ANDROID: vfs: Add permission2 for filesystems with per mount permissions

			return -EPERM;

		if (!inode_owner_or_capable(inode)) {

			error = inode_permission(inode, MAY_WRITE);

			error = inode_permission2(mnt, inode, MAY_WRITE);

			if (error)

				return error;

		}

void would_dump(struct linux_binprm *bprm, struct file *file)

{

	struct inode *inode = file_inode(file);

	if (inode_permission(inode, MAY_READ) < 0) {

	if (inode_permission2(file->f_path.mnt, inode, MAY_READ) < 0) {

		struct user_namespace *old, *user_ns;

		bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;

 * flag in inode->i_opflags, that says "this has not special

 * permission function, use the fast case".

 */

static inline int do_inode_permission(struct inode *inode, int mask)

static inline int do_inode_permission(struct vfsmount *mnt, struct inode *inode, int mask)

{

	if (unlikely(!(inode->i_opflags & IOP_FASTPERM))) {

		if (likely(mnt && inode->i_op->permission2))

			return inode->i_op->permission2(mnt, inode, mask);

		if (likely(inode->i_op->permission))

			return inode->i_op->permission(inode, mask);

}

/**

 * inode_permission - Check for access rights to a given inode

 * inode_permission2 - Check for access rights to a given inode

 * @mnt:

 * @inode: Inode to check permission on

 * @mask: Right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)

 *

 *

 * When checking for MAY_APPEND, MAY_WRITE must also be set in @mask.

 */

int inode_permission(struct inode *inode, int mask)

int inode_permission2(struct vfsmount *mnt, struct inode *inode, int mask)

{

	int retval;

			return -EACCES;

	}

	retval = do_inode_permission(inode, mask);

	retval = do_inode_permission(mnt, inode, mask);

	if (retval)

		return retval;

	if (retval)

		return retval;

	return security_inode_permission(inode, mask);

	retval = security_inode_permission(inode, mask);

	return retval;

}

EXPORT_SYMBOL(inode_permission2);

int inode_permission(struct inode *inode, int mask)

{

	return inode_permission2(NULL, inode, mask);

}

EXPORT_SYMBOL(inode_permission);

static inline int may_lookup(struct nameidata *nd)

{

	if (nd->flags & LOOKUP_RCU) {

		int err = inode_permission(nd->inode, MAY_EXEC|MAY_NOT_BLOCK);

		int err = inode_permission2(nd->path.mnt, nd->inode, MAY_EXEC|MAY_NOT_BLOCK);

		if (err != -ECHILD)

			return err;

		if (unlazy_walk(nd))

			return -ECHILD;

	}

	return inode_permission(nd->inode, MAY_EXEC);

	return inode_permission2(nd->path.mnt, nd->inode, MAY_EXEC);

}

static inline int handle_dots(struct nameidata *nd, int type)

}

EXPORT_SYMBOL(vfs_path_lookup);

static int lookup_one_len_common(const char *name, struct dentry *base,

				 int len, struct qstr *this)

static int lookup_one_len_common(const char *name, struct vfsmount *mnt,

				 struct dentry *base, int len, struct qstr *this)

{

	this->name = name;

	this->len = len;

			return err;

	}

	return inode_permission(base->d_inode, MAY_EXEC);

	return inode_permission2(mnt, base->d_inode, MAY_EXEC);

}

/**

	WARN_ON_ONCE(!inode_is_locked(base->d_inode));

	err = lookup_one_len_common(name, base, len, &this);

	err = lookup_one_len_common(name, NULL, base, len, &this);

	if (err)

		return ERR_PTR(err);

 *

 * The caller must hold base->i_mutex.

 */

struct dentry *lookup_one_len(const char *name, struct dentry *base, int len)

struct dentry *lookup_one_len2(const char *name, struct vfsmount *mnt, struct dentry *base, int len)

{

	struct dentry *dentry;

	struct qstr this;

	WARN_ON_ONCE(!inode_is_locked(base->d_inode));

	err = lookup_one_len_common(name, base, len, &this);

	err = lookup_one_len_common(name, mnt, base, len, &this);

	if (err)

		return ERR_PTR(err);

	dentry = lookup_dcache(&this, base, 0);

	return dentry ? dentry : __lookup_slow(&this, base, 0);

}

EXPORT_SYMBOL(lookup_one_len2);

struct dentry *lookup_one_len(const char *name, struct dentry *base, int len)

{

	return lookup_one_len2(name, NULL, base, len);

}

EXPORT_SYMBOL(lookup_one_len);

/**

	int err;

	struct dentry *ret;

	err = lookup_one_len_common(name, base, len, &this);

	err = lookup_one_len_common(name, NULL, base, len, &this);

	if (err)

		return ERR_PTR(err);

 * 11. We don't allow removal of NFS sillyrenamed files; it's handled by

 *     nfs_async_unlink().

