1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) 2002,2003 by Andreas Gruenbacher <a.gruenbacher@computer.org> 4 * 5 * Fixes from William Schumacher incorporated on 15 March 2001. 6 * (Reported by Charles Bertsch, <CBertsch@microtest.com>). 7 */ 8 9 /* 10 * This file contains generic functions for manipulating 11 * POSIX 1003.1e draft standard 17 ACLs. 12 */ 13 14 #include <linux/kernel.h> 15 #include <linux/slab.h> 16 #include <linux/atomic.h> 17 #include <linux/fs.h> 18 #include <linux/sched.h> 19 #include <linux/cred.h> 20 #include <linux/posix_acl.h> 21 #include <linux/posix_acl_xattr.h> 22 #include <linux/xattr.h> 23 #include <linux/export.h> 24 #include <linux/user_namespace.h> 25 #include <linux/namei.h> 26 27 static struct posix_acl **acl_by_type(struct inode *inode, int type) 28 { 29 switch (type) { 30 case ACL_TYPE_ACCESS: 31 return &inode->i_acl; 32 case ACL_TYPE_DEFAULT: 33 return &inode->i_default_acl; 34 default: 35 BUG(); 36 } 37 } 38 39 struct posix_acl *get_cached_acl(struct inode *inode, int type) 40 { 41 struct posix_acl **p = acl_by_type(inode, type); 42 struct posix_acl *acl; 43 44 for (;;) { 45 rcu_read_lock(); 46 acl = rcu_dereference(*p); 47 if (!acl || is_uncached_acl(acl) || 48 refcount_inc_not_zero(&acl->a_refcount)) 49 break; 50 rcu_read_unlock(); 51 cpu_relax(); 52 } 53 rcu_read_unlock(); 54 return acl; 55 } 56 EXPORT_SYMBOL(get_cached_acl); 57 58 struct posix_acl *get_cached_acl_rcu(struct inode *inode, int type) 59 { 60 struct posix_acl *acl = rcu_dereference(*acl_by_type(inode, type)); 61 62 if (acl == ACL_DONT_CACHE) { 63 struct posix_acl *ret; 64 65 ret = inode->i_op->get_acl(inode, type, LOOKUP_RCU); 66 if (!IS_ERR(ret)) 67 acl = ret; 68 } 69 70 return acl; 71 } 72 EXPORT_SYMBOL(get_cached_acl_rcu); 73 74 void set_cached_acl(struct inode *inode, int type, struct posix_acl *acl) 75 { 76 struct posix_acl **p = acl_by_type(inode, type); 77 struct posix_acl *old; 78 79 old = xchg(p, posix_acl_dup(acl)); 80 if (!is_uncached_acl(old)) 81 posix_acl_release(old); 82 } 83 EXPORT_SYMBOL(set_cached_acl); 84 85 static void __forget_cached_acl(struct posix_acl **p) 86 { 87 struct posix_acl *old; 88 89 old = xchg(p, ACL_NOT_CACHED); 90 if (!is_uncached_acl(old)) 91 posix_acl_release(old); 92 } 93 94 void forget_cached_acl(struct inode *inode, int type) 95 { 96 __forget_cached_acl(acl_by_type(inode, type)); 97 } 98 EXPORT_SYMBOL(forget_cached_acl); 99 100 void forget_all_cached_acls(struct inode *inode) 101 { 102 __forget_cached_acl(&inode->i_acl); 103 __forget_cached_acl(&inode->i_default_acl); 104 } 105 EXPORT_SYMBOL(forget_all_cached_acls); 106 107 struct posix_acl *get_acl(struct inode *inode, int type) 108 { 109 void *sentinel; 110 struct posix_acl **p; 111 struct posix_acl *acl; 112 113 /* 114 * The sentinel is used to detect when another operation like 115 * set_cached_acl() or forget_cached_acl() races with get_acl(). 