xref: /openbmc/linux/fs/jffs2/acl.c (revision 8fa5723aa7e053d498336b48448b292fc2e0458b) 
1 /*
2  * JFFS2 -- Journalling Flash File System, Version 2.
3  *
4  * Copyright © 2006  NEC Corporation
5  *
6  * Created by KaiGai Kohei <kaigai@ak.jp.nec.com>
7  *
8  * For licensing information, see the file 'LICENCE' in this directory.
9  *
10  */
11 
12 #include <linux/kernel.h>
13 #include <linux/slab.h>
14 #include <linux/fs.h>
15 #include <linux/sched.h>
16 #include <linux/time.h>
17 #include <linux/crc32.h>
18 #include <linux/jffs2.h>
19 #include <linux/xattr.h>
20 #include <linux/posix_acl_xattr.h>
21 #include <linux/mtd/mtd.h>
22 #include "nodelist.h"
23 
24 static size_t jffs2_acl_size(int count)
25 {
26 	if (count <= 4) {
27 		return sizeof(struct jffs2_acl_header)
28 		       + count * sizeof(struct jffs2_acl_entry_short);
29 	} else {
30 		return sizeof(struct jffs2_acl_header)
31 		       + 4 * sizeof(struct jffs2_acl_entry_short)
32 		       + (count - 4) * sizeof(struct jffs2_acl_entry);
33 	}
34 }
35 
36 static int jffs2_acl_count(size_t size)
37 {
38 	size_t s;
39 
40 	size -= sizeof(struct jffs2_acl_header);
41 	s = size - 4 * sizeof(struct jffs2_acl_entry_short);
42 	if (s < 0) {
43 		if (size % sizeof(struct jffs2_acl_entry_short))
44 			return -1;
45 		return size / sizeof(struct jffs2_acl_entry_short);
46 	} else {
47 		if (s % sizeof(struct jffs2_acl_entry))
48 			return -1;
49 		return s / sizeof(struct jffs2_acl_entry) + 4;
50 	}
51 }
52 
53 static struct posix_acl *jffs2_acl_from_medium(void *value, size_t size)
54 {
55 	void *end = value + size;
56 	struct jffs2_acl_header *header = value;
57 	struct jffs2_acl_entry *entry;
58 	struct posix_acl *acl;
59 	uint32_t ver;
60 	int i, count;
61 
62 	if (!value)
63 		return NULL;
64 	if (size < sizeof(struct jffs2_acl_header))
65 		return ERR_PTR(-EINVAL);
66 	ver = je32_to_cpu(header->a_version);
67 	if (ver != JFFS2_ACL_VERSION) {
68 		JFFS2_WARNING("Invalid ACL version. (=%u)\n", ver);
69 		return ERR_PTR(-EINVAL);
70 	}
71 
72 	value += sizeof(struct jffs2_acl_header);
73 	count = jffs2_acl_count(size);
74 	if (count < 0)
75 		return ERR_PTR(-EINVAL);
76 	if (count == 0)
77 		return NULL;
78 
79 	acl = posix_acl_alloc(count, GFP_KERNEL);
80 	if (!acl)
81 		return ERR_PTR(-ENOMEM);
82 
83 	for (i=0; i < count; i++) {
84 		entry = value;
85 		if (value + sizeof(struct jffs2_acl_entry_short) > end)
86 			goto fail;
87 		acl->a_entries[i].e_tag = je16_to_cpu(entry->e_tag);
88 		acl->a_entries[i].e_perm = je16_to_cpu(entry->e_perm);
89 		switch (acl->a_entries[i].e_tag) {
90 			case ACL_USER_OBJ:
91 			case ACL_GROUP_OBJ:
92 			case ACL_MASK:
93 			case ACL_OTHER:
94 				value += sizeof(struct jffs2_acl_entry_short);
95 				acl->a_entries[i].e_id = ACL_UNDEFINED_ID;
96 				break;
97 
98 			case ACL_USER:
