1 /* 2 * Copyright (C) 2002,2003 by Andreas Gruenbacher <a.gruenbacher@computer.org> 3 * 4 * Fixes from William Schumacher incorporated on 15 March 2001. 5 * (Reported by Charles Bertsch, <CBertsch@microtest.com>). 6 */ 7 8 /* 9 * This file contains generic functions for manipulating 10 * POSIX 1003.1e draft standard 17 ACLs. 11 */ 12 13 #include <linux/kernel.h> 14 #include <linux/slab.h> 15 #include <linux/atomic.h> 16 #include <linux/fs.h> 17 #include <linux/sched.h> 18 #include <linux/posix_acl.h> 19 #include <linux/posix_acl_xattr.h> 20 #include <linux/xattr.h> 21 #include <linux/export.h> 22 #include <linux/user_namespace.h> 23 24 struct posix_acl **acl_by_type(struct inode *inode, int type) 25 { 26 switch (type) { 27 case ACL_TYPE_ACCESS: 28 return &inode->i_acl; 29 case ACL_TYPE_DEFAULT: 30 return &inode->i_default_acl; 31 default: 32 BUG(); 33 } 34 } 35 EXPORT_SYMBOL(acl_by_type); 36 37 struct posix_acl *get_cached_acl(struct inode *inode, int type) 38 { 39 struct posix_acl **p = acl_by_type(inode, type); 40 struct posix_acl *acl = ACCESS_ONCE(*p); 41 if (acl) { 42 spin_lock(&inode->i_lock); 43 acl = *p; 44 if (acl != ACL_NOT_CACHED) 45 acl = posix_acl_dup(acl); 46 spin_unlock(&inode->i_lock); 47 } 48 return acl; 49 } 50 EXPORT_SYMBOL(get_cached_acl); 51 52 struct posix_acl *get_cached_acl_rcu(struct inode *inode, int type) 53 { 54 return rcu_dereference(*acl_by_type(inode, type)); 55 } 56 EXPORT_SYMBOL(get_cached_acl_rcu); 57 58 void set_cached_acl(struct inode *inode, int type, struct posix_acl *acl) 59 { 60 struct posix_acl **p = acl_by_type(inode, type); 61 struct posix_acl *old; 62 spin_lock(&inode->i_lock); 63 old = *p; 64 rcu_assign_pointer(*p, posix_acl_dup(acl)); 65 spin_unlock(&inode->i_lock); 66 if (old != ACL_NOT_CACHED) 67 posix_acl_release(old); 68 } 69 EXPORT_SYMBOL(set_cached_acl); 70 71 void forget_cached_acl(struct inode *inode, int type) 72 { 73 struct posix_acl **p = acl_by_type(inode, type); 74 struct posix_acl *old; 75 spin_lock(&inode->i_lock); 76 old = *p; 77 *p = ACL_NOT_CACHED; 78 spin_unlock(&inode->i_lock); 79 if (old != ACL_NOT_CACHED) 80 posix_acl_release(old); 81 } 82 EXPORT_SYMBOL(forget_cached_acl); 83 84 void forget_all_cached_acls(struct inode *inode) 85 { 86 struct posix_acl *old_access, *old_default; 87 spin_lock(&inode->i_lock); 88 old_access = inode->i_acl; 89 old_default = inode->i_default_acl; 90 inode->i_acl = inode->i_default_acl = ACL_NOT_CACHED; 91 spin_unlock(&inode->i_lock); 92 if (old_access != ACL_NOT_CACHED) 93 posix_acl_release(old_access); 94 if (old_default != ACL_NOT_CACHED) 95 posix_acl_release(old_default); 96 } 97 EXPORT_SYMBOL(forget_all_cached_acls); 98 99 struct posix_acl *get_acl(struct inode *inode, int type) 100 { 101 struct posix_acl *acl; 102 103 acl = get_cached_acl(inode, type); 104 if (acl != ACL_NOT_CACHED) 105 return acl; 106 107 if (!IS_POSIXACL(inode)) 108 return NULL; 109 110 /* 111 * A filesystem can force a ACL callback by just never filling the 112 * ACL cache. But normally you'd fill the cache either at inode 113 * instantiation time, or on the first ->get_acl call. 114 * 115 * If the filesystem doesn't have a get_acl() function at all, we'll 116 * just create the negative cache entry. 