LadybirdBrowser/ladybird
1
1
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-11-11 01:06:01 +03:00
Code Issues Packages Projects Releases Wiki Activity
9d41dd2ed0
ladybird/Kernel/Syscalls/unveil.cpp

118 lines
4.3 KiB
C++
Raw Normal View History

Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-31 00:38:15 +03:00
/*
* Copyright (c) 2018-2020, Andreas Kling <kling@serenityos.org>
*
Everything: Move to SPDX license identifiers in all files. SPDX License Identifiers are a more compact / standardized way of representing file license information. See: https://spdx.dev/resources/use/#identifiers This was done with the `ambr` search and replace tool. ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt *
2021-04-22 11:24:48 +03:00
* SPDX-License-Identifier: BSD-2-Clause
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-31 00:38:15 +03:00
*/
Kernel: Prevent `unveil` returning ENOENT with cpath permissions This addresses the issue first enountered in #3644. If a path is first unveiled with "c" permissions, we should NOT return ENOENT if the node does not exist on the disk, as the program will most likely be creating it at a later time.
2020-11-05 10:12:23 +03:00
#include <AK/LexicalPath.h>
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-31 00:38:15 +03:00
#include <AK/StringView.h>
#include <Kernel/FileSystem/Custody.h>
#include <Kernel/FileSystem/VirtualFileSystem.h>
#include <Kernel/Process.h>
namespace Kernel {
Kernel: Make all syscall functions return KResultOr<T> This makes it a lot easier to return errors since we no longer have to worry about negating EFOO errors and can just return them flat.
2021-03-01 15:49:16 +03:00
KResultOr<int> Process::sys$unveil(Userspace<const Syscall::SC_unveil_params*> user_params)
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-31 00:38:15 +03:00
{
Syscall::SC_unveil_params params;
Kernel: Make copy_to/from_user safe and remove unnecessary checks Since the CPU already does almost all necessary validation steps for us, we don't really need to attempt to do this. Doing it ourselves doesn't really work very reliably, because we'd have to account for other processors modifying virtual memory, and we'd have to account for e.g. pages not being able to be allocated due to insufficient resources. So change the copy_to/from_user (and associated helper functions) to use the new safe_memcpy, which will return whether it succeeded or not. The only manual validation step needed (which the CPU can't perform for us) is making sure the pointers provided by user mode aren't pointing to kernel mappings. To make it easier to read/write from/to either kernel or user mode data add the UserOrKernelBuffer helper class, which will internally either use copy_from/to_user or directly memcpy, or pass the data through directly using a temporary buffer on the stack. Last but not least we need to keep syscall params trivial as we need to copy them from/to user mode using copy_from/to_user.
2020-09-12 06:11:07 +03:00
if (!copy_from_user(&params, user_params))
Kernel: Make all syscall functions return KResultOr<T> This makes it a lot easier to return errors since we no longer have to worry about negating EFOO errors and can just return them flat.
2021-03-01 15:49:16 +03:00
return EFAULT;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-31 00:38:15 +03:00
if (!params.path.characters && !params.permissions.characters) {
m_veil_state = VeilState::Locked;
return 0;
}
if (m_veil_state == VeilState::Locked)
Kernel: Make all syscall functions return KResultOr<T> This makes it a lot easier to return errors since we no longer have to worry about negating EFOO errors and can just return them flat.
2021-03-01 15:49:16 +03:00
return EPERM;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-31 00:38:15 +03:00
if (!params.path.characters || !params.permissions.characters)
Kernel: Make all syscall functions return KResultOr<T> This makes it a lot easier to return errors since we no longer have to worry about negating EFOO errors and can just return them flat.
2021-03-01 15:49:16 +03:00
return EINVAL;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-31 00:38:15 +03:00
Kernel: Add unveil('b') This is a new "browse" permission that lets you open (and subsequently list contents of) directories underneath the path, but not regular files or any other types of files.
2020-11-21 22:55:20 +03:00
if (params.permissions.length > 5)
Kernel: Make all syscall functions return KResultOr<T> This makes it a lot easier to return errors since we no longer have to worry about negating EFOO errors and can just return them flat.
2021-03-01 15:49:16 +03:00
return EINVAL;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-31 00:38:15 +03:00
Kernel: Convert Process::get_syscall_path_argument() to KString This API now returns a KResultOr<NonnullOwnPtr<KString>> and allocation failures should be propagated everywhere nicely. :^)
2021-05-29 17:59:40 +03:00
auto path_or_error = get_syscall_path_argument(params.path);
if (path_or_error.is_error())
return path_or_error.error();
auto& path = *path_or_error.value();
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-31 00:38:15 +03:00
Kernel: Convert Process::get_syscall_path_argument() to KString This API now returns a KResultOr<NonnullOwnPtr<KString>> and allocation failures should be propagated everywhere nicely. :^)
2021-05-29 17:59:40 +03:00
if (path.is_empty() || !path.view().starts_with('/'))
Kernel: Make all syscall functions return KResultOr<T> This makes it a lot easier to return errors since we no longer have to worry about negating EFOO errors and can just return them flat.
