Lines Matching full:access
42 #include "access.h"
206 /* Other commands are guarded by the access right. */ in is_masked_device_ioctl()
310 /* All access rights that can be tied to files. */
332 /* Files only get access rights that make sense. */ in landlock_append_fs_rule()
339 /* Transforms relative access rights to absolute ones. */ in landlock_append_fs_rule()
356 /* Access-control management */
386 * Allows access to pseudo filesystems that will never be mountable (e.g.
402 * Returns true iff the child file with the given src_child access rights under
403 * src_parent would result in having the same or fewer access rights if it were
411 for (size_t i = 0; i < ARRAY_SIZE(new_parent->access); i++) { in may_refer()
412 access_mask_t child_access = src_parent->access[i] & in may_refer()
413 src_child->access[i]; in may_refer()
414 access_mask_t parent_access = new_parent->access[i]; in may_refer()
432 * increasing its access rights. If child2 is set, an additional condition is
433 * that child2 may be used from parent2 to parent1 without increasing its access
460 .access[0] = LANDLOCK_ACCESS_FS_EXECUTE | in test_no_more_access()
464 .access[0] = LANDLOCK_ACCESS_FS_EXECUTE | in test_no_more_access()
468 .access[0] = LANDLOCK_ACCESS_FS_EXECUTE, in test_no_more_access()
471 .access[1] = LANDLOCK_ACCESS_FS_EXECUTE, in test_no_more_access()
474 .access[0] = LANDLOCK_ACCESS_FS_EXECUTE, in test_no_more_access()
475 .access[1] = LANDLOCK_ACCESS_FS_EXECUTE, in test_no_more_access()
485 * Checks that we can only refer a file if no more access could be in test_no_more_access()
502 /* Checks that file access rights are also enforced for a directory. */ in test_no_more_access()
505 /* Checks that directory access rights don't impact file referring... */ in test_no_more_access()
517 /* Checks file exchange with directory access rights... */ in test_no_more_access()
522 /* ...and with file access rights. */ in test_no_more_access()
531 * because domain 0 denies execute access, and domain 1 is always in test_no_more_access()
567 return !memchr_inv(&masks->access, 0, sizeof(masks->access)); in is_layer_masks_allowed()
583 for (size_t i = 0; i < ARRAY_SIZE(masks->access); i++) { in scope_to_request()
584 masks->access[i] &= access_request; in scope_to_request()
585 if (masks->access[i]) in scope_to_request()
601 KUNIT_EXPECT_EQ(test, 0, masks.access[0]); in test_scope_to_request_with_exec_none()
608 .access[0] = LANDLOCK_ACCESS_FS_EXECUTE, in test_scope_to_request_with_exec_some()
609 .access[1] = LANDLOCK_ACCESS_FS_WRITE_FILE, in test_scope_to_request_with_exec_some()
615 KUNIT_EXPECT_EQ(test, LANDLOCK_ACCESS_FS_EXECUTE, masks.access[0]); in test_scope_to_request_with_exec_some()
616 KUNIT_EXPECT_EQ(test, 0, masks.access[1]); in test_scope_to_request_with_exec_some()
623 .access[0] = LANDLOCK_ACCESS_FS_EXECUTE, in test_scope_to_request_without_access()
624 .access[1] = LANDLOCK_ACCESS_FS_WRITE_FILE, in test_scope_to_request_without_access()
627 /* Checks and scopes without access request. */ in test_scope_to_request_without_access()
629 KUNIT_EXPECT_EQ(test, 0, masks.access[0]); in test_scope_to_request_without_access()
630 KUNIT_EXPECT_EQ(test, 0, masks.access[1]); in test_scope_to_request_without_access()
636 * Returns true if there is at least one access right different than
645 for (size_t i = 0; i < ARRAY_SIZE(masks->access); i++) { in is_eacces()
647 if (masks->access[i] & access_request & in is_eacces()
672 .access[0] = LANDLOCK_ACCESS_FS_REFER, in test_is_eacces_with_refer()
684 .access[0] = LANDLOCK_ACCESS_FS_WRITE_FILE, in test_is_eacces_with_write()
710 * @layer_masks_parent1: Pointer to a matrix of layer masks per access
711 * masks, identifying the layers that forbid a specific access. Bits from
717 * @log_request_parent1: Audit request to fill if the related access is denied.
