lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <1443391772-10171-42-git-send-email-agruenba@redhat.com> Date: Mon, 28 Sep 2015 00:09:32 +0200 From: Andreas Gruenbacher <agruenba@...hat.com> To: Alexander Viro <viro@...iv.linux.org.uk>, "Theodore Ts'o" <tytso@....edu>, Andreas Dilger <adilger.kernel@...ger.ca>, "J. Bruce Fields" <bfields@...ldses.org>, Jeff Layton <jlayton@...chiereds.net>, Trond Myklebust <trond.myklebust@...marydata.com>, Anna Schumaker <anna.schumaker@...app.com>, linux-ext4@...r.kernel.org, linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org, linux-nfs@...r.kernel.org, linux-api@...r.kernel.org Subject: [PATCH v8 41/41] richacl: uapi header split Signed-off-by: Andreas Gruenbacher <agruenba@...hat.com> --- include/linux/richacl.h | 119 +++++-------------------------------- include/linux/richacl_xattr.h | 17 +----- include/uapi/linux/Kbuild | 2 + include/uapi/linux/richacl.h | 111 ++++++++++++++++++++++++++++++++++ include/uapi/linux/richacl_xattr.h | 43 ++++++++++++++ 5 files changed, 173 insertions(+), 119 deletions(-) create mode 100644 include/uapi/linux/richacl.h create mode 100644 include/uapi/linux/richacl_xattr.h diff --git a/include/linux/richacl.h b/include/linux/richacl.h index 1822666..8875941 100644 --- a/include/linux/richacl.h +++ b/include/linux/richacl.h @@ -17,9 +17,7 @@ #ifndef __RICHACL_H #define __RICHACL_H -#define RICHACE_OWNER_SPECIAL_ID 0 -#define RICHACE_GROUP_SPECIAL_ID 1 -#define RICHACE_EVERYONE_SPECIAL_ID 2 +#include <uapi/linux/richacl.h> struct richace { unsigned short e_type; @@ -44,43 +42,12 @@ struct richacl { struct richace a_entries[0]; }; -#define richacl_for_each_entry(_ace, _acl) \ - for (_ace = (_acl)->a_entries; \ - _ace != (_acl)->a_entries + (_acl)->a_count; \ - _ace++) - -#define richacl_for_each_entry_reverse(_ace, _acl) \ - for (_ace = (_acl)->a_entries + (_acl)->a_count - 1; \ - _ace != (_acl)->a_entries - 1; \ - _ace--) - -/* a_flags values */ -#define RICHACL_AUTO_INHERIT 0x01 -#define RICHACL_PROTECTED 0x02 -#define RICHACL_DEFAULTED 0x04 -#define RICHACL_WRITE_THROUGH 0x40 -#define RICHACL_MASKED 0x80 - #define RICHACL_VALID_FLAGS ( \ - RICHACL_AUTO_INHERIT | \ - RICHACL_PROTECTED | \ - RICHACL_DEFAULTED | \ - RICHACL_WRITE_THROUGH | \ - RICHACL_MASKED) - -/* e_type values */ -#define RICHACE_ACCESS_ALLOWED_ACE_TYPE 0x0000 -#define RICHACE_ACCESS_DENIED_ACE_TYPE 0x0001 - -/* e_flags bitflags */ -#define RICHACE_FILE_INHERIT_ACE 0x0001 -#define RICHACE_DIRECTORY_INHERIT_ACE 0x0002 -#define RICHACE_NO_PROPAGATE_INHERIT_ACE 0x0004 -#define RICHACE_INHERIT_ONLY_ACE 0x0008 -#define RICHACE_IDENTIFIER_GROUP 0x0040 -#define RICHACE_INHERITED_ACE 0x0080 -#define RICHACE_UNMAPPED_WHO 0x2000 -#define RICHACE_SPECIAL_WHO 0x4000 + RICHACL_AUTO_INHERIT | \ + RICHACL_PROTECTED | \ + RICHACL_DEFAULTED | \ + RICHACL_WRITE_THROUGH | \ + RICHACL_MASKED) #define RICHACE_VALID_FLAGS ( \ RICHACE_FILE_INHERIT_ACE | \ @@ -99,27 +66,6 @@ struct richacl { RICHACE_INHERIT_ONLY_ACE | \ RICHACE_INHERITED_ACE ) -/* e_mask bitflags */ -#define RICHACE_READ_DATA 0x00000001 -#define RICHACE_LIST_DIRECTORY 0x00000001 -#define RICHACE_WRITE_DATA 0x00000002 -#define RICHACE_ADD_FILE 0x00000002 -#define RICHACE_APPEND_DATA 0x00000004 -#define RICHACE_ADD_SUBDIRECTORY 0x00000004 -#define RICHACE_READ_NAMED_ATTRS 0x00000008 -#define RICHACE_WRITE_NAMED_ATTRS 0x00000010 -#define RICHACE_EXECUTE 0x00000020 -#define RICHACE_DELETE_CHILD 0x00000040 -#define RICHACE_READ_ATTRIBUTES 0x00000080 -#define RICHACE_WRITE_ATTRIBUTES 0x00000100 -#define RICHACE_WRITE_RETENTION 0x00000200 -#define RICHACE_WRITE_RETENTION_HOLD 0x00000400 -#define RICHACE_DELETE 0x00010000 -#define RICHACE_READ_ACL 0x00020000 -#define RICHACE_WRITE_ACL 0x00040000 -#define RICHACE_WRITE_OWNER 0x00080000 -#define RICHACE_SYNCHRONIZE 0x00100000 - /* Valid RICHACE_* flags for directories and non-directories */ #define RICHACE_VALID_MASK ( \ RICHACE_READ_DATA | RICHACE_LIST_DIRECTORY | \ @@ -139,49 +85,16 @@ struct richacl { RICHACE_WRITE_OWNER | \ RICHACE_SYNCHRONIZE) -/* - * The POSIX permissions are supersets of the following NFSv4 permissions: - * - * - MAY_READ maps to READ_DATA or LIST_DIRECTORY, depending on the type - * of the file system object. - * - * - MAY_WRITE maps to WRITE_DATA or RICHACE_APPEND_DATA for files, and to - * ADD_FILE, RICHACE_ADD_SUBDIRECTORY, or RICHACE_DELETE_CHILD for directories. - * - * - MAY_EXECUTE maps to RICHACE_EXECUTE. - * - * (Some of these NFSv4 permissions have the same bit values.) - */ -#define RICHACE_POSIX_MODE_READ ( \ - RICHACE_READ_DATA | \ - RICHACE_LIST_DIRECTORY) -#define RICHACE_POSIX_MODE_WRITE ( \ - RICHACE_WRITE_DATA | \ - RICHACE_ADD_FILE | \ - RICHACE_APPEND_DATA | \ - RICHACE_ADD_SUBDIRECTORY | \ - RICHACE_DELETE_CHILD) -#define RICHACE_POSIX_MODE_EXEC RICHACE_EXECUTE -#define RICHACE_POSIX_MODE_ALL ( \ - RICHACE_POSIX_MODE_READ | \ - RICHACE_POSIX_MODE_WRITE | \ - RICHACE_POSIX_MODE_EXEC) -/* - * These permissions are always allowed - * no matter what the acl says. - */ -#define RICHACE_POSIX_ALWAYS_ALLOWED ( \ - RICHACE_SYNCHRONIZE | \ - RICHACE_READ_ATTRIBUTES | \ - RICHACE_READ_ACL) -/* - * The owner is implicitly granted - * these permissions under POSIX. - */ -#define RICHACE_POSIX_OWNER_ALLOWED ( \ - RICHACE_WRITE_ATTRIBUTES | \ - RICHACE_WRITE_OWNER | \ - RICHACE_WRITE_ACL) +#define richacl_for_each_entry(_ace, _acl) \ + for (_ace = (_acl)->a_entries; \ + _ace != (_acl)->a_entries + (_acl)->a_count; \ + _ace++) + +#define richacl_for_each_entry_reverse(_ace, _acl) \ + for (_ace = (_acl)->a_entries + (_acl)->a_count - 1; \ + _ace != (_acl)->a_entries - 1; \ + _ace--) + /** * richacl_get - grab another