2021-03-01 15:49:16 +03:00
return EINVAL;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-31 00:38:15 +03:00
Kernel: Make copy_to/from_user safe and remove unnecessary checks Since the CPU already does almost all necessary validation steps for us, we don't really need to attempt to do this. Doing it ourselves doesn't really work very reliably, because we'd have to account for other processors modifying virtual memory, and we'd have to account for e.g. pages not being able to be allocated due to insufficient resources. So change the copy_to/from_user (and associated helper functions) to use the new safe_memcpy, which will return whether it succeeded or not. The only manual validation step needed (which the CPU can't perform for us) is making sure the pointers provided by user mode aren't pointing to kernel mappings. To make it easier to read/write from/to either kernel or user mode data add the UserOrKernelBuffer helper class, which will internally either use copy_from/to_user or directly memcpy, or pass the data through directly using a temporary buffer on the stack. Last but not least we need to keep syscall params trivial as we need to copy them from/to user mode using copy_from/to_user.
2020-09-12 06:11:07 +03:00
auto permissions = copy_string_from_user(params.permissions);
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-31 00:38:15 +03:00
if (permissions.is_null())
Kernel: Make all syscall functions return KResultOr<T> This makes it a lot easier to return errors since we no longer have to worry about negating EFOO errors and can just return them flat.
2021-03-01 15:49:16 +03:00
return EFAULT;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-31 00:38:15 +03:00
Kernel: Prevent `unveil` returning ENOENT with cpath permissions This addresses the issue first enountered in #3644. If a path is first unveiled with "c" permissions, we should NOT return ENOENT if the node does not exist on the disk, as the program will most likely be creating it at a later time.
2020-11-05 10:12:23 +03:00
// Let's work out permissions first...
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-31 00:38:15 +03:00
unsigned new_permissions = 0;
Kernel: Use for-each loops in unveil syscall
2020-08-02 22:06:39 +03:00
for (const char permission : permissions) {
switch (permission) {
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-31 00:38:15 +03:00
case 'r':
Kernel: Implement unveil() as a prefix-tree Fixes #4530.
2020-12-26 13:24:34 +03:00
new_permissions |= UnveilAccess::Read;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-31 00:38:15 +03:00
break;
case 'w':
Kernel: Implement unveil() as a prefix-tree Fixes #4530.
2020-12-26 13:24:34 +03:00
new_permissions |= UnveilAccess::Write;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-31 00:38:15 +03:00
break;
case 'x':
Kernel: Implement unveil() as a prefix-tree Fixes #4530.
2020-12-26 13:24:34 +03:00
new_permissions |= UnveilAccess::Execute;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-31 00:38:15 +03:00
break;
case 'c':
Kernel: Implement unveil() as a prefix-tree Fixes #4530.
2020-12-26 13:24:34 +03:00
new_permissions |= UnveilAccess::CreateOrRemove;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-31 00:38:15 +03:00
break;
Kernel: Add unveil('b') This is a new "browse" permission that lets you open (and subsequently list contents of) directories underneath the path, but not regular files or any other types of files.
2020-11-21 22:55:20 +03:00
case 'b':
Kernel: Implement unveil() as a prefix-tree Fixes #4530.
2020-12-26 13:24:34 +03:00
new_permissions |= UnveilAccess::Browse;
Kernel: Add unveil('b') This is a new "browse" permission that lets you open (and subsequently list contents of) directories underneath the path, but not regular files or any other types of files.
2020-11-21 22:55:20 +03:00
break;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-31 00:38:15 +03:00
default:
Kernel: Make all syscall functions return KResultOr<T> This makes it a lot easier to return errors since we no longer have to worry about negating EFOO errors and can just return them flat.
2021-03-01 15:49:16 +03:00
return EINVAL;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-31 00:38:15 +03:00
}
}
Kernel: Prevent `unveil` returning ENOENT with cpath permissions This addresses the issue first enountered in #3644. If a path is first unveiled with "c" permissions, we should NOT return ENOENT if the node does not exist on the disk, as the program will most likely be creating it at a later time.
2020-11-05 10:12:23 +03:00
// Now, let's try and resolve the path and obtain custody of the inode on the disk, and if not, bail out with
// the error from resolve_path_without_veil()
// However, if the user specified unveil() with "c" permissions, we don't set errno if ENOENT is encountered,
// because they most likely intend the program to create the file for them later on.
// If this case is encountered, the parent node of the path is returned and the custody of that inode is used instead.
