@@ -258,73 +258,6 @@ void putname(struct filename *name)
__putname(name);
}
-static int check_richacl(struct inode *inode, int mask)
-{
-#ifdef CONFIG_FS_RICHACL
- if (mask & MAY_NOT_BLOCK) {
- struct base_acl *base_acl;
-
- base_acl = rcu_dereference(inode->i_acl);
- if (!base_acl)
- goto no_acl;
- /* no ->get_richacl() calls in RCU mode... */
- if (is_uncached_acl(base_acl))
- return -ECHILD;
- return richacl_permission(inode, richacl(base_acl),
- mask & ~MAY_NOT_BLOCK);
- } else {
- struct richacl *acl;
-
- acl = get_richacl(inode);
- if (IS_ERR(acl))
- return PTR_ERR(acl);
- if (acl) {
- int error = richacl_permission(inode, acl, mask);
- richacl_put(acl);
- return error;
- }
- }
-no_acl:
-#endif
- if (mask & (MAY_DELETE_SELF | MAY_TAKE_OWNERSHIP |
- MAY_CHMOD | MAY_SET_TIMES)) {
- /* File permission bits cannot grant this. */
- return -EACCES;
- }
- return -EAGAIN;
-}
-
-static int check_posix_acl(struct inode *inode, int mask)
-{
-#ifdef CONFIG_FS_POSIX_ACL
- if (mask & MAY_NOT_BLOCK) {
- struct base_acl *base_acl;
-
- base_acl = rcu_dereference(inode->i_acl);
- if (!base_acl)
- return -EAGAIN;
- /* no ->get_acl() calls in RCU mode... */
- if (is_uncached_acl(base_acl))
- return -ECHILD;
- return posix_acl_permission(inode, posix_acl(base_acl),
- mask & ~MAY_NOT_BLOCK);
- } else {
- struct posix_acl *acl;
-
- acl = get_acl(inode, ACL_TYPE_ACCESS);
- if (IS_ERR(acl))
- return PTR_ERR(acl);
- if (acl) {
- int error = posix_acl_permission(inode, acl, mask);
- posix_acl_release(acl);
- return error;
- }
- }
-#endif
-
- return -EAGAIN;
-}
-
/*
* This does the basic permission checking
*/
@@ -360,6 +293,11 @@ static int acl_permission_check(struct inode *inode, int mask)
error = check_richacl(inode, mask);
if (error != -EAGAIN)
return error;
+ if (mask & (MAY_DELETE_SELF | MAY_TAKE_OWNERSHIP |
+ MAY_CHMOD | MAY_SET_TIMES)) {
+ /* File permission bits cannot grant this. */
+ return -EACCES;
+ }
}
if (likely(uid_eq(current_fsuid(), inode->i_uid)))
mode >>= 6;
@@ -374,6 +374,34 @@ posix_acl_permission(struct inode *inode, const struct posix_acl *acl, int want)
return -EACCES;
}
+int check_posix_acl(struct inode *inode, int mask)
+{
+ if (mask & MAY_NOT_BLOCK) {
+ struct base_acl *base_acl;
+
+ base_acl = rcu_dereference(inode->i_acl);
+ if (!base_acl)
+ return -EAGAIN;
+ /* no ->get_acl() calls in RCU mode... */
+ if (is_uncached_acl(base_acl))
+ return -ECHILD;
+ return posix_acl_permission(inode, posix_acl(base_acl),
+ mask & ~MAY_NOT_BLOCK);
+ } else {
+ struct posix_acl *acl;
+
+ acl = get_acl(inode, ACL_TYPE_ACCESS);
+ if (IS_ERR(acl))
+ return PTR_ERR(acl);
+ if (acl) {
+ int error = posix_acl_permission(inode, acl, mask);
+ posix_acl_release(acl);
+ return error;
+ }
+ }
+ return -EAGAIN;
+}
+
/*
* Modify acl when creating a new inode. The caller must ensure the acl is
* only referenced once.
@@ -385,6 +385,34 @@ richacl_permission(struct inode *inode, const struct richacl *acl,
}
EXPORT_SYMBOL_GPL(richacl_permission);
+int check_richacl(struct inode *inode, int mask)
+{
+ if (mask & MAY_NOT_BLOCK) {
+ struct base_acl *base_acl;
+
+ base_acl = rcu_dereference(inode->i_acl);
+ if (!base_acl)
+ return -EAGAIN;
+ /* no ->get_richacl() calls in RCU mode... */
+ if (is_uncached_acl(base_acl))
+ return -ECHILD;
+ return richacl_permission(inode, richacl(base_acl),
+ mask & ~MAY_NOT_BLOCK);
+ } else {
+ struct richacl *acl;
+
+ acl = get_richacl(inode);
+ if (IS_ERR(acl))
+ return PTR_ERR(acl);
+ if (acl) {
+ int error = richacl_permission(inode, acl, mask);
+ richacl_put(acl);
+ return error;
+ }
+ }
+ return -EAGAIN;
+}
+
/*
* Note: functions like richacl_allowed_to_who(), richacl_group_class_allowed(),
* and richacl_compute_max_masks() iterate through the entire acl in reverse
@@ -74,6 +74,7 @@ extern struct posix_acl *get_posix_acl(struct inode *, int);
extern int set_posix_acl(struct inode *, int, struct posix_acl *);
#ifdef CONFIG_FS_POSIX_ACL
+extern int check_posix_acl(struct inode *, int);
extern int posix_acl_chmod(struct inode *, umode_t);
extern int posix_acl_create(struct inode *, umode_t *, struct posix_acl **,
struct posix_acl **);
@@ -93,6 +94,10 @@ static inline void cache_no_acl(struct inode *inode)
inode->i_default_acl = NULL;
}
#else
+static inline int check_posix_acl(struct inode *inode, int mask) {
+ return -EAGAIN;
+}
+
static inline int posix_acl_chmod(struct inode *inode, umode_t mode)
{
return 0;
@@ -207,4 +207,12 @@ extern struct richacl *richacl_inherit(const struct richacl *, int);
extern struct richacl *richacl_create(umode_t *, struct inode *);
extern int set_richacl(struct inode *, struct richacl *);
+#ifdef CONFIG_FS_RICHACL
+extern int check_richacl(struct inode *, int);
+#else
+static inline int check_richacl(struct inode *inode, int mask) {
+ return -EAGAIN;
+}
+#endif /* CONFIG_FS_RICHACL */
+
#endif /* __RICHACL_H */
By moving those functions into fs/posix_acl.c and fs/richacl.c, the ifdefs can be moved into include/linux/posix_acl.h and include/linux/richacl.h. This may be seen as a small improvement. Suggested-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> --- fs/namei.c | 72 ++++------------------------------------------- fs/posix_acl.c | 28 ++++++++++++++++++ fs/richacl.c | 28 ++++++++++++++++++ include/linux/posix_acl.h | 5 ++++ include/linux/richacl.h | 8 ++++++ 5 files changed, 74 insertions(+), 67 deletions(-)