From patchwork Wed Jun 24 21:56:59 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Andreas_Gr=C3=BCnbacher?= X-Patchwork-Id: 6670661 Return-Path: X-Original-To: patchwork-linux-fsdevel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id CFDA59F39B for ; Wed, 24 Jun 2015 22:03:45 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id CE53A20569 for ; Wed, 24 Jun 2015 22:03:44 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id B096C20547 for ; Wed, 24 Jun 2015 22:03:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752368AbbFXV54 (ORCPT ); Wed, 24 Jun 2015 17:57:56 -0400 Received: from mail-wi0-f169.google.com ([209.85.212.169]:37982 "EHLO mail-wi0-f169.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752189AbbFXV5r (ORCPT ); Wed, 24 Jun 2015 17:57:47 -0400 Received: by wibdq8 with SMTP id dq8so58947772wib.1; Wed, 24 Jun 2015 14:57:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:message-id:in-reply-to:references; bh=MEe9TGE5MEyuwkC2UIjS8Q3dW6vVKQktOvOkZxq9jXc=; b=dcXU5ZoXHSPK2NuuogjIAVuSEcx2rhDGQAd1/L+OivruTVw/O/gNNIDgTLiVH5XiSn svJP2tSvSeVwF2jSID0AfbwDSjtuW8bC7FBs8L8LrdxMHlJoK33YyJanKfaIUm85+si+ pyoeb2zgvta2rZ6iCWpks1yWHChwILjNxOxinBL7j0FoRLnkeUxJajokI+UGnfdBEidl 0R7hOyC+sIajs7L50xSSyQ7abxdgi4xsNE4f47XzEve1za7RSUCesF0kZmm0ytHTDxyE j93rGqmaqlbGJK8r8Jw8x17rcRfjsJ3rJ1l3a0M49+sl4+6JxhYawmtMVl8WI5jyMrQQ jFMg== X-Received: by 10.180.11.174 with SMTP id r14mr8637110wib.72.1435183064898; Wed, 24 Jun 2015 14:57:44 -0700 (PDT) Received: from nuc.home.com (80-110-112-232.cgn.dynamic.surfer.at. [80.110.112.232]) by mx.google.com with ESMTPSA id lu5sm42559880wjb.9.2015.06.24.14.57.43 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 24 Jun 2015 14:57:44 -0700 (PDT) From: Andreas Gruenbacher X-Google-Original-From: Andreas Gruenbacher To: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-nfs@vger.kernel.org, linux-api@vger.kernel.org, samba-technical@lists.samba.org, linux-security-module@vger.kernel.org Subject: [RFC v4 10/31] richacl: Permission check algorithm Date: Wed, 24 Jun 2015 23:56:59 +0200 Message-Id: <1435183040-22726-11-git-send-email-agruenba@redhat.com> X-Mailer: git-send-email 2.4.2 In-Reply-To: <1435183040-22726-1-git-send-email-agruenba@redhat.com> References: <1435183040-22726-1-git-send-email-agruenba@redhat.com> Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Spam-Status: No, score=-5.7 required=5.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, SUSPICIOUS_RECIPS, T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP A richacl roughly grants a requested access if the NFSv4 acl in the richacl grants the requested permissions according to the NFSv4 permission check algorithm and the file mask that applies to the process includes the requested permissions. Signed-off-by: Andreas Gruenbacher --- fs/Makefile | 2 +- fs/richacl_inode.c | 122 ++++++++++++++++++++++++++++++++++++++++++++++++ include/linux/richacl.h | 3 ++ 3 files changed, 126 insertions(+), 1 deletion(-) create mode 100644 fs/richacl_inode.c diff --git a/fs/Makefile b/fs/Makefile index 654e716..c3602b7 100644 --- a/fs/Makefile +++ b/fs/Makefile @@ -48,7 +48,7 @@ obj-$(CONFIG_SYSCTL) += drop_caches.o obj-$(CONFIG_FHANDLE) += fhandle.o obj-$(CONFIG_FS_RICHACL) += richacl.o -richacl-y := richacl_base.o +richacl-y := richacl_base.o richacl_inode.o obj-y += quota/ diff --git a/fs/richacl_inode.c b/fs/richacl_inode.c new file mode 100644 index 0000000..159510b --- /dev/null +++ b/fs/richacl_inode.c @@ -0,0 +1,122 @@ +/* + * Copyright (C) 2010 Novell, Inc. + * Copyright (C) 2015 Red Hat, Inc. + * Written by Andreas Gruenbacher + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2, or (at your option) any + * later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + */ + +#include +#include +#include +#include +#include + +/** + * richacl_permission - richacl permission check algorithm + * @inode: inode to check + * @acl: rich acl of the inode + * @want: requested access (MAY_* flags) + * + * Checks if the current process is granted @mask flags in @acl. + */ +int +richacl_permission(struct inode *inode, const struct richacl *acl, + int want) +{ + const struct richace *ace; + unsigned int mask = richacl_want_to_mask(want); + unsigned int requested = mask, denied = 0; + int in_owning_group = in_group_p(inode->i_gid); + int in_owner_or_group_class = in_owning_group; + + /* + * A process is + * - in the owner file class if it owns the file, + * - in the group file class if it is in the file's owning group or + * it matches any of the user or group entries, and + * - in the other file class otherwise. + * The file class is only relevant for determining which file mask to + * apply, which only happens for masked acls. + */ + if (acl->a_flags & RICHACL_MASKED) { + if (uid_eq(current_fsuid(), inode->i_uid)) { + denied = requested & ~acl->a_owner_mask; + goto out; + } + } else { + /* + * We don't care which class the process is in when the acl is + * not masked. + */ + in_owner_or_group_class = 1; + } + + /* + * Check if the acl grants the requested access and determine which + * file class the process is in. + */ + richacl_for_each_entry(ace, acl) { + unsigned int ace_mask = ace->e_mask; + + if (richace_is_inherit_only(ace)) + continue; + if (richace_is_owner(ace)) { + if (!uid_eq(current_fsuid(), inode->i_uid)) + continue; + } else if (richace_is_group(ace)) { + if (!in_owning_group) + continue; + } else if (richace_is_unix_user(ace)) { + kuid_t uid = current_fsuid(); + + if (!uid_eq(uid, ace->e_id.uid)) + continue; + } else if (richace_is_unix_group(ace)) { + if (!in_group_p(ace->e_id.gid)) + continue; + } else + goto entry_matches_everyone; + + /* The process is in the owner or group file class. */ + in_owner_or_group_class = 1; + +entry_matches_everyone: + /* Check which mask flags the ACE allows or denies. */ + if (richace_is_deny(ace)) + denied |= ace_mask & mask; + mask &= ~ace_mask; + + /* + * Keep going until we know which file class + * the process is in. + */ + if (!mask && in_owner_or_group_class) + break; + } + denied |= mask; + + if (acl->a_flags & RICHACL_MASKED) { + /* + * The file class a process is in determines which file mask + * applies. Check if that file mask also grants the requested + * access. + */ + if (in_owner_or_group_class) + denied |= requested & ~acl->a_group_mask; + else + denied = requested & ~acl->a_other_mask; + } + +out: + return denied ? -EACCES : 0; +} +EXPORT_SYMBOL_GPL(richacl_permission); diff --git a/include/linux/richacl.h b/include/linux/richacl.h index c2a10b5..b828615 100644 --- a/include/linux/richacl.h +++ b/include/linux/richacl.h @@ -303,4 +303,7 @@ extern unsigned int richacl_want_to_mask(unsigned int); extern void richacl_compute_max_masks(struct richacl *, kuid_t); extern struct richacl *richacl_chmod(struct richacl *, mode_t); +/* richacl_inode.c */ +extern int richacl_permission(struct inode *, const struct richacl *, int); + #endif /* __RICHACL_H */