117 */ 118 if (!inode->i_op->get_acl) { 119 set_cached_acl(inode, type, NULL); 120 return NULL; 121 } 122 return inode->i_op->get_acl(inode, type); 123 } 124 EXPORT_SYMBOL(get_acl); 125 126 /* 127 * Init a fresh posix_acl 128 */ 129 void 130 posix_acl_init(struct posix_acl *acl, int count) 131 { 132 atomic_set(&acl->a_refcount, 1); 133 acl->a_count = count; 134 } 135 EXPORT_SYMBOL(posix_acl_init); 136 137 /* 138 * Allocate a new ACL with the specified number of entries. 139 */ 140 struct posix_acl * 141 posix_acl_alloc(int count, gfp_t flags) 142 { 143 const size_t size = sizeof(struct posix_acl) + 144 count * sizeof(struct posix_acl_entry); 145 struct posix_acl *acl = kmalloc(size, flags); 146 if (acl) 147 posix_acl_init(acl, count); 148 return acl; 149 } 150 EXPORT_SYMBOL(posix_acl_alloc); 151 152 /* 153 * Clone an ACL. 154 */ 155 static struct posix_acl * 156 posix_acl_clone(const struct posix_acl *acl, gfp_t flags) 157 { 158 struct posix_acl *clone = NULL; 159 160 if (acl) { 161 int size = sizeof(struct posix_acl) + acl->a_count * 162 sizeof(struct posix_acl_entry); 163 clone = kmemdup(acl, size, flags); 164 if (clone) 165 atomic_set(&clone->a_refcount, 1); 166 } 167 return clone; 168 } 169 170 /* 171 * Check if an acl is valid. Returns 0 if it is, or -E... otherwise. 172 */ 173 int 174 posix_acl_valid(const struct posix_acl *acl) 175 { 176 const struct posix_acl_entry *pa, *pe; 177 int state = ACL_USER_OBJ; 178 int needs_mask = 0; 179 180 FOREACH_ACL_ENTRY(pa, acl, pe) { 181 if (pa->e_perm & ~(ACL_READ|ACL_WRITE|ACL_EXECUTE)) 182 return -EINVAL; 183 switch (pa->e_tag) { 184 case ACL_USER_OBJ: 185 if (state == ACL_USER_OBJ) { 186 state = ACL_USER; 187 break; 188 } 189 return -EINVAL; 190 191 case ACL_USER: 192 if (state != ACL_USER) 193 return -EINVAL; 194 if (!uid_valid(pa->e_uid)) 195 return -EINVAL; 196 needs_mask = 1; 197 break; 198 199 case ACL_GROUP_OBJ: 200 if (state == ACL_USER) { 201 state = ACL_GROUP; 202 break; 203 } 204 return -EINVAL; 205 206 case ACL_GROUP: 207 if (state != ACL_GROUP) 208 return -EINVAL; 209 if (!gid_valid(pa->e_gid)) 210 return -EINVAL; 211 needs_mask = 1; 212 break; 213 214 case ACL_MASK: 215 if (state != ACL_GROUP) 216 return -EINVAL; 217 state = ACL_OTHER; 218 break; 219 220 case ACL_OTHER: 221 if (state == ACL_OTHER || 222 (state == ACL_GROUP && !needs_mask)) { 223 state = 0; 224 break; 225 } 226 return -EINVAL; 227 228 default: 229 return -EINVAL; 230 } 231 } 232 if (state == 0) 233 return 0; 234 return -EINVAL; 235 } 236 EXPORT_SYMBOL(posix_acl_valid); 237 238 /* 239 * Returns 0 if the acl can be exactly represented in the traditional 240 * file mode permission bits, or else 1. Returns -E... on error. 