[Fwd: [PATCH 1/3] reiser4-remove-rwx-perm-plugin.patch]
From: Hans Reiser
Date: Fri Nov 11 2005 - 14:20:20 EST
--- Begin Message ---
From: Hans Reiser <reiser@xxxxxxxxxxx>
Security plugin duplicating LSM is removed.
Signed-off-by: Vladimir V. Saveliev <vs@xxxxxxxxxxx>
fs/reiser4/init_super.c | 2 -
fs/reiser4/plugin/dir_plugin_common.c | 4 --
fs/reiser4/plugin/inode_ops.c | 40 +++++-----------------
fs/reiser4/plugin/security/perm.c | 61 ++++------------------------------
fs/reiser4/plugin/security/perm.h | 13 -------
5 files changed, 20 insertions(+), 100 deletions(-)
diff -puN fs/reiser4/init_super.c~reiser4-remove-rwx-perm-plugin fs/reiser4/init_super.c
--- linux-2.6.14-rc5-mm1/fs/reiser4/init_super.c~reiser4-remove-rwx-perm-plugin 2005-11-11 17:55:57.775962799 +0300
+++ linux-2.6.14-rc5-mm1-vs/fs/reiser4/init_super.c 2005-11-11 17:55:57.907991038 +0300
@@ -626,7 +626,7 @@ static struct {
},
[PSET_PERM] = {
.type = REISER4_PERM_PLUGIN_TYPE,
- .id = RWX_PERM_ID
+ .id = NULL_PERM_ID
},
[PSET_FORMATTING] = {
.type = REISER4_FORMATTING_PLUGIN_TYPE,
diff -puN fs/reiser4/plugin/dir_plugin_common.c~reiser4-remove-rwx-perm-plugin fs/reiser4/plugin/dir_plugin_common.c
--- linux-2.6.14-rc5-mm1/fs/reiser4/plugin/dir_plugin_common.c~reiser4-remove-rwx-perm-plugin 2005-11-11 17:55:57.807969645 +0300
+++ linux-2.6.14-rc5-mm1-vs/fs/reiser4/plugin/dir_plugin_common.c 2005-11-11 17:55:57.931996172 +0300
@@ -488,10 +488,6 @@ int lookup_name(struct inode *parent, /*
assert("vs-1486",
dentry->d_op == &get_super_private(parent->i_sb)->ops.dentry);
- result = perm_chk(parent, lookup, parent, dentry);
- if (result != 0)
- return 0;
-
name = dentry->d_name.name;
len = dentry->d_name.len;
diff -puN fs/reiser4/plugin/inode_ops.c~reiser4-remove-rwx-perm-plugin fs/reiser4/plugin/inode_ops.c
--- linux-2.6.14-rc5-mm1/fs/reiser4/plugin/inode_ops.c~reiser4-remove-rwx-perm-plugin 2005-11-11 17:55:57.819972212 +0300
+++ linux-2.6.14-rc5-mm1-vs/fs/reiser4/plugin/inode_ops.c 2005-11-11 17:55:57.911991894 +0300
@@ -150,14 +150,6 @@ int link_common(struct dentry *existing,
return RETERR(-EISDIR);
}
- /* check permissions */
- result = perm_chk(parent, link, existing, parent, newname);
- if (result != 0) {
- context_set_commit_async(ctx);
- reiser4_exit_context(ctx);
- return result;
- }
-
parent_dplug = inode_dir_plugin(parent);
memset(&entry, 0, sizeof entry);
@@ -438,20 +430,18 @@ void *follow_link_common(struct dentry *
return NULL;
}
-/* this is common implementation of vfs's permission method of struct
- inode_operations
-*/
-int permission_common(struct inode *inode /* object */ ,
- int mask, /* mode bits to check permissions for */
+/**
+ * permission_common - permission of inode operations
+ * @inode: inode to check permissions for
+ * @mask: mode bits to check permissions for
+ * @nameidata:
+ *
+ * Uses generic function to check for rwx permissions.
+ */
+int permission_common(struct inode *inode, int mask,
struct nameidata *nameidata)
{
- /* reiser4_context creation/destruction removed from here,
- because permission checks currently don't require this.
