On Tue, Oct 18, 2022 at 04:10:37PM +0200, Christian Brauner wrote: > On Thu, Oct 13, 2022 at 03:36:51PM -0700, Kees Cook wrote: > > Extract the logic used by LSM file hooks to be able to reconstruct the > > access mode permissions from an open. > > > > Cc: John Johansen <john.johansen@xxxxxxxxxxxxx> > > Cc: Paul Moore <paul@xxxxxxxxxxxxxx> > > Cc: James Morris <jmorris@xxxxxxxxx> > > Cc: "Serge E. Hallyn" <serge@xxxxxxxxxx> > > Cc: linux-security-module@xxxxxxxxxxxxxxx > > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> > > --- > > include/linux/fs.h | 22 ++++++++++++++++++++++ > > security/apparmor/include/file.h | 18 ++++-------------- > > 2 files changed, 26 insertions(+), 14 deletions(-) > > > > diff --git a/include/linux/fs.h b/include/linux/fs.h > > index 9eced4cc286e..814f10d4132e 100644 > > --- a/include/linux/fs.h > > +++ b/include/linux/fs.h > > @@ -993,6 +993,28 @@ static inline struct file *get_file(struct file *f) > > #define get_file_rcu(x) atomic_long_inc_not_zero(&(x)->f_count) > > #define file_count(x) atomic_long_read(&(x)->f_count) > > > > +/* Calculate the basic MAY_* flags needed for a given file. */ > > +static inline u8 file_to_perms(struct file *file) > > As long as there aren't multiple users of this and especially none in > the vfs proper please don't move this into fs.h. It's overloaded enough > as it is and we have vague plans on splitting it further in the future. Sure -- this can live in a security .h file somewhere. -- Kees Cook