116 * It is guaranteed that is_uncached_acl(sentinel) is true. 117 */ 118 119 acl = get_cached_acl(inode, type); 120 if (!is_uncached_acl(acl)) 121 return acl; 122 123 if (!IS_POSIXACL(inode)) 124 return NULL; 125 126 sentinel = uncached_acl_sentinel(current); 127 p = acl_by_type(inode, type); 128 129 /* 130 * If the ACL isn't being read yet, set our sentinel. Otherwise, the 131 * current value of the ACL will not be ACL_NOT_CACHED and so our own 132 * sentinel will not be set; another task will update the cache. We 133 * could wait for that other task to complete its job, but it's easier 134 * to just call ->get_acl to fetch the ACL ourself. (This is going to 135 * be an unlikely race.) 136 */ 137 cmpxchg(p, ACL_NOT_CACHED, sentinel); 138 139 /* 140 * Normally, the ACL returned by ->get_acl will be cached. 141 * A filesystem can prevent that by calling 142 * forget_cached_acl(inode, type) in ->get_acl. 143 * 144 * If the filesystem doesn't have a get_acl() function at all, we'll 145 * just create the negative cache entry. 146 */ 147 if (!inode->i_op->get_acl) { 148 set_cached_acl(inode, type, NULL); 149 return NULL; 150 } 151 acl = inode->i_op->get_acl(inode, type, false); 152 153 if (IS_ERR(acl)) { 154 /* 155 * Remove our sentinel so that we don't block future attempts 156 * to cache the ACL. 157 */ 158 cmpxchg(p, sentinel, ACL_NOT_CACHED); 159 return acl; 160 } 161 162 /* 163 * Cache the result, but only if our sentinel is still in place. 164 */ 165 posix_acl_dup(acl); 166 if (unlikely(cmpxchg(p, sentinel, acl) != sentinel)) 167 posix_acl_release(acl); 168 return acl; 169 } 170 EXPORT_SYMBOL(get_acl); 171 172 /* 173 * Init a fresh posix_acl 174 */ 175 void 176 posix_acl_init(struct posix_acl *acl, int count) 177 { 178 refcount_set(&acl->a_refcount, 1); 179 acl->a_count = count; 180 } 181 EXPORT_SYMBOL(posix_acl_init); 182 183 /* 184 * Allocate a new ACL with the specified number of entries. 185 */ 186 struct posix_acl * 187 posix_acl_alloc(int count, gfp_t flags) 188 { 189 const size_t size = sizeof(struct posix_acl) + 190 count * sizeof(struct posix_acl_entry); 191 struct posix_acl *acl = kmalloc(size, flags); 192 if (acl) 193 posix_acl_init(acl, count); 194 return acl; 195 } 196 EXPORT_SYMBOL(posix_acl_alloc); 197 198 /* 199 * Clone an ACL. 200 */ 201 static struct posix_acl * 202 posix_acl_clone(const struct posix_acl *acl, gfp_t flags) 203 { 204 struct posix_acl *clone = NULL; 205 206 if (acl) { 207 int size = sizeof(struct posix_acl) + acl->a_count * 208 sizeof(struct posix_acl_entry); 209 clone = kmemdup(acl, size, flags); 210 if (clone) 211 refcount_set(&clone->a_refcount, 1); 212 } 213 return clone; 214 } 215 216 /* 217 * Check if an acl is valid. Returns 0 if it is, or -E... otherwise. 218 */ 219 int 220 posix_acl_valid(struct user_namespace *user_ns, const struct posix_acl *acl) 221 { 222 const struct posix_acl_entry *pa, *pe; 223 int state = ACL_USER_OBJ; 224 int needs_mask = 0; 225 226 FOREACH_ACL_ENTRY(pa, acl, pe) { 227 if (pa->e_perm & ~(ACL_READ|ACL_WRITE|ACL_EXECUTE)) 228 return -EINVAL; 229 switch (pa->e_tag) { 230 case ACL_USER_OBJ: 231 if (state == ACL_USER_OBJ) { 232 state = ACL_USER; 233 break; 234 } 235 return -EINVAL; 236 237 case ACL_USER: 238 if (state != ACL_USER) 239 return -EINVAL; 240 if (!kuid_has_mapping(user_ns, pa->e_uid)) 241 return -EINVAL; 242 needs_mask = 1; 243 break; 244 245 case ACL_GROUP_OBJ: 246 if (state == ACL_USER) { 247 state = ACL_GROUP; 248 break; 249 } 250 return -EINVAL; 251 252 case ACL_GROUP: 253 if (state != ACL_GROUP) 254 