/** * file_audit_cb - call back for file specific audit fields * @ab: audit_buffer (NOT NULL) * @va: audit struct to audit values of (NOT NULL) */ static void file_audit_cb(struct audit_buffer *ab, void *va) { struct common_audit_data *sa = va; kuid_t fsuid = current_fsuid(); if (sa->aad->fs.request & AA_AUDIT_FILE_MASK) { audit_log_format(ab, " requested_mask="); audit_file_mask(ab, sa->aad->fs.request); } if (sa->aad->fs.denied & AA_AUDIT_FILE_MASK) { audit_log_format(ab, " denied_mask="); audit_file_mask(ab, sa->aad->fs.denied); } if (sa->aad->fs.request & AA_AUDIT_FILE_MASK) { audit_log_format(ab, " fsuid=%d", from_kuid(&init_user_ns, fsuid)); audit_log_format(ab, " ouid=%d", from_kuid(&init_user_ns, sa->aad->fs.ouid)); } if (sa->aad->fs.target) { audit_log_format(ab, " target="); audit_log_untrustedstring(ab, sa->aad->fs.target); } }
static void tty_audit_log(const char *description, struct task_struct *tsk, kuid_t loginuid, unsigned sessionid, int major, int minor, unsigned char *data, size_t size) { struct audit_buffer *ab; ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_TTY); if (ab) { char name[sizeof(tsk->comm)]; kuid_t uid = task_uid(tsk); audit_log_format(ab, "%s pid=%u uid=%u auid=%u ses=%u " "major=%d minor=%d comm=", description, tsk->pid, from_kuid(&init_user_ns, uid), from_kuid(&init_user_ns, loginuid), sessionid, major, minor); get_task_comm(name, tsk); audit_log_untrustedstring(ab, name); audit_log_format(ab, " data="); audit_log_n_hex(ab, data, size); audit_log_end(ab); } }
/** * file_audit_cb - call back for file specific audit fields * @ab: audit_buffer (NOT NULL) * @va: audit struct to audit values of (NOT NULL) */ static void file_audit_cb(struct audit_buffer *ab, void *va) { struct common_audit_data *sa = va; kuid_t fsuid = current_fsuid(); if (aad(sa)->request & AA_AUDIT_FILE_MASK) { audit_log_format(ab, " requested_mask="); audit_file_mask(ab, aad(sa)->request); } if (aad(sa)->denied & AA_AUDIT_FILE_MASK) { audit_log_format(ab, " denied_mask="); audit_file_mask(ab, aad(sa)->denied); } if (aad(sa)->request & AA_AUDIT_FILE_MASK) { audit_log_format(ab, " fsuid=%d", from_kuid(&init_user_ns, fsuid)); audit_log_format(ab, " ouid=%d", from_kuid(&init_user_ns, aad(sa)->fs.ouid)); } if (aad(sa)->peer) { audit_log_format(ab, " target="); aa_label_xaudit(ab, labels_ns(aad(sa)->label), aad(sa)->peer, FLAG_VIEW_SUBNS, GFP_ATOMIC); } else if (aad(sa)->fs.target) { audit_log_format(ab, " target="); audit_log_untrustedstring(ab, aad(sa)->fs.target); } }
void integrity_audit_msg(int audit_msgno, struct inode *inode, const unsigned char *fname, const char *op, const char *cause, int result, int audit_info) { struct audit_buffer *ab; char name[TASK_COMM_LEN]; if (!integrity_audit_info && audit_info == 1) /* Skip info messages */ return; ab = audit_log_start(current->audit_context, GFP_KERNEL, audit_msgno); audit_log_format(ab, "pid=%d uid=%u auid=%u ses=%u", task_pid_nr(current), from_kuid(&init_user_ns, current_cred()->uid), from_kuid(&init_user_ns, audit_get_loginuid(current)), audit_get_sessionid(current)); audit_log_task_context(ab); audit_log_format(ab, " op="); audit_log_string(ab, op); audit_log_format(ab, " cause="); audit_log_string(ab, cause); audit_log_format(ab, " comm="); audit_log_untrustedstring(ab, get_task_comm(name, current)); if (fname) { audit_log_format(ab, " name="); audit_log_untrustedstring(ab, fname); } if (inode) { audit_log_format(ab, " dev="); audit_log_untrustedstring(ab, inode->i_sb->s_id); audit_log_format(ab, " ino=%lu", inode->i_ino); } audit_log_format(ab, " res=%d", !result); audit_log_end(ab); }
