Lines Matching defs:rights
2 * Copyright (c) 2000-2014 Apple Inc. All rights reserved.
9 * compliance with the License. The rights granted to you under the License
23 * Please see the License for the specific language governing rights and
31 * The Regents of the University of California. All rights reserved.
5838 * must have delete rights to remove the old name even in
5842 * then we also need rights to rewrite its ".." entry as well.
5852 /* moving into tdvp or tvp, must have rights to add */
6566 * If we are the file owner, we automatically have some rights.
6586 KAUTH_DEBUG("%p ALLOWED - implicit or no rights required", vcp->vp);
6625 KAUTH_DEBUG("%p ALLOWED - all rights granted by ACL", vcp->vp);
6636 /* fall through and evaluate residual rights */
6643 * Grant residual rights that have been pre-authorized.
6654 KAUTH_DEBUG("%p ALLOWED - rights already authorized", vcp->vp);
6659 * Bail if we have residual rights that can't be granted by posix permissions,
6680 * rights.
6701 KAUTH_DEBUG("%p ALLOWED - residual rights %s%s%s%s%s%s%s%s%s%s%s%s%s%s granted due to no posix mapping",
6743 vnode_authorize_checkimmutable(vnode_t vp, struct vnode_attr *vap, int rights, int ignore)
6763 rights &= ~KAUTH_VNODE_WRITE_DATA;
6770 if (rights & KAUTH_VNODE_WRITE_RIGHTS) {
6777 if ((rights & KAUTH_VNODE_WRITE_EXTATTRIBUTES) &&
6786 * check for file immutability. first, check if the requested rights are
6791 if ((rights & (KAUTH_VNODE_ADD_FILE | KAUTH_VNODE_ADD_SUBDIRECTORY | KAUTH_VNODE_WRITE_EXTATTRIBUTES)) == rights)
6794 if ((rights & (KAUTH_VNODE_APPEND_DATA | KAUTH_VNODE_WRITE_EXTATTRIBUTES)) == rights)
6909 int parent_action; /* In case we need to use namedstream's data fork for cached rights*/
6917 * this point which rights to look at based on the
6919 * otherwise check the kauth 'rights' cache hung
6933 * For named streams on local-authorization volumes, rights are cached on the parent;
6936 * we need to flush rights (e.g. on VNOP_SETATTR()) we don't need to track down the
6938 * as if there were no cached rights (passing the named stream vnode and desired rights to
6942 * data fork's properties and the rights granted on a stream. Thus, named stream vnodes
7003 kauth_ace_rights_t rights;
7057 * requested rights.
7060 rights = action & ~(KAUTH_VNODE_ACCESS | KAUTH_VNODE_NOIMMUTABLE);
7062 if (rights & KAUTH_VNODE_DELETE) {
7082 if ((rights & KAUTH_VNODE_WRITE_RIGHTS) &&
7086 (rights & KAUTH_VNODE_DELETE) || (rights & KAUTH_VNODE_DELETE_CHILD))) {
7094 if ((rights & KAUTH_VNODE_EXECUTE) && (vp->v_type == VREG) && (vp->v_mount->mnt_flag & MNT_NOEXEC)) {
7138 if (rights & KAUTH_VNODE_READ_DATA) {
7139 rights &= ~KAUTH_VNODE_READ_DATA;
7140 rights |= KAUTH_VNODE_READ_EXTATTRIBUTES;
7142 if (rights & KAUTH_VNODE_WRITE_DATA) {
7143 rights &= ~KAUTH_VNODE_WRITE_DATA;
7144 rights |= KAUTH_VNODE_WRITE_EXTATTRIBUTES;
7172 * file rights.
7174 if ((result = vnode_authorize_checkimmutable(vp, &va, rights, noimmutable)) != 0)
7176 if ((rights & KAUTH_VNODE_DELETE) &&
7182 * Clear rights that have been authorized by reaching this point, bail if nothing left to
7185 rights &= ~(KAUTH_VNODE_LINKTARGET | KAUTH_VNODE_CHECKIMMUTABLE);
7186 if (rights == 0)
7195 /* process delete rights */
7196 if ((rights & KAUTH_VNODE_DELETE) &&
7200 /* process remaining rights */
7201 if ((rights & ~KAUTH_VNODE_DELETE) &&
7202 (result = vnode_authorize_simple(vcp, rights, rights & KAUTH_VNODE_DELETE, &found_deny)) != 0)
7210 if ((rights & KAUTH_VNODE_EXECUTE) &&
7234 if ((rights & KAUTH_VNODE_SEARCH) && found_deny == FALSE && vp->v_type == VDIR) {
7240 * match the credential associated with this cache of rights.
7248 if ((rights & KAUTH_VNODE_DELETE) && parent_authorized_for_delete_child == FALSE) {
7259 /* OK to cache delete rights */
7260 KAUTH_DEBUG("%p - caching DELETE_CHILD rights", dvp);
7267 * Note that this implies that we will allow requests for no rights, as well as
7268 * for rights that we do not recognise. There should be none of these.