return -EINVAL; 255 if (!kgid_has_mapping(user_ns, pa->e_gid)) 256 return -EINVAL; 257 needs_mask = 1; 258 break; 259 260 case ACL_MASK: 261 if (state != ACL_GROUP) 262 return -EINVAL; 263 state = ACL_OTHER; 264 break; 265 266 case ACL_OTHER: 267 if (state == ACL_OTHER || 268 (state == ACL_GROUP && !needs_mask)) { 269 state = 0; 270 break; 271 } 272 return -EINVAL; 273 274 default: 275 return -EINVAL; 276 } 277 } 278 if (state == 0) 279 return 0; 280 return -EINVAL; 281 } 282 EXPORT_SYMBOL(posix_acl_valid); 283 284 /* 285 * Returns 0 if the acl can be exactly represented in the traditional 286 * file mode permission bits, or else 1. Returns -E... on error. 287 */ 288 int 289 posix_acl_equiv_mode(const struct posix_acl *acl, umode_t *mode_p) 290 { 291 const struct posix_acl_entry *pa, *pe; 292 umode_t mode = 0; 293 int not_equiv = 0; 294 295 /* 296 * A null ACL can always be presented as mode bits. 297 */ 298 if (!acl) 299 return 0; 300 301 FOREACH_ACL_ENTRY(pa, acl, pe) { 302 switch (pa->e_tag) { 303 case ACL_USER_OBJ: 304 mode |= (pa->e_perm & S_IRWXO) << 6; 305 break; 306 case ACL_GROUP_OBJ: 307 mode |= (pa->e_perm & S_IRWXO) << 3; 308 break; 309 case ACL_OTHER: 310 mode |= pa->e_perm & S_IRWXO; 311 break; 312 case ACL_MASK: 313 mode = (mode & ~S_IRWXG) | 314 ((pa->e_perm & S_IRWXO) << 3); 315 not_equiv = 1; 316 break; 317 case ACL_USER: 318 case ACL_GROUP: 319 not_equiv = 1; 320 break; 321 default: 322 return -EINVAL; 323 } 324 } 325 if (mode_p) 326 *mode_p = (*mode_p & ~S_IRWXUGO) | mode; 327 return not_equiv; 328 } 329 EXPORT_SYMBOL(posix_acl_equiv_mode); 330 331 /* 332 * Create an ACL representing the file mode permission bits of an inode. 333 */ 334 struct posix_acl * 335 posix_acl_from_mode(umode_t mode, gfp_t flags) 336 { 337 struct posix_acl *acl = posix_acl_alloc(3, flags); 338 if (!acl) 339 return ERR_PTR(-ENOMEM); 340 341 acl->a_entries[0].e_tag = ACL_USER_OBJ; 342 acl->a_entries[0].e_perm = (mode & S_IRWXU) >> 6; 343 344 acl->a_entries[1].e_tag = ACL_GROUP_OBJ; 345 acl->a_entries[1].e_perm = (mode & S_IRWXG) >> 3; 346 347 acl->a_entries[2].e_tag = ACL_OTHER; 348 acl->a_entries[2].e_perm = (mode & S_IRWXO); 349 return acl; 350 } 351 EXPORT_SYMBOL(posix_acl_from_mode); 352 353 /* 354 * Return 0 if current is granted want access to the inode 355 * by the acl. Returns -E... otherwise. 356 */ 357 int 358 posix_acl_permission(struct user_namespace *mnt_userns, struct inode *inode, 359 const struct posix_acl *acl, int want) 360 { 361 const struct posix_acl_entry *pa, *pe, *mask_obj; 362 int found = 0; 363 kuid_t uid; 364 kgid_t gid; 365 366 want &= MAY_READ | MAY_WRITE | MAY_EXEC; 367 368 FOREACH_ACL_ENTRY(pa, acl, pe) { 369 switch(pa->e_tag) { 370 case ACL_USER_OBJ: 371 /* (May have been checked already) */ 372 uid = i_uid_into_mnt(mnt_userns, inode); 373 if (uid_eq(uid, current_fsuid())) 374 goto check_perm; 375 break; 376 case ACL_USER: 377 uid = kuid_into_mnt(mnt_userns, pa->e_uid); 378 if (uid_eq(uid, current_fsuid())) 379 goto mask; 380 break; 381 case ACL_GROUP_OBJ: 382 gid = i_gid_into_mnt(mnt_userns, inode); 383 if (in_group_p(gid)) { 384 found = 1; 385 if ((pa->e_perm & want) == want) 386 goto mask; 387 } 388 break; 389 case ACL_GROUP: 390 gid = kgid_into_mnt(mnt_userns, pa->e_gid); 391 if (in_group_p(gid)) { 392 found = 1; 393 if ((pa->e_perm & want) == want) 394 goto mask; 395 } 396 break; 397 case ACL_MASK: 398 break; 399 case ACL_OTHER: 400 if (found) 401 return -EACCES; 402 else 403 goto check_perm; 404 default: 405 return -EIO; 406 } 407 } 408 return -EIO; 409 410 mask: 411 for (mask_obj = pa+1; mask_obj != pe; mask_obj++) { 412 if (mask_obj->e_tag == ACL_MASK) { 413 if ((pa->e_perm & mask_obj->e_perm & want) == want) 414 return 0; 415 return -EACCES; 416 } 417 } 418 419 check_perm: 420 if ((pa->e_perm & want) == want) 421 return 0; 422 return -EACCES; 423 } 424 425 /* 426 * Modify acl when creating a new inode. The caller must ensure the acl is 427 * only referenced once. 428 * 429 * mode_p initially must contain the mode parameter to the open() / creat() 430 * system calls. All permissions that are not granted by the acl are removed. 431 * The permissions in the acl are changed to reflect the mode_p parameter. 432 */ 433 static int posix_acl_create_masq(struct posix_acl *acl, umode_t *mode_p) 434 { 435 struct posix_acl_entry *pa, *pe; 436 struct posix_acl_entry *group_obj = NULL, *mask_obj = NULL; 437 umode_t mode = *mode_p; 438 int not_equiv = 0; 439 440 /* assert(atomic_read(acl->a_refcount) == 1); */ 441 442 FOREACH_ACL_ENTRY(pa, acl, pe) { 443 switch(pa->e_tag) { 444 case ACL_USER_OBJ: 445 pa->e_perm &= (mode >> 6) | ~S_IRWXO; 446 mode &= (pa->e_perm << 6) | ~S_IRWXU; 447 break; 448 449 case ACL_USER: 450 case ACL_GROUP: 451 not_equiv = 1; 452 break; 453 454 case ACL_GROUP_OBJ: 455 group_obj = pa; 456 break; 457 458 case ACL_OTHER: 459 pa->e_perm &= mode | ~S_IRWXO; 460 mode &= pa->e_perm | ~S_IRWXO; 461 break; 462 463 case ACL_MASK: 464 mask_obj = pa; 465 not_equiv = 1; 466 break; 467 468 default: 469 return -EIO; 470 } 471 } 472 473 if (mask_obj) { 474 mask_obj->e_perm &= (mode >> 3) | ~S_IRWXO; 475 mode &= (mask_obj->e_perm << 3) | ~S_IRWXG; 476 } else { 477 if (!group_obj) 478 return -EIO; 479 group_obj->e_perm &= (mode >> 3) | ~S_IRWXO; 480 mode &= (group_obj->e_perm << 3) | ~S_IRWXG; 481 } 482 483 *mode_p = (*mode_p & ~S_IRWXUGO) | mode; 484 return not_equiv; 485 } 486 487 /* 488 * Modify the ACL for the chmod syscall. 489 */ 490 static int __posix_acl_chmod_masq(struct posix_acl *acl, umode_t mode) 491 { 492 struct posix_acl_entry *group_obj = NULL, *mask_obj = NULL; 493 struct posix_acl_entry *pa, *pe; 494 495 /* assert(atomic_read(acl->a_refcount) == 1); */ 496 497 FOREACH_ACL_ENTRY(pa, acl, pe) { 498 switch(pa->e_tag) { 499 case ACL_USER_OBJ: 500 pa->e_perm = (mode & S_IRWXU) >> 6; 501 break; 502 503 case ACL_USER: 504 case ACL_GROUP: 505 break; 506 507 case ACL_GROUP_OBJ: 508 group_obj = pa; 509 break; 510 511 case ACL_MASK: 512 mask_obj = pa; 513 break; 514 515 case ACL_OTHER: 516 pa->e_perm = (mode & S_IRWXO); 517 break; 518 519 default: 520 return -EIO; 521 } 522 } 523 524 if (mask_obj) { 525 mask_obj->e_perm = (mode & S_IRWXG) >> 3; 526 } else { 527 if (!group_obj) 528 return -EIO; 529 group_obj->e_perm = (mode & S_IRWXG) >> 3; 530 } 531 532 return 0; 533 } 534 535 int 536 __posix_acl_create(struct posix_acl **acl, gfp_t gfp, umode_t *mode_p) 537 { 538 struct posix_acl *clone = posix_acl_clone(*acl, gfp); 539 int err = -ENOMEM; 540 if (clone) { 541 err = posix_acl_create_masq(clone, mode_p); 542 if (err < 0) { 543 posix_acl_release(clone); 544 clone = NULL; 545 } 546 } 547 posix_acl_release(*acl); 548 *acl = clone; 549 return err; 550 } 551 EXPORT_SYMBOL(__posix_acl_create); 552 553 int 554 __posix_acl_chmod(struct posix_acl **acl, gfp_t gfp, umode_t mode) 555 { 556 struct posix_acl *clone = posix_acl_clone(*acl, gfp); 557 int err = -ENOMEM; 558 if (clone) { 559 err = __posix_acl_chmod_masq(clone, mode); 560 if (err) { 561 posix_acl_release(clone); 562 clone = NULL; 563 } 564 } 565 posix_acl_release(*acl); 566 *acl = clone; 567 return err; 568 } 569 EXPORT_SYMBOL(__posix_acl_chmod); 570 571 /** 572 * posix_acl_chmod - chmod a posix acl 573 * 574 * @mnt_userns: user namespace of the mount @inode was found from 575 * @inode: inode to check permissions on 576 * @mode: the new mode of @inode 577 * 578 * If the inode has been found through an idmapped mount the user namespace of 579 * the vfsmount must be passed through @mnt_userns. This function will then 580 * take care to map the inode according to @mnt_userns before checking 581 * permissions. On non-idmapped mounts or if permission checking is to be 582 * performed on the raw inode simply passs init_user_ns. 583 */ 584 int 585 posix_acl_chmod(struct user_namespace *mnt_userns, struct inode *inode, 586 umode_t mode) 587 { 588 struct posix_acl *acl; 589 int ret = 0; 590 591 if (!IS_POSIXACL(inode)) 592 return 0; 593 if (!inode->i_op->set_acl) 594 return -EOPNOTSUPP; 595 596 acl = get_acl(inode, ACL_TYPE_ACCESS); 597 if (IS_ERR_OR_NULL(acl)) { 598 if (acl == ERR_PTR(-EOPNOTSUPP)) 599 return 0; 600 return PTR_ERR(acl); 601 } 602 603 ret = __posix_acl_chmod(&acl, GFP_KERNEL, mode); 604 if (ret) 605 return ret; 606 ret = inode->i_op->set_acl(mnt_userns, inode, acl, ACL_TYPE_ACCESS); 607 posix_acl_release(acl); 608 return ret; 609 } 610 EXPORT_SYMBOL(posix_acl_chmod); 611 612 int 613 posix_acl_create(struct inode *dir, umode_t *mode, 614 struct posix_acl **default_acl, struct posix_acl **acl) 615 { 616 struct posix_acl *p; 617 struct posix_acl *clone; 618 int ret; 619 620 *acl = NULL; 621 *default_acl = NULL; 622 623 if (S_ISLNK(*mode) || !IS_POSIXACL(dir)) 624 return 0; 625 626 p = get_acl(dir, ACL_TYPE_DEFAULT); 627 if (!p || p == ERR_PTR(-EOPNOTSUPP)) { 628 *mode &= ~current_umask(); 629 return 0; 630 } 631 if (IS_ERR(p)) 632 return PTR_ERR(p); 633 634 ret = -ENOMEM; 635 clone = posix_acl_clone(p, GFP_NOFS); 636 if (!clone) 637 goto err_release; 638 639 ret = posix_acl_create_masq(clone, mode); 640 if (ret < 0) 641 goto err_release_clone; 642 643 if (ret == 0) 644 posix_acl_release(clone); 645 else 646 *acl = clone; 647 648 if (!S_ISDIR(*mode)) 649 posix_acl_release(p); 650 else 651 *default_acl = p; 652 653 return 0; 654 655 err_release_clone: 656 posix_acl_release(clone); 657 err_release: 658 posix_acl_release(p); 659 return ret; 660 } 661 EXPORT_SYMBOL_GPL(posix_acl_create); 662 663 /** 664 * posix_acl_update_mode - update mode in set_acl 665 * @mnt_userns: user namespace of the mount @inode was found from 666 * @inode: target inode 667 * @mode_p: mode (pointer) for update 668 * @acl: acl pointer 669 * 670 * Update the file mode when setting an ACL: compute the new file permission 671 * bits based on the ACL. In addition, if the ACL is equivalent to the new 672 * file mode, set *@acl to NULL to indicate that no ACL should be set. 673 * 674 * As with chmod, clear the setgid bit if the caller is not in the owning group 675 * or capable of CAP_FSETID (see inode_change_ok). 