1 /* 2 * Copyright (C) 2002,2003 by Andreas Gruenbacher <a.gruenbacher@computer.org> 3 * 4 * Fixes from William Schumacher incorporated on 15 March 2001. 5 * (Reported by Charles Bertsch, <CBertsch@microtest.com>). 6 */ 7 8 /* 9 * This file contains generic functions for manipulating 10 * POSIX 1003.1e draft standard 17 ACLs. 11 */ 12 13 #include <linux/kernel.h> 14 #include <linux/slab.h> 15 #include <linux/atomic.h> 16 #include <linux/fs.h> 17 #include <linux/sched.h> 18 #include <linux/posix_acl.h> 19 #include <linux/posix_acl_xattr.h> 20 #include <linux/xattr.h> 21 #include <linux/export.h> 22 #include <linux/user_namespace.h> 23 24 struct posix_acl **acl_by_type(struct inode *inode, int type) 25 { 26 switch (type) { 27 case ACL_TYPE_ACCESS: 28 return &inode->i_acl; 29 case ACL_TYPE_DEFAULT: 30 return &inode->i_default_acl; 31 default: 32 BUG(); 33 } 34 } 35 EXPORT_SYMBOL(acl_by_type); 36 37 struct posix_acl *get_cached_acl(struct inode *inode, int type) 38 { 39 struct posix_acl **p = acl_by_type(inode, type); 40 struct posix_acl *acl = ACCESS_ONCE(*p); 41 if (acl) { 42 spin_lock(&inode->i_lock); 43 acl = *p; 44 if (acl != ACL_NOT_CACHED) 45 acl = posix_acl_dup(acl); 46 spin_unlock(&inode->i_lock); 47 } 48 return acl; 49 } 50 EXPORT_SYMBOL(get_cached_acl); 51 52 struct posix_acl *get_cached_acl_rcu(struct inode *inode, int type) 53 { 54 return rcu_dereference(*acl_by_type(inode, type)); 55 } 56 EXPORT_SYMBOL(get_cached_acl_rcu); 57 58 void set_cached_acl(struct inode *inode, int type, struct posix_acl *acl) 59 { 60 struct posix_acl **p = acl_by_type(inode, type); 61 struct posix_acl *old; 62 spin_lock(&inode->i_lock); 63 old = *p; 64 rcu_assign_pointer(*p, posix_acl_dup(acl)); 65 spin_unlock(&inode->i_lock); 66 if (old != ACL_NOT_CACHED) 67 posix_acl_release(old); 68 } 69 EXPORT_SYMBOL(set_cached_acl); 70 71 void forget_cached_acl(struct inode *inode, int type) 72 { 73 struct posix_acl **p = acl_by_type(inode, type); 74 struct posix_acl *old; 75 spin_lock(&inode->i_lock); 76 old = *p; 77 *p = ACL_NOT_CACHED; 78 spin_unlock(&inode->i_lock); 79 if (old != ACL_NOT_CACHED) 80 posix_acl_release(old); 81 } 82 EXPORT_SYMBOL(forget_cached_acl); 83 84 void forget_all_cached_acls(struct inode *inode) 85 { 86 struct posix_acl *old_access, *old_default; 87 spin_lock(&inode->i_lock); 88 old_access = inode->i_acl; 89 old_default = inode->i_default_acl; 90 inode->i_acl = inode->i_default_acl = ACL_NOT_CACHED; 91 spin_unlock(&inode->i_lock); 92 if (old_access != ACL_NOT_CACHED) 93 posix_acl_release(old_access); 94 if (old_default != ACL_NOT_CACHED) 95 posix_acl_release(old_default); 96 } 97 EXPORT_SYMBOL(forget_all_cached_acls); 98 99 struct posix_acl *get_acl(struct inode *inode, int type) 100 { 101 struct posix_acl *acl; 102 103 acl = get_cached_acl(inode, type); 104 if (acl != ACL_NOT_CACHED) 105 return acl; 106 107 if (!IS_POSIXACL(inode)) 108 return NULL; 109 110 /* 111 * A filesystem can force a ACL callback by just never filling the 112 * ACL cache. But normally you'd fill the cache either at inode 113 * instantiation time, or on the first ->get_acl call. 114 * 115 * If the filesystem doesn't have a get_acl() function at all, we'll 116 * just create the negative cache entry. 