-
- Permission plugin have to create context itself if necessary. */
- assert("nikita-1687", inode != NULL);
-
- return perm_chk(inode, mask, inode, mask);
+ return generic_permission(inode, mask, NULL);
}
static int setattr_reserve(reiser4_tree *);
@@ -597,11 +587,6 @@ static int do_create_vfs_child(reiser4_o
assert("nikita-1418", parent != NULL);
assert("nikita-1419", dentry != NULL);
- /* check permissions */
- result = perm_chk(parent, create, parent, dentry, data);
- if (result != 0)
- return result;
-
/* check, that name is acceptable for parent */
par_dir = inode_dir_plugin(parent);
if (par_dir->is_name_acceptable &&
@@ -901,11 +886,6 @@ static int unlink_check_and_grab(struct
/* object being deleted should have stat data */
assert("vs-949", !inode_get_flag(child, REISER4_NO_SD));
- /* check permissions */
- result = perm_chk(parent, unlink, parent, victim);
- if (result != 0)
- return result;
-
/* ask object plugin */
if (fplug->can_rem_link != NULL && !fplug->can_rem_link(child))
return RETERR(-ENOTEMPTY);
diff -puN fs/reiser4/plugin/security/perm.c~reiser4-remove-rwx-perm-plugin fs/reiser4/plugin/security/perm.c
--- linux-2.6.14-rc5-mm1/fs/reiser4/plugin/security/perm.c~reiser4-remove-rwx-perm-plugin 2005-11-11 17:55:57.839976491 +0300
+++ linux-2.6.14-rc5-mm1-vs/fs/reiser4/plugin/security/perm.c 2005-11-11 17:55:57.887986759 +0300
@@ -9,70 +9,25 @@
#include "../plugin_header.h"
#include "../../debug.h"
-#include <linux/fs.h>
-#include <linux/dcache.h> /* for struct dentry */
-#include <linux/quotaops.h>
-#include <asm/uaccess.h>
-
-static int mask_ok_common(struct inode *inode, int mask)
-{
- return generic_permission(inode, mask, NULL);
-}
-
-static int setattr_ok_common(struct dentry *dentry, struct iattr *attr)
-{
- int result;
- struct inode *inode;
-
- assert("nikita-2272", dentry != NULL);
- assert("nikita-2273", attr != NULL);
-
- inode = dentry->d_inode;
- assert("nikita-2274", inode != NULL);
-
- result = inode_change_ok(inode, attr);
- if (result == 0) {
- unsigned int valid;
-
- valid = attr->ia_valid;
- if ((valid & ATTR_UID && attr->ia_uid != inode->i_uid) ||
- (valid & ATTR_GID && attr->ia_gid != inode->i_gid))
- result = DQUOT_TRANSFER(inode, attr) ? -EDQUOT : 0;
- }
- return result;
-}
-
-static int
-read_ok_common(struct file *file, const char __user *buf, size_t size, loff_t * off)
-{
- return access_ok(VERIFY_WRITE, buf, size) ? 0 : -EFAULT;
-}
-
-static int
-write_ok_common(struct file *file, const char __user *buf, size_t size, loff_t * off)
-{
- return access_ok(VERIFY_READ, buf, size) ? 0 : -EFAULT;
-}
-
perm_plugin perm_plugins[LAST_PERM_ID] = {
- [RWX_PERM_ID] = {
+ [NULL_PERM_ID] = {
.h = {
.type_id = REISER4_PERM_PLUGIN_TYPE,
- .id = RWX_PERM_ID,
+ .id = NULL_PERM_ID,
.pops = NULL,
- .label = "rwx",
- .desc = "standard UNIX permissions",
+ .label = "null",
+ .desc = "stub permission plugin",
.linkage = {NULL, NULL}
},
- .read_ok = read_ok_common,
- .write_ok = write_ok_common,
+ .read_ok = NULL,
+ .write_ok = NULL,
.lookup_ok = NULL,
.create_ok = NULL,
.link_ok = NULL,
.unlink_ok = NULL,
.delete_ok = NULL,
- .mask_ok = mask_ok_common,
- .setattr_ok = setattr_ok_common,
+ .mask_ok = NULL,
+ .setattr_ok = NULL,
.getattr_ok = NULL,
.rename_ok = NULL,
}
diff -puN fs/reiser4/plugin/security/perm.h~reiser4-remove-rwx-perm-plugin fs/reiser4/plugin/security/perm.h
--- linux-2.6.14-rc5-mm1/fs/reiser4/plugin/security/perm.h~reiser4-remove-rwx-perm-plugin 2005-11-11 17:55:57.843977346 +0300
+++ linux-2.6.14-rc5-mm1-vs/fs/reiser4/plugin/security/perm.h 2005-11-11 17:55:57.907991038 +0300
@@ -65,19 +65,8 @@ typedef struct perm_plugin {
int (*rename_ok) (struct inode * old_dir, struct dentry * old,
struct inode * new_dir, struct dentry * new);
} perm_plugin;
-/* NIKITA-FIXME-HANS: I really hate things like this that kill the ability of Meta-. to work. Please eliminate this macro, exce */
-/* call ->check_ok method of perm plugin for inode */
-#define perm_chk(inode, check, ...) \
-({ \
- perm_plugin *perm; \
- \
- perm = inode_perm_plugin(inode); \
- (perm == NULL || perm->check ## _ok == NULL) ? \
- 0 : \
- perm->check ## _ok(__VA_ARGS__); \
-})
-typedef enum { RWX_PERM_ID, LAST_PERM_ID } reiser4_perm_id;
+typedef enum { NULL_PERM_ID, LAST_PERM_ID } reiser4_perm_id;
/* __REISER4_PERM_H__ */
#endif
_
--- End Message ---