mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-12 13:55:32 +00:00
9b93f5069f
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQRAhzRXHqcMeLMyaSiRxhvAZXjcogUCY5by6AAKCRCRxhvAZXjc
onblAPsFzodV8/9UoCIkKxwn0aiclbiAITTWI9ZLulmKhm0I6wD/RUOLKjt12uZJ
m81UTfkWHopWKtQ+X3saZEcyYTNLugE=
=AtGb
-----END PGP SIGNATURE-----
Merge tag 'fs.idmapped.mnt_idmap.v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping
Pull idmapping updates from Christian Brauner:
"Last cycle we've already made the interaction with idmapped mounts
more robust and type safe by introducing the vfs{g,u}id_t type. This
cycle we concluded the conversion and removed the legacy helpers.
Currently we still pass around the plain namespace that was attached
to a mount. This is in general pretty convenient but it makes it easy
to conflate namespaces that are relevant on the filesystem - with
namespaces that are relevent on the mount level. Especially for
filesystem developers without detailed knowledge in this area this can
be a potential source for bugs.
Instead of passing the plain namespace we introduce a dedicated type
struct mnt_idmap and replace the pointer with a pointer to a struct
mnt_idmap. There are no semantic or size changes for the mount struct
caused by this.
We then start converting all places aware of idmapped mounts to rely
on struct mnt_idmap. Once the conversion is done all helpers down to
the really low-level make_vfs{g,u}id() and from_vfs{g,u}id() will take
a struct mnt_idmap argument instead of two namespace arguments. This
way it becomes impossible to conflate the two removing and thus
eliminating the possibility of any bugs. Fwiw, I fixed some issues in
that area a while ago in ntfs3 and ksmbd in the past. Afterwards only
low-level code can ultimately use the associated namespace for any
permission checks. Even most of the vfs can be completely obivious
about this ultimately and filesystems will never interact with it in
any form in the future.
A struct mnt_idmap currently encompasses a simple refcount and pointer
to the relevant namespace the mount is idmapped to. If a mount isn't
idmapped then it will point to a static nop_mnt_idmap and if it
doesn't that it is idmapped. As usual there are no allocations or
anything happening for non-idmapped mounts. Everthing is carefully
written to be a nop for non-idmapped mounts as has always been the
case.
If an idmapped mount is created a struct mnt_idmap is allocated and a
reference taken on the relevant namespace. Each mount that gets
idmapped or inherits the idmap simply bumps the reference count on
struct mnt_idmap. Just a reminder that we only allow a mount to change
it's idmapping a single time and only if it hasn't already been
attached to the filesystems and has no active writers.
The actual changes are fairly straightforward but this will have huge
benefits for maintenance and security in the long run even if it
causes some churn.
Note that this also makes it possible to extend struct mount_idmap in
the future. For example, it would be possible to place the namespace
pointer in an anonymous union together with an idmapping struct. This
would allow us to expose an api to userspace that would let it specify
idmappings directly instead of having to go through the detour of
setting up namespaces at all"
* tag 'fs.idmapped.mnt_idmap.v6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/idmapping:
acl: conver higher-level helpers to rely on mnt_idmap
fs: introduce dedicated idmap type for mounts
1267 lines
31 KiB
C
1267 lines
31 KiB
C
// SPDX-License-Identifier: GPL-2.0-only
|
|
/*
|
|
* Copyright (C) 2002,2003 by Andreas Gruenbacher <a.gruenbacher@computer.org>
|
|
*
|
|
* Fixes from William Schumacher incorporated on 15 March 2001.
|
|
* (Reported by Charles Bertsch, <CBertsch@microtest.com>).
|
|
*/
|
|
|
|
/*
|
|
* This file contains generic functions for manipulating
|
|
* POSIX 1003.1e draft standard 17 ACLs.
|
|
*/
|
|
|
|
#include <linux/kernel.h>
|
|
#include <linux/slab.h>
|
|
#include <linux/atomic.h>
|
|
#include <linux/fs.h>
|
|
#include <linux/sched.h>
|
|
#include <linux/cred.h>
|
|
#include <linux/posix_acl.h>
|
|
#include <linux/posix_acl_xattr.h>
|
|
#include <linux/xattr.h>
|
|
#include <linux/export.h>
|
|
#include <linux/user_namespace.h>
|
|
#include <linux/namei.h>
|
|
#include <linux/mnt_idmapping.h>
|
|
#include <linux/iversion.h>
|
|
#include <linux/security.h>
|
|
#include <linux/evm.h>
|
|
#include <linux/fsnotify.h>
|
|
|
|
#include "internal.h"
|
|
|
|
static struct posix_acl **acl_by_type(struct inode *inode, int type)
|
|
{
|
|
switch (type) {
|
|
case ACL_TYPE_ACCESS:
|
|
return &inode->i_acl;
|
|
case ACL_TYPE_DEFAULT:
|
|
return &inode->i_default_acl;
|
|
default:
|
|
BUG();
|
|
}
|
|
}
|
|
|
|
struct posix_acl *get_cached_acl(struct inode *inode, int type)
|
|
{
|
|
struct posix_acl **p = acl_by_type(inode, type);
|
|
struct posix_acl *acl;
|
|
|
|
for (;;) {
|
|
rcu_read_lock();
|
|
acl = rcu_dereference(*p);
|
|
if (!acl || is_uncached_acl(acl) ||
|
|
refcount_inc_not_zero(&acl->a_refcount))
|
|
break;
|
|
rcu_read_unlock();
|
|
cpu_relax();
|
|
}
|
|
rcu_read_unlock();
|
|
return acl;
|
|
}
|
|
EXPORT_SYMBOL(get_cached_acl);
|
|
|
|
struct posix_acl *get_cached_acl_rcu(struct inode *inode, int type)
|
|
{
|
|
struct posix_acl *acl = rcu_dereference(*acl_by_type(inode, type));
|
|
|
|
if (acl == ACL_DONT_CACHE) {
|
|
struct posix_acl *ret;
|
|
|
|
ret = inode->i_op->get_inode_acl(inode, type, LOOKUP_RCU);
|
|
if (!IS_ERR(ret))
|
|
acl = ret;
|
|
}
|
|
|
|
return acl;
|
|
}
|
|
EXPORT_SYMBOL(get_cached_acl_rcu);
|
|
|
|
void set_cached_acl(struct inode *inode, int type, struct posix_acl *acl)
|
|
{
|
|
struct posix_acl **p = acl_by_type(inode, type);
|
|
struct posix_acl *old;
|
|
|
|
old = xchg(p, posix_acl_dup(acl));
|
|
if (!is_uncached_acl(old))
|
|
posix_acl_release(old);
|
|
}
|
|
EXPORT_SYMBOL(set_cached_acl);
|
|
|
|
static void __forget_cached_acl(struct posix_acl **p)
|
|
{
|
|
struct posix_acl *old;
|
|
|
|
old = xchg(p, ACL_NOT_CACHED);
|
|
if (!is_uncached_acl(old))
|
|
posix_acl_release(old);
|
|
}
|
|
|
|
void forget_cached_acl(struct inode *inode, int type)
|
|
{
|
|
__forget_cached_acl(acl_by_type(inode, type));
|
|
}
|
|
EXPORT_SYMBOL(forget_cached_acl);
|
|
|
|
void forget_all_cached_acls(struct inode *inode)
|
|
{
|
|
__forget_cached_acl(&inode->i_acl);
|
|
__forget_cached_acl(&inode->i_default_acl);
|
|
}
|
|
EXPORT_SYMBOL(forget_all_cached_acls);
|
|
|
|
static struct posix_acl *__get_acl(struct user_namespace *mnt_userns,
|
|
struct dentry *dentry, struct inode *inode,
|
|
int type)
|
|
{
|
|
struct posix_acl *sentinel;
|
|
struct posix_acl **p;
|
|
struct posix_acl *acl;
|
|
|
|
/*
|
|
* The sentinel is used to detect when another operation like
|
|
* set_cached_acl() or forget_cached_acl() races with get_inode_acl().
