__u32 gr_acl_handle_creat(const struct dentry * dentry, const struct dentry * p_dentry, const struct vfsmount * p_mnt, int open_flags, int acc_mode, const int imode) { __u32 reqmode = GR_WRITE | GR_CREATE; __u32 mode; if (acc_mode & MAY_APPEND) reqmode |= GR_APPEND; // if a directory was required or the directory already exists, then // don't count this open as a read if ((acc_mode & MAY_READ) && !((open_flags & O_DIRECTORY) || d_is_dir(dentry))) reqmode |= GR_READ; if ((open_flags & O_CREAT) && ((imode & S_ISUID) || ((imode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)))) reqmode |= GR_SETID; mode = gr_check_create(dentry, p_dentry, p_mnt, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS); if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) { gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt, reqmode & GR_READ ? " reading" : "", reqmode & GR_WRITE ? " writing" : reqmode & GR_APPEND ? " appending" : ""); return reqmode; } else if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS))) { gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt, reqmode & GR_READ ? " reading" : "", reqmode & GR_WRITE ? " writing" : reqmode & GR_APPEND ? " appending" : ""); return 0; } else if (unlikely((mode & reqmode) != reqmode)) return 0; return reqmode; }
__u32 gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt, const int fmode) { __u32 reqmode = GR_FIND; __u32 mode; if (unlikely(!dentry->d_inode)) return reqmode; if (unlikely(fmode & O_APPEND)) reqmode |= GR_APPEND; else if (unlikely(fmode & FMODE_WRITE)) reqmode |= GR_WRITE; if (likely((fmode & FMODE_READ) && !(fmode & O_DIRECTORY))) reqmode |= GR_READ; if ((fmode & FMODE_GREXEC) && (fmode & FMODE_EXEC)) reqmode &= ~GR_READ; mode = gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS, mnt); if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) { gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt, reqmode & GR_READ ? " reading" : "", reqmode & GR_WRITE ? " writing" : reqmode & GR_APPEND ? " appending" : ""); return reqmode; } else if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS))) { gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt, reqmode & GR_READ ? " reading" : "", reqmode & GR_WRITE ? " writing" : reqmode & GR_APPEND ? " appending" : ""); return 0; } else if (unlikely((mode & reqmode) != reqmode)) return 0; return reqmode; }
__u32 gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt, int acc_mode) { __u32 reqmode = GR_FIND; __u32 mode; if (unlikely(d_is_negative(dentry))) return reqmode; if (acc_mode & MAY_APPEND) reqmode |= GR_APPEND; else if (acc_mode & MAY_WRITE) reqmode |= GR_WRITE; if ((acc_mode & MAY_READ) && !d_is_dir(dentry)) reqmode |= GR_READ; mode = gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS, mnt); if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) { gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt, reqmode & GR_READ ? " reading" : "", reqmode & GR_WRITE ? " writing" : reqmode & GR_APPEND ? " appending" : ""); return reqmode; } else if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS))) { gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt, reqmode & GR_READ ? " reading" : "", reqmode & GR_WRITE ? " writing" : reqmode & GR_APPEND ? " appending" : ""); return 0; } else if (unlikely((mode & reqmode) != reqmode)) return 0; return reqmode; }
__u32 gr_acl_handle_creat(const struct dentry * dentry, const struct dentry * p_dentry, const struct vfsmount * p_mnt, const int fmode, const int imode) { __u32 reqmode = GR_WRITE | GR_CREATE; __u32 mode; if (unlikely(fmode & O_APPEND)) reqmode |= GR_APPEND; if (unlikely((fmode & FMODE_READ) && !(fmode & O_DIRECTORY))) reqmode |= GR_READ; if (unlikely((fmode & O_CREAT) && (imode & (S_ISUID | S_ISGID)))) reqmode |= GR_SETID; mode = gr_check_create(dentry, p_dentry, p_mnt, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS); if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) { gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt, reqmode & GR_READ ? " reading" : "", reqmode & GR_WRITE ? " writing" : reqmode & GR_APPEND ? " appending" : ""); return reqmode; } else if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS))) { gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt, reqmode & GR_READ ? " reading" : "", reqmode & GR_WRITE ? " writing" : reqmode & GR_APPEND ? " appending" : ""); return 0; } else if (unlikely((mode & reqmode) != reqmode)) return 0; return reqmode; }