git.openpandora.org
/
pandora-kernel.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Simplify exec_permission_lite(), part 3
[pandora-kernel.git]
/
fs
/
namei.c
diff --git
a/fs/namei.c
b/fs/namei.c
index
f3c5b27
..
e645e30
100644
(file)
--- a/
fs/namei.c
+++ b/
fs/namei.c
@@
-434,8
+434,12
@@
static int exec_permission_lite(struct inode *inode)
{
umode_t mode = inode->i_mode;
{
umode_t mode = inode->i_mode;
- if (inode->i_op->permission)
- return -EAGAIN;
+ if (inode->i_op->permission) {
+ int ret = inode->i_op->permission(inode, MAY_EXEC);
+ if (!ret)
+ goto ok;
+ return ret;
+ }
if (current_fsuid() == inode->i_uid)
mode >>= 6;
if (current_fsuid() == inode->i_uid)
mode >>= 6;
@@
-445,13
+449,7
@@
static int exec_permission_lite(struct inode *inode)
if (mode & MAY_EXEC)
goto ok;
if (mode & MAY_EXEC)
goto ok;
- if ((inode->i_mode & S_IXUGO) && capable(CAP_DAC_OVERRIDE))
- goto ok;
-
- if (S_ISDIR(inode->i_mode) && capable(CAP_DAC_OVERRIDE))
- goto ok;
-
- if (S_ISDIR(inode->i_mode) && capable(CAP_DAC_READ_SEARCH))
+ if (capable(CAP_DAC_OVERRIDE) || capable(CAP_DAC_READ_SEARCH))
goto ok;
return -EACCES;
goto ok;
return -EACCES;
@@
-853,12
+851,6
@@
static int __link_path_walk(const char *name, struct nameidata *nd)
nd->flags |= LOOKUP_CONTINUE;
err = exec_permission_lite(inode);
nd->flags |= LOOKUP_CONTINUE;
err = exec_permission_lite(inode);
- if (err == -EAGAIN)
- err = inode_permission(nd->path.dentry->d_inode,
- MAY_EXEC);
- if (!err)
- err = ima_path_check(&nd->path, MAY_EXEC,
- IMA_COUNT_UPDATE);
if (err)
break;
if (err)
break;
@@
-1542,28
+1534,31
@@
int may_open(struct path *path, int acc_mode, int flag)
* An append-only file must be opened in append mode for writing.
*/
if (IS_APPEND(inode)) {
* An append-only file must be opened in append mode for writing.
*/
if (IS_APPEND(inode)) {
+ error = -EPERM;
if ((flag & FMODE_WRITE) && !(flag & O_APPEND))
if ((flag & FMODE_WRITE) && !(flag & O_APPEND))
-
return -EPERM
;
+
goto err_out
;
if (flag & O_TRUNC)
if (flag & O_TRUNC)
-
return -EPERM
;
+
goto err_out
;
}
/* O_NOATIME can only be set by the owner or superuser */
if (flag & O_NOATIME)
}
/* O_NOATIME can only be set by the owner or superuser */
if (flag & O_NOATIME)
- if (!is_owner_or_cap(inode))
- return -EPERM;
+ if (!is_owner_or_cap(inode)) {
+ error = -EPERM;
+ goto err_out;
+ }
/*
* Ensure there are no outstanding leases on the file.
*/
error = break_lease(inode, flag);
if (error)
/*
* Ensure there are no outstanding leases on the file.
*/
error = break_lease(inode, flag);
if (error)
-
return error
;
+
goto err_out
;
if (flag & O_TRUNC) {
error = get_write_access(inode);
if (error)
if (flag & O_TRUNC) {
error = get_write_access(inode);
if (error)
-
return error
;
+
goto err_out
;
/*
* Refuse to truncate files with mandatory locks held on them.
/*
* Refuse to truncate files with mandatory locks held on them.
@@
-1581,12
+1576,17
@@
int may_open(struct path *path, int acc_mode, int flag)
}
put_write_access(inode);
if (error)
}
put_write_access(inode);
if (error)
-
return error
;
+
goto err_out
;
} else
if (flag & FMODE_WRITE)
vfs_dq_init(inode);
return 0;
} else
if (flag & FMODE_WRITE)
vfs_dq_init(inode);
return 0;
+err_out:
+ ima_counts_put(path, acc_mode ?
+ acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC) :
+ ACC_MODE(flag) & (MAY_READ | MAY_WRITE));
+ return error;
}
/*
}
/*