About half of the usages were not using `force` anyways, and the other
half presumably just got confused about what "force" really means in
this context (which is "ignore nonexistent files").
The only 'legitimate' user, which is `rm`, instead now handles this
completely internally instead.
`Core::Stream::File` shouldn't hold any utility methods that are
unrelated to constructing a `Core::Stream`, so let's just replace the
existing `Core::File::exists` with the nicer looking implementation.
We have a new, improved string type coming up in AK (OOM aware, no null
state), and while it's going to use UTF-8, the name UTF8String is a
mouthful - so let's free up the String name by renaming the existing
class.
Making the old one have an annoying name will hopefully also help with
quick adoption :^)
We previously had at least three different implementations for resolving
executables in the PATH, all of which had slightly different
characteristics.
Merge those into a single implementation to keep the behaviour
consistent, and maybe to make that implementation more configurable in
the future.
The existing File::is_device() helpers don't distinguish between
block and char devices. This commit adds File::is_block_device() and
File::is_char_device() helpers which are more specific.
This converts the return value of File::read_link() from String to
ErrorOr<String>.
The rest of the change is to support the potential of an Error being
returned and subsequent release of the value when no Error is returned.
Unfortunately at this stage none of the places affected can utililize
our TRY() macro.
Returns the size in bytes for a file path given its filename. Useful
when file size is needed without having to open the file to query it
using fstat() or seeking to the end.
File::link_file takes the dst_path then the src_path so on duplicate
names we tried to create a link at the original file location, which
then flipped the parameters back round again and we ended up with a
broken link from "dst_path (1)" to "src_path (1)".
This will generate absolute paths lexically rather than through a call
to realpath. The motivation for this is to generate absolute paths for
non-existent files in unveil calls, as realpath will not work if the
file does not exist.
This changes the m_parts, m_dirname, m_basename, m_title and m_extension
member variables to StringViews onto the m_string String. It also
removes the m_is_absolute member in favour of computing if a path is
absolute in the is_absolute() getter. Due to this, the canonicalize()
method has been completely rewritten.
The parts() getter still returns a Vector<String>, although it is no
longer a const reference as m_parts is no longer a Vector<String>.
Rather, it is constructed from the StringViews in m_parts upon request.
The parts_view() getter has been added, which returns Vector<StringView>
const&. Most previous users of parts() have been changed to use
parts_view(), except where Strings are required.
Due to this change, it's is now no longer allow to create temporary
LexicalPath objects to call the dirname, basename, title, or extension
getters on them because the returned StringViews will point to possible
freed memory.
The LexicalPath instance methods dirname(), basename(), title() and
extension() will be changed to return StringView const& in a further
commit. Due to this, users creating temporary LexicalPath objects just
to call one of those getters will recieve a StringView const& pointing
to a possible freed buffer.
To avoid this, static methods for those APIs have been added, which will
return a String by value to avoid those problems. All cases where
temporary LexicalPath objects have been used as described above haven
been changed to use the static APIs.
This changes Core::File::open() to specify O_CLOEXEC by default
so that we don't leak file descriptors into child processes. The
new behavior can be overriden by specifying OpenMode::KeepOnExec.
SPDX License Identifiers are a more compact / standardized
way of representing file license information.
See: https://spdx.dev/resources/use/#identifiers
This was done with the `ambr` search and replace tool.
ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt *
(...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED)
Since all of these checks are done in release builds as well,
let's rename them to VERIFY to prevent confusion, as everyone is
used to assertions being compiled out in release.
We can introduce a new ASSERT macro that is specifically for debug
checks, but I'm doing this wholesale conversion first since we've
accumulated thousands of these already, and it's not immediately
obvious which ones are suitable for ASSERT.
FileManager, cp, mv, rm had some duplicated code, implementing basic
file management operations. This patch creates adds functions that try
to provide an interface suited for all these programs, but this patch
does not make them be used throughout the Userland.
They are added to Core::File following the example of functions such as
read_link/real_path_for.
This achieves two things:
- Programs can now intentionally perform arbitrary syscalls by calling
syscall(). This allows us to work on things like syscall fuzzing.
- It restricts the ability of userspace to make syscalls to a single
4KB page of code. In order to call the kernel directly, an attacker
must now locate this page and call through it.
