1 /* SPDX-License-Identifier: GPL-2.0 */
2 #ifndef _LINUX_MNT_IDMAPPING_H
3 #define _LINUX_MNT_IDMAPPING_H
4
5 #include <linux/types.h>
6 #include <linux/uidgid.h>
7
8 struct mnt_idmap;
9 struct user_namespace;
10
11 extern struct mnt_idmap nop_mnt_idmap;
12 extern struct user_namespace init_user_ns;
13
14 typedef struct {
15 uid_t val;
16 } vfsuid_t;
17
18 typedef struct {
19 gid_t val;
20 } vfsgid_t;
21
22 static_assert(sizeof(vfsuid_t) == sizeof(kuid_t));
23 static_assert(sizeof(vfsgid_t) == sizeof(kgid_t));
24 static_assert(offsetof(vfsuid_t, val) == offsetof(kuid_t, val));
25 static_assert(offsetof(vfsgid_t, val) == offsetof(kgid_t, val));
26
27 #ifdef CONFIG_MULTIUSER
28 static inline uid_t __vfsuid_val(vfsuid_t uid)
29 {
30 return uid.val;
31 }
32
33 static inline gid_t __vfsgid_val(vfsgid_t gid)
34 {
35 return gid.val;
36 }
37 #else
38 static inline uid_t __vfsuid_val(vfsuid_t uid)
39 {
40 return 0;
41 }
42
43 static inline gid_t __vfsgid_val(vfsgid_t gid)
44 {
45 return 0;
46 }
47 #endif
48
49 static inline bool vfsuid_valid(vfsuid_t uid)
50 {
51 return __vfsuid_val(uid) != (uid_t)-1;
52 }
53
54 static inline bool vfsgid_valid(vfsgid_t gid)
55 {
56 return __vfsgid_val(gid) != (gid_t)-1;
57 }
58
59 static inline bool vfsuid_eq(vfsuid_t left, vfsuid_t right)
60 {
61 return vfsuid_valid(left) && __vfsuid_val(left) == __vfsuid_val(right);
62 }
63
64 static inline bool vfsgid_eq(vfsgid_t left, vfsgid_t right)
65 {
66 return vfsgid_valid(left) && __vfsgid_val(left) == __vfsgid_val(right);
67 }
68
69 /**
70 * vfsuid_eq_kuid - check whether kuid and vfsuid have the same value
71 * @vfsuid: the vfsuid to compare
72 * @kuid: the kuid to compare
73 *
74 * Check whether @vfsuid and @kuid have the same values.
75 *
76 * Return: true if @vfsuid and @kuid have the same value, false if not.
77 * Comparison between two invalid uids returns false.
78 */
79 static inline bool vfsuid_eq_kuid(vfsuid_t vfsuid, kuid_t kuid)
80 {
81 return vfsuid_valid(vfsuid) && __vfsuid_val(vfsuid) == __kuid_val(kuid);
82 }
83
84 /**
85 * vfsgid_eq_kgid - check whether kgid and vfsgid have the same value
86 * @vfsgid: the vfsgid to compare
87 * @kgid: the kgid to compare
88 *
89 * Check whether @vfsgid and @kgid have the same values.
90 *
91 * Return: true if @vfsgid and @kgid have the same value, false if not.
92 * Comparison between two invalid gids returns false.
93 */
94 static inline bool vfsgid_eq_kgid(vfsgid_t vfsgid, kgid_t kgid)
95 {
96 return vfsgid_valid(vfsgid) && __vfsgid_val(vfsgid) == __kgid_val(kgid);
97 }
98
99 /*
100 * vfs{g,u}ids are created from k{g,u}ids.
101 * We don't allow them to be created from regular {u,g}id.
102 */
103 #define VFSUIDT_INIT(val) (vfsuid_t){ __kuid_val(val) }
104 #define VFSGIDT_INIT(val) (vfsgid_t){ __kgid_val(val) }
105
106 #define INVALID_VFSUID VFSUIDT_INIT(INVALID_UID)
107 #define INVALID_VFSGID VFSGIDT_INIT(INVALID_GID)
108
109 /*
110 * Allow a vfs{g,u}id to be used as a k{g,u}id where we want to compare
111 * whether the mapped value is identical to value of a k{g,u}id.
112 */
113 #define AS_KUIDT(val) (kuid_t){ __vfsuid_val(val) }
114 #define AS_KGIDT(val) (kgid_t){ __vfsgid_val(val) }
115
116 int vfsgid_in_group_p(vfsgid_t vfsgid);
117
118 struct mnt_idmap *mnt_idmap_get(struct mnt_idmap *idmap);
119 void mnt_idmap_put(struct mnt_idmap *idmap);
120
121 vfsuid_t make_vfsuid(struct mnt_idmap *idmap,
122 struct user_namespace *fs_userns, kuid_t kuid);
123
124 vfsgid_t make_vfsgid(struct mnt_idmap *idmap,
125 struct user_namespace *fs_userns, kgid_t kgid);
126
127 kuid_t from_vfsuid(struct mnt_idmap *idmap,
128 struct user_namespace *fs_userns, vfsuid_t vfsuid);
129
130 kgid_t from_vfsgid(struct mnt_idmap *idmap,
131 struct user_namespace *fs_userns, vfsgid_t vfsgid);
132
133 /**
134 * vfsuid_has_fsmapping - check whether a vfsuid maps into the filesystem
135 * @idmap: the mount's idmapping
136 * @fs_userns: the filesystem's idmapping
137 * @vfsuid: vfsuid to be mapped
138 *
139 * Check whether @vfsuid has a mapping in the filesystem idmapping. Use this
140 * function to check whether the filesystem idmapping has a mapping for
141 * @vfsuid.