241 */ 242 int 243 posix_acl_equiv_mode(const struct posix_acl *acl, umode_t *mode_p) 244 { 245 const struct posix_acl_entry *pa, *pe; 246 umode_t mode = 0; 247 int not_equiv = 0; 248 249 /* 250 * A null ACL can always be presented as mode bits. 251 */ 252 if (!acl) 253 return 0; 254 255 FOREACH_ACL_ENTRY(pa, acl, pe) { 256 switch (pa->e_tag) { 257 case ACL_USER_OBJ: 258 mode |= (pa->e_perm & S_IRWXO) << 6; 259 break; 260 case ACL_GROUP_OBJ: 261 mode |= (pa->e_perm & S_IRWXO) << 3; 262 break; 263 case ACL_OTHER: 264 mode |= pa->e_perm & S_IRWXO; 265 break; 266 case ACL_MASK: 267 mode = (mode & ~S_IRWXG) | 268 ((pa->e_perm & S_IRWXO) << 3); 269 not_equiv = 1; 270 break; 271 case ACL_USER: 272 case ACL_GROUP: 273 not_equiv = 1; 274 break; 275 default: 276 return -EINVAL; 277 } 278 } 279 if (mode_p) 280 *mode_p = (*mode_p & ~S_IRWXUGO) | mode; 281 return not_equiv; 282 } 283 EXPORT_SYMBOL(posix_acl_equiv_mode); 284 285 /* 286 * Create an ACL representing the file mode permission bits of an inode. 287 */ 288 struct posix_acl * 289 posix_acl_from_mode(umode_t mode, gfp_t flags) 290 { 291 struct posix_acl *acl = posix_acl_alloc(3, flags); 292 if (!acl) 293 return ERR_PTR(-ENOMEM); 294 295 acl->a_entries[0].e_tag = ACL_USER_OBJ; 296 acl->a_entries[0].e_perm = (mode & S_IRWXU) >> 6; 297 298 acl->a_entries[1].e_tag = ACL_GROUP_OBJ; 299 acl->a_entries[1].e_perm = (mode & S_IRWXG) >> 3; 300 301 acl->a_entries[2].e_tag = ACL_OTHER; 302 acl->a_entries[2].e_perm = (mode & S_IRWXO); 303 return acl; 304 } 305 EXPORT_SYMBOL(posix_acl_from_mode); 306 307 /* 308 * Return 0 if current is granted want access to the inode 309 * by the acl. Returns -E... otherwise. 310 */ 311 int 312 posix_acl_permission(struct inode *inode, const struct posix_acl *acl, int want) 313 { 314 const struct posix_acl_entry *pa, *pe, *mask_obj; 315 int found = 0; 316 317 want &= MAY_READ | MAY_WRITE | MAY_EXEC | MAY_NOT_BLOCK; 318 319 FOREACH_ACL_ENTRY(pa, acl, pe) { 320 switch(pa->e_tag) { 321 case ACL_USER_OBJ: 322 /* (May have been checked already) */ 323 if (uid_eq(inode->i_uid, current_fsuid())) 324 goto check_perm; 325 break; 326 case ACL_USER: 327 if (uid_eq(pa->e_uid, current_fsuid())) 328 goto mask; 329 break; 330 case ACL_GROUP_OBJ: 331 if (in_group_p(inode->i_gid)) { 332 found = 1; 333 if ((pa->e_perm & want) == want) 334 goto mask; 335 } 336 break; 337 case ACL_GROUP: 338 if (in_group_p(pa->e_gid)) { 339 found = 1; 340 if ((pa->e_perm & want) == want) 341 goto mask; 342 } 343 break; 344 case ACL_MASK: 345 break; 346 case ACL_OTHER: 347 if (found) 348 return -EACCES; 349 else 350 goto check_perm; 351 default: 352 return -EIO; 353 } 354 } 355 return -EIO; 356 357 mask: 358 for (mask_obj = pa+1; mask_obj != pe; mask_obj++) { 359 if (mask_obj->e_tag == ACL_MASK) { 360 if ((pa->e_perm & mask_obj->e_perm & want) == want) 361 return 0; 362 return -EACCES; 363 } 364 } 365 366 check_perm: 367 if ((pa->e_perm & want) == want) 368 return 0; 369 return -EACCES; 370 } 371 372 /* 373 * Modify acl when creating a new inode. The caller must ensure the acl is 374 * only referenced once. 375 * 376 * mode_p initially must contain the mode parameter to the open() / creat() 377 * system calls. All permissions that are not granted by the acl are removed. 378 * The permissions in the acl are changed to reflect the mode_p parameter. 