genfs_vnops.c source code [src/src/sys/miscfs/genfs/genfs_vnops.c]

1	/ $NetBSD: genfs_vnops.c,v 1.192 2014/03/24 13:42:40 hannken Exp $ /
2
3	/-*
4	* Copyright (c) 2008 The NetBSD Foundation, Inc.
5	* All rights reserved.
6	*
7	* Redistribution and use in source and binary forms, with or without
8	* modification, are permitted provided that the following conditions
9	* are met:
10	* 1. Redistributions of source code must retain the above copyright
11	* notice, this list of conditions and the following disclaimer.
12	* 2. Redistributions in binary form must reproduce the above copyright
13	* notice, this list of conditions and the following disclaimer in the
14	* documentation and/or other materials provided with the distribution.
15	*
16	* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
17	* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
18	* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
19	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
20	* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
21	* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
22	* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23	* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
24	* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
25	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26	* POSSIBILITY OF SUCH DAMAGE.
27	*/
28
29	/*
30	* Copyright (c) 1982, 1986, 1989, 1993
31	* The Regents of the University of California. All rights reserved.
32	*
33	* Redistribution and use in source and binary forms, with or without
34	* modification, are permitted provided that the following conditions
35	* are met:
36	* 1. Redistributions of source code must retain the above copyright
37	* notice, this list of conditions and the following disclaimer.
38	* 2. Redistributions in binary form must reproduce the above copyright
39	* notice, this list of conditions and the following disclaimer in the
40	* documentation and/or other materials provided with the distribution.
41	* 3. Neither the name of the University nor the names of its contributors
42	* may be used to endorse or promote products derived from this software
43	* without specific prior written permission.
44	*
45	* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
46	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
47	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
48	* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
49	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
50	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
51	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
53	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
54	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
55	* SUCH DAMAGE.
56	*
57	*/
58
59	#include <sys/cdefs.h>
60	__KERNEL_RCSID(`0`, "$NetBSD: genfs_vnops.c,v 1.192 2014/03/24 13:42:40 hannken Exp $");
61
62	#include <sys/param.h>
63	#include <sys/systm.h>
64	#include <sys/proc.h>
65	#include <sys/kernel.h>
66	#include <sys/mount.h>
67	#include <sys/fstrans.h>
68	#include <sys/namei.h>
69	#include <sys/vnode.h>
70	#include <sys/fcntl.h>
71	#include <sys/kmem.h>
72	#include <sys/poll.h>
73	#include <sys/mman.h>
74	#include <sys/file.h>
75	#include <sys/kauth.h>
76	#include <sys/stat.h>
77
78	#include <miscfs/genfs/genfs.h>
79	#include <miscfs/genfs/genfs_node.h>
80	#include <miscfs/specfs/specdev.h>
81
82	#include <uvm/uvm.h>
83	#include <uvm/uvm_pager.h>
84
85	static void filt_genfsdetach(struct knote *);
86	static int filt_genfsread(struct knote , long*);
87	static int filt_genfsvnode(struct knote , long*);
88
89	int
90	genfs_poll(void *v)
91	{
92	struct vop_poll_args / {*
93	struct vnode a_vp;*
94	int a_events;
95	struct lwp a_l;*
96	} /* *ap = v;
97
98	return (ap->a_events & (POLLIN \| POLLOUT \| POLLRDNORM \| POLLWRNORM));
99	}
100
101	int
102	genfs_seek(void *v)
103	{
104	struct vop_seek_args / {*
105	struct vnode a_vp;*
106	off_t a_oldoff;
107	off_t a_newoff;
108	kauth_cred_t cred;
109	} /* *ap = v;
110
111	if (ap->a_newoff < `0`)
112	return (EINVAL);
113
114	return (`0`);
115	}
116
117	int
118	genfs_abortop(void *v)
119	{
120	struct vop_abortop_args / {*
121	struct vnode a_dvp;*
122	struct componentname a_cnp;*
123	} /* *ap = v;
124
125	(void)ap;
126
127	return (`0`);
128	}
129
130	int
131	genfs_fcntl(void *v)
132	{
133	struct vop_fcntl_args / {*
134	struct vnode a_vp;*
135	u_int a_command;
136	void a_data;*
137	int a_fflag;
138	kauth_cred_t a_cred;
139	struct lwp a_l;*
140	} /* *ap = v;
141
142	if (ap->a_command == F_SETFL)
143	return (`0`);
144	else
145	return (EOPNOTSUPP);
146	}
147
148	/ARGSUSED/
149	int
150	genfs_badop(void *v)
151	{
152
153	panic("genfs: bad op");
154	}
155
156	/ARGSUSED/
157	int
158	genfs_nullop(void *v)
159	{
160
161	return (`0`);
162	}
163
164	/ARGSUSED/
165	int
166	genfs_einval(void *v)
167	{
168
169	return (EINVAL);
170	}
171
172	/*
173	* Called when an fs doesn't support a particular vop.
