MAY_EXEC
if (mask & (MAY_EXEC | MAY_READ | MAY_CHDIR)) {
if ((mask & MAY_EXEC) && !(inode->i_mode & S_IXUSR))
if (mask & (MAY_EXEC | MAY_READ)) {
MAY_READ | MAY_EXEC);
ret = inode_permission(idmap, inode, MAY_WRITE | MAY_EXEC);
mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
if ((mask & MAY_EXEC) && !execute_ok(inode))
return (mask & MAY_EXEC) ? -EACCES : 0;
MAY_WRITE | MAY_EXEC);
err = inode_permission(idmap, inode, MAY_EXEC);
.acc_mode = MAY_EXEC,
inarg.mask = mask & (MAY_READ | MAY_WRITE | MAY_EXEC);
((mask & MAY_EXEC) && S_ISREG(inode->i_mode))) {
} else if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) {
error = gfs2_permission(&nop_mnt_idmap, dir, MAY_WRITE | MAY_EXEC);
MAY_WRITE | MAY_EXEC);
MAY_WRITE | MAY_EXEC);
error = gfs2_permission(&nop_mnt_idmap, dir, MAY_EXEC);
MAY_WRITE | MAY_EXEC);
if (desired & MAY_EXEC) x = 1;
error = path_permission(&path, MAY_EXEC | MAY_CHDIR);
error = path_permission(&path, MAY_EXEC | MAY_CHDIR);
return inode_permission(idmap, base->d_inode, MAY_EXEC);
error = inode_permission(idmap, dir, MAY_WRITE | MAY_EXEC);
return inode_permission(idmap, dir, MAY_WRITE | MAY_EXEC);
if (acc_mode & MAY_EXEC)
if (acc_mode & MAY_EXEC)
if ((acc_mode & MAY_EXEC) && path_noexec(path))
MAY_WRITE | MAY_EXEC);
error = inode_permission(idmap, dir, MAY_WRITE | MAY_EXEC);
mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
if (!(mask & MAY_EXEC) || (inode->i_mode & S_IXUGO))
mask |= MAY_EXEC;
mask |= MAY_EXEC;
mask |= MAY_EXEC;
if ((mask & ~cache_mask & (MAY_READ | MAY_WRITE | MAY_EXEC)) != 0)
mask = MAY_EXEC;
if ((mask & (MAY_READ | MAY_WRITE | MAY_EXEC)) == 0)
if (!res && (mask & MAY_EXEC))
d_inode(parent), MAY_EXEC);
acc & (MAY_READ | MAY_WRITE | MAY_EXEC));
err = inode_permission(&nop_mnt_idmap, inode, MAY_EXEC);
return inode_permission(&nop_mnt_idmap, dir, MAY_WRITE | MAY_EXEC);
if ((mode & MAY_EXEC) && S_ISREG(inode->i_mode)) {
error = path_permission(&path, MAY_EXEC | MAY_CHDIR);
error = file_permission(fd_file(f), MAY_EXEC | MAY_CHDIR);
error = path_permission(&path, MAY_EXEC | MAY_CHDIR);
want &= MAY_READ | MAY_WRITE | MAY_EXEC;
if (likely(is_same_tgroup && !(mask & MAY_EXEC))) {
if ((op & ~mode & (MAY_READ|MAY_WRITE|MAY_EXEC)) == 0)
if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode))
if ((mask & MAY_EXEC) && !execute_ok(inode))
MAY_EXEC | MAY_WRITE);
MAY_READ | MAY_EXEC)) {
if (!inode_permission(idmap, d_inode(dentry), MAY_OPEN | MAY_EXEC))
if (!inode_permission(idmap, d_inode(dentry->d_parent), MAY_EXEC | MAY_WRITE))
err = file_permission(fd_file(exe), MAY_EXEC);
OP_EXEC, MAY_EXEC,
if (!(perms->allow & MAY_EXEC)) {
if (perms->allow & MAY_EXEC) {
perms.audit |= MAY_EXEC;
perms.allow |= MAY_EXEC;
OP_EXEC, MAY_EXEC, name, target, new, cond->uid,
if (perms.allow & MAY_EXEC) {
perms.audit |= MAY_EXEC;
perms.allow &= ~MAY_EXEC;
aa_audit_file(subj_cred, profile, &perms, OP_EXEC, MAY_EXEC, name,
} else if ((lperms.allow & MAY_EXEC) &&
lperms.allow &= ~MAY_EXEC;
request |= MAY_EXEC;
#define mask_mode_t(X) (X & (MAY_EXEC | MAY_WRITE | MAY_READ | MAY_APPEND))
#define AA_AUDIT_FILE_MASK (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND |\
#define AA_MAY_EXEC MAY_EXEC
fctx->allow = MAY_EXEC | MAY_READ | AA_EXEC_MMAP;
0, MAY_EXEC, MMAP_CHECK_REQPROT, 0,
0, MAY_EXEC, MMAP_CHECK, 0, false);
current_cred(), &prop, MAY_EXEC, MMAP_CHECK,
current_cred(), &prop, MAY_EXEC,
&prop, NULL, 0, MAY_EXEC, BPRM_CHECK, 0,
0, MAY_EXEC, CREDS_CHECK, 0, false);
mask & (MAY_READ | MAY_WRITE | MAY_EXEC |
entry->mask = MAY_EXEC;
{.action = MEASURE, .func = MMAP_CHECK, .mask = MAY_EXEC,
{.action = MEASURE, .func = BPRM_CHECK, .mask = MAY_EXEC,
{.action = MEASURE, .func = MMAP_CHECK, .mask = MAY_EXEC,
{.action = MEASURE, .func = BPRM_CHECK, .mask = MAY_EXEC,
if (entry->mask & MAY_EXEC)
if (mask & MAY_EXEC)
if (mask & MAY_EXEC)
mask = requested & (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
#define MAY_ANYREAD (MAY_READ | MAY_EXEC)
if (access & MAY_EXEC)
mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
may |= MAY_EXEC;
perm |= MAY_EXEC;