Lines Matching refs:rights
2 * Copyright (c) 2000-2012 Apple Inc. All rights reserved.
9 * compliance with the License. The rights granted to you under the License
23 * Please see the License for the specific language governing rights and
31 * The Regents of the University of California. All rights reserved.
5607 * must have delete rights to remove the old name even in
5611 * then we also need rights to rewrite its ".." entry as well.
5621 /* moving into tdvp or tvp, must have rights to add */
6329 * If we are the file owner, we automatically have some rights.
6349 KAUTH_DEBUG("%p ALLOWED - implicit or no rights required", vcp->vp);
6388 KAUTH_DEBUG("%p ALLOWED - all rights granted by ACL", vcp->vp);
6399 /* fall through and evaluate residual rights */
6406 * Grant residual rights that have been pre-authorized.
6417 KAUTH_DEBUG("%p ALLOWED - rights already authorized", vcp->vp);
6422 * Bail if we have residual rights that can't be granted by posix permissions,
6443 * rights.
6464 KAUTH_DEBUG("%p ALLOWED - residual rights %s%s%s%s%s%s%s%s%s%s%s%s%s%s granted due to no posix mapping",
6506 vnode_authorize_checkimmutable(vnode_t vp, struct vnode_attr *vap, int rights, int ignore)
6526 rights &= ~KAUTH_VNODE_WRITE_DATA;
6533 if (rights & KAUTH_VNODE_WRITE_RIGHTS) {
6540 if ((rights & KAUTH_VNODE_WRITE_EXTATTRIBUTES) &&
6549 * check for file immutability. first, check if the requested rights are
6554 if ((rights & (KAUTH_VNODE_ADD_FILE | KAUTH_VNODE_ADD_SUBDIRECTORY | KAUTH_VNODE_WRITE_EXTATTRIBUTES)) == rights)
6557 if ((rights & (KAUTH_VNODE_APPEND_DATA | KAUTH_VNODE_WRITE_EXTATTRIBUTES)) == rights)
6672 int parent_action; /* In case we need to use namedstream's data fork for cached rights*/
6680 * this point which rights to look at based on the
6682 * otherwise check the kauth 'rights' cache hung
6696 * For named streams on local-authorization volumes, rights are cached on the parent;
6699 * we need to flush rights (e.g. on VNOP_SETATTR()) we don't need to track down the
6701 * as if there were no cached rights (passing the named stream vnode and desired rights to
6705 * data fork's properties and the rights granted on a stream. Thus, named stream vnodes
6766 kauth_ace_rights_t rights;
6820 * requested rights.
6823 rights = action & ~(KAUTH_VNODE_ACCESS | KAUTH_VNODE_NOIMMUTABLE);
6825 if (rights & KAUTH_VNODE_DELETE) {
6845 if ((rights & KAUTH_VNODE_WRITE_RIGHTS) &&
6849 (rights & KAUTH_VNODE_DELETE) || (rights & KAUTH_VNODE_DELETE_CHILD))) {
6857 if ((rights & KAUTH_VNODE_EXECUTE) && (vp->v_type == VREG) && (vp->v_mount->mnt_flag & MNT_NOEXEC)) {
6901 if (rights & KAUTH_VNODE_READ_DATA) {
6902 rights &= ~KAUTH_VNODE_READ_DATA;
6903 rights |= KAUTH_VNODE_READ_EXTATTRIBUTES;
6905 if (rights & KAUTH_VNODE_WRITE_DATA) {
6906 rights &= ~KAUTH_VNODE_WRITE_DATA;
6907 rights |= KAUTH_VNODE_WRITE_EXTATTRIBUTES;
6935 * file rights.
6937 if ((result = vnode_authorize_checkimmutable(vp, &va, rights, noimmutable)) != 0)
6939 if ((rights & KAUTH_VNODE_DELETE) &&
6945 * Clear rights that have been authorized by reaching this point, bail if nothing left to
6948 rights &= ~(KAUTH_VNODE_LINKTARGET | KAUTH_VNODE_CHECKIMMUTABLE);
6949 if (rights == 0)
6958 /* process delete rights */
6959 if ((rights & KAUTH_VNODE_DELETE) &&
6963 /* process remaining rights */
6964 if ((rights & ~KAUTH_VNODE_DELETE) &&
6965 (result = vnode_authorize_simple(vcp, rights, rights & KAUTH_VNODE_DELETE, &found_deny)) != 0)
6973 if ((rights & KAUTH_VNODE_EXECUTE) &&
6997 if ((rights & KAUTH_VNODE_SEARCH) && found_deny == FALSE && vp->v_type == VDIR) {
7003 * match the credential associated with this cache of rights.
7011 if ((rights & KAUTH_VNODE_DELETE) && parent_authorized_for_delete_child == FALSE) {
7022 /* OK to cache delete rights */
7023 KAUTH_DEBUG("%p - caching DELETE_CHILD rights", dvp);
7030 * Note that this implies that we will allow requests for no rights, as well as
7031 * for rights that we do not recognise. There should be none of these.