superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fsnotify: split fsnotify_perm() into two hooks 

We would like to make changes to the fsnotify access permission hook -
add file range arguments and add the pre modify event.

In preparation for these changes, split the fsnotify_perm() hook into
fsnotify_open_perm() and fsnotify_file_perm().

This is needed for fanotify "pre content" events.

Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Link: https://lore.kernel.org/r/20231212094440.250945-4-amir73il@gmail.com
Signed-off-by: Christian Brauner <brauner@kernel.org>
pull/318/merge
Amir Goldstein 2023-12-12 11:44:38 +02:00 committed by Christian Brauner
parent 705bcfcbde
commit 36e28c4218
No known key found for this signature in database
GPG Key ID: 91C61BC06578DCA2
2 changed files with 21 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
include/linux/fsnotify.h
View File

@ -100,29 +100,33 @@ static inline int fsnotify_file(struct file *file, __u32 mask)
return fsnotify_parent(path->dentry, mask, path, FSNOTIFY_EVENT_PATH); return fsnotify_parent(path->dentry, mask, path, FSNOTIFY_EVENT_PATH);
} }
/* Simple call site for access decisions */ /*
static inline int fsnotify_perm(struct file *file, int mask) * fsnotify_file_perm - permission hook before file access
*/
static inline int fsnotify_file_perm(struct file *file, int perm_mask)
{ {
int ret; __u32 fsnotify_mask = FS_ACCESS_PERM;
__u32 fsnotify_mask = 0;
if (!(mask & (MAY_READ | MAY_OPEN))) if (!(perm_mask & MAY_READ))
return 0; return 0;
if (mask & MAY_OPEN) { return fsnotify_file(file, fsnotify_mask);
fsnotify_mask = FS_OPEN_PERM; }
/*
* fsnotify_open_perm - permission hook before file open
*/
static inline int fsnotify_open_perm(struct file *file)
{
int ret;
if (file->f_flags & __FMODE_EXEC) { if (file->f_flags & __FMODE_EXEC) {
ret = fsnotify_file(file, FS_OPEN_EXEC_PERM); ret = fsnotify_file(file, FS_OPEN_EXEC_PERM);
if (ret) if (ret)
return ret; return ret;
} }
} else if (mask & MAY_READ) {
fsnotify_mask = FS_ACCESS_PERM;
}
return fsnotify_file(file, fsnotify_mask); return fsnotify_file(file, FS_OPEN_PERM);
} }
/* /*

4
security/security.c
View File

@ -2586,7 +2586,7 @@ int security_file_permission(struct file *file, int mask)
if (ret) if (ret)
return ret; return ret;
return fsnotify_perm(file, mask); return fsnotify_file_perm(file, mask);
} }
/** /**
@ -2837,7 +2837,7 @@ int security_file_open(struct file *file)
if (ret) if (ret)
return ret; return ret;
return fsnotify_perm(file, MAY_OPEN); return fsnotify_open_perm(file);
} }
/** /**