reference to a richacl handle */ diff --git a/include/linux/richacl_xattr.h b/include/linux/richacl_xattr.h index f84cc21..eff36a3 100644 --- a/include/linux/richacl_xattr.h +++ b/include/linux/richacl_xattr.h @@ -17,24 +17,9 @@ #ifndef __RICHACL_XATTR_H #define __RICHACL_XATTR_H +#include <uapi/linux/richacl_xattr.h> #include <linux/richacl.h> -struct richace_xattr { - __le16 e_type; - __le16 e_flags; - __le32 e_mask; - __le32 e_id; -}; - -struct richacl_xattr { - unsigned char a_version; - unsigned char a_flags; - __le16 a_count; - __le32 a_owner_mask; - __le32 a_group_mask; - __le32 a_other_mask; -}; - #define RICHACL_XATTR_VERSION 0 #define RICHACL_XATTR_MAX_COUNT \ ((XATTR_SIZE_MAX - sizeof(struct richacl_xattr)) / \ diff --git a/include/uapi/linux/Kbuild b/include/uapi/linux/Kbuild index f7b2db4..18ad070 100644 --- a/include/uapi/linux/Kbuild +++ b/include/uapi/linux/Kbuild @@ -348,6 +348,8 @@ header-y += reboot.h header-y += reiserfs_fs.h header-y += reiserfs_xattr.h header-y += resource.h +header-y += richacl.h +header-y += richacl_xattr.h header-y += rfkill.h header-y += romfs_fs.h header-y += rose.h diff --git a/include/uapi/linux/richacl.h b/include/uapi/linux/richacl.h new file mode 100644 index 0000000..6887f88 --- /dev/null +++ b/include/uapi/linux/richacl.h @@ -0,0 +1,111 @@ +/* + * Copyright (C) 2006, 2010 Novell, Inc. + * Copyright (C) 2015 Red Hat, Inc. + * Written by Andreas Gruenbacher <agruen@...nel.org> + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2, or (at your option) any + * later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + */ + +#ifndef __UAPI_RICHACL_H +#define __UAPI_RICHACL_H + +/* a_flags values */ +#define RICHACL_AUTO_INHERIT 0x01 +#define RICHACL_PROTECTED 0x02 +#define RICHACL_DEFAULTED 0x04 +#define RICHACL_WRITE_THROUGH 0x40 +#define RICHACL_MASKED 0x80 + +/* e_type values */ +#define RICHACE_ACCESS_ALLOWED_ACE_TYPE 0x0000 +#define RICHACE_ACCESS_DENIED_ACE_TYPE 0x0001 + +/* e_flags bitflags */ +#define RICHACE_FILE_INHERIT_ACE 0x0001 +#define RICHACE_DIRECTORY_INHERIT_ACE 0x0002 +#define RICHACE_NO_PROPAGATE_INHERIT_ACE 0x0004 +#define RICHACE_INHERIT_ONLY_ACE 0x0008 +#define RICHACE_IDENTIFIER_GROUP 0x0040 +#define RICHACE_INHERITED_ACE 0x0080 +#define RICHACE_UNMAPPED_WHO 0x2000 +#define RICHACE_SPECIAL_WHO 0x4000 + +/* e_mask bitflags */ +#define RICHACE_READ_DATA 0x00000001 +#define RICHACE_LIST_DIRECTORY 0x00000001 +#define RICHACE_WRITE_DATA 0x00000002 +#define RICHACE_ADD_FILE 0x00000002 +#define RICHACE_APPEND_DATA 0x00000004 +#define RICHACE_ADD_SUBDIRECTORY 0x00000004 +#define RICHACE_READ_NAMED_ATTRS 0x00000008 +#define RICHACE_WRITE_NAMED_ATTRS 0x00000010 +#define RICHACE_EXECUTE 0x00000020 +#define RICHACE_DELETE_CHILD 0x00000040 +#define RICHACE_READ_ATTRIBUTES 0x00000080 +#define RICHACE_WRITE_ATTRIBUTES 0x00000100 +#define