|
|
* It is guaranteed that is_uncached_acl(sentinel) is true.
|
|
*/
|
|
|
|
acl = get_cached_acl(inode, type);
|
|
if (!is_uncached_acl(acl))
|
|
return acl;
|
|
|
|
if (!IS_POSIXACL(inode))
|
|
return NULL;
|
|
|
|
sentinel = uncached_acl_sentinel(current);
|
|
p = acl_by_type(inode, type);
|
|
|
|
/*
|
|
* If the ACL isn't being read yet, set our sentinel. Otherwise, the
|
|
* current value of the ACL will not be ACL_NOT_CACHED and so our own
|
|
* sentinel will not be set; another task will update the cache. We
|
|
* could wait for that other task to complete its job, but it's easier
|
|
* to just call ->get_inode_acl to fetch the ACL ourself. (This is
|
|
* going to be an unlikely race.)
|
|
*/
|
|
cmpxchg(p, ACL_NOT_CACHED, sentinel);
|
|
|
|
/*
|
|
* Normally, the ACL returned by ->get{_inode}_acl will be cached.
|
|
* A filesystem can prevent that by calling
|
|
* forget_cached_acl(inode, type) in ->get{_inode}_acl.
|
|
*
|
|
* If the filesystem doesn't have a get{_inode}_ acl() function at all,
|
|
* we'll just create the negative cache entry.
|
|
*/
|
|
if (dentry && inode->i_op->get_acl) {
|
|
acl = inode->i_op->get_acl(mnt_userns, dentry, type);
|
|
} else if (inode->i_op->get_inode_acl) {
|
|
acl = inode->i_op->get_inode_acl(inode, type, false);
|
|
} else {
|
|
set_cached_acl(inode, type, NULL);
|
|
return NULL;
|
|
}
|
|
if (IS_ERR(acl)) {
|
|
/*
|
|
* Remove our sentinel so that we don't block future attempts
|
|
* to cache the ACL.
|
|
*/
|
|
cmpxchg(p, sentinel, ACL_NOT_CACHED);
|
|
return acl;
|
|
}
|
|
|
|
/*
|
|
* Cache the result, but only if our sentinel is still in place.
|
|
*/
|
|
posix_acl_dup(acl);
|
|
if (unlikely(cmpxchg(p, sentinel, acl) != sentinel))
|
|
posix_acl_release(acl);
|
|
return acl;
|
|
}
|
|
|
|
struct posix_acl *get_inode_acl(struct inode *inode, int type)
|
|
{
|
|
return __get_acl(&init_user_ns, NULL, inode, type);
|
|
}
|
|
EXPORT_SYMBOL(get_inode_acl);
|
|
|
|
/*
|
|
* Init a fresh posix_acl
|
|
*/
|
|
void
|
|
posix_acl_init(struct posix_acl *acl, int count)
|
|
{
|
|
refcount_set(&acl->a_refcount, 1);
|
|
acl->a_count = count;
|
|
}
|
|
EXPORT_SYMBOL(posix_acl_init);
|
|
|
|
/*
|
|
* Allocate a new ACL with the specified number of entries.
|
|
*/
|
|
struct posix_acl *
|
|
posix_acl_alloc(int count, gfp_t flags)
|
|
{
|
|
const size_t size = sizeof(struct posix_acl) +
|
|
count * sizeof(struct posix_acl_entry);
|
|
struct posix_acl *acl = kmalloc(size, flags);
|
|
if (acl)
|
|
posix_acl_init(acl, count);
|
|
return acl;
|
|
}
|
|
EXPORT_SYMBOL(posix_acl_alloc);
|
|
|
|
/*
|
|
* Clone an ACL.
|
|
*/
|
|
struct posix_acl *
|
|
posix_acl_clone(const struct posix_acl *acl, gfp_t flags)
|
|
{
|
|
struct posix_acl *clone = NULL;
|
|
|
|
if (acl) {
|
|
int size = sizeof(struct posix_acl) + acl->a_count *
|
|
sizeof(struct posix_acl_entry);
|
|
clone = kmemdup(acl, size, flags);
|
|
if (clone)
|
|
refcount_set(&clone->a_refcount, 1);
|
|
}
|
|
return clone;
|
|
}
|
|
EXPORT_SYMBOL_GPL(posix_acl_clone);
|
|
|
|
/*
|
|
* Check if an acl is valid. Returns 0 if it is, or -E... otherwise.
