KEYS: Drop the permissions argument from __keyring_search_one()

Drop the permissions argument from __keyring_search_one() as the only caller passes 0 here - which causes all checks to be skipped. Signed-off-by: David Howells <dhowells@redhat.com>
author: David Howells <dhowells@redhat.com> 2013-09-24 05:35:17 -0400
committer: David Howells <dhowells@redhat.com> 2013-09-24 05:35:17 -0400
commit: e57e8669f2ab8350d30f771dd2fdd5377f183db2 (patch)
tree: 8344918b6ac5ca26792460aec1d5a60c1ede88e2
parent: ccc3e6d9c9aea07a0b60b2b0bfc5b05a704b66d5 (diff)
3 files changed, 5 insertions, 9 deletions
diff --git a/security/keys/internal.h b/security/keys/internal.h
index f4bf938b68b4..73950bf8f875 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -99,8 +99,7 @@ extern void __key_link_end(struct key *keyring,
                           unsigned long prealloc);
 extern key_ref_t __keyring_search_one(key_ref_t keyring_ref,
-                                      const struct keyring_index_key *index_key,
+                                      const struct keyring_index_key *index_key);
-                                      key_perm_t perm);
 extern struct key *keyring_search_instkey(struct key *keyring,
                                          key_serial_t target_id);
diff --git a/security/keys/key.c b/security/keys/key.c
index 1e23cc288106..7d716b82a61e 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -847,7 +847,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
         * update that instead if possible
         */
        if (index_key.type->update) {
-                key_ref = __keyring_search_one(keyring_ref, &index_key, 0);
+                key_ref = __keyring_search_one(keyring_ref, &index_key);
                if (!IS_ERR(key_ref))
                        goto found_matching_key;
        }
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index 87eff32b53f4..eeef1a073db4 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -531,15 +531,14 @@ EXPORT_SYMBOL(keyring_search);
 * RCU is used to make it unnecessary to lock the keyring key list here.
 *
 * Returns a pointer to the found key with usage count incremented if
- * successful and returns -ENOKEY if not found.  Revoked keys and keys not
+ * successful and returns -ENOKEY if not found.  Revoked and invalidated keys
- * providing the requested permission are skipped over.
+ * are skipped over.
 *
 * If successful, the possession indicator is propagated from the keyring ref
 * to the returned key reference.
 */
 key_ref_t __keyring_search_one(key_ref_t keyring_ref,
-                               const struct keyring_index_key *index_key,
+                               const struct keyring_index_key *index_key)
-                               key_perm_t perm)
 {
        struct keyring_list *klist;
        struct key *keyring, *key;
@@ -560,8 +559,6 @@ key_ref_t __keyring_search_one(key_ref_t keyring_ref,
                        if (key->type == index_key->type &&
                            (!key->type->match ||
                             key->type->match(key, index_key->description)) &&
-                            key_permission(make_key_ref(key, possessed),
-                                           perm) == 0 &&
                            !(key->flags & ((1 << KEY_FLAG_INVALIDATED) |
                                            (1 << KEY_FLAG_REVOKED)))
                            )
author	David Howells <dhowells@redhat.com>	2013-09-24 05:35:17 -0400
committer	David Howells <dhowells@redhat.com>	2013-09-24 05:35:17 -0400
commit	e57e8669f2ab8350d30f771dd2fdd5377f183db2 (patch)
tree	8344918b6ac5ca26792460aec1d5a60c1ede88e2
parent	ccc3e6d9c9aea07a0b60b2b0bfc5b05a704b66d5 (diff)