2020-07-31 00:38:15 +03:00
|
|
|
/*
|
|
|
|
* Copyright (c) 2018-2020, Andreas Kling <kling@serenityos.org>
|
2021-06-06 22:03:19 +03:00
|
|
|
* Copyright (c) 2021, Max Wipfli <mail@maxwipfli.ch>
|
2020-07-31 00:38:15 +03:00
|
|
|
*
|
2021-04-22 11:24:48 +03:00
|
|
|
* SPDX-License-Identifier: BSD-2-Clause
|
2020-07-31 00:38:15 +03:00
|
|
|
*/
|
|
|
|
|
2020-11-05 10:12:23 +03:00
|
|
|
#include <AK/LexicalPath.h>
|
2020-07-31 00:38:15 +03:00
|
|
|
#include <AK/StringView.h>
|
|
|
|
#include <Kernel/FileSystem/Custody.h>
|
|
|
|
#include <Kernel/FileSystem/VirtualFileSystem.h>
|
|
|
|
#include <Kernel/Process.h>
|
|
|
|
|
|
|
|
namespace Kernel {
|
|
|
|
|
2021-06-06 23:12:04 +03:00
|
|
|
static void update_intermediate_node_permissions(UnveilNode& root_node, UnveilAccess new_permissions)
|
|
|
|
{
|
|
|
|
for (auto& entry : root_node.children()) {
|
|
|
|
auto& node = static_cast<UnveilNode&>(*entry.value);
|
|
|
|
if (node.was_explicitly_unveiled())
|
|
|
|
continue;
|
|
|
|
node.set_metadata({ node.path(), new_permissions, node.was_explicitly_unveiled() });
|
|
|
|
update_intermediate_node_permissions(node, new_permissions);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-06-28 21:59:35 +03:00
|
|
|
KResultOr<FlatPtr> Process::sys$unveil(Userspace<const Syscall::SC_unveil_params*> user_params)
|
2020-07-31 00:38:15 +03:00
|
|
|
{
|
|
|
|
Syscall::SC_unveil_params params;
|
2020-09-12 06:11:07 +03:00
|
|
|
if (!copy_from_user(¶ms, user_params))
|
2021-03-01 15:49:16 +03:00
|
|
|
return EFAULT;
|
2020-07-31 00:38:15 +03:00
|
|
|
|
|
|
|
if (!params.path.characters && !params.permissions.characters) {
|
|
|
|
m_veil_state = VeilState::Locked;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (m_veil_state == VeilState::Locked)
|
2021-03-01 15:49:16 +03:00
|
|
|
return EPERM;
|
2020-07-31 00:38:15 +03:00
|
|
|
|
|
|
|
if (!params.path.characters || !params.permissions.characters)
|
2021-03-01 15:49:16 +03:00
|
|
|
return EINVAL;
|
2020-07-31 00:38:15 +03:00
|
|
|
|
2020-11-21 22:55:20 +03:00
|
|
|
if (params.permissions.length > 5)
|
2021-03-01 15:49:16 +03:00
|
|
|
return EINVAL;
|
2020-07-31 00:38:15 +03:00
|
|
|
|
2021-05-29 17:59:40 +03:00
|
|
|
auto path_or_error = get_syscall_path_argument(params.path);
|
|
|
|
if (path_or_error.is_error())
|
|
|
|
return path_or_error.error();
|
|
|
|
auto& path = *path_or_error.value();
|
2020-07-31 00:38:15 +03:00
|
|
|
|
2021-05-29 17:59:40 +03:00
|
|
|
if (path.is_empty() || !path.view().starts_with('/'))
|
2021-03-01 15:49:16 +03:00
|
|
|
return EINVAL;
|
2020-07-31 00:38:15 +03:00
|
|
|
|
2020-09-12 06:11:07 +03:00
|
|
|
auto permissions = copy_string_from_user(params.permissions);
|
2020-07-31 00:38:15 +03:00
|
|
|
if (permissions.is_null())
|
2021-03-01 15:49:16 +03:00
|
|
|
return EFAULT;
|
2020-07-31 00:38:15 +03:00
|
|
|
|
2020-11-05 10:12:23 +03:00
|
|
|
// Let's work out permissions first...
