Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-17 02:36:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fsnotify: split fsnotify_perm() into two hooks

Browse Source 
We would like to make changes to the fsnotify access permission hook -
add file range arguments and add the pre modify event.

In preparation for these changes, split the fsnotify_perm() hook into
fsnotify_open_perm() and fsnotify_file_perm().

This is needed for fanotify "pre content" events.

Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Link: https://lore.kernel.org/r/20231212094440.250945-4-amir73il@gmail.com
Signed-off-by: Christian Brauner <brauner@kernel.org>
This commit is contained in:
Amir Goldstein 2023-12-12 11:44:38 +02:00 committed by Christian Brauner
parent 705bcfcbde
commit 36e28c4218
No known key found for this signature in database
GPG Key ID: 91C61BC06578DCA2
2 changed files with 21 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
include/linux/fsnotify.h
View File

@ -100,29 +100,33 @@ static inline int fsnotify_file(struct file *file, __u32 mask)
return fsnotify_parent(path->dentry, mask, path, FSNOTIFY_EVENT_PATH);
}
/* Simple call site for access decisions */
static inline int fsnotify_perm(struct file *file, int mask)
/*
* fsnotify_file_perm - permission hook before file access
*/
static inline int fsnotify_file_perm(struct file *file, int perm_mask)
{
int ret;
__u32 fsnotify_mask = 0;
__u32 fsnotify_mask = FS_ACCESS_PERM;
if (!(mask & (MAY_READ | MAY_OPEN)))
if (!(perm_mask & MAY_READ))
return 0;
if (mask & MAY_OPEN) {
fsnotify_mask = FS_OPEN_PERM;
return fsnotify_file(file, fsnotify_mask);
}
if (file->f_flags & __FMODE_EXEC) {
ret = fsnotify_file(file, FS_OPEN_EXEC_PERM);
/*
* fsnotify_open_perm - permission hook before file open
*/
static inline int fsnotify_open_perm(struct file *file)
{
int ret;
if (ret)
return ret;
}
} else if (mask & MAY_READ) {
fsnotify_mask = FS_ACCESS_PERM;
if (file->f_flags & __FMODE_EXEC) {
ret = fsnotify_file(file, FS_OPEN_EXEC_PERM);
if (ret)
return ret;
}
return fsnotify_file(file, fsnotify_mask);
return fsnotify_file(file, FS_OPEN_PERM);
}
/*

4
security/security.c
View File

@ -2586,7 +2586,7 @@ int security_file_permission(struct file *file, int mask)
if (ret)
return ret;
return fsnotify_perm(file, mask);
return fsnotify_file_perm(file, mask);
}
/**
@ -2837,7 +2837,7 @@ int security_file_open(struct file *file)
if (ret)
return ret;
return fsnotify_perm(file, MAY_OPEN);
return fsnotify_open_perm(file);
}
/**