379 */ 380 static int posix_acl_create_masq(struct posix_acl *acl, umode_t *mode_p) 381 { 382 struct posix_acl_entry *pa, *pe; 383 struct posix_acl_entry *group_obj = NULL, *mask_obj = NULL; 384 umode_t mode = *mode_p; 385 int not_equiv = 0; 386 387 /* assert(atomic_read(acl->a_refcount) == 1); */ 388 389 FOREACH_ACL_ENTRY(pa, acl, pe) { 390 switch(pa->e_tag) { 391 case ACL_USER_OBJ: 392 pa->e_perm &= (mode >> 6) | ~S_IRWXO; 393 mode &= (pa->e_perm << 6) | ~S_IRWXU; 394 break; 395 396 case ACL_USER: 397 case ACL_GROUP: 398 not_equiv = 1; 399 break; 400 401 case ACL_GROUP_OBJ: 402 group_obj = pa; 403 break; 404 405 case ACL_OTHER: 406 pa->e_perm &= mode | ~S_IRWXO; 407 mode &= pa->e_perm | ~S_IRWXO; 408 break; 409 410 case ACL_MASK: 411 mask_obj = pa; 412 not_equiv = 1; 413 break; 414 415 default: 416 return -EIO; 417 } 418 } 419 420 if (mask_obj) { 421 mask_obj->e_perm &= (mode >> 3) | ~S_IRWXO; 422 mode &= (mask_obj->e_perm << 3) | ~S_IRWXG; 423 } else { 424 if (!group_obj) 425 return -EIO; 426 group_obj->e_perm &= (mode >> 3) | ~S_IRWXO; 427 mode &= (group_obj->e_perm << 3) | ~S_IRWXG; 428 } 429 430 *mode_p = (*mode_p & ~S_IRWXUGO) | mode; 431 return not_equiv; 432 } 433 434 /* 435 * Modify the ACL for the chmod syscall. 436 */ 437 static int __posix_acl_chmod_masq(struct posix_acl *acl, umode_t mode) 438 { 439 struct posix_acl_entry *group_obj = NULL, *mask_obj = NULL; 440 struct posix_acl_entry *pa, *pe; 441 442 /* assert(atomic_read(acl->a_refcount) == 1); */ 443 444 FOREACH_ACL_ENTRY(pa, acl, pe) { 445 switch(pa->e_tag) { 446 case ACL_USER_OBJ: 447 pa->e_perm = (mode & S_IRWXU) >> 6; 448 break; 449 450 case ACL_USER: 451 case ACL_GROUP: 452 break; 453 454 case ACL_GROUP_OBJ: 455 group_obj = pa; 456 break; 457 458 case ACL_MASK: 459 mask_obj = pa; 460 break; 461 462 case ACL_OTHER: 463 pa->e_perm = (mode & S_IRWXO); 464 break; 465 466 default: 467 return -EIO; 468 } 469 } 470 471 if (mask_obj) { 472 mask_obj->e_perm = (mode & S_IRWXG) >> 3; 473 } else { 474 if (!group_obj) 475 return -EIO; 476 group_obj->e_perm = (mode & S_IRWXG) >> 3; 477 } 478 479 return 0; 480 } 481 482 int 483 __posix_acl_create(struct posix_acl **acl, gfp_t gfp, umode_t *mode_p) 484 { 485 struct posix_acl *clone = posix_acl_clone(*acl, gfp); 486 int err = -ENOMEM; 487 if (clone) { 488 err = posix_acl_create_masq(clone, mode_p); 489 if (err < 0) { 490 posix_acl_release(clone); 491 clone = NULL; 492 } 493 } 494 posix_acl_release(*acl); 495 *acl = clone; 496 return err; 497 } 498 EXPORT_SYMBOL(__posix_acl_create); 499 500 int 501 __posix_acl_chmod(struct posix_acl **acl, gfp_t gfp, umode_t mode) 502 { 503 struct posix_acl *clone = posix_acl_clone(*acl, gfp); 504 int err = -ENOMEM; 505 if (clone) { 506 err = __posix_acl_chmod_masq(clone, mode); 507 if (err) { 508 posix_acl_release(clone); 509 clone = NULL; 510 } 511 } 512 posix_acl_release(*acl); 513 *acl = clone; 514 return err; 515 } 516 EXPORT_SYMBOL(__posix_acl_chmod); 517 518 int 519 posix_acl_chmod(struct inode *inode, umode_t mode) 520 { 521 struct posix_acl *acl; 522 int ret = 0; 523 524 if (!IS_POSIXACL(inode)) 525 return 0; 526 if (!inode->i_op->set_acl) 527 return -EOPNOTSUPP; 