/* main function for updating derived permission */
inline void update_derived_permission(struct dentry *dentry)
{
struct dentry *parent;
struct sdcardfs_sb_info *sbi;
int mask = 0;
if(!dentry || !dentry->d_inode) {
printk(KERN_ERR "sdcardfs: %s: invalid dentry\n", __func__);
return;
}
/* FIXME:
* 1. need to check whether the dentry is updated or not
* 2. remove the root dentry update
*/
if(IS_ROOT(dentry)) {
//setup_default_pre_root_state(dentry->d_inode);
} else {
parent = dget_parent(dentry);
if(parent) {
get_derived_permission(parent, dentry);
dput(parent);
}
}
sbi = SDCARDFS_SB(dentry->d_sb);
mask = sbi->options.sdfs_mask;
fix_derived_permission(dentry->d_inode, mask);
}
/*
* On success:
* fills dentry object appropriate values and returns NULL.
* On fail (== error)
* returns error ptr
*
* @dir : Parent inode. It is locked (dir->i_mutex)
* @dentry : Target dentry to lookup. we should set each of fields.
* (dentry->d_name is initialized already)
* @nd : nameidata of parent inode
*/
struct dentry *sdcardfs_lookup(struct inode *dir, struct dentry *dentry,
unsigned int flags)
{
struct dentry *ret = NULL, *parent;
struct path lower_parent_path;
int err = 0;
struct sdcardfs_sb_info *sbi = SDCARDFS_SB(dentry->d_sb);
const struct cred *saved_cred = NULL;
parent = dget_parent(dentry);
if(!check_caller_access_to_name(parent->d_inode, dentry->d_name.name,
sbi->options.derive, 0, 0)) {
ret = ERR_PTR(-EACCES);
printk(KERN_INFO "%s: need to check the caller's gid in packages.list\n"
" dentry: %s, task:%s\n",
__func__, dentry->d_name.name, current->comm);
goto out_err;
}
/* save current_cred and override it */
OVERRIDE_CRED_PTR(SDCARDFS_SB(dir->i_sb), saved_cred);
sdcardfs_get_lower_path(parent, &lower_parent_path);
/* allocate dentry private data. We free it in ->d_release */
err = new_dentry_private_data(dentry);
if (err) {
ret = ERR_PTR(err);
goto out;
}
ret = __sdcardfs_lookup(dentry, flags, &lower_parent_path);
if (IS_ERR(ret))
{
goto out;
}
if (ret)
dentry = ret;
if (dentry->d_inode) {
fsstack_copy_attr_times(dentry->d_inode,
sdcardfs_lower_inode(dentry->d_inode));
/* get drived permission */
get_derived_permission(parent, dentry);
fix_derived_permission(dentry->d_inode);
}
/* update parent directory's atime */
fsstack_copy_attr_atime(parent->d_inode,
sdcardfs_lower_inode(parent->d_inode));
out:
sdcardfs_put_lower_path(parent, &lower_parent_path);
REVERT_CRED(saved_cred);
out_err:
dput(parent);
return ret;
}
/*
* The locking rules in sdcardfs_rename are complex. We could use a simpler
* superblock-level name-space lock for renames and copy-ups.
*/
static int sdcardfs_rename(struct inode *old_dir, struct dentry *old_dentry,
struct inode *new_dir, struct dentry *new_dentry)
{
int err = 0;
struct dentry *lower_old_dentry = NULL;
struct dentry *lower_new_dentry = NULL;
struct dentry *lower_old_dir_dentry = NULL;
struct dentry *lower_new_dir_dentry = NULL;
struct dentry *trap = NULL;
struct dentry *new_parent = NULL;
struct path lower_old_path, lower_new_path;
struct sdcardfs_sb_info *sbi = SDCARDFS_SB(old_dentry->d_sb);
const struct cred *saved_cred = NULL;
int has_rw = get_caller_has_rw_locked(sbi->pkgl_id, sbi->options.derive);
if(!check_caller_access_to_name(old_dir, old_dentry->d_name.name,
sbi->options.derive, 1, has_rw) ||
!check_caller_access_to_name(new_dir, new_dentry->d_name.name,
sbi->options.derive, 1, has_rw)) {
err = -EACCES;
goto out_eacces;
}
/* save current_cred and override it */
OVERRIDE_CRED(SDCARDFS_SB(old_dir->i_sb), saved_cred);
sdcardfs_get_real_lower(old_dentry, &lower_old_path);
sdcardfs_get_lower_path(new_dentry, &lower_new_path);
lower_old_dentry = lower_old_path.dentry;
lower_new_dentry = lower_new_path.dentry;
lower_old_dir_dentry = dget_parent(lower_old_dentry);
lower_new_dir_dentry = dget_parent(lower_new_dentry);
trap = lock_rename(lower_old_dir_dentry, lower_new_dir_dentry);
/* source should not be ancestor of target */
if (trap == lower_old_dentry) {
err = -EINVAL;
goto out;
}
/* target should not be ancestor of source */
if (trap == lower_new_dentry) {
err = -ENOTEMPTY;
goto out;
}
err = mnt_want_write(lower_old_path.mnt);
if (err)
goto out;
err = mnt_want_write(lower_new_path.mnt);
