From: Andreas Gruenbacher <andreas.gruenbacher@gmail.com> To: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-nfs@vger.kernel.org, linux-api@vger.kernel.org, samba-technical@lists.samba.org, linux-security-module@vger.kernel.org Cc: Andreas Gruenbacher <agruen@kernel.org> Subject: [RFC v4 21/31] richacl: Move everyone@ aces down the acl Date: Wed, 24 Jun 2015 23:57:10 +0200 [thread overview] Message-ID: <1435183040-22726-22-git-send-email-agruenba@redhat.com> (raw) In-Reply-To: <1435183040-22726-1-git-send-email-agruenba@redhat.com> The POSIX standard puts processes which are not the owner or a member in the owning group or which match any ace other then everyone@ on the other file class. We only know if a process is in the other class after processing the entire acl. Move all everyone@ aces in the acl down in the acl so that at most a single everyone@ allow ace remains at the end. Permissions which are not explicitly allowed are implicitly denied, so an everyone@ deny ace is unneeded. The everyone@ aces can be moved down the acl without changing the permissions that the acl grants. This transformation simplifies the following algorithms, and eventually allows us to turn the final everyone@ allow ace into an entry for the other class. Signed-off-by: Andreas Gruenbacher <agruen@kernel.org> --- fs/richacl_compat.c | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) diff --git a/fs/richacl_compat.c b/fs/richacl_compat.c index 1c62c3c..d813789 100644 --- a/fs/richacl_compat.c +++ b/fs/richacl_compat.c @@ -159,3 +159,68 @@ richace_change_mask(struct richacl_alloc *alloc, struct richace **ace, } return 0; } + +/** + * richacl_move_everyone_aces_down - move everyone@ aces to the end of the acl + * @alloc: acl and number of allocated entries + * + * Move all everyone aces to the end of the acl so that only a single everyone@ + * allow ace remains at the end, and update the mask fields of all aces on the + * way. The last ace of the resulting acl will be an everyone@ allow ace only + * if @acl grants any permissions to @everyone. No @everyone deny aces will + * remain. + * + * This transformation does not alter the permissions that the acl grants. + * Having at most one everyone@ allow ace at the end of the acl helps us in the + * following algorithms. + */ +static int +richacl_move_everyone_aces_down(struct richacl_alloc *alloc) +{ + struct richace *ace; + unsigned int allowed = 0, denied = 0; + + richacl_for_each_entry(ace, alloc->acl) { + if (richace_is_inherit_only(ace)) + continue; + if (richace_is_everyone(ace)) { + if (richace_is_allow(ace)) + allowed |= (ace->e_mask & ~denied); + else if (richace_is_deny(ace)) + denied |= (ace->e_mask & ~allowed); + else + continue; + if (richace_change_mask(alloc, &ace, 0)) + return -1; + } else { + if (richace_is_allow(ace)) { + if (richace_change_mask(alloc, &ace, allowed | + (ace->e_mask & ~denied))) + return -1; + } else if (richace_is_deny(ace)) { + if (richace_change_mask(alloc, &ace, denied | + (ace->e_mask & ~allowed))) + return -1; + } + } + } + if (allowed & ~RICHACE_POSIX_ALWAYS_ALLOWED) { + struct richace *last_ace = ace - 1; + + if (alloc->acl->a_entries && + richace_is_everyone(last_ace) && + richace_is_allow(last_ace) && + richace_is_inherit_only(last_ace) && + last_ace->e_mask == allowed) + last_ace->e_flags &= ~RICHACE_INHERIT_ONLY_ACE; + else { + if (richacl_insert_entry(alloc, &ace)) + return -1; + ace->e_type = RICHACE_ACCESS_ALLOWED_ACE_TYPE; + ace->e_flags = RICHACE_SPECIAL_WHO; + ace->e_mask = allowed; + ace->e_id.special = RICHACE_EVERYONE_SPECIAL_ID; + } + } + return 0; +} -- 2.4.2
WARNING: multiple messages have this Message-ID (diff)