174	* This takes care to vrele, vput, or vunlock passed in vnodes
175	* and calls VOP_ABORTOP for a componentname (in non-rename VOP).
176	*/
177	int
178	genfs_eopnotsupp(void *v)
179	{
180	struct vop_generic_args /*
181	struct vnodeop_desc a_desc;*
182	/ other random data follows, presumably * /*
183	} /* *ap = v;
184	struct vnodeop_desc *desc = ap->a_desc;
185	struct vnode vp, vp_last = NULL;
186	int flags, i, j, offset_cnp, offset_vp;
187
188	KASSERT(desc->vdesc_offset != VOP_LOOKUP_DESCOFFSET);
189	KASSERT(desc->vdesc_offset != VOP_ABORTOP_DESCOFFSET);
190
191	/*
192	* Abort any componentname that lookup potentially left state in.
193	*
194	* As is logical, componentnames for VOP_RENAME are handled by
195	* the caller of VOP_RENAME. Yay, rename!
196	*/
197	if (desc->vdesc_offset != VOP_RENAME_DESCOFFSET &&
198	(offset_vp = desc->vdesc_vp_offsets[`0`]) != VDESC_NO_OFFSET &&
199	(offset_cnp = desc->vdesc_componentname_offset) != VDESC_NO_OFFSET){
200	struct componentname *cnp;
201	struct vnode *dvp;
202
203	dvp = VOPARG_OFFSETTO(struct* vnode **, offset_vp, ap);
204	cnp = VOPARG_OFFSETTO(struct* componentname **, offset_cnp, ap);
205
206	VOP_ABORTOP(dvp, cnp);
207	}
208
209	flags = desc->vdesc_flags;
210	for (i = `0`; i < VDESC_MAX_VPS; flags >>=`1`, i++) {
211	if ((offset_vp = desc->vdesc_vp_offsets[i]) == VDESC_NO_OFFSET)
212	break; / stop at end of list /
213	if ((j = flags & VDESC_VP0_WILLPUT)) {
214	vp = VOPARG_OFFSETTO(struct* vnode **, offset_vp, ap);
215
216	/ Skip if NULL /
217	if (!vp)
218	continue;
219
220	switch (j) {
221	case VDESC_VP0_WILLPUT:
222	/ Check for dvp == vp cases /
223	if (vp == vp_last)
224	vrele(vp);
225	else {
226	vput(vp);
227	vp_last = vp;
228	}
229	break;
230	case VDESC_VP0_WILLUNLOCK:
231	VOP_UNLOCK(vp);
232	break;
233	case VDESC_VP0_WILLRELE:
234	vrele(vp);
235	break;
236	}
237	}
238	}
239
240	return (EOPNOTSUPP);
241	}
242
243	/ARGSUSED/
244	int
245	genfs_ebadf(void *v)
246	{
247
248	return (EBADF);
249	}
250
251	/ ARGSUSED /
252	int
253	genfs_enoioctl(void *v)
254	{
255
256	return (EPASSTHROUGH);
257	}
258
259
260	/*
261	* Eliminate all activity associated with the requested vnode
262	* and with all vnodes aliased to the requested vnode.