528 529 acl = get_acl(inode, ACL_TYPE_ACCESS); 530 if (IS_ERR_OR_NULL(acl)) { 531 if (acl == ERR_PTR(-EOPNOTSUPP)) 532 return 0; 533 return PTR_ERR(acl); 534 } 535 536 ret = __posix_acl_chmod(&acl, GFP_KERNEL, mode); 537 if (ret) 538 return ret; 539 ret = inode->i_op->set_acl(inode, acl, ACL_TYPE_ACCESS); 540 posix_acl_release(acl); 541 return ret; 542 } 543 EXPORT_SYMBOL(posix_acl_chmod); 544 545 int 546 posix_acl_create(struct inode *dir, umode_t *mode, 547 struct posix_acl **default_acl, struct posix_acl **acl) 548 { 549 struct posix_acl *p; 550 struct posix_acl *clone; 551 int ret; 552 553 *acl = NULL; 554 *default_acl = NULL; 555 556 if (S_ISLNK(*mode) || !IS_POSIXACL(dir)) 557 return 0; 558 559 p = get_acl(dir, ACL_TYPE_DEFAULT); 560 if (!p || p == ERR_PTR(-EOPNOTSUPP)) { 561 *mode &= ~current_umask(); 562 return 0; 563 } 564 if (IS_ERR(p)) 565 return PTR_ERR(p); 566 567 clone = posix_acl_clone(p, GFP_NOFS); 568 if (!clone) 569 goto no_mem; 570 571 ret = posix_acl_create_masq(clone, mode); 572 if (ret < 0) 573 goto no_mem_clone; 574 575 if (ret == 0) 576 posix_acl_release(clone); 577 else 578 *acl = clone; 579 580 if (!S_ISDIR(*mode)) 581 posix_acl_release(p); 582 else 583 *default_acl = p; 584 585 return 0; 586 587 no_mem_clone: 588 posix_acl_release(clone); 589 no_mem: 590 posix_acl_release(p); 591 return -ENOMEM; 592 } 593 EXPORT_SYMBOL_GPL(posix_acl_create); 594 595 /* 596 * Fix up the uids and gids in posix acl extended attributes in place. 597 */ 598 static void posix_acl_fix_xattr_userns( 599 struct user_namespace *to, struct user_namespace *from, 600 void *value, size_t size) 601 { 602 posix_acl_xattr_header *header = (posix_acl_xattr_header *)value; 603 posix_acl_xattr_entry *entry = (posix_acl_xattr_entry *)(header+1), *end; 604 int count; 605 kuid_t uid; 606 kgid_t gid; 607 608 if (!value) 609 return; 610 if (size < sizeof(posix_acl_xattr_header)) 611 return; 612 if (header->a_version != cpu_to_le32(POSIX_ACL_XATTR_VERSION)) 613 return; 614 615 count = posix_acl_xattr_count(size); 616 if (count < 0) 617 return; 618 if (count == 0) 619 return; 620 621 for (end = entry + count; entry != end; entry++) { 622 switch(le16_to_cpu(entry->e_tag)) { 623 case ACL_USER: 624 uid = make_kuid(from, le32_to_cpu(entry->e_id)); 625 entry->e_id = cpu_to_le32(from_kuid(to, uid)); 626 break; 627 case ACL_GROUP: 628 gid = make_kgid(from, le32_to_cpu(entry->e_id)); 629 entry->e_id = cpu_to_le32(from_kgid(to, gid)); 630 break; 631 default: 632 break; 633 } 634 } 635 } 636 637 void posix_acl_fix_xattr_from_user(void *value, size_t size) 638 { 639 struct user_namespace *user_ns = current_user_ns(); 640 if (user_ns == &init_user_ns) 641 return; 642 posix_acl_fix_xattr_userns(&init_user_ns, user_ns, value, size); 643 } 644 645 void posix_acl_fix_xattr_to_user(void *value, size_t size) 646 { 647 struct user_namespace *user_ns = current_user_ns(); 648 if (user_ns == &init_user_ns) 649 return; 650 posix_acl_fix_xattr_userns(user_ns, &init_user_ns, value, size); 651 } 652 653 /* 654 * Convert from extended attribute to in-memory representation. 