howells <dhowells@redhat.com> | 2013-09-24 10:35:17 +0100 |
| commit | e57e8669f2ab8350d30f771dd2fdd5377f183db2 (patch) | |
| tree | 8344918b6ac5ca26792460aec1d5a60c1ede88e2 /security | |
| parent | ccc3e6d9c9aea07a0b60b2b0bfc5b05a704b66d5 (diff) | |
KEYS: Drop the permissions argument from __keyring_search_one()
Drop the permissions argument from __keyring_search_one() as the only caller
passes 0 here - which causes all checks to be skipped.
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'security')
| -rw-r--r-- | security/keys/internal.h | 3 | ||||
| -rw-r--r-- | security/keys/key.c | 2 | ||||
| -rw-r--r-- | security/keys/keyring.c | 9 |
3 files changed, 5 insertions, 9 deletions
diff --git a/security/keys/internal.h b/security/keys/internal.h index f4bf938b68b..73950bf8f87 100644 --- a/security/keys/internal.h +++ b/security/keys/internal.h @@ -99,8 +99,7 @@ extern void __key_link_end(struct key *keyring, unsigned long prealloc); extern key_ref_t __keyring_search_one(key_ref_t keyring_ref, - const struct keyring_index_key *index_key, - key_perm_t perm); + const struct keyring_index_key *index_key); extern struct key *keyring_search_instkey(struct key *keyring, key_serial_t target_id); diff --git a/security/keys/key.c b/security/keys/key.c index 1e23cc28810..7d716b82a61 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -847,7 +847,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, * update that instead if possible */ if (index_key.type->update) { - key_ref = __keyring_search_one(keyring_ref, &index_key, 0); + key_ref = __keyring_search_one(keyring_ref, &index_key); if (!IS_ERR(key_ref)) goto found_matching_key; } diff --git a/security/keys/keyring.c b/security/keys/keyring.c index 87eff32b53f..eeef1a073db 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c @@ -531,15 +531,14 @@ EXPORT_SYMBOL(keyring_search); * RCU is used to make it unnecessary to lock the keyring key list here. * * Returns a pointer to the found key with usage count incremented if - * successful and returns -ENOKEY if not found. Revoked keys and keys not - * providing the requested permission are skipped over. + * successful and returns -ENOKEY if not found. Revoked and invalidated keys + * are skipped over. * * If successful, the possession indicator is propagated from the keyring ref * to the returned key reference. */ key_ref_t __keyring_search_one(key_ref_t keyring_ref, - const struct keyring_index_key *index_key, - key_perm_t perm) + const struct keyring_index_key *index_key) { struct keyring_list *klist; struct key *keyring, *key; @@ -560,8 +559,6 @@ key_ref_t __keyring_search_one(key_ref_t keyring_ref, if (key->type == index_key->type && (!key->type->match || key->type->match(key, index_key->description)) && - key_permission(make_key_ref(key, possessed), - perm) == 0 && !(key->flags & ((1 << KEY_FLAG_INVALIDATED) | (1 << KEY_FLAG_REVOKED))) ) |