[PATCH] sanitize ->permission() prototype
* kill nameidata * argument; map the 3 bits in ->flags anybody cares about to new MAY_... ones and pass with the mask. * kill redundant gfs2_iop_permission() * sanitize ecryptfs_permission() * fix remaining places where ->permission() instances might barf on new MAY_... found in mask. The obvious next target in that direction is permission(9) folded fix for nfs_permission() breakage from Miklos Szeredi <mszeredi@suse.cz> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
parent
1bd5191d9f
commit
e6305c43ed
38 changed files with 74 additions and 87 deletions
|
@ -469,8 +469,6 @@ extern bool afs_cm_incoming_call(struct afs_call *);
|
|||
extern const struct inode_operations afs_dir_inode_operations;
|
||||
extern const struct file_operations afs_dir_file_operations;
|
||||
|
||||
extern int afs_permission(struct inode *, int, struct nameidata *);
|
||||
|
||||
/*
|
||||
* file.c
|
||||
*/
|
||||
|
@ -605,7 +603,7 @@ extern void afs_clear_permits(struct afs_vnode *);
|
|||
extern void afs_cache_permit(struct afs_vnode *, struct key *, long);
|
||||
extern void afs_zap_permits(struct rcu_head *);
|
||||
extern struct key *afs_request_key(struct afs_cell *);
|
||||
extern int afs_permission(struct inode *, int, struct nameidata *);
|
||||
extern int afs_permission(struct inode *, int);
|
||||
|
||||
/*
|
||||
* server.c
|
||||
|
|
|
@ -284,7 +284,7 @@ static int afs_check_permit(struct afs_vnode *vnode, struct key *key,
|
|||
* - AFS ACLs are attached to directories only, and a file is controlled by its
|
||||
* parent directory's ACL
|
||||
*/
|
||||
int afs_permission(struct inode *inode, int mask, struct nameidata *nd)
|
||||
int afs_permission(struct inode *inode, int mask)
|
||||
{
|
||||
struct afs_vnode *vnode = AFS_FS_I(inode);
|
||||
afs_access_t uninitialized_var(access);
|
||||
|
|
|
@ -243,8 +243,7 @@ static int bad_inode_readlink(struct dentry *dentry, char __user *buffer,
|
|||
return -EIO;
|
||||
}
|
||||
|
||||
static int bad_inode_permission(struct inode *inode, int mask,
|
||||
struct nameidata *nd)
|
||||
static int bad_inode_permission(struct inode *inode, int mask)
|
||||
{
|
||||
return -EIO;
|
||||
}
|
||||
|
|
|
@ -267,7 +267,7 @@ cifs_statfs(struct dentry *dentry, struct kstatfs *buf)
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int cifs_permission(struct inode *inode, int mask, struct nameidata *nd)
|
||||
static int cifs_permission(struct inode *inode, int mask)
|
||||
{
|
||||
struct cifs_sb_info *cifs_sb;
|
||||
|
||||
|
|
|
@ -137,9 +137,11 @@ static struct dentry *coda_lookup(struct inode *dir, struct dentry *entry, struc
|
|||
}
|
||||
|
||||
|
||||
int coda_permission(struct inode *inode, int mask, struct nameidata *nd)
|
||||
int coda_permission(struct inode *inode, int mask)
|
||||
{
|
||||
int error = 0;
|
||||
|
||||
mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
|
||||
|
||||
if (!mask)
|
||||
return 0;
|
||||
|
|
|
@ -24,8 +24,7 @@
|
|||
#include <linux/coda_psdev.h>
|
||||
|
||||
/* pioctl ops */
|
||||
static int coda_ioctl_permission(struct inode *inode, int mask,
|
||||
struct nameidata *nd);
|
||||