676 * 677 * If the inode has been found through an idmapped mount the user namespace of 678 * the vfsmount must be passed through @mnt_userns. This function will then 679 * take care to map the inode according to @mnt_userns before checking 680 * permissions. On non-idmapped mounts or if permission checking is to be 681 * performed on the raw inode simply passs init_user_ns. 682 * 683 * Called from set_acl inode operations. 684 */ 685 int posix_acl_update_mode(struct user_namespace *mnt_userns, 686 struct inode *inode, umode_t *mode_p, 687 struct posix_acl **acl) 688 { 689 umode_t mode = inode->i_mode; 690 int error; 691 692 error = posix_acl_equiv_mode(*acl, &mode); 693 if (error < 0) 694 return error; 695 if (error == 0) 696 *acl = NULL; 697 if (!in_group_p(i_gid_into_mnt(mnt_userns, inode)) && 698 !capable_wrt_inode_uidgid(mnt_userns, inode, CAP_FSETID)) 699 mode &= ~S_ISGID; 700 *mode_p = mode; 701 return 0; 702 } 703 EXPORT_SYMBOL(posix_acl_update_mode); 704 705 /* 706 * Fix up the uids and gids in posix acl extended attributes in place. 707 */ 708 static void posix_acl_fix_xattr_userns( 709 struct user_namespace *to, struct user_namespace *from, 710 struct user_namespace *mnt_userns, 711 void *value, size_t size, bool from_user) 712 { 713 struct posix_acl_xattr_header *header = value; 714 struct posix_acl_xattr_entry *entry = (void *)(header + 1), *end; 715 int count; 716 kuid_t uid; 717 kgid_t gid; 718 719 if (!value) 720 return; 721 if (size < sizeof(struct posix_acl_xattr_header)) 722 return; 723 if (header->a_version != cpu_to_le32(POSIX_ACL_XATTR_VERSION)) 724 return; 725 726 count = posix_acl_xattr_count(size); 727 if (count < 0) 728 return; 729 if (count == 0) 730 return; 731 732 for (end = entry + count; entry != end; entry++) { 733 switch(le16_to_cpu(entry->e_tag)) { 734 case ACL_USER: 735 uid = make_kuid(from, le32_to_cpu(entry->e_id)); 736 if (from_user) 737 uid = kuid_from_mnt(mnt_userns, uid); 738 else 739 uid = kuid_into_mnt(mnt_userns, uid); 740 entry->e_id = cpu_to_le32(from_kuid(to, uid)); 741 break; 742 case ACL_GROUP: 743 gid = make_kgid(from, le32_to_cpu(entry->e_id)); 744 if (from_user) 745 gid = kgid_from_mnt(mnt_userns, gid); 746 else 747 gid = kgid_into_mnt(mnt_userns, gid); 748 entry->e_id = cpu_to_le32(from_kgid(to, gid)); 749 break; 750 default: 751 break; 752 } 753 } 754 } 755 756 void posix_acl_fix_xattr_from_user(struct user_namespace *mnt_userns, 757 void *value, size_t size) 758 { 759 struct user_namespace *user_ns = current_user_ns(); 760 if ((user_ns == &init_user_ns) && (mnt_userns == &init_user_ns)) 761 return; 762 posix_acl_fix_xattr_userns(&init_user_ns, user_ns, mnt_userns, value, 763 size, true); 764 } 765 766 void posix_acl_fix_xattr_to_user(struct user_namespace *mnt_userns, 767 void *value, size_t size) 768 { 769 struct user_namespace *user_ns = current_user_ns(); 770 if ((user_ns == &init_user_ns) && (mnt_userns == &init_user_ns)) 771 return; 772 posix_acl_fix_xattr_userns(user_ns, &init_user_ns, mnt_userns, value, 773 size, false); 774 } 775 776 /* 777 * Convert from extended attribute to in-memory representation. 