142 *
143 * Return: true if @vfsuid has a mapping in the filesystem, false if not.
144 */
145 static inline bool vfsuid_has_fsmapping(struct mnt_idmap *idmap,
146 struct user_namespace *fs_userns,
147 vfsuid_t vfsuid)
148 {
149 return uid_valid(from_vfsuid(idmap, fs_userns, vfsuid));
150 }
151
152 static inline bool vfsuid_has_mapping(struct user_namespace *userns,
153 vfsuid_t vfsuid)
154 {
155 return from_kuid(userns, AS_KUIDT(vfsuid)) != (uid_t)-1;
156 }
157
158 /**
159 * vfsuid_into_kuid - convert vfsuid into kuid
160 * @vfsuid: the vfsuid to convert
161 *
162 * This can be used when a vfsuid is committed as a kuid.
163 *
164 * Return: a kuid with the value of @vfsuid
165 */
166 static inline kuid_t vfsuid_into_kuid(vfsuid_t vfsuid)
167 {
168 return AS_KUIDT(vfsuid);
169 }
170
171 /**
172 * vfsgid_has_fsmapping - check whether a vfsgid maps into the filesystem
173 * @idmap: the mount's idmapping
174 * @fs_userns: the filesystem's idmapping
175 * @vfsgid: vfsgid to be mapped
176 *
177 * Check whether @vfsgid has a mapping in the filesystem idmapping. Use this
178 * function to check whether the filesystem idmapping has a mapping for
179 * @vfsgid.
180 *
181 * Return: true if @vfsgid has a mapping in the filesystem, false if not.
182 */
183 static inline bool vfsgid_has_fsmapping(struct mnt_idmap *idmap,
184 struct user_namespace *fs_userns,
185 vfsgid_t vfsgid)
186 {
187 return gid_valid(from_vfsgid(idmap, fs_userns, vfsgid));
188 }
189
190 static inline bool vfsgid_has_mapping(struct user_namespace *userns,
191 vfsgid_t vfsgid)
192 {
193 return from_kgid(userns, AS_KGIDT(vfsgid)) != (gid_t)-1;
194 }
195
196 /**
197 * vfsgid_into_kgid - convert vfsgid into kgid
198 * @vfsgid: the vfsgid to convert
199 *
200 * This can be used when a vfsgid is committed as a kgid.
201 *
202 * Return: a kgid with the value of @vfsgid
203 */
204 static inline kgid_t vfsgid_into_kgid(vfsgid_t vfsgid)
205 {
206 return AS_KGIDT(vfsgid);
207 }
208
209 /**
210 * mapped_fsuid - return caller's fsuid mapped according to an idmapping
211 * @idmap: the mount's idmapping
212 * @fs_userns: the filesystem's idmapping
213 *
214 * Use this helper to initialize a new vfs or filesystem object based on
215 * the caller's fsuid. A common example is initializing the i_uid field of
216 * a newly allocated inode triggered by a creation event such as mkdir or
217 * O_CREAT. Other examples include the allocation of quotas for a specific
218 * user.
219 *
220 * Return: the caller's current fsuid mapped up according to @idmap.
221 */
222 static inline kuid_t mapped_fsuid(struct mnt_idmap *idmap,
223 struct user_namespace *fs_userns)
224 {
225 return from_vfsuid(idmap, fs_userns, VFSUIDT_INIT(current_fsuid()));
226 }
227
228 /**
229 * mapped_fsgid - return caller's fsgid mapped according to an idmapping
230 * @idmap: the mount's idmapping
231 * @fs_userns: the filesystem's idmapping
232 *
233 * Use this helper to initialize a new vfs or filesystem object based on
234 * the caller's fsgid. A common example is initializing the i_gid field of
235 * a newly allocated inode triggered by a creation event such as mkdir or
236 * O_CREAT. Other examples include the allocation of quotas for a specific
237 * user.
238 *
239 * Return: the caller's current fsgid mapped up according to @idmap.
240 */
241 static inline kgid_t mapped_fsgid(struct mnt_idmap *idmap,
242 struct user_namespace *fs_userns)
243 {
244 return from_vfsgid(idmap, fs_userns, VFSGIDT_INIT(current_fsgid()));
245 }
246
247 #endif /* _LINUX_MNT_IDMAPPING_H */
248
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.