2020-01-18 08:38:21 +00:00
|
|
|
/*
|
|
|
|
* Copyright (c) 2018-2020, Andreas Kling <kling@serenityos.org>
|
|
|
|
*
|
2021-04-22 08:24:48 +00:00
|
|
|
* SPDX-License-Identifier: BSD-2-Clause
|
2020-01-18 08:38:21 +00:00
|
|
|
*/
|
|
|
|
|
2020-08-25 01:35:19 +00:00
|
|
|
#include <AK/Singleton.h>
|
2018-10-28 11:20:25 +00:00
|
|
|
#include <AK/StringBuilder.h>
|
2021-01-25 15:07:10 +00:00
|
|
|
#include <Kernel/Debug.h>
|
2020-02-16 00:50:16 +00:00
|
|
|
#include <Kernel/Devices/BlockDevice.h>
|
2019-05-30 15:46:08 +00:00
|
|
|
#include <Kernel/FileSystem/Custody.h>
|
2020-04-06 08:54:21 +00:00
|
|
|
#include <Kernel/FileSystem/FileBackedFileSystem.h>
|
2019-06-07 09:43:58 +00:00
|
|
|
#include <Kernel/FileSystem/FileDescription.h>
|
2019-06-07 17:29:34 +00:00
|
|
|
#include <Kernel/FileSystem/FileSystem.h>
|
|
|
|
#include <Kernel/FileSystem/VirtualFileSystem.h>
|
2021-07-06 09:21:52 +00:00
|
|
|
#include <Kernel/KLexicalPath.h>
|
2020-02-16 00:27:42 +00:00
|
|
|
#include <Kernel/KSyms.h>
|
2019-06-07 09:43:58 +00:00
|
|
|
#include <Kernel/Process.h>
|
2021-06-22 15:40:16 +00:00
|
|
|
#include <Kernel/Sections.h>
|
2019-06-07 09:43:58 +00:00
|
|
|
#include <LibC/errno_numbers.h>
|
2018-10-10 09:53:07 +00:00
|
|
|
|
2020-02-16 00:27:42 +00:00
|
|
|
namespace Kernel {
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
static AK::Singleton<VirtualFileSystem> s_the;
|
2019-12-24 09:39:21 +00:00
|
|
|
static constexpr int symlink_recursion_limit { 5 }; // FIXME: increase?
|
2020-05-28 15:06:13 +00:00
|
|
|
static constexpr int root_mount_flags = MS_NODEV | MS_NOSUID | MS_RDONLY;
|
2018-10-18 08:27:07 +00:00
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
UNMAP_AFTER_INIT void VirtualFileSystem::initialize()
|
2020-08-25 01:35:19 +00:00
|
|
|
{
|
|
|
|
s_the.ensure_instance();
|
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
VirtualFileSystem& VirtualFileSystem::the()
|
2018-10-18 08:27:07 +00:00
|
|
|
{
|
|
|
|
return *s_the;
|
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
UNMAP_AFTER_INIT VirtualFileSystem::VirtualFileSystem()
|
2018-10-10 09:53:07 +00:00
|
|
|
{
|
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
UNMAP_AFTER_INIT VirtualFileSystem::~VirtualFileSystem()
|
2018-10-10 09:53:07 +00:00
|
|
|
{
|
2018-10-30 14:33:37 +00:00
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
InodeIdentifier VirtualFileSystem::root_inode_id() const
|
2018-11-18 22:28:43 +00:00
|
|
|
{
|
2021-02-23 19:42:32 +00:00
|
|
|
VERIFY(m_root_inode);
|
2019-01-16 11:57:07 +00:00
|
|
|
return m_root_inode->identifier();
|
2018-11-18 22:28:43 +00:00
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
KResult VirtualFileSystem::mount(FileSystem& fs, Custody& mount_point, int flags)
|
2019-08-02 17:03:50 +00:00
|
|
|
{
|
2021-07-17 23:13:34 +00:00
|
|
|
MutexLocker locker(m_lock);
|
2020-05-28 15:46:16 +00:00
|
|
|
|
2019-08-02 17:03:50 +00:00
|
|
|
auto& inode = mount_point.inode();
|
2021-07-10 22:25:24 +00:00
|
|
|
dbgln("VirtualFileSystem: Mounting {} at {} (inode: {}) with flags {}",
|
2021-07-10 22:20:38 +00:00
|
|
|
fs.class_name(),
|
2021-07-06 10:58:03 +00:00
|
|
|
mount_point.try_create_absolute_path(),
|
2021-01-10 14:17:54 +00:00
|
|
|
inode.identifier(),
|
|
|
|
flags);
|
2019-08-02 17:03:50 +00:00
|
|
|
// FIXME: check that this is not already a mount point
|
2021-07-10 22:20:38 +00:00
|
|
|
Mount mount { fs, &mount_point, flags };
|
2019-08-02 17:03:50 +00:00
|
|
|
m_mounts.append(move(mount));
|
|
|
|
return KSuccess;
|
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
KResult VirtualFileSystem::bind_mount(Custody& source, Custody& mount_point, int flags)
|
2020-01-11 16:08:35 +00:00
|
|
|
{
|
2021-07-17 23:13:34 +00:00
|
|
|
MutexLocker locker(m_lock);
|
2020-05-28 15:46:16 +00:00
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
dbgln("VirtualFileSystem: Bind-mounting {} at {}", source.try_create_absolute_path(), mount_point.try_create_absolute_path());
|
2020-01-11 16:08:35 +00:00
|
|
|
// FIXME: check that this is not already a mount point
|
2020-01-12 16:22:24 +00:00
|
|
|
Mount mount { source.inode(), mount_point, flags };
|
2020-01-11 16:08:35 +00:00
|
|
|
m_mounts.append(move(mount));
|
|
|
|
return KSuccess;
|
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
KResult VirtualFileSystem::remount(Custody& mount_point, int new_flags)
|
2020-05-28 18:12:13 +00:00
|
|
|
{
|
2021-07-17 23:13:34 +00:00
|
|
|
MutexLocker locker(m_lock);
|
2020-05-28 18:12:13 +00:00
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
dbgln("VirtualFileSystem: Remounting {}", mount_point.try_create_absolute_path());
|
2020-05-28 18:12:13 +00:00
|
|
|
|
2021-07-10 22:50:08 +00:00
|
|
|
Mount* mount = find_mount_for_guest(mount_point.inode().identifier());
|