From: Andreas Gruenbacher <andreas.gruenbacher-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> To: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, samba-technical-w/Ol4Ecudpl8XjKLYN78aQ@public.gmane.org, linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org Cc: Andreas Gruenbacher <agruen-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org> Subject: [RFC v4 21/31] richacl: Move everyone@ aces down the acl Date: Wed, 24 Jun 2015 23:57:10 +0200 [thread overview] Message-ID: <1435183040-22726-22-git-send-email-agruenba@redhat.com> (raw) In-Reply-To: <1435183040-22726-1-git-send-email-agruenba-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> The POSIX standard puts processes which are not the owner or a member in the owning group or which match any ace other then everyone@ on the other file class. We only know if a process is in the other class after processing the entire acl. Move all everyone@ aces in the acl down in the acl so that at most a single everyone@ allow ace remains at the end. Permissions which are not explicitly allowed are implicitly denied, so an everyone@ deny ace is unneeded. The everyone@ aces can be moved down the acl without changing the permissions that the acl grants. This transformation simplifies the following algorithms, and eventually allows us to turn the final everyone@ allow ace into an entry for the other class. Signed-off-by: Andreas Gruenbacher <agruen-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org> --- fs/richacl_compat.c | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) diff --git a/fs/richacl_compat.c b/fs/richacl_compat.c index 1c62c3c..d813789 100644 --- a/fs/richacl_compat.c +++ b/fs/richacl_compat.c @@ -159,3 +159,68 @@ richace_change_mask(struct richacl_alloc *alloc, struct richace **ace, } return 0; } + +/** + * richacl_move_everyone_aces_down - move everyone@ aces to the end of the acl + * @alloc: acl and number of allocated entries + * + * Move all everyone aces to the end of the acl so that only a single everyone@ + * allow ace remains at the end, and update the mask fields of all aces on the + * way. The last ace of the resulting acl will be an everyone@ allow ace only + * if @acl grants any permissions to @everyone. No @everyone deny aces will + * remain. + * + * This transformation does not alter the permissions that the acl grants. + * Having at most one everyone@ allow ace at the end of the acl helps us in the + * following algorithms. + */ +static int +richacl_move_everyone_aces_down(struct richacl_alloc *alloc) +{ + struct richace *ace; + unsigned int allowed = 0, denied = 0; + + richacl_for_each_entry(ace, alloc->acl) { + if (richace_is_inherit_only(ace)) + continue; + if (richace_is_everyone(ace)) { + if (richace_is_allow(ace)) + allowed |= (ace->e_mask & ~denied); + else if (richace_is_deny(ace)) + denied |= (ace->e_mask & ~allowed); + else + continue; + if (richace_change_mask(alloc, &ace, 0)) + return -1; + } else { + if (richace_is_allow(ace)) { + if (richace_change_mask(alloc, &ace, allowed | + (ace->e_mask & ~denied))) + return -1; + } else if (richace_is_deny(ace)) { + if (richace_change_mask(alloc, &ace, denied | + (ace->e_mask & ~allowed))) + return -1; + } + } + } + if (allowed & ~RICHACE_POSIX_ALWAYS_ALLOWED) { + struct richace *last_ace = ace - 1; + + if (alloc->acl->a_entries && + richace_is_everyone(last_ace) && + richace_is_allow(last_ace) && + richace_is_inherit_only(last_ace) && + last_ace->e_mask == allowed) + last_ace->e_flags &= ~RICHACE_INHERIT_ONLY_ACE; + else { + if (richacl_insert_entry(alloc, &ace)) + return -1; + ace->e_type = RICHACE_ACCESS_ALLOWED_ACE_TYPE; + ace->e_flags = RICHACE_SPECIAL_WHO; + ace->e_mask = allowed; + ace->e_id.special = RICHACE_EVERYONE_SPECIAL_ID; + } + } + return 0; +} -- 2.4.2 -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2015-06-24 21:59 UTC|newest] Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top 2015-06-24 21:56 [RFC v4 00/31] Richacls Andreas Gruenbacher 2015-06-24 21:56 ` Andreas Gruenbacher 2015-06-24 21:56 ` [RFC v4 01/31] vfs: Add IS_ACL() and IS_RICHACL() tests Andreas Gruenbacher 2015-06-24 21:56 ` [RFC v4 02/31] vfs: Add MAY_CREATE_FILE and MAY_CREATE_DIR permission flags Andreas Gruenbacher 2015-06-24 21:56 ` Andreas Gruenbacher 2015-06-24 21:56 ` [RFC v4 03/31] vfs: Add