diff options
-rw-r--r-- | include/linux/key.h | 2 | ||||
-rw-r--r-- | security/keys/permission.c | 40 |
2 files changed, 17 insertions, 25 deletions
diff --git a/include/linux/key.h b/include/linux/key.h index b145b05..52318007 100644 --- a/include/linux/key.h +++ b/include/linux/key.h @@ -242,7 +242,7 @@ extern struct key *request_key_async_with_auxdata(struct key_type *type, extern int wait_for_key_construction(struct key *key, bool intr); -extern int key_validate(struct key *key); +extern int key_validate(const struct key *key); extern key_ref_t key_create_or_update(key_ref_t keyring, const char *type, diff --git a/security/keys/permission.c b/security/keys/permission.c index 5f4c00c..57d9636 100644 --- a/security/keys/permission.c +++ b/security/keys/permission.c @@ -91,33 +91,25 @@ EXPORT_SYMBOL(key_task_permission); * key is invalidated, -EKEYREVOKED if the key's type has been removed or if * the key has been revoked or -EKEYEXPIRED if the key has expired. */ -int key_validate(struct key *key) +int key_validate(const struct key *key) { - struct timespec now; unsigned long flags = key->flags; - int ret = 0; - - if (key) { - ret = -ENOKEY; - if (flags & (1 << KEY_FLAG_INVALIDATED)) - goto error; - - /* check it's still accessible */ - ret = -EKEYREVOKED; - if (flags & ((1 << KEY_FLAG_REVOKED) | - (1 << KEY_FLAG_DEAD))) - goto error; - - /* check it hasn't expired */ - ret = 0; - if (key->expiry) { - now = current_kernel_time(); - if (now.tv_sec >= key->expiry) - ret = -EKEYEXPIRED; - } + + if (flags & (1 << KEY_FLAG_INVALIDATED)) + return -ENOKEY; + + /* check it's still accessible */ + if (flags & ((1 << KEY_FLAG_REVOKED) | + (1 << KEY_FLAG_DEAD))) + return -EKEYREVOKED; + + /* check it hasn't expired */ + if (key->expiry) { + struct timespec now = current_kernel_time(); + if (now.tv_sec >= key->expiry) + return -EKEYEXPIRED; } -error: - return ret; + return 0; } EXPORT_SYMBOL(key_validate); |