99 			case ACL_GROUP:
100 				value += sizeof(struct jffs2_acl_entry);
101 				if (value > end)
102 					goto fail;
103 				acl->a_entries[i].e_id = je32_to_cpu(entry->e_id);
104 				break;
105 
106 			default:
107 				goto fail;
108 		}
109 	}
110 	if (value != end)
111 		goto fail;
112 	return acl;
113  fail:
114 	posix_acl_release(acl);
115 	return ERR_PTR(-EINVAL);
116 }
117 
118 static void *jffs2_acl_to_medium(const struct posix_acl *acl, size_t *size)
119 {
120 	struct jffs2_acl_header *header;
121 	struct jffs2_acl_entry *entry;
122 	void *e;
123 	size_t i;
124 
125 	*size = jffs2_acl_size(acl->a_count);
126 	header = kmalloc(sizeof(*header) + acl->a_count * sizeof(*entry), GFP_KERNEL);
127 	if (!header)
128 		return ERR_PTR(-ENOMEM);
129 	header->a_version = cpu_to_je32(JFFS2_ACL_VERSION);
130 	e = header + 1;
131 	for (i=0; i < acl->a_count; i++) {
132 		entry = e;
133 		entry->e_tag = cpu_to_je16(acl->a_entries[i].e_tag);
134 		entry->e_perm = cpu_to_je16(acl->a_entries[i].e_perm);
135 		switch(acl->a_entries[i].e_tag) {
136 			case ACL_USER:
137 			case ACL_GROUP:
138 				entry->e_id = cpu_to_je32(acl->a_entries[i].e_id);
139 				e += sizeof(struct jffs2_acl_entry);
140 				break;
141 
142 			case ACL_USER_OBJ:
143 			case ACL_GROUP_OBJ:
144 			case ACL_MASK:
145 			case ACL_OTHER:
146 				e += sizeof(struct jffs2_acl_entry_short);
147 				break;
148 
149 			default:
150 				goto fail;
151 		}
152 	}
153 	return header;
154  fail:
155 	kfree(header);
156 	return ERR_PTR(-EINVAL);
157 }
158 
159 static struct posix_acl *jffs2_iget_acl(struct inode *inode, struct posix_acl **i_acl)
160 {
161 	struct posix_acl *acl = JFFS2_ACL_NOT_CACHED;
162 
163 	spin_lock(&inode->i_lock);
164 	if (*i_acl != JFFS2_ACL_NOT_CACHED)
165 		acl = posix_acl_dup(*i_acl);
166 	spin_unlock(&inode->i_lock);
167 	return acl;
168 }
169 
170 static void jffs2_iset_acl(struct inode *inode, struct posix_acl **i_acl, struct posix_acl *acl)
171 {
172 	spin_lock(&inode->i_lock);
173 	if (*i_acl != JFFS2_ACL_NOT_CACHED)
174 		posix_acl_release(*i_acl);
175 	*i_acl = posix_acl_dup(acl);
176 	spin_unlock(&inode->i_lock);
177 }
178 
179 static struct posix_acl *jffs2_get_acl(struct inode *inode, int type)
180 {
181 	struct jffs2_inode_info *f = JFFS2_INODE_INFO(inode);
182 	struct posix_acl *acl;
183 	char *value = NULL;
184 	int rc, xprefix;
185 
186 	switch (type) {
187 	case ACL_TYPE_ACCESS:
188 		acl = jffs2_iget_acl(inode, &f->i_acl_access);
189 		if (acl != JFFS2_ACL_NOT_CACHED)
190 			return acl;
191 		xprefix = JFFS2_XPREFIX_ACL_ACCESS;
192 		break;
193 	case ACL_TYPE_DEFAULT:
194 		acl = jffs2_iget_acl(inode, &f->i_acl_default);
195 		if (acl != JFFS2_ACL_NOT_CACHED)
196 			return acl;
197 		xprefix = JFFS2_XPREFIX_ACL_DEFAULT;
198 		break;
199 	default:
200 		return ERR_PTR(-EINVAL);
