tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

landlock: Add access_mask_subset() helper

This helper function checks whether an access_mask_t has a subset of the
bits enabled than another one. This expresses the intent a bit smoother
in the code and does not cost us anything when it gets inlined.

Signed-off-by: Günther Noack <gnoack3000@gmail.com>
Link: https://lore.kernel.org/r/20260206151154.97915-4-gnoack3000@gmail.com
[mic: Improve subject]
Signed-off-by: Mickaël Salaün <mic@digikod.net>

authored by

Günther Noack and committed by
Mickaël Salaün 45f2a292 9adbe893

+9 -2
+7
security/landlock/access.h
··· 97 97 return access_masks; 98 98 } 99 99 100 + /* Checks the subset relation between access masks. */ 101 + static inline bool access_mask_subset(access_mask_t subset, 102 + access_mask_t superset) 103 + { 104 + return (subset | superset) == superset; 105 + } 106 + 100 107 #endif /* _SECURITY_LANDLOCK_ACCESS_H */
+2 -2
security/landlock/fs.c
··· 331 331 332 332 /* Files only get access rights that make sense. */ 333 333 if (!d_is_dir(path->dentry) && 334 - (access_rights | ACCESS_FILE) != ACCESS_FILE) 334 + !access_mask_subset(access_rights, ACCESS_FILE)) 335 335 return -EINVAL; 336 336 if (WARN_ON_ONCE(ruleset->num_layers != 1)) 337 337 return -EINVAL; ··· 1704 1704 ARRAY_SIZE(layer_masks)); 1705 1705 #endif /* CONFIG_AUDIT */ 1706 1706 1707 - if ((open_access_request & allowed_access) == open_access_request) 1707 + if (access_mask_subset(open_access_request, allowed_access)) 1708 1708 return 0; 1709 1709 1710 1710 /* Sets access to reflect the actual request. */