From c6b898ea30fbf3e493a1a843455d2ac2a181f4a1 Mon Sep 17 00:00:00 2001
From: mucor <mucorwang@gmail.com>
Date: Fri, 16 Apr 2021 17:33:40 +0800
Subject: [PATCH] fix capabilities in write and execute case

Change-Id: Ic9abc53cd0aafa1fd6272fab8191493c609ea995
---
 fs/vfs/operation/fs_other.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/fs/vfs/operation/fs_other.c b/fs/vfs/operation/fs_other.c
index fa935f96..3b81073d 100644
--- a/fs/vfs/operation/fs_other.c
+++ b/fs/vfs/operation/fs_other.c
@@ -107,20 +107,21 @@ int VfsPermissionCheck(uint fuid, uint fgid, uint fileMode, int accMode)
 
     tmpMode = 0;
     if (S_ISDIR(fileMode)) {
-        if (((uint)accMode & EXEC_OP) && (IsCapPermit(CAP_DAC_READ_SEARCH))) {
+        if (IsCapPermit(CAP_DAC_EXECUTE)
+            || (!((uint)accMode & WRITE_OP) && IsCapPermit(CAP_DAC_READ_SEARCH))) {
             tmpMode |= EXEC_OP;
         }
     } else {
-        if (((uint)accMode & EXEC_OP) && (IsCapPermit(CAP_DAC_EXECUTE)) && (fileMode & MODE_IXUGO)) {
+        if (IsCapPermit(CAP_DAC_EXECUTE) && (fileMode & MODE_IXUGO)) {
             tmpMode |= EXEC_OP;
         }
     }
 
-    if (((uint)accMode & WRITE_OP) && IsCapPermit(CAP_DAC_WRITE)) {
+    if (IsCapPermit(CAP_DAC_WRITE)) {
         tmpMode |= WRITE_OP;
     }
 
-    if (((uint)accMode & READ_OP) && IsCapPermit(CAP_DAC_READ_SEARCH)) {
+    if (IsCapPermit(CAP_DAC_READ_SEARCH)) {
         tmpMode |= READ_OP;
     }
 
-- 
GitLab