201 	}
202 	rc = do_jffs2_getxattr(inode, xprefix, "", NULL, 0);
203 	if (rc > 0) {
204 		value = kmalloc(rc, GFP_KERNEL);
205 		if (!value)
206 			return ERR_PTR(-ENOMEM);
207 		rc = do_jffs2_getxattr(inode, xprefix, "", value, rc);
208 	}
209 	if (rc > 0) {
210 		acl = jffs2_acl_from_medium(value, rc);
211 	} else if (rc == -ENODATA || rc == -ENOSYS) {
212 		acl = NULL;
213 	} else {
214 		acl = ERR_PTR(rc);
215 	}
216 	if (value)
217 		kfree(value);
218 	if (!IS_ERR(acl)) {
219 		switch (type) {
220 		case ACL_TYPE_ACCESS:
221 			jffs2_iset_acl(inode, &f->i_acl_access, acl);
222 			break;
223 		case ACL_TYPE_DEFAULT:
224 			jffs2_iset_acl(inode, &f->i_acl_default, acl);
225 			break;
226 		}
227 	}
228 	return acl;
229 }
230 
231 static int __jffs2_set_acl(struct inode *inode, int xprefix, struct posix_acl *acl)
232 {
233 	char *value = NULL;
234 	size_t size = 0;
235 	int rc;
236 
237 	if (acl) {
238 		value = jffs2_acl_to_medium(acl, &size);
239 		if (IS_ERR(value))
240 			return PTR_ERR(value);
241 	}
242 	rc = do_jffs2_setxattr(inode, xprefix, "", value, size, 0);
243 	if (!value && rc == -ENODATA)
244 		rc = 0;
245 	kfree(value);
246 
247 	return rc;
248 }
249 
250 static int jffs2_set_acl(struct inode *inode, int type, struct posix_acl *acl)
251 {
252 	struct jffs2_inode_info *f = JFFS2_INODE_INFO(inode);
253 	int rc, xprefix;
254 
255 	if (S_ISLNK(inode->i_mode))
256 		return -EOPNOTSUPP;
257 
258 	switch (type) {
259 	case ACL_TYPE_ACCESS:
260 		xprefix = JFFS2_XPREFIX_ACL_ACCESS;
261 		if (acl) {
262 			mode_t mode = inode->i_mode;
263 			rc = posix_acl_equiv_mode(acl, &mode);
264 			if (rc < 0)
265 				return rc;
266 			if (inode->i_mode != mode) {
267 				struct iattr attr;
268 
269 				attr.ia_valid = ATTR_MODE;
270 				attr.ia_mode = mode;
271 				rc = jffs2_do_setattr(inode, &attr);
272 				if (rc < 0)
273 					return rc;
274 			}
275 			if (rc == 0)
276 				acl = NULL;
277 		}
278 		break;
279 	case ACL_TYPE_DEFAULT:
280 		xprefix = JFFS2_XPREFIX_ACL_DEFAULT;
281 		if (!S_ISDIR(inode->i_mode))
282 			return acl ? -EACCES : 0;
283 		break;
284 	default:
285 		return -EINVAL;
286 	}
287 	rc = __jffs2_set_acl(inode, xprefix, acl);
288 	if (!rc) {
289 		switch(type) {
290 		case ACL_TYPE_ACCESS:
291 			jffs2_iset_acl(inode, &f->i_acl_access, acl);
292 			break;
293 		case ACL_TYPE_DEFAULT:
294 			jffs2_iset_acl(inode, &f->i_acl_default, acl);
295 			break;
296 		}
297 	}
298 	return rc;
299 }
300 
301 static int jffs2_check_acl(struct inode *inode, int mask)
302 {
303 	struct posix_acl *acl;
304 	int rc;
305 
306 	acl = jffs2_get_acl(inode, ACL_TYPE_ACCESS);
307 	if (IS_ERR(acl))
308 		return PTR_ERR(acl);
309 	if (acl) {
310 		rc = posix_acl_permission(inode, acl, mask);
311 		posix_acl_release(acl);
312 		return rc;
313 	}
314 	return -EAGAIN;
315 }
316 