263	*/
264	int
265	genfs_revoke(void *v)
266	{
267	struct vop_revoke_args / {*
268	struct vnode a_vp;*
269	int a_flags;
270	} /* *ap = v;
271
272	#ifdef DIAGNOSTIC
273	if ((ap->a_flags & REVOKEALL) == `0`)
274	panic("genfs_revoke: not revokeall");
275	#endif
276	vrevoke(ap->a_vp);
277	return (`0`);
278	}
279
280	/*
281	* Lock the node (for deadfs).
282	*/
283	int
284	genfs_deadlock(void *v)
285	{
286	struct vop_lock_args / {*
287	struct vnode a_vp;*
288	int a_flags;
289	} /* *ap = v;
290	struct vnode *vp = ap->a_vp;
291	int flags = ap->a_flags;
292	krw_t op;
293	int error;
294
295	op = (ISSET(flags, LK_EXCLUSIVE) ? RW_WRITER : RW_READER);
296	if (ISSET(flags, LK_NOWAIT)) {
297	if (! rw_tryenter(&vp->v_lock, op))
298	return EBUSY;
299	if (mutex_tryenter(vp->v_interlock)) {
300	error = vdead_check(vp, VDEAD_NOWAIT);
301	if (error == ENOENT && ISSET(flags, LK_RETRY))
302	error = `0`;
303	mutex_exit(vp->v_interlock);
304	} else
305	error = EBUSY;
306	if (error)
307	rw_exit(&vp->v_lock);
308	return error;
309	}
310
311	rw_enter(&vp->v_lock, op);
312	mutex_enter(vp->v_interlock);
313	error = vdead_check(vp, VDEAD_NOWAIT);
314	if (error == EBUSY) {
315	rw_exit(&vp->v_lock);
316	error = vdead_check(vp, `0`);
317	KASSERT(error == ENOENT);
318	mutex_exit(vp->v_interlock);
319	rw_enter(&vp->v_lock, op);
320	mutex_enter(vp->v_interlock);
321	}
322	KASSERT(error == ENOENT);
323	mutex_exit(vp->v_interlock);
324	if (! ISSET(flags, LK_RETRY)) {
325	rw_exit(&vp->v_lock);
326	return ENOENT;
327	}
328	return `0`;
329	}
330
331	/*
332	* Unlock the node (for deadfs).
333	*/
334	int
335	genfs_deadunlock(void *v)
336	{
337	struct vop_unlock_args / {*
338	struct vnode a_vp;*
339	} /* *ap = v;
340	struct vnode *vp = ap->a_vp;
341
342	rw_exit(&vp->v_lock);
343
344	return `0`;
345	}
346
347	/*
348	* Lock the node.
349	*/
350	int
351	genfs_lock(void *v)
352	{
353	struct vop_lock_args / {*
354	struct vnode a_vp;*
355	int a_flags;
356	} /* *ap = v;
357	struct vnode *vp = ap->a_vp;
358	struct mount *mp = vp->v_mount;
359	int flags = ap->a_flags;
360	krw_t op;
361	int error;
362
363	op = (ISSET(flags, LK_EXCLUSIVE) ? RW_WRITER : RW_READER);
364	if (ISSET(flags, LK_NOWAIT)) {
365	if (fstrans_start_nowait(mp, FSTRANS_SHARED))
366	return EBUSY;
367	if (! rw_tryenter(&vp->v_lock, op)) {
368	fstrans_done(mp);
369	return EBUSY;
370	}
371	if (mutex_tryenter(vp->v_interlock)) {
372	error = vdead_check(vp, VDEAD_NOWAIT);
373	mutex_exit(vp->v_interlock);
374	} else
375	error = EBUSY;
376	if (error) {
377	rw_exit(&vp->v_lock);
378	fstrans_done(mp);
379	}
380	return error;
381	}
382
383	fstrans_start(mp, FSTRANS_SHARED);
384	rw_enter(&vp->v_lock, op);
385	mutex_enter(vp->v_interlock);
386	error = vdead_check(vp, VDEAD_NOWAIT);
387	if (error) {
388	rw_exit(&vp->v_lock);
389	fstrans_done(mp);
390	error = vdead_check(vp, `0`);
391	KASSERT(error == ENOENT);
392	}
393	mutex_exit(vp->v_interlock);
394	return error;
395	}
396
397	/*
398	* Unlock the node.