 */

static int may_delete(struct inode *dir, struct dentry *victim, bool isdir)

static int may_delete(struct vfsmount *mnt, struct inode *dir, struct dentry *victim, bool isdir)

{

	struct inode *inode = d_backing_inode(victim);

	int error;

	audit_inode_child(dir, victim, AUDIT_TYPE_CHILD_DELETE);

	error = inode_permission(dir, MAY_WRITE | MAY_EXEC);

	error = inode_permission2(mnt, dir, MAY_WRITE | MAY_EXEC);

	if (error)

		return error;

	if (IS_APPEND(dir))

 *  4. We should have write and exec permissions on dir

 *  5. We can't do it if dir is immutable (done in permission())

 */

static inline int may_create(struct inode *dir, struct dentry *child)

static inline int may_create(struct vfsmount *mnt, struct inode *dir, struct dentry *child)

{

	struct user_namespace *s_user_ns;

	audit_inode_child(dir, child, AUDIT_TYPE_CHILD_CREATE);

	if (!kuid_has_mapping(s_user_ns, current_fsuid()) ||

	    !kgid_has_mapping(s_user_ns, current_fsgid()))

		return -EOVERFLOW;

	return inode_permission(dir, MAY_WRITE | MAY_EXEC);

	return inode_permission2(mnt, dir, MAY_WRITE | MAY_EXEC);

}

/*

}

EXPORT_SYMBOL(unlock_rename);

int vfs_create(struct inode *dir, struct dentry *dentry, umode_t mode,

		bool want_excl)

int vfs_create2(struct vfsmount *mnt, struct inode *dir, struct dentry *dentry,

		umode_t mode, bool want_excl)

{

	int error = may_create(dir, dentry);

	int error = may_create(mnt, dir, dentry);

	if (error)

		return error;

		fsnotify_create(dir, dentry);

	return error;

}

EXPORT_SYMBOL(vfs_create2);

int vfs_create(struct inode *dir, struct dentry *dentry, umode_t mode,

		bool want_excl)

{

	return vfs_create2(NULL, dir, dentry, mode, want_excl);

}

EXPORT_SYMBOL(vfs_create);

int vfs_mkobj(struct dentry *dentry, umode_t mode,

int vfs_mkobj2(struct vfsmount *mnt, struct dentry *dentry, umode_t mode,

		int (*f)(struct dentry *, umode_t, void *),

		void *arg)

{

	struct inode *dir = dentry->d_parent->d_inode;

	int error = may_create(dir, dentry);

	int error = may_create(mnt, dir, dentry);

	if (error)

		return error;

		fsnotify_create(dir, dentry);

	return error;

}

EXPORT_SYMBOL(vfs_mkobj2);

int vfs_mkobj(struct dentry *dentry, umode_t mode,

		int (*f)(struct dentry *, umode_t, void *),

		void *arg)

{

	return vfs_mkobj2(NULL, dentry, mode, f, arg);

}

EXPORT_SYMBOL(vfs_mkobj);

bool may_open_dev(const struct path *path)

static int may_open(const struct path *path, int acc_mode, int flag)

{

	struct dentry *dentry = path->dentry;

	struct vfsmount *mnt = path->mnt;

	struct inode *inode = dentry->d_inode;

	int error;

		break;

	}

	error = inode_permission(inode, MAY_OPEN | acc_mode);

	error = inode_permission2(mnt, inode, MAY_OPEN | acc_mode);

	if (error)

		return error;

	    !kgid_has_mapping(s_user_ns, current_fsgid()))

		return -EOVERFLOW;

	error = inode_permission(dir->dentry->d_inode, MAY_WRITE | MAY_EXEC);

	error = inode_permission2(dir->mnt, dir->dentry->d_inode, MAY_WRITE | MAY_EXEC);

	if (error)

		return error;

	int error;