|
|
*/
|
|
int
|
|
posix_acl_valid(struct user_namespace *user_ns, const struct posix_acl *acl)
|
|
{
|
|
const struct posix_acl_entry *pa, *pe;
|
|
int state = ACL_USER_OBJ;
|
|
int needs_mask = 0;
|
|
|
|
FOREACH_ACL_ENTRY(pa, acl, pe) {
|
|
if (pa->e_perm & ~(ACL_READ|ACL_WRITE|ACL_EXECUTE))
|
|
return -EINVAL;
|
|
switch (pa->e_tag) {
|
|
case ACL_USER_OBJ:
|
|
if (state == ACL_USER_OBJ) {
|
|
state = ACL_USER;
|
|
break;
|
|
}
|
|
return -EINVAL;
|
|
|
|
case ACL_USER:
|
|
if (state != ACL_USER)
|
|
return -EINVAL;
|
|
if (!kuid_has_mapping(user_ns, pa->e_uid))
|
|
return -EINVAL;
|
|
needs_mask = 1;
|
|
break;
|
|
|
|
case ACL_GROUP_OBJ:
|
|
if (state == ACL_USER) {
|
|
state = ACL_GROUP;
|
|
break;
|
|
}
|
|
return -EINVAL;
|
|
|
|
case ACL_GROUP:
|
|
if (state != ACL_GROUP)
|
|
return -EINVAL;
|
|
if (!kgid_has_mapping(user_ns, pa->e_gid))
|
|
return -EINVAL;
|
|
needs_mask = 1;
|
|
break;
|
|
|
|
case ACL_MASK:
|
|
if (state != ACL_GROUP)
|
|
return -EINVAL;
|
|
state = ACL_OTHER;
|
|
break;
|
|
|
|
case ACL_OTHER:
|
|
if (state == ACL_OTHER ||
|
|
(state == ACL_GROUP && !needs_mask)) {
|
|
state = 0;
|
|
break;
|
|
}
|
|
return -EINVAL;
|
|
|
|
default:
|
|
return -EINVAL;
|
|
}
|
|
}
|
|
if (state == 0)
|
|
return 0;
|
|
return -EINVAL;
|
|
}
|
|
EXPORT_SYMBOL(posix_acl_valid);
|
|
|
|
/*
|
|
* Returns 0 if the acl can be exactly represented in the traditional
|
|
* file mode permission bits, or else 1. Returns -E... on error.
|
|
*/
|
|
int
|
|
posix_acl_equiv_mode(const struct posix_acl *acl, umode_t *mode_p)
|
|
{
|
|
const struct posix_acl_entry *pa, *pe;
|
|
umode_t mode = 0;
|
|
int not_equiv = 0;
|
|
|
|
/*
|
|
* A null ACL can always be presented as mode bits.
|
|
*/
|
|
if (!acl)
|
|
return 0;
|
|
|
|
FOREACH_ACL_ENTRY(pa, acl, pe) {
|
|
switch (pa->e_tag) {
|
|
case ACL_USER_OBJ:
|
|
mode |= (pa->e_perm & S_IRWXO) << 6;
|
|
break;
|
|
case ACL_GROUP_OBJ:
|
|
mode |= (pa->e_perm & S_IRWXO) << 3;
|
|
break;
|
|
case ACL_OTHER:
|
|
mode |= pa->e_perm & S_IRWXO;
|
|
break;
|
|
case ACL_MASK:
|
|
mode = (mode & ~S_IRWXG) |
|
|
((pa->e_perm & S_IRWXO) << 3);
|
|
not_equiv = 1;
|
|
break;
|
|
case ACL_USER:
|
|
case ACL_GROUP:
|
|
not_equiv = 1;
|
|
break;
|
|
default:
|
|
return -EINVAL;
|
|
}
|
|
}
|
|
if (mode_p)
|
|
*mode_p = (*mode_p & ~S_IRWXUGO) | mode;
|
|
return not_equiv;
|
|
}
|
|
EXPORT_SYMBOL(posix_acl_equiv_mode);
|
|
|
|
/*
|
|
* Create an ACL representing the file mode permission bits of an inode.
|
|
*/
|
|
struct posix_acl *
|
|
posix_acl_from_mode(umode_t mode, gfp_t flags)
|
|
{
|
|
struct posix_acl *acl = posix_acl_alloc(3, flags);
|
|
if (!acl)
|
|
return ERR_PTR(-ENOMEM);
|
|
|
|
acl->a_entries[0].e_tag = ACL_USER_OBJ;
|
|
acl->a_entries[0].e_perm = (mode & S_IRWXU) >> 6;
|
|
|
|
acl->a_entries[1].e_tag = ACL_GROUP_OBJ;
|
|
acl->a_entries[1].e_perm = (mode & S_IRWXG) >> 3;
|
|
|
|
acl->a_entries[2].e_tag = ACL_OTHER;
|
|
acl->a_entries[2].e_perm = (mode & S_IRWXO);
|
|
return acl;
|
|
}
|
|
EXPORT_SYMBOL(posix_acl_from_mode);
|
|
|
|
/*
|
|
* Return 0 if current is granted want access to the inode
|
|
* by the acl. Returns -E... otherwise.
|
|
*/
|
|
int
|
|
posix_acl_permission(struct user_namespace *mnt_userns, struct inode *inode,
|
|
const struct posix_acl *acl, int want)
|
|
{
|
|
const struct posix_acl_entry *pa, *pe, *mask_obj;
|
|
struct user_namespace *fs_userns = i_user_ns(inode);
|
|
int found = 0;
|
|
vfsuid_t vfsuid;
|
|
vfsgid_t vfsgid;
|
|
|
|
want &= MAY_READ | MAY_WRITE | MAY_EXEC;
|
|
|
|
FOREACH_ACL_ENTRY(pa, acl, pe) {
|
|
switch(pa->e_tag) {
|
|
case ACL_USER_OBJ:
|
|
/* (May have been checked already) */
|
|
vfsuid = i_uid_into_vfsuid(mnt_userns, inode);
|
|
if (vfsuid_eq_kuid(vfsuid, current_fsuid()))
|
|
goto check_perm;
|
|
break;
|
|
case ACL_USER:
|
|
vfsuid = make_vfsuid(mnt_userns, fs_userns,
|
|
pa->e_uid);
|
|
if (vfsuid_eq_kuid(vfsuid, current_fsuid()))
|
|
goto mask;
|
|
break;
|
|
case ACL_GROUP_OBJ:
|
|
vfsgid = i_gid_into_vfsgid(mnt_userns, inode);
|
|
if (vfsgid_in_group_p(vfsgid)) {
|
|
found = 1;
|
|
if ((pa->e_perm & want) == want)
|
|
goto mask;
|
|
}
|
|
break;
|
|
case ACL_GROUP:
|
|
vfsgid = make_vfsgid(mnt_userns, fs_userns,
|
|
pa->e_gid);
|
|
if (vfsgid_in_group_p(vfsgid)) {
|
|
found = 1;
|
|
if ((pa->e_perm & want) == want)
|
|
goto mask;
|
|
}
|
|
break;
|
|
case ACL_MASK:
|
|
break;
|
|
case ACL_OTHER:
|
|
if (found)
|
|
return -EACCES;
|
|
else
|
|
goto check_perm;
|
|
default:
|
|
return -EIO;
|
|
}
|
|
}
|
|
return -EIO;
|
|
|
|
mask:
|
|
for (mask_obj = pa+1; mask_obj != pe; mask_obj++) {
|
|
if (mask_obj->e_tag == ACL_MASK) {
|
|
if ((pa->e_perm & mask_obj->e_perm & want) == want)
|
|
return 0;
|
|
return -EACCES;
|
|
}
|
|
}
|
|
|
|
check_perm:
|
|
if ((pa->e_perm & want) == want)
|
|
return 0;
|
|
return -EACCES;
|
|
}
|
|
|
|
/*
|
|
* Modify acl when creating a new inode. The caller must ensure the acl is
|
|
* only referenced once.
