GENFS(9) | Kernel Developer's Manual | GENFS(9) |
int
genfs_can_access(enum vtype type, mode_t file_mode, uid_t uid, gid_t gid, mode_t acc_mode, kauth_cred_t cred);
int
genfs_can_chflags(kauth_cred_t cred, enum vtype type, uid_t owner_uid, bool changing_sysflags);
int
genfs_can_chmod(enum vtype type, kauth_cred_t cred, uid_t cur_uid, gid_t cur_gid, mode_t new_mode);
int
genfs_can_chown(kauth_cred_t cred, uid_t cur_uid, gid_t cur_gid, uid_t new_uid, gid_t new_gid);
int
genfs_can_chtimes(vnode_t *vp, u_int vaflags, uid_t owner_uid, kauth_cred_t cred);
int
genfs_can_extattr(kauth_cred_t cred, int access_mode, vnode_t *vp, const char *attr);
int
genfs_can_sticky(kauth_cred_t cred, uid_t dir_uid, uid_t file_uid);
In other words, these functions are not meant to be called directly. They are intended to be used in kauth(9) vnode scope authorization calls, for providing the fall-back file system decision.
As a rule of thumb, code that looks like this is wrong:
error = genfs_can_foo(...); /* WRONG */
While code that looks like this is right:
error = kauth_authorize_vnode(..., genfs_can_foo(...));
March 1, 2012 | NetBSD 7.2 |