static void mdc_setattr_pack_rec(struct mdt_rec_setattr *rec, struct md_op_data *op_data) { rec->sa_opcode = REINT_SETATTR; rec->sa_fsuid = from_kuid(&init_user_ns, current_fsuid()); rec->sa_fsgid = from_kgid(&init_user_ns, current_fsgid()); rec->sa_cap = cfs_curproc_cap_pack(); rec->sa_suppgid = -1; rec->sa_fid = op_data->op_fid1; rec->sa_valid = attr_pack(op_data->op_attr.ia_valid); rec->sa_mode = op_data->op_attr.ia_mode; rec->sa_uid = from_kuid(&init_user_ns, op_data->op_attr.ia_uid); rec->sa_gid = from_kgid(&init_user_ns, op_data->op_attr.ia_gid); rec->sa_size = op_data->op_attr.ia_size; rec->sa_blocks = op_data->op_attr_blocks; rec->sa_atime = LTIME_S(op_data->op_attr.ia_atime); rec->sa_mtime = LTIME_S(op_data->op_attr.ia_mtime); rec->sa_ctime = LTIME_S(op_data->op_attr.ia_ctime); rec->sa_attr_flags = ((struct ll_iattr *)&op_data->op_attr)->ia_attr_flags; if ((op_data->op_attr.ia_valid & ATTR_GID) && in_group_p(op_data->op_attr.ia_gid)) rec->sa_suppgid = from_kgid(&init_user_ns, op_data->op_attr.ia_gid); else rec->sa_suppgid = op_data->op_suppgids[0]; rec->sa_bias = op_data->op_bias; }
static void __mdc_pack_body(struct mdt_body *b, __u32 suppgid) { LASSERT (b != NULL); b->suppgid = suppgid; b->uid = from_kuid(&init_user_ns, current_uid()); b->gid = from_kgid(&init_user_ns, current_gid()); b->fsuid = from_kuid(&init_user_ns, current_fsuid()); b->fsgid = from_kgid(&init_user_ns, current_fsgid()); b->capability = cfs_curproc_cap_pack(); }
static struct rpc_cred * unx_create_cred(struct rpc_auth *auth, struct auth_cred *acred, int flags, gfp_t gfp) { struct unx_cred *cred; unsigned int groups = 0; unsigned int i; dprintk("RPC: allocating UNIX cred for uid %d gid %d\n", from_kuid(&init_user_ns, acred->uid), from_kgid(&init_user_ns, acred->gid)); if (!(cred = kmalloc(sizeof(*cred), gfp))) return ERR_PTR(-ENOMEM); rpcauth_init_cred(&cred->uc_base, acred, auth, &unix_credops); cred->uc_base.cr_flags = 1UL << RPCAUTH_CRED_UPTODATE; if (acred->group_info != NULL) groups = acred->group_info->ngroups; if (groups > NFS_NGROUPS) groups = NFS_NGROUPS; cred->uc_gid = acred->gid; for (i = 0; i < groups; i++) cred->uc_gids[i] = GROUP_AT(acred->group_info, i); if (i < NFS_NGROUPS) cred->uc_gids[i] = INVALID_GID; return &cred->uc_base; }
/* * Marshal credentials. * Maybe we should keep a cached credential for performance reasons. */ static __be32 * unx_marshal(struct rpc_task *task, __be32 *p) { struct rpc_clnt *clnt = task->tk_client; struct unx_cred *cred = container_of(task->tk_rqstp->rq_cred, struct unx_cred, uc_base); __be32 *base, *hold; int i; *p++ = htonl(RPC_AUTH_UNIX); base = p++; *p++ = htonl(jiffies/HZ); /* * Copy the UTS nodename captured when the client was created. */ p = xdr_encode_array(p, clnt->cl_nodename, clnt->cl_nodelen); *p++ = htonl((u32) from_kuid(&init_user_ns, cred->uc_uid)); *p++ = htonl((u32) from_kgid(&init_user_ns, cred->uc_gid)); hold = p++; for (i = 0; i < 16 && gid_valid(cred->uc_gids[i]); i++) *p++ = htonl((u32) from_kgid(&init_user_ns, cred->uc_gids[i])); *hold = htonl(p - hold - 1); /* gid array length */ *base = htonl((p - base - 1) << 2); /* cred length */ *p++ = htonl(RPC_AUTH_NULL); *p++ = htonl(0); return p; }
