diff options
author | Tiger Yang <tiger.yang@oracle.com> | 2008-11-14 11:17:18 +0800 |
---|---|---|
committer | Mark Fasheh <mfasheh@suse.com> | 2009-01-05 08:34:20 -0800 |
commit | 23fc2702bea686569281708ad519b41a11d0a2f4 (patch) | |
tree | a567f38647047836332d1cfc17d7ad0be05c55ef | |
parent | 929fb014e041c6572c5e8c3686f1e32742b5b953 (diff) |
ocfs2: add ocfs2_check_acl
This function is used to enhance permission checking with POSIX ACLs.
Signed-off-by: Tiger Yang <tiger.yang@oracle.com>
Signed-off-by: Mark Fasheh <mfasheh@suse.com>
-rw-r--r-- | fs/ocfs2/acl.c | 15 | ||||
-rw-r--r-- | fs/ocfs2/acl.h | 10 | ||||
-rw-r--r-- | fs/ocfs2/file.c | 3 |
3 files changed, 27 insertions, 1 deletions
diff --git a/fs/ocfs2/acl.c b/fs/ocfs2/acl.c index 62d0faad600b..a6a2bf6d6845 100644 --- a/fs/ocfs2/acl.c +++ b/fs/ocfs2/acl.c @@ -230,6 +230,21 @@ static int ocfs2_set_acl(handle_t *handle, return ret; } +int ocfs2_check_acl(struct inode *inode, int mask) +{ + struct posix_acl *acl = ocfs2_get_acl(inode, ACL_TYPE_ACCESS); + + if (IS_ERR(acl)) + return PTR_ERR(acl); + if (acl) { + int ret = posix_acl_permission(inode, acl, mask); + posix_acl_release(acl); + return ret; + } + + return -EAGAIN; +} + static size_t ocfs2_xattr_list_acl_access(struct inode *inode, char *list, size_t list_len, diff --git a/fs/ocfs2/acl.h b/fs/ocfs2/acl.h index 1b39f3e14c1b..fef10f1b782b 100644 --- a/fs/ocfs2/acl.h +++ b/fs/ocfs2/acl.h @@ -26,4 +26,14 @@ struct ocfs2_acl_entry { __le32 e_id; }; +#ifdef CONFIG_OCFS2_FS_POSIX_ACL + +extern int ocfs2_check_acl(struct inode *, int); + +#else /* CONFIG_OCFS2_FS_POSIX_ACL*/ + +#define ocfs2_check_acl NULL + +#endif /* CONFIG_OCFS2_FS_POSIX_ACL*/ + #endif /* OCFS2_ACL_H */ diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c index 360549161e20..7bad7d9b9a2c 100644 --- a/fs/ocfs2/file.c +++ b/fs/ocfs2/file.c @@ -56,6 +56,7 @@ #include "suballoc.h" #include "super.h" #include "xattr.h" +#include "acl.h" #include "buffer_head_io.h" @@ -1035,7 +1036,7 @@ int ocfs2_permission(struct inode *inode, int mask) goto out; } - ret = generic_permission(inode, mask, NULL); + ret = generic_permission(inode, mask, ocfs2_check_acl); ocfs2_inode_unlock(inode, 0); out: |