subject:"\[PATCH v8 10\/41\] richacl\: Permission check algorithm"

Re: [PATCH v8 10/41] richacl: Permission check algorithm

2015-09-28 Thread Andreas Grünbacher

2015-09-28 18:29 GMT+02:00 J. Bruce Fields :
> On Mon, Sep 28, 2015 at 06:25:23PM +0200, Andreas Grünbacher wrote:
>> 2015-09-28 18:08 GMT+02:00 J. Bruce Fields :
>> > The above also skips the following group_mask application on any unix
>> > group.
>>
>> Really? How does it do that?
>
> Sorry, I meant "unix user", not "unix group"!

Indeed, that's a bit tricky. Probably worth changing if just for clarity:

-   goto entry_matches_owner;
+   if (uid_eq(current_fsuid(), inode->i_uid))
+   goto entry_matches_owner;

Thanks,
Andreas
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH v8 10/41] richacl: Permission check algorithm

2015-09-28 Thread J. Bruce Fields

On Mon, Sep 28, 2015 at 06:25:23PM +0200, Andreas Grünbacher wrote:
> 2015-09-28 18:08 GMT+02:00 J. Bruce Fields :
> > On Mon, Sep 28, 2015 at 12:09:01AM +0200, Andreas Gruenbacher wrote:
> >> + /*
> >> +  * Check if the acl grants the requested access and determine which
> >> +  * file class the process is in.
> >> +  */
> >> + richacl_for_each_entry(ace, acl) {
> >> + unsigned int ace_mask = ace->e_mask;
> >> +
> >> + if (richace_is_inherit_only(ace))
> >> + continue;
> >> + if (richace_is_owner(ace)) {
> >> + if (!uid_eq(current_fsuid(), inode->i_uid))
> >> + continue;
> >> + goto entry_matches_owner;
> >> + } else if (richace_is_group(ace)) {
> >> + if (!in_owning_group)
> >> + continue;
> >> + } else if (richace_is_unix_user(ace)) {
> >> + if (!uid_eq(current_fsuid(), ace->e_id.uid))
> >> + continue;
> >> + goto entry_matches_owner;
> >> + } else if (richace_is_unix_group(ace)) {
> >> + if (!in_group_p(ace->e_id.gid))
> >> + continue;
> >> + } else
> >> + goto entry_matches_everyone;
> >> +
> >> + /*
> >> +  * Apply the group file mask to entries other than owner@ and
> >> +  * everyone@ or user entries matching the owner.
> >
> > The above also skips the following group_mask application on any unix
> > group.
> 
> Really? How does it do that?

Sorry, I meant "unix user", not "unix group"!

--b.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH v8 10/41] richacl: Permission check algorithm

2015-09-28 Thread Andreas Grünbacher

2015-09-28 18:08 GMT+02:00 J. Bruce Fields :
> On Mon, Sep 28, 2015 at 12:09:01AM +0200, Andreas Gruenbacher wrote:
>> + /*
>> +  * Check if the acl grants the requested access and determine which
>> +  * file class the process is in.
>> +  */
>> + richacl_for_each_entry(ace, acl) {
>> + unsigned int ace_mask = ace->e_mask;
>> +
>> + if (richace_is_inherit_only(ace))
>> + continue;
>> + if (richace_is_owner(ace)) {
>> + if (!uid_eq(current_fsuid(), inode->i_uid))
>> + continue;
>> + goto entry_matches_owner;
>> + } else if (richace_is_group(ace)) {
>> + if (!in_owning_group)
>> + continue;
>> + } else if (richace_is_unix_user(ace)) {
>> + if (!uid_eq(current_fsuid(), ace->e_id.uid))
>> + continue;
>> + goto entry_matches_owner;
>> + } else if (richace_is_unix_group(ace)) {
>> + if (!in_group_p(ace->e_id.gid))
>> + continue;
>> + } else
>> + goto entry_matches_everyone;
>> +
>> + /*
>> +  * Apply the group file mask to entries other than owner@ and
>> +  * everyone@ or user entries matching the owner.
>
> The above also skips the following group_mask application on any unix
> group.

Really? How does it do that?

