keys: Replace uid/gid/perm permissions checking with an ACL

[sfrench/cifs-2.6.git] / certs / system_keyring.c

diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index c05c29ae4d5da62dd0f0e102b7dae22df722cf37..2873a4ce282813e2e218dd76eb890d9f16b06852 100644 (file)
--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c
@@ -103,9 +103,7 @@ static __init int system_trusted_keyring_init(void)
        builtin_trusted_keys =
                keyring_alloc(".builtin_trusted_keys",
                              KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
-                             ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
-                             KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH),
-                             KEY_ALLOC_NOT_IN_QUOTA,
+                             &internal_key_acl, KEY_ALLOC_NOT_IN_QUOTA,
                              NULL, NULL);
        if (IS_ERR(builtin_trusted_keys))
                panic("Can't allocate builtin trusted keyring\n");
@@ -114,10 +112,7 @@ static __init int system_trusted_keyring_init(void)
        secondary_trusted_keys =
                keyring_alloc(".secondary_trusted_keys",
                              KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
-                             ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
-                              KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH |
-                              KEY_USR_WRITE),
-                             KEY_ALLOC_NOT_IN_QUOTA,
+                             &internal_writable_keyring_acl, KEY_ALLOC_NOT_IN_QUOTA,
                              get_builtin_and_secondary_restriction(),
                              NULL);
        if (IS_ERR(secondary_trusted_keys))
@@ -167,8 +162,7 @@ static __init int load_system_certificate_list(void)
                                           NULL,
                                           p,
                                           plen,
-                                          ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
-                                          KEY_USR_VIEW | KEY_USR_READ),
+                                          &internal_key_acl,
                                           KEY_ALLOC_NOT_IN_QUOTA |
                                           KEY_ALLOC_BUILT_IN |
                                           KEY_ALLOC_BYPASS_RESTRICTION);