static int coda_ioctl_permission(struct inode *inode, int mask);
|
||||
static int coda_pioctl(struct inode * inode, struct file * filp,
|
||||
unsigned int cmd, unsigned long user_data);
|
||||
|
||||
|
@ -42,8 +41,7 @@ const struct file_operations coda_ioctl_operations = {
|
|||
};
|
||||
|
||||
/* the coda pioctl inode ops */
|
||||
static int coda_ioctl_permission(struct inode *inode, int mask,
|
||||
struct nameidata *nd)
|
||||
static int coda_ioctl_permission(struct inode *inode, int mask)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -830,22 +830,9 @@ int ecryptfs_truncate(struct dentry *dentry, loff_t new_length)
|
|||
}
|
||||
|
||||
static int
|
||||
ecryptfs_permission(struct inode *inode, int mask, struct nameidata *nd)
|
||||
ecryptfs_permission(struct inode *inode, int mask)
|
||||
{
|
||||
int rc;
|
||||
|
||||
if (nd) {
|
||||
struct vfsmount *vfsmnt_save = nd->path.mnt;
|
||||
struct dentry *dentry_save = nd->path.dentry;
|
||||
|
||||
nd->path.mnt = ecryptfs_dentry_to_lower_mnt(nd->path.dentry);
|
||||
nd->path.dentry = ecryptfs_dentry_to_lower(nd->path.dentry);
|
||||
rc = permission(ecryptfs_inode_to_lower(inode), mask, nd);
|
||||
nd->path.mnt = vfsmnt_save;
|
||||
nd->path.dentry = dentry_save;
|
||||
} else
|
||||
rc = permission(ecryptfs_inode_to_lower(inode), mask, NULL);
|
||||
return rc;
|
||||
return permission(ecryptfs_inode_to_lower(inode), mask, NULL);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -294,7 +294,7 @@ ext2_check_acl(struct inode *inode, int mask)
|
|||
}
|
||||
|
||||
int
|
||||
ext2_permission(struct inode *inode, int mask, struct nameidata *nd)
|
||||
ext2_permission(struct inode *inode, int mask)
|
||||
{
|
||||
return generic_permission(inode, mask, ext2_check_acl);
|
||||
}
|
||||
|
|
|
@ -58,7 +58,7 @@ static inline int ext2_acl_count(size_t size)
|
|||
#define EXT2_ACL_NOT_CACHED ((void *)-1)
|
||||
|
||||
/* acl.c */
|
||||
extern int ext2_permission (struct inode *, int, struct nameidata *);
|
||||
extern int ext2_permission (struct inode *, int);
|
||||
extern int ext2_acl_chmod (struct inode *);
|
||||
extern int ext2_init_acl (struct inode *, struct inode *);
|
||||
|
||||
|
|
|
@ -299,7 +299,7 @@ ext3_check_acl(struct inode *inode, int mask)
|
|||
}
|
||||
|
||||
int
|
||||
ext3_permission(struct inode *inode, int mask, struct nameidata *nd)
|
||||
ext3_permission(struct inode *inode, int mask)
|
||||
{
|
||||
return generic_permission(inode, mask, ext3_check_acl);
|
||||
}
|
||||
|
|
|
@ -58,7 +58,7 @@ static inline int ext3_acl_count(size_t size)
|
|||
#define EXT3_ACL_NOT_CACHED ((void *)-1)
|
||||
|
||||
/* acl.c */
|
||||
extern int ext3_permission (struct inode *, int, struct nameidata *);
|
||||
extern int ext3_permission (struct inode *, int);
|
||||
extern int ext3_acl_chmod (struct inode *);
|
||||
extern int ext3_init_acl (handle_t *, struct inode *, struct inode *);
|
||||
|
||||
|
|
|
@ -299,7 +299,7 @@ ext4_check_acl(struct inode *inode, int mask)
|
|||
}
|
||||
|
||||
int
|
||||
ext4_permission(struct inode *inode, int mask, struct nameidata *nd)
|
||||
ext4_permission(struct inode *inode, int mask)
|
||||
{
|
||||
return generic_permission(inode, mask, ext4_check_acl);