Thanks,
Andreas
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH v8 10/41] richacl: Permission check algorithm

2015-09-28 Thread J. Bruce Fields

On Mon, Sep 28, 2015 at 12:09:01AM +0200, Andreas Gruenbacher wrote:
> A richacl roughly grants a requested access if the NFSv4 acl in the
> richacl grants the requested permissions according to the NFSv4
> permission check algorithm and the file mask that applies to the process
> includes the requested permissions.
> 
> Signed-off-by: Andreas Gruenbacher 
> Reviewed-by: "J. Bruce Fields" 
> ---
>  fs/Makefile |   2 +-
>  fs/richacl_inode.c  | 148 
> 
>  include/linux/richacl.h |   3 +
>  3 files changed, 152 insertions(+), 1 deletion(-)
>  create mode 100644 fs/richacl_inode.c
> 
> diff --git a/fs/Makefile b/fs/Makefile
> index fe3e9dd..ec665fd 100644
> --- a/fs/Makefile
> +++ b/fs/Makefile
> @@ -49,7 +49,7 @@ obj-$(CONFIG_SYSCTL)+= drop_caches.o
>  
>  obj-$(CONFIG_FHANDLE)+= fhandle.o
>  obj-$(CONFIG_FS_RICHACL) += richacl.o
> -richacl-y:= richacl_base.o
> +richacl-y:= richacl_base.o richacl_inode.o
>  
>  obj-y+= quota/
>  
> diff --git a/fs/richacl_inode.c b/fs/richacl_inode.c
> new file mode 100644
> index 000..54e899d
> --- /dev/null
> +++ b/fs/richacl_inode.c
> @@ -0,0 +1,148 @@
> +/*
> + * Copyright (C) 2010  Novell, Inc.
> + * Copyright (C) 2015  Red Hat, Inc.
> + * Written by Andreas Gruenbacher 
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms of the GNU General Public License as published by the
> + * Free Software Foundation; either version 2, or (at your option) any
> + * later version.
> + *
> + * This program is distributed in the hope that it will be useful, but
> + * WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> + * General Public License for more details.
> + */
> +
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +
> +/**
> + * richacl_permission  -  richacl permission check algorithm
> + * @inode:   inode to check
> + * @acl: rich acl of the inode
> + * @want:requested access (MAY_* flags)
> + *
> + * Checks if the current process is granted @mask flags in @acl.
> + */
> +int
> +richacl_permission(struct inode *inode, const struct richacl *acl,
> +int want)
> +{
> + const struct richace *ace;
> + unsigned int mask = richacl_want_to_mask(want);
> + unsigned int requested = mask, denied = 0;
> + int in_owning_group = in_group_p(inode->i_gid);
> + int in_owner_or_group_class = in_owning_group;
> +
> + /*
> +  * A process is
> +  *   - in the owner file class if it owns the file,
> +  *   - in the group file class if it is in the file's owning group or
> +  * it matches any of the user or group entries, and
> +  *   - in the other file class otherwise.
> +  * The file class is only relevant for determining which file mask to
> +  * apply, which only happens for masked acls.
> +  */
> + if (acl->a_flags & RICHACL_MASKED) {
> + if ((acl->a_flags & RICHACL_WRITE_THROUGH) &&
> + uid_eq(current_fsuid(), inode->i_uid)) {
> + denied = requested & ~acl->a_owner_mask;
> + goto out;
> + }
> + } else {
> + /*
> +  * When the acl is not masked, there is no need to determine if
> +  * the process is in the group class and we can break out
> +  * earlier of the loop below.
> +  */
> + in_owner_or_group_class = 1;
> + }
> +
> + /*
> +  * Check if the acl grants the requested access and determine which
> +  * file class the process is in.
> +  */
> + richacl_for_each_entry(ace, acl) {
> + unsigned int ace_mask = ace->e_mask;
> +
> + if (richace_is_inherit_only(ace))
> + continue;
> + if (richace_is_owner(ace)) {
> + if (!uid_eq(current_fsuid(), inode->i_uid))
> + continue;
> + goto entry_matches_owner;
> + } else if (richace_is_group(ace)) {
> + if (!in_owning_group)
> + continue;
> + } else if (richace_is_unix_user(ace)) {
> + if (!uid_eq(current_fsuid(), ace->e_id.uid))
> + continue;
> + goto entry_matches_owner;
> + } else if (richace_is_unix_group(ace)) {
> + if (!in_group_p(ace->e_id.gid))
> + continue;
> + } else
> + goto entry_matches_everyone;
> +
> + /*
> +  * Apply the group file mask to entries other than owner@ and
> +  * everyone@ or user entries matching the owner.

