Change the acl so that everyone@ is granted the permissions set in the other mask.
Signed-off-by: Andreas Gruenbacher <agrue...@redhat.com> Reviewed-by: J. Bruce Fields <bfie...@redhat.com> --- fs/richacl_compat.c | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/fs/richacl_compat.c b/fs/richacl_compat.c index 16deeb4..21ee31e 100644 --- a/fs/richacl_compat.c +++ b/fs/richacl_compat.c @@ -462,3 +462,44 @@ richacl_set_owner_permissions(struct richacl_alloc *alloc) } return 0; } + +/** + * richacl_set_other_permissions - set the other permissions to the other mask + * @alloc: acl and number of allocated entries + * @added: permissions added for everyone@ + * + * Change the acl so that everyone@ is granted the permissions set in the other + * mask. This leaves at most one efective everyone@ allow entry at the end of + * the acl. If everyone@ end up being granted additional permissions, these + * permissions are returned in @added. + */ +static int +richacl_set_other_permissions(struct richacl_alloc *alloc, unsigned int *added) +{ + struct richacl *acl = alloc->acl; + unsigned int x = RICHACE_POSIX_ALWAYS_ALLOWED; + unsigned int other_mask = acl->a_other_mask & ~x; + struct richace *ace; + + if (!(other_mask && + (acl->a_flags & RICHACL_WRITE_THROUGH))) + return 0; + + *added = other_mask; + ace = acl->a_entries + acl->a_count - 1; + if (acl->a_count == 0 || + !richace_is_everyone(ace) || + richace_is_inherit_only(ace)) { + ace++; + if (richacl_insert_entry(alloc, &ace)) + return -1; + ace->e_type = RICHACE_ACCESS_ALLOWED_ACE_TYPE; + ace->e_flags = RICHACE_SPECIAL_WHO; + ace->e_mask = other_mask; + ace->e_id.special = RICHACE_EVERYONE_SPECIAL_ID; + } else { + *added &= ~ace->e_mask; + richace_change_mask(alloc, &ace, other_mask); + } + return 0; +} -- 2.5.0 -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html