|
||||
}
|
||||
|
|
|
@ -58,7 +58,7 @@ static inline int ext4_acl_count(size_t size)
|
|||
#define EXT4_ACL_NOT_CACHED ((void *)-1)
|
||||
|
||||
/* acl.c */
|
||||
extern int ext4_permission (struct inode *, int, struct nameidata *);
|
||||
extern int ext4_permission (struct inode *, int);
|
||||
extern int ext4_acl_chmod (struct inode *);
|
||||
extern int ext4_init_acl (handle_t *, struct inode *, struct inode *);
|
||||
|
||||
|
|
|
@ -898,7 +898,7 @@ static int fuse_access(struct inode *inode, int mask)
|
|||
return PTR_ERR(req);
|
||||
|
||||
memset(&inarg, 0, sizeof(inarg));
|
||||
inarg.mask = mask;
|
||||
inarg.mask = mask & (MAY_READ | MAY_WRITE | MAY_EXEC);
|
||||
req->in.h.opcode = FUSE_ACCESS;
|
||||
req->in.h.nodeid = get_node_id(inode);
|
||||
req->in.numargs = 1;
|
||||
|
@ -927,7 +927,7 @@ static int fuse_access(struct inode *inode, int mask)
|
|||
* access request is sent. Execute permission is still checked
|
||||
* locally based on file mode.
|
||||
*/
|
||||
static int fuse_permission(struct inode *inode, int mask, struct nameidata *nd)
|
||||
static int fuse_permission(struct inode *inode, int mask)
|
||||
{
|
||||
struct fuse_conn *fc = get_fuse_conn(inode);
|
||||
bool refreshed = false;
|
||||
|
@ -962,7 +962,7 @@ static int fuse_permission(struct inode *inode, int mask, struct nameidata *nd)
|
|||
exist. So if permissions are revoked this won't be
|
||||
noticed immediately, only after the attribute
|
||||
timeout has expired */
|
||||
} else if (nd && (nd->flags & (LOOKUP_ACCESS | LOOKUP_CHDIR))) {
|
||||
} else if (mask & (MAY_ACCESS | MAY_CHDIR)) {
|
||||
err = fuse_access(inode, mask);
|
||||
} else if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) {
|
||||
if (!(inode->i_mode & S_IXUGO)) {
|
||||
|
|
|
@ -915,12 +915,6 @@ int gfs2_permission(struct inode *inode, int mask)
|
|||
return error;
|
||||
}
|
||||
|
||||
static int gfs2_iop_permission(struct inode *inode, int mask,
|
||||
struct nameidata *nd)
|
||||
{
|
||||
return gfs2_permission(inode, mask);
|
||||
}
|
||||
|
||||
static int setattr_size(struct inode *inode, struct iattr *attr)
|
||||
{
|
||||
struct gfs2_inode *ip = GFS2_I(inode);
|
||||
|
@ -1150,7 +1144,7 @@ static int gfs2_removexattr(struct dentry *dentry, const char *name)
|
|||
}
|
||||
|
||||
const struct inode_operations gfs2_file_iops = {
|
||||
.permission = gfs2_iop_permission,
|
||||
.permission = gfs2_permission,
|
||||
.setattr = gfs2_setattr,
|
||||
.getattr = gfs2_getattr,
|
||||
.setxattr = gfs2_setxattr,
|
||||
|
@ -1169,7 +1163,7 @@ const struct inode_operations gfs2_dir_iops = {
|
|||
.rmdir = gfs2_rmdir,
|
||||
.mknod = gfs2_mknod,
|
||||
.rename = gfs2_rename,
|
||||
.permission = gfs2_iop_permission,
|
||||
.permission = gfs2_permission,
|
||||
.setattr = gfs2_setattr,
|
||||
.getattr = gfs2_getattr,
|
||||
.setxattr = gfs2_setxattr,
|
||||
|
@ -1181,7 +1175,7 @@ const struct inode_operations gfs2_dir_iops = {
|
|||
const struct inode_operations gfs2_symlink_iops = {
|
||||
.readlink = gfs2_readlink,
|
||||
.follow_link = gfs2_follow_link,
|
||||
.permission = gfs2_iop_permission,
|
||||
.permission = gfs2_permission,
|
||||
.setattr = gfs2_setattr,