static __be32 * encode_fattr3(struct svc_rqst *rqstp, __be32 *p, struct svc_fh *fhp, struct kstat *stat) { struct timespec ts; *p++ = htonl(nfs3_ftypes[(stat->mode & S_IFMT) >> 12]); *p++ = htonl((u32) (stat->mode & S_IALLUGO)); *p++ = htonl((u32) stat->nlink); *p++ = htonl((u32) from_kuid(&init_user_ns, stat->uid)); *p++ = htonl((u32) from_kgid(&init_user_ns, stat->gid)); if (S_ISLNK(stat->mode) && stat->size > NFS3_MAXPATHLEN) { p = xdr_encode_hyper(p, (u64) NFS3_MAXPATHLEN); } else { p = xdr_encode_hyper(p, (u64) stat->size); } p = xdr_encode_hyper(p, ((u64)stat->blocks) << 9); *p++ = htonl((u32) MAJOR(stat->rdev)); *p++ = htonl((u32) MINOR(stat->rdev)); p = encode_fsid(p, fhp); p = xdr_encode_hyper(p, stat->ino); ts = timespec64_to_timespec(stat->atime); p = encode_time3(p, &ts); ts = timespec64_to_timespec(stat->mtime); p = encode_time3(p, &ts); ts = timespec64_to_timespec(stat->ctime); p = encode_time3(p, &ts); return p; }
/* * Convert acl struct to xattr value. */ static void *ocfs2_acl_to_xattr(const struct posix_acl *acl, size_t *size) { struct ocfs2_acl_entry *entry = NULL; char *ocfs2_acl; size_t n; *size = acl->a_count * sizeof(struct posix_acl_entry); ocfs2_acl = kmalloc(*size, GFP_NOFS); if (!ocfs2_acl) return ERR_PTR(-ENOMEM); entry = (struct ocfs2_acl_entry *)ocfs2_acl; for (n = 0; n < acl->a_count; n++, entry++) { entry->e_tag = cpu_to_le16(acl->a_entries[n].e_tag); entry->e_perm = cpu_to_le16(acl->a_entries[n].e_perm); switch(acl->a_entries[n].e_tag) { case ACL_USER: entry->e_id = cpu_to_le32( from_kuid(&init_user_ns, acl->a_entries[n].e_uid)); break; case ACL_GROUP: entry->e_id = cpu_to_le32( from_kgid(&init_user_ns, acl->a_entries[n].e_gid)); break; default: entry->e_id = cpu_to_le32(ACL_UNDEFINED_ID); break; } } return ocfs2_acl; }
static void iattr_to_fattr(struct fuse_conn *fc, struct iattr *iattr, struct fuse_setattr_in *arg, bool trust_local_cmtime) { unsigned ivalid = iattr->ia_valid; if (ivalid & ATTR_MODE) arg->valid |= FATTR_MODE, arg->mode = iattr->ia_mode; if (ivalid & ATTR_UID) arg->valid |= FATTR_UID, arg->uid = from_kuid(fc->user_ns, iattr->ia_uid); if (ivalid & ATTR_GID) arg->valid |= FATTR_GID, arg->gid = from_kgid(fc->user_ns, iattr->ia_gid); if (ivalid & ATTR_SIZE) arg->valid |= FATTR_SIZE, arg->size = iattr->ia_size; if (ivalid & ATTR_ATIME) { arg->valid |= FATTR_ATIME; arg->atime = iattr->ia_atime.tv_sec; arg->atimensec = iattr->ia_atime.tv_nsec; if (!(ivalid & ATTR_ATIME_SET)) arg->valid |= FATTR_ATIME_NOW; } if ((ivalid & ATTR_MTIME) && update_mtime(ivalid, trust_local_cmtime)) { arg->valid |= FATTR_MTIME; arg->mtime = iattr->ia_mtime.tv_sec; arg->mtimensec = iattr->ia_mtime.tv_nsec; if (!(ivalid & ATTR_MTIME_SET) && !trust_local_cmtime) arg->valid |= FATTR_MTIME_NOW; } if ((ivalid & ATTR_CTIME) && trust_local_cmtime) { arg->valid |= FATTR_CTIME; arg->ctime = iattr->ia_ctime.tv_sec; arg->ctimensec = iattr->ia_ctime.tv_nsec; } }