The above also skips the following group_mask

Re: [PATCH v8 10/41] richacl: Permission check algorithm

2015-09-28 Thread Andreas Grünbacher

2015-09-28 18:29 GMT+02:00 J. Bruce Fields :
> On Mon, Sep 28, 2015 at 06:25:23PM +0200, Andreas Grünbacher wrote:
>> 2015-09-28 18:08 GMT+02:00 J. Bruce Fields :
>> > The above also skips the following group_mask application on any unix
>> > group.
>>
>> Really? How does it do that?
>
> Sorry, I meant "unix user", not "unix group"!

Indeed, that's a bit tricky. Probably worth changing if just for clarity:

-   goto entry_matches_owner;
+   if (uid_eq(current_fsuid(), inode->i_uid))
+   goto entry_matches_owner;

Thanks,
Andreas
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH v8 10/41] richacl: Permission check algorithm

2015-09-28 Thread Andreas Grünbacher

2015-09-28 18:08 GMT+02:00 J. Bruce Fields :
> On Mon, Sep 28, 2015 at 12:09:01AM +0200, Andreas Gruenbacher wrote:
>> + /*
>> +  * Check if the acl grants the requested access and determine which
>> +  * file class the process is in.
>> +  */
>> + richacl_for_each_entry(ace, acl) {
>> + unsigned int ace_mask = ace->e_mask;
>> +
>> + if (richace_is_inherit_only(ace))
>> + continue;
>> + if (richace_is_owner(ace)) {
>> + if (!uid_eq(current_fsuid(), inode->i_uid))
>> + continue;
>> + goto entry_matches_owner;
>> + } else if (richace_is_group(ace)) {
>> + if (!in_owning_group)
>> + continue;
>> + } else if (richace_is_unix_user(ace)) {
>> + if (!uid_eq(current_fsuid(), ace->e_id.uid))
>> + continue;
>> + goto entry_matches_owner;
>> + } else if (richace_is_unix_group(ace)) {
>> + if (!in_group_p(ace->e_id.gid))
>> + continue;
>> + } else
>> + goto entry_matches_everyone;
>> +
>> + /*
>> +  * Apply the group file mask to entries other than owner@ and
>> +  * everyone@ or user entries matching the owner.
>
> The above also skips the following group_mask application on any unix
> group.

Really? How does it do that?

Thanks,
Andreas
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH v8 10/41] richacl: Permission check algorithm