117 */ 118 if (!inode->i_op->get_acl) { 119 set_cached_acl(inode, type, NULL); 120 return NULL; 121 } 122 return inode->i_op->get_acl(inode, type); 123 } 124 EXPORT_SYMBOL(get_acl); 125 126 /* 127 * Init a fresh posix_acl 128 */ 129 void 130 posix_acl_init(struct posix_acl *acl, int count) 131 { 132 atomic_set(&acl->a_refcount, 1); 133 acl->a_count = count; 134 } 135 EXPORT_SYMBOL(posix_acl_init); 136 137 /* 138 * Allocate a new ACL with the specified number of entries. 139 */ 140 struct posix_acl * 141 posix_acl_alloc(int count, gfp_t flags) 142 { 143 const size_t size = sizeof(struct posix_acl) + 144 count * sizeof(struct posix_acl_entry); 145 struct posix_acl *acl = kmalloc(size, flags); 146 if (acl) 147 posix_acl_init(acl, count); 148 return acl; 149 } 150 EXPORT_SYMBOL(posix_acl_alloc); 151 152 /* 153 * Clone an ACL. 154 */ 155 static struct posix_acl * 156 posix_acl_clone(const struct posix_acl *acl, gfp_t flags) 157 { 158 struct posix_acl *clone = NULL; 159 160 if (acl) { 161 int size = sizeof(struct posix_acl) + acl->a_count * 162 sizeof(struct posix_acl_entry); 163 clone = kmemdup(acl, size, flags); 164 if (clone) 165 atomic_set(&clone->a_refcount, 1); 166 } 167 return clone; 168 } 169 170 /* 171 * Check if an acl is valid. Returns 0 if it is, or -E... otherwise. 172 */ 173 int 174 posix_acl_valid(const struct posix_acl *acl) 175 { 176 const struct posix_acl_entry *pa, *pe; 177 int state = ACL_USER_OBJ; 178 int needs_mask = 0; 179 180 FOREACH_ACL_ENTRY(pa, acl, pe) { 181 if (pa->e_perm & ~(ACL_READ|ACL_WRITE|ACL_EXECUTE)) 182 return -EINVAL; 183 switch (pa->e_tag) { 184 case ACL_USER_OBJ: 185 if (state == ACL_USER_OBJ) { 186 state = ACL_USER; 187 break; 188 } 189 return -EINVAL; 190 191 case ACL_USER: 192 if (state != ACL_USER) 193 return -EINVAL; 194 if (!uid_valid(pa->e_uid)) 195 return -EINVAL; 196 needs_mask = 1; 197 break; 198 199 case ACL_GROUP_OBJ: 200 if (state == ACL_USER) { 201 state = ACL_GROUP; 202 break; 203 } 204 return -EINVAL; 205 206 case ACL_GROUP: 207 if (state != ACL_GROUP) 208 return -EINVAL; 209 if (!gid_valid(pa->e_gid)) 210 return -EINVAL; 211 needs_mask = 1; 212 break; 213 214 case ACL_MASK: 215 if (state != ACL_GROUP) 216 return -EINVAL; 217 state = ACL_OTHER; 218 break; 219 220 case ACL_OTHER: 221 if (state == ACL_OTHER || 222 (state == ACL_GROUP && !needs_mask)) { 223 state = 0; 224 break; 225 } 226 return -EINVAL; 227 228 default: 229 return -EINVAL; 230 } 231 } 232 if (state == 0) 233 return 0; 234 return -EINVAL; 235 } 236 EXPORT_SYMBOL(posix_acl_valid); 237 238 /* 239 * Returns 0 if the acl can be exactly represented in the traditional 240 * file mode permission bits, or else 1. Returns -E... on error. 