static void iattr_to_fattr(struct iattr *iattr, struct fuse_setattr_in *arg) { unsigned ivalid = iattr->ia_valid; if (ivalid & ATTR_MODE) arg->valid |= FATTR_MODE, arg->mode = iattr->ia_mode; if (ivalid & ATTR_UID) arg->valid |= FATTR_UID, arg->uid = from_kuid(&init_user_ns, iattr->ia_uid); if (ivalid & ATTR_GID) arg->valid |= FATTR_GID, arg->gid = from_kgid(&init_user_ns, iattr->ia_gid); if (ivalid & ATTR_SIZE) arg->valid |= FATTR_SIZE, arg->size = iattr->ia_size; if (ivalid & ATTR_ATIME) { arg->valid |= FATTR_ATIME; arg->atime = iattr->ia_atime.tv_sec; arg->atimensec = iattr->ia_atime.tv_nsec; if (!(ivalid & ATTR_ATIME_SET)) arg->valid |= FATTR_ATIME_NOW; } if ((ivalid & ATTR_MTIME) && update_mtime(ivalid)) { arg->valid |= FATTR_MTIME; arg->mtime = iattr->ia_mtime.tv_sec; arg->mtimensec = iattr->ia_mtime.tv_nsec; if (!(ivalid & ATTR_MTIME_SET)) arg->valid |= FATTR_MTIME_NOW; } }
void obdo_from_iattr(struct obdo *oa, struct iattr *attr, unsigned int ia_valid) { if (ia_valid & ATTR_ATIME) { oa->o_atime = LTIME_S(attr->ia_atime); oa->o_valid |= OBD_MD_FLATIME; } if (ia_valid & ATTR_MTIME) { oa->o_mtime = LTIME_S(attr->ia_mtime); oa->o_valid |= OBD_MD_FLMTIME; } if (ia_valid & ATTR_CTIME) { oa->o_ctime = LTIME_S(attr->ia_ctime); oa->o_valid |= OBD_MD_FLCTIME; } if (ia_valid & ATTR_SIZE) { oa->o_size = attr->ia_size; oa->o_valid |= OBD_MD_FLSIZE; } if (ia_valid & ATTR_MODE) { oa->o_mode = attr->ia_mode; oa->o_valid |= OBD_MD_FLTYPE | OBD_MD_FLMODE; if (!in_group_p(make_kgid(&init_user_ns, oa->o_gid)) && !cfs_capable(CFS_CAP_FSETID)) oa->o_mode &= ~S_ISGID; } if (ia_valid & ATTR_UID) { oa->o_uid = from_kuid(&init_user_ns, attr->ia_uid); oa->o_valid |= OBD_MD_FLUID; } if (ia_valid & ATTR_GID) { oa->o_gid = from_kgid(&init_user_ns, attr->ia_gid); oa->o_valid |= OBD_MD_FLGID; } }
/** * dump_tasks - dump current memory state of all system tasks * @memcg: current's memory controller, if constrained * @nodemask: nodemask passed to page allocator for mempolicy ooms * * Dumps the current memory state of all eligible tasks. Tasks not in the same * memcg, not in the same cpuset, or bound to a disjoint set of mempolicy nodes * are not shown. * State information includes task's pid, uid, tgid, vm size, rss, nr_ptes, * swapents, oom_score_adj value, and name. */ static void dump_tasks(struct mem_cgroup *memcg, const nodemask_t *nodemask) { struct task_struct *p; struct task_struct *task; pr_info("[ pid ] uid tgid total_vm rss nr_ptes nr_pmds swapents oom_score_adj name\n"); rcu_read_lock(); for_each_process(p) { if (oom_unkillable_task(p, memcg, nodemask)) continue; task = find_lock_task_mm(p); if (!task) { /* * This is a kthread or all of p's threads have already * detached their mm's. There's no need to report * them; they can't be oom killed anyway. */ continue; } pr_info("[%5d] %5d %5d %8lu %8lu %7ld %7ld %8lu %5hd %s\n", task->pid, from_kuid(&init_user_ns, task_uid(task)), task->tgid, task->mm->total_vm, get_mm_rss(task->mm), atomic_long_read(&task->mm->nr_ptes), mm_nr_pmds(task->mm), get_mm_counter(task->mm, MM_SWAPENTS), task->signal->oom_score_adj, task->comm); task_unlock(task); } rcu_read_unlock(); }
/** * netlbl_audit_start_common - Start an audit message * @type: audit message type * @audit_info: NetLabel audit information * * Description: * Start an audit message using the type specified in @type and fill the audit * message with some fields common to all NetLabel audit messages. Returns * a pointer to the audit buffer on success, NULL on failure. * */ struct audit_buffer *netlbl_audit_start_common(int type, struct netlbl_audit *audit_info) { struct audit_buffer *audit_buf; char *secctx; u32 secctx_len; if (audit_enabled == 0) return NULL; audit_buf = audit_log_start(audit_context(), GFP_ATOMIC, type); if (audit_buf == NULL) return NULL; audit_log_format(audit_buf, "netlabel: auid=%u ses=%u", from_kuid(&init_user_ns, audit_info->loginuid), audit_info->sessionid); if (audit_info->secid != 0 && security_secid_to_secctx(audit_info->secid, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); security_release_secctx(secctx, secctx_len); } return audit_buf; }
