Chapter 11: Extended Attributes and Access Control Lists
error = ext3_set_acl(handle, inode,
ACL_TYPE_ACCESS, clone);
}
}
posix_acl_release(clone);
}
cleanup:
posix_acl_release(acl);
return error;
}First, a working copy of the in-memory representation of the ACL is created withposix_acl_clone.
Afterward,posix_acl_create_masqis called to remove all permissions given by the mode specification
of the inode creation process that arenotgranted by the default ACL. This can result in two scenarios:- The access mode can remain unchanged or some elements of it must be removed in order to
comply with the ACL’s requirements. In this case, thei_modefield of the new inode is set to
themodeascomputedbyposix_acl_create_masq. - In addition to the necessity of trimming the mode, the default ACL can contain elements
that cannot be represented in the regular user/group/other scheme. In this case, an ACL
with extended information that provides the extra information is created for the new inode.
Retrieving ACLs
Givenaninstanceofstruct inode,ext3_get_aclcan be used to retrieve an in-memory representation
of the ACL. Note that another parameter (type) specifies if the default or the access inode is supposed to
be retrieved. The cases are distinguished withACL_TYPE_ACCESSandACL_TYPE_DEFAULT.Thecodeflow
diagram for the function is shown in Figure 11-10.ACL cached?Return pointer to in-memory representationUpdate ACL cache in ext3_inode_infoext3_get_aclext3_iget_aclext3_xattr_getext3_acl_from_diskFigure 11-10: Code flow diagram forext3_get_acl.At first, the kernel uses the helper functionext3_iget_aclto check if the in-memory representation of
the ACL is already cached inext3_inode_info->i_acl(or, respectively,i_default_aclif the default
ACL is requested). Should this be the case, the function creates a copy of the representation that can be
returned as the result ofext3_get_acl.