317 int jffs2_permission(struct inode *inode, int mask)
318 {
319 	return generic_permission(inode, mask, jffs2_check_acl);
320 }
321 
322 int jffs2_init_acl_pre(struct inode *dir_i, struct inode *inode, int *i_mode)
323 {
324 	struct jffs2_inode_info *f = JFFS2_INODE_INFO(inode);
325 	struct posix_acl *acl, *clone;
326 	int rc;
327 
328 	f->i_acl_default = NULL;
329 	f->i_acl_access = NULL;
330 
331 	if (S_ISLNK(*i_mode))
332 		return 0;	/* Symlink always has no-ACL */
333 
334 	acl = jffs2_get_acl(dir_i, ACL_TYPE_DEFAULT);
335 	if (IS_ERR(acl))
336 		return PTR_ERR(acl);
337 
338 	if (!acl) {
339 		*i_mode &= ~current->fs->umask;
340 	} else {
341 		if (S_ISDIR(*i_mode))
342 			jffs2_iset_acl(inode, &f->i_acl_default, acl);
343 
344 		clone = posix_acl_clone(acl, GFP_KERNEL);
345 		if (!clone)
346 			return -ENOMEM;
347 		rc = posix_acl_create_masq(clone, (mode_t *)i_mode);
348 		if (rc < 0) {
349 			posix_acl_release(clone);
350 			return rc;
351 		}
352 		if (rc > 0)
353 			jffs2_iset_acl(inode, &f->i_acl_access, clone);
354 
355 		posix_acl_release(clone);
356 	}
357 	return 0;
358 }
359 
360 int jffs2_init_acl_post(struct inode *inode)
361 {
362 	struct jffs2_inode_info *f = JFFS2_INODE_INFO(inode);
363 	int rc;
364 
365 	if (f->i_acl_default) {
366 		rc = __jffs2_set_acl(inode, JFFS2_XPREFIX_ACL_DEFAULT, f->i_acl_default);
367 		if (rc)
368 			return rc;
369 	}
370 
371 	if (f->i_acl_access) {
372 		rc = __jffs2_set_acl(inode, JFFS2_XPREFIX_ACL_ACCESS, f->i_acl_access);
373 		if (rc)
374 			return rc;
375 	}
376 
377 	return 0;
378 }
379 
380 void jffs2_clear_acl(struct jffs2_inode_info *f)
381 {
382 	if (f->i_acl_access && f->i_acl_access != JFFS2_ACL_NOT_CACHED) {
383 		posix_acl_release(f->i_acl_access);
384 		f->i_acl_access = JFFS2_ACL_NOT_CACHED;
385 	}
386 	if (f->i_acl_default && f->i_acl_default != JFFS2_ACL_NOT_CACHED) {
387 		posix_acl_release(f->i_acl_default);
388 		f->i_acl_default = JFFS2_ACL_NOT_CACHED;
389 	}
390 }
391 
392 int jffs2_acl_chmod(struct inode *inode)
393 {
394 	struct posix_acl *acl, *clone;
395 	int rc;
396 
397 	if (S_ISLNK(inode->i_mode))
398 		return -EOPNOTSUPP;
399 	acl = jffs2_get_acl(inode, ACL_TYPE_ACCESS);
400 	if (IS_ERR(acl) || !acl)
401 		return PTR_ERR(acl);
402 	clone = posix_acl_clone(acl, GFP_KERNEL);
403 	posix_acl_release(acl);
404 	if (!clone)
405 		return -ENOMEM;
406 	rc = posix_acl_chmod_masq(clone, inode->i_mode);
407 	if (!rc)
408 		rc = jffs2_set_acl(inode, ACL_TYPE_ACCESS, clone);
409 	posix_acl_release(clone);
410 	return rc;
411 }
412 
413 static size_t jffs2_acl_access_listxattr(struct inode *inode, char *list, size_t list_size,
414 					 const char *name, size_t name_len)
415 {
416 	const int retlen = sizeof(POSIX_ACL_XATTR_ACCESS);
417 
418 	if (list && retlen <= list_size)
419 		strcpy(list, POSIX_ACL_XATTR_ACCESS);
420 	return retlen;
421 }
422 
423 static size_t jffs2_acl_default_listxattr(struct inode *inode, char *list, size_t list_size,
424 					  const char *name, size_t name_len)
425 {
426 	const int retlen = sizeof(POSIX_ACL_XATTR_DEFAULT);
427 
428 	if (list && retlen <= list_size)
429 		strcpy(list, POSIX_ACL_XATTR_DEFAULT);
430 	return retlen;
431 }
432 
433 static int jffs2_acl_getxattr(struct inode *inode, int type, void *buffer, size_t size)
434 {
435 	struct posix_acl *acl;
436 	int rc;
437 
438 	acl = jffs2_get_acl(inode, type);
439 	if (IS_ERR(acl))
440 		return PTR_ERR(acl);
441 	if (!acl)
442 		return -ENODATA;
443 	rc = posix_acl_to_xattr(acl, buffer, size);
444 	posix_acl_release(acl);
445 
446 	return rc;
447 }
448 
449 static int jffs2_acl_access_getxattr(struct inode *inode, const char *name, void *buffer, size_t size)
450 {
451 	if (name[0] != '\0')
452 		return -EINVAL;
453 	return jffs2_acl_getxattr(inode, ACL_TYPE_ACCESS, buffer, size);
454 }
455 
456 static int jffs2_acl_default_getxattr(struct inode *inode, const char *name, void *buffer, size_t size)
457 {
458 	if (name[0] != '\0')
459 		return -EINVAL;
460 	return jffs2_acl_getxattr(inode, ACL_TYPE_DEFAULT, buffer, size);
461 }
462 
463 static int jffs2_acl_setxattr(struct inode *inode, int type, const void *value, size_t size)
464 {
465 	struct posix_acl *acl;
466 	int rc;
467 
468 	if (!is_owner_or_cap(inode))
469 		return -EPERM;
470 
471 	if (value) {
472 		acl = posix_acl_from_xattr(value, size);
473 		if (IS_ERR(acl))
474 			return PTR_ERR(acl);
475 		if (acl) {
476 			rc = posix_acl_valid(acl);
477 			if (rc)
478 				goto out;
479 		}
480 	} else {
481 		acl = NULL;
482 	}
483 	rc = jffs2_set_acl(inode, type, acl);
484  out:
485 	posix_acl_release(acl);
486 	return rc;
487 }
488 
489 static int jffs2_acl_access_setxattr(struct inode *inode, const char *name,
490 				     const void *buffer, size_t size, int flags)
491 {
492 	if (name[0] != '\0')
493 		return -EINVAL;
494 	return jffs2_acl_setxattr(inode, ACL_TYPE_ACCESS, buffer, size);
495 }
496 
497 static int jffs2_acl_default_setxattr(struct inode *inode, const char *name,
498 				      const void *buffer, size_t size, int flags)
499 {
500 	if (name[0] != '\0')
501 		return -EINVAL;
502 	return jffs2_acl_setxattr(inode, ACL_TYPE_DEFAULT, buffer, size);
503 }
504 
505 struct xattr_handler jffs2_acl_access_xattr_handler = {
506 	.prefix	= POSIX_ACL_XATTR_ACCESS,
507 	.list	= jffs2_acl_access_listxattr,
508 	.get	= jffs2_acl_access_getxattr,
509 	.set	= jffs2_acl_access_setxattr,
510 };
511 
512 struct xattr_handler jffs2_acl_default_xattr_handler = {
513 	.prefix	= POSIX_ACL_XATTR_DEFAULT,
514 	.list	= jffs2_acl_default_listxattr,
515 	.get	= jffs2_acl_default_getxattr,
516 	.set	= jffs2_acl_default_setxattr,
517 };
518