LadybirdBrowser/ladybird
1
1
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-09-21 18:37:58 +03:00
Code Issues Packages Projects Releases Wiki Activity
57e10eadac
ladybird/Userland/Libraries/LibCore/File.cpp
Andreas Kling e87eac9273 Userland: Add LibSystem and funnel all syscalls through it 
This achieves two things:

- Programs can now intentionally perform arbitrary syscalls by calling
  syscall(). This allows us to work on things like syscall fuzzing.

- It restricts the ability of userspace to make syscalls to a single
  4KB page of code. In order to call the kernel directly, an attacker
  must now locate this page and call through it.
2021-02-05 12:23:39 +01:00

263 lines
7.6 KiB
C++
Raw Blame History

/*
* Copyright (c) 2018-2020, Andreas Kling <kling@serenityos.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifdef __serenity__
# include <serenity.h>
#endif
#include <AK/ScopeGuard.h>
#include <LibCore/File.h>
#include <errno.h>
#include <fcntl.h>
#include <libgen.h>
#include <stdio.h>
#include <string.h>
#include <sys/stat.h>
#include <unistd.h>
namespace Core {
Result<NonnullRefPtr<File>, String> File::open(const String& filename, IODevice::OpenMode mode, mode_t permissions)
{
auto file = File::construct(filename);
if (!file->open_impl(mode, permissions))
return String(file->error_string());
return file;
}
File::File(const StringView& filename, Object* parent)
: IODevice(parent)
, m_filename(filename)
{
}
File::~File()
{
if (m_should_close_file_descriptor == ShouldCloseFileDescriptor::Yes && mode() != NotOpen)
close();
}
bool File::open(int fd, IODevice::OpenMode mode, ShouldCloseFileDescriptor should_close)
{
set_fd(fd);
set_mode(mode);
m_should_close_file_descriptor = should_close;
return true;
}
bool File::open(IODevice::OpenMode mode)
{
return open_impl(mode, 0666);
}
bool File::open_impl(IODevice::OpenMode mode, mode_t permissions)
{
ASSERT(!m_filename.is_null());
int flags = 0;
if ((mode & IODevice::ReadWrite) == IODevice::ReadWrite) {
flags |= O_RDWR | O_CREAT;
} else if (mode & IODevice::ReadOnly) {
flags |= O_RDONLY;
} else if (mode & IODevice::WriteOnly) {
flags |= O_WRONLY | O_CREAT;
bool should_truncate = !((mode & IODevice::Append) || (mode & IODevice::MustBeNew));
if (should_truncate)
flags |= O_TRUNC;
}
if (mode & IODevice::Append)
flags |= O_APPEND;
if (mode & IODevice::Truncate)
flags |= O_TRUNC;
if (mode & IODevice::MustBeNew)
flags |= O_EXCL;
int fd = ::open(m_filename.characters(), flags, permissions);
if (fd < 0) {
set_error(errno);
return false;
}
set_fd(fd);
set_mode(mode);
return true;
}
bool File::is_directory() const
{
struct stat stat;
if (fstat(fd(), &stat) < 0)
return false;
return S_ISDIR(stat.st_mode);
}
bool File::is_directory(const String& filename)
{
struct stat st;
if (stat(filename.characters(), &st) < 0)
return false;
return S_ISDIR(st.st_mode);
}
bool File::exists(const String& filename)
{
struct stat st;
return stat(filename.characters(), &st) == 0;
}
String File::real_path_for(const String& filename)
{
if (filename.is_null())
return {};
auto* path = realpath(filename.characters(), nullptr);
String real_path(path);
free(path);
return real_path;
}
bool File::ensure_parent_directories(const String& path)
{
ASSERT(path.starts_with("/"));
int saved_errno = 0;
ScopeGuard restore_errno = [&saved_errno] { errno = saved_errno; };
char* parent_buffer = strdup(path.characters());
ScopeGuard free_buffer = [parent_buffer] { free(parent_buffer); };
const char* parent = dirname(parent_buffer);
int rc = mkdir(parent, 0755);
saved_errno = errno;
if (rc == 0 || errno == EEXIST)
return true;
if (errno != ENOENT)
return false;
bool ok = ensure_parent_directories(parent);
saved_errno = errno;
if (!ok)
return false;
rc = mkdir(parent, 0755);
saved_errno = errno;
return rc == 0;
}
#ifdef __serenity__
String File::read_link(const StringView& link_path)
{
// First, try using a 64-byte buffer, that ought to be enough for anybody.
char small_buffer[64];
int rc = serenity_readlink(link_path.characters_without_null_termination(), link_path.length(), small_buffer, sizeof(small_buffer));
if (rc < 0)
return {};
size_t size = rc;
// If the call was successful, the syscall (unlike the LibC wrapper)
// returns the full size of the link. Let's see if our small buffer
// was enough to read the whole link.
if (size <= sizeof(small_buffer))
return { small_buffer, size };
// Nope, but at least now we know the right size.
char* large_buffer_ptr;
auto large_buffer = StringImpl::create_uninitialized(size, large_buffer_ptr);
rc = serenity_readlink(link_path.characters_without_null_termination(), link_path.length(), large_buffer_ptr, size);
if (rc < 0)
return {};
size_t new_size = rc;
if (new_size == size)
return { *large_buffer };
// If we're here, the symlink has changed while we were looking at it.
// If it became shorter, our buffer is valid, we just have to trim it a bit.
if (new_size < size)
return { large_buffer_ptr, new_size };
// Otherwise, here's not much we can do, unless we want to loop endlessly
// in this case. Let's leave it up to the caller whether to loop.
errno = EAGAIN;
return {};
}
#else
// This is a sad version for other systems. It has to always make a copy of the
// link path, and to always make two syscalls to get the right size first.
String File::read_link(const StringView& link_path)
{
String link_path_str = link_path;
struct stat statbuf;
int rc = lstat(link_path_str.characters(), &statbuf);
if (rc < 0)
return {};
char* buffer_ptr;
auto buffer = StringImpl::create_uninitialized(statbuf.st_size, buffer_ptr);
rc = readlink(link_path_str.characters(), buffer_ptr, statbuf.st_size);
if (rc < 0)
return {};
// (See above.)
if (rc == statbuf.st_size)
return { *buffer };
return { buffer_ptr, (size_t)rc };
}
#endif
static RefPtr<File> stdin_file;
static RefPtr<File> stdout_file;
static RefPtr<File> stderr_file;
NonnullRefPtr<File> File::standard_input()
{
if (!stdin_file) {
stdin_file = File::construct();
stdin_file->open(STDIN_FILENO, IODevice::ReadOnly, ShouldCloseFileDescriptor::No);
}
return *stdin_file;
}
NonnullRefPtr<File> File::standard_output()
{
if (!stdout_file) {
stdout_file = File::construct();
stdout_file->open(STDOUT_FILENO, IODevice::WriteOnly, ShouldCloseFileDescriptor::No);
}
return *stdout_file;
}
NonnullRefPtr<File> File::standard_error()
{
if (!stderr_file) {
stderr_file = File::construct();
stderr_file->open(STDERR_FILENO, IODevice::WriteOnly, ShouldCloseFileDescriptor::No);
}
return *stderr_file;
}
}
Reference in New Issue View Git Blame Copy Permalink