2015-09-28 Thread J. Bruce Fields

On Mon, Sep 28, 2015 at 12:09:01AM +0200, Andreas Gruenbacher wrote:
> A richacl roughly grants a requested access if the NFSv4 acl in the
> richacl grants the requested permissions according to the NFSv4
> permission check algorithm and the file mask that applies to the process
> includes the requested permissions.
> 
> Signed-off-by: Andreas Gruenbacher 
> Reviewed-by: "J. Bruce Fields" 
> ---
>  fs/Makefile |   2 +-
>  fs/richacl_inode.c  | 148 
> 
>  include/linux/richacl.h |   3 +
>  3 files changed, 152 insertions(+), 1 deletion(-)
>  create mode 100644 fs/richacl_inode.c
> 
> diff --git a/fs/Makefile b/fs/Makefile
> index fe3e9dd..ec665fd 100644
> --- a/fs/Makefile
> +++ b/fs/Makefile
> @@ -49,7 +49,7 @@ obj-$(CONFIG_SYSCTL)+= drop_caches.o
>  
>  obj-$(CONFIG_FHANDLE)+= fhandle.o
>  obj-$(CONFIG_FS_RICHACL) += richacl.o
> -richacl-y:= richacl_base.o
> +richacl-y:= richacl_base.o richacl_inode.o
>  
>  obj-y+= quota/
>  
> diff --git a/fs/richacl_inode.c b/fs/richacl_inode.c
> new file mode 100644
> index 000..54e899d
> --- /dev/null
> +++ b/fs/richacl_inode.c
> @@ -0,0 +1,148 @@
> +/*
> + * Copyright (C) 2010  Novell, Inc.
> + * Copyright (C) 2015  Red Hat, Inc.
> + * Written by Andreas Gruenbacher 
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms of the GNU General Public License as published by the
> + * Free Software Foundation; either version 2, or (at your option) any
> + * later version.
> + *
> + * This program is distributed in the hope that it will be useful, but
> + * WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> + * General Public License for more details.
> + */
> +
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +
> +/**
> + * richacl_permission  -  richacl permission check algorithm
> + * @inode:   inode to check
> + * @acl: rich acl of the inode
> + * @want:requested access (MAY_* flags)
> + *
> + * Checks if the current process is granted @mask flags in @acl.
> + */
> +int
> +richacl_permission(struct inode *inode, const struct richacl *acl,
> +int want)
> +{
> + const struct richace *ace;
> + unsigned int mask = richacl_want_to_mask(want);
> + unsigned int requested = mask, denied = 0;
> + int in_owning_group = in_group_p(inode->i_gid);
> + int in_owner_or_group_class = in_owning_group;
> +
> + /*
> +  * A process is
> +  *   - in the owner file class if it owns the file,
> +  *   - in the group file class if it is in the file's owning group or
> +  * it matches any of the user or group entries, and
> +  *   - in the other file class otherwise.
> +  * The file class is only relevant for determining which file mask to
> +  * apply, which only happens for masked acls.
> +  */
> + if (acl->a_flags & RICHACL_MASKED) {
> + if ((acl->a_flags & RICHACL_WRITE_THROUGH) &&
> + uid_eq(current_fsuid(), inode->i_uid)) {
> + denied = requested & ~acl->a_owner_mask;
> + goto out;
> + }
> + } else {
> + /*
> +  * When the acl is not masked, there is no need to determine if
> +  * the process is in the group class and we can break out
> +  * earlier of the loop below.
> +  */
> + in_owner_or_group_class = 1;
> + }
> +
> + /*
> +  * Check if the acl grants the requested access and determine which
> +  * file class the process is in.
> +  */
> + richacl_for_each_entry(ace, acl) {
> + unsigned int ace_mask = ace->e_mask;
> +
> + if (richace_is_inherit_only(ace))
> + continue;
> + if (richace_is_owner(ace)) {
> + if (!uid_eq(current_fsuid(), inode->i_uid))
> + continue;
> + goto entry_matches_owner;
> + } else if (richace_is_group(ace)) {
> + if (!in_owning_group)
> + continue;
> + } else if (richace_is_unix_user(ace)) {
> + if (!uid_eq(current_fsuid(), ace->e_id.uid))
> + continue;
> + goto entry_matches_owner;
> + } else if (richace_is_unix_group(ace)) {
> + if (!in_group_p(ace->e_id.gid))
> + continue;
> + } else
> + goto entry_matches_everyone;
> +
> + /*
> +  * Apply the group file mask to entries other than owner@ and
> +  * everyone@ or user entries

Re: [PATCH v8 10/41] richacl: Permission check algorithm

2015-09-28 Thread J. Bruce Fields

On Mon, Sep 28, 2015 at 06:25:23PM +0200, Andreas Grünbacher wrote:
> 2015-09-28 18:08 GMT+02:00 J. Bruce Fields :
> > On Mon, Sep 28, 2015 at 12:09:01AM +0200, Andreas Gruenbacher wrote:
> >> + /*
> >> +  * Check if the acl grants the requested access and determine which
> >> +  * file class the process is in.
> >> +  */
> >> + richacl_for_each_entry(ace, acl) {
> >> + unsigned int ace_mask = ace->e_mask;
> >> +
> >> + if (richace_is_inherit_only(ace))
> >> + continue;
> >> + if (richace_is_owner(ace)) {
> >> + if (!uid_eq(current_fsuid(), inode->i_uid))
> >> + continue;
> >> + goto entry_matches_owner;
> >> + } else if (richace_is_group(ace)) {
> >> + if (!in_owning_group)
> >> + continue;
> >> + } else if (richace_is_unix_user(ace)) {
> >> + if (!uid_eq(current_fsuid(), ace->e_id.uid))
> >> + continue;
> >> + goto entry_matches_owner;
> >> + } else if (richace_is_unix_group(ace)) {
> >> + if (!in_group_p(ace->e_id.gid))
> >> + continue;
> >> + } else
> >> + goto entry_matches_everyone;
> >> +
> >> + /*
> >> +  * Apply the group file mask to entries other than owner@ and
> >> +  * everyone@ or user entries matching the owner.
> >
> > The above also skips the following group_mask application on any unix
> > group.
> 
> Really? How does it do that?

Sorry, I meant "unix user", not "unix group"!

--b.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[PATCH v8 10/41] richacl: Permission check algorithm

2015-09-27 Thread Andreas Gruenbacher

A richacl roughly grants a requested access if the NFSv4 acl in the
richacl grants the requested permissions according to the NFSv4
permission check algorithm and the file mask that applies to the process
includes the requested permissions.