|
||||
.getattr = gfs2_getattr,
|
||||
.setxattr = gfs2_setxattr,
|
||||
|
|
|
@ -511,8 +511,7 @@ void hfs_clear_inode(struct inode *inode)
|
|||
}
|
||||
}
|
||||
|
||||
static int hfs_permission(struct inode *inode, int mask,
|
||||
struct nameidata *nd)
|
||||
static int hfs_permission(struct inode *inode, int mask)
|
||||
{
|
||||
if (S_ISREG(inode->i_mode) && mask & MAY_EXEC)
|
||||
return 0;
|
||||
|
|
|
@ -238,7 +238,7 @@ static void hfsplus_set_perms(struct inode *inode, struct hfsplus_perm *perms)
|
|||
perms->dev = cpu_to_be32(HFSPLUS_I(inode).dev);
|
||||
}
|
||||
|
||||
static int hfsplus_permission(struct inode *inode, int mask, struct nameidata *nd)
|
||||
static int hfsplus_permission(struct inode *inode, int mask)
|
||||
{
|
||||
/* MAY_EXEC is also used for lookup, if no x bit is set allow lookup,
|
||||
* open_exec has the same test, so it's still not executable, if a x bit
|
||||
|
|
|
@ -822,7 +822,7 @@ int hostfs_rename(struct inode *from_ino, struct dentry *from,
|
|||
return err;
|
||||
}
|
||||
|
||||
int hostfs_permission(struct inode *ino, int desired, struct nameidata *nd)
|
||||
int hostfs_permission(struct inode *ino, int desired)
|
||||
{
|
||||
char *name;
|
||||
int r = 0, w = 0, x = 0, err;
|
||||
|
|
|
@ -314,7 +314,7 @@ static int jffs2_check_acl(struct inode *inode, int mask)
|
|||
return -EAGAIN;
|
||||
}
|
||||
|
||||
int jffs2_permission(struct inode *inode, int mask, struct nameidata *nd)
|
||||
int jffs2_permission(struct inode *inode, int mask)
|
||||
{
|
||||
return generic_permission(inode, mask, jffs2_check_acl);
|
||||
}
|
||||
|
|
|
@ -28,7 +28,7 @@ struct jffs2_acl_header {
|
|||
|
||||
#define JFFS2_ACL_NOT_CACHED ((void *)-1)
|
||||
|
||||
extern int jffs2_permission(struct inode *, int, struct nameidata *);
|
||||
extern int jffs2_permission(struct inode *, int);
|
||||
extern int jffs2_acl_chmod(struct inode *);
|
||||
extern int jffs2_init_acl_pre(struct inode *, struct inode *, int *);
|
||||
extern int jffs2_init_acl_post(struct inode *);
|
||||
|
|
|
@ -140,7 +140,7 @@ static int jfs_check_acl(struct inode *inode, int mask)
|
|||
return -EAGAIN;
|
||||
}
|
||||
|
||||
int jfs_permission(struct inode *inode, int mask, struct nameidata *nd)
|
||||
int jfs_permission(struct inode *inode, int mask)
|
||||
{
|
||||
return generic_permission(inode, mask, jfs_check_acl);
|
||||
}
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
|
||||
#ifdef CONFIG_JFS_POSIX_ACL
|
||||
|
||||
int jfs_permission(struct inode *, int, struct nameidata *);
|
||||
int jfs_permission(struct inode *, int);
|
||||
int jfs_init_acl(tid_t, struct inode *, struct inode *);
|
||||
int jfs_setattr(struct dentry *, struct iattr *);
|
||||
|
||||
|
|
23
fs/namei.c
23
fs/namei.c
|
@ -185,6 +185,8 @@ int generic_permission(struct inode *inode, int mask,
|
|||
{
|
||||
umode_t mode = inode->i_mode;
|
||||
|
||||
mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
|
||||
|
||||
if (current->fsuid == inode->i_uid)
|
||||
mode >>= 6;
|
||||
else {
|
||||
|
@ -203,7 +205,7 @@ int generic_permission(struct inode *inode, int mask,
|
|||
/*
|
||||
* If the DACs are ok we don't need any capability check.