2020-05-28 18:12:13 +00:00
|
|
|
if (!mount)
|
2021-01-20 22:11:17 +00:00
|
|
|
return ENODEV;
|
2020-05-28 18:12:13 +00:00
|
|
|
|
|
|
|
mount->set_flags(new_flags);
|
|
|
|
return KSuccess;
|
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
KResult VirtualFileSystem::unmount(Inode& guest_inode)
|
2019-08-11 13:56:39 +00:00
|
|
|
{
|
2021-07-17 23:13:34 +00:00
|
|
|
MutexLocker locker(m_lock);
|
2021-07-10 22:25:24 +00:00
|
|
|
dbgln("VirtualFileSystem: unmount called with inode {}", guest_inode.identifier());
|
2019-08-17 12:24:50 +00:00
|
|
|
|
2020-02-25 13:49:47 +00:00
|
|
|
for (size_t i = 0; i < m_mounts.size(); ++i) {
|
2019-08-17 12:24:50 +00:00
|
|
|
auto& mount = m_mounts.at(i);
|
2020-06-24 21:16:24 +00:00
|
|
|
if (&mount.guest() == &guest_inode) {
|
2021-04-10 22:40:38 +00:00
|
|
|
if (auto result = mount.guest_fs().prepare_to_unmount(); result.is_error()) {
|
2021-07-10 22:25:24 +00:00
|
|
|
dbgln("VirtualFileSystem: Failed to unmount!");
|
2019-08-17 12:24:50 +00:00
|
|
|
return result;
|
2019-08-11 13:56:39 +00:00
|
|
|
}
|
2021-07-10 22:25:24 +00:00
|
|
|
dbgln("VirtualFileSystem: found fs {} at mount index {}! Unmounting...", mount.guest_fs().fsid(), i);
|
2020-07-02 08:51:46 +00:00
|
|
|
m_mounts.unstable_take(i);
|
2019-08-11 13:56:39 +00:00
|
|
|
return KSuccess;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
dbgln("VirtualFileSystem: Nothing mounted on inode {}", guest_inode.identifier());
|
2021-01-20 22:11:17 +00:00
|
|
|
return ENODEV;
|
2019-08-11 13:56:39 +00:00
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
bool VirtualFileSystem::mount_root(FileSystem& fs)
|
2018-10-10 09:53:07 +00:00
|
|
|
{
|
2019-01-16 11:57:07 +00:00
|
|
|
if (m_root_inode) {
|
2021-07-10 22:25:24 +00:00
|
|
|
dmesgln("VirtualFileSystem: mount_root can't mount another root");
|
2018-10-10 09:53:07 +00:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2021-07-10 22:20:38 +00:00
|
|
|
Mount mount { fs, nullptr, root_mount_flags };
|
2018-10-10 09:53:07 +00:00
|
|
|
|
2021-07-17 23:50:47 +00:00
|
|
|
auto& root_inode = fs.root_inode();
|
|
|
|
if (!root_inode.is_directory()) {
|
|
|
|
dmesgln("VirtualFileSystem: root inode ({}) for / is not a directory :(", root_inode.identifier());
|
2018-10-10 09:53:07 +00:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2021-07-17 23:50:47 +00:00
|
|
|
m_root_inode = root_inode;
|
2021-07-10 22:33:27 +00:00
|
|
|
dmesgln("VirtualFileSystem: mounted root from {} ({})", fs.class_name(), static_cast<FileBackedFileSystem&>(fs).file_description().absolute_path());
|
2018-10-10 09:53:07 +00:00
|
|
|
|
2018-10-17 09:40:58 +00:00
|
|
|
m_mounts.append(move(mount));
|
2021-05-10 07:28:23 +00:00
|
|
|
|
2021-05-28 09:23:00 +00:00
|
|
|
auto custody_or_error = Custody::try_create(nullptr, "", *m_root_inode, root_mount_flags);
|
|
|
|
if (custody_or_error.is_error())
|
2021-05-10 07:28:23 +00:00
|
|
|
return false;
|
2021-05-28 09:23:00 +00:00
|
|
|
m_root_custody = custody_or_error.release_value();
|
2018-10-10 09:53:07 +00:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
auto VirtualFileSystem::find_mount_for_host(InodeIdentifier id) -> Mount*
|
2018-10-10 09:53:07 +00:00
|
|
|
{
|
|
|
|
for (auto& mount : m_mounts) {
|
2020-06-24 21:16:24 +00:00
|
|
|
if (mount.host() && mount.host()->identifier() == id)
|
|
|
|
return &mount;
|
|
|
|
}
|
|
|
|
return nullptr;
|
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
auto VirtualFileSystem::find_mount_for_guest(InodeIdentifier id) -> Mount*
|
2020-06-24 21:16:24 +00:00
|
|
|
{
|
|
|
|
for (auto& mount : m_mounts) {
|
|
|
|
if (mount.guest().identifier() == id)
|
2019-07-24 07:15:33 +00:00
|
|
|
return &mount;
|
2018-10-10 09:53:07 +00:00
|
|
|
}
|
|
|
|
return nullptr;
|
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
bool VirtualFileSystem::is_vfs_root(InodeIdentifier inode) const
|
2018-10-10 09:53:07 +00:00
|
|
|
{
|
2019-01-16 11:57:07 +00:00
|
|
|
return inode == root_inode_id();
|
2018-10-10 09:53:07 +00:00
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
KResult VirtualFileSystem::traverse_directory_inode(Inode& dir_inode, Function<bool(FileSystem::DirectoryEntryView const&)> callback)
|
2018-10-10 09:53:07 +00:00
|
|
|
{
|
2020-08-18 10:41:27 +00:00
|
|
|
return dir_inode.traverse_as_directory([&](auto& entry) {
|
2019-01-31 16:31:23 +00:00
|
|
|
InodeIdentifier resolved_inode;
|
2018-11-15 14:10:12 +00:00
|
|
|
if (auto mount = find_mount_for_host(entry.inode))
|
2020-06-24 21:16:24 +00:00
|
|
|
resolved_inode = mount->guest().identifier();
|
2018-10-10 09:53:07 +00:00
|
|
|
else
|
2019-01-31 16:31:23 +00:00
|
|
|
resolved_inode = entry.inode;
|
2018-10-10 09:53:07 +00:00
|
|
|
|
2020-01-15 11:06:48 +00:00
|
|
|
// FIXME: This is now broken considering chroot and bind mounts.