MAY_DELETE_SELF and MAY_DELETE_CHILD " Andreas Gruenbacher 2015-06-24 21:56 ` Andreas Gruenbacher 2015-06-24 21:56 ` [RFC v4 04/31] vfs: Make the inode passed to inode_change_ok non-const Andreas Gruenbacher 2015-06-24 21:56 ` [RFC v4 05/31] vfs: Add permission flags for setting file attributes Andreas Gruenbacher 2015-06-24 21:56 ` [RFC v4 06/31] richacl: In-memory representation and helper functions Andreas Gruenbacher 2015-06-25 19:58 ` Stefan (metze) Metzmacher 2015-06-25 21:06 ` Andreas Grünbacher 2015-06-25 21:40 ` Stefan (metze) Metzmacher 2015-06-25 21:40 ` Stefan (metze) Metzmacher 2015-06-26 7:55 ` Andreas Grünbacher 2015-06-26 7:55 ` Andreas Grünbacher 2015-06-24 21:56 ` [RFC v4 07/31] richacl: Permission mapping functions Andreas Gruenbacher 2015-06-24 21:56 ` [RFC v4 08/31] richacl: Compute maximum file masks from an acl Andreas Gruenbacher 2015-06-24 21:56 ` [RFC v4 09/31] richacl: Update the file masks in chmod() Andreas Gruenbacher 2015-06-24 21:56 ` Andreas Gruenbacher 2015-06-24 21:56 ` [RFC v4 10/31] richacl: Permission check algorithm Andreas Gruenbacher 2015-06-24 21:56 ` Andreas Gruenbacher 2015-06-24 21:57 ` [RFC v4 11/31] vfs: Cache base_acl objects in inodes Andreas Gruenbacher 2015-06-24 21:57 ` [RFC v4 12/31] vfs: Cache richacl in struct inode Andreas Gruenbacher 2015-06-24 21:57 ` Andreas Gruenbacher 2015-06-24 21:57 ` [RFC v4 13/31] richacl: Check if an acl is equivalent to a file mode Andreas Gruenbacher 2015-06-24 21:57 ` Andreas Gruenbacher 2015-06-24 21:57 ` [RFC v4 14/31] richacl: Create-time inheritance Andreas Gruenbacher 2015-06-24 21:57 ` [RFC v4 15/31] richacl: Automatic Inheritance Andreas Gruenbacher 2015-06-24 21:57 ` [RFC v4 16/31] richacl: xattr mapping functions Andreas Gruenbacher 2015-06-24 21:57 ` Andreas Gruenbacher 2015-06-24 21:57 ` [RFC v4 17/31] vfs: Add richacl permission checking Andreas Gruenbacher 2015-06-24 21:57 ` [RFC v4 18/31] ext4: Add richacl support Andreas Gruenbacher 2015-06-24 21:57 ` Andreas Gruenbacher 2015-06-24 21:57 ` [RFC v4 19/31] ext4: Add richacl feature flag Andreas Gruenbacher 2015-06-24 21:57 ` [RFC v4 20/31] richacl: acl editing helper functions Andreas Gruenbacher 2015-06-24 21:57 ` Andreas Gruenbacher [this message] 2015-06-24 21:57 ` [RFC v4 21/31] richacl: Move everyone@ aces down the acl Andreas Gruenbacher 2015-06-24 21:57 ` [RFC v4 22/31] richacl: Propagate everyone@ permissions to other aces Andreas Gruenbacher 2015-06-24 21:57 ` Andreas Gruenbacher 2015-06-24 21:57 ` [RFC v4 23/31] richacl: Set the owner permissions to the owner mask Andreas Gruenbacher 2015-06-24 21:57 ` [RFC v4 24/31] richacl: Set the other permissions to the other mask Andreas Gruenbacher 2015-06-24 21:57 ` Andreas Gruenbacher 2015-06-24 21:57 ` [RFC v4 25/31] richacl: Isolate the owner and group classes Andreas Gruenbacher 2015-06-24 21:57 ` [RFC v4 26/31] richacl: Apply the file masks to a richacl Andreas Gruenbacher 2015-06-24 21:57 ` Andreas Gruenbacher 2015-06-24 21:57 ` [RFC v4 27/31] richacl: Create richacl from mode values Andreas Gruenbacher 2015-06-24 21:57 ` Andreas Gruenbacher 2015-06-24 21:57 ` [RFC v4 28/31] nfsd: Keep list of acls to dispose of in compoundargs Andreas Gruenbacher 2015-06-24 21:57 ` Andreas Gruenbacher 2015-06-24 21:57 ` [RFC v4 29/31] nfsd: Use richacls as internal acl representation Andreas Gruenbacher 2015-06-24 21:57 ` [RFC v4 30/31] nfsd: Add richacl support Andreas Gruenbacher 2015-06-24 21:57 ` [RFC v4 31/31] nfsd: Add support for the v4.1 dacl attribute Andreas Gruenbacher 2015-06-24 21:57 ` Andreas Gruenbacher
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=1435183040-22726-22-git-send-email-agruenba@redhat.com \ --to=andreas.gruenbacher@gmail.com \ --cc=agruen@kernel.org \ --cc=linux-api@vger.kernel.org \ --cc=linux-fsdevel@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-nfs@vger.kernel.org \ --cc=linux-security-module@vger.kernel.org \ --cc=samba-technical@lists.samba.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.