RefPtr<Custody> parent_custody; // Parent inode in case of ENOENT
String new_unveiled_path;
Kernel: Convert Process::get_syscall_path_argument() to KString This API now returns a KResultOr<NonnullOwnPtr<KString>> and allocation failures should be propagated everywhere nicely. :^)
2021-05-29 17:59:40 +03:00
auto custody_or_error = VFS::the().resolve_path_without_veil(path.view(), root_directory(), &parent_custody);
Kernel: Prevent `unveil` returning ENOENT with cpath permissions This addresses the issue first enountered in #3644. If a path is first unveiled with "c" permissions, we should NOT return ENOENT if the node does not exist on the disk, as the program will most likely be creating it at a later time.
2020-11-05 10:12:23 +03:00
if (!custody_or_error.is_error()) {
new_unveiled_path = custody_or_error.value()->absolute_path();
Kernel: Implement unveil() as a prefix-tree Fixes #4530.
2020-12-26 13:24:34 +03:00
} else if (custody_or_error.error() == -ENOENT && parent_custody && (new_permissions & UnveilAccess::CreateOrRemove)) {
Kernel: Convert Process::get_syscall_path_argument() to KString This API now returns a KResultOr<NonnullOwnPtr<KString>> and allocation failures should be propagated everywhere nicely. :^)
2021-05-29 17:59:40 +03:00
String basename = LexicalPath(path.view()).basename();
Kernel: Prevent `unveil` returning ENOENT with cpath permissions This addresses the issue first enountered in #3644. If a path is first unveiled with "c" permissions, we should NOT return ENOENT if the node does not exist on the disk, as the program will most likely be creating it at a later time.
2020-11-05 10:12:23 +03:00
new_unveiled_path = String::formatted("{}/{}", parent_custody->absolute_path(), basename);
} else {
// FIXME Should this be EINVAL?
return custody_or_error.error();
}
Kernel: Implement unveil() as a prefix-tree Fixes #4530.
2020-12-26 13:24:34 +03:00
LexicalPath lexical_path(new_unveiled_path);
auto it = lexical_path.parts().begin();
auto& matching_node = m_unveiled_paths.traverse_until_last_accessible_node(it, lexical_path.parts().end());
if (it.is_end()) {
Kernel: Allow 'elevating' unveil permissions if implicitly inherited from '/' This can happen when an unveil follows another with a path that is a sub-path of the other one: ```c++ unveil("/home/anon/.config/whoa.ini", "rw"); unveil("/home/anon", "r"); // this would fail, as "/home/anon" inherits // the permissions of "/", which is None. ```
2020-12-26 17:24:01 +03:00
auto old_permissions = matching_node.permissions();
// Allow "elevating" the permissions when the permissions are inherited from root (/),
// as that would be the first time this path is unveiled.
if (old_permissions != UnveilAccess::None || !matching_node.permissions_inherited_from_root()) {
if (new_permissions & ~old_permissions)
Kernel: Make all syscall functions return KResultOr<T> This makes it a lot easier to return errors since we no longer have to worry about negating EFOO errors and can just return them flat.
2021-03-01 15:49:16 +03:00
return EPERM;
Kernel: Allow 'elevating' unveil permissions if implicitly inherited from '/' This can happen when an unveil follows another with a path that is a sub-path of the other one: ```c++ unveil("/home/anon/.config/whoa.ini", "rw"); unveil("/home/anon", "r"); // this would fail, as "/home/anon" inherits // the permissions of "/", which is None. ```
2020-12-26 17:24:01 +03:00
}
matching_node.set_metadata({ matching_node.path(), (UnveilAccess)new_permissions, true, false });
Kernel: Implement unveil() as a prefix-tree Fixes #4530.
2020-12-26 13:24:34 +03:00
return 0;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-31 00:38:15 +03:00
}
Kernel: Implement unveil() as a prefix-tree Fixes #4530.
2020-12-26 13:24:34 +03:00
matching_node.insert(
it,
lexical_path.parts().end(),
{ new_unveiled_path, (UnveilAccess)new_permissions, true },
Kernel: Use LexicalPath to avoid two consecutive slashes in unveil path This patch fixes a bug in the unveil syscall where an UnveilNode's path would start with two slashes if it's parent node was "/".
2021-06-06 20:19:59 +03:00
[](auto& parent, auto& it) -> Optional<UnveilMetadata> {
auto path = LexicalPath::join(parent.path(), *it).string();
return UnveilMetadata { path, parent.permissions(), false, parent.permissions_inherited_from_root() };
});
Everywhere: Rename ASSERT => VERIFY (...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED) Since all of these checks are done in release builds as well, let's rename them to VERIFY to prevent confusion, as everyone is used to assertions being compiled out in release. We can introduce a new ASSERT macro that is specifically for debug checks, but I'm doing this wholesale conversion first since we've accumulated thousands of these already, and it's not immediately obvious which ones are suitable for ASSERT.
2021-02-23 22:42:32 +03:00
VERIFY(m_veil_state != VeilState::Locked);
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-31 00:38:15 +03:00
m_veil_state = VeilState::Dropped;
return 0;
}
}
Reference in New Issue Copy Permalink