|
2020-07-31 00:38:15 +03:00
|
|
|
unsigned new_permissions = 0;
|
2020-08-02 22:06:39 +03:00
|
|
|
for (const char permission : permissions) {
|
|
|
|
switch (permission) {
|
2020-07-31 00:38:15 +03:00
|
|
|
case 'r':
|
2020-12-26 13:24:34 +03:00
|
|
|
new_permissions |= UnveilAccess::Read;
|
2020-07-31 00:38:15 +03:00
|
|
|
break;
|
|
|
|
case 'w':
|
2020-12-26 13:24:34 +03:00
|
|
|
new_permissions |= UnveilAccess::Write;
|
2020-07-31 00:38:15 +03:00
|
|
|
break;
|
|
|
|
case 'x':
|
2020-12-26 13:24:34 +03:00
|
|
|
new_permissions |= UnveilAccess::Execute;
|
2020-07-31 00:38:15 +03:00
|
|
|
break;
|
|
|
|
case 'c':
|
2020-12-26 13:24:34 +03:00
|
|
|
new_permissions |= UnveilAccess::CreateOrRemove;
|
2020-07-31 00:38:15 +03:00
|
|
|
break;
|
2020-11-21 22:55:20 +03:00
|
|
|
case 'b':
|
2020-12-26 13:24:34 +03:00
|
|
|
new_permissions |= UnveilAccess::Browse;
|
2020-11-21 22:55:20 +03:00
|
|
|
break;
|
2020-07-31 00:38:15 +03:00
|
|
|
default:
|
2021-03-01 15:49:16 +03:00
|
|
|
return EINVAL;
|
2020-07-31 00:38:15 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-11-05 10:12:23 +03:00
|
|
|
// Now, let's try and resolve the path and obtain custody of the inode on the disk, and if not, bail out with
|
|
|
|
// the error from resolve_path_without_veil()
|
|
|
|
// However, if the user specified unveil() with "c" permissions, we don't set errno if ENOENT is encountered,
|
|
|
|
// because they most likely intend the program to create the file for them later on.
|
|
|
|
// If this case is encountered, the parent node of the path is returned and the custody of that inode is used instead.
|
|
|
|
RefPtr<Custody> parent_custody; // Parent inode in case of ENOENT
|
|
|
|
String new_unveiled_path;
|
2021-05-29 17:59:40 +03:00
|
|
|
auto custody_or_error = VFS::the().resolve_path_without_veil(path.view(), root_directory(), &parent_custody);
|
2020-11-05 10:12:23 +03:00
|
|
|
if (!custody_or_error.is_error()) {
|
|
|
|
new_unveiled_path = custody_or_error.value()->absolute_path();
|
2020-12-26 13:24:34 +03:00
|
|
|
} else if (custody_or_error.error() == -ENOENT && parent_custody && (new_permissions & UnveilAccess::CreateOrRemove)) {
|
2021-06-29 17:46:16 +03:00
|
|
|
String basename = LexicalPath::basename(path.view());
|
2020-11-05 10:12:23 +03:00
|
|
|
new_unveiled_path = String::formatted("{}/{}", parent_custody->absolute_path(), basename);
|
|
|
|
} else {
|
|
|
|
// FIXME Should this be EINVAL?
|
|
|
|
return custody_or_error.error();
|
|
|
|
}
|
|
|
|
|
2020-12-26 13:24:34 +03:00
|
|
|
LexicalPath lexical_path(new_unveiled_path);
|
AK+Everywhere: Use mostly StringView in LexicalPath
This changes the m_parts, m_dirname, m_basename, m_title and m_extension
member variables to StringViews onto the m_string String. It also
removes the m_is_absolute member in favour of computing if a path is
absolute in the is_absolute() getter. Due to this, the canonicalize()
method has been completely rewritten.
The parts() getter still returns a Vector<String>, although it is no
longer a const reference as m_parts is no longer a Vector<String>.
Rather, it is constructed from the StringViews in m_parts upon request.
