[PATCH] Access Control Lists for tmpfs

Add access control lists for tmpfs. Signed-off-by: Andreas Gruenbacher <agruen@suse.de> Cc: Hugh Dickins <hugh@veritas.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
author: Andreas Gruenbacher <agruen@suse.de> 2006-09-29 05:01:35 -0400
committer: Linus Torvalds <torvalds@g5.osdl.org> 2006-09-29 12:18:24 -0400
commit: 39f0247d3823e4e0bf8f6838a10362864b1e1053 (patch)
tree: f5808b2bb5fd719c42c7068e2dc43a4b8f402304
parent: f0c8bd164e1a0585d7e46896553136b4f488bd19 (diff)
5 files changed, 332 insertions, 2 deletions
diff --git a/fs/Kconfig b/fs/Kconfig
index deb9eec9f6ee..4fd9efac29ab 100644
--- a/fs/Kconfig
+++ b/fs/Kconfig
@@ -881,6 +881,19 @@ config TMPFS
          See <file:Documentation/filesystems/tmpfs.txt> for details.
+config TMPFS_POSIX_ACL
+        bool "Tmpfs POSIX Access Control Lists"
+        depends on TMPFS
+        select GENERIC_ACL
+        help
+          POSIX Access Control Lists (ACLs) support permissions for users and
+          groups beyond the owner/group/world scheme.
+          To learn more about Access Control Lists, visit the POSIX ACLs for
+          Linux website <http://acl.bestbits.at/>.
+          If you don't know what Access Control Lists are, say N.
 config HUGETLBFS
        bool "HugeTLB file system support"
        depends X86 || IA64 || PPC64 || SPARC64 || SUPERH || BROKEN
diff --git a/include/linux/shmem_fs.h b/include/linux/shmem_fs.h
index c057f0b32318..f3c51899117f 100644
--- a/include/linux/shmem_fs.h
+++ b/include/linux/shmem_fs.h
@@ -19,6 +19,10 @@ struct shmem_inode_info {
        swp_entry_t             i_direct[SHMEM_NR_DIRECT]; /* first blocks */
        struct list_head        swaplist;       /* chain of maybes on swap */
        struct inode            vfs_inode;
+#ifdef CONFIG_TMPFS_POSIX_ACL
+        struct posix_acl        *i_acl;
+        struct posix_acl        *i_default_acl;
+#endif
 };
 struct shmem_sb_info {
@@ -36,4 +40,24 @@ static inline struct shmem_inode_info *SHMEM_I(struct inode *inode)
        return container_of(inode, struct shmem_inode_info, vfs_inode);
 }
+#ifdef CONFIG_TMPFS_POSIX_ACL
+int shmem_permission(struct inode *, int, struct nameidata *);
+int shmem_acl_init(struct inode *, struct inode *);
+void shmem_acl_destroy_inode(struct inode *);
+extern struct xattr_handler shmem_xattr_acl_access_handler;
+extern struct xattr_handler shmem_xattr_acl_default_handler;
+extern struct generic_acl_operations shmem_acl_ops;
+#else
+static inline int shmem_acl_init(struct inode *inode, struct inode *dir)
+{
+        return 0;
+}
+static inline void shmem_acl_destroy_inode(struct inode *inode)
+{
+}
+#endif  /* CONFIG_TMPFS_POSIX_ACL */
 #endif
diff --git a/mm/Makefile b/mm/Makefile
index 60c56c0b5e10..6200c6d6afd2 100644
--- a/mm/Makefile
+++ b/mm/Makefile
@@ -17,6 +17,7 @@ obj-$(CONFIG_HUGETLBFS)	+= hugetlb.o
 obj-$(CONFIG_NUMA)      += mempolicy.o
 obj-$(CONFIG_SPARSEMEM) += sparse.o
 obj-$(CONFIG_SHMEM) += shmem.o
+obj-$(CONFIG_TMPFS_POSIX_ACL) += shmem_acl.o
 obj-$(CONFIG_TINY_SHMEM) += tiny-shmem.o
 obj-$(CONFIG_SLOB) += slob.o
 obj-$(CONFIG_SLAB) += slab.o
diff --git a/mm/shmem.c b/mm/shmem.c
index eda907c3a86a..b96de69f236b 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -26,6 +26,8 @@
 #include <linux/module.h>
 #include <linux/init.h>
 #include <linux/fs.h>
+#include <linux/xattr.h>
+#include <linux/generic_acl.h>
 #include <linux/mm.h>
 #include <linux/mman.h>
 #include <linux/file.h>
@@ -177,6 +179,7 @@ static const struct address_space_operations shmem_aops;
 static struct file_operations shmem_file_operations;
 static struct inode_operations shmem_inode_operations;
 static struct inode_operations shmem_dir_inode_operations;
+static struct inode_operations shmem_special_inode_operations;
 static struct vm_operations_struct shmem_vm_ops;
 static struct backing_dev_info shmem_backing_dev_info  __read_mostly = {
@@ -637,7 +640,7 @@ static int shmem_notify_change(struct dentry *dentry, struct iattr *attr)
        struct page *page = NULL;
        int error;
-        if (attr->ia_valid & ATTR_SIZE) {
+        if (S_ISREG(inode->i_mode) && (attr->ia_valid & ATTR_SIZE)) {
                if (attr->ia_size < inode->i_size) {
                        /*
                         * If truncating down to a partial page, then
@@ -670,6 +673,10 @@ static int shmem_notify_change(struct dentry *dentry, struct iattr *attr)
        error = inode_change_ok(inode, attr);
        if (!error)
                error = inode_setattr(inode, attr);
+#ifdef CONFIG_TMPFS_POSIX_ACL
+        if (!error && (attr->ia_valid & ATTR_MODE))
+                error = generic_acl_chmod(inode, &shmem_acl_ops);
+#endif
        if (page)
                page_cache_release(page);
        return error;
@@ -1362,6 +1369,7 @@ shmem_get_inode(struct super_block *sb, int mode, dev_t dev)
                switch (mode & S_IFMT) {
                default:
+                        inode->i_op = &shmem_special_inode_operations;
                        init_special_inode(inode, mode, dev);
                        break;
                case S_IFREG:
@@ -1682,7 +1690,11 @@ shmem_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