|
2021-07-17 23:50:47 +00:00
|
|
|
bool is_root_inode = dir_inode.identifier() == dir_inode.fs().root_inode().identifier();
|
2020-08-18 10:41:27 +00:00
|
|
|
if (is_root_inode && !is_vfs_root(dir_inode.identifier()) && entry.name == "..") {
|
2021-07-10 22:50:08 +00:00
|
|
|
auto mount = find_mount_for_guest(dir_inode.identifier());
|
2021-02-23 19:42:32 +00:00
|
|
|
VERIFY(mount);
|
|
|
|
VERIFY(mount->host());
|
2020-06-24 21:16:24 +00:00
|
|
|
resolved_inode = mount->host()->identifier();
|
2018-10-10 09:53:07 +00:00
|
|
|
}
|
2020-08-18 10:41:27 +00:00
|
|
|
callback({ entry.name, resolved_inode, entry.file_type });
|
2018-10-10 09:53:07 +00:00
|
|
|
return true;
|
|
|
|
});
|
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
KResult VirtualFileSystem::utime(StringView path, Custody& base, time_t atime, time_t mtime)
|
2019-02-21 15:37:41 +00:00
|
|
|
{
|
2021-07-10 22:25:24 +00:00
|
|
|
auto custody_or_error = VirtualFileSystem::the().resolve_path(move(path), base);
|
2020-05-28 14:56:25 +00:00
|
|
|
if (custody_or_error.is_error())
|
|
|
|
return custody_or_error.error();
|
|
|
|
auto& custody = *custody_or_error.value();
|
|
|
|
auto& inode = custody.inode();
|
2020-06-28 21:34:31 +00:00
|
|
|
auto current_process = Process::current();
|
|
|
|
if (!current_process->is_superuser() && inode.metadata().uid != current_process->euid())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EACCES;
|
2020-05-28 14:56:25 +00:00
|
|
|
if (custody.is_readonly())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EROFS;
|
2019-03-06 21:14:31 +00:00
|
|
|
|
2021-04-30 13:51:06 +00:00
|
|
|
if (auto result = inode.set_atime(atime); result.is_error())
|
|
|
|
return result;
|
|
|
|
if (auto result = inode.set_mtime(mtime); result.is_error())
|
|
|
|
return result;
|
2019-02-25 19:47:56 +00:00
|
|
|
return KSuccess;
|
2019-02-21 15:37:41 +00:00
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
KResultOr<InodeMetadata> VirtualFileSystem::lookup_metadata(StringView path, Custody& base, int options)
|
2019-02-21 15:09:12 +00:00
|
|
|
{
|
2019-05-31 13:30:09 +00:00
|
|
|
auto custody_or_error = resolve_path(path, base, nullptr, options);
|
2019-05-30 16:58:59 +00:00
|
|
|
if (custody_or_error.is_error())
|
|
|
|
return custody_or_error.error();
|
2019-08-02 17:23:23 +00:00
|
|
|
return custody_or_error.value()->inode().metadata();
|
2019-02-21 15:09:12 +00:00
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
KResultOr<NonnullRefPtr<FileDescription>> VirtualFileSystem::open(StringView path, int options, mode_t mode, Custody& base, Optional<UidAndGid> owner)
|
2018-10-10 09:53:07 +00:00
|
|
|
{
|
2020-01-03 01:23:50 +00:00
|
|
|
if ((options & O_CREAT) && (options & O_DIRECTORY))
|
2021-01-20 22:11:17 +00:00
|
|
|
return EINVAL;
|
2020-01-03 01:23:50 +00:00
|
|
|
|
2019-06-21 16:37:47 +00:00
|
|
|
RefPtr<Custody> parent_custody;
|
2019-06-09 17:52:03 +00:00
|
|
|
auto custody_or_error = resolve_path(path, base, &parent_custody, options);
|
2021-05-19 09:33:23 +00:00
|
|
|
if (custody_or_error.is_error()) {
|
|
|
|
// NOTE: ENOENT with a non-null parent custody signals us that the immediate parent
|
|
|
|
// of the file exists, but the file itself does not.
|
|
|
|
if ((options & O_CREAT) && custody_or_error.error() == -ENOENT && parent_custody)
|
2020-01-03 19:13:21 +00:00
|
|
|
return create(path, options, mode, *parent_custody, move(owner));
|
2019-05-30 16:58:59 +00:00
|
|
|
return custody_or_error.error();
|
2021-05-19 09:33:23 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if ((options & O_CREAT) && (options & O_EXCL))
|
|
|
|
return EEXIST;
|
2019-02-21 15:09:12 +00:00
|
|
|
|
2019-05-30 16:58:59 +00:00
|
|
|
auto& custody = *custody_or_error.value();
|
|
|
|
auto& inode = custody.inode();
|
|
|
|
auto metadata = inode.metadata();
|
2019-03-27 15:42:30 +00:00
|
|
|
|
2020-01-03 01:23:11 +00:00
|
|
|
if ((options & O_DIRECTORY) && !metadata.is_directory())
|
2021-01-20 22:11:17 +00:00
|
|
|
return ENOTDIR;
|
2020-01-03 01:23:11 +00:00
|
|
|
|
2019-03-27 15:42:30 +00:00
|
|
|
bool should_truncate_file = false;
|
2019-02-21 15:09:12 +00:00
|
|
|
|
2020-06-28 21:34:31 +00:00
|
|
|
auto current_process = Process::current();
|
|
|
|
if ((options & O_RDONLY) && !metadata.may_read(*current_process))
|
2021-01-20 22:11:17 +00:00
|
|
|
return EACCES;
|
2020-01-21 12:14:26 +00:00
|
|
|
|
|
|
|
if (options & O_WRONLY) {
|
2020-06-28 21:34:31 +00:00
|
|
|
if (!metadata.may_write(*current_process))
|
2021-01-20 22:11:17 +00:00
|
|
|
return EACCES;
|
2019-03-06 21:14:31 +00:00
|
|
|
if (metadata.is_directory())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EISDIR;
|
2019-03-27 15:42:30 +00:00
|
|
|
should_truncate_file = options & O_TRUNC;
|
2019-02-21 14:45:31 +00:00
|
|
|
}
|
2020-01-11 15:33:35 +00:00
|
|
|
if (options & O_EXEC) {
|
2020-06-28 21:34:31 +00:00
|
|
|
if (!metadata.may_execute(*current_process) || (custody.mount_flags() & MS_NOEXEC))
|
2021-01-20 22:11:17 +00:00
|
|
|
return EACCES;
|
2020-01-11 15:33:35 +00:00
|
|
|
}
|
2019-02-21 15:09:12 +00:00
|
|
|
|
2020-01-15 11:03:14 +00:00
|
|
|
if (auto preopen_fd = inode.preopen_fd())
|
|
|
|
return *preopen_fd;
|
|
|
|
|
2020-07-16 21:23:03 +00:00
|
|
|
if (metadata.is_fifo()) {
|
2020-12-31 01:10:31 +00:00
|
|
|
auto fifo = inode.fifo();
|
2020-07-16 21:23:03 +00:00
|
|
|
if (options & O_WRONLY) {
|
2020-09-17 19:51:09 +00:00
|
|
|
auto open_result = fifo->open_direction_blocking(FIFO::Direction::Writer);
|
|
|
|
if (open_result.is_error())
|
|
|
|
return open_result.error();
|
|
|
|
auto& description = open_result.value();
|
2020-07-16 21:23:03 +00:00
|
|
|
description->set_rw_mode(options);
|
|
|
|
description->set_file_flags(options);
|
|
|
|
description->set_original_inode({}, inode);
|
|
|
|
return description;
|
|
|
|
} else if (options & O_RDONLY) {
|
2020-09-17 19:51:09 +00:00
|
|
|
auto open_result = fifo->open_direction_blocking(FIFO::Direction::Reader);
|
|
|
|
if (open_result.is_error())
|
|
|
|
return open_result.error();
|
|
|
|
auto& description = open_result.value();
|
2020-07-16 21:23:03 +00:00
|
|
|
description->set_rw_mode(options);
|
|
|
|
description->set_file_flags(options);
|
|
|
|
description->set_original_inode({}, inode);
|
|
|
|
return description;
|
|
|
|
}
|
2021-01-20 22:11:17 +00:00
|
|
|
return EINVAL;
|
2020-07-16 21:23:03 +00:00
|
|
|
}
|
|
|
|
|
2019-02-21 15:09:12 +00:00
|
|
|
if (metadata.is_device()) {
|
2020-01-11 15:45:38 +00:00
|
|
|
if (custody.mount_flags() & MS_NODEV)
|
2021-01-20 22:11:17 +00:00
|
|
|
return EACCES;
|
2019-08-18 11:48:15 +00:00
|
|
|
auto device = Device::get_device(metadata.major_device, metadata.minor_device);
|
|
|
|
if (device == nullptr) {
|
2021-01-20 22:11:17 +00:00
|
|
|
return ENODEV;
|
2019-01-16 11:57:07 +00:00
|
|
|
}
|
2019-08-18 11:48:15 +00:00
|
|
|
auto descriptor_or_error = device->open(options);
|
2019-03-20 01:55:12 +00:00
|
|
|
if (descriptor_or_error.is_error())
|
|
|
|
return descriptor_or_error.error();
|
2019-05-31 13:44:04 +00:00
|
|
|
descriptor_or_error.value()->set_original_inode({}, inode);
|
2019-03-20 01:55:12 +00:00
|
|
|
return descriptor_or_error;
|
2019-01-16 11:57:07 +00:00
|
|
|
}
|
2020-05-28 14:56:25 +00:00
|
|
|
|
|
|
|
// Check for read-only FS. Do this after handling preopen FD and devices,
|
|
|
|
// but before modifying the inode in any way.