|
||||
*/
|
||||
if (((mode & mask & (MAY_READ|MAY_WRITE|MAY_EXEC)) == mask))
|
||||
if ((mask & ~mode) == 0)
|
||||
return 0;
|
||||
|
||||
check_capabilities:
|
||||
|
@ -228,7 +230,7 @@ int generic_permission(struct inode *inode, int mask,
|
|||
|
||||
int permission(struct inode *inode, int mask, struct nameidata *nd)
|
||||
{
|
||||
int retval, submask;
|
||||
int retval;
|
||||
struct vfsmount *mnt = NULL;
|
||||
|
||||
if (nd)
|
||||
|
@ -261,9 +263,17 @@ int permission(struct inode *inode, int mask, struct nameidata *nd)
|
|||
}
|
||||
|
||||
/* Ordinary permission routines do not understand MAY_APPEND. */
|
||||
submask = mask & ~MAY_APPEND;
|
||||
if (inode->i_op && inode->i_op->permission) {
|
||||
retval = inode->i_op->permission(inode, submask, nd);
|
||||
int extra = 0;
|
||||
if (nd) {
|
||||
if (nd->flags & LOOKUP_ACCESS)
|
||||
extra |= MAY_ACCESS;
|
||||
if (nd->flags & LOOKUP_CHDIR)
|
||||
extra |= MAY_CHDIR;
|
||||
if (nd->flags & LOOKUP_OPEN)
|
||||
extra |= MAY_OPEN;
|
||||
}
|
||||
retval = inode->i_op->permission(inode, mask | extra);
|
||||
if (!retval) {
|
||||
/*
|
||||
* Exec permission on a regular file is denied if none
|
||||
|
@ -277,7 +287,7 @@ int permission(struct inode *inode, int mask, struct nameidata *nd)
|
|||
return -EACCES;
|
||||
}
|
||||
} else {
|
||||
retval = generic_permission(inode, submask, NULL);
|
||||
retval = generic_permission(inode, mask, NULL);
|
||||
}
|
||||
if (retval)
|
||||
return retval;
|
||||
|
@ -286,7 +296,8 @@ int permission(struct inode *inode, int mask, struct nameidata *nd)
|
|||
if (retval)
|
||||
return retval;
|
||||
|
||||
return security_inode_permission(inode, mask, nd);
|
||||
return security_inode_permission(inode,
|
||||
mask & (MAY_READ|MAY_WRITE|MAY_EXEC), nd);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
11
fs/nfs/dir.c
11
fs/nfs/dir.c
|
@ -1884,7 +1884,7 @@ static int nfs_do_access(struct inode *inode, struct rpc_cred *cred, int mask)
|
|||
return status;
|
||||
nfs_access_add_cache(inode, &cache);
|
||||
out:
|
||||
if ((cache.mask & mask) == mask)
|
||||
if ((mask & ~cache.mask & (MAY_READ | MAY_WRITE | MAY_EXEC)) == 0)
|
||||
return 0;
|
||||
return -EACCES;
|
||||
}
|
||||
|
@ -1907,17 +1907,17 @@ int nfs_may_open(struct inode *inode, struct rpc_cred *cred, int openflags)
|
|||
return nfs_do_access(inode, cred, nfs_open_permission_mask(openflags));
|
||||
}
|
||||
|
||||
int nfs_permission(struct inode *inode, int mask, struct nameidata *nd)
|
||||
int nfs_permission(struct inode *inode, int mask)
|
||||
{
|
||||
struct rpc_cred *cred;
|
||||
int res = 0;
|
||||
|
||||
nfs_inc_stats(inode, NFSIOS_VFSACCESS);
|
||||
|
||||
if (mask == 0)
|
||||
if ((mask & (MAY_READ | MAY_WRITE | MAY_EXEC)) == 0)
|
||||
goto out;
|
||||
/* Is this sys_access() ? */
|
||||
if (nd != NULL && (nd->flags & LOOKUP_ACCESS))
|
||||
if (mask & MAY_ACCESS)
|
||||
goto force_lookup;
|
||||
|
||||
switch (inode->i_mode & S_IFMT) {
|
||||
|
@ -1926,8 +1926,7 @@ int nfs_permission(struct inode *inode, int mask, struct nameidata *nd)
|
|||
case S_IFREG:
|
||||
/* NFSv4 has atomic_open... */
|
||||
if (nfs_server_capable(inode, NFS_CAP_ATOMIC_OPEN)
|
||||
&& nd != NULL
|
||||
&& (nd->flags & LOOKUP_OPEN))
|
||||
&& (mask & MAY_OPEN))
|
||||
goto out;
|
||||
break;
|
||||
case S_IFDIR:
|
||||
|
|
|
@ -1176,7 +1176,7 @@ int ocfs2_getattr(struct vfsmount *mnt,
|
|||
return err;
|
||||
}
|
||||
|
||||
int ocfs2_permission(struct inode *inode, int mask, struct nameidata *nd)
|
||||
int ocfs2_permission(struct inode *inode, int mask)
|
||||
{
|
||||
int ret;
|
||||
|
||||
|
|
|
@ -62,8 +62,7 @@ int ocfs2_lock_allocators(struct inode *inode, struct ocfs2_dinode *di,
|
|||
int ocfs2_setattr(struct dentry *dentry, struct iattr *attr);
|
||||
int ocfs2_getattr(struct vfsmount *mnt, struct dentry *dentry,
|
||||
struct kstat *stat);
|
||||
int ocfs2_permission(struct inode *inode, int mask,
|
||||
struct nameidata *nd);
|
||||
int ocfs2_permission(struct inode *inode, int mask);
|
||||
|
||||
int ocfs2_should_update_atime(struct inode *inode,
|
||||
struct vfsmount *vfsmnt);
|
||||
|
|
|
@ -1859,8 +1859,7 @@ static const struct file_operations proc_fd_operations = {
|
|||
* /proc/pid/fd needs a special permission handler so that a process can still
|
||||
* access /proc/self/fd after it has executed a setuid().
|
||||
*/
|
||||
static int proc_fd_permission(struct inode *inode, int mask,
|
||||
struct nameidata *nd)
|
||||
static int proc_fd_permission(struct inode *inode, int mask)
|
||||
{
|
||||
int rv;
|
||||
|
||||
|
|
|
@ -292,7 +292,7 @@ static int proc_sys_readdir(struct file *filp, void *dirent, filldir_t filldir)
|
|||
return ret;
|
||||
}
|
||||
|
||||
static int proc_sys_permission(struct inode *inode, int mask, struct nameidata *nd)
|
||||
static int proc_sys_permission(struct inode *inode, int mask)
|
||||
{
|
||||
/*
|
||||
* sysctl entries that are not writeable,
|
||||
|
|
|
@ -1250,7 +1250,7 @@ static int reiserfs_check_acl(struct inode *inode, int mask)
|
|||
return error;
|
||||
}
|
||||
|
||||
int reiserfs_permission(struct inode *inode, int mask, struct nameidata *nd)
|
||||
int reiserfs_permission(struct inode *inode, int mask)
|
||||
{
|
||||
/*
|
||||
* We don't do permission checks on the internal objects.
