X-Git-Url: https://git.karo-electronics.de/?a=blobdiff_plain;f=security%2Fkeys%2Fpermission.c;h=3b41f9b52537afc86326ebc62a45380d8aefaf69;hb=93d74463d018ddf05c169ad399e62e90e0f82fc0;hp=03db073ba45c526ef82979babcc4abff47ea8438;hpb=29d8699ebb1e8948a612306c69e6d9c4ef23342f;p=mv-sheeva.git

diff --git a/security/keys/permission.c b/security/keys/permission.c
index 03db073ba45..3b41f9b5253 100644
--- a/security/keys/permission.c
+++ b/security/keys/permission.c
@@ -10,6 +10,7 @@
  */
 
 #include <linux/module.h>
+#include <linux/security.h>
 #include "internal.h"
 
 /*****************************************************************************/
@@ -63,8 +64,44 @@ use_these_perms:
 
 	kperm = kperm & perm & KEY_ALL;
 
-	return kperm == perm;
+	if (kperm != perm)
+		return -EACCES;
+
+	/* let LSM be the final arbiter */
+	return security_key_permission(key_ref, context, perm);
 
 } /* end key_task_permission() */
 
 EXPORT_SYMBOL(key_task_permission);
+
+/*****************************************************************************/
+/*
+ * validate a key
+ */
+int key_validate(struct key *key)
+{
+	struct timespec now;
+	int ret = 0;
+
+	if (key) {
+		/* check it's still accessible */
+		ret = -EKEYREVOKED;
+		if (test_bit(KEY_FLAG_REVOKED, &key->flags) ||
+		    test_bit(KEY_FLAG_DEAD, &key->flags))
+			goto error;
+
+		/* check it hasn't expired */
+		ret = 0;
+		if (key->expiry) {
+			now = current_kernel_time();
+			if (now.tv_sec >= key->expiry)
+				ret = -EKEYEXPIRED;
+		}
+	}
+
+ error:
+	return ret;
+
+} /* end key_validate() */
+
+EXPORT_SYMBOL(key_validate);