[PATCH] Keys: Split key permissions checking into a .c file

The attached patch splits key permissions checking out of key-ui.h and moves it into a .c file. It's quite large and called quite a lot, and it's about to get bigger with the addition of LSM support for keys... key_any_permission() is also discarded as it's no longer used. Signed-Off-By: David Howells <dhowells@redhat.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
author: David Howells <dhowells@redhat.com> 2005-10-07 10:07:38 -0400
committer: Linus Torvalds <torvalds@g5.osdl.org> 2005-10-08 17:53:31 -0400
commit: 468ed2b0c85ec4310b429e60358213b6d077289e (patch)
tree: d1f570c1b89df450753cbec8768b1c1cfac6d9a2 /include/linux
parent: f1a9badcf6ecad9975240d94514721cb93932151 (diff)
1 files changed, 5 insertions, 86 deletions
diff --git a/include/linux/key-ui.h b/include/linux/key-ui.h
index 918c34a8347e..7a2e332067c3 100644
--- a/include/linux/key-ui.h
+++ b/include/linux/key-ui.h
@@ -38,97 +38,16 @@ struct keyring_list {
        struct key      *keys[0];
 };
 /*
 * check to see whether permission is granted to use a key in the desired way
 */
-static inline int key_permission(const key_ref_t key_ref, key_perm_t perm)
+extern int key_task_permission(const key_ref_t key_ref,
-{
+                               struct task_struct *context,
-        struct key *key = key_ref_to_ptr(key_ref);
+                               key_perm_t perm);
-        key_perm_t kperm;
-        if (is_key_possessed(key_ref))
-                kperm = key->perm >> 24;
-        else if (key->uid == current->fsuid)
-                kperm = key->perm >> 16;
-        else if (key->gid != -1 &&
-                 key->perm & KEY_GRP_ALL &&
-                 in_group_p(key->gid)
-                 )
-                kperm = key->perm >> 8;
-        else
-                kperm = key->perm;
-        kperm = kperm & perm & KEY_ALL;
-        return kperm == perm;
-}
-/*
- * check to see whether permission is granted to use a key in at least one of
- * the desired ways
- */
-static inline int key_any_permission(const key_ref_t key_ref, key_perm_t perm)
-{
-        struct key *key = key_ref_to_ptr(key_ref);
-        key_perm_t kperm;
-        if (is_key_possessed(key_ref))
-                kperm = key->perm >> 24;
-        else if (key->uid == current->fsuid)
-                kperm = key->perm >> 16;
-        else if (key->gid != -1 &&
-                 key->perm & KEY_GRP_ALL &&
-                 in_group_p(key->gid)
-                 )
-                kperm = key->perm >> 8;
-        else
-                kperm = key->perm;
-        kperm = kperm & perm & KEY_ALL;
+static inline int key_permission(const key_ref_t key_ref, key_perm_t perm)
-        return kperm != 0;
-}
-static inline int key_task_groups_search(struct task_struct *tsk, gid_t gid)
-{
-        int ret;
-        task_lock(tsk);
-        ret = groups_search(tsk->group_info, gid);
-        task_unlock(tsk);
-        return ret;
-}
-static inline int key_task_permission(const key_ref_t key_ref,
-                                      struct task_struct *context,
-                                      key_perm_t perm)
 {
-        struct key *key = key_ref_to_ptr(key_ref);
+        return key_task_permission(key_ref, current, perm);
-        key_perm_t kperm;
-        if (is_key_possessed(key_ref)) {
-                kperm = key->perm >> 24;
-        }
-        else if (key->uid == context->fsuid) {
-                kperm = key->perm >> 16;
-        }
-        else if (key->gid != -1 &&
-                 key->perm & KEY_GRP_ALL && (