|
|
|
|
if ((options & O_WRONLY) && custody.is_readonly())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EROFS;
|
2020-05-28 14:56:25 +00:00
|
|
|
|
2020-01-08 12:57:22 +00:00
|
|
|
if (should_truncate_file) {
|
2021-04-30 13:51:06 +00:00
|
|
|
if (auto result = inode.truncate(0); result.is_error())
|
|
|
|
return result;
|
|
|
|
if (auto result = inode.set_mtime(kgettimeofday().to_truncated_seconds()); result.is_error())
|
2020-08-05 09:07:31 +00:00
|
|
|
return result;
|
2020-01-08 12:57:22 +00:00
|
|
|
}
|
2020-01-18 22:15:52 +00:00
|
|
|
auto description = FileDescription::create(custody);
|
2020-09-17 19:51:09 +00:00
|
|
|
if (!description.is_error()) {
|
|
|
|
description.value()->set_rw_mode(options);
|
|
|
|
description.value()->set_file_flags(options);
|
|
|
|
}
|
2020-01-18 22:15:52 +00:00
|
|
|
return description;
|
2018-10-10 09:53:07 +00:00
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
KResult VirtualFileSystem::mknod(StringView path, mode_t mode, dev_t dev, Custody& base)
|
2019-05-03 20:59:58 +00:00
|
|
|
{
|
|
|
|
if (!is_regular_file(mode) && !is_block_device(mode) && !is_character_device(mode) && !is_fifo(mode) && !is_socket(mode))
|
2021-01-20 22:11:17 +00:00
|
|
|
return EINVAL;
|
2019-05-03 20:59:58 +00:00
|
|
|
|
2019-06-21 16:37:47 +00:00
|
|
|
RefPtr<Custody> parent_custody;
|
2019-05-31 13:30:09 +00:00
|
|
|
auto existing_file_or_error = resolve_path(path, base, &parent_custody);
|
2019-05-03 20:59:58 +00:00
|
|
|
if (!existing_file_or_error.is_error())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EEXIST;
|
2019-05-30 16:58:59 +00:00
|
|
|
if (!parent_custody)
|
2021-01-20 22:11:17 +00:00
|
|
|
return ENOENT;
|
2019-05-03 20:59:58 +00:00
|
|
|
if (existing_file_or_error.error() != -ENOENT)
|
|
|
|
return existing_file_or_error.error();
|
2019-05-30 16:58:59 +00:00
|
|
|
auto& parent_inode = parent_custody->inode();
|
2020-06-28 21:34:31 +00:00
|
|
|
auto current_process = Process::current();
|
|
|
|
if (!parent_inode.metadata().may_write(*current_process))
|
2021-01-20 22:11:17 +00:00
|
|
|
return EACCES;
|
2020-05-28 14:56:25 +00:00
|
|
|
if (parent_custody->is_readonly())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EROFS;
|
2019-05-03 20:59:58 +00:00
|
|
|
|
2021-07-06 09:21:52 +00:00
|
|
|
auto basename = KLexicalPath::basename(path);
|
2021-07-10 22:25:24 +00:00
|
|
|
dbgln("VirtualFileSystem::mknod: '{}' mode={} dev={} in {}", basename, mode, dev, parent_inode.identifier());
|
2021-07-05 15:56:00 +00:00
|
|
|
return parent_inode.create_child(basename, mode, dev, current_process->euid(), current_process->egid()).result();
|
2019-05-03 20:59:58 +00:00
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
KResultOr<NonnullRefPtr<FileDescription>> VirtualFileSystem::create(StringView path, int options, mode_t mode, Custody& parent_custody, Optional<UidAndGid> owner)
|
2018-10-10 09:53:07 +00:00
|
|
|
{
|
2021-07-06 09:21:52 +00:00
|
|
|
auto basename = KLexicalPath::basename(path);
|
2021-07-06 10:58:03 +00:00
|
|
|
auto parent_path = parent_custody.try_create_absolute_path();
|
|
|
|
if (!parent_path)
|
|
|
|
return ENOMEM;
|
|
|
|
auto full_path = KLexicalPath::try_join(parent_path->view(), basename);
|
2021-07-06 10:05:50 +00:00
|
|
|
if (!full_path)
|
|
|
|
return ENOMEM;
|
|
|
|
if (auto result = validate_path_against_process_veil(full_path->view(), options); result.is_error())
|
2020-04-04 14:40:36 +00:00
|
|
|
return result;
|
|
|
|
|
2021-01-24 07:31:18 +00:00
|
|
|
if (!is_socket(mode) && !is_fifo(mode) && !is_block_device(mode) && !is_character_device(mode)) {
|
|
|
|
// Turn it into a regular file. (This feels rather hackish.)
|
|
|
|
mode |= 0100000;
|
|
|
|
}
|
2019-01-23 03:29:56 +00:00
|
|
|
|
2019-06-09 17:52:03 +00:00
|
|
|
auto& parent_inode = parent_custody.inode();
|
2020-06-28 21:34:31 +00:00
|
|
|
auto current_process = Process::current();
|
|
|
|
if (!parent_inode.metadata().may_write(*current_process))
|
2021-01-20 22:11:17 +00:00
|
|
|
return EACCES;
|
2020-05-28 14:56:25 +00:00
|
|
|
if (parent_custody.is_readonly())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EROFS;
|
2020-05-28 14:56:25 +00:00
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
dbgln_if(VFS_DEBUG, "VirtualFileSystem::create: '{}' in {}", basename, parent_inode.identifier());
|
2021-01-21 08:56:18 +00:00
|
|
|
uid_t uid = owner.has_value() ? owner.value().uid : current_process->euid();
|
|
|
|
gid_t gid = owner.has_value() ? owner.value().gid : current_process->egid();
|
2021-07-05 15:56:00 +00:00
|
|
|
auto inode_or_error = parent_inode.create_child(basename, mode, 0, uid, gid);
|
2020-02-08 10:58:28 +00:00
|
|
|
if (inode_or_error.is_error())
|
|
|
|
return inode_or_error.error();
|
2019-01-21 23:58:13 +00:00
|
|
|
|
2021-07-05 15:56:00 +00:00
|
|
|
auto new_custody_or_error = Custody::try_create(&parent_custody, basename, inode_or_error.value(), parent_custody.mount_flags());
|
2021-05-28 09:23:00 +00:00
|
|
|
if (new_custody_or_error.is_error())
|
|
|
|
return new_custody_or_error.error();
|
|
|
|
auto description = FileDescription::create(*new_custody_or_error.release_value());
|
2020-09-17 19:51:09 +00:00
|
|
|
if (!description.is_error()) {
|
|
|
|
description.value()->set_rw_mode(options);
|
|
|
|
description.value()->set_file_flags(options);
|
|
|
|
}
|
2020-01-18 22:15:52 +00:00
|
|
|
return description;
|
2018-10-15 22:35:03 +00:00
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
KResult VirtualFileSystem::mkdir(StringView path, mode_t mode, Custody& base)
|
2018-10-15 22:35:03 +00:00
|
|
|
{
|
2020-02-20 14:28:36 +00:00
|
|
|
// Unlike in basically every other case, where it's only the last
|
|
|
|
// path component (the one being created) that is allowed not to
|
|
|
|
// exist, POSIX allows mkdir'ed path to have trailing slashes.
