issuhub.com

Linux Kernel Architecture

(Jacob Rumans) #1

Chapter 8: The Virtual Filesystem


retval = generic_permission(inode, submask, NULL);

if (retval)

return retval;

return security_inode_permission(inode, mask, nd);

}

If any of these denies the permission to access the object in the desired way, the error code is immediately
returned. If they grant permission, that is, if their result is zero, it is still necessary to call the appropriate
security hook viasecurity_inode_permission, which delivers the final verdict.


Note that most filesystems rely ongeneric_permission, but can pass a special handler function to per-
form ACL-based permission checks. Thus,generic_permissionnot only requires the inode in question
and the permission request as parameters, but also a callback functioncheck_aclfor ACL checks. First
of all, the kernel needs to find out if it should use the inode rights for user, group, or other.


❑ If the filesystem UID of the current process is the same as the UID of the inode, then the permis-

sion set of the owner needs to be used.

❑ If the GID of the inode is contained in the list of groups to which the current process belongs,

then the group permissions need to be used.

❑ If both conditions fail, the permissions for ‘‘other’’ need to be used.

This is implemented as follows:


fs/namei.c

int generic_permission(struct inode *inode, int mask,

int (*check_acl)(struct inode *inode, int mask))

{

umode_t mode = inode->i_mode;

if (current->fsuid == inode->i_uid)

mode >>= 6;

else {

if (IS_POSIXACL(inode) && (mode & S_IRWXG) && check_acl) {

int error = check_acl(inode, mask);

if (error == -EACCES)

goto check_capabilities;

else if (error != -EAGAIN)

return error;

}

if (in_group_p(inode->i_gid))

mode >>= 3;

}

...

Checking for the fsuid is simple. If the fsuid agrees with the UID of the file, then the mode value needs
to be shifted by six positions such that the bits for ‘‘owner’’ are now the least significant ones.


Checking the fsgid is slightly more involved because all groups to which the process belongs need to
be considered, so this is delegated to the (not discussed) helper functionin_group_p. Should this be

Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2024. All rights reserved.