Lines Matching refs:idmap
280 * @idmap: idmap of the mount the inode was found from
288 * If the inode has been found through an idmapped mount the idmap of
289 * the vfsmount must be passed through @idmap. This function will then take
290 * care to map the inode according to @idmap before checking permissions.
294 static int check_acl(struct mnt_idmap *idmap,
307 return posix_acl_permission(idmap, inode, acl, mask);
314 int error = posix_acl_permission(idmap, inode, acl, mask);
325 * @idmap: idmap of the mount the inode was found from
333 * If the inode has been found through an idmapped mount the idmap of
334 * the vfsmount must be passed through @idmap. This function will then take
335 * care to map the inode according to @idmap before checking permissions.
339 static int acl_permission_check(struct mnt_idmap *idmap,
346 vfsuid = i_uid_into_vfsuid(idmap, inode);
355 int error = check_acl(idmap, inode, mask);
369 vfsgid_t vfsgid = i_gid_into_vfsgid(idmap, inode);
380 * @idmap: idmap of the mount the inode was found from
394 * If the inode has been found through an idmapped mount the idmap of
395 * the vfsmount must be passed through @idmap. This function will then take
396 * care to map the inode according to @idmap before checking permissions.
400 int generic_permission(struct mnt_idmap *idmap, struct inode *inode,
408 ret = acl_permission_check(idmap, inode, mask);
415 if (capable_wrt_inode_uidgid(idmap, inode,
418 if (capable_wrt_inode_uidgid(idmap, inode,
429 if (capable_wrt_inode_uidgid(idmap, inode,
438 if (capable_wrt_inode_uidgid(idmap, inode,
448 * @idmap: idmap of the mount the inode was found from
457 static inline int do_inode_permission(struct mnt_idmap *idmap,
462 return inode->i_op->permission(idmap, inode, mask);
469 return generic_permission(idmap, inode, mask);
494 * @idmap: idmap of the mount the inode was found from
504 int inode_permission(struct mnt_idmap *idmap,
525 if (HAS_UNMAPPED_ID(idmap, inode))
529 retval = do_inode_permission(idmap, inode, mask);
1104 struct mnt_idmap *idmap;
1110 idmap = mnt_idmap(nd->path.mnt);
1111 vfsuid = i_uid_into_vfsuid(idmap, inode);
1134 * @idmap: idmap of the mount the inode was found from
1145 static bool safe_hardlink_source(struct mnt_idmap *idmap,
1163 if (inode_permission(idmap, inode, MAY_READ | MAY_WRITE))
1171 * @idmap: idmap of the mount the inode was found from
1180 * If the inode has been found through an idmapped mount the idmap of
1181 * the vfsmount must be passed through @idmap. This function will then take
1182 * care to map the inode according to @idmap before checking permissions.
1188 int may_linkat(struct mnt_idmap *idmap, const struct path *link)
1193 if (!vfsuid_valid(i_uid_into_vfsuid(idmap, inode)) ||
1194 !vfsgid_valid(i_gid_into_vfsgid(idmap, inode)))
1203 if (safe_hardlink_source(idmap, inode) ||
1204 inode_owner_or_capable(idmap, inode))
1215 * @idmap: idmap of the mount the inode was found from
1230 * If the inode has been found through an idmapped mount the idmap of
1231 * the vfsmount must be passed through @idmap. This function will then take
1232 * care to map the inode according to @idmap before checking permissions.