241 */ 242 int 243 posix_acl_equiv_mode(const struct posix_acl *acl, umode_t *mode_p) 244 { 245 const struct posix_acl_entry *pa, *pe; 246 umode_t mode = 0; 247 int not_equiv = 0; 248 249 FOREACH_ACL_ENTRY(pa, acl, pe) { 250 switch (pa->e_tag) { 251 case ACL_USER_OBJ: 252 mode |= (pa->e_perm & S_IRWXO) << 6; 253 break; 254 case ACL_GROUP_OBJ: 255 mode |= (pa->e_perm & S_IRWXO) << 3; 256 break; 257 case ACL_OTHER: 258 mode |= pa->e_perm & S_IRWXO; 259 break; 260 case ACL_MASK: 261 mode = (mode & ~S_IRWXG) | 262 ((pa->e_perm & S_IRWXO) << 3); 263 not_equiv = 1; 264 break; 265 case ACL_USER: 266 case ACL_GROUP: 267 not_equiv = 1; 268 break; 269 default: 270 return -EINVAL; 271 } 272 } 273 if (mode_p) 274 *mode_p = (*mode_p & ~S_IRWXUGO) | mode; 275 return not_equiv; 276 } 277 EXPORT_SYMBOL(posix_acl_equiv_mode); 278 279 /* 280 * Create an ACL representing the file mode permission bits of an inode. 281 */ 282 struct posix_acl * 283 posix_acl_from_mode(umode_t mode, gfp_t flags) 284 { 285 struct posix_acl *acl = posix_acl_alloc(3, flags); 286 if (!acl) 287 return ERR_PTR(-ENOMEM); 288 289 acl->a_entries[0].e_tag = ACL_USER_OBJ; 290 acl->a_entries[0].e_perm = (mode & S_IRWXU) >> 6; 291 292 acl->a_entries[1].e_tag = ACL_GROUP_OBJ; 293 acl->a_entries[1].e_perm = (mode & S_IRWXG) >> 3; 294 295 acl->a_entries[2].e_tag = ACL_OTHER; 296 acl->a_entries[2].e_perm = (mode & S_IRWXO); 297 return acl; 298 } 299 EXPORT_SYMBOL(posix_acl_from_mode); 300 301 /* 302 * Return 0 if current is granted want access to the inode 303 * by the acl. Returns -E... otherwise. 304 */ 305 int 306 posix_acl_permission(struct inode *inode, const struct posix_acl *acl, int want) 307 { 308 const struct posix_acl_entry *pa, *pe, *mask_obj; 309 int found = 0; 310 311 want &= MAY_READ | MAY_WRITE | MAY_EXEC | MAY_NOT_BLOCK; 312 313 FOREACH_ACL_ENTRY(pa, acl, pe) { 314 switch(pa->e_tag) { 315 case ACL_USER_OBJ: 316 /* (May have been checked already) */ 317 if (uid_eq(inode->i_uid, current_fsuid())) 318 goto check_perm; 319 break; 320 case ACL_USER: 321 if (uid_eq(pa->e_uid, current_fsuid())) 322 goto mask; 323 break; 324 case ACL_GROUP_OBJ: 325 if (in_group_p(inode->i_gid)) { 326 found = 1; 327 if ((pa->e_perm & want) == want) 328 goto mask; 329 } 330 break; 331 case ACL_GROUP: 332 if (in_group_p(pa->e_gid)) { 333 found = 1; 334 if ((pa->e_perm & want) == want) 335 goto mask; 336 } 337 break; 338 case ACL_MASK: 339 break; 340 case ACL_OTHER: 341 if (found) 342 return -EACCES; 343 else 344 goto check_perm; 345 default: 346 return -EIO; 347 } 348 } 349 return -EIO; 350 351 mask: 352 for (mask_obj = pa+1; mask_obj != pe; mask_obj++) { 353 if (mask_obj->e_tag == ACL_MASK) { 354 if ((pa->e_perm & mask_obj->e_perm & want) == want) 355 return 0; 356 return -EACCES; 357 } 358 } 359 360 check_perm: 361 if ((pa->e_perm & want) == want) 362 return 0; 363 return -EACCES; 364 } 365 366 /* 367 * Modify acl when creating a new inode. The caller must ensure the acl is 368 * only referenced once. 369 * 370 * mode_p initially must contain the mode parameter to the open() / creat() 371 * system calls. All permissions that are not granted by the acl are removed. 372 * The permissions in the acl are changed to reflect the mode_p parameter. 