                                iput(inode);
                                return error;
                        }
-                        error = 0;
+                }
+                error = shmem_acl_init(inode, dir);
+                if (error) {
+                        iput(inode);
+                        return error;
                }
                if (dir->i_mode & S_ISGID) {
                        inode->i_gid = dir->i_gid;
@@ -1897,6 +1909,53 @@ static struct inode_operations shmem_symlink_inode_operations = {
        .put_link       = shmem_put_link,
 };
+#ifdef CONFIG_TMPFS_POSIX_ACL
+/**
+ * Superblocks without xattr inode operations will get security.* xattr
+ * support from the VFS "for free". As soon as we have any other xattrs
+ * like ACLs, we also need to implement the security.* handlers at
+ * filesystem level, though.
+ */
+static size_t shmem_xattr_security_list(struct inode *inode, char *list,
+                                        size_t list_len, const char *name,
+                                        size_t name_len)
+{
+        return security_inode_listsecurity(inode, list, list_len);
+}
+static int shmem_xattr_security_get(struct inode *inode, const char *name,
+                                    void *buffer, size_t size)
+{
+        if (strcmp(name, "") == 0)
+                return -EINVAL;
+        return security_inode_getsecurity(inode, name, buffer, size,
+                                          -EOPNOTSUPP);
+}
+static int shmem_xattr_security_set(struct inode *inode, const char *name,
+                                    const void *value, size_t size, int flags)
+{
+        if (strcmp(name, "") == 0)
+                return -EINVAL;
+        return security_inode_setsecurity(inode, name, value, size, flags);
+}
+struct xattr_handler shmem_xattr_security_handler = {
+        .prefix = XATTR_SECURITY_PREFIX,
+        .list   = shmem_xattr_security_list,
+        .get    = shmem_xattr_security_get,
+        .set    = shmem_xattr_security_set,
+};
+static struct xattr_handler *shmem_xattr_handlers[] = {
+        &shmem_xattr_acl_access_handler,
+        &shmem_xattr_acl_default_handler,
+        &shmem_xattr_security_handler,
+        NULL
+};
+#endif
 static int shmem_parse_options(char *options, int *mode, uid_t *uid,
        gid_t *gid, unsigned long *blocks, unsigned long *inodes,
        int *policy, nodemask_t *policy_nodes)
@@ -2094,6 +2153,10 @@ static int shmem_fill_super(struct super_block *sb,
        sb->s_magic = TMPFS_MAGIC;
        sb->s_op = &shmem_ops;
        sb->s_time_gran = 1;
+#ifdef CONFIG_TMPFS_POSIX_ACL
+        sb->s_xattr = shmem_xattr_handlers;
+        sb->s_flags |= MS_POSIXACL;
+#endif
        inode = shmem_get_inode(sb, S_IFDIR | mode, 0);
        if (!inode)
@@ -2130,6 +2193,7 @@ static void shmem_destroy_inode(struct inode *inode)
                /* only struct inode is valid if it's an inline symlink */
                mpol_free_shared_policy(&SHMEM_I(inode)->policy);
        }
+        shmem_acl_destroy_inode(inode);
        kmem_cache_free(shmem_inode_cachep, SHMEM_I(inode));
 }
@@ -2141,6 +2205,10 @@ static void init_once(void *foo, struct kmem_cache *cachep,
        if ((flags & (SLAB_CTOR_VERIFY|SLAB_CTOR_CONSTRUCTOR)) ==
            SLAB_CTOR_CONSTRUCTOR) {
                inode_init_once(&p->vfs_inode);
+#ifdef CONFIG_TMPFS_POSIX_ACL
+                p->i_acl = NULL;
+                p->i_default_acl = NULL;
+#endif
        }
 }
@@ -2184,6 +2252,14 @@ static struct inode_operations shmem_inode_operations = {
        .truncate       = shmem_truncate,
        .setattr        = shmem_notify_change,
        .truncate_range = shmem_truncate_range,
+#ifdef CONFIG_TMPFS_POSIX_ACL
+        .setxattr       = generic_setxattr,
+        .getxattr       = generic_getxattr,
+        .listxattr      = generic_listxattr,
+        .removexattr    = generic_removexattr,
+        .permission     = shmem_permission,
+#endif
 };
 static struct inode_operations shmem_dir_inode_operations = {
@@ -2198,6 +2274,25 @@ static struct inode_operations shmem_dir_inode_operations = {
        .mknod          = shmem_mknod,
        .rename         = shmem_rename,
 #endif
+#ifdef CONFIG_TMPFS_POSIX_ACL
+        .setattr        = shmem_notify_change,
+        .setxattr       = generic_setxattr,
+        .getxattr       = generic_getxattr,
+        .listxattr      = generic_listxattr,
+        .removexattr    = generic_removexattr,
+        .permission     = shmem_permission,
+#endif
+};
+static struct inode_operations shmem_special_inode_operations = {
+#ifdef CONFIG_TMPFS_POSIX_ACL
+        .setattr        = shmem_notify_change,
+        .setxattr       = generic_setxattr,
+        .getxattr       = generic_getxattr,
+        .listxattr      = generic_listxattr,
+        .removexattr    = generic_removexattr,
+        .permission     = shmem_permission,
+#endif
 };
 static struct super_operations shmem_ops = {
diff --git a/mm/shmem_acl.c b/mm/shmem_acl.c
new file mode 100644
index 000000000000..c946bf468718
--- /dev/null
+++ b/mm/shmem_acl.c
@@ -0,0 +1,197 @@
+/*
+ * mm/shmem_acl.c
+ *
+ * (C) 2005 Andreas Gruenbacher <agruen@suse.de>
+ *
+ * This file is released under the GPL.
+ */
+#include <linux/fs.h>
+#include <linux/shmem_fs.h>
+#include <linux/xattr.h>
+#include <linux/generic_acl.h>
+/**
+ * shmem_get_acl  -   generic_acl_operations->getacl() operation
+ */
+static struct posix_acl *
+shmem_get_acl(struct inode *inode, int type)
+{
+        struct posix_acl *acl = NULL;
+        spin_lock(&inode->i_lock);
+        switch(type) {
+                case ACL_TYPE_ACCESS:
+                        acl = posix_acl_dup(SHMEM_I(inode)->i_acl);
+                        break;
+                case ACL_TYPE_DEFAULT:
+                        acl = posix_acl_dup(SHMEM_I(inode)->i_default_acl);
+                        break;
+        }
+        spin_unlock(&inode->i_lock);
+        return acl;
+}
+/**
+ * shmem_get_acl  -   generic_acl_operations->setacl() operation
+ */
+static void
+shmem_set_acl(struct inode *inode, int type, struct posix_acl *acl)
+{
+        struct posix_acl *free = NULL;
+        spin_lock(&inode->i_lock);
+        switch(type) {
+                case ACL_TYPE_ACCESS:
+                        free = SHMEM_I(inode)->i_acl;
+                        SHMEM_I(inode)->i_acl = posix_acl_dup(acl);
+                        break;
+                case ACL_TYPE_DEFAULT:
+                        free = SHMEM_I(inode)->i_default_acl;
+                        SHMEM_I(inode)->i_default_acl = posix_acl_dup(acl);
+                        break;
+        }
+        spin_unlock(&inode->i_lock);
+        posix_acl_release(free);
+}
+struct generic_acl_operations shmem_acl_ops = {
+        .getacl = shmem_get_acl,
+        .setacl = shmem_set_acl,
+};
+/**
+ * shmem_list_acl_access, shmem_get_acl_access, shmem_set_acl_access,
+ * shmem_xattr_acl_access_handler  -  plumbing code to implement the
+ * system.posix_acl_access xattr using the generic acl functions.
+ */
+static size_t
+shmem_list_acl_access(struct inode *inode, char *list, size_t list_size,
+                      const char *name, size_t name_len)
+{
+        return generic_acl_list(inode, &shmem_acl_ops, ACL_TYPE_ACCESS,
+                                list, list_size);
+}
+static int
+shmem_get_acl_access(struct inode *inode, const char *name, void *buffer,
+                     size_t size)
+{
+        if (strcmp(name, "") != 0)
+                return -EINVAL;
+        return generic_acl_get(inode, &shmem_acl_ops, ACL_TYPE_ACCESS, buffer,
+                               size);
+}
+static int
+shmem_set_acl_access(struct inode *inode, const char *name, const void *value,
+                     size_t size, int flags)
+{
+        if (strcmp(name, "") != 0)
+                return -EINVAL;
+        return generic_acl_set(inode, &shmem_acl_ops, ACL_TYPE_ACCESS, value,
+                               size);
+}
+struct xattr_handler shmem_xattr_acl_access_handler = {
+        .prefix = POSIX_ACL_XATTR_ACCESS,
+        .list   = shmem_list_acl_access,
+        .get    = shmem_get_acl_access,
+        .set    = shmem_set_acl_access,
+};
+/**
+ * shmem_list_acl_default, shmem_get_acl_default, shmem_set_acl_default,
+ * shmem_xattr_acl_default_handler  -  plumbing code to implement the
+ * system.posix_acl_default xattr using the generic acl functions.
+ */
+static size_t
+shmem_list_acl_default(struct inode *inode, char *list, size_t list_size,
+                       const char *name, size_t name_len)
+{
+        return generic_acl_list(inode, &shmem_acl_ops, ACL_TYPE_DEFAULT,
+                                list, list_size);
+}
+static int
+shmem_get_acl_default(struct inode *inode, const char *name, void *buffer,
+                      size_t size)
+{
+        if (strcmp(name, "") != 0)
+                return -EINVAL;
+        return generic_acl_get(inode, &shmem_acl_ops, ACL_TYPE_DEFAULT, buffer,
+                               size);
+}
+static int
+shmem_set_acl_default(struct inode *inode, const char *name, const void *value,
+                      size_t size, int flags)
+{
+        if (strcmp(name, "") != 0)
+                return -EINVAL;
+        return generic_acl_set(inode, &shmem_acl_ops, ACL_TYPE_DEFAULT, value,
+                               size);
+}
+struct xattr_handler shmem_xattr_acl_default_handler = {
+        .prefix = POSIX_ACL_XATTR_DEFAULT,
+        .list   = shmem_list_acl_default,
+        .get    = shmem_get_acl_default,
+        .set    = shmem_set_acl_default,
+};
+/**
+ * shmem_acl_init  -  Inizialize the acl(s) of a new inode
+ */
+int
+shmem_acl_init(struct inode *inode, struct inode *dir)
+{
+        return generic_acl_init(inode, dir, &shmem_acl_ops);
+}
+/**
+ * shmem_acl_destroy_inode  -  destroy acls hanging off the in-memory inode
+ *
+ * This is done before destroying the actual inode.
+ */
+void
+shmem_acl_destroy_inode(struct inode *inode)
+{
+        if (SHMEM_I(inode)->i_acl)
+                posix_acl_release(SHMEM_I(inode)->i_acl);
+        SHMEM_I(inode)->i_acl = NULL;
+        if (SHMEM_I(inode)->i_default_acl)
+                posix_acl_release(SHMEM_I(inode)->i_default_acl);
+        SHMEM_I(inode)->i_default_acl = NULL;
+}
+/**
+ * shmem_check_acl  -  check_acl() callback for generic_permission()
+ */
+static int
+shmem_check_acl(struct inode *inode, int mask)
+{
+        struct posix_acl *acl = shmem_get_acl(inode, ACL_TYPE_ACCESS);
+        if (acl) {
+                int error = posix_acl_permission(inode, acl, mask);
+                posix_acl_release(acl);
+                return error;
+        }
+        return -EAGAIN;
+}
+/**
+ * shmem_permission  -  permission() inode operation
+ */
+int
+shmem_permission(struct inode *inode, int mask, struct nameidata *nd)
+{
+        return generic_permission(inode, mask, shmem_check_acl);
+}
author	Andreas Gruenbacher <agruen@suse.de>	2006-09-29 05:01:35 -0400
committer	Linus Torvalds <torvalds@g5.osdl.org>	2006-09-29 12:18:24 -0400
commit	39f0247d3823e4e0bf8f6838a10362864b1e1053 (patch)
tree	f5808b2bb5fd719c42c7068e2dc43a4b8f402304
parent	f0c8bd164e1a0585d7e46896553136b4f488bd19 (diff)

diff --git a/fs/Kconfig b/fs/Kconfig index deb9eec9f6ee..4fd9efac29ab 100644 --- a/fs/Kconfig +++ b/fs/Kconfig
@@ -881,6 +881,19 @@ config TMPFS
881		881
882	See <file:Documentation/filesystems/tmpfs.txt> for details.	882	See <file:Documentation/filesystems/tmpfs.txt> for details.
883		883
		884	config TMPFS_POSIX_ACL
		885	bool "Tmpfs POSIX Access Control Lists"
		886	depends on TMPFS
		887	select GENERIC_ACL
		888	help
		889	POSIX Access Control Lists (ACLs) support permissions for users and
		890	groups beyond the owner/group/world scheme.
		891
		892	To learn more about Access Control Lists, visit the POSIX ACLs for
		893	Linux website <http://acl.bestbits.at/>.
		894
		895	If you don't know what Access Control Lists are, say N.
		896
884	config HUGETLBFS	897	config HUGETLBFS
885	bool "HugeTLB file system support"	898	bool "HugeTLB file system support"
886	depends X86 \|\| IA64 \|\| PPC64 \|\| SPARC64 \|\| SUPERH \|\| BROKEN	899	depends X86 \|\| IA64 \|\| PPC64 \|\| SPARC64 \|\| SUPERH \|\| BROKEN


diff --git a/include/linux/shmem_fs.h b/include/linux/shmem_fs.h index c057f0b32318..f3c51899117f 100644 --- a/include/linux/shmem_fs.h +++ b/include/linux/shmem_fs.h
@@ -19,6 +19,10 @@ struct shmem_inode_info {
19	swp_entry_t i_direct[SHMEM_NR_DIRECT]; /* first blocks */	19	swp_entry_t i_direct[SHMEM_NR_DIRECT]; /* first blocks */
20	struct list_head swaplist; /* chain of maybes on swap */	20	struct list_head swaplist; /* chain of maybes on swap */
21	struct inode vfs_inode;	21	struct inode vfs_inode;
		22	#ifdef CONFIG_TMPFS_POSIX_ACL
		23	struct posix_acl *i_acl;
		24	struct posix_acl *i_default_acl;
		25	#endif
22	};	26	};
23		27
24	struct shmem_sb_info {	28	struct shmem_sb_info {
@@ -36,4 +40,24 @@ static inline struct shmem_inode_info SHMEM_I(struct inode inode)
36	return container_of(inode, struct shmem_inode_info, vfs_inode);	40	return container_of(inode, struct shmem_inode_info, vfs_inode);
37	}	41	}
38		42
		43	#ifdef CONFIG_TMPFS_POSIX_ACL
		44	int shmem_permission(struct inode , int, struct nameidata );
		45	int shmem_acl_init(struct inode , struct inode );
		46	void shmem_acl_destroy_inode(struct inode *);
		47
		48	extern struct xattr_handler shmem_xattr_acl_access_handler;
		49	extern struct xattr_handler shmem_xattr_acl_default_handler;
		50
		51	extern struct generic_acl_operations shmem_acl_ops;
		52
		53	#else
		54	static inline int shmem_acl_init(struct inode inode, struct inode dir)
		55	{
		56	return 0;
		57	}
		58	static inline void shmem_acl_destroy_inode(struct inode *inode)
		59	{
		60	}
		61	#endif /* CONFIG_TMPFS_POSIX_ACL */
		62
39	#endif	63	#endif


diff --git a/mm/Makefile b/mm/Makefile index 60c56c0b5e10..6200c6d6afd2 100644 --- a/mm/Makefile +++ b/mm/Makefile
@@ -17,6 +17,7 @@ obj-$(CONFIG_HUGETLBFS) += hugetlb.o
17	obj-$(CONFIG_NUMA) += mempolicy.o	17	obj-$(CONFIG_NUMA) += mempolicy.o
18	obj-$(CONFIG_SPARSEMEM) += sparse.o	18	obj-$(CONFIG_SPARSEMEM) += sparse.o
19	obj-$(CONFIG_SHMEM) += shmem.o	19	obj-$(CONFIG_SHMEM) += shmem.o
		20	obj-$(CONFIG_TMPFS_POSIX_ACL) += shmem_acl.o
20	obj-$(CONFIG_TINY_SHMEM) += tiny-shmem.o	21	obj-$(CONFIG_TINY_SHMEM) += tiny-shmem.o
21	obj-$(CONFIG_SLOB) += slob.o	22	obj-$(CONFIG_SLOB) += slob.o
22	obj-$(CONFIG_SLAB) += slab.o	23	obj-$(CONFIG_SLAB) += slab.o


diff --git a/mm/shmem.c b/mm/shmem.c index eda907c3a86a..b96de69f236b 100644 --- a/mm/shmem.c +++ b/mm/shmem.c
@@ -26,6 +26,8 @@
26	#include <linux/module.h>	26	#include <linux/module.h>
27	#include <linux/init.h>	27	#include <linux/init.h>
28	#include <linux/fs.h>	28	#include <linux/fs.h>
		29	#include <linux/xattr.h>
		30	#include <linux/generic_acl.h>
29	#include <linux/mm.h>	31	#include <linux/mm.h>
30	#include <linux/mman.h>	32	#include <linux/mman.h>
31	#include <linux/file.h>	33	#include <linux/file.h>
@@ -177,6 +179,7 @@ static const struct address_space_operations shmem_aops;
177	static struct file_operations shmem_file_operations;	179	static struct file_operations shmem_file_operations;
178	static struct inode_operations shmem_inode_operations;	180	static struct inode_operations shmem_inode_operations;
179	static struct inode_operations shmem_dir_inode_operations;	181	static struct inode_operations shmem_dir_inode_operations;
		182	static struct inode_operations shmem_special_inode_operations;
180	static struct vm_operations_struct shmem_vm_ops;	183	static struct vm_operations_struct shmem_vm_ops;
181		184
182	static struct backing_dev_info shmem_backing_dev_info __read_mostly = {	185	static struct backing_dev_info shmem_backing_dev_info __read_mostly = {
@@ -637,7 +640,7 @@ static int shmem_notify_change(struct dentry dentry, struct iattr attr)
637	struct page *page = NULL;	640	struct page *page = NULL;
638	int error;	641	int error;
639		642
640	if (attr->ia_valid & ATTR_SIZE) {	643	if (S_ISREG(inode->i_mode) && (attr->ia_valid & ATTR_SIZE)) {
641	if (attr->ia_size < inode->i_size) {	644	if (attr->ia_size < inode->i_size) {
642	/*	645	/*
643	* If truncating down to a partial page, then	646	* If truncating down to a partial page, then
@@ -670,6 +673,10 @@ static int shmem_notify_change(struct dentry dentry, struct iattr attr)
670	error = inode_change_ok(inode, attr);	673	error = inode_change_ok(inode, attr);
671	if (!error)	674	if (!error)
672	error = inode_setattr(inode, attr);	675	error = inode_setattr(inode, attr);
		676	#ifdef CONFIG_TMPFS_POSIX_ACL
		677	if (!error && (attr->ia_valid & ATTR_MODE))
		678	error = generic_acl_chmod(inode, &shmem_acl_ops);
		679	#endif
673	if (page)	680	if (page)
674	page_cache_release(page);	681	page_cache_release(page);
675	return error;	682	return error;
@@ -1362,6 +1369,7 @@ shmem_get_inode(struct super_block *sb, int mode, dev_t dev)
1362		1369
1363	switch (mode & S_IFMT) {	1370	switch (mode & S_IFMT) {
1364	default:	1371	default:
		1372	inode->i_op = &shmem_special_inode_operations;
1365	init_special_inode(inode, mode, dev);	1373	init_special_inode(inode, mode, dev);
1366	break;	1374	break;
1367	case S_IFREG:	1375	case S_IFREG:
@@ -1682,7 +1690,11 @@ shmem_mknod(struct inode dir, struct dentry dentry, int mode, dev_t dev)
1682	iput(inode);	1690	iput(inode);
1683	return error;	1691	return error;
1684	}	1692	}
1685	error = 0;	1693	}
		1694	error = shmem_acl_init(inode, dir);
		1695	if (error) {
		1696	iput(inode);
		1697	return error;
1686	}	1698	}
1687	if (dir->i_mode & S_ISGID) {	1699	if (dir->i_mode & S_ISGID) {
1688	inode->i_gid = dir->i_gid;	1700	inode->i_gid = dir->i_gid;
@@ -1897,6 +1909,53 @@ static struct inode_operations shmem_symlink_inode_operations = {
1897	.put_link = shmem_put_link,	1909	.put_link = shmem_put_link,
1898	};	1910	};
1899		1911
		1912	#ifdef CONFIG_TMPFS_POSIX_ACL
		1913	/**
		1914	* Superblocks without xattr inode operations will get security.* xattr
		1915	* support from the VFS "for free". As soon as we have any other xattrs
		1916	* like ACLs, we also need to implement the security.* handlers at
		1917	* filesystem level, though.
		1918	*/
		1919
		1920	static size_t shmem_xattr_security_list(struct inode inode, char list,
		1921	size_t list_len, const char *name,
		1922	size_t name_len)
		1923	{
		1924	return security_inode_listsecurity(inode, list, list_len);
		1925	}
		1926
		1927	static int shmem_xattr_security_get(struct inode inode, const char name,
		1928	void *buffer, size_t size)
		1929	{
		1930	if (strcmp(name, "") == 0)
		1931	return -EINVAL;
		1932	return security_inode_getsecurity(inode, name, buffer, size,
		1933	-EOPNOTSUPP);
		1934	}
		1935
		1936	static int shmem_xattr_security_set(struct inode inode, const char name,
		1937	const void *value, size_t size, int flags)
		1938	{
		1939	if (strcmp(name, "") == 0)
		1940	return -EINVAL;
		1941	return security_inode_setsecurity(inode, name, value, size, flags);
		1942	}
		1943
		1944	struct xattr_handler shmem_xattr_security_handler = {
		1945	.prefix = XATTR_SECURITY_PREFIX,
		1946	.list = shmem_xattr_security_list,
		1947	.get = shmem_xattr_security_get,
		1948	.set = shmem_xattr_security_set,
		1949	};
		1950
		1951	static struct xattr_handler *shmem_xattr_handlers[] = {
		1952	&shmem_xattr_acl_access_handler,
		1953	&shmem_xattr_acl_default_handler,
		1954	&shmem_xattr_security_handler,
		1955	NULL
		1956	};
		1957	#endif
		1958
1900	static int shmem_parse_options(char options, int mode, uid_t *uid,	1959	static int shmem_parse_options(char options, int mode, uid_t *uid,
1901	gid_t gid, unsigned long blocks, unsigned long *inodes,	1960	gid_t gid, unsigned long blocks, unsigned long *inodes,
1902	int policy, nodemask_t policy_nodes)	1961	int policy, nodemask_t policy_nodes)
@@ -2094,6 +2153,10 @@ static int shmem_fill_super(struct super_block *sb,
2094	sb->s_magic = TMPFS_MAGIC;	2153	sb->s_magic = TMPFS_MAGIC;
2095	sb->s_op = &shmem_ops;	2154	sb->s_op = &shmem_ops;
2096	sb->s_time_gran = 1;	2155	sb->s_time_gran = 1;
		2156	#ifdef CONFIG_TMPFS_POSIX_ACL
		2157	sb->s_xattr = shmem_xattr_handlers;
		2158	sb->s_flags \|= MS_POSIXACL;
		2159	#endif
2097		2160
2098	inode = shmem_get_inode(sb, S_IFDIR \| mode, 0);	2161	inode = shmem_get_inode(sb, S_IFDIR \| mode, 0);
2099	if (!inode)	2162	if (!inode)
@@ -2130,6 +2193,7 @@ static void shmem_destroy_inode(struct inode *inode)
2130	/* only struct inode is valid if it's an inline symlink */	2193	/* only struct inode is valid if it's an inline symlink */
2131	mpol_free_shared_policy(&SHMEM_I(inode)->policy);	2194	mpol_free_shared_policy(&SHMEM_I(inode)->policy);
2132	}	2195	}
		2196	shmem_acl_destroy_inode(inode);
2133	kmem_cache_free(shmem_inode_cachep, SHMEM_I(inode));	2197	kmem_cache_free(shmem_inode_cachep, SHMEM_I(inode));
2134	}	2198	}
2135		2199
@@ -2141,6 +2205,10 @@ static void init_once(void foo, struct kmem_cache cachep,
2141	if ((flags & (SLAB_CTOR_VERIFY\|SLAB_CTOR_CONSTRUCTOR)) ==	2205	if ((flags & (SLAB_CTOR_VERIFY\|SLAB_CTOR_CONSTRUCTOR)) ==
2142	SLAB_CTOR_CONSTRUCTOR) {	2206	SLAB_CTOR_CONSTRUCTOR) {
2143	inode_init_once(&p->vfs_inode);	2207	inode_init_once(&p->vfs_inode);
		2208	#ifdef CONFIG_TMPFS_POSIX_ACL
		2209	p->i_acl = NULL;
		2210	p->i_default_acl = NULL;
		2211	#endif
2144	}	2212	}
2145	}	2213	}
2146		2214
@@ -2184,6 +2252,14 @@ static struct inode_operations shmem_inode_operations = {
2184	.truncate = shmem_truncate,	2252	.truncate = shmem_truncate,
2185	.setattr = shmem_notify_change,	2253	.setattr = shmem_notify_change,
2186	.truncate_range = shmem_truncate_range,	2254	.truncate_range = shmem_truncate_range,
		2255	#ifdef CONFIG_TMPFS_POSIX_ACL
		2256	.setxattr = generic_setxattr,
		2257	.getxattr = generic_getxattr,
		2258	.listxattr = generic_listxattr,
		2259	.removexattr = generic_removexattr,
		2260	.permission = shmem_permission,
		2261	#endif
		2262
2187	};	2263	};
2188		2264
2189	static struct inode_operations shmem_dir_inode_operations = {	2265	static struct inode_operations shmem_dir_inode_operations = {
@@ -2198,6 +2274,25 @@ static struct inode_operations shmem_dir_inode_operations = {
2198	.mknod = shmem_mknod,	2274	.mknod = shmem_mknod,
2199	.rename = shmem_rename,	2275	.rename = shmem_rename,
2200	#endif	2276	#endif
		2277	#ifdef CONFIG_TMPFS_POSIX_ACL
		2278	.setattr = shmem_notify_change,
		2279	.setxattr = generic_setxattr,
		2280	.getxattr = generic_getxattr,
		2281	.listxattr = generic_listxattr,
		2282	.removexattr = generic_removexattr,
		2283	.permission = shmem_permission,
		2284	#endif
		2285	};
		2286
		2287	static struct inode_operations shmem_special_inode_operations = {
		2288	#ifdef CONFIG_TMPFS_POSIX_ACL
		2289	.setattr = shmem_notify_change,
		2290	.setxattr = generic_setxattr,
		2291	.getxattr = generic_getxattr,
		2292	.listxattr = generic_listxattr,
		2293	.removexattr = generic_removexattr,
		2294	.permission = shmem_permission,
		2295	#endif
2201	};	2296	};
2202		2297
2203	static struct super_operations shmem_ops = {	2298	static struct super_operations shmem_ops = {


diff --git a/mm/shmem_acl.c b/mm/shmem_acl.c new file mode 100644 index 000000000000..c946bf468718 --- /dev/null +++ b/mm/shmem_acl.c
@@ -0,0 +1,197 @@
		1	/*
		2	* mm/shmem_acl.c
		3	*
		4	* (C) 2005 Andreas Gruenbacher <agruen@suse.de>
		5	*
		6	* This file is released under the GPL.
		7	*/
		8
		9	#include <linux/fs.h>
		10	#include <linux/shmem_fs.h>
		11	#include <linux/xattr.h>
		12	#include <linux/generic_acl.h>
		13
		14	/**
		15	* shmem_get_acl - generic_acl_operations->getacl() operation
		16	*/
		17	static struct posix_acl *
		18	shmem_get_acl(struct inode *inode, int type)
		19	{
		20	struct posix_acl *acl = NULL;
		21
		22	spin_lock(&inode->i_lock);
		23	switch(type) {
		24	case ACL_TYPE_ACCESS:
		25	acl = posix_acl_dup(SHMEM_I(inode)->i_acl);
		26	break;
		27
		28	case ACL_TYPE_DEFAULT:
		29	acl = posix_acl_dup(SHMEM_I(inode)->i_default_acl);
		30	break;
		31	}
		32	spin_unlock(&inode->i_lock);
		33
		34	return acl;
		35	}
		36
		37	/**
		38	* shmem_get_acl - generic_acl_operations->setacl() operation
		39	*/
		40	static void
		41	shmem_set_acl(struct inode inode, int type, struct posix_acl acl)
		42	{
		43	struct posix_acl *free = NULL;
		44
		45	spin_lock(&inode->i_lock);
		46	switch(type) {
		47	case ACL_TYPE_ACCESS:
		48	free = SHMEM_I(inode)->i_acl;
		49	SHMEM_I(inode)->i_acl = posix_acl_dup(acl);
		50	break;
		51
		52	case ACL_TYPE_DEFAULT:
		53	free = SHMEM_I(inode)->i_default_acl;
		54	SHMEM_I(inode)->i_default_acl = posix_acl_dup(acl);
		55	break;
		56	}
		57	spin_unlock(&inode->i_lock);
		58	posix_acl_release(free);
		59	}
		60
		61	struct generic_acl_operations shmem_acl_ops = {
		62	.getacl = shmem_get_acl,
		63	.setacl = shmem_set_acl,
		64	};
		65
		66	/**
		67	* shmem_list_acl_access, shmem_get_acl_access, shmem_set_acl_access,
		68	* shmem_xattr_acl_access_handler - plumbing code to implement the
		69	* system.posix_acl_access xattr using the generic acl functions.