399	*/
400	int
401	genfs_unlock(void *v)
402	{
403	struct vop_unlock_args / {*
404	struct vnode a_vp;*
405	} /* *ap = v;
406	struct vnode *vp = ap->a_vp;
407	struct mount *mp = vp->v_mount;
408
409	rw_exit(&vp->v_lock);
410	fstrans_done(mp);
411
412	return `0`;
413	}
414
415	/*
416	* Return whether or not the node is locked.
417	*/
418	int
419	genfs_islocked(void *v)
420	{
421	struct vop_islocked_args / {*
422	struct vnode a_vp;*
423	} /* *ap = v;
424	struct vnode *vp = ap->a_vp;
425
426	if (rw_write_held(&vp->v_lock))
427	return LK_EXCLUSIVE;
428
429	if (rw_read_held(&vp->v_lock))
430	return LK_SHARED;
431
432	return `0`;
433	}
434
435	/*
436	* Stubs to use when there is no locking to be done on the underlying object.
437	*/
438	int
439	genfs_nolock(void *v)
440	{
441
442	return (`0`);
443	}
444
445	int
446	genfs_nounlock(void *v)
447	{
448
449	return (`0`);
450	}
451
452	int
453	genfs_noislocked(void *v)
454	{
455
456	return (`0`);
457	}
458
459	int
460	genfs_mmap(void *v)
461	{
462
463	return (`0`);
464	}
465
466	/*
467	* VOP_PUTPAGES() for vnodes which never have pages.
468	*/
469
470	int
471	genfs_null_putpages(void *v)
472	{
473	struct vop_putpages_args / {*
474	struct vnode a_vp;*
475	voff_t a_offlo;
476	voff_t a_offhi;
477	int a_flags;
478	} /* *ap = v;
479	struct vnode *vp = ap->a_vp;
480
481	KASSERT(vp->v_uobj.uo_npages == `0`);
482	mutex_exit(vp->v_interlock);
483	return (`0`);
484	}
485
486	void
487	genfs_node_init(struct vnode vp, const* struct genfs_ops *ops)
488	{
489	struct genfs_node *gp = VTOG(vp);
490
491	rw_init(&gp->g_glock);
492	gp->g_op = ops;
493	}
494
495	void
496	genfs_node_destroy(struct vnode *vp)
497	{
498	struct genfs_node *gp = VTOG(vp);
499
500	rw_destroy(&gp->g_glock);
501	}
502
503	void
504	genfs_size(struct vnode vp, off_t size, off_t eobp, int flags)
505	{
506	int bsize;
507
508	bsize = `1` << vp->v_mount->mnt_fs_bshift;
509	*eobp = (size + bsize - `1`) & ~(bsize - `1`);
510	}
511
512	static void
513	filt_genfsdetach(struct knote *kn)
514	{
515	struct vnode vp = (struct* vnode *)kn->kn_hook;
516
517	mutex_enter(vp->v_interlock);
518	SLIST_REMOVE(&vp->v_klist, kn, knote, kn_selnext);
519	mutex_exit(vp->v_interlock);
520	}
521
522	static int
523	filt_genfsread(struct knote kn, long* hint)
524	{
525	struct vnode vp = (struct* vnode *)kn->kn_hook;
526	int rv;
527
528	/*
529	* filesystem is gone, so set the EOF flag and schedule
530	* the knote for deletion.
