summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2016-04-06 17:14:26 +0200
committerDavid Howells <dhowells@redhat.com>2016-04-11 23:44:15 +0200
commit77f68bac9481ad440f4f34dda3d28c2dce6eb87b (patch)
tree3366c0ab94b42cc67fdbe36a2af7ac6bc1a50467 /include
parentKEYS: Move the point of trust determination to __key_link() (diff)
downloadlinux-77f68bac9481ad440f4f34dda3d28c2dce6eb87b.tar.xz
linux-77f68bac9481ad440f4f34dda3d28c2dce6eb87b.zip
KEYS: Remove KEY_FLAG_TRUSTED and KEY_ALLOC_TRUSTED
Remove KEY_FLAG_TRUSTED and KEY_ALLOC_TRUSTED as they're no longer meaningful. Also we can drop the trusted flag from the preparse structure. Given this, we no longer need to pass the key flags through to restrict_link(). Further, we can now get rid of keyring_restrict_trusted_only() also. Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'include')
-rw-r--r--include/keys/system_keyring.h1
-rw-r--r--include/linux/key-type.h1
-rw-r--r--include/linux/key.h21
3 files changed, 5 insertions, 18 deletions
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
index 93715913a0b1..c72330ae76df 100644
--- a/include/keys/system_keyring.h
+++ b/include/keys/system_keyring.h
@@ -18,7 +18,6 @@
extern int restrict_link_by_builtin_trusted(struct key *keyring,
const struct key_type *type,
- unsigned long flags,
const union key_payload *payload);
#else
diff --git a/include/linux/key-type.h b/include/linux/key-type.h
index 7463355a198b..eaee981c5558 100644
--- a/include/linux/key-type.h
+++ b/include/linux/key-type.h
@@ -45,7 +45,6 @@ struct key_preparsed_payload {
size_t datalen; /* Raw datalen */
size_t quotalen; /* Quota length for proposed payload */
time_t expiry; /* Expiry time of key */
- bool trusted; /* True if key is trusted */
};
typedef int (*request_key_actor_t)(struct key_construction *key,
diff --git a/include/linux/key.h b/include/linux/key.h
index 83b603639d2e..722914798f37 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -173,10 +173,9 @@ struct key {
#define KEY_FLAG_NEGATIVE 5 /* set if key is negative */
#define KEY_FLAG_ROOT_CAN_CLEAR 6 /* set if key can be cleared by root without permission */
#define KEY_FLAG_INVALIDATED 7 /* set if key has been invalidated */
-#define KEY_FLAG_TRUSTED 8 /* set if key is trusted */
-#define KEY_FLAG_BUILTIN 9 /* set if key is built in to the kernel */
-#define KEY_FLAG_ROOT_CAN_INVAL 10 /* set if key can be invalidated by root without permission */
-#define KEY_FLAG_KEEP 11 /* set if key should not be removed */
+#define KEY_FLAG_BUILTIN 8 /* set if key is built in to the kernel */
+#define KEY_FLAG_ROOT_CAN_INVAL 9 /* set if key can be invalidated by root without permission */
+#define KEY_FLAG_KEEP 10 /* set if key should not be removed */
/* the key type and key description string
* - the desc is used to match a key against search criteria
@@ -217,7 +216,6 @@ struct key {
*/
int (*restrict_link)(struct key *keyring,
const struct key_type *type,
- unsigned long flags,
const union key_payload *payload);
};
@@ -229,16 +227,14 @@ extern struct key *key_alloc(struct key_type *type,
unsigned long flags,
int (*restrict_link)(struct key *,
const struct key_type *,
- unsigned long,
const union key_payload *));
#define KEY_ALLOC_IN_QUOTA 0x0000 /* add to quota, reject if would overrun */
#define KEY_ALLOC_QUOTA_OVERRUN 0x0001 /* add to quota, permit even if overrun */
#define KEY_ALLOC_NOT_IN_QUOTA 0x0002 /* not in quota */
-#define KEY_ALLOC_TRUSTED 0x0004 /* Key should be flagged as trusted */
-#define KEY_ALLOC_BUILT_IN 0x0008 /* Key is built into kernel */
-#define KEY_ALLOC_BYPASS_RESTRICTION 0x0010 /* Override the check on restricted keyrings */
+#define KEY_ALLOC_BUILT_IN 0x0004 /* Key is built into kernel */
+#define KEY_ALLOC_BYPASS_RESTRICTION 0x0008 /* Override the check on restricted keyrings */
extern void key_revoke(struct key *key);
extern void key_invalidate(struct key *key);
@@ -309,18 +305,11 @@ extern struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid
unsigned long flags,
int (*restrict_link)(struct key *,
const struct key_type *,
- unsigned long,
const union key_payload *),
struct key *dest);
-extern int keyring_restrict_trusted_only(struct key *keyring,
- const struct key_type *type,
- unsigned long,
- const union key_payload *payload);
-
extern int restrict_link_reject(struct key *keyring,
const struct key_type *type,
- unsigned long flags,
const union key_payload *payload);
extern int keyring_clear(struct key *keyring);