	/* we want directory to be writable */

	error = inode_permission(dir, MAY_WRITE | MAY_EXEC);

	error = inode_permission2(ERR_PTR(-EOPNOTSUPP), dir,

					MAY_WRITE | MAY_EXEC);

	if (error)

		goto out_err;

	error = -EOPNOTSUPP;

}

EXPORT_SYMBOL(user_path_create);

int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)

int vfs_mknod2(struct vfsmount *mnt, struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)

{

	int error = may_create(dir, dentry);

	int error = may_create(mnt, dir, dentry);

	if (error)

		return error;

		fsnotify_create(dir, dentry);

	return error;

}

EXPORT_SYMBOL(vfs_mknod2);

int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)

{

	return vfs_mknod2(NULL, dir, dentry, mode, dev);

}

EXPORT_SYMBOL(vfs_mknod);

static int may_mknod(umode_t mode)

		goto out;

	switch (mode & S_IFMT) {

		case 0: case S_IFREG:

			error = vfs_create(path.dentry->d_inode,dentry,mode,true);

			error = vfs_create2(path.mnt, path.dentry->d_inode,dentry,mode,true);

			if (!error)

				ima_post_path_mknod(dentry);

			break;

		case S_IFCHR: case S_IFBLK:

			error = vfs_mknod(path.dentry->d_inode,dentry,mode,

			error = vfs_mknod2(path.mnt, path.dentry->d_inode,dentry,mode,

					new_decode_dev(dev));

			break;

		case S_IFIFO: case S_IFSOCK:

	return do_mknodat(AT_FDCWD, filename, mode, dev);

}

int vfs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)

int vfs_mkdir2(struct vfsmount *mnt, struct inode *dir, struct dentry *dentry, umode_t mode)

{

	int error = may_create(dir, dentry);

	int error = may_create(mnt, dir, dentry);

	unsigned max_links = dir->i_sb->s_max_links;

	if (error)

		fsnotify_mkdir(dir, dentry);

	return error;

}

EXPORT_SYMBOL(vfs_mkdir2);

int vfs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)

{

	return vfs_mkdir2(NULL, dir, dentry, mode);

}

EXPORT_SYMBOL(vfs_mkdir);

long do_mkdirat(int dfd, const char __user *pathname, umode_t mode)

		mode &= ~current_umask();

	error = security_path_mkdir(&path, dentry, mode);

	if (!error)

		error = vfs_mkdir(path.dentry->d_inode, dentry, mode);

		error = vfs_mkdir2(path.mnt, path.dentry->d_inode, dentry, mode);

	done_path_create(&path, dentry);

	if (retry_estale(error, lookup_flags)) {

		lookup_flags |= LOOKUP_REVAL;

	return do_mkdirat(AT_FDCWD, pathname, mode);

}

int vfs_rmdir(struct inode *dir, struct dentry *dentry)

int vfs_rmdir2(struct vfsmount *mnt, struct inode *dir, struct dentry *dentry)

{

	int error = may_delete(dir, dentry, 1);

	int error = may_delete(mnt, dir, dentry, 1);

	if (error)

		return error;

		d_delete(dentry);

	return error;

}

EXPORT_SYMBOL(vfs_rmdir2);

int vfs_rmdir(struct inode *dir, struct dentry *dentry)

{

	return vfs_rmdir2(NULL, dir, dentry);

}

EXPORT_SYMBOL(vfs_rmdir);

long do_rmdir(int dfd, const char __user *pathname)

	error = security_path_rmdir(&path, dentry);

	if (error)

		goto exit3;

	error = vfs_rmdir(path.dentry->d_inode, dentry);

	error = vfs_rmdir2(path.mnt, path.dentry->d_inode, dentry);

exit3:

	dput(dentry);

exit2:

 * be appropriate for callers that expect the underlying filesystem not

 * to be NFS exported.

 */

int vfs_unlink(struct inode *dir, struct dentry *dentry, struct inode **delegated_inode)

int vfs_unlink2(struct vfsmount *mnt, struct inode *dir, struct dentry *dentry, struct inode **delegated_inode)

{

	struct inode *target = dentry->d_inode;

	int error = may_delete(dir, dentry, 0);

	int error = may_delete(mnt, dir, dentry, 0);

	if (error)

		return error;

	return error;

}

EXPORT_SYMBOL(vfs_unlink2);

int vfs_unlink(struct inode *dir, struct dentry *dentry, struct inode **delegated_inode)

{

	return vfs_unlink2(NULL, dir, dentry, delegated_inode);

}

EXPORT_SYMBOL(vfs_unlink);

/*

		error = security_path_unlink(&path, dentry);

		if (error)

			goto exit2;

		error = vfs_unlink(path.dentry->d_inode, dentry, &delegated_inode);

		error = vfs_unlink2(path.mnt, path.dentry->d_inode, dentry, &delegated_inode);

exit2:

		dput(dentry);

	}

	return do_unlinkat(AT_FDCWD, getname(pathname));

}

int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname)

int vfs_symlink2(struct vfsmount *mnt, struct inode *dir, struct dentry *dentry, const char *oldname)

{

	int error = may_create(dir, dentry);

	int error = may_create(mnt, dir, dentry);

	if (error)

		return error;

		fsnotify_create(dir, dentry);

	return error;

}

EXPORT_SYMBOL(vfs_symlink2);

int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname)

{

	return vfs_symlink2(NULL, dir, dentry, oldname);

}

EXPORT_SYMBOL(vfs_symlink);

long do_symlinkat(const char __user *oldname, int newdfd,

	error = security_path_symlink(&path, dentry, from->name);

	if (!error)

		error = vfs_symlink(path.dentry->d_inode, dentry, from->name);

		error = vfs_symlink2(path.mnt, path.dentry->d_inode, dentry, from->name);

	done_path_create(&path, dentry);

	if (retry_estale(error, lookup_flags)) {

		lookup_flags |= LOOKUP_REVAL;

 * be appropriate for callers that expect the underlying filesystem not

 * to be NFS exported.

 */

int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry, struct inode **delegated_inode)

int vfs_link2(struct vfsmount *mnt, struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry, struct inode **delegated_inode)

{

	struct inode *inode = old_dentry->d_inode;

	unsigned max_links = dir->i_sb->s_max_links;

	if (!inode)

		return -ENOENT;

	error = may_create(dir, new_dentry);

	error = may_create(mnt, dir, new_dentry);

	if (error)

		return error;

		fsnotify_link(dir, inode, new_dentry);

	return error;

}

EXPORT_SYMBOL(vfs_link2);

int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry, struct inode **delegated_inode)

{

	return vfs_link2(NULL, old_dentry, dir, new_dentry, delegated_inode);

}

EXPORT_SYMBOL(vfs_link);

/*

	error = security_path_link(old_path.dentry, &new_path, new_dentry);

	if (error)

		goto out_dput;

	error = vfs_link(old_path.dentry, new_path.dentry->d_inode, new_dentry, &delegated_inode);

	error = vfs_link2(old_path.mnt, old_path.dentry, new_path.dentry->d_inode, new_dentry, &delegated_inode);

out_dput:

	done_path_create(&new_path, new_dentry);

	if (delegated_inode) {

 *	   ->i_mutex on parents, which works but leads to some truly excessive

 *	   locking].

 */

int vfs_rename(struct inode *old_dir, struct dentry *old_dentry,

int vfs_rename2(struct vfsmount *mnt,

	       struct inode *old_dir, struct dentry *old_dentry,

	       struct inode *new_dir, struct dentry *new_dentry,

	       struct inode **delegated_inode, unsigned int flags)

{

	if (source == target)

		return 0;

	error = may_delete(old_dir, old_dentry, is_dir);

	error = may_delete(mnt, old_dir, old_dentry, is_dir);

	if (error)

		return error;

	if (!target) {

		error = may_create(new_dir, new_dentry);

		error = may_create(mnt, new_dir, new_dentry);

	} else {

		new_is_dir = d_is_dir(new_dentry);

		if (!(flags & RENAME_EXCHANGE))

			error = may_delete(new_dir, new_dentry, is_dir);

			error = may_delete(mnt, new_dir, new_dentry, is_dir);

		else

			error = may_delete(new_dir, new_dentry, new_is_dir);

			error = may_delete(mnt, new_dir, new_dentry, new_is_dir);

	}

	if (error)

		return error;

	 */

	if (new_dir != old_dir) {

		if (is_dir) {

			error = inode_permission(source, MAY_WRITE);

			error = inode_permission2(mnt, source, MAY_WRITE);

			if (error)

				return error;