|
|
|
|
// Let's handle that case by trimming any trailing slashes.
|
2021-07-11 11:46:05 +00:00
|
|
|
path = path.trim("/"sv, TrimMode::Right);
|
|
|
|
if (path.is_empty()) {
|
|
|
|
// NOTE: This means the path was a series of slashes, which resolves to "/".
|
|
|
|
path = "/";
|
|
|
|
}
|
2020-02-20 14:28:36 +00:00
|
|
|
|
2019-06-21 16:37:47 +00:00
|
|
|
RefPtr<Custody> parent_custody;
|
2021-07-11 11:46:05 +00:00
|
|
|
auto result = resolve_path(path, base, &parent_custody);
|
|
|
|
if (!result.is_error())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EEXIST;
|
2021-04-10 22:40:38 +00:00
|
|
|
else if (!parent_custody)
|
2019-02-25 19:47:56 +00:00
|
|
|
return result.error();
|
2021-07-11 11:46:05 +00:00
|
|
|
// NOTE: If resolve_path fails with a non-null parent custody, the error should be ENOENT.
|
|
|
|
VERIFY(result.error() == -ENOENT);
|
2019-02-25 19:47:56 +00:00
|
|
|
|
2019-05-30 16:58:59 +00:00
|
|
|
auto& parent_inode = parent_custody->inode();
|
2020-06-28 21:34:31 +00:00
|
|
|
auto current_process = Process::current();
|
|
|
|
if (!parent_inode.metadata().may_write(*current_process))
|
2021-01-20 22:11:17 +00:00
|
|
|
return EACCES;
|
2020-05-28 14:56:25 +00:00
|
|
|
if (parent_custody->is_readonly())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EROFS;
|
2019-02-21 14:45:31 +00:00
|
|
|
|
2021-07-06 09:21:52 +00:00
|
|
|
auto basename = KLexicalPath::basename(path);
|
2021-07-10 22:25:24 +00:00
|
|
|
dbgln_if(VFS_DEBUG, "VirtualFileSystem::mkdir: '{}' in {}", basename, parent_inode.identifier());
|
2021-07-05 15:56:00 +00:00
|
|
|
return parent_inode.create_child(basename, S_IFDIR | mode, 0, current_process->euid(), current_process->egid()).result();
|
2018-10-10 09:53:07 +00:00
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
KResult VirtualFileSystem::access(StringView path, int mode, Custody& base)
|
2019-02-26 14:57:59 +00:00
|
|
|
{
|
2019-05-31 13:30:09 +00:00
|
|
|
auto custody_or_error = resolve_path(path, base);
|
2019-05-30 16:58:59 +00:00
|
|
|
if (custody_or_error.is_error())
|
|
|
|
return custody_or_error.error();
|
|
|
|
auto& custody = *custody_or_error.value();
|
|
|
|
auto& inode = custody.inode();
|
|
|
|
auto metadata = inode.metadata();
|
2020-06-28 21:34:31 +00:00
|
|
|
auto current_process = Process::current();
|
2019-02-26 14:57:59 +00:00
|
|
|
if (mode & R_OK) {
|
2020-06-28 21:34:31 +00:00
|
|
|
if (!metadata.may_read(*current_process))
|
2021-01-20 22:11:17 +00:00
|
|
|
return EACCES;
|
2019-02-26 14:57:59 +00:00
|
|
|
}
|
|
|
|
if (mode & W_OK) {
|
2020-06-28 21:34:31 +00:00
|
|
|
if (!metadata.may_write(*current_process))
|
2021-01-20 22:11:17 +00:00
|
|
|
return EACCES;
|
2020-05-28 14:56:25 +00:00
|
|
|
if (custody.is_readonly())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EROFS;
|
2019-02-26 14:57:59 +00:00
|
|
|
}
|
|
|
|
if (mode & X_OK) {
|
2020-06-28 21:34:31 +00:00
|
|
|
if (!metadata.may_execute(*current_process))
|
2021-01-20 22:11:17 +00:00
|
|
|
return EACCES;
|
2019-02-26 14:57:59 +00:00
|
|
|
}
|
|
|
|
return KSuccess;
|
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
KResultOr<NonnullRefPtr<Custody>> VirtualFileSystem::open_directory(StringView path, Custody& base)
|
2019-03-01 22:54:07 +00:00
|
|
|
{
|
2019-05-31 13:30:09 +00:00
|
|
|
auto inode_or_error = resolve_path(path, base);
|
2019-03-01 22:54:07 +00:00
|
|
|
if (inode_or_error.is_error())
|
|
|
|
return inode_or_error.error();
|
2019-05-30 16:58:59 +00:00
|
|
|
auto& custody = *inode_or_error.value();
|
|
|
|
auto& inode = custody.inode();
|
|
|
|
if (!inode.is_directory())
|
2021-01-20 22:11:17 +00:00
|
|
|
return ENOTDIR;
|
2020-06-28 21:34:31 +00:00
|
|
|
if (!inode.metadata().may_execute(*Process::current()))
|
2021-01-20 22:11:17 +00:00
|
|
|
return EACCES;
|
2019-05-30 16:58:59 +00:00
|
|
|
return custody;
|
2019-03-01 22:54:07 +00:00
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
KResult VirtualFileSystem::chmod(Custody& custody, mode_t mode)
|
2019-01-29 03:55:08 +00:00
|
|
|
{
|
2020-05-28 14:41:04 +00:00
|
|
|
auto& inode = custody.inode();
|
2019-02-21 14:45:31 +00:00
|
|
|
|
2020-06-28 21:34:31 +00:00
|
|
|
auto current_process = Process::current();
|
|
|
|
if (current_process->euid() != inode.metadata().uid && !current_process->is_superuser())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EPERM;
|
2020-05-28 14:56:25 +00:00
|
|
|
if (custody.is_readonly())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EROFS;
|
2019-01-29 03:55:08 +00:00
|
|
|
|
|
|
|
// Only change the permission bits.