static int unx_hash_cred(struct auth_cred *acred, unsigned int hashbits) { return hash_64(from_kgid(&init_user_ns, acred->gid) | ((u64)from_kuid(&init_user_ns, acred->uid) << (sizeof(gid_t) * 8)), hashbits); }
static ssize_t sel_write_load(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { ssize_t length; void *data = NULL; mutex_lock(&sel_mutex); length = task_has_security(current, SECURITY__LOAD_POLICY); if (length) goto out; /* No partial writes. */ length = -EINVAL; if (*ppos != 0) goto out; length = -EFBIG; if (count > 64 * 1024 * 1024) goto out; length = -ENOMEM; data = vmalloc(count); if (!data) goto out; length = -EFAULT; if (copy_from_user(data, buf, count) != 0) goto out; length = security_load_policy(data, count); if (length) goto out; length = sel_make_bools(); if (length) goto out1; length = sel_make_classes(); if (length) goto out1; length = sel_make_policycap(); if (length) goto out1; length = count; out1: audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, "policy loaded auid=%u ses=%u", from_kuid(&init_user_ns, audit_get_loginuid(current)), audit_get_sessionid(current)); out: mutex_unlock(&sel_mutex); vfree(data); return length; }
static int f_getowner_uids(struct file *filp, unsigned long arg) { struct user_namespace *user_ns = current_user_ns(); uid_t __user *dst = (void __user *)arg; uid_t src[2]; int err; read_lock(&filp->f_owner.lock); src[0] = from_kuid(user_ns, filp->f_owner.uid); src[1] = from_kuid(user_ns, filp->f_owner.euid); read_unlock(&filp->f_owner.lock); err = put_user(src[0], &dst[0]); err |= put_user(src[1], &dst[1]); return err; }
uid_t from_kuid_munged(struct user_namespace *targ, kuid_t kuid) { uid_t uid; uid = from_kuid(targ, kuid); if (uid == (uid_t) -1) uid = overflowuid; return uid; }
static __be32 nfsd4_ff_proc_layoutget(struct inode *inode, const struct svc_fh *fhp, struct nfsd4_layoutget *args) { struct nfsd4_layout_seg *seg = &args->lg_seg; u32 device_generation = 0; int error; uid_t u; struct pnfs_ff_layout *fl; /* * The super simple flex file server has 1 mirror, 1 data server, * and 1 file handle. So instead of 4 allocs, do 1 for now. * Zero it out for the stateid - don't want junk in there! */ error = -ENOMEM; fl = kzalloc(sizeof(*fl), GFP_KERNEL); if (!fl) goto out_error; args->lg_content = fl; /* * Avoid layout commit, try to force the I/O to the DS, * and for fun, cause all IOMODE_RW layout segments to * effectively be WRITE only. */ fl->flags = FF_FLAGS_NO_LAYOUTCOMMIT | FF_FLAGS_NO_IO_THRU_MDS | FF_FLAGS_NO_READ_IO; /* Do not allow a IOMODE_READ segment to have write pemissions */ if (seg->iomode == IOMODE_READ) { u = from_kuid(&init_user_ns, inode->i_uid) + 1; fl->uid = make_kuid(&init_user_ns, u); } else fl->uid = inode->i_uid; fl->gid = inode->i_gid; error = nfsd4_set_deviceid(&fl->deviceid, fhp, device_generation); if (error) goto out_error; fl->fh.size = fhp->fh_handle.fh_size; memcpy(fl->fh.data, &fhp->fh_handle.fh_base, fl->fh.size); /* Give whole file layout segments */ seg->offset = 0; seg->length = NFS4_MAX_UINT64; dprintk("GET: 0x%llx:0x%llx %d\n", seg->offset, seg->length, seg->iomode); return 0; out_error: seg->length = 0; return nfserrno(error); }