|
|
*
|
|
* mode_p initially must contain the mode parameter to the open() / creat()
|
|
* system calls. All permissions that are not granted by the acl are removed.
|
|
* The permissions in the acl are changed to reflect the mode_p parameter.
|
|
*/
|
|
static int posix_acl_create_masq(struct posix_acl *acl, umode_t *mode_p)
|
|
{
|
|
struct posix_acl_entry *pa, *pe;
|
|
struct posix_acl_entry *group_obj = NULL, *mask_obj = NULL;
|
|
umode_t mode = *mode_p;
|
|
int not_equiv = 0;
|
|
|
|
/* assert(atomic_read(acl->a_refcount) == 1); */
|
|
|
|
FOREACH_ACL_ENTRY(pa, acl, pe) {
|
|
switch(pa->e_tag) {
|
|
case ACL_USER_OBJ:
|
|
pa->e_perm &= (mode >> 6) | ~S_IRWXO;
|
|
mode &= (pa->e_perm << 6) | ~S_IRWXU;
|
|
break;
|
|
|
|
case ACL_USER:
|
|
case ACL_GROUP:
|
|
not_equiv = 1;
|
|
break;
|
|
|
|
case ACL_GROUP_OBJ:
|
|
group_obj = pa;
|
|
break;
|
|
|
|
case ACL_OTHER:
|
|
pa->e_perm &= mode | ~S_IRWXO;
|
|
mode &= pa->e_perm | ~S_IRWXO;
|
|
break;
|
|
|
|
case ACL_MASK:
|
|
mask_obj = pa;
|
|
not_equiv = 1;
|
|
break;
|
|
|
|
default:
|
|
return -EIO;
|
|
}
|
|
}
|
|
|
|
if (mask_obj) {
|
|
mask_obj->e_perm &= (mode >> 3) | ~S_IRWXO;
|
|
mode &= (mask_obj->e_perm << 3) | ~S_IRWXG;
|
|
} else {
|
|
if (!group_obj)
|
|
return -EIO;
|
|
group_obj->e_perm &= (mode >> 3) | ~S_IRWXO;
|
|
mode &= (group_obj->e_perm << 3) | ~S_IRWXG;
|
|
}
|
|
|
|
*mode_p = (*mode_p & ~S_IRWXUGO) | mode;
|
|
return not_equiv;
|
|
}
|
|
|
|
/*
|
|
* Modify the ACL for the chmod syscall.
|
|
*/
|
|
static int __posix_acl_chmod_masq(struct posix_acl *acl, umode_t mode)
|
|
{
|
|
struct posix_acl_entry *group_obj = NULL, *mask_obj = NULL;
|
|
struct posix_acl_entry *pa, *pe;
|
|
|
|
/* assert(atomic_read(acl->a_refcount) == 1); */
|
|
|
|
FOREACH_ACL_ENTRY(pa, acl, pe) {
|
|
switch(pa->e_tag) {
|
|
case ACL_USER_OBJ:
|
|
pa->e_perm = (mode & S_IRWXU) >> 6;
|
|
break;
|
|
|
|
case ACL_USER:
|
|
case ACL_GROUP:
|
|
break;
|
|
|
|
case ACL_GROUP_OBJ:
|
|
group_obj = pa;
|
|
break;
|
|
|
|
case ACL_MASK:
|
|
mask_obj = pa;
|
|
break;
|
|
|
|
case ACL_OTHER:
|
|
pa->e_perm = (mode & S_IRWXO);
|
|
break;
|
|
|
|
default:
|
|
return -EIO;
|
|
}
|
|
}
|
|
|
|
if (mask_obj) {
|
|
mask_obj->e_perm = (mode & S_IRWXG) >> 3;
|
|
} else {
|
|
if (!group_obj)
|
|
return -EIO;
|
|
group_obj->e_perm = (mode & S_IRWXG) >> 3;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
int
|
|
__posix_acl_create(struct posix_acl **acl, gfp_t gfp, umode_t *mode_p)
|
|
{
|
|
struct posix_acl *clone = posix_acl_clone(*acl, gfp);
|
|
int err = -ENOMEM;
|
|
if (clone) {
|
|
err = posix_acl_create_masq(clone, mode_p);
|
|
if (err < 0) {
|
|
posix_acl_release(clone);
|
|
clone = NULL;
|
|
}
|
|
}
|
|
posix_acl_release(*acl);
|
|
*acl = clone;
|
|
return err;
|
|
}
|
|
EXPORT_SYMBOL(__posix_acl_create);
|
|
|
|
int
|
|
__posix_acl_chmod(struct posix_acl **acl, gfp_t gfp, umode_t mode)
|
|
{
|
|
struct posix_acl *clone = posix_acl_clone(*acl, gfp);
|
|
int err = -ENOMEM;
|
|
if (clone) {
|
|
err = __posix_acl_chmod_masq(clone, mode);
|
|
if (err) {
|
|
posix_acl_release(clone);
|
|
clone = NULL;
|
|
}
|
|
}
|
|
posix_acl_release(*acl);
|
|
*acl = clone;
|
|
return err;
|
|
}
|
|
EXPORT_SYMBOL(__posix_acl_chmod);
|
|
|
|
/**
|
|
* posix_acl_chmod - chmod a posix acl
|
|
*
|
|
* @mnt_userns: user namespace of the mount @inode was found from
|
|
* @dentry: dentry to check permissions on
|
|
* @mode: the new mode of @inode
|
|
*
|
|
* If the dentry has been found through an idmapped mount the user namespace of
|
|
* the vfsmount must be passed through @mnt_userns. This function will then
|
|
* take care to map the inode according to @mnt_userns before checking
|
|
* permissions. On non-idmapped mounts or if permission checking is to be
|
|
* performed on the raw inode simply passs init_user_ns.