The parts_view() getter has been added, which returns Vector<StringView>
const&. Most previous users of parts() have been changed to use
parts_view(), except where Strings are required.
Due to this change, it's is now no longer allow to create temporary
LexicalPath objects to call the dirname, basename, title, or extension
getters on them because the returned StringViews will point to possible
freed memory.
2021-06-29 18:06:21 +03:00
|
|
|
auto it = lexical_path.parts_view().begin();
|
|
|
|
auto& matching_node = m_unveiled_paths.traverse_until_last_accessible_node(it, lexical_path.parts_view().end());
|
2020-12-26 13:24:34 +03:00
|
|
|
if (it.is_end()) {
|
2021-06-06 22:03:19 +03:00
|
|
|
// If the path has already been explicitly unveiled, do not allow elevating its permissions.
|
|
|
|
if (matching_node.was_explicitly_unveiled()) {
|
|
|
|
if (new_permissions & ~matching_node.permissions())
|
2021-03-01 15:49:16 +03:00
|
|
|
return EPERM;
|
2020-12-26 17:24:01 +03:00
|
|
|
}
|
2021-06-06 23:12:04 +03:00
|
|
|
|
|
|
|
// It is possible that nodes that are "grandchildren" of the matching node have already been unveiled.
|
|
|
|
// This means that there may be intermediate nodes between this one and the unveiled "grandchildren"
|
|
|
|
// that inherited the current node's previous permissions. Those nodes now need their permissions
|
|
|
|
// updated to match the current node.
|
|
|
|
if (matching_node.permissions() != new_permissions)
|
|
|
|
update_intermediate_node_permissions(matching_node, (UnveilAccess)new_permissions);
|
|
|
|
|
2021-06-06 22:03:19 +03:00
|
|
|
matching_node.set_metadata({ matching_node.path(), (UnveilAccess)new_permissions, true });
|
2021-06-07 00:10:27 +03:00
|
|
|
m_veil_state = VeilState::Dropped;
|
2020-12-26 13:24:34 +03:00
|
|
|
return 0;
|
2020-07-31 00:38:15 +03:00
|
|
|
}
|
|
|
|
|
2020-12-26 13:24:34 +03:00
|
|
|
matching_node.insert(
|
|
|
|
it,
|
AK+Everywhere: Use mostly StringView in LexicalPath
This changes the m_parts, m_dirname, m_basename, m_title and m_extension
member variables to StringViews onto the m_string String. It also
removes the m_is_absolute member in favour of computing if a path is
absolute in the is_absolute() getter. Due to this, the canonicalize()
method has been completely rewritten.
The parts() getter still returns a Vector<String>, although it is no
longer a const reference as m_parts is no longer a Vector<String>.
Rather, it is constructed from the StringViews in m_parts upon request.
The parts_view() getter has been added, which returns Vector<StringView>
const&. Most previous users of parts() have been changed to use
parts_view(), except where Strings are required.
Due to this change, it's is now no longer allow to create temporary
LexicalPath objects to call the dirname, basename, title, or extension
getters on them because the returned StringViews will point to possible
freed memory.
2021-06-29 18:06:21 +03:00
|
|
|
lexical_path.parts_view().end(),
|
2020-12-26 13:24:34 +03:00
|
|
|
{ new_unveiled_path, (UnveilAccess)new_permissions, true },
|
2021-06-06 20:19:59 +03:00
|
|
|
[](auto& parent, auto& it) -> Optional<UnveilMetadata> {
|
|
|
|
auto path = LexicalPath::join(parent.path(), *it).string();
|
2021-06-06 22:03:19 +03:00
|
|
|
return UnveilMetadata { path, parent.permissions(), false };
|
2021-06-06 20:19:59 +03:00
|
|
|
});
|
2021-06-06 22:03:19 +03:00
|
|
|
|
2021-02-23 22:42:32 +03:00
|
|
|
VERIFY(m_veil_state != VeilState::Locked);
|
2020-07-31 00:38:15 +03:00
|
|
|
m_veil_state = VeilState::Dropped;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|