[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1437570209-29832-28-git-send-email-andreas.gruenbacher@gmail.com>
Date: Wed, 22 Jul 2015 15:03:17 +0200
From: Andreas Gruenbacher <andreas.gruenbacher@...il.com>
To: linux-kernel@...r.kernel.org
Cc: linux-fsdevel@...r.kernel.org, linux-nfs@...r.kernel.org,
linux-api@...r.kernel.org, samba-technical@...ts.samba.org,
linux-security-module@...r.kernel.org,
Andreas Gruenbacher <agruenba@...hat.com>
Subject: [PATCH v5 27/39] richacl: Create richacl from mode values
From: Andreas Gruenbacher <agruenba@...hat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@...hat.com>
---
fs/richacl_compat.c | 88 +++++++++++++++++++++++++++++++++++++++++++++++++
include/linux/richacl.h | 1 +
2 files changed, 89 insertions(+)
diff --git a/fs/richacl_compat.c b/fs/richacl_compat.c
index 05219ce..b7d3990 100644
--- a/fs/richacl_compat.c
+++ b/fs/richacl_compat.c
@@ -813,3 +813,91 @@ richacl_apply_masks(struct richacl **acl, kuid_t owner)
return 0;
}
EXPORT_SYMBOL_GPL(richacl_apply_masks);
+
+/**
+ * richacl_from_mode - create an acl which corresponds to @mode
+ *
+ * The resulting acl doesn't have the RICHACL_MASKED flag set.
+ *
+ * @mode: file mode including the file type
+ */
+struct richacl *
+richacl_from_mode(mode_t mode)
+{
+ unsigned int owner_mask = richacl_mode_to_mask(mode >> 6);
+ unsigned int group_mask = richacl_mode_to_mask(mode >> 3);
+ unsigned int other_mask = richacl_mode_to_mask(mode);
+ unsigned int denied;
+ unsigned int entries = 0;
+ struct richacl *acl;
+ struct richace *ace;
+
+ /* RICHACE_DELETE_CHILD is meaningless for non-directories. */
+ if (!S_ISDIR(mode)) {
+ owner_mask &= ~RICHACE_DELETE_CHILD;
+ group_mask &= ~RICHACE_DELETE_CHILD;
+ other_mask &= ~RICHACE_DELETE_CHILD;
+ }
+
+ denied = ~owner_mask & (group_mask | other_mask);
+ if (denied)
+ entries++; /* owner@ deny entry needed */
+ if (owner_mask & ~(group_mask & other_mask))
+ entries++; /* owner@ allow entry needed */
+ denied = ~group_mask & other_mask;
+ if (denied)
+ entries++; /* group@ deny entry needed */
+ if (group_mask & ~other_mask)
+ entries++; /* group@ allow entry needed */
+ if (other_mask)
+ entries++; /* everyone@ allow entry needed */
+
+ acl = richacl_alloc(entries, GFP_KERNEL);
+ if (!acl)
+ return NULL;
+ acl->a_owner_mask = owner_mask;
+ acl->a_group_mask = group_mask;
+ acl->a_other_mask = other_mask;
+ ace = acl->a_entries;
+
+ denied = ~owner_mask & (group_mask | other_mask);
+ if (denied) {
+ ace->e_type = RICHACE_ACCESS_DENIED_ACE_TYPE;
+ ace->e_flags = RICHACE_SPECIAL_WHO;
+ ace->e_mask = denied;
+ ace->e_id.special = RICHACE_OWNER_SPECIAL_ID;
+ ace++;
+ }
+ if (owner_mask & ~(group_mask & other_mask)) {
+ ace->e_type = RICHACE_ACCESS_ALLOWED_ACE_TYPE;
+ ace->e_flags = RICHACE_SPECIAL_WHO;
+ ace->e_mask = owner_mask;
+ ace->e_id.special = RICHACE_OWNER_SPECIAL_ID;
+ ace++;
+ }
+ denied = ~group_mask & other_mask;
+ if (denied) {
+ ace->e_type = RICHACE_ACCESS_DENIED_ACE_TYPE;
+ ace->e_flags = RICHACE_SPECIAL_WHO;
+ ace->e_mask = denied;
+ ace->e_id.special = RICHACE_GROUP_SPECIAL_ID;
+ ace++;
+ }
+ if (group_mask & ~other_mask) {
+ ace->e_type = RICHACE_ACCESS_ALLOWED_ACE_TYPE;
+ ace->e_flags = RICHACE_SPECIAL_WHO;
+ ace->e_mask = group_mask;
+ ace->e_id.special = RICHACE_GROUP_SPECIAL_ID;
+ ace++;
+ }
+ if (other_mask) {
+ ace->e_type = RICHACE_ACCESS_ALLOWED_ACE_TYPE;
+ ace->e_flags = RICHACE_SPECIAL_WHO;
+ ace->e_mask = other_mask;
+ ace->e_id.special = RICHACE_EVERYONE_SPECIAL_ID;
+ ace++;
+ }
+
+ return acl;
+}
+EXPORT_SYMBOL_GPL(richacl_from_mode);
diff --git a/include/linux/richacl.h b/include/linux/richacl.h
index ef23581..eeb5bd9 100644
--- a/include/linux/richacl.h
+++ b/include/linux/richacl.h
@@ -338,5 +338,6 @@ extern struct richacl *richacl_create(struct inode *, struct inode *);
/* richacl_compat.c */
extern int richacl_apply_masks(struct richacl **, kuid_t);
+extern struct richacl *richacl_from_mode(mode_t);
#endif /* __RICHACL_H */
--
2.4.3
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists