diff options
| -rw-r--r-- | fs/exec.c | 5 | ||||
| -rw-r--r-- | fs/namei.c | 31 | ||||
| -rw-r--r-- | include/linux/fs.h | 1 |
3 files changed, 16 insertions, 21 deletions
| @@ -127,7 +127,8 @@ asmlinkage long sys_uselib(const char __user * library) | |||
| 127 | if (nd.path.mnt->mnt_flags & MNT_NOEXEC) | 127 | if (nd.path.mnt->mnt_flags & MNT_NOEXEC) |
| 128 | goto exit; | 128 | goto exit; |
| 129 | 129 | ||
| 130 | error = vfs_permission(&nd, MAY_READ | MAY_EXEC | MAY_OPEN); | 130 | error = inode_permission(nd.path.dentry->d_inode, |
| 131 | MAY_READ | MAY_EXEC | MAY_OPEN); | ||
| 131 | if (error) | 132 | if (error) |
| 132 | goto exit; | 133 | goto exit; |
| 133 | 134 | ||
| @@ -680,7 +681,7 @@ struct file *open_exec(const char *name) | |||
| 680 | if (nd.path.mnt->mnt_flags & MNT_NOEXEC) | 681 | if (nd.path.mnt->mnt_flags & MNT_NOEXEC) |
| 681 | goto out_path_put; | 682 | goto out_path_put; |
| 682 | 683 | ||
| 683 | err = vfs_permission(&nd, MAY_EXEC | MAY_OPEN); | 684 | err = inode_permission(nd.path.dentry->d_inode, MAY_EXEC | MAY_OPEN); |
| 684 | if (err) | 685 | if (err) |
| 685 | goto out_path_put; | 686 | goto out_path_put; |
| 686 | 687 | ||
diff --git a/fs/namei.c b/fs/namei.c index 5cc0dc95a7a5..3f88e043d459 100644 --- a/fs/namei.c +++ b/fs/namei.c | |||
| @@ -226,6 +226,16 @@ int generic_permission(struct inode *inode, int mask, | |||
| 226 | return -EACCES; | 226 | return -EACCES; |
| 227 | } | 227 | } |
| 228 | 228 | ||
| 229 | /** | ||
| 230 | * inode_permission - check for access rights to a given inode | ||
| 231 | * @inode: inode to check permission on | ||
| 232 | * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC) | ||
| 233 | * | ||
| 234 | * Used to check for read/write/execute permissions on an inode. | ||
| 235 | * We use "fsuid" for this, letting us set arbitrary permissions | ||
| 236 | * for filesystem access without changing the "normal" uids which | ||
| 237 | * are used for other things. | ||
| 238 | */ | ||
| 229 | int inode_permission(struct inode *inode, int mask) | 239 | int inode_permission(struct inode *inode, int mask) |
| 230 | { | 240 | { |
| 231 | int retval; | 241 | int retval; |
| @@ -264,21 +274,6 @@ int inode_permission(struct inode *inode, int mask) | |||
| 264 | } | 274 | } |
| 265 | 275 | ||
| 266 | /** | 276 | /** |
| 267 | * vfs_permission - check for access rights to a given path | ||
| 268 | * @nd: lookup result that describes the path | ||
| 269 | * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC) | ||
| 270 | * | ||
| 271 | * Used to check for read/write/execute permissions on a path. | ||
| 272 | * We use "fsuid" for this, letting us set arbitrary permissions | ||
| 273 | * for filesystem access without changing the "normal" uids which | ||
| 274 | * are used for other things. | ||
| 275 | */ | ||
| 276 | int vfs_permission(struct nameidata *nd, int mask) | ||
| 277 | { | ||
| 278 | return inode_permission(nd->path.dentry->d_inode, mask); | ||
| 279 | } | ||
| 280 | |||
| 281 | /** | ||
| 282 | * file_permission - check for additional access rights to a given file | 277 | * file_permission - check for additional access rights to a given file |
| 283 | * @file: file to check access rights for | 278 | * @file: file to check access rights for |
| 284 | * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC) | 279 | * @mask: right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC) |
| @@ -288,7 +283,7 @@ int vfs_permission(struct nameidata *nd, int mask) | |||
| 288 | * | 283 | * |
| 289 | * Note: | 284 | * Note: |
| 290 | * Do not use this function in new code. All access checks should | 285 | * Do not use this function in new code. All access checks should |
| 291 | * be done using vfs_permission(). | 286 | * be done using inode_permission(). |
| 292 | */ | 287 | */ |
| 293 | int file_permission(struct file *file, int mask) | 288 | int file_permission(struct file *file, int mask) |
| 294 | { | 289 | { |
| @@ -853,7 +848,8 @@ static int __link_path_walk(const char *name, struct nameidata *nd) | |||
| 853 | nd->flags |= LOOKUP_CONTINUE; | 848 | nd->flags |= LOOKUP_CONTINUE; |
| 854 | err = exec_permission_lite(inode); | 849 | err = exec_permission_lite(inode); |
| 855 | if (err == -EAGAIN) | 850 | if (err == -EAGAIN) |
| 856 | err = vfs_permission(nd, MAY_EXEC); | 851 | err = inode_permission(nd->path.dentry->d_inode, |
| 852 | MAY_EXEC); | ||
| 857 | if (err) | 853 | if (err) |
| 858 | break; | 854 | break; |
| 859 | 855 | ||
| @@ -2882,7 +2878,6 @@ EXPORT_SYMBOL(path_lookup); | |||
| 2882 | EXPORT_SYMBOL(kern_path); | 2878 | EXPORT_SYMBOL(kern_path); |
| 2883 | EXPORT_SYMBOL(vfs_path_lookup); | 2879 | EXPORT_SYMBOL(vfs_path_lookup); |
| 2884 | EXPORT_SYMBOL(inode_permission); | 2880 | EXPORT_SYMBOL(inode_permission); |
| 2885 | EXPORT_SYMBOL(vfs_permission); | ||
| 2886 | EXPORT_SYMBOL(file_permission); | 2881 | EXPORT_SYMBOL(file_permission); |
| 2887 | EXPORT_SYMBOL(unlock_rename); | 2882 | EXPORT_SYMBOL(unlock_rename); |
| 2888 | EXPORT_SYMBOL(vfs_create); | 2883 | EXPORT_SYMBOL(vfs_create); |
diff --git a/include/linux/fs.h b/include/linux/fs.h index 3468df5a06e0..fd615986a41c 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h | |||
| @@ -1212,7 +1212,6 @@ extern void unlock_super(struct super_block *); | |||
| 1212 | /* | 1212 | /* |
| 1213 | * VFS helper functions.. | 1213 | * VFS helper functions.. |
| 1214 | */ | 1214 | */ |
| 1215 | extern int vfs_permission(struct nameidata *, int); | ||
| 1216 | extern int vfs_create(struct inode *, struct dentry *, int, struct nameidata *); | 1215 | extern int vfs_create(struct inode *, struct dentry *, int, struct nameidata *); |
| 1217 | extern int vfs_mkdir(struct inode *, struct dentry *, int); | 1216 | extern int vfs_mkdir(struct inode *, struct dentry *, int); |
| 1218 | extern int vfs_mknod(struct inode *, struct dentry *, int, dev_t); | 1217 | extern int vfs_mknod(struct inode *, struct dentry *, int, dev_t); |