+
+ if (tag == desired_tag) {
+ /* We found the right tag. Update the permset. */
+ int s_result = acl_set_permset(entry, permset);
+ if (s_result == -1) {
+ perror("remove_access_tag_perm (acl_set_permset)");
+ return -1;
+ }
+
+ int sf_result = acl_set_file(path, ACL_TYPE_ACCESS, acl);
+ if (sf_result == -1) {
+ perror("remove_access_tag_perm (acl_set_file)");
+ return -1;
+ }
+
+ return 1;
+ }
+
+ result = acl_get_entry(acl, ACL_NEXT_ENTRY, &entry);
+ }
+
+ /* This catches both the initial acl_get_entry and the ones at the
+ end of the loop. */
+ if (result == -1) {
+ perror("remove_access_tag_perm (acl_get_entry)");
+ return -1;
+ }
+
+ return 0;
+}
+
+int remove_access_group_obj_execute(const char* path) {
+ return remove_access_tag_perm(path, ACL_GROUP_OBJ, ACL_EXECUTE);
+}
+
+
+int has_default_user_obj_read(const char* path) {
+ return has_default_tag_perm(path, ACL_USER_OBJ, ACL_READ);
+}
+
+int has_default_user_obj_write(const char* path) {
+ return has_default_tag_perm(path, ACL_USER_OBJ, ACL_WRITE);
+}
+
+int has_default_user_obj_execute(const char* path) {
+ return has_default_tag_perm(path, ACL_USER_OBJ, ACL_EXECUTE);
+}
+
+int has_default_group_obj_read(const char* path) {
+ return has_default_tag_perm(path, ACL_GROUP_OBJ, ACL_READ);
+}
+
+int has_default_group_obj_write(const char* path) {
+ return has_default_tag_perm(path, ACL_GROUP_OBJ, ACL_WRITE);
+}
+
+int has_default_group_obj_execute(const char* path) {
+ return has_default_tag_perm(path, ACL_GROUP_OBJ, ACL_EXECUTE);
+}
+
+int has_default_other_read(const char* path) {
+ return has_default_tag_perm(path, ACL_OTHER, ACL_READ);
+}
+
+int has_default_other_write(const char* path) {
+ return has_default_tag_perm(path, ACL_OTHER, ACL_WRITE);
+}
+
+int has_default_other_execute(const char* path) {
+ return has_default_tag_perm(path, ACL_OTHER, ACL_EXECUTE);
+}
+
+int has_default_mask_read(const char* path) {
+ return has_default_tag_perm(path, ACL_MASK, ACL_READ);
+}
+
+int has_default_mask_write(const char* path) {
+ return has_default_tag_perm(path, ACL_MASK, ACL_WRITE);
+}
+
+int has_default_mask_execute(const char* path) {
+ return has_default_tag_perm(path, ACL_MASK, ACL_EXECUTE);
+}
+
+
+int reapply_default_acl(const char* path) {
+ /* If this is a normal file or directory (i.e. that has just been
+ created), we proceed to find its parent directory which will have
+ a default ACL.
+
+ Returns one for success, zero for failure (i.e. no ACL), and -1
+ on unexpected errors. */
+ if (path == NULL) {
+ return 0;
+ }
+
+ if (!is_regular_file(path) && !is_directory(path)) {
+ return 0;
+ }
+
+ /* dirname mangles its argument */
+ char path_copy[PATH_MAX];
+ strncpy(path_copy, path, PATH_MAX-1);
+ path_copy[PATH_MAX-1] = 0;
+
+ char* parent = dirname(path_copy);
+ if (!is_directory(parent)) {
+ /* Make sure dirname() did what we think it did. */
+ return 0;
+ }
+
+ /* This is the original mode of path. We will simply add permissions
+ to it, and then later reapply the result via chmod. */
+ mode_t path_mode = get_mode(path);
+
+ if (has_default_mask_acl(parent)) {
+ /* The parent has an extended ACL. Extended ACLs use the mask
+ entry. */
+
+ /* For the group bits, we'll use the ACL's mask instead of the group
+ object bits. If the default ACL had a group entry, it should
+ already have propagated (but might be masked). */
+ if (has_default_mask_read(parent)) {
+ path_mode |= S_IRGRP;
+ }