2 * Copyright (c) 1999-2006 Robert N. M. Watson
5 * This software was developed by Robert Watson for the TrustedBSD Project.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * Developed by the TrustedBSD Project.
31 * ACL system calls and other functions common across different ACL types.
32 * Type-specific routines go into subr_acl_<type>.c.
35 #include <sys/cdefs.h>
36 __FBSDID("$FreeBSD$");
40 #include <sys/param.h>
41 #include <sys/systm.h>
42 #include <sys/sysproto.h>
43 #include <sys/kernel.h>
45 #include <sys/malloc.h>
46 #include <sys/mount.h>
47 #include <sys/vnode.h>
49 #include <sys/mutex.h>
50 #include <sys/namei.h>
52 #include <sys/filedesc.h>
54 #include <sys/sysent.h>
60 static int vacl_set_acl(struct thread *td, struct vnode *vp,
61 acl_type_t type, struct acl *aclp);
62 static int vacl_get_acl(struct thread *td, struct vnode *vp,
63 acl_type_t type, struct acl *aclp);
64 static int vacl_aclcheck(struct thread *td, struct vnode *vp,
65 acl_type_t type, struct acl *aclp);
68 * These calls wrap the real vnode operations, and are called by the
69 * syscall code once the syscall has converted the path or file
70 * descriptor to a vnode (unlocked). The aclp pointer is assumed
71 * still to point to userland, so this should not be consumed within
72 * the kernel except by syscall code. Other code should directly
73 * invoke VOP_{SET,GET}ACL.
77 * Given a vnode, set its ACL.
80 vacl_set_acl(struct thread *td, struct vnode *vp, acl_type_t type,
87 error = copyin(aclp, &inkernacl, sizeof(struct acl));
90 error = vn_start_write(vp, &mp, V_WAIT | PCATCH);
93 VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
94 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
96 error = mac_check_vnode_setacl(td->td_ucred, vp, type, &inkernacl);
100 error = VOP_SETACL(vp, type, &inkernacl, td->td_ucred, td);
104 VOP_UNLOCK(vp, 0, td);
105 vn_finished_write(mp);
110 * Given a vnode, get its ACL.
113 vacl_get_acl(struct thread *td, struct vnode *vp, acl_type_t type,
116 struct acl inkernelacl;
119 VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
120 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
122 error = mac_check_vnode_getacl(td->td_ucred, vp, type);
126 error = VOP_GETACL(vp, type, &inkernelacl, td->td_ucred, td);
130 VOP_UNLOCK(vp, 0, td);
132 error = copyout(&inkernelacl, aclp, sizeof(struct acl));
137 * Given a vnode, delete its ACL.
140 vacl_delete(struct thread *td, struct vnode *vp, acl_type_t type)
145 error = vn_start_write(vp, &mp, V_WAIT | PCATCH);
148 VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
149 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
151 error = mac_check_vnode_deleteacl(td->td_ucred, vp, type);
155 error = VOP_SETACL(vp, type, 0, td->td_ucred, td);
159 VOP_UNLOCK(vp, 0, td);
160 vn_finished_write(mp);
165 * Given a vnode, check whether an ACL is appropriate for it
168 vacl_aclcheck(struct thread *td, struct vnode *vp, acl_type_t type,
171 struct acl inkernelacl;
174 error = copyin(aclp, &inkernelacl, sizeof(struct acl));
177 error = VOP_ACLCHECK(vp, type, &inkernelacl, td->td_ucred, td);
182 * syscalls -- convert the path/fd to a vnode, and call vacl_whatever.
183 * Don't need to lock, as the vacl_ code will get/release any locks
188 * Given a file path, get an ACL for it
193 __acl_get_file(struct thread *td, struct __acl_get_file_args *uap)
196 int vfslocked, error;
198 NDINIT(&nd, LOOKUP, MPSAFE|FOLLOW, UIO_USERSPACE, uap->path, td);
200 vfslocked = NDHASGIANT(&nd);
202 error = vacl_get_acl(td, nd.ni_vp, uap->type, uap->aclp);
205 VFS_UNLOCK_GIANT(vfslocked);
210 * Given a file path, get an ACL for it; don't follow links.
215 __acl_get_link(struct thread *td, struct __acl_get_link_args *uap)
218 int vfslocked, error;
220 NDINIT(&nd, LOOKUP, MPSAFE|NOFOLLOW, UIO_USERSPACE, uap->path, td);
222 vfslocked = NDHASGIANT(&nd);
224 error = vacl_get_acl(td, nd.ni_vp, uap->type, uap->aclp);
227 VFS_UNLOCK_GIANT(vfslocked);
232 * Given a file path, set an ACL for it
237 __acl_set_file(struct thread *td, struct __acl_set_file_args *uap)
240 int vfslocked, error;
242 NDINIT(&nd, LOOKUP, MPSAFE|FOLLOW, UIO_USERSPACE, uap->path, td);
244 vfslocked = NDHASGIANT(&nd);
246 error = vacl_set_acl(td, nd.ni_vp, uap->type, uap->aclp);
249 VFS_UNLOCK_GIANT(vfslocked);
254 * Given a file path, set an ACL for it; don't follow links.