778 */ 779 struct posix_acl * 780 posix_acl_from_xattr(struct user_namespace *user_ns, 781 const void *value, size_t size) 782 { 783 const struct posix_acl_xattr_header *header = value; 784 const struct posix_acl_xattr_entry *entry = (const void *)(header + 1), *end; 785 int count; 786 struct posix_acl *acl; 787 struct posix_acl_entry *acl_e; 788 789 if (!value) 790 return NULL; 791 if (size < sizeof(struct posix_acl_xattr_header)) 792 return ERR_PTR(-EINVAL); 793 if (header->a_version != cpu_to_le32(POSIX_ACL_XATTR_VERSION)) 794 return ERR_PTR(-EOPNOTSUPP); 795 796 count = posix_acl_xattr_count(size); 797 if (count < 0) 798 return ERR_PTR(-EINVAL); 799 if (count == 0) 800 return NULL; 801 802 acl = posix_acl_alloc(count, GFP_NOFS); 803 if (!acl) 804 return ERR_PTR(-ENOMEM); 805 acl_e = acl->a_entries; 806 807 for (end = entry + count; entry != end; acl_e++, entry++) { 808 acl_e->e_tag = le16_to_cpu(entry->e_tag); 809 acl_e->e_perm = le16_to_cpu(entry->e_perm); 810 811 switch(acl_e->e_tag) { 812 case ACL_USER_OBJ: 813 case ACL_GROUP_OBJ: 814 case ACL_MASK: 815 case ACL_OTHER: 816 break; 817 818 case ACL_USER: 819 acl_e->e_uid = 820 make_kuid(user_ns, 821 le32_to_cpu(entry->e_id)); 822 if (!uid_valid(acl_e->e_uid)) 823 goto fail; 824 break; 825 case ACL_GROUP: 826 acl_e->e_gid = 827 make_kgid(user_ns, 828 le32_to_cpu(entry->e_id)); 829 if (!gid_valid(acl_e->e_gid)) 830 goto fail; 831 break; 832 833 default: 834 goto fail; 835 } 836 } 837 return acl; 838 839 fail: 840 posix_acl_release(acl); 841 return ERR_PTR(-EINVAL); 842 } 843 EXPORT_SYMBOL (posix_acl_from_xattr); 844 845 /* 846 * Convert from in-memory to extended attribute representation. 847 */ 848 int 849 posix_acl_to_xattr(struct user_namespace *user_ns, const struct posix_acl *acl, 850 void *buffer, size_t size) 851 { 852 struct posix_acl_xattr_header *ext_acl = buffer; 853 struct posix_acl_xattr_entry *ext_entry; 854 int real_size, n; 855 856 real_size = posix_acl_xattr_size(acl->a_count); 857 if (!buffer) 858 return real_size; 859 if (real_size > size) 860 return -ERANGE; 861 862 ext_entry = (void *)(ext_acl + 1); 863 ext_acl->a_version = cpu_to_le32(POSIX_ACL_XATTR_VERSION); 864 865 for (n=0; n < acl->a_count; n++, ext_entry++) { 866 const struct posix_acl_entry *acl_e = &acl->a_entries[n]; 867 ext_entry->e_tag = cpu_to_le16(acl_e->e_tag); 868 ext_entry->e_perm = cpu_to_le16(acl_e->e_perm); 869 switch(acl_e->e_tag) { 870 case ACL_USER: 871 ext_entry->e_id = 872 cpu_to_le32(from_kuid(user_ns, acl_e->e_uid)); 873 break; 874 case ACL_GROUP: 875 ext_entry->e_id = 876 cpu_to_le32(from_kgid(user_ns, acl_e->e_gid)); 877 break; 878 default: 879 ext_entry->e_id = cpu_to_le32(ACL_UNDEFINED_ID); 880 break; 881 } 882 } 883 return real_size; 884 } 885 EXPORT_SYMBOL (posix_acl_to_xattr); 886 887 static int 888 posix_acl_xattr_get(const struct xattr_handler *handler, 889 struct dentry *unused, struct inode *inode, 890 const char *name, void *value, size_t