/* WARNING: the file systems must take care not to tinker with * attributes they don't manage (such as blocks). */ void obdo_from_inode(struct obdo *dst, struct inode *src, u32 valid) { u32 newvalid = 0; if (valid & (OBD_MD_FLCTIME | OBD_MD_FLMTIME)) CDEBUG(D_INODE, "valid %x, new time %lu/%lu\n", valid, LTIME_S(src->i_mtime), LTIME_S(src->i_ctime)); if (valid & OBD_MD_FLATIME) { dst->o_atime = LTIME_S(src->i_atime); newvalid |= OBD_MD_FLATIME; } if (valid & OBD_MD_FLMTIME) { dst->o_mtime = LTIME_S(src->i_mtime); newvalid |= OBD_MD_FLMTIME; } if (valid & OBD_MD_FLCTIME) { dst->o_ctime = LTIME_S(src->i_ctime); newvalid |= OBD_MD_FLCTIME; } if (valid & OBD_MD_FLSIZE) { dst->o_size = i_size_read(src); newvalid |= OBD_MD_FLSIZE; } if (valid & OBD_MD_FLBLOCKS) { /* allocation of space (x512 bytes) */ dst->o_blocks = src->i_blocks; newvalid |= OBD_MD_FLBLOCKS; } if (valid & OBD_MD_FLBLKSZ) { /* optimal block size */ dst->o_blksize = 1 << src->i_blkbits; newvalid |= OBD_MD_FLBLKSZ; } if (valid & OBD_MD_FLTYPE) { dst->o_mode = (dst->o_mode & S_IALLUGO) | (src->i_mode & S_IFMT); newvalid |= OBD_MD_FLTYPE; } if (valid & OBD_MD_FLMODE) { dst->o_mode = (dst->o_mode & S_IFMT) | (src->i_mode & S_IALLUGO); newvalid |= OBD_MD_FLMODE; } if (valid & OBD_MD_FLUID) { dst->o_uid = from_kuid(&init_user_ns, src->i_uid); newvalid |= OBD_MD_FLUID; } if (valid & OBD_MD_FLGID) { dst->o_gid = from_kgid(&init_user_ns, src->i_gid); newvalid |= OBD_MD_FLGID; } if (valid & OBD_MD_FLFLAGS) { dst->o_flags = src->i_flags; newvalid |= OBD_MD_FLFLAGS; } dst->o_valid |= newvalid; }
static __be32 * encode_fattr(struct svc_rqst *rqstp, __be32 *p, struct svc_fh *fhp, struct kstat *stat) { struct dentry *dentry = fhp->fh_dentry; int type; struct timespec64 time; u32 f; type = (stat->mode & S_IFMT); *p++ = htonl(nfs_ftypes[type >> 12]); *p++ = htonl((u32) stat->mode); *p++ = htonl((u32) stat->nlink); *p++ = htonl((u32) from_kuid(&init_user_ns, stat->uid)); *p++ = htonl((u32) from_kgid(&init_user_ns, stat->gid)); if (S_ISLNK(type) && stat->size > NFS_MAXPATHLEN) { *p++ = htonl(NFS_MAXPATHLEN); } else { *p++ = htonl((u32) stat->size); } *p++ = htonl((u32) stat->blksize); if (S_ISCHR(type) || S_ISBLK(type)) *p++ = htonl(new_encode_dev(stat->rdev)); else *p++ = htonl(0xffffffff); *p++ = htonl((u32) stat->blocks); switch (fsid_source(fhp)) { default: case FSIDSOURCE_DEV: *p++ = htonl(new_encode_dev(stat->dev)); break; case FSIDSOURCE_FSID: *p++ = htonl((u32) fhp->fh_export->ex_fsid); break; case FSIDSOURCE_UUID: f = ((u32*)fhp->fh_export->ex_uuid)[0]; f ^= ((u32*)fhp->fh_export->ex_uuid)[1]; f ^= ((u32*)fhp->fh_export->ex_uuid)[2]; f ^= ((u32*)fhp->fh_export->ex_uuid)[3]; *p++ = htonl(f); break; } *p++ = htonl((u32) stat->ino); *p++ = htonl((u32) stat->atime.tv_sec); *p++ = htonl(stat->atime.tv_nsec ? stat->atime.tv_nsec / 1000 : 0); time = stat->mtime; lease_get_mtime(d_inode(dentry), &time); *p++ = htonl((u32) time.tv_sec); *p++ = htonl(time.tv_nsec ? time.tv_nsec / 1000 : 0); *p++ = htonl((u32) stat->ctime.tv_sec); *p++ = htonl(stat->ctime.tv_nsec ? stat->ctime.tv_nsec / 1000 : 0); return p; }