Signed-off-by: Andreas Gruenbacher 
Reviewed-by: "J. Bruce Fields" 
---
 fs/Makefile |   2 +-
 fs/richacl_inode.c  | 148 
 include/linux/richacl.h |   3 +
 3 files changed, 152 insertions(+), 1 deletion(-)
 create mode 100644 fs/richacl_inode.c

diff --git a/fs/Makefile b/fs/Makefile
index fe3e9dd..ec665fd 100644
--- a/fs/Makefile
+++ b/fs/Makefile
@@ -49,7 +49,7 @@ obj-$(CONFIG_SYSCTL)  += drop_caches.o
 
 obj-$(CONFIG_FHANDLE)  += fhandle.o
 obj-$(CONFIG_FS_RICHACL)   += richacl.o
-richacl-y  := richacl_base.o
+richacl-y  := richacl_base.o richacl_inode.o
 
 obj-y  += quota/
 
diff --git a/fs/richacl_inode.c b/fs/richacl_inode.c
new file mode 100644
index 000..54e899d
--- /dev/null
+++ b/fs/richacl_inode.c
@@ -0,0 +1,148 @@
+/*
+ * Copyright (C) 2010  Novell, Inc.
+ * Copyright (C) 2015  Red Hat, Inc.
+ * Written by Andreas Gruenbacher 
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2, or (at your option) any
+ * later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+
+/**
+ * richacl_permission  -  richacl permission check algorithm
+ * @inode: inode to check
+ * @acl:   rich acl of the inode
+ * @want:  requested access (MAY_* flags)
+ *
+ * Checks if the current process is granted @mask flags in @acl.
+ */
+int
+richacl_permission(struct inode *inode, const struct richacl *acl,
+  int want)
+{
+   const struct richace *ace;
+   unsigned int mask = richacl_want_to_mask(want);
+   unsigned int requested = mask, denied = 0;
+   int in_owning_group = in_group_p(inode->i_gid);
+   int in_owner_or_group_class = in_owning_group;
+
+   /*
+* A process is
+*   - in the owner file class if it owns the file,
+*   - in the group file class if it is in the file's owning group or
+* it matches any of the user or group entries, and
+*   - in the other file class otherwise.
+* The file class is only relevant for determining which file mask to
+* apply, which only happens for masked acls.
+*/
+   if (acl->a_flags & RICHACL_MASKED) {
+   if ((acl->a_flags & RICHACL_WRITE_THROUGH) &&
+   uid_eq(current_fsuid(), inode->i_uid)) {
+   denied = requested & ~acl->a_owner_mask;
+   goto out;
+   }
+   } else {
+   /*
+* When the acl is not masked, there is no need to determine if
+* the process is in the group class and we can break out
+* earlier of the loop below.
+*/
+   in_owner_or_group_class = 1;
+   }
+
+   /*
+* Check if the acl grants the requested access and determine which
+* file class the process is in.
+*/
+   richacl_for_each_entry(ace, acl) {
+   unsigned int ace_mask = ace->e_mask;
+
+   if (richace_is_inherit_only(ace))
+   continue;
+   if (richace_is_owner(ace)) {
+   if (!uid_eq(current_fsuid(), inode->i_uid))
+   continue;
+   goto entry_matches_owner;
+   } else if (richace_is_group(ace)) {
+   if (!in_owning_group)
+   continue;
+   } else if (richace_is_unix_user(ace)) {
+   if (!uid_eq(current_fsuid(), ace->e_id.uid))
+   continue;
+   goto entry_matches_owner;
+   } else if (richace_is_unix_group(ace)) {
+   if (!in_group_p(ace->e_id.gid))
+   continue;
+   } else
+   goto entry_matches_everyone;
+
+   /*
+* Apply the group file mask to entries other than owner@ and
+* everyone@ or user entries matching the owner.  This ensures
+* that we grant the same permissions as the acl computed by
+* richacl_apply_masks().
+*
+* Without this restriction, the following richacl would grant
+* rw access to

[PATCH v8 10/41] richacl: Permission check algorithm

2015-09-27 Thread Andreas Gruenbacher

A richacl roughly grants a requested access if the NFSv4 acl in the
richacl grants the requested permissions according to the NFSv4
permission check algorithm and the file mask that applies to the process
includes the requested permissions.