|
|
*/
|
|
int
|
|
posix_acl_chmod(struct user_namespace *mnt_userns, struct dentry *dentry,
|
|
umode_t mode)
|
|
{
|
|
struct inode *inode = d_inode(dentry);
|
|
struct posix_acl *acl;
|
|
int ret = 0;
|
|
|
|
if (!IS_POSIXACL(inode))
|
|
return 0;
|
|
if (!inode->i_op->set_acl)
|
|
return -EOPNOTSUPP;
|
|
|
|
acl = get_inode_acl(inode, ACL_TYPE_ACCESS);
|
|
if (IS_ERR_OR_NULL(acl)) {
|
|
if (acl == ERR_PTR(-EOPNOTSUPP))
|
|
return 0;
|
|
return PTR_ERR(acl);
|
|
}
|
|
|
|
ret = __posix_acl_chmod(&acl, GFP_KERNEL, mode);
|
|
if (ret)
|
|
return ret;
|
|
ret = inode->i_op->set_acl(mnt_userns, dentry, acl, ACL_TYPE_ACCESS);
|
|
posix_acl_release(acl);
|
|
return ret;
|
|
}
|
|
EXPORT_SYMBOL(posix_acl_chmod);
|
|
|
|
int
|
|
posix_acl_create(struct inode *dir, umode_t *mode,
|
|
struct posix_acl **default_acl, struct posix_acl **acl)
|
|
{
|
|
struct posix_acl *p;
|
|
struct posix_acl *clone;
|
|
int ret;
|
|
|
|
*acl = NULL;
|
|
*default_acl = NULL;
|
|
|
|
if (S_ISLNK(*mode) || !IS_POSIXACL(dir))
|
|
return 0;
|
|
|
|
p = get_inode_acl(dir, ACL_TYPE_DEFAULT);
|
|
if (!p || p == ERR_PTR(-EOPNOTSUPP)) {
|
|
*mode &= ~current_umask();
|
|
return 0;
|
|
}
|
|
if (IS_ERR(p))
|
|
return PTR_ERR(p);
|
|
|
|
ret = -ENOMEM;
|
|
clone = posix_acl_clone(p, GFP_NOFS);
|
|
if (!clone)
|
|
goto err_release;
|
|
|
|
ret = posix_acl_create_masq(clone, mode);
|
|
if (ret < 0)
|
|
goto err_release_clone;
|
|
|
|
if (ret == 0)
|
|
posix_acl_release(clone);
|
|
else
|
|
*acl = clone;
|
|
|
|
if (!S_ISDIR(*mode))
|
|
posix_acl_release(p);
|
|
else
|
|
*default_acl = p;
|
|
|
|
return 0;
|
|
|
|
err_release_clone:
|
|
posix_acl_release(clone);
|
|
err_release:
|
|
posix_acl_release(p);
|
|
return ret;
|
|
}
|
|
EXPORT_SYMBOL_GPL(posix_acl_create);
|
|
|
|
/**
|
|
* posix_acl_update_mode - update mode in set_acl
|
|
* @mnt_userns: user namespace of the mount @inode was found from
|
|
* @inode: target inode
|
|
* @mode_p: mode (pointer) for update
|
|
* @acl: acl pointer
|
|
*
|
|
* Update the file mode when setting an ACL: compute the new file permission
|
|
* bits based on the ACL. In addition, if the ACL is equivalent to the new
|
|
* file mode, set *@acl to NULL to indicate that no ACL should be set.
|
|
*
|
|
* As with chmod, clear the setgid bit if the caller is not in the owning group
|
|
* or capable of CAP_FSETID (see inode_change_ok).
|
|
*
|
|
* If the inode has been found through an idmapped mount the user namespace of
|
|
* the vfsmount must be passed through @mnt_userns. This function will then
|
|
* take care to map the inode according to @mnt_userns before checking
|
|
* permissions. On non-idmapped mounts or if permission checking is to be
|
|
* performed on the raw inode simply passs init_user_ns.
|
|
*
|
|
* Called from set_acl inode operations.
|
|
*/
|
|
int posix_acl_update_mode(struct user_namespace *mnt_userns,
|
|
struct inode *inode, umode_t *mode_p,
|
|
struct posix_acl **acl)
|
|
{
|
|
umode_t mode = inode->i_mode;
|
|
int error;
|
|
|
|
error = posix_acl_equiv_mode(*acl, &mode);
|
|
if (error < 0)
|
|
return error;
|
|
if (error == 0)
|
|
*acl = NULL;
|
|
if (!vfsgid_in_group_p(i_gid_into_vfsgid(mnt_userns, inode)) &&
|
|
!capable_wrt_inode_uidgid(mnt_userns, inode, CAP_FSETID))
|
|
mode &= ~S_ISGID;
|
|
*mode_p = mode;
|
|
return 0;
|
|
}
|
|
EXPORT_SYMBOL(posix_acl_update_mode);
|
|
|
|
/*
|
|
* Fix up the uids and gids in posix acl extended attributes in place.
|
|
*/
|
|
static int posix_acl_fix_xattr_common(const void *value, size_t size)
|
|
{
|
|
const struct posix_acl_xattr_header *header = value;
|
|
int count;
|
|
|
|
if (!header)
|
|
return -EINVAL;
|
|
if (size < sizeof(struct posix_acl_xattr_header))
|
|
return -EINVAL;
|
|
if (header->a_version != cpu_to_le32(POSIX_ACL_XATTR_VERSION))
|
|
return -EOPNOTSUPP;
|
|
|
|
count = posix_acl_xattr_count(size);
|
|
if (count < 0)
|
|
return -EINVAL;
|
|
if (count == 0)
|
|
return 0;
|
|
|
|
return count;
|
|
}
|
|
|
|
/**
|
|
* posix_acl_from_xattr - convert POSIX ACLs from backing store to VFS format
|
|
* @userns: the filesystem's idmapping
|
|
* @value: the uapi representation of POSIX ACLs
|
|
* @size: the size of @void
|
|
*
|
|
* Filesystems that store POSIX ACLs in the unaltered uapi format should use
|
|
* posix_acl_from_xattr() when reading them from the backing store and
|
|
* converting them into the struct posix_acl VFS format. The helper is
|
|
* specifically intended to be called from the acl inode operation.
|
|
*
|
|
* The posix_acl_from_xattr() function will map the raw {g,u}id values stored
|
|
* in ACL_{GROUP,USER} entries into idmapping in @userns.
|
|
*
|
|
* Note that posix_acl_from_xattr() does not take idmapped mounts into account.
|
|
* If it did it calling it from the get acl inode operation would return POSIX
|
|
* ACLs mapped according to an idmapped mount which would mean that the value
|
|
* couldn't be cached for the filesystem. Idmapped mounts are taken into
|
|
* account on the fly during permission checking or right at the VFS -
|
|
* userspace boundary before reporting them to the user.
|
|
*
|
|
* Return: Allocated struct posix_acl on success, NULL for a valid header but
|
|
* without actual POSIX ACL entries, or ERR_PTR() encoded error code.
