Lines Matching full:file
107 * By default, any IOCTL on a device file requires the
130 * close-on-exec and the file's buffered-IO and async flags. These
139 * FIOQSIZE queries the size of a regular file, directory, or link.
142 * other file types.
146 * FIFREEZE and FITHAW freeze and thaw the file system which the
147 * given file belongs to. Requires CAP_SYS_ADMIN.
149 * These commands operate on the file system's superblock rather
150 * than on the file itself. The same operations can also be
151 * done through any other file or directory on the same file
158 * blocks within a file.
165 * FIGETBSZ queries the file system's block size for a file or
168 * This command operates on the file system's superblock rather
169 * than on the file itself. The same operation can also be done
170 * through any other file or directory on the same file system,
177 * destination FDs, on file systems which support that.
187 * the file system superblock, not on the specific file, so
188 * these operations are available through any other file on the
189 * same file system as well.
388 * /proc/<pid>/fd/<file-descriptor>
402 * Check that a destination file hierarchy has more restrictions than a source
403 * file hierarchy. This is only used for link and rename actions.
487 * Checks that we can only refer a file if no more access could be
504 /* Checks that file access rights are also enforced for a directory. */
507 /* Checks that directory access rights don't impact file referring... */
519 /* Checks file exchange with directory access rights... */
524 /* ...and with file access rights. */
551 /* Checks the same case of exclusive domains with a file... */
717 * @path: File hierarchy to walk through.
1011 * collect_domain_accesses - Walk through a file path and collect accesses
1021 * file. While walking from @dir to @mnt_root, we record all the domain's
1080 * @old_dentry: File or directory requested to be moved or linked.
1082 * @new_dentry: Destination file or directory.
1086 * Because of its unprivileged constraints, Landlock relies on file hierarchies
1088 * rename a file hierarchy brings some challenges. Indeed, moving or linking a
1089 * file (i.e. creating a new reference to an inode) can have an impact on the
1093 * To avoid trivial access right bypasses, Landlock first checks if the file or
1099 * requested source file type. If it should be allowed but the new inherited
1104 * because file creation is allowed on the destination directory but not direct
1107 * To achieve this goal, the kernel needs to compare two file hierarchies: the
1108 * one identifying the source file or directory (including itself), and the
1119 * source file or directory (i.e. the child), a potentially other one for the
1128 * - -EACCES if file removal or creation is denied.
1454 * Removing a mount point may reveal a previously hidden file hierarchy, which
1566 /* File hooks */
1569 * get_required_file_open_access - Get access needed to open a file
1571 * @file: File being opened.
1573 * Returns the access rights that are required for opening the given file,
1574 * depending on the file type and open mode.
1577 get_required_file_open_access(const struct file *const file)
1581 if (file->f_mode & FMODE_READ) {
1583 if (S_ISDIR(file_inode(file)->i_mode))
1587 if (file->f_mode & FMODE_WRITE)
1590 if (file->f_flags & __FMODE_EXEC)
1595 static int hook_file_alloc_security(struct file *const file)
1601 * Notably, file descriptors for regular files can also be acquired
1605 landlock_file(file)->allowed_access = LANDLOCK_MASK_ACCESS_FS;
1609 static bool is_device(const struct file *const file)
1611 const struct inode *inode = file_inode(file);
1616 static int hook_file_open(struct file *const file)
1622 landlock_get_applicable_subject(file->f_cred, any_fs, NULL);
1629 * Because a file may be opened with O_PATH, get_required_file_open_access()
1633 open_access_request = get_required_file_open_access(file);
1640 if (is_device(file))
1646 subject->domain, &file->f_path,
1673 * file access rights in the opened struct file.
1675 landlock_file(file)->allowed_access = allowed_access;
1677 landlock_file(file)->deny_masks = landlock_get_deny_masks(
1691 static int hook_file_truncate(struct file *const file)
1695 * opening the file, to get a consistent access check as for read, write
1698 * Note: For checks done based on the file's Landlock allowed access, we
1703 if (landlock_file(file)->allowed_access & LANDLOCK_ACCESS_FS_TRUNCATE)
1706 landlock_log_denial(landlock_cred(file->f_cred), &(struct landlock_request) {
1710 .u.file = file,
1715 .deny_masks = landlock_file(file)->deny_masks,
1721 static int hook_file_ioctl_common(const struct file *const file,
1724 access_mask_t allowed_access = landlock_file(file)->allowed_access;
1727 * It is the access rights at the time of opening the file which
1728 * determine whether IOCTL can be used on the opened file later.
1730 * The access right is attached to the opened file in hook_file_open().
1735 if (!is_device(file))
1742 landlock_log_denial(landlock_cred(file->f_cred), &(struct landlock_request) {
1747 .path = file->f_path,
1754 .deny_masks = landlock_file(file)->deny_masks,
1760 static int hook_file_ioctl(struct file *file, unsigned int cmd,
1763 return hook_file_ioctl_common(file, cmd, false);
1766 static int hook_file_ioctl_compat(struct file *file, unsigned int cmd,
1769 return hook_file_ioctl_common(file, cmd, true);
1798 static void hook_file_set_fowner(struct file *file)
1804 if (control_current_fowner(file_f_owner(file))) {
1817 prev_dom = landlock_file(file)->fown_subject.domain;
1818 landlock_file(file)->fown_subject = fown_subject;
1820 landlock_file(file)->fown_layer = fown_layer;
1827 static void hook_file_free_security(struct file *file)
1829 landlock_put_ruleset_deferred(landlock_file(file)->fown_subject.domain);