|
2021-01-19 17:21:43 +00:00
|
|
|
mode = (inode.mode() & ~07777u) | (mode & 07777u);
|
2019-03-01 09:39:19 +00:00
|
|
|
return inode.chmod(mode);
|
|
|
|
}
|
2019-01-29 03:55:08 +00:00
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
KResult VirtualFileSystem::chmod(StringView path, mode_t mode, Custody& base)
|
2019-03-01 09:39:19 +00:00
|
|
|
{
|
2019-05-31 13:30:09 +00:00
|
|
|
auto custody_or_error = resolve_path(path, base);
|
2019-05-30 16:58:59 +00:00
|
|
|
if (custody_or_error.is_error())
|
|
|
|
return custody_or_error.error();
|
|
|
|
auto& custody = *custody_or_error.value();
|
2020-05-28 14:41:04 +00:00
|
|
|
return chmod(custody, mode);
|
2019-02-25 19:47:56 +00:00
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
KResult VirtualFileSystem::rename(StringView old_path, StringView new_path, Custody& base)
|
2019-04-07 21:35:26 +00:00
|
|
|
{
|
2019-06-21 16:37:47 +00:00
|
|
|
RefPtr<Custody> old_parent_custody;
|
2020-12-27 14:38:07 +00:00
|
|
|
auto old_custody_or_error = resolve_path(old_path, base, &old_parent_custody, O_NOFOLLOW_NOERROR);
|
2019-05-30 16:58:59 +00:00
|
|
|
if (old_custody_or_error.is_error())
|
|
|
|
return old_custody_or_error.error();
|
|
|
|
auto& old_custody = *old_custody_or_error.value();
|
|
|
|
auto& old_inode = old_custody.inode();
|
2019-04-07 21:35:26 +00:00
|
|
|
|
2019-06-21 16:37:47 +00:00
|
|
|
RefPtr<Custody> new_parent_custody;
|
2019-05-31 13:30:09 +00:00
|
|
|
auto new_custody_or_error = resolve_path(new_path, base, &new_parent_custody);
|
2019-05-30 16:58:59 +00:00
|
|
|
if (new_custody_or_error.is_error()) {
|
2020-02-20 14:33:14 +00:00
|
|
|
if (new_custody_or_error.error() != -ENOENT || !new_parent_custody)
|
2019-05-30 16:58:59 +00:00
|
|
|
return new_custody_or_error.error();
|
2019-04-07 21:35:26 +00:00
|
|
|
}
|
|
|
|
|
2021-05-06 17:35:34 +00:00
|
|
|
if (!old_parent_custody || !new_parent_custody) {
|
|
|
|
return EPERM;
|
|
|
|
}
|
|
|
|
|
2019-05-30 16:58:59 +00:00
|
|
|
auto& old_parent_inode = old_parent_custody->inode();
|
|
|
|
auto& new_parent_inode = new_parent_custody->inode();
|
|
|
|
|
2020-01-03 03:10:05 +00:00
|
|
|
if (&old_parent_inode.fs() != &new_parent_inode.fs())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EXDEV;
|
2020-01-03 03:10:05 +00:00
|
|
|
|
2020-11-01 16:17:23 +00:00
|
|
|
for (auto* new_ancestor = new_parent_custody.ptr(); new_ancestor; new_ancestor = new_ancestor->parent()) {
|
|
|
|
if (&old_inode == &new_ancestor->inode())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EDIRINTOSELF;
|
2020-11-01 16:17:23 +00:00
|
|
|
}
|
|
|
|
|
2020-06-28 21:34:31 +00:00
|
|
|
auto current_process = Process::current();
|
|
|
|
if (!new_parent_inode.metadata().may_write(*current_process))
|
2021-01-20 22:11:17 +00:00
|
|
|
return EACCES;
|
2019-04-07 21:35:26 +00:00
|
|
|
|
2020-06-28 21:34:31 +00:00
|
|
|
if (!old_parent_inode.metadata().may_write(*current_process))
|
2021-01-20 22:11:17 +00:00
|
|
|
return EACCES;
|
2019-04-07 21:35:26 +00:00
|
|
|
|
2019-05-30 16:58:59 +00:00
|
|
|
if (old_parent_inode.metadata().is_sticky()) {
|
2020-06-28 21:34:31 +00:00
|
|
|
if (!current_process->is_superuser() && old_inode.metadata().uid != current_process->euid())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EACCES;
|
2019-04-28 20:54:30 +00:00
|
|
|
}
|
|
|
|
|
2020-05-28 14:56:25 +00:00
|
|
|
if (old_parent_custody->is_readonly() || new_parent_custody->is_readonly())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EROFS;
|
2020-05-28 14:56:25 +00:00
|
|
|
|
2021-07-06 09:21:52 +00:00
|
|
|
auto new_basename = KLexicalPath::basename(new_path);
|
2019-05-31 13:22:52 +00:00
|
|
|
|
2019-05-30 16:58:59 +00:00
|
|
|
if (!new_custody_or_error.is_error()) {
|
|
|
|
auto& new_custody = *new_custody_or_error.value();
|
|
|
|
auto& new_inode = new_custody.inode();
|
2019-04-07 21:35:26 +00:00
|
|
|
// FIXME: Is this really correct? Check what other systems do.
|
2019-05-30 16:58:59 +00:00
|
|
|
if (&new_inode == &old_inode)
|
2019-04-07 21:35:26 +00:00
|
|
|
return KSuccess;
|
2019-05-30 16:58:59 +00:00
|
|
|
if (new_parent_inode.metadata().is_sticky()) {
|
2020-06-28 21:34:31 +00:00
|
|
|
if (!current_process->is_superuser() && new_inode.metadata().uid != current_process->euid())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EACCES;
|
2019-04-28 21:34:33 +00:00
|
|
|
}
|
2019-05-30 16:58:59 +00:00
|
|
|
if (new_inode.is_directory() && !old_inode.is_directory())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EISDIR;
|
2021-04-10 22:40:38 +00:00
|
|
|
if (auto result = new_parent_inode.remove_child(new_basename); result.is_error())
|
2019-04-07 21:35:26 +00:00
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
2021-04-10 22:40:38 +00:00
|
|
|
if (auto result = new_parent_inode.add_child(old_inode, new_basename, old_inode.mode()); result.is_error())
|
2019-04-07 21:35:26 +00:00
|
|
|
return result;
|
|
|
|
|
2021-07-06 09:21:52 +00:00
|
|
|
if (auto result = old_parent_inode.remove_child(KLexicalPath::basename(old_path)); result.is_error())
|
2019-04-07 21:35:26 +00:00
|
|
|
return result;
|
|
|
|
|
|
|
|
return KSuccess;
|
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
KResult VirtualFileSystem::chown(Custody& custody, uid_t a_uid, gid_t a_gid)
|
2019-02-27 11:32:53 +00:00
|
|
|
{
|
2020-05-28 14:41:04 +00:00
|
|
|
auto& inode = custody.inode();
|
2019-06-02 08:31:25 +00:00
|
|
|
auto metadata = inode.metadata();
|
|
|
|
|
2020-06-28 21:34:31 +00:00
|
|
|
auto current_process = Process::current();
|
|
|
|
if (current_process->euid() != metadata.uid && !current_process->is_superuser())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EPERM;
