Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp6078387rwi;
        Tue, 18 Oct 2022 07:53:29 -0700 (PDT)
X-Google-Smtp-Source: AMsMyM6DS2A08Ae0FVIeloxMVxO0I0BkC/7NFeXsbg/IlC2K1JNA0vXo1euDwBjsjSl1m5BybjhP
X-Received: by 2002:a17:902:7c14:b0:17f:6303:f40 with SMTP id x20-20020a1709027c1400b0017f63030f40mr3354911pll.1.1666104808789;
        Tue, 18 Oct 2022 07:53:28 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1666104808; cv=none;
        d=google.com; s=arc-20160816;
        b=VM4R/e1N/hLu2Y0k2F1ZngTfgDqt0miJF0e9nDof+bME4n3aBS39W57xf8+4rBlwny
         lWISYaKbrLMYDN8eab/YqRE6hH1ZWdlQiBfqXdJWvRxr06gv5QMrzjtugEypyaiyJA2z
         SybvC0szNcJpAvx/6xeUFXwbMt1ptn8OVD/TJw4qu8LDEaLW1UdDcTWVCwt2ErLEBe5V
         yOlsVtITn+QK4trC3Q5IXB68REtvakz+YobWU7XLntsym6X9a5vKEyZuwjUT5xgNwS0+
         ImLsYQilh6vUsrKHsp6e8IRUjS7fXgHyAB4+17I1ApRVuu9kwXea4La4iUaUt+x/XyKn
         iiIg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=ba7W7p3mwxFspKon/90nAx+RAu6Es5fVH7kDLSggVUU=;
        b=dTk6gaU8h7yr3Mt0UkurmNM52gaV815BM6wg4ywN4cPyKtgxkaBGfyKFoBDdFJmhar
         DqRC3HsL8WJStkSuAam1yKdCWA4xhE17SwG2TTHdm+rOjsn1A5mDL0U+9bjUCG2Sv2Ip
         NiITDbCnFcYNaekOe4Gjyz4m96Z+d7/WVa5jeyr3c35jkujWS7PvljuDPtymTuPlPO1H
         VJUic9J9zhuidYlauBbeJ/tdOhijN+yvvZiNWBf0hj/ZP2fC2OXC6rxX5/QTsDABSjw5
         0Lh4VMqrqQmKCfSs18aG/EybH/FXq5MEwpamVAtFrdWd1cAw7yO5Uq75mFfRJDGMC5j0
         Cn2A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=BGIhmEWa;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id z9-20020a17090a1fc900b00205a9b61353si20475427pjz.36.2022.10.18.07.53.15;
        Tue, 18 Oct 2022 07:53:28 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=BGIhmEWa;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231433AbiJROLR (ORCPT <rfc822;aravind.ht@gmail.com> + 99 others);
        Tue, 18 Oct 2022 10:11:17 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51074 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231371AbiJROK5 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 18 Oct 2022 10:10:57 -0400
Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CD685647D2;
        Tue, 18 Oct 2022 07:10:46 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id EC3D5B81F70;
        Tue, 18 Oct 2022 14:10:44 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 15560C433C1;
        Tue, 18 Oct 2022 14:10:40 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1666102243;
        bh=GZeQhv33D3zVDt2g8J7jPKYmYI7gz3wmR3KSKFf0vnw=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=BGIhmEWaQ5FBxgU4u024LOBNRwMkOMH4NXh5l3nxCa9p9kL6rgLm1hwQBlnoRVbr9
         pNf86TL9ccIPRc9Z6xrM8Eik0t0ZCjBZu1xhNBF2lPtfUX6XKkjq2Esz+oZCEgIQ6B
         R6nyhjMgr8KnMVOIj+QCAcjETjzff9eMhLT3w/CoJdn/NCRTPNy7EkvvXfUSVslyRv
         h11S73PY3I2B51V72f8i1UrHR062I4g/yZMhA04yVx4BMLzkOKJVMgy5uTSZ11FVCT
         hn+81PKB8KuGAZsFRSulGEv0fbNKx3M9jm+tK4/GR7M2xNpxZIGk9XJsOiT+xmCyLB
         PB/yAg9vRgXdA==
Date:   Tue, 18 Oct 2022 16:10:37 +0200
From:   Christian Brauner <brauner@kernel.org>
To:     Kees Cook <keescook@chromium.org>
Cc:     Mimi Zohar <zohar@linux.ibm.com>,
        John Johansen <john.johansen@canonical.com>,
        Paul Moore <paul@paul-moore.com>,
        James Morris <jmorris@namei.org>,
        "Serge E. Hallyn" <serge@hallyn.com>,
        linux-security-module@vger.kernel.org,
        =?utf-8?Q?Micka=C3=ABl_Sala=C3=BCn?= <mic@digikod.net>,
        KP Singh <kpsingh@kernel.org>,
        Casey Schaufler <casey@schaufler-ca.com>,
        linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org,
        linux-hardening@vger.kernel.org
Subject: Re: [PATCH 6/9] fs: Introduce file_to_perms() helper
Message-ID: <20221018141037.zzpfjzutqbutbpiy@wittgenstein>
References: <20221013222702.never.990-kees@kernel.org>
 <20221013223654.659758-6-keescook@chromium.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20221013223654.659758-6-keescook@chromium.org>
X-Spam-Status: No, score=-7.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Oct 13, 2022 at 03:36:51PM -0700, Kees Cook wrote:
> Extract the logic used by LSM file hooks to be able to reconstruct the
> access mode permissions from an open.
> 
> Cc: John Johansen <john.johansen@canonical.com>
> Cc: Paul Moore <paul@paul-moore.com>
> Cc: James Morris <jmorris@namei.org>
> Cc: "Serge E. Hallyn" <serge@hallyn.com>
> Cc: linux-security-module@vger.kernel.org
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
>  include/linux/fs.h               | 22 ++++++++++++++++++++++
>  security/apparmor/include/file.h | 18 ++++--------------
>  2 files changed, 26 insertions(+), 14 deletions(-)
> 
> diff --git a/include/linux/fs.h b/include/linux/fs.h
> index 9eced4cc286e..814f10d4132e 100644
> --- a/include/linux/fs.h
> +++ b/include/linux/fs.h
> @@ -993,6 +993,28 @@ static inline struct file *get_file(struct file *f)
>  #define get_file_rcu(x) atomic_long_inc_not_zero(&(x)->f_count)
>  #define file_count(x)	atomic_long_read(&(x)->f_count)
>  
> +/* Calculate the basic MAY_* flags needed for a given file. */
> +static inline u8 file_to_perms(struct file *file)

As long as there aren't multiple users of this and especially none in
the vfs proper please don't move this into fs.h. It's overloaded enough
as it is and we have vague plans on splitting it further in the future.