373 */ 374 static int posix_acl_create_masq(struct posix_acl *acl, umode_t *mode_p) 375 { 376 struct posix_acl_entry *pa, *pe; 377 struct posix_acl_entry *group_obj = NULL, *mask_obj = NULL; 378 umode_t mode = *mode_p; 379 int not_equiv = 0; 380 381 /* assert(atomic_read(acl->a_refcount) == 1); */ 382 383 FOREACH_ACL_ENTRY(pa, acl, pe) { 384 switch(pa->e_tag) { 385 case ACL_USER_OBJ: 386 pa->e_perm &= (mode >> 6) | ~S_IRWXO; 387 mode &= (pa->e_perm << 6) | ~S_IRWXU; 388 break; 389 390 case ACL_USER: 391 case ACL_GROUP: 392 not_equiv = 1; 393 break; 394 395 case ACL_GROUP_OBJ: 396 group_obj = pa; 397 break; 398 399 case ACL_OTHER: 400 pa->e_perm &= mode | ~S_IRWXO; 401 mode &= pa->e_perm | ~S_IRWXO; 402 break; 403 404 case ACL_MASK: 405 mask_obj = pa; 406 not_equiv = 1; 407 break; 408 409 default: 410 return -EIO; 411 } 412 } 413 414 if (mask_obj) { 415 mask_obj->e_perm &= (mode >> 3) | ~S_IRWXO; 416 mode &= (mask_obj->e_perm << 3) | ~S_IRWXG; 417 } else { 418 if (!group_obj) 419 return -EIO; 420 group_obj->e_perm &= (mode >> 3) | ~S_IRWXO; 421 mode &= (group_obj->e_perm << 3) | ~S_IRWXG; 422 } 423 424 *mode_p = (*mode_p & ~S_IRWXUGO) | mode; 425 return not_equiv; 426 } 427 428 /* 429 * Modify the ACL for the chmod syscall. 430 */ 431 static int __posix_acl_chmod_masq(struct posix_acl *acl, umode_t mode) 432 { 433 struct posix_acl_entry *group_obj = NULL, *mask_obj = NULL; 434 struct posix_acl_entry *pa, *pe; 435 436 /* assert(atomic_read(acl->a_refcount) == 1); */ 437 438 FOREACH_ACL_ENTRY(pa, acl, pe) { 439 switch(pa->e_tag) { 440 case ACL_USER_OBJ: 441 pa->e_perm = (mode & S_IRWXU) >> 6; 442 break; 443 444 case ACL_USER: 445 case ACL_GROUP: 446 break; 447 448 case ACL_GROUP_OBJ: 449 group_obj = pa; 450 break; 451 452 case ACL_MASK: 453 mask_obj = pa; 454 break; 455 456 case ACL_OTHER: 457 pa->e_perm = (mode & S_IRWXO); 458 break; 459 460 default: 461 return -EIO; 462 } 463 } 464 465 if (mask_obj) { 466 mask_obj->e_perm = (mode & S_IRWXG) >> 3; 467 } else { 468 if (!group_obj) 469 return -EIO; 470 group_obj->e_perm = (mode & S_IRWXG) >> 3; 471 } 472 473 return 0; 474 } 475 476 int 477 __posix_acl_create(struct posix_acl **acl, gfp_t gfp, umode_t *mode_p) 478 { 479 struct posix_acl *clone = posix_acl_clone(*acl, gfp); 480 int err = -ENOMEM; 481 if (clone) { 482 err = posix_acl_create_masq(clone, mode_p); 483 if (err < 0) { 484 posix_acl_release(clone); 485 clone = NULL; 486 } 487 } 488 posix_acl_release(*acl); 489 *acl = clone; 490 return err; 491 } 492 EXPORT_SYMBOL(__posix_acl_create); 493 494 int 495 __posix_acl_chmod(struct posix_acl **acl, gfp_t gfp, umode_t mode) 496 { 497 struct posix_acl *clone = posix_acl_clone(*acl, gfp); 498 int err = -ENOMEM; 499 if (clone) { 500 err = __posix_acl_chmod_masq(clone, mode); 501 if (err) { 502 posix_acl_release(clone); 503 clone = NULL; 504 } 505 } 506 posix_acl_release(*acl); 507 *acl = clone; 508 return err; 509 } 510 EXPORT_SYMBOL(__posix_acl_chmod); 511 512 int 513 posix_acl_chmod(struct inode *inode, umode_t mode) 514 { 515 struct posix_acl *acl; 516 int ret = 0; 517 518 if (!IS_POSIXACL(inode)) 519 return 0; 520 if (!inode->i_op->set_acl) 521 return -EOPNOTSUPP; 522 523 acl = get_acl(inode, ACL_TYPE_ACCESS); 