Make 'check_acl()' a first-class filesystem op

This is stage one in flattening out the callchains for the common
permission testing.  Rather than have most filesystem implement their
own inode->i_op->permission function that just calls back down to the
VFS layers 'generic_permission()' with the per-filesystem ACL checking
function, the filesystem can just expose its 'check_acl' function
directly, and let the VFS layer do everything for it.

This is all just preparatory - no filesystem actually enables this yet.

Reviewed-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

diff --git a/fs/namei.c b/fs/namei.c
index e645e307036057e678d0d245bccf8e2d653cbf9a..ed27bb205b7e9d13a80d240ed98385e8dcfdc384 100644 (file)
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -169,19 +169,10 @@ void putname(const char *name)
 EXPORT_SYMBOL(putname);
 #endif
 
-
-/**
- * generic_permission  -  check for access rights on a Posix-like filesystem
- * @inode:     inode to check access rights for
- * @mask:      right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
- * @check_acl: optional callback to check for Posix ACLs
- *
- * Used to check for read/write/execute permissions on a file.
- * We use "fsuid" for this, letting us set arbitrary permissions
- * for filesystem access without changing the "normal" uids which
- * are used for other things..
+/*
+ * This does basic POSIX ACL permission checking
  */
-int generic_permission(struct inode *inode, int mask,
+static int acl_permission_check(struct inode *inode, int mask,
                int (*check_acl)(struct inode *inode, int mask))
 {
        umode_t                 mode = inode->i_mode;
@@ -193,9 +184,7 @@ int generic_permission(struct inode *inode, int mask,
        else {
                if (IS_POSIXACL(inode) && (mode & S_IRWXG) && check_acl) {
                        int error = check_acl(inode, mask);
-                       if (error == -EACCES)
-                               goto check_capabilities;
-                       else if (error != -EAGAIN)
+                       if (error != -EAGAIN)
                                return error;
                }
 
@@ -208,8 +197,32 @@ int generic_permission(struct inode *inode, int mask,
         */
        if ((mask & ~mode) == 0)
                return 0;
+       return -EACCES;
+}
+
+/**
+ * generic_permission  -  check for access rights on a Posix-like filesystem
+ * @inode:     inode to check access rights for
+ * @mask:      right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)
+ * @check_acl: optional callback to check for Posix ACLs
+ *
+ * Used to check for read/write/execute permissions on a file.
+ * We use "fsuid" for this, letting us set arbitrary permissions
+ * for filesystem access without changing the "normal" uids which
+ * are used for other things..
+ */
+int generic_permission(struct inode *inode, int mask,
+               int (*check_acl)(struct inode *inode, int mask))
+{
+       int ret;
+
+       /*
+        * Do the basic POSIX ACL permission checks.
+        */
+       ret = acl_permission_check(inode, mask, check_acl);
+       if (ret != -EACCES)
+               return ret;
 
- check_capabilities:
        /*
         * Read/write DACs are always overridable.
         * Executable DACs are overridable if at least one exec bit is set.
@@ -262,7 +275,7 @@ int inode_permission(struct inode *inode, int mask)
        if (inode->i_op->permission)
                retval = inode->i_op->permission(inode, mask);
        else
-               retval = generic_permission(inode, mask, NULL);
+               retval = generic_permission(inode, mask, inode->i_op->check_acl);
 
        if (retval)
                return retval;
@@ -432,27 +445,22 @@ static struct dentry * cached_lookup(struct dentry * parent, struct qstr * name,
  */
 static int exec_permission_lite(struct inode *inode)
 {
-       umode_t mode = inode->i_mode;
+       int ret;
 
        if (inode->i_op->permission) {
-               int ret = inode->i_op->permission(inode, MAY_EXEC);
+               ret = inode->i_op->permission(inode, MAY_EXEC);
                if (!ret)
                        goto ok;
                return ret;
        }
-
-       if (current_fsuid() == inode->i_uid)
-               mode >>= 6;
-       else if (in_group_p(inode->i_gid))
-               mode >>= 3;
-
-       if (mode & MAY_EXEC)
+       ret = acl_permission_check(inode, MAY_EXEC, inode->i_op->check_acl);
+       if (!ret)
                goto ok;
 
        if (capable(CAP_DAC_OVERRIDE) || capable(CAP_DAC_READ_SEARCH))
                goto ok;
 
-       return -EACCES;
+       return ret;
 ok:
        return security_inode_permission(inode, MAY_EXEC);
 }

diff --git a/include/linux/fs.h b/include/linux/fs.h
index 73e9b643e45503dc6f01e31af2a8ec1f77de1264..c1f993515f51ee6c66faa51d15b76c110fdf0e93 100644 (file)
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -1528,6 +1528,7 @@ struct inode_operations {
        void (*put_link) (struct dentry *, struct nameidata *, void *);
        void (*truncate) (struct inode *);
        int (*permission) (struct inode *, int);
+       int (*check_acl)(struct inode *, int);
        int (*setattr) (struct dentry *, struct iattr *);
        int (*getattr) (struct vfsmount *mnt, struct dentry *, struct kstat *);
        int (*setxattr) (struct dentry *, const char *,const void *,size_t,int);