KEYS: Add an alloc flag to convey the builtinness of a key

[linux-2.6-block.git] / security / keys / key.c

diff --git a/security/keys/key.c b/security/keys/key.c
index 07a87311055c5b50916c87f2117f4c70b0321cfd..b28755131687ea89de81ff5813c3fa9eb4acee74 100644 (file)
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -296,6 +296,8 @@ struct key *key_alloc(struct key_type *type, const char *desc,
                key->flags |= 1 << KEY_FLAG_IN_QUOTA;
        if (flags & KEY_ALLOC_TRUSTED)
                key->flags |= 1 << KEY_FLAG_TRUSTED;
+       if (flags & KEY_ALLOC_BUILT_IN)
+               key->flags |= 1 << KEY_FLAG_BUILTIN;
 
 #ifdef KEY_DEBUGGING
        key->magic = KEY_DEBUG_MAGIC;
@@ -430,7 +432,8 @@ static int __key_instantiate_and_link(struct key *key,
 
                        /* and link it into the destination keyring */
                        if (keyring) {
-                               set_bit(KEY_FLAG_KEEP, &key->flags);
+                               if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
+                                       set_bit(KEY_FLAG_KEEP, &key->flags);
 
                                __key_link(key, _edit);
                        }