Unverified Commit 02f92b38 authored by Christian Brauner's avatar Christian Brauner
Browse files

fs: add file and path permissions helpers 

Add two simple helpers to check permissions on a file and path
respectively and convert over some callers. It simplifies quite a few
codepaths and also reduces the churn in later patches quite a bit.
Christoph also correctly points out that this makes codepaths (e.g.
ioctls) way easier to follow that would otherwise have to do more
complex argument passing than necessary.

Link: https://lore.kernel.org/r/20210121131959.646623-4-christian.brauner@ubuntu.com


Cc: David Howells <dhowells@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-fsdevel@vger.kernel.org
Suggested-by: default avatarChristoph Hellwig <hch@lst.de>
Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
Reviewed-by: default avatarJames Morris <jamorris@linux.microsoft.com>
Signed-off-by: default avatarChristian Brauner <christian.brauner@ubuntu.com>
parent e6c9a714

fs/init.c

+3 −3
Original line number Diff line number Diff line
@@ -49,7 +49,7 @@ int __init init_chdir(const char *filename) 
	error = kern_path(filename, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &path);

	if (error)

		return error;

	error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR);

	error = path_permission(&path, MAY_EXEC | MAY_CHDIR);

	if (!error)

		set_fs_pwd(current->fs, &path);

	path_put(&path);
@@ -64,7 +64,7 @@ int __init init_chroot(const char *filename) 
	error = kern_path(filename, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &path);

	if (error)

		return error;

	error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR);

	error = path_permission(&path, MAY_EXEC | MAY_CHDIR);

	if (error)

		goto dput_and_out;

	error = -EPERM;
@@ -118,7 +118,7 @@ int __init init_eaccess(const char *filename) 
	error = kern_path(filename, LOOKUP_FOLLOW, &path);

	if (error)

		return error;

	error = inode_permission(d_inode(path.dentry), MAY_ACCESS);

	error = path_permission(&path, MAY_ACCESS);

	path_put(&path);

	return error;

}

fs/notify/fanotify/fanotify_user.c

+1 −1
Original line number Diff line number Diff line
@@ -702,7 +702,7 @@ static int fanotify_find_path(int dfd, const char __user *filename, 
	}



	/* you can only watch an inode if you have read permissions on it */

	ret = inode_permission(path->dentry->d_inode, MAY_READ);

	ret = path_permission(path, MAY_READ);

	if (ret) {

		path_put(path);

		goto out;

fs/notify/inotify/inotify_user.c

+1 −1
Original line number Diff line number Diff line
@@ -352,7 +352,7 @@ static int inotify_find_inode(const char __user *dirname, struct path *path, 
	if (error)

		return error;

	/* you can only watch an inode if you have read permissions on it */

	error = inode_permission(path->dentry->d_inode, MAY_READ);

	error = path_permission(path, MAY_READ);

	if (error) {

		path_put(path);

		return error;

fs/open.c

+3 −3
Original line number Diff line number Diff line
@@ -492,7 +492,7 @@ SYSCALL_DEFINE1(chdir, const char __user *, filename) 
	if (error)

		goto out;



	error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR);

	error = path_permission(&path, MAY_EXEC | MAY_CHDIR);

	if (error)

		goto dput_and_out;
@@ -521,7 +521,7 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd) 
	if (!d_can_lookup(f.file->f_path.dentry))

		goto out_putf;



	error = inode_permission(file_inode(f.file), MAY_EXEC | MAY_CHDIR);

	error = file_permission(f.file, MAY_EXEC | MAY_CHDIR);

	if (!error)

		set_fs_pwd(current->fs, &f.file->f_path);

out_putf:
@@ -540,7 +540,7 @@ SYSCALL_DEFINE1(chroot, const char __user *, filename) 
	if (error)

		goto out;



	error = inode_permission(path.dentry->d_inode, MAY_EXEC | MAY_CHDIR);

	error = path_permission(&path, MAY_EXEC | MAY_CHDIR);

	if (error)

		goto dput_and_out;

fs/udf/file.c

+1 −1
Original line number Diff line number Diff line
@@ -183,7 +183,7 @@ long udf_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) 
	long old_block, new_block;

	int result;



	if (inode_permission(inode, MAY_READ) != 0) {

	if (file_permission(filp, MAY_READ) != 0) {

		udf_debug("no permission to access inode %lu\n", inode->i_ino);

		return -EPERM;

	}