655 */ 656 struct posix_acl * 657 posix_acl_from_xattr(struct user_namespace *user_ns, 658 const void *value, size_t size) 659 { 660 posix_acl_xattr_header *header = (posix_acl_xattr_header *)value; 661 posix_acl_xattr_entry *entry = (posix_acl_xattr_entry *)(header+1), *end; 662 int count; 663 struct posix_acl *acl; 664 struct posix_acl_entry *acl_e; 665 666 if (!value) 667 return NULL; 668 if (size < sizeof(posix_acl_xattr_header)) 669 return ERR_PTR(-EINVAL); 670 if (header->a_version != cpu_to_le32(POSIX_ACL_XATTR_VERSION)) 671 return ERR_PTR(-EOPNOTSUPP); 672 673 count = posix_acl_xattr_count(size); 674 if (count < 0) 675 return ERR_PTR(-EINVAL); 676 if (count == 0) 677 return NULL; 678 679 acl = posix_acl_alloc(count, GFP_NOFS); 680 if (!acl) 681 return ERR_PTR(-ENOMEM); 682 acl_e = acl->a_entries; 683 684 for (end = entry + count; entry != end; acl_e++, entry++) { 685 acl_e->e_tag = le16_to_cpu(entry->e_tag); 686 acl_e->e_perm = le16_to_cpu(entry->e_perm); 687 688 switch(acl_e->e_tag) { 689 case ACL_USER_OBJ: 690 case ACL_GROUP_OBJ: 691 case ACL_MASK: 692 case ACL_OTHER: 693 break; 694 695 case ACL_USER: 696 acl_e->e_uid = 697 make_kuid(user_ns, 698 le32_to_cpu(entry->e_id)); 699 if (!uid_valid(acl_e->e_uid)) 700 goto fail; 701 break; 702 case ACL_GROUP: 703 acl_e->e_gid = 704 make_kgid(user_ns, 705 le32_to_cpu(entry->e_id)); 706 if (!gid_valid(acl_e->e_gid)) 707 goto fail; 708 break; 709 710 default: 711 goto fail; 712 } 713 } 714 return acl; 715 716 fail: 717 posix_acl_release(acl); 718 return ERR_PTR(-EINVAL); 719 } 720 EXPORT_SYMBOL (posix_acl_from_xattr); 721 722 /* 723 * Convert from in-memory to extended attribute representation. 724 */ 725 int 726 posix_acl_to_xattr(struct user_namespace *user_ns, const struct posix_acl *acl, 727 void *buffer, size_t size) 728 { 729 posix_acl_xattr_header *ext_acl = (posix_acl_xattr_header *)buffer; 730 posix_acl_xattr_entry *ext_entry; 731 int real_size, n; 732 733 real_size = posix_acl_xattr_size(acl->a_count); 734 if (!buffer) 735 return real_size; 736 if (real_size > size) 737 return -ERANGE; 738 739 ext_entry = ext_acl->a_entries; 740 ext_acl->a_version = cpu_to_le32(POSIX_ACL_XATTR_VERSION); 741 742 for (n=0; n < acl->a_count; n++, ext_entry++) { 743 const struct posix_acl_entry *acl_e = &acl->a_entries[n]; 744 ext_entry->e_tag = cpu_to_le16(acl_e->e_tag); 745 ext_entry->e_perm = cpu_to_le16(acl_e->e_perm); 746 switch(acl_e->e_tag) { 747 case ACL_USER: 748 ext_entry->e_id = 749 cpu_to_le32(from_kuid(user_ns, acl_e->e_uid)); 750 break; 751 case ACL_GROUP: 752 ext_entry->e_id = 753 cpu_to_le32(from_kgid(user_ns, acl_e->e_gid)); 754 break; 755 default: 756 ext_entry->e_id = cpu_to_le32(ACL_UNDEFINED_ID); 757 break; 758 } 759 } 760 return real_size; 761 } 762 EXPORT_SYMBOL (posix_acl_to_xattr); 763 764 static int 765 posix_acl_xattr_get(struct dentry *dentry, const char *name, 766 void *value, size_t size, int type) 767 { 768 struct posix_acl *acl; 769 int error; 770 771 if (!IS_POSIXACL(d_backing_inode(dentry))) 772 return -EOPNOTSUPP; 773 if (d_is_symlink(dentry)) 774 return -EOPNOTSUPP; 775 776 acl = get_acl(d_backing_inode(dentry), type); 777 if (IS_ERR(acl)) 778 return PTR_ERR(acl); 779 if (acl == NULL) 780 return -ENODATA; 781 782 error = posix_acl_to_xattr(&init_user_ns, acl, value, size); 783 posix_acl_release(acl); 784 785 return error; 786 } 787 788 static int 789 posix_acl_xattr_set(struct dentry *dentry, const char *name, 790 const void *value, size_t size, int flags, int type) 791 { 792 struct inode *inode = d_backing_inode(dentry); 793 struct posix_acl *acl = NULL; 794 int ret; 795 796 if (!IS_POSIXACL(inode)) 797 return -EOPNOTSUPP; 798 if (!inode->i_op->set_acl) 799 return -EOPNOTSUPP; 800 801 if (type == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode)) 802 return value ? -EACCES : 0; 803 if (!inode_owner_or_capable(inode)) 804 return -EPERM; 805 806 if (value) { 807 acl = posix_acl_from_xattr(&init_user_ns, value, size); 808 if (IS_ERR(acl)) 809 return PTR_ERR(acl); 810 811 if (acl) { 812 ret = posix_acl_valid(acl); 813 if (ret) 814 goto out; 815 } 816 } 817 818 ret = inode->i_op->set_acl(inode, acl, type); 819 out: 820 posix_acl_release(acl); 821 return ret; 822 } 823 824 static size_t 825 posix_acl_xattr_list(struct dentry *dentry, char *list, size_t list_size, 826 const char *name, size_t name_len, int type) 827 { 828 const char *xname; 829 size_t size; 830 831 if (!IS_POSIXACL(d_backing_inode(dentry))) 832 return -EOPNOTSUPP; 833 if (d_is_symlink(dentry)) 834 return -EOPNOTSUPP; 835 836 if (type == ACL_TYPE_ACCESS) 837 xname = POSIX_ACL_XATTR_ACCESS; 838 else 839 xname = POSIX_ACL_XATTR_DEFAULT; 840 841 size = strlen(xname) + 1; 842 if (list && size <= list_size) 843 memcpy(list, xname, size); 844 return size; 845 } 846 847 const struct xattr_handler posix_acl_access_xattr_handler = { 848 .prefix = POSIX_ACL_XATTR_ACCESS, 849 .flags = ACL_TYPE_ACCESS, 850 .list = posix_acl_xattr_list, 851 .get = posix_acl_xattr_get, 852 .set = posix_acl_xattr_set, 853 }; 854 EXPORT_SYMBOL_GPL(posix_acl_access_xattr_handler); 855 856 const struct xattr_handler posix_acl_default_xattr_handler = { 857 .prefix = POSIX_ACL_XATTR_DEFAULT, 858 .flags = ACL_TYPE_DEFAULT, 859 .list = posix_acl_xattr_list, 860 .get = posix_acl_xattr_get, 861 .set = posix_acl_xattr_set, 862 }; 863 EXPORT_SYMBOL_GPL(posix_acl_default_xattr_handler); 864 865 int simple_set_acl(struct inode *inode, struct posix_acl *acl, int type) 866 { 867 int error; 868 869 if (type == ACL_TYPE_ACCESS) { 870 error = posix_acl_equiv_mode(acl, &inode->i_mode); 871 if (error < 0) 872 return 0; 873 if (error == 0) 874 acl = NULL; 875 } 876 877 inode->i_ctime = CURRENT_TIME; 878 set_cached_acl(inode, type, acl); 879 return 0; 880 } 881 882 int simple_acl_create(struct inode *dir, struct inode *inode) 883 { 884 struct posix_acl *default_acl, *acl; 885 int error; 886 887 error = posix_acl_create(dir, &inode->i_mode, &default_acl, &acl); 888 if (error) 889 return error; 890 891 set_cached_acl(inode, ACL_TYPE_DEFAULT, default_acl); 892 set_cached_acl(inode, ACL_TYPE_ACCESS, acl); 893 894 if (default_acl) 895 posix_acl_release(default_acl); 896 if (acl) 897 posix_acl_release(acl); 898 return 0; 899 } 900