|
||||
|
|
|
@ -408,7 +408,7 @@ smb_file_release(struct inode *inode, struct file * file)
|
|||
* privileges, so we need our own check for this.
|
||||
*/
|
||||
static int
|
||||
smb_file_permission(struct inode *inode, int mask, struct nameidata *nd)
|
||||
smb_file_permission(struct inode *inode, int mask)
|
||||
{
|
||||
int mode = inode->i_mode;
|
||||
int error = 0;
|
||||
|
@ -417,7 +417,7 @@ smb_file_permission(struct inode *inode, int mask, struct nameidata *nd)
|
|||
|
||||
/* Look at user permissions */
|
||||
mode >>= 6;
|
||||
if ((mode & 7 & mask) != mask)
|
||||
if (mask & ~mode & (MAY_READ | MAY_WRITE | MAY_EXEC))
|
||||
error = -EACCES;
|
||||
return error;
|
||||
}
|
||||
|
|
|
@ -589,8 +589,7 @@ xfs_check_acl(
|
|||
STATIC int
|
||||
xfs_vn_permission(
|
||||
struct inode *inode,
|
||||
int mask,
|
||||
struct nameidata *nd)
|
||||
int mask)
|
||||
{
|
||||
return generic_permission(inode, mask, xfs_check_acl);
|
||||
}
|
||||
|
|
|
@ -37,7 +37,7 @@ extern const struct file_operations coda_ioctl_operations;
|
|||
/* operations shared over more than one file */
|
||||
int coda_open(struct inode *i, struct file *f);
|
||||
int coda_release(struct inode *i, struct file *f);
|
||||
int coda_permission(struct inode *inode, int mask, struct nameidata *nd);
|
||||
int coda_permission(struct inode *inode, int mask);
|
||||
int coda_revalidate_inode(struct dentry *);
|
||||
int coda_getattr(struct vfsmount *, struct dentry *, struct kstat *);
|
||||
int coda_setattr(struct dentry *, struct iattr *);
|
||||
|
|
|
@ -60,6 +60,9 @@ extern int dir_notify_enable;
|
|||
#define MAY_WRITE 2
|
||||
#define MAY_READ 4
|
||||
#define MAY_APPEND 8
|
||||
#define MAY_ACCESS 16
|
||||
#define MAY_CHDIR 32
|
||||
#define MAY_OPEN 64
|
||||
|
||||
#define FMODE_READ 1
|
||||
#define FMODE_WRITE 2
|
||||
|
@ -1272,7 +1275,7 @@ struct inode_operations {
|
|||
void * (*follow_link) (struct dentry *, struct nameidata *);
|
||||
void (*put_link) (struct dentry *, struct nameidata *, void *);
|
||||
void (*truncate) (struct inode *);
|
||||
int (*permission) (struct inode *, int, struct nameidata *);
|
||||
int (*permission) (struct inode *, int);
|
||||
int (*setattr) (struct dentry *, struct iattr *);
|
||||
int (*getattr) (struct vfsmount *mnt, struct dentry *, struct kstat *);
|
||||
int (*setxattr) (struct dentry *, const char *,const void *,size_t,int);
|
||||
|
|
|
@ -332,7 +332,7 @@ extern int nfs_refresh_inode(struct inode *, struct nfs_fattr *);
|
|||
extern int nfs_post_op_update_inode(struct inode *inode, struct nfs_fattr *fattr);
|
||||
extern int nfs_post_op_update_inode_force_wcc(struct inode *inode, struct nfs_fattr *fattr);
|
||||
extern int nfs_getattr(struct vfsmount *, struct dentry *, struct kstat *);
|
||||
extern int nfs_permission(struct inode *, int, struct nameidata *);
|
||||