		70	*/
		71
		72	static size_t
		73	shmem_list_acl_access(struct inode inode, char list, size_t list_size,
		74	const char *name, size_t name_len)
		75	{
		76	return generic_acl_list(inode, &shmem_acl_ops, ACL_TYPE_ACCESS,
		77	list, list_size);
		78	}
		79
		80	static int
		81	shmem_get_acl_access(struct inode inode, const char name, void *buffer,
		82	size_t size)
		83	{
		84	if (strcmp(name, "") != 0)
		85	return -EINVAL;
		86	return generic_acl_get(inode, &shmem_acl_ops, ACL_TYPE_ACCESS, buffer,
		87	size);
		88	}
		89
		90	static int
		91	shmem_set_acl_access(struct inode inode, const char name, const void *value,
		92	size_t size, int flags)
		93	{
		94	if (strcmp(name, "") != 0)
		95	return -EINVAL;
		96	return generic_acl_set(inode, &shmem_acl_ops, ACL_TYPE_ACCESS, value,
		97	size);
		98	}
		99
		100	struct xattr_handler shmem_xattr_acl_access_handler = {
		101	.prefix = POSIX_ACL_XATTR_ACCESS,
		102	.list = shmem_list_acl_access,
		103	.get = shmem_get_acl_access,
		104	.set = shmem_set_acl_access,
		105	};
		106
		107	/**
		108	* shmem_list_acl_default, shmem_get_acl_default, shmem_set_acl_default,
		109	* shmem_xattr_acl_default_handler - plumbing code to implement the
		110	* system.posix_acl_default xattr using the generic acl functions.
		111	*/
		112
		113	static size_t
		114	shmem_list_acl_default(struct inode inode, char list, size_t list_size,
		115	const char *name, size_t name_len)
		116	{
		117	return generic_acl_list(inode, &shmem_acl_ops, ACL_TYPE_DEFAULT,
		118	list, list_size);
		119	}
		120
		121	static int
		122	shmem_get_acl_default(struct inode inode, const char name, void *buffer,
		123	size_t size)
		124	{
		125	if (strcmp(name, "") != 0)
		126	return -EINVAL;
		127	return generic_acl_get(inode, &shmem_acl_ops, ACL_TYPE_DEFAULT, buffer,
		128	size);
		129	}
		130
		131	static int
		132	shmem_set_acl_default(struct inode inode, const char name, const void *value,
		133	size_t size, int flags)
		134	{
		135	if (strcmp(name, "") != 0)
		136	return -EINVAL;
		137	return generic_acl_set(inode, &shmem_acl_ops, ACL_TYPE_DEFAULT, value,
		138	size);
		139	}
		140
		141	struct xattr_handler shmem_xattr_acl_default_handler = {
		142	.prefix = POSIX_ACL_XATTR_DEFAULT,
		143	.list = shmem_list_acl_default,
		144	.get = shmem_get_acl_default,
		145	.set = shmem_set_acl_default,
		146	};
		147
		148	/**
		149	* shmem_acl_init - Inizialize the acl(s) of a new inode
		150	*/
		151	int
		152	shmem_acl_init(struct inode inode, struct inode dir)
		153	{
		154	return generic_acl_init(inode, dir, &shmem_acl_ops);
		155	}
		156
		157	/**
		158	* shmem_acl_destroy_inode - destroy acls hanging off the in-memory inode
		159	*
		160	* This is done before destroying the actual inode.
		161	*/
		162
		163	void
		164	shmem_acl_destroy_inode(struct inode *inode)
		165	{
		166	if (SHMEM_I(inode)->i_acl)
		167	posix_acl_release(SHMEM_I(inode)->i_acl);
		168	SHMEM_I(inode)->i_acl = NULL;
		169	if (SHMEM_I(inode)->i_default_acl)
		170	posix_acl_release(SHMEM_I(inode)->i_default_acl);
		171	SHMEM_I(inode)->i_default_acl = NULL;
		172	}
		173
		174	/**
		175	* shmem_check_acl - check_acl() callback for generic_permission()
		176	*/
		177	static int
		178	shmem_check_acl(struct inode *inode, int mask)
		179	{
		180	struct posix_acl *acl = shmem_get_acl(inode, ACL_TYPE_ACCESS);
		181
		182	if (acl) {
		183	int error = posix_acl_permission(inode, acl, mask);
		184	posix_acl_release(acl);
		185	return error;
		186	}
		187	return -EAGAIN;
		188	}
		189
		190	/**
		191	* shmem_permission - permission() inode operation
		192	*/
		193	int
		194	shmem_permission(struct inode inode, int mask, struct nameidata nd)
		195	{
		196	return generic_permission(inode, mask, shmem_check_acl);
		197	}