From a7d930276ab54387d83097b341caed404aeb514f Mon Sep 17 00:00:00 2001 From: waterwin Date: Mon, 14 Feb 2022 21:25:35 +0800 Subject: [PATCH] hmdfs: Close lower file permission fixup ohos inclusion category: feature issue: #I4TNK7 CVE: NA ---------------------------------------------- hmdfs manage file permission, fixup it when permission is not what we do not want, close this. Signed-off-by: qianjiaxing --- fs/hmdfs/authority/authentication.c | 52 +---------------------------- fs/hmdfs/authority/authentication.h | 6 ++-- fs/hmdfs/inode_local.c | 7 ++-- 3 files changed, 5 insertions(+), 60 deletions(-) diff --git a/fs/hmdfs/authority/authentication.c b/fs/hmdfs/authority/authentication.c index d56ac1490bb3..4a18580cb646 100644 --- a/fs/hmdfs/authority/authentication.c +++ b/fs/hmdfs/authority/authentication.c @@ -314,30 +314,6 @@ static __u16 __inherit_perm_file(struct inode *parent) return perm; } -static void fixup_ownership_user_group(struct inode *child, struct dentry *lower_dentry, - uid_t uid, gid_t gid) -{ - int err; - struct iattr newattrs; - - newattrs.ia_valid = ATTR_UID | ATTR_GID | ATTR_FORCE; - newattrs.ia_uid = KUIDT_INIT(uid); - newattrs.ia_gid = KGIDT_INIT(gid); - if (!S_ISDIR(d_inode(lower_dentry)->i_mode)) - newattrs.ia_valid |= ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_KILL_PRIV; - - inode_lock(d_inode(lower_dentry)); - err = notify_change(lower_dentry, &newattrs, NULL); - inode_unlock(d_inode(lower_dentry)); - - if (!err) { - child->i_uid = KUIDT_INIT(uid); - child->i_gid = KGIDT_INIT(gid); - } else { - hmdfs_err("update PKG uid failed, err = %d", err); - } -} - __u16 hmdfs_perm_inherit(struct inode *parent_inode, struct inode *child) { __u16 perm; @@ -349,38 +325,12 @@ __u16 hmdfs_perm_inherit(struct inode *parent_inode, struct inode *child) return perm; } -void check_and_fixup_ownership(struct inode *parent_inode, struct inode *child, - struct dentry *lower_dentry, const char *name) +void check_and_fixup_ownership(struct inode *parent_inode, struct inode *child) { - int bid; struct hmdfs_inode_info *info = hmdfs_i(child); if (info->perm == HMDFS_ALL_MASK) info->perm = hmdfs_perm_inherit(parent_inode, child); - - switch (info->perm & HMDFS_DIR_TYPE_MASK) { - case HMDFS_DIR_PKG: - bid = get_bundle_uid(hmdfs_sb(parent_inode->i_sb), name); - if (bid != child->i_uid.val || bid != child->i_gid.val) - fixup_ownership_user_group(child, lower_dentry, bid, - bid); - - break; - case HMDFS_DIR_DATA: - case HMDFS_FILE_PKG_SUB: - case HMDFS_DIR_PKG_SUB: - case HMDFS_DIR_DEFAULT: - case HMDFS_FILE_DEFAULT: - case HMDFS_DIR_PUBLIC: - if (parent_inode->i_uid.val != child->i_uid.val || - parent_inode->i_gid.val != child->i_gid.val) - fixup_ownership_user_group(child, lower_dentry, - parent_inode->i_uid.val, - parent_inode->i_gid.val); - break; - default: - break; - } } void check_and_fixup_ownership_remote(struct inode *dir, diff --git a/fs/hmdfs/authority/authentication.h b/fs/hmdfs/authority/authentication.h index af6eec9a4897..402a063429e5 100644 --- a/fs/hmdfs/authority/authentication.h +++ b/fs/hmdfs/authority/authentication.h @@ -238,8 +238,7 @@ void hmdfs_revert_fsids(const struct cred *old_cred); int hmdfs_persist_perm(struct dentry *dentry, __u16 *perm); __u16 hmdfs_read_perm(struct inode *inode); void hmdfs_root_inode_perm_init(struct inode *root_inode); -void check_and_fixup_ownership(struct inode *parent_inode, struct inode *child, - struct dentry *lower_dentry, const char *name); +void check_and_fixup_ownership(struct inode *parent_inode, struct inode *child); int hmdfs_override_dir_id_fs(struct cache_fs_override *or, struct inode *dir, struct dentry *dentry, @@ -283,8 +282,7 @@ void hmdfs_revert_dir_id_fs(struct cache_fs_override *or) } static inline -void check_and_fixup_ownership(struct inode *parent_inode, struct inode *child, - struct dentry *lower_dentry, const char *name) +void check_and_fixup_ownership(struct inode *parent_inode, struct inode *child) { } diff --git a/fs/hmdfs/inode_local.c b/fs/hmdfs/inode_local.c index cfbe67fe98db..84904f50d27d 100644 --- a/fs/hmdfs/inode_local.c +++ b/fs/hmdfs/inode_local.c @@ -285,9 +285,7 @@ struct dentry *hmdfs_lookup_local(struct inode *parent_inode, goto out_err; } - check_and_fixup_ownership(parent_inode, child_inode, - lower_path.dentry, - child_dentry->d_name.name); + check_and_fixup_ownership(parent_inode, child_inode); goto out_err; } /* @@ -1031,8 +1029,7 @@ struct dentry *hmdfs_lookup_share(struct inode *parent_inode, goto err_out; } - check_and_fixup_ownership(parent_inode, child_inode, - src_path.dentry, d_name->name); + check_and_fixup_ownership(parent_inode, child_inode); err_out: if (!err) -- Gitee