524 if (IS_ERR_OR_NULL(acl)) { 525 if (acl == ERR_PTR(-EOPNOTSUPP)) 526 return 0; 527 return PTR_ERR(acl); 528 } 529 530 ret = __posix_acl_chmod(&acl, GFP_KERNEL, mode); 531 if (ret) 532 return ret; 533 ret = inode->i_op->set_acl(inode, acl, ACL_TYPE_ACCESS); 534 posix_acl_release(acl); 535 return ret; 536 } 537 EXPORT_SYMBOL(posix_acl_chmod); 538 539 int 540 posix_acl_create(struct inode *dir, umode_t *mode, 541 struct posix_acl **default_acl, struct posix_acl **acl) 542 { 543 struct posix_acl *p; 544 int ret; 545 546 if (S_ISLNK(*mode) || !IS_POSIXACL(dir)) 547 goto no_acl; 548 549 p = get_acl(dir, ACL_TYPE_DEFAULT); 550 if (IS_ERR(p)) { 551 if (p == ERR_PTR(-EOPNOTSUPP)) 552 goto apply_umask; 553 return PTR_ERR(p); 554 } 555 556 if (!p) 557 goto apply_umask; 558 559 *acl = posix_acl_clone(p, GFP_NOFS); 560 if (!*acl) 561 return -ENOMEM; 562 563 ret = posix_acl_create_masq(*acl, mode); 564 if (ret < 0) { 565 posix_acl_release(*acl); 566 return -ENOMEM; 567 } 568 569 if (ret == 0) { 570 posix_acl_release(*acl); 571 *acl = NULL; 572 } 573 574 if (!S_ISDIR(*mode)) { 575 posix_acl_release(p); 576 *default_acl = NULL; 577 } else { 578 *default_acl = p; 579 } 580 return 0; 581 582 apply_umask: 583 *mode &= ~current_umask(); 584 no_acl: 585 *default_acl = NULL; 586 *acl = NULL; 587 return 0; 588 } 589 EXPORT_SYMBOL_GPL(posix_acl_create); 590 591 /* 592 * Fix up the uids and gids in posix acl extended attributes in place. 593 */ 594 static void posix_acl_fix_xattr_userns( 595 struct user_namespace *to, struct user_namespace *from, 596 void *value, size_t size) 597 { 598 posix_acl_xattr_header *header = (posix_acl_xattr_header *)value; 599 posix_acl_xattr_entry *entry = (posix_acl_xattr_entry *)(header+1), *end; 600 int count; 601 kuid_t uid; 602 kgid_t gid; 603 604 if (!value) 605 return; 606 if (size < sizeof(posix_acl_xattr_header)) 607 return; 608 if (header->a_version != cpu_to_le32(POSIX_ACL_XATTR_VERSION)) 609 return; 610 611 count = posix_acl_xattr_count(size); 612 if (count < 0) 613 return; 614 if (count == 0) 615 return; 616 617 for (end = entry + count; entry != end; entry++) { 618 switch(le16_to_cpu(entry->e_tag)) { 619 case ACL_USER: 620 uid = make_kuid(from, le32_to_cpu(entry->e_id)); 621 entry->e_id = cpu_to_le32(from_kuid(to, uid)); 622 break; 623 case ACL_GROUP: 624 gid = make_kgid(from, le32_to_cpu(entry->e_id)); 625 entry->e_id = cpu_to_le32(from_kgid(to, gid)); 626 break; 627 default: 628 break; 629 } 630 } 631 } 632 633 void posix_acl_fix_xattr_from_user(void *value, size_t size) 634 { 635 struct user_namespace *user_ns = current_user_ns(); 636 if (user_ns == &init_user_ns) 637 return; 638 posix_acl_fix_xattr_userns(&init_user_ns, user_ns, value, size); 639 } 640 641 void posix_acl_fix_xattr_to_user(void *value, size_t size) 642 { 643 struct user_namespace *user_ns = current_user_ns(); 644 if (user_ns == &init_user_ns) 645 return; 646 posix_acl_fix_xattr_userns(user_ns, &init_user_ns, value, size); 647 } 648 649 /* 650 * Convert from extended attribute to in-memory representation. 