RICHACE_WRITE_RETENTION 0x00000200 +#define RICHACE_WRITE_RETENTION_HOLD 0x00000400 +#define RICHACE_DELETE 0x00010000 +#define RICHACE_READ_ACL 0x00020000 +#define RICHACE_WRITE_ACL 0x00040000 +#define RICHACE_WRITE_OWNER 0x00080000 +#define RICHACE_SYNCHRONIZE 0x00100000 + +/* e_id values */ +#define RICHACE_OWNER_SPECIAL_ID 0 +#define RICHACE_GROUP_SPECIAL_ID 1 +#define RICHACE_EVERYONE_SPECIAL_ID 2 + +/* + * The POSIX permissions are supersets of the following richacl permissions: + * + * - MAY_READ maps to READ_DATA or LIST_DIRECTORY, depending on the type + * of the file system object. + * + * - MAY_WRITE maps to WRITE_DATA or RICHACE_APPEND_DATA for files, and to + * ADD_FILE, RICHACE_ADD_SUBDIRECTORY, or RICHACE_DELETE_CHILD for directories. + * + * - MAY_EXECUTE maps to RICHACE_EXECUTE. + * + * (Some of these richacl permissions have the same bit values.) + */ +#define RICHACE_POSIX_MODE_READ ( \ + RICHACE_READ_DATA | \ + RICHACE_LIST_DIRECTORY) +#define RICHACE_POSIX_MODE_WRITE ( \ + RICHACE_WRITE_DATA | \ + RICHACE_ADD_FILE | \ + RICHACE_APPEND_DATA | \ + RICHACE_ADD_SUBDIRECTORY | \ + RICHACE_DELETE_CHILD) +#define RICHACE_POSIX_MODE_EXEC RICHACE_EXECUTE +#define RICHACE_POSIX_MODE_ALL ( \ + RICHACE_POSIX_MODE_READ | \ + RICHACE_POSIX_MODE_WRITE | \ + RICHACE_POSIX_MODE_EXEC) + +/* + * These permissions are always allowed no matter what the acl says. + */ +#define RICHACE_POSIX_ALWAYS_ALLOWED ( \ + RICHACE_SYNCHRONIZE | \ + RICHACE_READ_ATTRIBUTES | \ + RICHACE_READ_ACL) + +/* + * The owner is implicitly granted these permissions under POSIX. + */ +#define RICHACE_POSIX_OWNER_ALLOWED ( \ + RICHACE_WRITE_ATTRIBUTES | \ + RICHACE_WRITE_OWNER | \ + RICHACE_WRITE_ACL) + +#endif /* __UAPI_RICHACL_H */ diff --git a/include/uapi/linux/richacl_xattr.h b/include/uapi/linux/richacl_xattr.h new file mode 100644 index 0000000..6f96bc0 --- /dev/null +++ b/include/uapi/linux/richacl_xattr.h @@ -0,0 +1,43 @@ +/* + * Copyright (C) 2006, 2010 Novell, Inc. + * Copyright (C) 2015 Red Hat, Inc. + * Written by Andreas Gruenbacher <agruen@...nel.org> + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2, or (at your option) any + * later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + */ + +#ifndef __UAPI_RICHACL_XATTR_H +#define __UAPI_RICHACL_XATTR_H + +#include <linux/types.h> +#include <linux/xattr.h> + +struct richace_xattr { + __le16 e_type; + __le16 e_flags; + __le32 e_mask; + __le32 e_id; +}; + +struct richacl_xattr { + unsigned char a_version; + unsigned char a_flags; + __le16 a_count; + __le32 a_owner_mask; + __le32 a_group_mask; + __le32 a_other_mask; +}; + +#define RICHACL_XATTR_MAX_COUNT \ + ((XATTR_SIZE_MAX - sizeof(struct richacl_xattr)) / \ + sizeof(struct richace_xattr)) + +#endif /* __UAPI_RICHACL_XATTR_H */ -- 2.4.3 -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists