Root/
1 | /* |
2 | * linux/fs/attr.c |
3 | * |
4 | * Copyright (C) 1991, 1992 Linus Torvalds |
5 | * changes by Thomas Schoebel-Theuer |
6 | */ |
7 | |
8 | #include <linux/export.h> |
9 | #include <linux/time.h> |
10 | #include <linux/mm.h> |
11 | #include <linux/string.h> |
12 | #include <linux/capability.h> |
13 | #include <linux/fsnotify.h> |
14 | #include <linux/fcntl.h> |
15 | #include <linux/security.h> |
16 | #include <linux/evm.h> |
17 | #include <linux/ima.h> |
18 | |
19 | /** |
20 | * inode_change_ok - check if attribute changes to an inode are allowed |
21 | * @inode: inode to check |
22 | * @attr: attributes to change |
23 | * |
24 | * Check if we are allowed to change the attributes contained in @attr |
25 | * in the given inode. This includes the normal unix access permission |
26 | * checks, as well as checks for rlimits and others. |
27 | * |
28 | * Should be called as the first thing in ->setattr implementations, |
29 | * possibly after taking additional locks. |
30 | */ |
31 | int inode_change_ok(const struct inode *inode, struct iattr *attr) |
32 | { |
33 | unsigned int ia_valid = attr->ia_valid; |
34 | |
35 | /* |
36 | * First check size constraints. These can't be overriden using |
37 | * ATTR_FORCE. |
38 | */ |
39 | if (ia_valid & ATTR_SIZE) { |
40 | int error = inode_newsize_ok(inode, attr->ia_size); |
41 | if (error) |
42 | return error; |
43 | } |
44 | |
45 | /* If force is set do it anyway. */ |
46 | if (ia_valid & ATTR_FORCE) |
47 | return 0; |
48 | |
49 | /* Make sure a caller can chown. */ |
50 | if ((ia_valid & ATTR_UID) && |
51 | (!uid_eq(current_fsuid(), inode->i_uid) || |
52 | !uid_eq(attr->ia_uid, inode->i_uid)) && |
53 | !inode_capable(inode, CAP_CHOWN)) |
54 | return -EPERM; |
55 | |
56 | /* Make sure caller can chgrp. */ |
57 | if ((ia_valid & ATTR_GID) && |
58 | (!uid_eq(current_fsuid(), inode->i_uid) || |
59 | (!in_group_p(attr->ia_gid) && !gid_eq(attr->ia_gid, inode->i_gid))) && |
60 | !inode_capable(inode, CAP_CHOWN)) |
61 | return -EPERM; |
62 | |
63 | /* Make sure a caller can chmod. */ |
64 | if (ia_valid & ATTR_MODE) { |
65 | if (!inode_owner_or_capable(inode)) |
66 | return -EPERM; |
67 | /* Also check the setgid bit! */ |
68 | if (!in_group_p((ia_valid & ATTR_GID) ? attr->ia_gid : |
69 | inode->i_gid) && |
70 | !inode_capable(inode, CAP_FSETID)) |
71 | attr->ia_mode &= ~S_ISGID; |
72 | } |
73 | |
74 | /* Check for setting the inode time. */ |
75 | if (ia_valid & (ATTR_MTIME_SET | ATTR_ATIME_SET | ATTR_TIMES_SET)) { |
76 | if (!inode_owner_or_capable(inode)) |
77 | return -EPERM; |
78 | } |
79 | |
80 | return 0; |
81 | } |
82 | EXPORT_SYMBOL(inode_change_ok); |
83 | |
84 | /** |
85 | * inode_newsize_ok - may this inode be truncated to a given size |
86 | * @inode: the inode to be truncated |
87 | * @offset: the new size to assign to the inode |
88 | * @Returns: 0 on success, -ve errno on failure |
89 | * |
90 | * inode_newsize_ok must be called with i_mutex held. |
91 | * |
92 | * inode_newsize_ok will check filesystem limits and ulimits to check that the |
93 | * new inode size is within limits. inode_newsize_ok will also send SIGXFSZ |
94 | * when necessary. Caller must not proceed with inode size change if failure is |
95 | * returned. @inode must be a file (not directory), with appropriate |
96 | * permissions to allow truncate (inode_newsize_ok does NOT check these |
97 | * conditions). |
98 | */ |
99 | int inode_newsize_ok(const struct inode *inode, loff_t offset) |
100 | { |
101 | if (inode->i_size < offset) { |
102 | unsigned long limit; |
103 | |
104 | limit = rlimit(RLIMIT_FSIZE); |
105 | if (limit != RLIM_INFINITY && offset > limit) |
106 | goto out_sig; |
107 | if (offset > inode->i_sb->s_maxbytes) |
108 | goto out_big; |
109 | } else { |
110 | /* |
111 | * truncation of in-use swapfiles is disallowed - it would |
112 | * cause subsequent swapout to scribble on the now-freed |
113 | * blocks. |
114 | */ |
115 | if (IS_SWAPFILE(inode)) |
116 | return -ETXTBSY; |
117 | } |
118 | |
119 | return 0; |
120 | out_sig: |
121 | send_sig(SIGXFSZ, current, 0); |
122 | out_big: |
123 | return -EFBIG; |
124 | } |
125 | EXPORT_SYMBOL(inode_newsize_ok); |
126 | |
127 | /** |
128 | * setattr_copy - copy simple metadata updates into the generic inode |
129 | * @inode: the inode to be updated |
130 | * @attr: the new attributes |
131 | * |
132 | * setattr_copy must be called with i_mutex held. |
133 | * |
134 | * setattr_copy updates the inode's metadata with that specified |
135 | * in attr. Noticeably missing is inode size update, which is more complex |
136 | * as it requires pagecache updates. |
137 | * |
138 | * The inode is not marked as dirty after this operation. The rationale is |
139 | * that for "simple" filesystems, the struct inode is the inode storage. |
140 | * The caller is free to mark the inode dirty afterwards if needed. |
141 | */ |
142 | void setattr_copy(struct inode *inode, const struct iattr *attr) |
143 | { |
144 | unsigned int ia_valid = attr->ia_valid; |
145 | |
146 | if (ia_valid & ATTR_UID) |
147 | inode->i_uid = attr->ia_uid; |
148 | if (ia_valid & ATTR_GID) |
149 | inode->i_gid = attr->ia_gid; |
150 | if (ia_valid & ATTR_ATIME) |
151 | inode->i_atime = timespec_trunc(attr->ia_atime, |
152 | inode->i_sb->s_time_gran); |
153 | if (ia_valid & ATTR_MTIME) |
154 | inode->i_mtime = timespec_trunc(attr->ia_mtime, |
155 | inode->i_sb->s_time_gran); |
156 | if (ia_valid & ATTR_CTIME) |
157 | inode->i_ctime = timespec_trunc(attr->ia_ctime, |
158 | inode->i_sb->s_time_gran); |
159 | if (ia_valid & ATTR_MODE) { |
160 | umode_t mode = attr->ia_mode; |
161 | |
162 | if (!in_group_p(inode->i_gid) && |
163 | !inode_capable(inode, CAP_FSETID)) |
164 | mode &= ~S_ISGID; |
165 | inode->i_mode = mode; |
166 | } |
167 | } |
168 | EXPORT_SYMBOL(setattr_copy); |
169 | |
170 | int notify_change(struct dentry * dentry, struct iattr * attr) |
171 | { |
172 | struct inode *inode = dentry->d_inode; |
173 | umode_t mode = inode->i_mode; |
174 | int error; |
175 | struct timespec now; |
176 | unsigned int ia_valid = attr->ia_valid; |
177 | |
178 | WARN_ON_ONCE(!mutex_is_locked(&inode->i_mutex)); |
179 | |
180 | if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_TIMES_SET)) { |
181 | if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) |
182 | return -EPERM; |
183 | } |
184 | |
185 | if ((ia_valid & ATTR_SIZE) && IS_I_VERSION(inode)) { |
186 | if (attr->ia_size != inode->i_size) |
187 | inode_inc_iversion(inode); |
188 | } |
189 | |
190 | if ((ia_valid & ATTR_MODE)) { |
191 | umode_t amode = attr->ia_mode; |
192 | /* Flag setting protected by i_mutex */ |
193 | if (is_sxid(amode)) |
194 | inode->i_flags &= ~S_NOSEC; |
195 | } |
196 | |
197 | now = current_fs_time(inode->i_sb); |
198 | |
199 | attr->ia_ctime = now; |
200 | if (!(ia_valid & ATTR_ATIME_SET)) |
201 | attr->ia_atime = now; |
202 | if (!(ia_valid & ATTR_MTIME_SET)) |
203 | attr->ia_mtime = now; |
204 | if (ia_valid & ATTR_KILL_PRIV) { |
205 | attr->ia_valid &= ~ATTR_KILL_PRIV; |
206 | ia_valid &= ~ATTR_KILL_PRIV; |
207 | error = security_inode_need_killpriv(dentry); |
208 | if (error > 0) |
209 | error = security_inode_killpriv(dentry); |
210 | if (error) |
211 | return error; |
212 | } |
213 | |
214 | /* |
215 | * We now pass ATTR_KILL_S*ID to the lower level setattr function so |
216 | * that the function has the ability to reinterpret a mode change |
217 | * that's due to these bits. This adds an implicit restriction that |
218 | * no function will ever call notify_change with both ATTR_MODE and |
219 | * ATTR_KILL_S*ID set. |
220 | */ |
221 | if ((ia_valid & (ATTR_KILL_SUID|ATTR_KILL_SGID)) && |
222 | (ia_valid & ATTR_MODE)) |
223 | BUG(); |
224 | |
225 | if (ia_valid & ATTR_KILL_SUID) { |
226 | if (mode & S_ISUID) { |
227 | ia_valid = attr->ia_valid |= ATTR_MODE; |
228 | attr->ia_mode = (inode->i_mode & ~S_ISUID); |
229 | } |
230 | } |
231 | if (ia_valid & ATTR_KILL_SGID) { |
232 | if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) { |
233 | if (!(ia_valid & ATTR_MODE)) { |
234 | ia_valid = attr->ia_valid |= ATTR_MODE; |
235 | attr->ia_mode = inode->i_mode; |
236 | } |
237 | attr->ia_mode &= ~S_ISGID; |
238 | } |
239 | } |
240 | if (!(attr->ia_valid & ~(ATTR_KILL_SUID | ATTR_KILL_SGID))) |
241 | return 0; |
242 | |
243 | error = security_inode_setattr(dentry, attr); |
244 | if (error) |
245 | return error; |
246 | |
247 | if (inode->i_op->setattr) |
248 | error = inode->i_op->setattr(dentry, attr); |
249 | else |
250 | error = simple_setattr(dentry, attr); |
251 | |
252 | if (!error) { |
253 | fsnotify_change(dentry, ia_valid); |
254 | ima_inode_post_setattr(dentry); |
255 | evm_inode_post_setattr(dentry, ia_valid); |
256 | } |
257 | |
258 | return error; |
259 | } |
260 | EXPORT_SYMBOL(notify_change); |
261 |
Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master
Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9