Doug / smarc-fsl-linux-kernel

Download as
Browse Code ยป

Commit 4cf27141cbe0239f48ec6f0b37bad347d51d1785

Authored by Al Viro
1 parent 43e15cdbef
Exists in master and in 6 other branches imx_3.10.17_1.0.1_ga, imx_3.10.53_1.1.0_ga, imx_3.14.28_1.0.0_ga, smarc-imx_3.10.53_1.1.0_ga, smarc-imx_3.14.28_1.0.0_ga, smarc-l5.0.0_1.0.0-ga

make exec_permission(dir) really equivalent to inode_permission(dir, MAY_EXEC) 

capability overrides apply only to the default case; if fs has ->permission()
that does _not_ call generic_permission(), we have no business doing them.
Moreover, if it has ->permission() that does call generic_permission(), we
have no need to recheck capabilities.

Besides, the capability overrides should apply only if we got EACCES from
acl_permission_check(); any other value (-EIO, etc.) should be returned
to caller, capabilities or not capabilities.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

Showing 1 changed file with 9 additions and 9 deletions Side-by-side Diff

... ... @@ -584,19 +584,19 @@
584 584  
585 585 if (inode->i_op->permission) {
586 586 ret = inode->i_op->permission(inode, MAY_EXEC, flags);
  587 + if (likely(!ret))
  588 + goto ok;
587 589 } else {
588 590 ret = acl_permission_check(inode, MAY_EXEC, flags,
589 591 inode->i_op->check_acl);
  592 + if (likely(!ret))
  593 + goto ok;
  594 + if (ret != -EACCES)
  595 + return ret;
  596 + if (ns_capable(ns, CAP_DAC_OVERRIDE) ||
  597 + ns_capable(ns, CAP_DAC_READ_SEARCH))
  598 + goto ok;
590 599 }
591   - if (likely(!ret))
592   - goto ok;
593   - if (ret == -ECHILD)
594   - return ret;
595   -
596   - if (ns_capable(ns, CAP_DAC_OVERRIDE) ||
597   - ns_capable(ns, CAP_DAC_READ_SEARCH))
598   - goto ok;
599   -
600 600 return ret;
601 601 ok:
602 602 return security_inode_exec_permission(inode, flags);