On Fri, 2010-04-09 at 18:16 -0400, Eric Paris wrote:
> Currently MAY_ACCESS means that filesystems must check the permissions
> right then and not rely on cached results or the results of future
> operations on the object. This can be because of a call to sys_access() or
> because of a call to chdir() which needs to check search without relying on
> any future operations inside that dir. I plan to use MAY_ACCESS for other
> purposes in the security system, so I split the MAY_ACCESS and the
> MAY_CHDIR cases.
>
> Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
> ---
>
> fs/fuse/dir.c | 2 +-
> fs/nfs/dir.c | 2 +-
> fs/open.c | 6 +++---
> include/linux/fs.h | 1 +
> 4 files changed, 6 insertions(+), 5 deletions(-)
>
> diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
> index 4787ae6..7c8c55b 100644
> --- a/fs/fuse/dir.c
> +++ b/fs/fuse/dir.c
> @@ -1016,7 +1016,7 @@ static int fuse_permission(struct inode *inode, int mask)
> exist. So if permissions are revoked this won't be
> noticed immediately, only after the attribute
> timeout has expired */
> - } else if (mask & MAY_ACCESS) {
> + } else if (mask & (MAY_ACCESS | MAY_CHDIR)) {
> err = fuse_access(inode, mask);
> } else if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) {
> if (!(inode->i_mode & S_IXUGO)) {
> diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
> index be46f26..4c7d8fc 100644
> --- a/fs/nfs/dir.c
> +++ b/fs/nfs/dir.c
> @@ -1927,7 +1927,7 @@ int nfs_permission(struct inode *inode, int mask)
> if ((mask & (MAY_READ | MAY_WRITE | MAY_EXEC)) == 0)
> goto out;
> /* Is this sys_access() ? */
> - if (mask & MAY_ACCESS)
> + if (mask & (MAY_ACCESS | MAY_CHDIR))
> goto force_lookup;
>
> switch (inode->i_mode & S_IFMT) {
> diff --git a/fs/open.c b/fs/open.c
> index b93eac3..d01e116 100644
> --- a/fs/open.c
> +++ b/fs/open.c
> @@ -534,7 +534,7 @@ SYSCALL_DEFINE1(chdir, const char __user *, filename)
> if (error)
> goto out;
>
> - error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_ACCESS);
> + error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR);
> if (error)
> goto dput_and_out;
>
> @@ -563,7 +563,7 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd)
> if (!S_ISDIR(inode->i_mode))
> goto out_putf;
>
> - error = inode_permission(inode, MAY_EXEC | MAY_ACCESS);
> + error = inode_permission(inode, MAY_EXEC | MAY_CHDIR);
> if (!error)
> set_fs_pwd(current->fs, &file->f_path);
> out_putf:
> @@ -581,7 +581,7 @@ SYSCALL_DEFINE1(chroot, const char __user *, filename)
> if (error)
> goto out;
>
> - error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_ACCESS);
> + error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR);
> if (error)
> goto dput_and_out;
>
> diff --git a/include/linux/fs.h b/include/linux/fs.h
> index 14d8597..188d3e4 100644
> --- a/include/linux/fs.h
> +++ b/include/linux/fs.h
> @@ -53,6 +53,7 @@ struct inodes_stat_t {
> #define MAY_APPEND 8
> #define MAY_ACCESS 16
> #define MAY_OPEN 32
> +#define MAY_CHDIR 64
>
> /*
> * flags in file.f_mode. Note that FMODE_READ and FMODE_WRITE must correspond
>
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
> the words "unsubscribe selinux" without quotes as the message.
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