651 */ 652 struct posix_acl * 653 posix_acl_from_xattr(struct user_namespace *user_ns, 654 const void *value, size_t size) 655 { 656 posix_acl_xattr_header *header = (posix_acl_xattr_header *)value; 657 posix_acl_xattr_entry *entry = (posix_acl_xattr_entry *)(header+1), *end; 658 int count; 659 struct posix_acl *acl; 660 struct posix_acl_entry *acl_e; 661 662 if (!value) 663 return NULL; 664 if (size < sizeof(posix_acl_xattr_header)) 665 return ERR_PTR(-EINVAL); 666 if (header->a_version != cpu_to_le32(POSIX_ACL_XATTR_VERSION)) 667 return ERR_PTR(-EOPNOTSUPP); 668 669 count = posix_acl_xattr_count(size); 670 if (count < 0) 671 return ERR_PTR(-EINVAL); 672 if (count == 0) 673 return NULL; 674 675 acl = posix_acl_alloc(count, GFP_NOFS); 676 if (!acl) 677 return ERR_PTR(-ENOMEM); 678 acl_e = acl->a_entries; 679 680 for (end = entry + count; entry != end; acl_e++, entry++) { 681 acl_e->e_tag = le16_to_cpu(entry->e_tag); 682 acl_e->e_perm = le16_to_cpu(entry->e_perm); 683 684 switch(acl_e->e_tag) { 685 case ACL_USER_OBJ: 686 case ACL_GROUP_OBJ: 687 case ACL_MASK: 688 case ACL_OTHER: 689 break; 690 691 case ACL_USER: 692 acl_e->e_uid = 693 make_kuid(user_ns, 694 le32_to_cpu(entry->e_id)); 695 if (!uid_valid(acl_e->e_uid)) 696 goto fail; 697 break; 698 case ACL_GROUP: 699 acl_e->e_gid = 700 make_kgid(user_ns, 701 le32_to_cpu(entry->e_id)); 702 if (!gid_valid(acl_e->e_gid)) 703 goto fail; 704 break; 705 706 default: 707 goto fail; 708 } 709 } 710 return acl; 711 712 fail: 713 posix_acl_release(acl); 714 return ERR_PTR(-EINVAL); 715 } 716 EXPORT_SYMBOL (posix_acl_from_xattr); 717 718 /* 719 * Convert from in-memory to extended attribute representation. 720 */ 721 int 722 posix_acl_to_xattr(struct user_namespace *user_ns, const struct posix_acl *acl, 723 void *buffer, size_t size) 724 { 725 posix_acl_xattr_header *ext_acl = (posix_acl_xattr_header *)buffer; 726 posix_acl_xattr_entry *ext_entry; 727 int real_size, n; 728 729 real_size = posix_acl_xattr_size(acl->a_count); 730 if (!buffer) 731 return real_size; 732 if (real_size > size) 733 return -ERANGE; 734 735 ext_entry = ext_acl->a_entries; 736 ext_acl->a_version = cpu_to_le32(POSIX_ACL_XATTR_VERSION); 737 738 for (n=0; n < acl->a_count; n++, ext_entry++) { 739 const struct posix_acl_entry *acl_e = &acl->a_entries[n]; 740 ext_entry->e_tag = cpu_to_le16(acl_e->e_tag); 741 ext_entry->e_perm = cpu_to_le16(acl_e->e_perm); 742 switch(acl_e->e_tag) { 743 case ACL_USER: 744 ext_entry->e_id = 745 cpu_to_le32(from_kuid(user_ns, acl_e->e_uid)); 746 break; 747 case ACL_GROUP: 748 ext_entry->e_id = 749 cpu_to_le32(from_kgid(user_ns, acl_e->e_gid)); 750 break; 751 default: 752 ext_entry->e_id = cpu_to_le32(ACL_UNDEFINED_ID); 753 break; 754 } 755 } 756 return real_size; 757 } 758 EXPORT_SYMBOL (posix_acl_to_xattr); 759 760 static int 761 posix_acl_xattr_get(struct dentry *dentry, const char *name, 762 void *value, size_t size, int type) 763 { 764 struct posix_acl *acl; 765 int error; 766 767 if (!IS_POSIXACL(dentry->d_inode)) 768 return -EOPNOTSUPP; 769 if (S_ISLNK(dentry->d_inode->i_mode)) 770 return -EOPNOTSUPP; 771 772 acl = get_acl(dentry->d_inode, type); 