static __u32 generic_fs_create_handler(const struct dentry *new_dentry, const struct dentry *parent_dentry, const struct vfsmount *parent_mnt, __u32 reqmode, const char *fmt)
{
__u32 mode;
mode = gr_check_create(new_dentry, parent_dentry, parent_mnt, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS);
if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) {
gr_log_fs_rbac_generic(GR_DO_AUDIT, fmt, new_dentry, parent_mnt);
return mode;
} else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) {
gr_log_fs_rbac_generic(GR_DONT_AUDIT, fmt, new_dentry, parent_mnt);
return 0;
} else if (unlikely((mode & (reqmode)) != (reqmode)))
return 0;
return (reqmode);
}
static __u32 generic_fs_handler(const struct dentry *dentry, const struct vfsmount *mnt, __u32 reqmode, const char *fmt)
{
__u32 mode;
mode = gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS, mnt);
if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) {
gr_log_fs_rbac_generic(GR_DO_AUDIT, fmt, dentry, mnt);
return mode;
} else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) {
gr_log_fs_rbac_generic(GR_DONT_AUDIT, fmt, dentry, mnt);
return 0;
} else if (unlikely((mode & (reqmode)) != (reqmode)))
return 0;
return (reqmode);
}
__u32
gr_acl_handle_creat(const struct dentry * dentry,
const struct dentry * p_dentry,
const struct vfsmount * p_mnt, int open_flags, int acc_mode,
const int imode)
{
__u32 reqmode = GR_WRITE | GR_CREATE;
__u32 mode;
if (acc_mode & MAY_APPEND)
reqmode |= GR_APPEND;
// if a directory was required or the directory already exists, then
// don't count this open as a read
if ((acc_mode & MAY_READ) &&
!((open_flags & O_DIRECTORY) || d_is_dir(dentry)))
reqmode |= GR_READ;
if ((open_flags & O_CREAT) &&
((imode & S_ISUID) || ((imode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))))
reqmode |= GR_SETID;
mode =
gr_check_create(dentry, p_dentry, p_mnt,
reqmode | to_gr_audit(reqmode) | GR_SUPPRESS);
if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt,
reqmode & GR_READ ? " reading" : "",
reqmode & GR_WRITE ? " writing" : reqmode &
GR_APPEND ? " appending" : "");
return reqmode;
} else
if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
{
gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt,
reqmode & GR_READ ? " reading" : "",
reqmode & GR_WRITE ? " writing" : reqmode &
GR_APPEND ? " appending" : "");
return 0;
} else if (unlikely((mode & reqmode) != reqmode))
return 0;
return reqmode;
}
__u32
gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt,
const int fmode)
{
__u32 reqmode = GR_FIND;
__u32 mode;
if (unlikely(!dentry->d_inode))
return reqmode;
if (unlikely(fmode & O_APPEND))
reqmode |= GR_APPEND;
else if (unlikely(fmode & FMODE_WRITE))
reqmode |= GR_WRITE;
if (likely((fmode & FMODE_READ) && !(fmode & O_DIRECTORY)))
reqmode |= GR_READ;
if ((fmode & FMODE_GREXEC) && (fmode & FMODE_EXEC))
reqmode &= ~GR_READ;
mode =
gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS,
mnt);
if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt,
reqmode & GR_READ ? " reading" : "",
reqmode & GR_WRITE ? " writing" : reqmode &
GR_APPEND ? " appending" : "");
return reqmode;
} else
if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
{
gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt,
reqmode & GR_READ ? " reading" : "",
reqmode & GR_WRITE ? " writing" : reqmode &
GR_APPEND ? " appending" : "");
return 0;
} else if (unlikely((mode & reqmode) != reqmode))
return 0;
return reqmode;
}
__u32
gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt,
int acc_mode)
{
__u32 reqmode = GR_FIND;
__u32 mode;
if (unlikely(d_is_negative(dentry)))
return reqmode;
if (acc_mode & MAY_APPEND)
reqmode |= GR_APPEND;
else if (acc_mode & MAY_WRITE)
reqmode |= GR_WRITE;
if ((acc_mode & MAY_READ) && !d_is_dir(dentry))
reqmode |= GR_READ;
mode =
gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS,
mnt);
if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt,
reqmode & GR_READ ? " reading" : "",
reqmode & GR_WRITE ? " writing" : reqmode &
GR_APPEND ? " appending" : "");
return reqmode;
} else
if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
{
gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt,
reqmode & GR_READ ? " reading" : "",
reqmode & GR_WRITE ? " writing" : reqmode &
GR_APPEND ? " appending" : "");
return 0;
} else if (unlikely((mode & reqmode) != reqmode))
return 0;
return reqmode;
}
__u32
gr_acl_handle_creat(const struct dentry * dentry,
const struct dentry * p_dentry,
const struct vfsmount * p_mnt, const int fmode,
const int imode)
{
__u32 reqmode = GR_WRITE | GR_CREATE;
__u32 mode;
if (unlikely(fmode & O_APPEND))
reqmode |= GR_APPEND;
if (unlikely((fmode & FMODE_READ) && !(fmode & O_DIRECTORY)))
reqmode |= GR_READ;
if (unlikely((fmode & O_CREAT) && (imode & (S_ISUID | S_ISGID))))
reqmode |= GR_SETID;
mode =
gr_check_create(dentry, p_dentry, p_mnt,
reqmode | to_gr_audit(reqmode) | GR_SUPPRESS);
if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt,
reqmode & GR_READ ? " reading" : "",
reqmode & GR_WRITE ? " writing" : reqmode &
GR_APPEND ? " appending" : "");
return reqmode;
} else
if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
{
gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt,
reqmode & GR_READ ? " reading" : "",
reqmode & GR_WRITE ? " writing" : reqmode &
GR_APPEND ? " appending" : "");
return 0;
} else if (unlikely((mode & reqmode) != reqmode))
return 0;
return reqmode;
}
__u32
gr_acl_handle_access(const struct dentry * dentry, const struct vfsmount * mnt,
const int fmode)
{
__u32 mode, reqmode = GR_FIND;
if ((fmode & S_IXOTH) && !S_ISDIR(dentry->d_inode->i_mode))
reqmode |= GR_EXEC;
if (fmode & S_IWOTH)
reqmode |= GR_WRITE;
if (fmode & S_IROTH)
reqmode |= GR_READ;
mode =
gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS,
mnt);
if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
gr_log_fs_rbac_mode3(GR_DO_AUDIT, GR_ACCESS_ACL_MSG, dentry, mnt,
reqmode & GR_READ ? " reading" : "",
reqmode & GR_WRITE ? " writing" : "",
reqmode & GR_EXEC ? " executing" : "");
return reqmode;
} else
if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
{
gr_log_fs_rbac_mode3(GR_DONT_AUDIT, GR_ACCESS_ACL_MSG, dentry, mnt,
reqmode & GR_READ ? " reading" : "",
reqmode & GR_WRITE ? " writing" : "",
reqmode & GR_EXEC ? " executing" : "");
return 0;
} else if (unlikely((mode & reqmode) != reqmode))
return 0;
return reqmode;
}
