fsnotify: split fsnotify_perm() into two hooks

We would like to make changes to the fsnotify access permission hook - add file range arguments and add the pre modify event. In preparation for these changes, split the fsnotify_perm() hook into fsnotify_open_perm() and fsnotify_file_perm(). This is needed for fanotify "pre content" events. Reviewed-by: Josef Bacik <josef@toxicpanda.com> Reviewed-by: Jan Kara <jack@suse.cz> Signed-off-by: Amir Goldstein <amir73il@gmail.com> Link: https://lore.kernel.org/r/20231212094440.250945-4-amir73il@gmail.comSigned-off-by: Christian Brauner <brauner@kernel.org>

fsnotify: split fsnotify_perm() into two hooks
We would like to make changes to the fsnotify access permission hook - add file range arguments and add the pre modify event. In preparation for these changes, split the fsnotify_perm() hook into fsnotify_open_perm() and fsnotify_file_perm(). This is needed for fanotify "pre content" events. Reviewed-by: Josef Bacik <josef@toxicpanda.com> Reviewed-by: Jan Kara <jack@suse.cz> Signed-off-by: Amir Goldstein <amir73il@gmail.com> Link: https://lore.kernel.org/r/20231212094440.250945-4-amir73il@gmail.comSigned-off-by: Christian Brauner <brauner@kernel.org>
36e28c42 · Amir Goldstein · Christian Brauner · 705bcfcb · 36e28c42 · 36e28c42
Commit 36e28c42 authored Dec 12, 2023 by Amir Goldstein Committed by Christian Brauner Dec 12, 2023
Hide whitespace changes
Inline Side-by-side

Showing with 21 additions and 17 deletions

include/linux/fsnotify.h include/linux/fsnotify.h +19 -15

security/security.c security/security.c +2 -2

No files found.
--- a/include/linux/fsnotify.h
+++ b/include/linux/fsnotify.h
@@ -100,29 +100,33 @@ static inline int fsnotify_file(struct file *file, __u32 mask)
 	return fsnotify_parent(path->dentry, mask, path, FSNOTIFY_EVENT_PATH);
 }
-/* Simple call site for access decisions */
+/*
-static inline int fsnotify_perm(struct file *file, int mask)
+ * fsnotify_file_perm - permission hook before file access
+ */
+static inline int fsnotify_file_perm(struct file *file, int perm_mask)
 {
-	int ret;
+	__u32 fsnotify_mask = FS_ACCESS_PERM;
-	__u32 fsnotify_mask = 0;
-	if (!(mask & (MAY_READ | MAY_OPEN)))
+	if (!(perm_mask & MAY_READ))
 		return 0;
-	if (mask & MAY_OPEN) {
+	return fsnotify_file(file, fsnotify_mask);
-		fsnotify_mask = FS_OPEN_PERM;
+}
-		if (file->f_flags & __FMODE_EXEC) {
+/*
-			ret = fsnotify_file(file, FS_OPEN_EXEC_PERM);
+ * fsnotify_open_perm - permission hook before file open
+ */
+static inline int fsnotify_open_perm(struct file *file)
+{
+	int ret;
-			if (ret)
+	if (file->f_flags & __FMODE_EXEC) {
-				return ret;
+		ret = fsnotify_file(file, FS_OPEN_EXEC_PERM);
-		}
+		if (ret)
-	} else if (mask & MAY_READ) {
+			return ret;
-		fsnotify_mask = FS_ACCESS_PERM;
 	}
-	return fsnotify_file(file, fsnotify_mask);
+	return fsnotify_file(file, FS_OPEN_PERM);
 }
 /*

--- a/security/security.c
+++ b/security/security.c
@@ -2586,7 +2586,7 @@ int security_file_permission(struct file *file, int mask)
 	if (ret)
 		return ret;
-	return fsnotify_perm(file, mask);
+	return fsnotify_file_perm(file, mask);
 }
 /**
@@ -2837,7 +2837,7 @@ int security_file_open(struct file *file)
 	if (ret)
 		return ret;
-	return fsnotify_perm(file, MAY_OPEN);
+	return fsnotify_open_perm(file);
 }
 /**