|
|
*/
|
|
struct posix_acl *posix_acl_from_xattr(struct user_namespace *userns,
|
|
const void *value, size_t size)
|
|
{
|
|
const struct posix_acl_xattr_header *header = value;
|
|
const struct posix_acl_xattr_entry *entry = (const void *)(header + 1), *end;
|
|
int count;
|
|
struct posix_acl *acl;
|
|
struct posix_acl_entry *acl_e;
|
|
|
|
count = posix_acl_fix_xattr_common(value, size);
|
|
if (count < 0)
|
|
return ERR_PTR(count);
|
|
if (count == 0)
|
|
return NULL;
|
|
|
|
acl = posix_acl_alloc(count, GFP_NOFS);
|
|
if (!acl)
|
|
return ERR_PTR(-ENOMEM);
|
|
acl_e = acl->a_entries;
|
|
|
|
for (end = entry + count; entry != end; acl_e++, entry++) {
|
|
acl_e->e_tag = le16_to_cpu(entry->e_tag);
|
|
acl_e->e_perm = le16_to_cpu(entry->e_perm);
|
|
|
|
switch(acl_e->e_tag) {
|
|
case ACL_USER_OBJ:
|
|
case ACL_GROUP_OBJ:
|
|
case ACL_MASK:
|
|
case ACL_OTHER:
|
|
break;
|
|
|
|
case ACL_USER:
|
|
acl_e->e_uid = make_kuid(userns,
|
|
le32_to_cpu(entry->e_id));
|
|
if (!uid_valid(acl_e->e_uid))
|
|
goto fail;
|
|
break;
|
|
case ACL_GROUP:
|
|
acl_e->e_gid = make_kgid(userns,
|
|
le32_to_cpu(entry->e_id));
|
|
if (!gid_valid(acl_e->e_gid))
|
|
goto fail;
|
|
break;
|
|
|
|
default:
|
|
goto fail;
|
|
}
|
|
}
|
|
return acl;
|
|
|
|
fail:
|
|
posix_acl_release(acl);
|
|
return ERR_PTR(-EINVAL);
|
|
}
|
|
EXPORT_SYMBOL (posix_acl_from_xattr);
|
|
|
|
/*
|
|
* Convert from in-memory to extended attribute representation.
|
|
*/
|
|
int
|
|
posix_acl_to_xattr(struct user_namespace *user_ns, const struct posix_acl *acl,
|
|
void *buffer, size_t size)
|
|
{
|
|
struct posix_acl_xattr_header *ext_acl = buffer;
|
|
struct posix_acl_xattr_entry *ext_entry;
|
|
int real_size, n;
|
|
|
|
real_size = posix_acl_xattr_size(acl->a_count);
|
|
if (!buffer)
|
|
return real_size;
|
|
if (real_size > size)
|
|
return -ERANGE;
|
|
|
|
ext_entry = (void *)(ext_acl + 1);
|
|
ext_acl->a_version = cpu_to_le32(POSIX_ACL_XATTR_VERSION);
|
|
|
|
for (n=0; n < acl->a_count; n++, ext_entry++) {
|
|
const struct posix_acl_entry *acl_e = &acl->a_entries[n];
|
|
ext_entry->e_tag = cpu_to_le16(acl_e->e_tag);
|
|
ext_entry->e_perm = cpu_to_le16(acl_e->e_perm);
|
|
switch(acl_e->e_tag) {
|
|
case ACL_USER:
|
|
ext_entry->e_id =
|
|
cpu_to_le32(from_kuid(user_ns, acl_e->e_uid));
|
|
break;
|
|
case ACL_GROUP:
|
|
ext_entry->e_id =
|
|
cpu_to_le32(from_kgid(user_ns, acl_e->e_gid));
|
|
break;
|
|
default:
|
|
ext_entry->e_id = cpu_to_le32(ACL_UNDEFINED_ID);
|
|
break;
|
|
}
|
|
}
|
|
return real_size;
|
|
}
|
|
EXPORT_SYMBOL (posix_acl_to_xattr);
|
|
|
|
/**
|
|
* vfs_posix_acl_to_xattr - convert from kernel to userspace representation
|
|
* @idmap: idmap of the mount
|
|
* @inode: inode the posix acls are set on
|
|
* @acl: the posix acls as represented by the vfs
|
|
* @buffer: the buffer into which to convert @acl
|
|
* @size: size of @buffer
|
|
*
|
|
* This converts @acl from the VFS representation in the filesystem idmapping
|
|
* to the uapi form reportable to userspace. And mount and caller idmappings
|
|
* are handled appropriately.
|
|
*
|
|
* Return: On success, the size of the stored uapi posix acls, on error a
|
|
* negative errno.