|
2019-02-27 11:32:53 +00:00
|
|
|
|
2019-06-02 08:31:25 +00:00
|
|
|
uid_t new_uid = metadata.uid;
|
|
|
|
gid_t new_gid = metadata.gid;
|
2019-02-27 11:32:53 +00:00
|
|
|
|
|
|
|
if (a_uid != (uid_t)-1) {
|
2020-06-28 21:34:31 +00:00
|
|
|
if (current_process->euid() != a_uid && !current_process->is_superuser())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EPERM;
|
2019-02-27 11:32:53 +00:00
|
|
|
new_uid = a_uid;
|
|
|
|
}
|
|
|
|
if (a_gid != (gid_t)-1) {
|
2020-06-28 21:34:31 +00:00
|
|
|
if (!current_process->in_group(a_gid) && !current_process->is_superuser())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EPERM;
|
2019-02-27 11:32:53 +00:00
|
|
|
new_gid = a_gid;
|
|
|
|
}
|
|
|
|
|
2020-05-28 14:56:25 +00:00
|
|
|
if (custody.is_readonly())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EROFS;
|
2020-05-28 14:56:25 +00:00
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
dbgln_if(VFS_DEBUG, "VirtualFileSystem::chown(): inode {} <- uid={} gid={}", inode.identifier(), new_uid, new_gid);
|
2020-04-04 17:46:55 +00:00
|
|
|
|
|
|
|
if (metadata.is_setuid() || metadata.is_setgid()) {
|
2021-07-10 22:25:24 +00:00
|
|
|
dbgln_if(VFS_DEBUG, "VirtualFileSystem::chown(): Stripping SUID/SGID bits from {}", inode.identifier());
|
2021-04-10 22:40:38 +00:00
|
|
|
if (auto result = inode.chmod(metadata.mode & ~(04000 | 02000)); result.is_error())
|
2020-04-04 17:46:55 +00:00
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
2019-05-30 16:58:59 +00:00
|
|
|
return inode.chown(new_uid, new_gid);
|
2019-02-27 11:32:53 +00:00
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
KResult VirtualFileSystem::chown(StringView path, uid_t a_uid, gid_t a_gid, Custody& base)
|
2019-06-02 10:30:24 +00:00
|
|
|
{
|
|
|
|
auto custody_or_error = resolve_path(path, base);
|
|
|
|
if (custody_or_error.is_error())
|
|
|
|
return custody_or_error.error();
|
|
|
|
auto& custody = *custody_or_error.value();
|
2020-05-28 14:41:04 +00:00
|
|
|
return chown(custody, a_uid, a_gid);
|
2019-06-02 10:30:24 +00:00
|
|
|
}
|
|
|
|
|
2021-01-19 16:59:32 +00:00
|
|
|
static bool hard_link_allowed(const Inode& inode)
|
|
|
|
{
|
|
|
|
auto metadata = inode.metadata();
|
|
|
|
|
|
|
|
if (Process::current()->euid() == metadata.uid)
|
|
|
|
return true;
|
|
|
|
|
|
|
|
if (metadata.is_regular_file()
|
|
|
|
&& !metadata.is_setuid()
|
|
|
|
&& !(metadata.is_setgid() && metadata.mode & S_IXGRP)
|
|
|
|
&& metadata.may_write(*Process::current())) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
KResult VirtualFileSystem::link(StringView old_path, StringView new_path, Custody& base)
|
2019-02-21 12:26:40 +00:00
|
|
|
{
|
2019-05-31 13:30:09 +00:00
|
|
|
auto old_custody_or_error = resolve_path(old_path, base);
|
2019-05-30 16:58:59 +00:00
|
|
|
if (old_custody_or_error.is_error())
|
|
|
|
return old_custody_or_error.error();
|
|
|
|
auto& old_custody = *old_custody_or_error.value();
|
|
|
|
auto& old_inode = old_custody.inode();
|
2019-02-21 12:26:40 +00:00
|
|
|
|
2019-06-21 16:37:47 +00:00
|
|
|
RefPtr<Custody> parent_custody;
|
2019-05-31 13:30:09 +00:00
|
|
|
auto new_custody_or_error = resolve_path(new_path, base, &parent_custody);
|
2019-05-30 16:58:59 +00:00
|
|
|
if (!new_custody_or_error.is_error())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EEXIST;
|
2019-01-22 06:03:44 +00:00
|
|
|
|
2019-05-30 16:58:59 +00:00
|
|
|
if (!parent_custody)
|
2021-01-20 22:11:17 +00:00
|
|
|
return ENOENT;
|
2019-02-27 14:31:26 +00:00
|
|
|
|
2019-05-30 16:58:59 +00:00
|
|
|
auto& parent_inode = parent_custody->inode();
|
|
|
|
|
|
|
|
if (parent_inode.fsid() != old_inode.fsid())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EXDEV;
|
2019-02-27 14:31:26 +00:00
|
|
|
|
2020-06-28 21:34:31 +00:00
|
|
|
if (!parent_inode.metadata().may_write(*Process::current()))
|
2021-01-20 22:11:17 +00:00
|
|
|
return EACCES;
|
2019-02-27 14:31:26 +00:00
|
|
|
|
2020-01-15 21:10:38 +00:00
|
|
|
if (old_inode.is_directory())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EPERM;
|
2020-01-15 21:10:38 +00:00
|
|
|
|
2020-05-28 14:56:25 +00:00
|
|
|
if (parent_custody->is_readonly())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EROFS;
|
2020-05-28 14:56:25 +00:00
|
|
|
|
2021-01-19 16:59:32 +00:00
|
|
|
if (!hard_link_allowed(old_inode))
|
2021-01-20 22:11:17 +00:00
|
|
|
return EPERM;
|
2021-01-19 16:59:32 +00:00
|
|
|
|
2021-07-06 09:21:52 +00:00
|
|
|
return parent_inode.add_child(old_inode, KLexicalPath::basename(new_path), old_inode.mode());
|
2019-02-21 12:26:40 +00:00
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
KResult VirtualFileSystem::unlink(StringView path, Custody& base)
|
2019-02-21 12:26:40 +00:00
|
|
|
{
|
2019-06-21 16:37:47 +00:00
|
|
|
RefPtr<Custody> parent_custody;
|
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 21:12:04 +00:00
|
|
|
auto custody_or_error = resolve_path(path, base, &parent_custody, O_NOFOLLOW_NOERROR | O_UNLINK_INTERNAL);
|
2019-05-30 16:58:59 +00:00
|
|
|
if (custody_or_error.is_error())
|
|
|
|
return custody_or_error.error();
|
|
|
|
auto& custody = *custody_or_error.value();
|
|
|
|
auto& inode = custody.inode();
|
2019-01-23 04:35:42 +00:00
|
|
|
|
2019-05-30 16:58:59 +00:00
|
|
|
if (inode.is_directory())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EISDIR;
|
2019-02-21 14:45:31 +00:00
|
|
|
|
2020-05-28 14:56:25 +00:00
|
|
|
// We have just checked that the inode is not a directory, and thus it's not
|
|
|
|
// the root. So it should have a parent. Note that this would be invalidated
|
|
|
|
// if we were to support bind-mounting regular files on top of the root.
