patch file systems with the acl checks

[lunaix-os.git] / lunaix-os / includes / lunaix / fs_acl.h

diff --git a/lunaix-os/includes/lunaix/fs_acl.h b/lunaix-os/includes/lunaix/fs_acl.h
new file mode 100644 (file)
index 0000000..c05080b
--- /dev/null
+++ b/lunaix-os/includes/lunaix/fs_acl.h
@@ -0,0 +1,61 @@
+#ifndef __LUNAIX_FS_ACL_H
+#define __LUNAIX_FS_ACL_H
+
+#include <lunaix/usrscope.h>
+#include "compiler.h"
+
+#define FSACL_READ     4
+#define FSACL_WRITE    2
+#define FSACL_EXEC     1
+
+#define FSACL_U(x)    (((x) & 0b111) << 6)
+#define FSACL_G(x)    (((x) & 0b111) << 3)
+#define FSACL_O(x)    ((x) & 0b111)
+
+#define FSACL_uR      FSACL_U(FSACL_READ)
+#define FSACL_uW      FSACL_U(FSACL_WRITE)
+#define FSACL_uX      FSACL_U(FSACL_EXEC)
+
+#define FSACL_gR      FSACL_G(FSACL_READ)
+#define FSACL_gW      FSACL_G(FSACL_WRITE)
+#define FSACL_gX      FSACL_G(FSACL_EXEC)
+
+#define FSACL_oR      FSACL_O(FSACL_READ)
+#define FSACL_oW      FSACL_O(FSACL_WRITE)
+#define FSACL_oX      FSACL_O(FSACL_EXEC)
+
+// permitted read (any usr or group matched)
+#define FSACL_RD      (FSACL_uRD | FSACL_gRD)
+// permitted write (any usr or group matched)
+#define FSACL_WR      (FSACL_uWR | FSACL_gWR)
+// permitted execute (any usr or group matched)
+#define FSACL_X       (FSACL_uX | FSACL_gX)
+
+#define FSACL_u_      0
+#define FSACL_g_      0
+#define FSACL_o_      0
+
+// any read
+#define FSACL_aR      (FSACL_uR | FSACL_gR | FSACL_oR)
+// any write
+#define FSACL_aW      (FSACL_uW | FSACL_gW | FSACL_oW)
+// any execute
+#define FSACL_aX      (FSACL_uX | FSACL_gX | FSACL_oX)
+
+#define __fsacl_sel(scope, type)    (FSACL_##scope##type)
+#define FSACL_u(r, w, x)            \
+        (v__(__fsacl_sel(u, r)) | v__(__fsacl_sel(u, w)) | v__(__fsacl_sel(u, x)))
+
+#define FSACL_g(r, w, x)            \
+        (v__(__fsacl_sel(g, r)) | v__(__fsacl_sel(g, w)) | v__(__fsacl_sel(g, x)))
+
+#define FSACL_o(r, w, x)            \
+        (v__(__fsacl_sel(o, r)) | v__(__fsacl_sel(o, w)) | v__(__fsacl_sel(o, x)))
+
+static inline bool must_inline
+fsacl_allow_ops(unsigned int ops, unsigned int acl, uid_t uid, gid_t gid)
+{
+    return !!(acl & ops & check_current_acl(uid, gid));
+}
+
+#endif /* __LUNAIX_FS_ACL_H */