summaryrefslogtreecommitdiff
path: root/security/keys/permission.c
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2011-01-20 16:38:33 +0000
committerLinus Torvalds <torvalds@linux-foundation.org>2011-01-21 14:59:30 -0800
commit973c9f4f49ca96a53bcf6384c4c59ccd26c33906 (patch)
treee3535a43c1e5cb5f0c06c040f58bc25c9b869fd1 /security/keys/permission.c
parenta8b17ed019bd40d3bfa20439d9c36a99f9be9180 (diff)
KEYS: Fix up comments in key management code
Fix up comments in the key management code. No functional changes. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'security/keys/permission.c')
-rw-r--r--security/keys/permission.c25
1 files changed, 15 insertions, 10 deletions
diff --git a/security/keys/permission.c b/security/keys/permission.c
index 6284b1496c29..c35b5229e3cd 100644
--- a/security/keys/permission.c
+++ b/security/keys/permission.c
@@ -1,4 +1,4 @@
-/* permission.c: key permission determination
+/* Key permission checking
*
* Copyright (C) 2005 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
@@ -15,15 +15,17 @@
/**
* key_task_permission - Check a key can be used
- * @key_ref: The key to check
- * @cred: The credentials to use
- * @perm: The permissions to check for
+ * @key_ref: The key to check.
+ * @cred: The credentials to use.
+ * @perm: The permissions to check for.
*
* Check to see whether permission is granted to use a key in the desired way,
* but permit the security modules to override.
*
- * The caller must hold either a ref on cred or must hold the RCU readlock or a
- * spinlock.
+ * The caller must hold either a ref on cred or must hold the RCU readlock.
+ *
+ * Returns 0 if successful, -EACCES if access is denied based on the
+ * permissions bits or the LSM check.
*/
int key_task_permission(const key_ref_t key_ref, const struct cred *cred,
key_perm_t perm)
@@ -79,11 +81,15 @@ use_these_perms:
/* let LSM be the final arbiter */
return security_key_permission(key_ref, cred, perm);
}
-
EXPORT_SYMBOL(key_task_permission);
-/*
- * validate a key
+/**
+ * key_validate - Validate a key.
+ * @key: The key to be validated.
+ *
+ * Check that a key is valid, returning 0 if the key is okay, -EKEYREVOKED if
+ * the key's type has been removed or if the key has been revoked or
+ * -EKEYEXPIRED if the key has expired.
*/
int key_validate(struct key *key)
{
@@ -109,5 +115,4 @@ int key_validate(struct key *key)
error:
return ret;
}
-
EXPORT_SYMBOL(key_validate);