531	*/
532	switch (hint) {
533	case NOTE_REVOKE:
534	KASSERT(mutex_owned(vp->v_interlock));
535	kn->kn_flags \|= (EV_EOF \| EV_ONESHOT);
536	return (`1`);
537	case `0`:
538	mutex_enter(vp->v_interlock);
539	kn->kn_data = vp->v_size - ((file_t *)kn->kn_obj)->f_offset;
540	rv = (kn->kn_data != `0`);
541	mutex_exit(vp->v_interlock);
542	return rv;
543	default:
544	KASSERT(mutex_owned(vp->v_interlock));
545	kn->kn_data = vp->v_size - ((file_t *)kn->kn_obj)->f_offset;
546	return (kn->kn_data != `0`);
547	}
548	}
549
550	static int
551	filt_genfsvnode(struct knote kn, long* hint)
552	{
553	struct vnode vp = (struct* vnode *)kn->kn_hook;
554	int fflags;
555
556	switch (hint) {
557	case NOTE_REVOKE:
558	KASSERT(mutex_owned(vp->v_interlock));
559	kn->kn_flags \|= EV_EOF;
560	if ((kn->kn_sfflags & hint) != `0`)
561	kn->kn_fflags \|= hint;
562	return (`1`);
563	case `0`:
564	mutex_enter(vp->v_interlock);
565	fflags = kn->kn_fflags;
566	mutex_exit(vp->v_interlock);
567	break;
568	default:
569	KASSERT(mutex_owned(vp->v_interlock));
570	if ((kn->kn_sfflags & hint) != `0`)
571	kn->kn_fflags \|= hint;
572	fflags = kn->kn_fflags;
573	break;
574	}
575
576	return (fflags != `0`);
577	}
578
579	static const struct filterops genfsread_filtops =
580	{ `1`, NULL, filt_genfsdetach, filt_genfsread };
581	static const struct filterops genfsvnode_filtops =
582	{ `1`, NULL, filt_genfsdetach, filt_genfsvnode };
583
584	int
585	genfs_kqfilter(void *v)
586	{
587	struct vop_kqfilter_args / {*
588	struct vnode a_vp;*
589	struct knote a_kn;*
590	} /* *ap = v;
591	struct vnode *vp;
592	struct knote *kn;
593
594	vp = ap->a_vp;
595	kn = ap->a_kn;
596	switch (kn->kn_filter) {
597	case EVFILT_READ:
598	kn->kn_fop = &genfsread_filtops;
599	break;
600	case EVFILT_VNODE:
601	kn->kn_fop = &genfsvnode_filtops;
602	break;
603	default:
604	return (EINVAL);
605	}
606
607	kn->kn_hook = vp;
608
609	mutex_enter(vp->v_interlock);
610	SLIST_INSERT_HEAD(&vp->v_klist, kn, kn_selnext);
611	mutex_exit(vp->v_interlock);
612
613	return (`0`);
614	}
615
616	void
617	genfs_node_wrlock(struct vnode *vp)
618	{
619	struct genfs_node *gp = VTOG(vp);
620
621	rw_enter(&gp->g_glock, RW_WRITER);
622	}
623
624	void
625	genfs_node_rdlock(struct vnode *vp)
626	{
627	struct genfs_node *gp = VTOG(vp);
628
629	rw_enter(&gp->g_glock, RW_READER);
630	}
631
632	int
633	genfs_node_rdtrylock(struct vnode *vp)
634	{
635	struct genfs_node *gp = VTOG(vp);
636
637	return rw_tryenter(&gp->g_glock, RW_READER);
638	}
639
640	void
641	genfs_node_unlock(struct vnode *vp)
642	{
643	struct genfs_node *gp = VTOG(vp);
644
645	rw_exit(&gp->g_glock);
646	}
647
648	int
649	genfs_node_wrlocked(struct vnode *vp)
650	{
651	struct genfs_node *gp = VTOG(vp);
652
653	return rw_write_held(&gp->g_glock);
654	}
655
656	/*
657	* Do the usual access checking.
658	* file_mode, uid and gid are from the vnode in question,
659	* while acc_mode and cred are from the VOP_ACCESS parameter list
660	*/
661	int
662	genfs_can_access(enum vtype type, mode_t file_mode, uid_t uid, gid_t gid,
663	mode_t acc_mode, kauth_cred_t cred)
664	{
665	mode_t mask;
666	int error, ismember;
667
668	mask = `0`;
669
670	/ Otherwise, check the owner. /
671	if (kauth_cred_geteuid(cred) == uid) {
672	if (acc_mode & VEXEC)
673	mask \|= S_IXUSR;
674	if (acc_mode & VREAD)
675	mask \|= S_IRUSR;
676	if (acc_mode & VWRITE)
677	mask \|= S_IWUSR;
678	return ((file_mode & mask) == mask ? `0` : EACCES);
679	}
680
681	/ Otherwise, check the groups. /
682	error = kauth_cred_ismember_gid(cred, gid, &ismember);
683	if (error)
684	return (error);
685	if (kauth_cred_getegid(cred) == gid \|\| ismember) {
686	if (acc_mode & VEXEC)
687	mask \|= S_IXGRP;
688	if (acc_mode & VREAD)
689	mask \|= S_IRGRP;
690	if (acc_mode & VWRITE)
691	mask \|= S_IWGRP;
692	return ((file_mode & mask) == mask ? `0` : EACCES);
693	}
694
695	/ Otherwise, check everyone else. /
696	if (acc_mode & VEXEC)
697	mask \|= S_IXOTH;
698	if (acc_mode & VREAD)
699	mask \|= S_IROTH;
700	if (acc_mode & VWRITE)
701	mask \|= S_IWOTH;
702	return ((file_mode & mask) == mask ? `0` : EACCES);
703	}
704
705	/*
706	* Common routine to check if chmod() is allowed.
707	*
708	* Policy:
709	* - You must own the file, and
710	* - You must not set the "sticky" bit (meaningless, see chmod(2))
711	* - You must be a member of the group if you're trying to set the
712	* SGIDf bit
713	*
714	* cred - credentials of the invoker
715	* vp - vnode of the file-system object
716	* cur_uid, cur_gid - current uid/gid of the file-system object
717	* new_mode - new mode for the file-system object
718	*
719	* Returns 0 if the change is allowed, or an error value otherwise.
720	*/
721	int
722	genfs_can_chmod(enum vtype type, kauth_cred_t cred, uid_t cur_uid,
723	gid_t cur_gid, mode_t new_mode)
724	{
725	int error;
726
727	/ The user must own the file. /
728	if (kauth_cred_geteuid(cred) != cur_uid)
729	return (EPERM);
730
731	/*
732	* Unprivileged users can't set the sticky bit on files.
733	*/
734	if ((type != VDIR) && (new_mode & S_ISTXT))
735	return (EFTYPE);
736
737	/*
738	* If the invoker is trying to set the SGID bit on the file,
739	* check group membership.
740	*/
741	if (new_mode & S_ISGID) {
742	int ismember;
743
744	error = kauth_cred_ismember_gid(cred, cur_gid,
745	&ismember);
746	if (error \|\| !ismember)
747	return (EPERM);
748	}
749
750	return (`0`);
751	}
752
753	/*
754	* Common routine to check if chown() is allowed.
755	*
756	* Policy:
757	* - You must own the file, and
758	* - You must not try to change ownership, and
759	* - You must be member of the new group
760	*
761	* cred - credentials of the invoker
762	* cur_uid, cur_gid - current uid/gid of the file-system object
763	* new_uid, new_gid - target uid/gid of the file-system object
764	*
765	* Returns 0 if the change is allowed, or an error value otherwise.
