Make 'check_acl()' a first-class filesystem op

EXPORT_SYMBOL(putname);

#endif

/**

 * generic_permission  -  check for access rights on a Posix-like filesystem

 * @inode:	inode to check access rights for

 * @mask:	right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)

 * @check_acl:	optional callback to check for Posix ACLs

 *

 * Used to check for read/write/execute permissions on a file.

 * We use "fsuid" for this, letting us set arbitrary permissions

 * for filesystem access without changing the "normal" uids which

 * are used for other things..

/*

 * This does basic POSIX ACL permission checking

 */

int generic_permission(struct inode *inode, int mask,

static int acl_permission_check(struct inode *inode, int mask,

		int (*check_acl)(struct inode *inode, int mask))

{

	umode_t			mode = inode->i_mode;

	else {

		if (IS_POSIXACL(inode) && (mode & S_IRWXG) && check_acl) {

			int error = check_acl(inode, mask);

			if (error == -EACCES)

				goto check_capabilities;

			else if (error != -EAGAIN)

			if (error != -EAGAIN)

				return error;

		}

	 */

	if ((mask & ~mode) == 0)

		return 0;

	return -EACCES;

}

/**

 * generic_permission  -  check for access rights on a Posix-like filesystem

 * @inode:	inode to check access rights for

 * @mask:	right to check for (%MAY_READ, %MAY_WRITE, %MAY_EXEC)

 * @check_acl:	optional callback to check for Posix ACLs

 *

 * Used to check for read/write/execute permissions on a file.

 * We use "fsuid" for this, letting us set arbitrary permissions

 * for filesystem access without changing the "normal" uids which

 * are used for other things..

 */

int generic_permission(struct inode *inode, int mask,

		int (*check_acl)(struct inode *inode, int mask))

{

	int ret;

	/*

	 * Do the basic POSIX ACL permission checks.

	 */

	ret = acl_permission_check(inode, mask, check_acl);

	if (ret != -EACCES)

		return ret;

 check_capabilities:

	/*

	 * Read/write DACs are always overridable.

	 * Executable DACs are overridable if at least one exec bit is set.

	if (inode->i_op->permission)

		retval = inode->i_op->permission(inode, mask);

	else

		retval = generic_permission(inode, mask, NULL);

		retval = generic_permission(inode, mask, inode->i_op->check_acl);

	if (retval)

		return retval;

 */

static int exec_permission_lite(struct inode *inode)

{

	umode_t	mode = inode->i_mode;

	int ret;

	if (inode->i_op->permission) {

		int ret = inode->i_op->permission(inode, MAY_EXEC);

		ret = inode->i_op->permission(inode, MAY_EXEC);

		if (!ret)

			goto ok;

		return ret;

	}

	if (current_fsuid() == inode->i_uid)

		mode >>= 6;

	else if (in_group_p(inode->i_gid))

		mode >>= 3;

	if (mode & MAY_EXEC)

	ret = acl_permission_check(inode, MAY_EXEC, inode->i_op->check_acl);

	if (!ret)

		goto ok;

	if (capable(CAP_DAC_OVERRIDE) || capable(CAP_DAC_READ_SEARCH))

		goto ok;

	return -EACCES;

	return ret;

ok:

	return security_inode_permission(inode, MAY_EXEC);

}

	void (*put_link) (struct dentry *, struct nameidata *, void *);

	void (*truncate) (struct inode *);

	int (*permission) (struct inode *, int);

	int (*check_acl)(struct inode *, int);

	int (*setattr) (struct dentry *, struct iattr *);

	int (*getattr) (struct vfsmount *mnt, struct dentry *, struct kstat *);

	int (*setxattr) (struct dentry *, const char *,const void *,size_t,int);