From patchwork Wed Feb 25 23:41:33 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Andreas_Gr=C3=BCnbacher?= X-Patchwork-Id: 5885621 Return-Path: X-Original-To: patchwork-linux-fsdevel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 191AA9F373 for ; Wed, 25 Feb 2015 23:45:58 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 3008220374 for ; Wed, 25 Feb 2015 23:45:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 32D9720268 for ; Wed, 25 Feb 2015 23:45:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753237AbbBYXpk (ORCPT ); Wed, 25 Feb 2015 18:45:40 -0500 Received: from mail-wg0-f42.google.com ([74.125.82.42]:44537 "EHLO mail-wg0-f42.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753895AbbBYXmZ (ORCPT ); Wed, 25 Feb 2015 18:42:25 -0500 Received: by wggx12 with SMTP id x12so6778128wgg.11; Wed, 25 Feb 2015 15:42:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:message-id:in-reply-to:references:in-reply-to :references; bh=/EE9LHDpQtM96joHjIKxZ8LQsNSHKvCG7G43+b7v8F8=; b=IhiIvBvErL3cMlLZKOkXnKUpWIB2fMWhYezbRAFbrhh4BNLMiYqi3fAwQEBbFfRqKa lB6pRrUfclICvktVTLej29ALy0QER9CH5QzlSbUGHSfamuKB0enGrgK9n9XPZPZ+N4EB a8tcHLR1C2nM3D5aerS6kfXNZZi5vK33p3uyqBtymaexYMFFcBt1E+yDFG5Cewlk6DYh LxzNJxaFycEpJ4oO+SDQhPhuBzACTm7Jf0yM3lwLRIjsTaXN8nMgYMp47NH5srCpqw4H xlO52iWh5WLUROVeTppf7RGPeAdSXQUZpet03seFwSbIZYJzNpPPMDvXrjRd/JqZhlI6 CWGQ== X-Received: by 10.180.149.206 with SMTP id uc14mr44661680wib.57.1424907743716; Wed, 25 Feb 2015 15:42:23 -0800 (PST) Received: from nuc.home.com (80-110-112-196.cgn.dynamic.surfer.at. [80.110.112.196]) by mx.google.com with ESMTPSA id vh8sm66946337wjc.12.2015.02.25.15.42.22 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 25 Feb 2015 15:42:22 -0800 (PST) From: Andreas Gruenbacher X-Google-Original-From: Andreas Gruenbacher To: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-nfs@vger.kernel.org Subject: [RFC 12/21] richacl: Permission check algorithm Date: Thu, 26 Feb 2015 00:41:33 +0100 Message-Id: <516c44e08972125aee20a90e0399aaefe8e6d553.1424907511.git.agruenba@redhat.com> X-Mailer: git-send-email 2.1.0 In-Reply-To: References: In-Reply-To: References: Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, T_DKIM_INVALID, T_RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP A richacl grants a requested access if the NFSv4 acl in the richacl grants the requested permissions (according to the NFSv4 permission check algorithm) and the file mask that applies to the process includes the requested permissions. Signed-off-by: Andreas Gruenbacher --- fs/richacl_base.c | 112 ++++++++++++++++++++++++++++++++++++++++++++++++ include/linux/richacl.h | 1 + 2 files changed, 113 insertions(+) diff --git a/fs/richacl_base.c b/fs/richacl_base.c index 7de2e9e..7723bc8 100644 --- a/fs/richacl_base.c +++ b/fs/richacl_base.c @@ -340,3 +340,115 @@ richacl_chmod(struct richacl *acl, mode_t mode) return clone; } EXPORT_SYMBOL_GPL(richacl_chmod); + +/** + * richacl_permission - richacl permission check algorithm + * @inode: inode to check + * @acl: rich acl of the inode + * @want: requested access (MAY_* flags) + * + * Checks if the current process is granted @mask flags in @acl. + */ +int +richacl_permission(struct inode *inode, const struct richacl *acl, + int want) +{ + const struct richace *ace; + unsigned int mask = richacl_want_to_mask(want); + unsigned int requested = mask, denied = 0; + int in_owning_group = in_group_p(inode->i_gid); + int in_owner_or_group_class = in_owning_group; + + /* + * We don't need to know which class the process is in when the acl is + * not masked. + */ + if (!(acl->a_flags & ACL4_MASKED)) + in_owner_or_group_class = 1; + + /* + * A process is + * - in the owner file class if it owns the file, + * - in the group file class if it is in the file's owning group or + * it matches any of the user or group entries, and + * - in the other file class otherwise. + */ + + /* + * Check if the acl grants the requested access and determine which + * file class the process is in. + */ + richacl_for_each_entry(ace, acl) { + unsigned int ace_mask = ace->e_mask; + + if (richace_is_inherit_only(ace)) + continue; + if (richace_is_owner(ace)) { + if (!uid_eq(current_fsuid(), inode->i_uid)) + continue; + goto is_owner; + } else if (richace_is_group(ace)) { + if (!in_owning_group) + continue; + } else if (richace_is_unix_id(ace)) { + if (ace->e_flags & ACE4_IDENTIFIER_GROUP) { + if (!in_group_p(make_kgid(current_user_ns(), + ace->e_id))) + continue; + } else { + if (!uid_eq(current_fsuid(), + make_kuid(current_user_ns(), + ace->e_id))) + continue; + } + } else + goto is_everyone; + + /* + * Apply the group file mask to entries other than OWNER@ and + * EVERYONE@. This is not required for correct access checking + * but ensures that we grant the same permissions as the acl + * computed by richacl_apply_masks() would grant. + */ + if ((acl->a_flags & ACL4_MASKED) && richace_is_allow(ace)) + ace_mask &= acl->a_group_mask; + +is_owner: + /* The process is in the owner or group file class. */ + in_owner_or_group_class = 1; + +is_everyone: + /* Check which mask flags the ACE allows or denies. */ + if (richace_is_deny(ace)) + denied |= ace_mask & mask; + mask &= ~ace_mask; + + /* + * Keep going until we know which file class + * the process is in. + */ + if (!mask && in_owner_or_group_class) + break; + } + denied |= mask; + + if (acl->a_flags & ACL4_MASKED) { + unsigned int file_mask; + + /* + * The file class a process is in determines which file mask + * applies. Check if that file mask also grants the requested + * access. + */ + if (uid_eq(current_fsuid(), inode->i_uid)) + file_mask = acl->a_owner_mask; + else if (in_owner_or_group_class) + file_mask = acl->a_group_mask; + else + file_mask = acl->a_other_mask; + denied |= requested & ~file_mask; + } + + return denied ? -EACCES : 0; +} +EXPORT_SYMBOL_GPL(richacl_permission); diff --git a/include/linux/richacl.h b/include/linux/richacl.h index f347125..d92e1c2 100644 --- a/include/linux/richacl.h +++ b/include/linux/richacl.h @@ -292,5 +292,6 @@ extern unsigned int richacl_mode_to_mask(mode_t); extern unsigned int richacl_want_to_mask(unsigned int); extern void richacl_compute_max_masks(struct richacl *); extern struct richacl *richacl_chmod(struct richacl *, mode_t); +extern int richacl_permission(struct inode *, const struct richacl *, int); #endif /* __RICHACL_H */