if (err)
goto out_drop_old_write;
err = vfs_rename(lower_old_dir_dentry->d_inode, lower_old_dentry,
lower_new_dir_dentry->d_inode, lower_new_dentry);
if (err)
goto out_err;
/* Copy attrs from lower dir, but i_uid/i_gid */
fsstack_copy_attr_all(new_dir, lower_new_dir_dentry->d_inode);
fsstack_copy_inode_size(new_dir, lower_new_dir_dentry->d_inode);
fix_derived_permission(new_dir);
if (new_dir != old_dir) {
fsstack_copy_attr_all(old_dir, lower_old_dir_dentry->d_inode);
fsstack_copy_inode_size(old_dir, lower_old_dir_dentry->d_inode);
fix_derived_permission(old_dir);
/* update the derived permission of the old_dentry
* with its new parent
*/
new_parent = dget_parent(new_dentry);
if(new_parent) {
if(old_dentry->d_inode) {
get_derived_permission(new_parent, old_dentry);
fix_derived_permission(old_dentry->d_inode);
}
dput(new_parent);
}
}
out_err:
mnt_drop_write(lower_new_path.mnt);
out_drop_old_write:
mnt_drop_write(lower_old_path.mnt);
out:
unlock_rename(lower_old_dir_dentry, lower_new_dir_dentry);
dput(lower_old_dir_dentry);
dput(lower_new_dir_dentry);
sdcardfs_put_real_lower(old_dentry, &lower_old_path);
sdcardfs_put_lower_path(new_dentry, &lower_new_path);
REVERT_CRED(saved_cred);
out_eacces:
return err;
}
/*
* The locking rules in sdcardfs_rename are complex. We could use a simpler
* superblock-level name-space lock for renames and copy-ups.
*/
static int sdcardfs_rename(struct inode *old_dir, struct dentry *old_dentry,
struct inode *new_dir, struct dentry *new_dentry)
{
int err = 0;
struct dentry *lower_old_dentry = NULL;
struct dentry *lower_new_dentry = NULL;
struct dentry *lower_old_dir_dentry = NULL;
struct dentry *lower_new_dir_dentry = NULL;
struct dentry *trap = NULL;
struct dentry *new_parent = NULL;
struct path lower_old_path, lower_new_path;
const struct cred *saved_cred = NULL;
if(!check_caller_access_to_name(old_dir, old_dentry->d_name.name) ||
!check_caller_access_to_name(new_dir, new_dentry->d_name.name)) {
printk(KERN_INFO "%s: need to check the caller's gid in packages.list\n"
" new_dentry: %s, task:%s\n",
__func__, new_dentry->d_name.name, current->comm);
err = -EACCES;
goto out_eacces;
}
/* save current_cred and override it */
OVERRIDE_CRED(SDCARDFS_SB(old_dir->i_sb), saved_cred);
sdcardfs_get_real_lower(old_dentry, &lower_old_path);
sdcardfs_get_lower_path(new_dentry, &lower_new_path);
lower_old_dentry = lower_old_path.dentry;
lower_new_dentry = lower_new_path.dentry;
lower_old_dir_dentry = dget_parent(lower_old_dentry);
lower_new_dir_dentry = dget_parent(lower_new_dentry);
trap = lock_rename(lower_old_dir_dentry, lower_new_dir_dentry);
/* source should not be ancestor of target */
if (trap == lower_old_dentry) {
err = -EINVAL;
goto out;
}
/* target should not be ancestor of source */
if (trap == lower_new_dentry) {
err = -ENOTEMPTY;
goto out;
}
err = mnt_want_write(lower_old_path.mnt);
if (err)
goto out;
err = mnt_want_write(lower_new_path.mnt);
if (err)
goto out_drop_old_write;
err = vfs_rename(lower_old_dir_dentry->d_inode, lower_old_dentry,
lower_new_dir_dentry->d_inode, lower_new_dentry);
if (err)
goto out_err;
/* Copy attrs from lower dir, but i_uid/i_gid */
sdcardfs_copy_inode_attr(new_dir, lower_new_dir_dentry->d_inode);
fsstack_copy_inode_size(new_dir, lower_new_dir_dentry->d_inode);
fix_derived_permission(new_dir);
if (new_dir != old_dir) {
sdcardfs_copy_inode_attr(old_dir, lower_old_dir_dentry->d_inode);
fsstack_copy_inode_size(old_dir, lower_old_dir_dentry->d_inode);
fix_derived_permission(old_dir);
/* update the derived permission of the old_dentry
* with its new parent
*/
new_parent = dget_parent(new_dentry);
if(new_parent) {
if(old_dentry->d_inode) {
get_derived_permission(new_parent, old_dentry);
fix_derived_permission(old_dentry->d_inode);
}
dput(new_parent);
}
}
out_err:
mnt_drop_write(lower_new_path.mnt);
out_drop_old_write:
mnt_drop_write(lower_old_path.mnt);
out:
unlock_rename(lower_old_dir_dentry, lower_new_dir_dentry);
dput(lower_old_dir_dentry);
dput(lower_new_dir_dentry);
sdcardfs_put_real_lower(old_dentry, &lower_old_path);
sdcardfs_put_lower_path(new_dentry, &lower_new_path);
REVERT_CRED(saved_cred);
out_eacces:
return err;
}