[PATCH v2 16/30] acl: add vfs_get_acl()

Tue Sep 27 22:55:25 UTC 2022

On Mon, Sep 26, 2022 at 11:24 AM Christian Brauner <brauner at kernel.org> wrote:
>
> In previous patches we implemented get and set inode operations for all
> non-stacking filesystems that support posix acls but didn't yet
> implement get and/or set acl inode operations. This specifically
> affected cifs and 9p.
>
> Now we can build a posix acl api based solely on get and set inode
> operations. We add a new vfs_get_acl() api that can be used to get posix
> acls. This finally removes all type unsafety and type conversion issues
> explained in detail in [1] that we aim to get rid of.
>
> After we finished building the vfs api we can switch stacking
> filesystems to rely on the new posix api and then finally switch the
> xattr system calls themselves to rely on the posix acl api.
>
> Link: https://lore.kernel.org/all/20220801145520.1532837-1-brauner@kernel.org [1]
> Signed-off-by: Christian Brauner (Microsoft) <brauner at kernel.org>
> ---
>
> Notes:
>     /* v2 */
>     unchanged
>
>  fs/posix_acl.c                  | 131 ++++++++++++++++++++++++++++++--
>  include/linux/posix_acl.h       |   9 +++
>  include/linux/posix_acl_xattr.h |  10 +++
>  3 files changed, 142 insertions(+), 8 deletions(-)

...

> diff --git a/fs/posix_acl.c b/fs/posix_acl.c
> index ef0908a4bc46..18873be583a9 100644
> --- a/fs/posix_acl.c
> +++ b/fs/posix_acl.c
> @@ -1369,3 +1439,48 @@ int vfs_set_acl(struct user_namespace *mnt_userns, struct dentry *dentry,
>         return error;
>  }
>  EXPORT_SYMBOL(vfs_set_acl);
> +
> +/**
> + * vfs_get_acl - get posix acls
> + * @mnt_userns: user namespace of the mount
> + * @dentry: the dentry based on which to retrieve the posix acls
> + * @acl_name: the name of the posix acl
> + *
> + * This function retrieves @kacl from the filesystem. The caller must all
> + * posix_acl_release() on @kacl.
> + *
> + * Return: On success POSIX ACLs in VFS format, on error negative errno.
> + */
> +struct posix_acl *vfs_get_acl(struct user_namespace *mnt_userns,
> +                             struct dentry *dentry, const char *acl_name)
> +{
> +       struct inode *inode = d_inode(dentry);
> +       struct posix_acl *acl;
> +       int acl_type, error;
> +
> +       acl_type = posix_acl_type(acl_name);
> +       if (acl_type < 0)
> +               return ERR_PTR(-EINVAL);
> +
> +       /*
> +        * The VFS has no restrictions on reading POSIX ACLs so calling
> +        * something like xattr_permission() isn't needed. Only LSMs get a say.
> +        */
> +       error = security_inode_getxattr(dentry, acl_name);
> +       if (error)
> +               return ERR_PTR(error);

I understand the desire to reuse the security_inode_getxattr() hook
here, it makes perfect sense, but given that this patchset introduces
an ACL specific setter hook I think it makes sense to have a matching
getter hook.  It's arguably a little silly given the current crop of
LSMs and their approach to ACLs, but if we are going to differentiate
on the write side I think we might as well be consistent and
differentiate on the read side as well.

> +       if (!IS_POSIXACL(inode))
> +               return ERR_PTR(-EOPNOTSUPP);
> +       if (S_ISLNK(inode->i_mode))
> +               return ERR_PTR(-EOPNOTSUPP);
> +
> +       acl = __get_acl(mnt_userns, dentry, inode, acl_type);
> +       if (IS_ERR(acl))
> +               return acl;
> +       if (!acl)
> +               return ERR_PTR(-ENODATA);
> +
> +       return acl;
> +}
> +EXPORT_SYMBOL(vfs_get_acl);

--
paul-moore.com