|
|
*/
|
|
static ssize_t vfs_posix_acl_to_xattr(struct mnt_idmap *idmap,
|
|
struct inode *inode,
|
|
const struct posix_acl *acl, void *buffer,
|
|
size_t size)
|
|
|
|
{
|
|
struct posix_acl_xattr_header *ext_acl = buffer;
|
|
struct posix_acl_xattr_entry *ext_entry;
|
|
struct user_namespace *fs_userns, *caller_userns;
|
|
struct user_namespace *mnt_userns;
|
|
ssize_t real_size, n;
|
|
vfsuid_t vfsuid;
|
|
vfsgid_t vfsgid;
|
|
|
|
real_size = posix_acl_xattr_size(acl->a_count);
|
|
if (!buffer)
|
|
return real_size;
|
|
if (real_size > size)
|
|
return -ERANGE;
|
|
|
|
ext_entry = (void *)(ext_acl + 1);
|
|
ext_acl->a_version = cpu_to_le32(POSIX_ACL_XATTR_VERSION);
|
|
|
|
fs_userns = i_user_ns(inode);
|
|
caller_userns = current_user_ns();
|
|
mnt_userns = mnt_idmap_owner(idmap);
|
|
for (n=0; n < acl->a_count; n++, ext_entry++) {
|
|
const struct posix_acl_entry *acl_e = &acl->a_entries[n];
|
|
ext_entry->e_tag = cpu_to_le16(acl_e->e_tag);
|
|
ext_entry->e_perm = cpu_to_le16(acl_e->e_perm);
|
|
switch(acl_e->e_tag) {
|
|
case ACL_USER:
|
|
vfsuid = make_vfsuid(mnt_userns, fs_userns, acl_e->e_uid);
|
|
ext_entry->e_id = cpu_to_le32(from_kuid(
|
|
caller_userns, vfsuid_into_kuid(vfsuid)));
|
|
break;
|
|
case ACL_GROUP:
|
|
vfsgid = make_vfsgid(mnt_userns, fs_userns, acl_e->e_gid);
|
|
ext_entry->e_id = cpu_to_le32(from_kgid(
|
|
caller_userns, vfsgid_into_kgid(vfsgid)));
|
|
break;
|
|
default:
|
|
ext_entry->e_id = cpu_to_le32(ACL_UNDEFINED_ID);
|
|
break;
|
|
}
|
|
}
|
|
return real_size;
|
|
}
|
|
|
|
int
|
|
set_posix_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
|
|
int type, struct posix_acl *acl)
|
|
{
|
|
struct inode *inode = d_inode(dentry);
|
|
|
|
if (!IS_POSIXACL(inode))
|
|
return -EOPNOTSUPP;
|
|
if (!inode->i_op->set_acl)
|
|
return -EOPNOTSUPP;
|
|
|
|
if (type == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode))
|
|
return acl ? -EACCES : 0;
|
|
if (!inode_owner_or_capable(mnt_userns, inode))
|
|
return -EPERM;
|
|
|
|
if (acl) {
|
|
int ret = posix_acl_valid(inode->i_sb->s_user_ns, acl);
|
|
if (ret)
|
|
return ret;
|
|
}
|
|
return inode->i_op->set_acl(mnt_userns, dentry, acl, type);
|
|
}
|
|
EXPORT_SYMBOL(set_posix_acl);
|
|
|
|
static bool
|
|
posix_acl_xattr_list(struct dentry *dentry)
|
|
{
|
|
return IS_POSIXACL(d_backing_inode(dentry));
|
|
}
|
|
|
|
const struct xattr_handler posix_acl_access_xattr_handler = {
|
|
.name = XATTR_NAME_POSIX_ACL_ACCESS,
|
|
.flags = ACL_TYPE_ACCESS,
|
|
.list = posix_acl_xattr_list,
|
|
};
|
|
EXPORT_SYMBOL_GPL(posix_acl_access_xattr_handler);
|
|
|
|
const struct xattr_handler posix_acl_default_xattr_handler = {
|
|
.name = XATTR_NAME_POSIX_ACL_DEFAULT,
|
|
.flags = ACL_TYPE_DEFAULT,
|
|
.list = posix_acl_xattr_list,
|
|
};
|
|
EXPORT_SYMBOL_GPL(posix_acl_default_xattr_handler);
|
|
|
|
int simple_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
|
|
struct posix_acl *acl, int type)
|
|
{
|
|
int error;
|
|
struct inode *inode = d_inode(dentry);
|
|
|
|
if (type == ACL_TYPE_ACCESS) {
|
|
error = posix_acl_update_mode(mnt_userns, inode,
|
|
&inode->i_mode, &acl);
|
|
if (error)
|
|
return error;
|
|
}
|
|
|
|
inode->i_ctime = current_time(inode);
|
|
if (IS_I_VERSION(inode))
|
|
inode_inc_iversion(inode);
|
|
set_cached_acl(inode, type, acl);
|
|
return 0;
|
|
}
|
|
|
|
int simple_acl_create(struct inode *dir, struct inode *inode)
|
|
{
|
|
struct posix_acl *default_acl, *acl;
|
|
int error;
|
|
|
|
error = posix_acl_create(dir, &inode->i_mode, &default_acl, &acl);
|
|
if (error)
|
|
return error;
|
|
|
|
set_cached_acl(inode, ACL_TYPE_DEFAULT, default_acl);
|
|
set_cached_acl(inode, ACL_TYPE_ACCESS, acl);
|
|
|
|
if (default_acl)
|
|
posix_acl_release(default_acl);
|
|
if (acl)
|
|
posix_acl_release(acl);
|
|
return 0;
|
|
}
|
|
|
|
static int vfs_set_acl_idmapped_mnt(struct user_namespace *mnt_userns,
|
|
struct user_namespace *fs_userns,
|
|
struct posix_acl *acl)
|
|
{
|
|
for (int n = 0; n < acl->a_count; n++) {
|
|
struct posix_acl_entry *acl_e = &acl->a_entries[n];
|
|
|
|
switch (acl_e->e_tag) {
|
|
case ACL_USER:
|
|
acl_e->e_uid = from_vfsuid(mnt_userns, fs_userns,
|
|
VFSUIDT_INIT(acl_e->e_uid));
|
|
break;
|
|
case ACL_GROUP:
|
|
acl_e->e_gid = from_vfsgid(mnt_userns, fs_userns,
|
|
VFSGIDT_INIT(acl_e->e_gid));
|
|
break;
|
|
}
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
/**
|
|
* vfs_set_acl - set posix acls
|
|
* @mnt_userns: user namespace of the mount
|
|
* @dentry: the dentry based on which to set the posix acls
|
|
* @acl_name: the name of the posix acl
|
|
* @kacl: the posix acls in the appropriate VFS format
|
|
*
|
|
* This function sets @kacl. The caller must all posix_acl_release() on @kacl
|
|
* afterwards.
|
|
*
|
|
* Return: On success 0, on error negative errno.
|
|
*/
|
|
int vfs_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
|
|
const char *acl_name, struct posix_acl *kacl)
|
|
{
|
|
int acl_type;
|
|
int error;
|
|
struct inode *inode = d_inode(dentry);
|
|
struct inode *delegated_inode = NULL;
|
|
|
|
acl_type = posix_acl_type(acl_name);
|
|
if (acl_type < 0)
|
|
return -EINVAL;
|
|
|
|
if (kacl) {
|
|
/*
|
|
* If we're on an idmapped mount translate from mount specific
|
|
* vfs{g,u}id_t into global filesystem k{g,u}id_t.
|
|
* Afterwards we can cache the POSIX ACLs filesystem wide and -
|
|
* if this is a filesystem with a backing store - ultimately
|
|
* translate them to backing store values.
|
|
*/
|
|
error = vfs_set_acl_idmapped_mnt(mnt_userns, i_user_ns(inode), kacl);
|
|
if (error)
|
|
return error;
|
|
}
|
|
|
|
retry_deleg:
|
|
inode_lock(inode);
|
|
|
|
/*
|
|
* We only care about restrictions the inode struct itself places upon
|
|
* us otherwise POSIX ACLs aren't subject to any VFS restrictions.
