294 static int check_acl(struct mnt_idmap *idmap,  in check_acl()  argument
307 	        return posix_acl_permission(idmap, inode, acl, mask);  in check_acl()
314 	        int error = posix_acl_permission(idmap, inode, acl, mask);  in check_acl()
339 static int acl_permission_check(struct mnt_idmap *idmap,  in acl_permission_check()  argument
346 	vfsuid = i_uid_into_vfsuid(idmap, inode);  in acl_permission_check()
355 		int error = check_acl(idmap, inode, mask);  in acl_permission_check()
369 		vfsgid_t vfsgid = i_gid_into_vfsgid(idmap, inode);  in acl_permission_check()
400 int generic_permission(struct mnt_idmap *idmap, struct inode *inode,  in generic_permission()  argument
408 	ret = acl_permission_check(idmap, inode, mask);  in generic_permission()
415 			if (capable_wrt_inode_uidgid(idmap, inode,  in generic_permission()
418 		if (capable_wrt_inode_uidgid(idmap, inode,  in generic_permission()
429 		if (capable_wrt_inode_uidgid(idmap, inode,  in generic_permission()
438 		if (capable_wrt_inode_uidgid(idmap, inode,  in generic_permission()
457 static inline int do_inode_permission(struct mnt_idmap *idmap,  in do_inode_permission()  argument
462 			return inode->i_op->permission(idmap, inode, mask);  in do_inode_permission()
469 	return generic_permission(idmap, inode, mask);  in do_inode_permission()
504 int inode_permission(struct mnt_idmap *idmap,  in inode_permission()  argument
525 		if (HAS_UNMAPPED_ID(idmap, inode))  in inode_permission()
529 	retval = do_inode_permission(idmap, inode, mask);  in inode_permission()
1104 	struct mnt_idmap *idmap;  in may_follow_link()  local
1110 	idmap = mnt_idmap(nd->path.mnt);  in may_follow_link()
1111 	vfsuid = i_uid_into_vfsuid(idmap, inode);  in may_follow_link()
1145 static bool safe_hardlink_source(struct mnt_idmap *idmap,  in safe_hardlink_source()  argument
1163 	if (inode_permission(idmap, inode, MAY_READ | MAY_WRITE))  in safe_hardlink_source()
1188 int may_linkat(struct mnt_idmap *idmap, const struct path *link)  in may_linkat()  argument
1193 	if (!vfsuid_valid(i_uid_into_vfsuid(idmap, inode)) ||  in may_linkat()
1194 	    !vfsgid_valid(i_gid_into_vfsgid(idmap, inode)))  in may_linkat()
1203 	if (safe_hardlink_source(idmap, inode) ||  in may_linkat()
1204 	    inode_owner_or_capable(idmap, inode))  in may_linkat()
1238 static int may_create_in_sticky(struct mnt_idmap *idmap,  in may_create_in_sticky()  argument
1247 	    vfsuid_eq(i_uid_into_vfsuid(idmap, inode), dir_vfsuid) ||  in may_create_in_sticky()
1248 	    vfsuid_eq_kuid(i_uid_into_vfsuid(idmap, inode), current_fsuid()))  in may_create_in_sticky()
1716 static inline int may_lookup(struct mnt_idmap *idmap,  in may_lookup()  argument
1720 		int err = inode_permission(idmap, nd->inode, MAY_EXEC|MAY_NOT_BLOCK);  in may_lookup()
1724 	return inode_permission(idmap, nd->inode, MAY_EXEC);  in may_lookup()
2265 		struct mnt_idmap *idmap;  in link_path_walk()  local
2270 		idmap = mnt_idmap(nd->path.mnt);  in link_path_walk()
2271 		err = may_lookup(idmap, nd);  in link_path_walk()
2319 				nd->dir_vfsuid = i_uid_into_vfsuid(idmap, nd->inode);  in link_path_walk()