extern int nfs_permission(struct inode *, int);
|
||||
extern int nfs_open(struct inode *, struct file *);
|
||||
extern int nfs_release(struct inode *, struct file *);
|
||||
extern int nfs_attribute_timeout(struct inode *inode);
|
||||
|
|
|
@ -55,7 +55,7 @@ int reiserfs_removexattr(struct dentry *dentry, const char *name);
|
|||
int reiserfs_delete_xattrs(struct inode *inode);
|
||||
int reiserfs_chown_xattrs(struct inode *inode, struct iattr *attrs);
|
||||
int reiserfs_xattr_init(struct super_block *sb, int mount_flags);
|
||||
int reiserfs_permission(struct inode *inode, int mask, struct nameidata *nd);
|
||||
int reiserfs_permission(struct inode *inode, int mask);
|
||||
|
||||
int reiserfs_xattr_del(struct inode *, const char *);
|
||||
int reiserfs_xattr_get(const struct inode *, const char *, void *, size_t);
|
||||
|
|
|
@ -43,7 +43,7 @@ static inline struct shmem_inode_info *SHMEM_I(struct inode *inode)
|
|||
}
|
||||
|
||||
#ifdef CONFIG_TMPFS_POSIX_ACL
|
||||
int shmem_permission(struct inode *, int, struct nameidata *);
|
||||
int shmem_permission(struct inode *, int);
|
||||
int shmem_acl_init(struct inode *, struct inode *);
|
||||
void shmem_acl_destroy_inode(struct inode *);
|
||||
|
||||
|
|
|
@ -1516,9 +1516,9 @@ static int do_sysctl_strategy(struct ctl_table_root *root,
|
|||
int op = 0, rc;
|
||||
|
||||
if (oldval)
|
||||
op |= 004;
|
||||
op |= MAY_READ;
|
||||
if (newval)
|
||||
op |= 002;
|
||||
op |= MAY_WRITE;
|
||||
if (sysctl_perm(root, table, op))
|
||||
return -EPERM;
|
||||
|
||||
|
@ -1560,7 +1560,7 @@ static int parse_table(int __user *name, int nlen,
|
|||
if (n == table->ctl_name) {
|
||||
int error;
|
||||
if (table->child) {
|
||||
if (sysctl_perm(root, table, 001))
|
||||
if (sysctl_perm(root, table, MAY_EXEC))
|
||||
return -EPERM;
|
||||
name++;
|
||||
nlen--;
|
||||
|
@ -1635,7 +1635,7 @@ static int test_perm(int mode, int op)
|
|||
mode >>= 6;
|
||||
else if (in_egroup_p(0))
|
||||
mode >>= 3;
|
||||
if ((mode & op & 0007) == op)
|
||||
if ((op & ~mode & (MAY_READ|MAY_WRITE|MAY_EXEC)) == 0)
|
||||
return 0;
|
||||
return -EACCES;
|
||||
}
|
||||
|
@ -1645,7 +1645,7 @@ int sysctl_perm(struct ctl_table_root *root, struct ctl_table *table, int op)
|
|||
int error;
|
||||
int mode;
|
||||
|
||||
error = security_sysctl(table, op);
|
||||
error = security_sysctl(table, op & (MAY_READ | MAY_WRITE | MAY_EXEC));
|
||||
if (error)
|
||||
return error;
|
||||
|
||||
|
|
|
@ -191,7 +191,7 @@ shmem_check_acl(struct inode *inode, int mask)
|
|||
* shmem_permission - permission() inode operation
|
||||
*/
|
||||
int
|
||||
shmem_permission(struct inode *inode, int mask, struct nameidata *nd)
|
||||
shmem_permission(struct inode *inode, int mask)
|
||||
{
|
||||
return generic_permission(inode, mask, shmem_check_acl);
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue