ANDROID: fuse-bpf: Move bpf earlier in fuse_permission

In the backing case, we initially want to call out to the fuse-bpf
implementation, and only fall back to userspace if that requests it.
Otherwise we end up making requests to userspace that the daemon may not
be equiped to respond to.

Change-Id: If3780aa8b7c45558717a9efba0b1781e8d63a3c0
Bug: 217570523
Test: generic/099
Signed-off-by: Daniel Rosenberg <drosen@google.com>

fs/fuse/dir.c

@@ -1514,7 +1514,6 @@ static int fuse_perm_getattr(struct inode *inode, int mask)
 		return -ECHILD;
 
 	forget_all_cached_acls(inode);
-	/* TODO: BPF stuff here? But we have no dentry for path for vfs_getattr */
 	return fuse_do_getattr(inode, NULL, NULL);
 }
 
@@ -1537,6 +1536,9 @@ static int fuse_permission(struct inode *inode, int mask)
 	bool refreshed = false;
 	int err = 0;
 	struct fuse_inode *fi = get_fuse_inode(inode);
+#ifdef CONFIG_FUSE_BPF
+	struct fuse_err_ret fer;
+#endif
 
 	if (fuse_is_bad(inode))
 		return -EIO;
@@ -1544,6 +1546,14 @@ static int fuse_permission(struct inode *inode, int mask)
 	if (!fuse_allow_current_process(fc))
 		return -EACCES;
 
+#ifdef CONFIG_FUSE_BPF
+	fer = fuse_bpf_backing(inode, struct fuse_access_in,
+			       fuse_access_initialize, fuse_access_backing,
+			       fuse_access_finalize, inode, mask);
+	if (fer.ret)
+		return PTR_ERR(fer.result);
+#endif
+
 	/*
 	 * If attributes are needed, refresh them before proceeding
 	 */
@@ -1588,10 +1598,6 @@ static int fuse_permission(struct inode *inode, int mask)
 			if (!err && !(inode->i_mode & S_IXUGO))
 				return -EACCES;
 		}
-#ifdef CONFIG_FUSE_BPF
-	} else if (!(mask & MAY_NOT_BLOCK) && fi->backing_inode) {
-		err = fuse_access(inode, mask);
-#endif
 	}
 	return err;
 }