libc/posix1e: Add acl_from_mode_np() function.

Reviewed by: kib, debdrup, gbe
Approved by: kib
Differential Revision: https://reviews.freebsd.org/D28255

5 files changed, 218 insertions, 1 deletions

diff --git a/lib/libc/posix1e/Makefile.inc b/lib/libc/posix1e/Makefile.inc
index fadc952f7acc..865a5e120b0f 100644
--- a/lib/libc/posix1e/Makefile.inc
+++ b/lib/libc/posix1e/Makefile.inc
@@ -18,6 +18,7 @@ SRCS+=	acl_branding.c			\
 	acl_entry.c			\
 	acl_flag.c			\
 	acl_free.c			\
+	acl_from_mode_np.c		\
 	acl_from_text.c			\
 	acl_from_text_nfs4.c		\
 	acl_get.c			\
@@ -54,6 +55,7 @@ MAN+=	acl.3				\
 	acl_delete_perm.3		\
 	acl_dup.3			\
 	acl_free.3			\
+	acl_from_mode_np.3		\
 	acl_from_text.3			\
 	acl_get.3			\
 	acl_get_brand_np.3		\
diff --git a/lib/libc/posix1e/Symbol.map b/lib/libc/posix1e/Symbol.map
index 346c8ca7e290..6cc05daee818 100644
--- a/lib/libc/posix1e/Symbol.map
+++ b/lib/libc/posix1e/Symbol.map
@@ -84,3 +84,7 @@ FBSD_1.1 {
 	acl_strip_np;
 	acl_to_text_np;
 };
+
+FBSD_1.7 {
+	acl_from_mode_np;
+};
diff --git a/lib/libc/posix1e/acl_from_mode_np.3 b/lib/libc/posix1e/acl_from_mode_np.3
new file mode 100644
index 000000000000..6ba80de5567b
--- /dev/null
+++ b/lib/libc/posix1e/acl_from_mode_np.3
@@ -0,0 +1,95 @@
+.\"-
+.\" Copyright (c) 2021 Gleb Popov
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.Dd January 20, 2021
+.Dt ACL_FROM_MODE_NP 3
+.Os
+.Sh NAME
+.Nm acl_from_mode_np
+.Nd create an ACL from status information
+.Sh LIBRARY
+.Lb libc
+.Sh SYNOPSIS
+.In sys/types.h
+.In sys/acl.h
+.Ft acl_t
+.Fn acl_from_mode_np "const mode_t mode"
+.Sh DESCRIPTION
+The
+.Fn acl_from_mode_np
+function is a non-portable call that converts the permissions set referred to by
+.Va mode
+into the corresponding minimal ACL structure, appropriate for applying to
+files or manipulating.
+.Pp
+This function causes memory to be allocated.
+The caller should free any
+free-able memory, when the new ACL is no longer required, by calling
+.Xr acl_free 3
+with the
+.Va (void *)acl_t
+as an argument.
+.Sh RETURN VALUES
+Upon successful completion, the function returns a pointer to the
+internal representation of the ACL in working storage.
+Otherwise, a value
+of
+.Va (acl_t)NULL
+is returned, and
+.Va errno
+is set to indicate the error.
+.Sh ERRORS
+If any of the following conditions occur, the
+.Fn acl_from_mode_np
+function returns a value of
+.Va (acl_t)NULL
+and set
+.Va errno
+to the corresponding value:
+.Bl -tag -width Er
+.It Bq Er ENOMEM
+The ACL working storage requires more memory than is allowed by the
+hardware or system-imposed memory management constraints.
+.El
+.Sh SEE ALSO
+.Xr acl 3 ,
+.Xr acl_free 3 ,
+.Xr acl_from_text 3 ,
+.Xr posix1e 3
+.Sh STANDARDS
+POSIX.1e is described in IEEE POSIX.1e draft 17.
+Discussion
+of the draft continues on the cross-platform POSIX.1e implementation
+mailing list.
+To join this list, see the
+.Fx
+POSIX.1e implementation
+page for more information.
+.Sh HISTORY
+POSIX.1e support was introduced in
+.Fx 4.0 ,