size) 891 { 892 struct posix_acl *acl; 893 int error; 894 895 if (!IS_POSIXACL(inode)) 896 return -EOPNOTSUPP; 897 if (S_ISLNK(inode->i_mode)) 898 return -EOPNOTSUPP; 899 900 acl = get_acl(inode, handler->flags); 901 if (IS_ERR(acl)) 902 return PTR_ERR(acl); 903 if (acl == NULL) 904 return -ENODATA; 905 906 error = posix_acl_to_xattr(&init_user_ns, acl, value, size); 907 posix_acl_release(acl); 908 909 return error; 910 } 911 912 int 913 set_posix_acl(struct user_namespace *mnt_userns, struct inode *inode, 914 int type, struct posix_acl *acl) 915 { 916 if (!IS_POSIXACL(inode)) 917 return -EOPNOTSUPP; 918 if (!inode->i_op->set_acl) 919 return -EOPNOTSUPP; 920 921 if (type == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode)) 922 return acl ? -EACCES : 0; 923 if (!inode_owner_or_capable(mnt_userns, inode)) 924 return -EPERM; 925 926 if (acl) { 927 int ret = posix_acl_valid(inode->i_sb->s_user_ns, acl); 928 if (ret) 929 return ret; 930 } 931 return inode->i_op->set_acl(mnt_userns, inode, acl, type); 932 } 933 EXPORT_SYMBOL(set_posix_acl); 934 935 static int 936 posix_acl_xattr_set(const struct xattr_handler *handler, 937 struct user_namespace *mnt_userns, 938 struct dentry *unused, struct inode *inode, 939 const char *name, const void *value, size_t size, 940 int flags) 941 { 942 struct posix_acl *acl = NULL; 943 int ret; 944 945 if (value) { 946 acl = posix_acl_from_xattr(&init_user_ns, value, size); 947 if (IS_ERR(acl)) 948 return PTR_ERR(acl); 949 } 950 ret = set_posix_acl(mnt_userns, inode, handler->flags, acl); 951 posix_acl_release(acl); 952 return ret; 953 } 954 955 static bool 956 posix_acl_xattr_list(struct dentry *dentry) 957 { 958 return IS_POSIXACL(d_backing_inode(dentry)); 959 } 960 961 const struct xattr_handler posix_acl_access_xattr_handler = { 962 .name = XATTR_NAME_POSIX_ACL_ACCESS, 963 .flags = ACL_TYPE_ACCESS, 964 .list = posix_acl_xattr_list, 965 .get = posix_acl_xattr_get, 966 .set = posix_acl_xattr_set, 967 }; 968 EXPORT_SYMBOL_GPL(posix_acl_access_xattr_handler); 969 970 const struct xattr_handler posix_acl_default_xattr_handler = { 971 .name = XATTR_NAME_POSIX_ACL_DEFAULT, 972 .flags = ACL_TYPE_DEFAULT, 973 .list = posix_acl_xattr_list, 974 .get = posix_acl_xattr_get, 975 .set = posix_acl_xattr_set, 976 }; 977 EXPORT_SYMBOL_GPL(posix_acl_default_xattr_handler); 978 979 int simple_set_acl(struct user_namespace *mnt_userns, struct inode *inode, 980 struct posix_acl *acl, int type) 981 { 982 int error; 983 984 if (type == ACL_TYPE_ACCESS) { 985 error = posix_acl_update_mode(mnt_userns, inode, 986 &inode->i_mode, &acl); 987 if (error) 988 return error; 989 } 990 991 inode->i_ctime = current_time(inode); 992 set_cached_acl(inode, type, acl); 993 return 0; 994 } 995 996 int simple_acl_create(struct inode *dir, struct inode *inode) 997 { 998 struct posix_acl *default_acl, *acl; 999 int error; 1000 1001 error = posix_acl_create(dir, &inode->i_mode, &default_acl, &acl); 1002 if (error) 1003 return error; 1004 1005 set_cached_acl(inode, ACL_TYPE_DEFAULT, default_acl); 1006 set_cached_acl(inode, ACL_TYPE_ACCESS, acl); 1007 1008 if (default_acl) 1009 posix_acl_release(default_acl); 1010 if (acl) 1011 posix_acl_release(acl); 1012 return 0; 1013 } 1014