summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTiger Yang <tiger.yang@oracle.com>2008-11-14 11:17:18 +0800
committerMark Fasheh <mfasheh@suse.com>2009-01-05 08:34:20 -0800
commit23fc2702bea686569281708ad519b41a11d0a2f4 (patch)
treea567f38647047836332d1cfc17d7ad0be05c55ef
parent929fb014e041c6572c5e8c3686f1e32742b5b953 (diff)
ocfs2: add ocfs2_check_acl
This function is used to enhance permission checking with POSIX ACLs. Signed-off-by: Tiger Yang <tiger.yang@oracle.com> Signed-off-by: Mark Fasheh <mfasheh@suse.com>
-rw-r--r--fs/ocfs2/acl.c15
-rw-r--r--fs/ocfs2/acl.h10
-rw-r--r--fs/ocfs2/file.c3
3 files changed, 27 insertions, 1 deletions
diff --git a/fs/ocfs2/acl.c b/fs/ocfs2/acl.c
index 62d0faad600b..a6a2bf6d6845 100644
--- a/fs/ocfs2/acl.c
+++ b/fs/ocfs2/acl.c
@@ -230,6 +230,21 @@ static int ocfs2_set_acl(handle_t *handle,
return ret;
}
+int ocfs2_check_acl(struct inode *inode, int mask)
+{
+ struct posix_acl *acl = ocfs2_get_acl(inode, ACL_TYPE_ACCESS);
+
+ if (IS_ERR(acl))
+ return PTR_ERR(acl);
+ if (acl) {
+ int ret = posix_acl_permission(inode, acl, mask);
+ posix_acl_release(acl);
+ return ret;
+ }
+
+ return -EAGAIN;
+}
+
static size_t ocfs2_xattr_list_acl_access(struct inode *inode,
char *list,
size_t list_len,
diff --git a/fs/ocfs2/acl.h b/fs/ocfs2/acl.h
index 1b39f3e14c1b..fef10f1b782b 100644
--- a/fs/ocfs2/acl.h
+++ b/fs/ocfs2/acl.h
@@ -26,4 +26,14 @@ struct ocfs2_acl_entry {
__le32 e_id;
};
+#ifdef CONFIG_OCFS2_FS_POSIX_ACL
+
+extern int ocfs2_check_acl(struct inode *, int);
+
+#else /* CONFIG_OCFS2_FS_POSIX_ACL*/
+
+#define ocfs2_check_acl NULL
+
+#endif /* CONFIG_OCFS2_FS_POSIX_ACL*/
+
#endif /* OCFS2_ACL_H */
diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c
index 360549161e20..7bad7d9b9a2c 100644
--- a/fs/ocfs2/file.c
+++ b/fs/ocfs2/file.c
@@ -56,6 +56,7 @@
#include "suballoc.h"
#include "super.h"
#include "xattr.h"
+#include "acl.h"
#include "buffer_head_io.h"
@@ -1035,7 +1036,7 @@ int ocfs2_permission(struct inode *inode, int mask)
goto out;
}
- ret = generic_permission(inode, mask, NULL);
+ ret = generic_permission(inode, mask, ocfs2_check_acl);
ocfs2_inode_unlock(inode, 0);
out: