On 07/07, gaoxiang (P) wrote: > Hi, > I think Sdcardfs should override task_struct cred fsuid/fsgid before calling the underlay fs operation. > And it seems sdcardfs implementations misses override cred fsuid/fsgid before the ioctl operation. Oh, good catch! Thank you. ;) > > Thanks. > > -----邮件原件----- > 发件人: Chao Yu [mailto:chao@xxxxxxxxxx] > 发送时间: 2017年7月7日 8:58 > 收件人: Jaegeuk Kim > 抄送: linux-fsdevel@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; linux-f2fs-devel@xxxxxxxxxxxxxxxxxxxxx > 主题: Re: [f2fs-dev] [PATCH] f2fs: relax permission for atomic/volatile ioctls > > On 2017/7/7 8:16, Jaegeuk Kim wrote: > > On 07/07, Chao Yu wrote: > >> On 2017/7/6 10:23, Jaegeuk Kim wrote: > >>> This patch allows atomic/volatile ioctls for sqlite under sdcardfs. > >> > >> Out of curiosity, we will lose some capable when passing through sdcardfs? > > > > I don't think so. But, it seems a test applicaion tries to access database from > > difference uid. > > Oh, is that really allowed? if the sqlite database is public in sdcard directory, > application needs to apply WRITE_EXTERNAL_STORAGE in order to add itself to > sdcard_rw group, then it can access the database. Right? > > Thanks, > > > > > Thanks, > > > >> > >> Thanks, > >> > >>> > >>> Signed-off-by: Jaegeuk Kim <jaegeuk@xxxxxxxxxx>> --- > >>> fs/f2fs/file.c | 15 --------------- > >>> 1 file changed, 15 deletions(-) > >>> > >>> diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c > >>> index f5d6357e8360..dd8f5d2caa48 100644 > >>> --- a/fs/f2fs/file.c > >>> +++ b/fs/f2fs/file.c > >>> @@ -1587,9 +1587,6 @@ static int f2fs_ioc_start_atomic_write(struct file *filp) > >>> struct inode *inode = file_inode(filp); > >>> int ret; > >>> > >>> - if (!inode_owner_or_capable(inode)) > >>> - return -EACCES; > >>> - > >>> if (!S_ISREG(inode->i_mode)) > >>> return -EINVAL; > >>> > >>> @@ -1636,9 +1633,6 @@ static int f2fs_ioc_commit_atomic_write(struct file *filp) > >>> struct inode *inode = file_inode(filp); > >>> int ret; > >>> > >>> - if (!inode_owner_or_capable(inode)) > >>> - return -EACCES; > >>> - > >>> ret = mnt_want_write_file(filp); > >>> if (ret) > >>> return ret; > >>> @@ -1672,9 +1666,6 @@ static int f2fs_ioc_start_volatile_write(struct file *filp) > >>> struct inode *inode = file_inode(filp); > >>> int ret; > >>> > >>> - if (!inode_owner_or_capable(inode)) > >>> - return -EACCES; > >>> - > >>> if (!S_ISREG(inode->i_mode)) > >>> return -EINVAL; > >>> > >>> @@ -1707,9 +1698,6 @@ static int f2fs_ioc_release_volatile_write(struct file *filp) > >>> struct inode *inode = file_inode(filp); > >>> int ret; > >>> > >>> - if (!inode_owner_or_capable(inode)) > >>> - return -EACCES; > >>> - > >>> ret = mnt_want_write_file(filp); > >>> if (ret) > >>> return ret; > >>> @@ -1736,9 +1724,6 @@ static int f2fs_ioc_abort_volatile_write(struct file *filp) > >>> struct inode *inode = file_inode(filp); > >>> int ret; > >>> > >>> - if (!inode_owner_or_capable(inode)) > >>> - return -EACCES; > >>> - > >>> ret = mnt_want_write_file(filp); > >>> if (ret) > >>> return ret; > >>> > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Linux-f2fs-devel mailing list > Linux-f2fs-devel@xxxxxxxxxxxxxxxxxxxxx > https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