2660 static int lookup_one_common(struct mnt_idmap *idmap,  in lookup_one_common()  argument
2690 	return inode_permission(idmap, base->d_inode, MAY_EXEC);  in lookup_one_common()
2762 struct dentry *lookup_one(struct mnt_idmap *idmap, const char *name,  in lookup_one()  argument
2771 	err = lookup_one_common(idmap, name, base, len, &this);  in lookup_one()
2793 struct dentry *lookup_one_unlocked(struct mnt_idmap *idmap,  in lookup_one_unlocked()  argument
2801 	err = lookup_one_common(idmap, name, base, len, &this);  in lookup_one_unlocked()
2832 struct dentry *lookup_one_positive_unlocked(struct mnt_idmap *idmap,  in lookup_one_positive_unlocked()  argument
2836 	struct dentry *ret = lookup_one_unlocked(idmap, name, base, len);  in lookup_one_positive_unlocked()
2918 int __check_sticky(struct mnt_idmap *idmap, struct inode *dir,  in __check_sticky()  argument
2923 	if (vfsuid_eq_kuid(i_uid_into_vfsuid(idmap, inode), fsuid))  in __check_sticky()
2925 	if (vfsuid_eq_kuid(i_uid_into_vfsuid(idmap, dir), fsuid))  in __check_sticky()
2927 	return !capable_wrt_inode_uidgid(idmap, inode, CAP_FOWNER);  in __check_sticky()
2951 static int may_delete(struct mnt_idmap *idmap, struct inode *dir,  in may_delete()  argument
2964 	if (!vfsuid_valid(i_uid_into_vfsuid(idmap, inode)) ||  in may_delete()
2965 	    !vfsgid_valid(i_gid_into_vfsgid(idmap, inode)))  in may_delete()
2970 	error = inode_permission(idmap, dir, MAY_WRITE | MAY_EXEC);  in may_delete()
2976 	if (check_sticky(idmap, dir, inode) || IS_APPEND(inode) ||  in may_delete()
2978 	    HAS_UNMAPPED_ID(idmap, inode))  in may_delete()
3003 static inline int may_create(struct mnt_idmap *idmap,  in may_create()  argument
3011 	if (!fsuidgid_has_mapping(dir->i_sb, idmap))  in may_create()
3014 	return inode_permission(idmap, dir, MAY_WRITE | MAY_EXEC);  in may_create()
3143 static inline umode_t vfs_prepare_mode(struct mnt_idmap *idmap,  in vfs_prepare_mode()  argument
3147 	mode = mode_strip_sgid(idmap, dir, mode);  in vfs_prepare_mode()
3176 int vfs_create(struct mnt_idmap *idmap, struct inode *dir,  in vfs_create()  argument
3181 	error = may_create(idmap, dir, dentry);  in vfs_create()
3188 	mode = vfs_prepare_mode(idmap, dir, mode, S_IALLUGO, S_IFREG);  in vfs_create()
3192 	error = dir->i_op->create(idmap, dir, dentry, mode, want_excl);  in vfs_create()
3226 static int may_open(struct mnt_idmap *idmap, const struct path *path,  in may_open()  argument
3262 	error = inode_permission(idmap, inode, MAY_OPEN | acc_mode);  in may_open()
3277 	if (flag & O_NOATIME && !inode_owner_or_capable(idmap, inode))  in may_open()
3283 static int handle_truncate(struct mnt_idmap *idmap, struct file *filp)  in handle_truncate()  argument
3293 		error = do_truncate(idmap, path->dentry, 0,  in handle_truncate()
3308 static int may_o_create(struct mnt_idmap *idmap,  in may_o_create()  argument
3316 	if (!fsuidgid_has_mapping(dir->dentry->d_sb, idmap))  in may_o_create()
3319 	error = inode_permission(idmap, dir->dentry->d_inode,  in may_o_create()
3399 	struct mnt_idmap *idmap;  in lookup_open()  local
3447 	idmap = mnt_idmap(nd->path.mnt);  in lookup_open()
3451 		mode = vfs_prepare_mode(idmap, dir->d_inode, mode, mode, mode);  in lookup_open()
3453 			create_error = may_o_create(idmap, &nd->path,  in lookup_open()
3490 		error = dir_inode->i_op->create(idmap, dir_inode, dentry,  in lookup_open()
3593 	struct mnt_idmap *idmap;  in do_open()  local
3606 	idmap = mnt_idmap(nd->path.mnt);  in do_open()
3612 		error = may_create_in_sticky(idmap, nd,  in do_open()
3632 	error = may_open(idmap, &nd->path, acc_mode, open_flag);  in do_open()
3638 		error = handle_truncate(idmap, file);  in do_open()
3663 static int vfs_tmpfile(struct mnt_idmap *idmap,  in vfs_tmpfile()  argument
3674 	error = inode_permission(idmap, dir, MAY_WRITE | MAY_EXEC);  in vfs_tmpfile()
3684 	mode = vfs_prepare_mode(idmap, dir, mode, mode, mode);  in vfs_tmpfile()
3685 	error = dir->i_op->tmpfile(idmap, dir, file, mode);  in vfs_tmpfile()
3690 	error = may_open(idmap, &file->f_path, 0, file->f_flags);  in vfs_tmpfile()
3699 	ima_post_create_tmpfile(idmap, inode);  in vfs_tmpfile()
3715 struct file *kernel_tmpfile_open(struct mnt_idmap *idmap,  in kernel_tmpfile_open()  argument
3727 	error = vfs_tmpfile(idmap, parentpath, file, mode);  in kernel_tmpfile_open()
3968 int vfs_mknod(struct mnt_idmap *idmap, struct inode *dir,  in vfs_mknod()  argument
3972 	int error = may_create(idmap, dir, dentry);  in vfs_mknod()
3984 	mode = vfs_prepare_mode(idmap, dir, mode, mode, mode);  in vfs_mknod()
3993 	error = dir->i_op->mknod(idmap, dir, dentry, mode, dev);  in vfs_mknod()
4020 	struct mnt_idmap *idmap;  in do_mknodat()  local
4040 	idmap = mnt_idmap(path.mnt);  in do_mknodat()
4043 			error = vfs_create(idmap, path.dentry->d_inode,  in do_mknodat()
4046 				ima_post_path_mknod(idmap, dentry);  in do_mknodat()
4049 			error = vfs_mknod(idmap, path.dentry->d_inode,  in do_mknodat()
4053 			error = vfs_mknod(idmap, path.dentry->d_inode,  in do_mknodat()
4094 int vfs_mkdir(struct mnt_idmap *idmap, struct inode *dir,  in vfs_mkdir()  argument
4100 	error = may_create(idmap, dir, dentry);  in vfs_mkdir()
4107 	mode = vfs_prepare_mode(idmap, dir, mode, S_IRWXUGO | S_ISVTX, 0);  in vfs_mkdir()
4115 	error = dir->i_op->mkdir(idmap, dir, dentry, mode);  in vfs_mkdir()
4175 int vfs_rmdir(struct mnt_idmap *idmap, struct inode *dir,  in vfs_rmdir()  argument
4178 	int error = may_delete(idmap, dir, dentry, 1);  in vfs_rmdir()
4304 int vfs_unlink(struct mnt_idmap *idmap, struct inode *dir,  in vfs_unlink()  argument
4308 	int error = may_delete(idmap, dir, dentry, 0);  in vfs_unlink()
4459 int vfs_symlink(struct mnt_idmap *idmap, struct inode *dir,  in vfs_symlink()  argument
4464 	error = may_create(idmap, dir, dentry);  in vfs_symlink()
4475 	error = dir->i_op->symlink(idmap, dir, dentry, oldname);  in vfs_symlink()
4551 int vfs_link(struct dentry *old_dentry, struct mnt_idmap *idmap,  in vfs_link()  argument
4562 	error = may_create(idmap, dir, new_dentry);  in vfs_link()
4579 	if (HAS_UNMAPPED_ID(idmap, inode))  in vfs_link()
4626 	struct mnt_idmap *idmap;  in do_linkat()  local
4663 	idmap = mnt_idmap(new_path.mnt);  in do_linkat()
4664 	error = may_linkat(idmap, &old_path);  in do_linkat()
4670 	error = vfs_link(old_path.dentry, idmap, new_path.dentry->d_inode,  in do_linkat()