1238 static int may_create_in_sticky(struct mnt_idmap *idmap,
1247 vfsuid_eq(i_uid_into_vfsuid(idmap, inode), dir_vfsuid) ||
1248 vfsuid_eq_kuid(i_uid_into_vfsuid(idmap, inode), current_fsuid()))
1716 static inline int may_lookup(struct mnt_idmap *idmap,
1720 int err = inode_permission(idmap, nd->inode, MAY_EXEC|MAY_NOT_BLOCK);
1724 return inode_permission(idmap, nd->inode, MAY_EXEC);
2265 struct mnt_idmap *idmap;
2270 idmap = mnt_idmap(nd->path.mnt);
2271 err = may_lookup(idmap, nd);
2319 nd->dir_vfsuid = i_uid_into_vfsuid(idmap, nd->inode);
2660 static int lookup_one_common(struct mnt_idmap *idmap,
2690 return inode_permission(idmap, base->d_inode, MAY_EXEC);
2752 * @idmap: idmap of the mount the lookup is performed from
2762 struct dentry *lookup_one(struct mnt_idmap *idmap, const char *name,
2771 err = lookup_one_common(idmap, name, base, len, &this);
2782 * @idmap: idmap of the mount the lookup is performed from
2793 struct dentry *lookup_one_unlocked(struct mnt_idmap *idmap,
2801 err = lookup_one_common(idmap, name, base, len, &this);
2815 * @idmap: idmap of the mount the lookup is performed from
2832 struct dentry *lookup_one_positive_unlocked(struct mnt_idmap *idmap,
2836 struct dentry *ret = lookup_one_unlocked(idmap, name, base, len);
2918 int __check_sticky(struct mnt_idmap *idmap, struct inode *dir,
2923 if (vfsuid_eq_kuid(i_uid_into_vfsuid(idmap, inode), fsuid))
2925 if (vfsuid_eq_kuid(i_uid_into_vfsuid(idmap, dir), fsuid))
2927 return !capable_wrt_inode_uidgid(idmap, inode, CAP_FOWNER);
2951 static int may_delete(struct mnt_idmap *idmap, struct inode *dir,
2964 if (!vfsuid_valid(i_uid_into_vfsuid(idmap, inode)) ||
2965 !vfsgid_valid(i_gid_into_vfsgid(idmap, inode)))
2970 error = inode_permission(idmap, dir, MAY_WRITE | MAY_EXEC);
2976 if (check_sticky(idmap, dir, inode) || IS_APPEND(inode) ||
2978 HAS_UNMAPPED_ID(idmap, inode))
3003 static inline int may_create(struct mnt_idmap *idmap,
3011 if (!fsuidgid_has_mapping(dir->i_sb, idmap))
3014 return inode_permission(idmap, dir, MAY_WRITE | MAY_EXEC);
3122 * @idmap: idmap of the mount the inode was found from
3143 static inline umode_t vfs_prepare_mode(struct mnt_idmap *idmap,
3147 mode = mode_strip_sgid(idmap, dir, mode);
3162 * @idmap: idmap of the mount the inode was found from
3170 * If the inode has been found through an idmapped mount the idmap of
3171 * the vfsmount must be passed through @idmap. This function will then take
3172 * care to map the inode according to @idmap before checking permissions.
3176 int vfs_create(struct mnt_idmap *idmap, struct inode *dir,
3181 error = may_create(idmap, dir, dentry);
3188 mode = vfs_prepare_mode(idmap, dir, mode, S_IALLUGO, S_IFREG);
3192 error = dir->i_op->create(idmap, dir, dentry, mode, want_excl);
3226 static int may_open(struct mnt_idmap *idmap, const struct path *path,
3262 error = inode_permission(idmap, inode, MAY_OPEN | acc_mode);
3277 if (flag & O_NOATIME && !inode_owner_or_capable(idmap, inode))
3283 static int handle_truncate(struct mnt_idmap *idmap, struct file *filp)
3293 error = do_truncate(idmap, path->dentry, 0,
3308 static int may_o_create(struct mnt_idmap *idmap,
3316 if (!fsuidgid_has_mapping(dir->dentry->d_sb, idmap))
3319 error = inode_permission(idmap, dir->dentry->d_inode,
3399 struct mnt_idmap *idmap;
3447 idmap = mnt_idmap(nd->path.mnt);
3451 mode = vfs_prepare_mode(idmap, dir->d_inode, mode, mode, mode);
3453 create_error = may_o_create(idmap, &nd->path,
3490 error = dir_inode->i_op->create(idmap, dir_inode, dentry,
3593 struct mnt_idmap *idmap;
3606 idmap = mnt_idmap(nd->path.mnt);
3612 error = may_create_in_sticky(idmap, nd,
3632 error = may_open(idmap, &nd->path, acc_mode, open_flag);
3638 error = handle_truncate(idmap, file);
3650 * @idmap: idmap of the mount the inode was found from
3657 * If the inode has been found through an idmapped mount the idmap of
3658 * the vfsmount must be passed through @idmap. This function will then take
3659 * care to map the inode according to @idmap before checking permissions.
3663 static int vfs_tmpfile(struct mnt_idmap *idmap,
3674 error = inode_permission(idmap, dir, MAY_WRITE | MAY_EXEC);
3684 mode = vfs_prepare_mode(idmap, dir, mode, mode, mode);
3685 error = dir->i_op->tmpfile(idmap, dir, file, mode);
3690 error = may_open(idmap, &file->f_path, 0, file->f_flags);
3699 ima_post_create_tmpfile(idmap, inode);
3705 * @idmap: idmap of the mount the inode was found from
3715 struct file *kernel_tmpfile_open(struct mnt_idmap *idmap,
3727 error = vfs_tmpfile(idmap, parentpath, file, mode);
3954 * @idmap: idmap of the mount the inode was found from
3962 * If the inode has been found through an idmapped mount the idmap of
3963 * the vfsmount must be passed through @idmap. This function will then take
3964 * care to map the inode according to @idmap before checking permissions.
3968 int vfs_mknod(struct mnt_idmap *idmap, struct inode *dir,
3972 int error = may_create(idmap, dir, dentry);
3984 mode = vfs_prepare_mode(idmap, dir, mode, mode, mode);
3993 error = dir->i_op->mknod(idmap, dir, dentry, mode, dev);
4020 struct mnt_idmap *idmap;
4040 idmap = mnt_idmap(path.mnt);
4043 error = vfs_create(idmap, path.dentry->d_inode,
4046 ima_post_path_mknod(idmap, dentry);
4049 error = vfs_mknod(idmap, path.dentry->d_inode,
4053 error = vfs_mknod(idmap, path.dentry->d_inode,
4081 * @idmap: idmap of the mount the inode was found from
4088 * If the inode has been found through an idmapped mount the idmap of
4089 * the vfsmount must be passed through @idmap. This function will then take
4090 * care to map the inode according to @idmap before checking permissions.
4094 int vfs_mkdir(struct mnt_idmap *idmap, struct inode *dir,
4100 error = may_create(idmap, dir, dentry);
4107 mode = vfs_prepare_mode(idmap, dir, mode, S_IRWXUGO | S_ISVTX, 0);
4115 error = dir->i_op->mkdir(idmap, dir, dentry, mode);
4163 * @idmap: idmap of the mount the inode was found from
4169 * If the inode has been found through an idmapped mount the idmap of
4170 * the vfsmount must be passed through @idmap. This function will then take
4171 * care to map the inode according to @idmap before checking permissions.
4175 int vfs_rmdir(struct mnt_idmap *idmap, struct inode *dir,
4178 int error = may_delete(idmap, dir, dentry, 1);
4281 * @idmap: idmap of the mount the inode was found from
4298 * If the inode has been found through an idmapped mount the idmap of
4299 * the vfsmount must be passed through @idmap. This function will then take
4300 * care to map the inode according to @idmap before checking permissions.
4304 int vfs_unlink(struct mnt_idmap *idmap, struct inode *dir,
4308 int error = may_delete(idmap, dir, dentry, 0);
4446 * @idmap: idmap of the mount the inode was found from
4453 * If the inode has been found through an idmapped mount the idmap of
4454 * the vfsmount must be passed through @idmap. This function will then take
4455 * care to map the inode according to @idmap before checking permissions.
4459 int vfs_symlink(struct mnt_idmap *idmap, struct inode *dir,
4464 error = may_create(idmap, dir, dentry);
4475 error = dir->i_op->symlink(idmap, dir, dentry, oldname);
4528 * @idmap: idmap of the mount
4545 * If the inode has been found through an idmapped mount the idmap of
4546 * the vfsmount must be passed through @idmap. This function will then take
4547 * care to map the inode according to @idmap before checking permissions.
4551 int vfs_link(struct dentry *old_dentry, struct mnt_idmap *idmap,
4562 error = may_create(idmap, dir, new_dentry);
4579 if (HAS_UNMAPPED_ID(idmap, inode))
4626 struct mnt_idmap *idmap;
4663 idmap = mnt_idmap(new_path.mnt);
4664 error = may_linkat(idmap, &old_path);
4670 error = vfs_link(old_path.dentry, idmap, new_path.dentry->d_inode,