773 if (IS_ERR(acl)) 774 return PTR_ERR(acl); 775 if (acl == NULL) 776 return -ENODATA; 777 778 error = posix_acl_to_xattr(&init_user_ns, acl, value, size); 779 posix_acl_release(acl); 780 781 return error; 782 } 783 784 static int 785 posix_acl_xattr_set(struct dentry *dentry, const char *name, 786 const void *value, size_t size, int flags, int type) 787 { 788 struct inode *inode = dentry->d_inode; 789 struct posix_acl *acl = NULL; 790 int ret; 791 792 if (!IS_POSIXACL(inode)) 793 return -EOPNOTSUPP; 794 if (!inode->i_op->set_acl) 795 return -EOPNOTSUPP; 796 797 if (type == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode)) 798 return value ? -EACCES : 0; 799 if (!inode_owner_or_capable(inode)) 800 return -EPERM; 801 802 if (value) { 803 acl = posix_acl_from_xattr(&init_user_ns, value, size); 804 if (IS_ERR(acl)) 805 return PTR_ERR(acl); 806 807 if (acl) { 808 ret = posix_acl_valid(acl); 809 if (ret) 810 goto out; 811 } 812 } 813 814 ret = inode->i_op->set_acl(inode, acl, type); 815 out: 816 posix_acl_release(acl); 817 return ret; 818 } 819 820 static size_t 821 posix_acl_xattr_list(struct dentry *dentry, char *list, size_t list_size, 822 const char *name, size_t name_len, int type) 823 { 824 const char *xname; 825 size_t size; 826 827 if (!IS_POSIXACL(dentry->d_inode)) 828 return -EOPNOTSUPP; 829 if (S_ISLNK(dentry->d_inode->i_mode)) 830 return -EOPNOTSUPP; 831 832 if (type == ACL_TYPE_ACCESS) 833 xname = POSIX_ACL_XATTR_ACCESS; 834 else 835 xname = POSIX_ACL_XATTR_DEFAULT; 836 837 size = strlen(xname) + 1; 838 if (list && size <= list_size) 839 memcpy(list, xname, size); 840 return size; 841 } 842 843 const struct xattr_handler posix_acl_access_xattr_handler = { 844 .prefix = POSIX_ACL_XATTR_ACCESS, 845 .flags = ACL_TYPE_ACCESS, 846 .list = posix_acl_xattr_list, 847 .get = posix_acl_xattr_get, 848 .set = posix_acl_xattr_set, 849 }; 850 EXPORT_SYMBOL_GPL(posix_acl_access_xattr_handler); 851 852 const struct xattr_handler posix_acl_default_xattr_handler = { 853 .prefix = POSIX_ACL_XATTR_DEFAULT, 854 .flags = ACL_TYPE_DEFAULT, 855 .list = posix_acl_xattr_list, 856 .get = posix_acl_xattr_get, 857 .set = posix_acl_xattr_set, 858 }; 859 EXPORT_SYMBOL_GPL(posix_acl_default_xattr_handler); 860 861 int simple_set_acl(struct inode *inode, struct posix_acl *acl, int type) 862 { 863 int error; 864 865 if (type == ACL_TYPE_ACCESS) { 866 error = posix_acl_equiv_mode(acl, &inode->i_mode); 867 if (error < 0) 868 return 0; 869 if (error == 0) 870 acl = NULL; 871 } 872 873 inode->i_ctime = CURRENT_TIME; 874 set_cached_acl(inode, type, acl); 875 return 0; 876 } 877 878 int simple_acl_create(struct inode *dir, struct inode *inode) 879 { 880 struct posix_acl *default_acl, *acl; 881 int error; 882 883 error = posix_acl_create(dir, &inode->i_mode, &default_acl, &acl); 884 if (error) 885 return error; 886 887 set_cached_acl(inode, ACL_TYPE_DEFAULT, default_acl); 888 set_cached_acl(inode, ACL_TYPE_ACCESS, acl); 889 890 if (default_acl) 891 posix_acl_release(default_acl); 892 if (acl) 893 posix_acl_release(acl); 894 return 0; 895 } 896