726 * @log_request_parent2: Audit request to fill if the related access is denied.
738 * - true if the access request is granted;
874 /* Stops when a rule from each layer grants access. */ in is_access_to_paths_allowed()
885 * Stops at the real root. Denies access in is_access_to_paths_allowed()
886 * because not all layers have granted access. in is_access_to_paths_allowed()
895 * Stops and allows access when reaching disconnected root in is_access_to_paths_allowed()
930 log_request_parent1->access = access_masked_parent1; in is_access_to_paths_allowed()
938 log_request_parent2->access = access_masked_parent2; in is_access_to_paths_allowed()
1026 * - true if all the domain access rights are allowed for @dir;
1085 * (and not only inodes) to tie access rights to files. Being able to link or
1091 * To avoid trivial access right bypasses, Landlock first checks if the file or
1092 * directory requested to be moved would gain new access rights inherited from
1098 * access rights would be greater than the source access rights, then the
1108 * The kernel walks through these paths and collects in a matrix the access
1116 * required to rely on potentially four matrices of access rights: one for the
1124 * - 0 if access is allowed;
1125 * - -EXDEV if @old_dentry would inherit new access rights from @new_dir;
1166 * The LANDLOCK_ACCESS_FS_REFER access right is not required in current_check_refer_path()
1211 * To be able to compare source and destination domain access rights, in current_check_refer_path()
1212 * take into account the @old_dentry access rights aggregated with its in current_check_refer_path()
1213 * parent access rights. This will be useful to compare with the in current_check_refer_path()
1214 * destination parent access rights. in current_check_refer_path()
1223 if (request1.access) { in current_check_refer_path()
1227 if (request2.access) { in current_check_refer_path()
1404 * topology (i.e. the mount namespace), changing it may grant access to files
1410 * access-control security policy.
1453 * may then grant access to files, which may have previously been forbidden.
1567 * get_required_file_open_access - Get access needed to open a file
1571 * Returns the access rights that are required for opening the given file,
1577 access_mask_t access = 0; in get_required_file_open_access() local
1583 access = LANDLOCK_ACCESS_FS_READ_FILE; in get_required_file_open_access()
1586 access |= LANDLOCK_ACCESS_FS_WRITE_FILE; in get_required_file_open_access()
1589 access |= LANDLOCK_ACCESS_FS_EXECUTE; in get_required_file_open_access()
1590 return access; in get_required_file_open_access()
1596 * Grants all access rights, even if most of them are not checked later in hook_file_alloc_security()
1634 * We look up more access than what we immediately need for open(), so in hook_file_open()
1652 * Calculate the actual allowed access rights from layer_masks. in hook_file_open()
1653 * Remove the access rights from the full access request which in hook_file_open()
1657 for (size_t i = 0; i < ARRAY_SIZE(layer_masks.access); i++) in hook_file_open()
1658 allowed_access &= ~layer_masks.access[i]; in hook_file_open()
1663 * access rights at the time of open() which decide whether the in hook_file_open()
1665 * file access rights in the opened struct file. in hook_file_open()
1676 /* Sets access to reflect the actual request. */ in hook_file_open()
1677 request.access = open_access_request; in hook_file_open()
1686 * opening the file, to get a consistent access check as for read, write in hook_file_truncate()
1689 * Note: For checks done based on the file's Landlock allowed access, we in hook_file_truncate()
1704 .access = LANDLOCK_ACCESS_FS_TRUNCATE, in hook_file_truncate()
1718 * It is the access rights at the time of opening the file which in hook_file_ioctl_common()
1721 * The access right is attached to the opened file in hook_file_open(). in hook_file_ioctl_common()
1743 .access = LANDLOCK_ACCESS_FS_IOCTL_DEV, in hook_file_ioctl_common()