-                         key->gid == context->fsgid ||
-                         key_task_groups_search(context, key->gid)
-                         )
-                 ) {
-                kperm = key->perm >> 8;
-        }
-        else {
-                kperm = key->perm;
-        }
-        kperm = kperm & perm & KEY_ALL;
-        return kperm == perm;
 }
 extern key_ref_t lookup_user_key(struct task_struct *context,
author	David Howells <dhowells@redhat.com>	2005-10-07 10:07:38 -0400
committer	Linus Torvalds <torvalds@g5.osdl.org>	2005-10-08 17:53:31 -0400
commit	468ed2b0c85ec4310b429e60358213b6d077289e (patch)
tree	d1f570c1b89df450753cbec8768b1c1cfac6d9a2 /include/linux
parent	f1a9badcf6ecad9975240d94514721cb93932151 (diff)

diff --git a/include/linux/key-ui.h b/include/linux/key-ui.h index 918c34a8347e..7a2e332067c3 100644 --- a/include/linux/key-ui.h +++ b/include/linux/key-ui.h
@@ -38,97 +38,16 @@ struct keyring_list {
38	struct key *keys[0];	38	struct key *keys[0];
39	};	39	};
40		40
41
42	/*	41	/*
43	* check to see whether permission is granted to use a key in the desired way	42	* check to see whether permission is granted to use a key in the desired way
44	*/	43	*/
45	static inline int key_permission(const key_ref_t key_ref, key_perm_t perm)	44	extern int key_task_permission(const key_ref_t key_ref,
46	{	45	struct task_struct *context,
47	struct key *key = key_ref_to_ptr(key_ref);	46	key_perm_t perm);
48	key_perm_t kperm;
49
50	if (is_key_possessed(key_ref))
51	kperm = key->perm >> 24;
52	else if (key->uid == current->fsuid)
53	kperm = key->perm >> 16;
54	else if (key->gid != -1 &&
55	key->perm & KEY_GRP_ALL &&
56	in_group_p(key->gid)
57	)
58	kperm = key->perm >> 8;
59	else
60	kperm = key->perm;
61
62	kperm = kperm & perm & KEY_ALL;
63
64	return kperm == perm;
65	}
66
67	/*
68	* check to see whether permission is granted to use a key in at least one of
69	* the desired ways
70	*/
71	static inline int key_any_permission(const key_ref_t key_ref, key_perm_t perm)
72	{
73	struct key *key = key_ref_to_ptr(key_ref);
74	key_perm_t kperm;
75
76	if (is_key_possessed(key_ref))
77	kperm = key->perm >> 24;
78	else if (key->uid == current->fsuid)
79	kperm = key->perm >> 16;
80	else if (key->gid != -1 &&
81	key->perm & KEY_GRP_ALL &&
82	in_group_p(key->gid)
83	)
84	kperm = key->perm >> 8;
85	else
86	kperm = key->perm;
87		47
88	kperm = kperm & perm & KEY_ALL;	48	static inline int key_permission(const key_ref_t key_ref, key_perm_t perm)
89
90	return kperm != 0;
91	}
92
93	static inline int key_task_groups_search(struct task_struct *tsk, gid_t gid)
94	{
95	int ret;
96
97	task_lock(tsk);
98	ret = groups_search(tsk->group_info, gid);
99	task_unlock(tsk);
100	return ret;
101	}
102
103	static inline int key_task_permission(const key_ref_t key_ref,
104	struct task_struct *context,
105	key_perm_t perm)
106	{	49	{
107	struct key *key = key_ref_to_ptr(key_ref);	50	return key_task_permission(key_ref, current, perm);
108	key_perm_t kperm;
109
110	if (is_key_possessed(key_ref)) {
111	kperm = key->perm >> 24;
112	}
113	else if (key->uid == context->fsuid) {
114	kperm = key->perm >> 16;
115	}
116	else if (key->gid != -1 &&
117	key->perm & KEY_GRP_ALL && (
118	key->gid == context->fsgid \|\|
119	key_task_groups_search(context, key->gid)
120	)
121	) {
122	kperm = key->perm >> 8;
123	}
124	else {
125	kperm = key->perm;
126	}
127
128	kperm = kperm & perm & KEY_ALL;
129
130	return kperm == perm;
131
132	}	51	}
133		52
134	extern key_ref_t lookup_user_key(struct task_struct *context,	53	extern key_ref_t lookup_user_key(struct task_struct *context,