2 files changed, 14 insertions, 3 deletions

diff --git a/include/linux/key.h b/include/linux/key.h
index 3ae45f09589b..017b0826642f 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -309,6 +309,17 @@ static inline key_serial_t key_serial(const struct key *key)
 
 extern void key_set_timeout(struct key *, unsigned);
 
+/*
+ * The permissions required on a key that we're looking up.
+ */
+#define KEY_NEED_VIEW   0x01    /* Require permission to view attributes */
+#define KEY_NEED_READ   0x02    /* Require permission to read content */
+#define KEY_NEED_WRITE  0x04    /* Require permission to update / modify */
+#define KEY_NEED_SEARCH 0x08    /* Require permission to search (keyring) or find (key) */
+#define KEY_NEED_LINK   0x10    /* Require permission to link */
+#define KEY_NEED_SETATTR 0x20   /* Require permission to change attributes */
+#define KEY_NEED_ALL    0x3f    /* All the above permissions */
+
 /**
  * key_is_instantiated - Determine if a key has been positively instantiated
  * @key: The key to check.
diff --git a/include/linux/security.h b/include/linux/security.h
index 6478ce3252c7..9c6b9722ff48 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1708,7 +1708,7 @@ struct security_operations {
         void (*key_free) (struct key *key);
         int (*key_permission) (key_ref_t key_ref,
                                const struct cred *cred,
-                               key_perm_t perm);
+                               unsigned perm);
         int (*key_getsecurity)(struct key *key, char **_buffer);
 #endif  /* CONFIG_KEYS */
 
@@ -3034,7 +3034,7 @@ static inline int security_path_chroot(struct path *path)
 int security_key_alloc(struct key *key, const struct cred *cred, unsigned long flags);
 void security_key_free(struct key *key);
 int security_key_permission(key_ref_t key_ref,
-                            const struct cred *cred, key_perm_t perm);
+                            const struct cred *cred, unsigned perm);
 int security_key_getsecurity(struct key *key, char **_buffer);
 
 #else
@@ -3052,7 +3052,7 @@ static inline void security_key_free(struct key *key)
 
 static inline int security_key_permission(key_ref_t key_ref,
                                           const struct cred *cred,
-                                          key_perm_t perm)
+                                          unsigned perm)
 {
         return 0;
 }