Signed-off-by: Andreas Gruenbacher 
Reviewed-by: "J. Bruce Fields" 
---
 fs/Makefile |   2 +-
 fs/richacl_inode.c  | 148 
 include/linux/richacl.h |   3 +
 3 files changed, 152 insertions(+), 1 deletion(-)
 create mode 100644 fs/richacl_inode.c

diff --git a/fs/Makefile b/fs/Makefile
index fe3e9dd..ec665fd 100644
--- a/fs/Makefile
+++ b/fs/Makefile
@@ -49,7 +49,7 @@ obj-$(CONFIG_SYSCTL)  += drop_caches.o
 
 obj-$(CONFIG_FHANDLE)  += fhandle.o
 obj-$(CONFIG_FS_RICHACL)   += richacl.o
-richacl-y  := richacl_base.o
+richacl-y  := richacl_base.o richacl_inode.o
 
 obj-y  += quota/
 
diff --git a/fs/richacl_inode.c b/fs/richacl_inode.c
new file mode 100644
index 000..54e899d
--- /dev/null
+++ b/fs/richacl_inode.c
@@ -0,0 +1,148 @@
+/*
+ * Copyright (C) 2010  Novell, Inc.
+ * Copyright (C) 2015  Red Hat, Inc.
+ * Written by Andreas Gruenbacher 
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2, or (at your option) any
+ * later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+
+/**
+ * richacl_permission  -  richacl permission check algorithm
+ * @inode: inode to check
+ * @acl:   rich acl of the inode
+ * @want:  requested access (MAY_* flags)
+ *
+ * Checks if the current process is granted @mask flags in @acl.
+ */
+int
+richacl_permission(struct inode *inode, const struct richacl *acl,
+  int want)
+{
+   const struct richace *ace;
+   unsigned int mask = richacl_want_to_mask(want);
+   unsigned int requested = mask, denied = 0;
+   int in_owning_group = in_group_p(inode->i_gid);
+   int in_owner_or_group_class = in_owning_group;
+
+   /*
+* A process is
+*   - in the owner file class if it owns the file,
+*   - in the group file class if it is in the file's owning group or
+* it matches any of the user or group entries, and
+*   - in the other file class otherwise.
+* The file class is only relevant for determining which file mask to
+* apply, which only happens for masked acls.
+*/
+   if (acl->a_flags & RICHACL_MASKED) {
+   if ((acl->a_flags & RICHACL_WRITE_THROUGH) &&
+   uid_eq(current_fsuid(), inode->i_uid)) {
+   denied = requested & ~acl->a_owner_mask;
+   goto out;
+   }
+   } else {
+   /*
+* When the acl is not masked, there is no need to determine if
+* the process is in the group class and we can break out
+* earlier of the loop below.
+*/
+   in_owner_or_group_class = 1;
+   }
+
+   /*
+* Check if the acl grants the requested access and determine which
+* file class the process is in.
+*/
+   richacl_for_each_entry(ace, acl) {
+   unsigned int ace_mask = ace->e_mask;
+
+   if (richace_is_inherit_only(ace))
+   continue;
+   if (richace_is_owner(ace)) {
+   if (!uid_eq(current_fsuid(), inode->i_uid))
+   continue;
+   goto entry_matches_owner;
+   } else if (richace_is_group(ace)) {
+   if (!in_owning_group)
+   continue;
+   } else if (richace_is_unix_user(ace)) {
+   if (!uid_eq(current_fsuid(), ace->e_id.uid))
+   continue;
+   goto entry_matches_owner;
+   } else if (richace_is_unix_group(ace)) {
+   if (!in_group_p(ace->e_id.gid))
+   continue;
+   } else
+   goto entry_matches_everyone;
+
+   /*
+* Apply the group file mask to entries other than owner@ and
+* everyone@ or user entries matching the owner.  This ensures
+* that we grant the same permissions as the acl computed by
+* richacl_apply_masks().
+*
+* Without this restriction, the

Re: [PATCH v8 10/41] richacl: Permission check algorithm

Re: [PATCH v8 10/41] richacl: Permission check algorithm

Re: [PATCH v8 10/41] richacl: Permission check algorithm

Re: [PATCH v8 10/41] richacl: Permission check algorithm

Re: [PATCH v8 10/41] richacl: Permission check algorithm

Re: [PATCH v8 10/41] richacl: Permission check algorithm

Re: [PATCH v8 10/41] richacl: Permission check algorithm

Re: [PATCH v8 10/41] richacl: Permission check algorithm

[PATCH v8 10/41] richacl: Permission check algorithm

[PATCH v8 10/41] richacl: Permission check algorithm

10 matches

Site Navigation

Mail list logo

Footer information