+and development continues.
+.Sh AUTHORS
+.An Gleb Popov
diff --git a/lib/libc/posix1e/acl_from_mode_np.c b/lib/libc/posix1e/acl_from_mode_np.c
new file mode 100644
index 000000000000..d78109469720
--- /dev/null
+++ b/lib/libc/posix1e/acl_from_mode_np.c
@@ -0,0 +1,115 @@
+/*-
+ * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
+ *
+ * Copyright (c) 2021 Robert N M Watson, Gleb Popov
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+/*
+ * acl_from_mode_np: Create an ACL from a mode_t.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/acl.h>
+#include <sys/stat.h>
+
+/*
+ * return an ACL corresponding to the permissions
+ * contained in mode_t
+ */
+acl_t
+acl_from_mode_np(const mode_t mode)
+{
+	acl_t acl;
+	acl_entry_t entry;
+	acl_permset_t perms;
+
+	/* create the ACL */
+	acl = acl_init(3);
+	/* here and below, the only possible reason to fail is ENOMEM, so
+	 * no need to set errno again
+	 */
+	if (acl == NULL)
+		return (NULL);
+
+	/* First entry: ACL_USER_OBJ */
+	if (acl_create_entry(&acl, &entry) == -1)
+		return (NULL);
+	/* TODO: need to handle error there and below? */
+	acl_set_tag_type(entry, ACL_USER_OBJ);
+
+	acl_get_permset(entry, &perms);
+	acl_clear_perms(perms);
+
+	/* calculate user mode */
+	if (mode & S_IRUSR)
+		acl_add_perm(perms, ACL_READ);
+	if (mode & S_IWUSR)
+		acl_add_perm(perms, ACL_WRITE);
+	if (mode & S_IXUSR)
+		acl_add_perm(perms, ACL_EXECUTE);
+
+	acl_set_permset(entry, perms);
+
+	/* Second entry: ACL_GROUP_OBJ */
+	if (acl_create_entry(&acl, &entry) == -1)
+		return (NULL);
+	acl_set_tag_type(entry, ACL_GROUP_OBJ);
+
+	acl_get_permset(entry, &perms);
+	acl_clear_perms(perms);
+
+	/* calculate group mode */
+	if (mode & S_IRGRP)
+		acl_add_perm(perms, ACL_READ);
+	if (mode & S_IWGRP)
+		acl_add_perm(perms, ACL_WRITE);
+	if (mode & S_IXGRP)
+		acl_add_perm(perms, ACL_EXECUTE);
+
+	acl_set_permset(entry, perms);
+
+	/* Third entry: ACL_OTHER */
+	if (acl_create_entry(&acl, &entry) == -1)
+		return (NULL);
+	acl_set_tag_type(entry, ACL_OTHER);
+
+	acl_get_permset(entry, &perms);
+	acl_clear_perms(perms);
+
+	/* calculate other mode */
+	if (mode & S_IROTH)
+		acl_add_perm(perms, ACL_READ);
+	if (mode & S_IWOTH)
+		acl_add_perm(perms, ACL_WRITE);
+	if (mode & S_IXOTH)
+		acl_add_perm(perms, ACL_EXECUTE);
+
+	acl_set_permset(entry, perms);
+
+	return (acl);
+}
diff --git a/sys/sys/acl.h b/sys/sys/acl.h
index 196447a6d9cb..71bb0f2ac058 100644
--- a/sys/sys/acl.h
+++ b/sys/sys/acl.h
@@ -30,7 +30,7 @@
  *
  * $FreeBSD$
  */
-/* 
+/*
  * Developed by the TrustedBSD Project.
  * Support for POSIX.1e and NFSv4 access control lists.
  */
@@ -379,6 +379,7 @@ int	acl_delete_flag_np(acl_flagset_t _flagset_d, acl_flag_t _flag);
 int	acl_delete_perm(acl_permset_t _permset_d, acl_perm_t _perm);
 acl_t	acl_dup(acl_t _acl);
 int	acl_free(void *_obj_p);
+acl_t	acl_from_mode_np(const mode_t mode);
 acl_t	acl_from_text(const char *_buf_p);
 int	acl_get_brand_np(acl_t _acl, int *_brand_p);
 int	acl_get_entry(acl_t _acl, int _entry_id, acl_entry_t *_entry_p);