766	*/
767	int
768	genfs_can_chown(kauth_cred_t cred, uid_t cur_uid,
769	gid_t cur_gid, uid_t new_uid, gid_t new_gid)
770	{
771	int error, ismember;
772
773	/*
774	* You can only change ownership of a file if:
775	* You own the file and...
776	*/
777	if (kauth_cred_geteuid(cred) == cur_uid) {
778	/*
779	* You don't try to change ownership, and...
780	*/
781	if (new_uid != cur_uid)
782	return (EPERM);
783
784	/*
785	* You don't try to change group (no-op), or...
786	*/
787	if (new_gid == cur_gid)
788	return (`0`);
789
790	/*
791	* Your effective gid is the new gid, or...
792	*/
793	if (kauth_cred_getegid(cred) == new_gid)
794	return (`0`);
795
796	/*
797	* The new gid is one you're a member of.
798	*/
799	ismember = `0`;
800	error = kauth_cred_ismember_gid(cred, new_gid,
801	&ismember);
802	if (!error && ismember)
803	return (`0`);
804	}
805
806	return (EPERM);
807	}
808
809	int
810	genfs_can_chtimes(vnode_t *vp, u_int vaflags, uid_t owner_uid,
811	kauth_cred_t cred)
812	{
813	int error;
814
815	/ Must be owner, or... /
816	if (kauth_cred_geteuid(cred) == owner_uid)
817	return (`0`);
818
819	/ set the times to the current time, and... /
820	if ((vaflags & VA_UTIMES_NULL) == `0`)
821	return (EPERM);
822
823	/ have write access. /
824	error = VOP_ACCESS(vp, VWRITE, cred);
825	if (error)
826	return (error);
827
828	return (`0`);
829	}
830
831	/*
832	* Common routine to check if chflags() is allowed.
833	*
834	* Policy:
835	* - You must own the file, and
836	* - You must not change system flags, and
837	* - You must not change flags on character/block devices.
838	*
839	* cred - credentials of the invoker
840	* owner_uid - uid of the file-system object
841	* changing_sysflags - true if the invoker wants to change system flags
842	*/
843	int
844	genfs_can_chflags(kauth_cred_t cred, enum vtype type, uid_t owner_uid,
845	bool changing_sysflags)
846	{
847
848	/ The user must own the file. /
849	if (kauth_cred_geteuid(cred) != owner_uid) {
850	return EPERM;
851	}
852
853	if (changing_sysflags) {
854	return EPERM;
855	}
856
857	/*
858	* Unprivileged users cannot change the flags on devices, even if they
859	* own them.
860	*/
861	if (type == VCHR \|\| type == VBLK) {
862	return EPERM;
863	}
864
865	return `0`;
866	}
867
868	/*
869	* Common "sticky" policy.
870	*
871	* When a directory is "sticky" (as determined by the caller), this
872	* function may help implementing the following policy:
873	* - Renaming a file in it is only possible if the user owns the directory
874	* or the file being renamed.
875	* - Deleting a file from it is only possible if the user owns the
876	* directory or the file being deleted.
877	*/
878	int
879	genfs_can_sticky(kauth_cred_t cred, uid_t dir_uid, uid_t file_uid)
880	{
881	if (kauth_cred_geteuid(cred) != dir_uid &&
882	kauth_cred_geteuid(cred) != file_uid)
883	return EPERM;
884
885	return `0`;
886	}
887
888	int
889	genfs_can_extattr(kauth_cred_t cred, int access_mode, vnode_t *vp,
890	const char *attr)
891	{
892	/ We can't allow privileged namespaces. /
893	if (strncasecmp(attr, "system", `6`) == `0`)
894	return EPERM;
895
896	return VOP_ACCESS(vp, access_mode, cred);
897	}
898

Browse the source code of src/src/sys/miscfs/genfs/genfs_vnops.c