|
|
*/
|
|
error = may_write_xattr(mnt_userns, inode);
|
|
if (error)
|
|
goto out_inode_unlock;
|
|
|
|
error = security_inode_set_acl(mnt_userns, dentry, acl_name, kacl);
|
|
if (error)
|
|
goto out_inode_unlock;
|
|
|
|
error = try_break_deleg(inode, &delegated_inode);
|
|
if (error)
|
|
goto out_inode_unlock;
|
|
|
|
if (inode->i_opflags & IOP_XATTR)
|
|
error = set_posix_acl(mnt_userns, dentry, acl_type, kacl);
|
|
else if (unlikely(is_bad_inode(inode)))
|
|
error = -EIO;
|
|
else
|
|
error = -EOPNOTSUPP;
|
|
if (!error) {
|
|
fsnotify_xattr(dentry);
|
|
evm_inode_post_set_acl(dentry, acl_name, kacl);
|
|
}
|
|
|
|
out_inode_unlock:
|
|
inode_unlock(inode);
|
|
|
|
if (delegated_inode) {
|
|
error = break_deleg_wait(&delegated_inode);
|
|
if (!error)
|
|
goto retry_deleg;
|
|
}
|
|
|
|
return error;
|
|
}
|
|
EXPORT_SYMBOL_GPL(vfs_set_acl);
|
|
|
|
/**
|
|
* vfs_get_acl - get posix acls
|
|
* @mnt_userns: user namespace of the mount
|
|
* @dentry: the dentry based on which to retrieve the posix acls
|
|
* @acl_name: the name of the posix acl
|
|
*
|
|
* This function retrieves @kacl from the filesystem. The caller must all
|
|
* posix_acl_release() on @kacl.
|
|
*
|
|
* Return: On success POSIX ACLs in VFS format, on error negative errno.
|
|
*/
|
|
struct posix_acl *vfs_get_acl(struct user_namespace *mnt_userns,
|
|
struct dentry *dentry, const char *acl_name)
|
|
{
|
|
struct inode *inode = d_inode(dentry);
|
|
struct posix_acl *acl;
|
|
int acl_type, error;
|
|
|
|
acl_type = posix_acl_type(acl_name);
|
|
if (acl_type < 0)
|
|
return ERR_PTR(-EINVAL);
|
|
|
|
/*
|
|
* The VFS has no restrictions on reading POSIX ACLs so calling
|
|
* something like xattr_permission() isn't needed. Only LSMs get a say.
|
|
*/
|
|
error = security_inode_get_acl(mnt_userns, dentry, acl_name);
|
|
if (error)
|
|
return ERR_PTR(error);
|
|
|
|
if (!IS_POSIXACL(inode))
|
|
return ERR_PTR(-EOPNOTSUPP);
|
|
if (S_ISLNK(inode->i_mode))
|
|
return ERR_PTR(-EOPNOTSUPP);
|
|
|
|
acl = __get_acl(mnt_userns, dentry, inode, acl_type);
|
|
if (IS_ERR(acl))
|
|
return acl;
|
|
if (!acl)
|
|
return ERR_PTR(-ENODATA);
|
|
|
|
return acl;
|
|
}
|
|
EXPORT_SYMBOL_GPL(vfs_get_acl);
|
|
|
|
/**
|
|
* vfs_remove_acl - remove posix acls
|
|
* @mnt_userns: user namespace of the mount
|
|
* @dentry: the dentry based on which to retrieve the posix acls
|
|
* @acl_name: the name of the posix acl
|
|
*
|
|
* This function removes posix acls.
|
|
*
|
|
* Return: On success 0, on error negative errno.
|
|
*/
|
|
int vfs_remove_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
|
|
const char *acl_name)
|
|
{
|
|
int acl_type;
|
|
int error;
|
|
struct inode *inode = d_inode(dentry);
|
|
struct inode *delegated_inode = NULL;
|
|
|
|
acl_type = posix_acl_type(acl_name);
|
|
if (acl_type < 0)
|
|
return -EINVAL;
|
|
|
|
retry_deleg:
|
|
inode_lock(inode);
|
|
|
|
/*
|
|
* We only care about restrictions the inode struct itself places upon
|
|
* us otherwise POSIX ACLs aren't subject to any VFS restrictions.
|
|
*/
|
|
error = may_write_xattr(mnt_userns, inode);
|
|
if (error)
|
|
goto out_inode_unlock;
|
|
|
|
error = security_inode_remove_acl(mnt_userns, dentry, acl_name);
|
|
if (error)
|
|
goto out_inode_unlock;
|
|
|
|
error = try_break_deleg(inode, &delegated_inode);
|
|
if (error)
|
|
goto out_inode_unlock;
|
|
|
|
if (inode->i_opflags & IOP_XATTR)
|
|
error = set_posix_acl(mnt_userns, dentry, acl_type, NULL);
|
|
else if (unlikely(is_bad_inode(inode)))
|
|
error = -EIO;
|
|
else
|
|
error = -EOPNOTSUPP;
|
|
if (!error) {
|
|
fsnotify_xattr(dentry);
|
|
evm_inode_post_remove_acl(mnt_userns, dentry, acl_name);
|
|
}
|
|
|
|
out_inode_unlock:
|
|
inode_unlock(inode);
|
|
|
|
if (delegated_inode) {
|
|
error = break_deleg_wait(&delegated_inode);
|
|
if (!error)
|
|
goto retry_deleg;
|
|
}
|
|
|
|
return error;
|
|
}
|
|
EXPORT_SYMBOL_GPL(vfs_remove_acl);
|
|
|
|
int do_set_acl(struct mnt_idmap *idmap, struct dentry *dentry,
|
|
const char *acl_name, const void *kvalue, size_t size)
|
|
{
|
|
int error;
|
|
struct posix_acl *acl = NULL;
|
|
|
|
if (size) {
|
|
/*
|
|
* Note that posix_acl_from_xattr() uses GFP_NOFS when it
|
|
* probably doesn't need to here.
|
|
*/
|
|
acl = posix_acl_from_xattr(current_user_ns(), kvalue, size);
|
|
if (IS_ERR(acl))
|
|
return PTR_ERR(acl);
|
|
}
|
|
|
|
error = vfs_set_acl(mnt_idmap_owner(idmap), dentry, acl_name, acl);
|
|
posix_acl_release(acl);
|
|
return error;
|
|
}
|
|
|
|
ssize_t do_get_acl(struct mnt_idmap *idmap, struct dentry *dentry,
|
|
const char *acl_name, void *kvalue, size_t size)
|
|
{
|
|
ssize_t error;
|
|
struct posix_acl *acl;
|
|
|
|
acl = vfs_get_acl(mnt_idmap_owner(idmap), dentry, acl_name);
|
|
if (IS_ERR(acl))
|
|
return PTR_ERR(acl);
|
|
|
|
error = vfs_posix_acl_to_xattr(idmap, d_inode(dentry),
|
|
acl, kvalue, size);
|
|
posix_acl_release(acl);
|
|
return error;
|
|
}
|