259 __acl_set_link(struct thread *td, struct __acl_set_link_args *uap)
262 int vfslocked, error;
264 NDINIT(&nd, LOOKUP, MPSAFE|NOFOLLOW, UIO_USERSPACE, uap->path, td);
266 vfslocked = NDHASGIANT(&nd);
268 error = vacl_set_acl(td, nd.ni_vp, uap->type, uap->aclp);
271 VFS_UNLOCK_GIANT(vfslocked);
276 * Given a file descriptor, get an ACL for it
281 __acl_get_fd(struct thread *td, struct __acl_get_fd_args *uap)
284 int vfslocked, error;
286 error = getvnode(td->td_proc->p_fd, uap->filedes, &fp);
288 vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
289 error = vacl_get_acl(td, fp->f_vnode, uap->type, uap->aclp);
291 VFS_UNLOCK_GIANT(vfslocked);
297 * Given a file descriptor, set an ACL for it
302 __acl_set_fd(struct thread *td, struct __acl_set_fd_args *uap)
305 int vfslocked, error;
307 error = getvnode(td->td_proc->p_fd, uap->filedes, &fp);
309 vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
310 error = vacl_set_acl(td, fp->f_vnode, uap->type, uap->aclp);
312 VFS_UNLOCK_GIANT(vfslocked);
318 * Given a file path, delete an ACL from it.
323 __acl_delete_file(struct thread *td, struct __acl_delete_file_args *uap)
326 int vfslocked, error;
328 NDINIT(&nd, LOOKUP, MPSAFE|FOLLOW, UIO_USERSPACE, uap->path, td);
330 vfslocked = NDHASGIANT(&nd);
332 error = vacl_delete(td, nd.ni_vp, uap->type);
335 VFS_UNLOCK_GIANT(vfslocked);
340 * Given a file path, delete an ACL from it; don't follow links.
345 __acl_delete_link(struct thread *td, struct __acl_delete_link_args *uap)
348 int vfslocked, error;
350 NDINIT(&nd, LOOKUP, MPSAFE|NOFOLLOW, UIO_USERSPACE, uap->path, td);
352 vfslocked = NDHASGIANT(&nd);
354 error = vacl_delete(td, nd.ni_vp, uap->type);
357 VFS_UNLOCK_GIANT(vfslocked);
362 * Given a file path, delete an ACL from it.
367 __acl_delete_fd(struct thread *td, struct __acl_delete_fd_args *uap)
370 int vfslocked, error;
372 error = getvnode(td->td_proc->p_fd, uap->filedes, &fp);
374 vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
375 error = vacl_delete(td, fp->f_vnode, uap->type);
377 VFS_UNLOCK_GIANT(vfslocked);
383 * Given a file path, check an ACL for it
388 __acl_aclcheck_file(struct thread *td, struct __acl_aclcheck_file_args *uap)
391 int vfslocked, error;
393 NDINIT(&nd, LOOKUP, MPSAFE|FOLLOW, UIO_USERSPACE, uap->path, td);
395 vfslocked = NDHASGIANT(&nd);
397 error = vacl_aclcheck(td, nd.ni_vp, uap->type, uap->aclp);
400 VFS_UNLOCK_GIANT(vfslocked);
405 * Given a file path, check an ACL for it; don't follow links.
410 __acl_aclcheck_link(struct thread *td, struct __acl_aclcheck_link_args *uap)
413 int vfslocked, error;
415 NDINIT(&nd, LOOKUP, MPSAFE|NOFOLLOW, UIO_USERSPACE, uap->path, td);
417 vfslocked = NDHASGIANT(&nd);
419 error = vacl_aclcheck(td, nd.ni_vp, uap->type, uap->aclp);
422 VFS_UNLOCK_GIANT(vfslocked);
427 * Given a file descriptor, check an ACL for it
432 __acl_aclcheck_fd(struct thread *td, struct __acl_aclcheck_fd_args *uap)
435 int vfslocked, error;
437 error = getvnode(td->td_proc->p_fd, uap->filedes, &fp);
439 vfslocked = VFS_LOCK_GIANT(fp->f_vnode->v_mount);
440 error = vacl_aclcheck(td, fp->f_vnode, uap->type, uap->aclp);
442 VFS_UNLOCK_GIANT(vfslocked);
450 aclinit(void *dummy __unused)
453 acl_zone = uma_zcreate("ACL UMA zone", sizeof(struct acl),
454 NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
456 SYSINIT(acls, SI_SUB_ACL, SI_ORDER_FIRST, aclinit, NULL)