static void *f2fs_acl_to_disk(struct f2fs_sb_info *sbi, const struct posix_acl *acl, size_t *size) { struct f2fs_acl_header *f2fs_acl; struct f2fs_acl_entry *entry; int i; f2fs_acl = f2fs_kmalloc(sbi, sizeof(struct f2fs_acl_header) + acl->a_count * sizeof(struct f2fs_acl_entry), GFP_NOFS); if (!f2fs_acl) return ERR_PTR(-ENOMEM); f2fs_acl->a_version = cpu_to_le32(F2FS_ACL_VERSION); entry = (struct f2fs_acl_entry *)(f2fs_acl + 1); for (i = 0; i < acl->a_count; i++) { entry->e_tag = cpu_to_le16(acl->a_entries[i].e_tag); entry->e_perm = cpu_to_le16(acl->a_entries[i].e_perm); switch (acl->a_entries[i].e_tag) { case ACL_USER: entry->e_id = cpu_to_le32( from_kuid(&init_user_ns, acl->a_entries[i].e_uid)); entry = (struct f2fs_acl_entry *)((char *)entry + sizeof(struct f2fs_acl_entry)); break; case ACL_GROUP: entry->e_id = cpu_to_le32( from_kgid(&init_user_ns, acl->a_entries[i].e_gid)); entry = (struct f2fs_acl_entry *)((char *)entry + sizeof(struct f2fs_acl_entry)); break; case ACL_USER_OBJ: case ACL_GROUP_OBJ: case ACL_MASK: case ACL_OTHER: entry = (struct f2fs_acl_entry *)((char *)entry + sizeof(struct f2fs_acl_entry_short)); break; default: goto fail; } } *size = f2fs_acl_size(acl->a_count); return (void *)f2fs_acl; fail: kfree(f2fs_acl); return ERR_PTR(-EINVAL); }
static void dump_oom_summary(struct oom_control *oc, struct task_struct *victim) { /* one line summary of the oom killer context. */ pr_info("oom-kill:constraint=%s,nodemask=%*pbl", oom_constraint_text[oc->constraint], nodemask_pr_args(oc->nodemask)); cpuset_print_current_mems_allowed(); mem_cgroup_print_oom_context(oc->memcg, victim); pr_cont(",task=%s,pid=%d,uid=%d\n", victim->comm, victim->pid, from_kuid(&init_user_ns, task_uid(victim))); }
DECLINLINE(RTUID) vboxdrvLinuxEuid(void) { #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 29) # if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 5, 0) return from_kuid(current_user_ns(), current->cred->euid); # else return current->cred->euid; # endif #else return current->euid; #endif }
/* NB: setxid permission is not checked here, instead it's done on * MDT when client get remote permission. */ static int do_check_remote_perm(struct ll_inode_info *lli, int mask) { struct hlist_head *head; struct ll_remote_perm *lrp; int found = 0, rc; if (!lli->lli_remote_perms) return -ENOENT; head = lli->lli_remote_perms + remote_perm_hashfunc(from_kuid(&init_user_ns, current_uid())); spin_lock(&lli->lli_lock); hlist_for_each_entry(lrp, head, lrp_list) { if (lrp->lrp_uid != from_kuid(&init_user_ns, current_uid())) continue; if (lrp->lrp_gid != from_kgid(&init_user_ns, current_gid())) continue; if (lrp->lrp_fsuid != from_kuid(&init_user_ns, current_fsuid())) continue; if (lrp->lrp_fsgid != from_kgid(&init_user_ns, current_fsgid())) continue; found = 1; break; } if (!found) { rc = -ENOENT; goto out; } CDEBUG(D_SEC, "found remote perm: %u/%u/%u/%u - %#x\n", lrp->lrp_uid, lrp->lrp_gid, lrp->lrp_fsuid, lrp->lrp_fsgid, lrp->lrp_access_perm); rc = ((lrp->lrp_access_perm & mask) == mask) ? 0 : -EACCES; out: spin_unlock(&lli->lli_lock); return rc; }
static ssize_t sel_write_enforce(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { char *page = NULL; ssize_t length; int new_value; length = -ENOMEM; if (count >= PAGE_SIZE) goto out; /* No partial writes. */ length = -EINVAL; if (*ppos != 0) goto out; length = -ENOMEM; page = (char *)get_zeroed_page(GFP_KERNEL); if (!page) goto out; length = -EFAULT; if (copy_from_user(page, buf, count)) goto out; length = -EINVAL; if (sscanf(page, "%d", &new_value) != 1) goto out; new_value = 0; if (new_value != selinux_enforcing) { length = task_has_security(current, SECURITY__SETENFORCE); if (length) goto out; audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, "enforcing=%d old_enforcing=%d auid=%u ses=%u", new_value, selinux_enforcing, from_kuid(&init_user_ns, audit_get_loginuid(current)), audit_get_sessionid(current)); selinux_enforcing = new_value; if (selinux_enforcing) avc_ss_reset(0); selnl_notify_setenforce(selinux_enforcing); selinux_status_update_setenforce(selinux_enforcing); } length = count; out: free_page((unsigned long) page); return length; }
/* packing of MDS records */ void mdc_open_pack(struct ptlrpc_request *req, struct md_op_data *op_data, umode_t mode, __u64 rdev, __u64 flags, const void *lmm, size_t lmmlen) { struct mdt_rec_create *rec; char *tmp; __u64 cr_flags; CLASSERT(sizeof(struct mdt_rec_reint) == sizeof(struct mdt_rec_create)); rec = req_capsule_client_get(&req->rq_pill, &RMF_REC_REINT); /* XXX do something about time, uid, gid */ rec->cr_opcode = REINT_OPEN; rec->cr_fsuid = from_kuid(&init_user_ns, current_fsuid()); rec->cr_fsgid = from_kgid(&init_user_ns, current_fsgid()); rec->cr_cap = cfs_curproc_cap_pack(); rec->cr_mode = mode; cr_flags = mds_pack_open_flags(flags); rec->cr_rdev = rdev; rec->cr_umask = current_umask(); if (op_data != NULL) { rec->cr_fid1 = op_data->op_fid1; rec->cr_fid2 = op_data->op_fid2; rec->cr_time = op_data->op_mod_time; rec->cr_suppgid1 = op_data->op_suppgids[0]; rec->cr_suppgid2 = op_data->op_suppgids[1]; rec->cr_bias = op_data->op_bias; rec->cr_open_handle_old = op_data->op_open_handle; if (op_data->op_name) { mdc_pack_name(req, &RMF_NAME, op_data->op_name, op_data->op_namelen); if (op_data->op_bias & MDS_CREATE_VOLATILE) cr_flags |= MDS_OPEN_VOLATILE; } mdc_file_secctx_pack(req, op_data->op_file_secctx_name, op_data->op_file_secctx, op_data->op_file_secctx_size); /* pack SELinux policy info if any */ mdc_file_sepol_pack(req); } if (lmm) { cr_flags |= MDS_OPEN_HAS_EA; tmp = req_capsule_client_get(&req->rq_pill, &RMF_EADATA); memcpy(tmp, lmm, lmmlen); } set_mrc_cr_flags(rec, cr_flags); }
static u64 bpf_get_current_uid_gid(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5) { struct task_struct *task = current; kuid_t uid; kgid_t gid; if (!task) return -EINVAL; current_uid_gid(&uid, &gid); return (u64) from_kgid(&init_user_ns, gid) << 32 | from_kuid(&init_user_ns, uid); }
/* * Fix up the uids and gids in posix acl extended attributes in place. */ static void posix_acl_fix_xattr_userns( struct user_namespace *to, struct user_namespace *from, void *value, size_t size) { posix_acl_xattr_header *header = (posix_acl_xattr_header *)value; posix_acl_xattr_entry *entry = (posix_acl_xattr_entry *)(header+1), *end; int count; kuid_t uid; kgid_t gid; if (!value) return; if (size < sizeof(posix_acl_xattr_header)) return; if (header->a_version != cpu_to_le32(POSIX_ACL_XATTR_VERSION)) return; count = posix_acl_xattr_count(size); if (count < 0) return; if (count == 0) return; for (end = entry + count; entry != end; entry++) { switch(le16_to_cpu(entry->e_tag)) { case ACL_USER: uid = make_kuid(from, le32_to_cpu(entry->e_id)); entry->e_id = cpu_to_le32(from_kuid(to, uid)); break; case ACL_GROUP: gid = make_kgid(from, le32_to_cpu(entry->e_id)); entry->e_id = cpu_to_le32(from_kuid(to, uid)); break; default: break; } } }