|
2021-02-23 19:42:32 +00:00
|
|
|
VERIFY(parent_custody);
|
2020-05-28 14:56:25 +00:00
|
|
|
|
2019-05-30 16:58:59 +00:00
|
|
|
auto& parent_inode = parent_custody->inode();
|
2020-06-28 21:34:31 +00:00
|
|
|
auto current_process = Process::current();
|
|
|
|
if (!parent_inode.metadata().may_write(*current_process))
|
2021-01-20 22:11:17 +00:00
|
|
|
return EACCES;
|
2019-01-22 06:03:44 +00:00
|
|
|
|
2019-05-30 16:58:59 +00:00
|
|
|
if (parent_inode.metadata().is_sticky()) {
|
2020-06-28 21:34:31 +00:00
|
|
|
if (!current_process->is_superuser() && inode.metadata().uid != current_process->euid())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EACCES;
|
2019-04-28 20:54:30 +00:00
|
|
|
}
|
|
|
|
|
2020-05-28 14:56:25 +00:00
|
|
|
if (parent_custody->is_readonly())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EROFS;
|
2020-05-28 14:56:25 +00:00
|
|
|
|
2021-07-06 09:21:52 +00:00
|
|
|
if (auto result = parent_inode.remove_child(KLexicalPath::basename(path)); result.is_error())
|
2019-05-31 13:22:52 +00:00
|
|
|
return result;
|
|
|
|
|
|
|
|
return KSuccess;
|
2019-01-22 06:03:44 +00:00
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
KResult VirtualFileSystem::symlink(StringView target, StringView linkpath, Custody& base)
|
2019-03-02 00:50:34 +00:00
|
|
|
{
|
2019-06-21 16:37:47 +00:00
|
|
|
RefPtr<Custody> parent_custody;
|
2019-05-31 13:30:09 +00:00
|
|
|
auto existing_custody_or_error = resolve_path(linkpath, base, &parent_custody);
|
2019-05-30 16:58:59 +00:00
|
|
|
if (!existing_custody_or_error.is_error())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EEXIST;
|
2019-05-30 16:58:59 +00:00
|
|
|
if (!parent_custody)
|
2021-01-20 22:11:17 +00:00
|
|
|
return ENOENT;
|
2019-05-30 16:58:59 +00:00
|
|
|
if (existing_custody_or_error.error() != -ENOENT)
|
|
|
|
return existing_custody_or_error.error();
|
|
|
|
auto& parent_inode = parent_custody->inode();
|
2020-06-28 21:34:31 +00:00
|
|
|
auto current_process = Process::current();
|
|
|
|
if (!parent_inode.metadata().may_write(*current_process))
|
2021-01-20 22:11:17 +00:00
|
|
|
return EACCES;
|
2020-05-28 14:56:25 +00:00
|
|
|
if (parent_custody->is_readonly())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EROFS;
|
2019-03-02 00:50:34 +00:00
|
|
|
|
2021-07-06 09:21:52 +00:00
|
|
|
auto basename = KLexicalPath::basename(linkpath);
|
2021-07-10 22:25:24 +00:00
|
|
|
dbgln_if(VFS_DEBUG, "VirtualFileSystem::symlink: '{}' (-> '{}') in {}", basename, target, parent_inode.identifier());
|
2021-07-05 17:08:31 +00:00
|
|
|
auto inode_or_error = parent_inode.create_child(basename, S_IFLNK | 0644, 0, current_process->euid(), current_process->egid());
|
2020-02-08 10:58:28 +00:00
|
|
|
if (inode_or_error.is_error())
|
|
|
|
return inode_or_error.error();
|
|
|
|
auto& inode = inode_or_error.value();
|
2020-09-12 03:11:07 +00:00
|
|
|
auto target_buffer = UserOrKernelBuffer::for_kernel_buffer(const_cast<u8*>((const u8*)target.characters_without_null_termination()));
|
2021-05-01 21:29:39 +00:00
|
|
|
auto result = inode->write_bytes(0, target.length(), target_buffer, nullptr);
|
|
|
|
if (result.is_error())
|
|
|
|
return result.error();
|
2019-03-02 00:50:34 +00:00
|
|
|
return KSuccess;
|
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
KResult VirtualFileSystem::rmdir(StringView path, Custody& base)
|
2019-01-28 03:16:01 +00:00
|
|
|
{
|
2019-06-21 16:37:47 +00:00
|
|
|
RefPtr<Custody> parent_custody;
|
2019-05-31 13:30:09 +00:00
|
|
|
auto custody_or_error = resolve_path(path, base, &parent_custody);
|
2019-05-30 16:58:59 +00:00
|
|
|
if (custody_or_error.is_error())
|
|
|
|
return KResult(custody_or_error.error());
|
2019-01-28 03:16:01 +00:00
|
|
|
|
2019-05-30 16:58:59 +00:00
|
|
|
auto& custody = *custody_or_error.value();
|
|
|
|
auto& inode = custody.inode();
|
2019-01-28 03:16:01 +00:00
|
|
|
|
|
|
|
// FIXME: We should return EINVAL if the last component of the path is "."
|
|
|
|
// FIXME: We should return ENOTEMPTY if the last component of the path is ".."
|
|
|
|
|
2019-05-30 16:58:59 +00:00
|
|
|
if (!inode.is_directory())
|
2021-01-20 22:11:17 +00:00
|
|
|
return ENOTDIR;
|
2019-02-21 14:45:31 +00:00
|
|
|
|
2020-04-19 16:07:16 +00:00
|
|
|
if (!parent_custody)
|
2021-01-20 22:11:17 +00:00
|
|
|
return EBUSY;
|
2020-04-19 16:07:16 +00:00
|
|
|
|
2019-05-30 16:58:59 +00:00
|
|
|
auto& parent_inode = parent_custody->inode();
|
2021-01-10 09:12:15 +00:00
|
|
|
auto parent_metadata = parent_inode.metadata();
|
2019-05-30 16:58:59 +00:00
|
|
|
|
2021-01-10 09:12:15 +00:00
|
|
|
if (!parent_metadata.may_write(*Process::current()))
|
2021-01-20 22:11:17 +00:00
|
|
|
return EACCES;
|
2019-01-28 03:16:01 +00:00
|
|
|
|
2021-01-10 09:12:15 +00:00
|
|
|
if (parent_metadata.is_sticky()) {
|
|
|
|
if (!Process::current()->is_superuser() && inode.metadata().uid != Process::current()->euid())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EACCES;
|
2021-01-10 09:12:15 +00:00
|
|
|
}
|
|
|
|
|
2021-07-17 20:34:43 +00:00
|
|
|
size_t child_count = 0;
|
|
|
|
auto traversal_result = inode.traverse_as_directory([&child_count](auto&) {
|
|
|
|
++child_count;
|
|
|
|
return true;
|
|
|
|
});
|
|
|
|
if (traversal_result.is_error())
|
|
|
|
return traversal_result;
|
2020-08-05 08:00:18 +00:00
|
|
|
|
2021-07-17 20:34:43 +00:00
|
|
|
if (child_count != 2)
|
2021-01-20 22:11:17 +00:00
|
|
|
return ENOTEMPTY;
|
2019-01-28 03:16:01 +00:00
|
|
|
|
2020-05-28 14:56:25 +00:00
|
|
|
if (custody.is_readonly())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EROFS;
|
2020-05-28 14:56:25 +00:00
|
|
|
|
2021-04-10 22:40:38 +00:00
|
|
|
if (auto result = inode.remove_child("."); result.is_error())
|
2019-02-27 13:11:25 +00:00
|
|
|
return result;
|
2019-01-28 03:16:01 +00:00
|
|
|
|
2021-04-10 22:40:38 +00:00
|
|
|
if (auto result = inode.remove_child(".."); result.is_error())
|
2019-02-27 13:11:25 +00:00
|
|
|
return result;
|
2019-01-28 03:16:01 +00:00
|
|
|
|
2021-07-06 09:21:52 +00:00
|
|
|
return parent_inode.remove_child(KLexicalPath::basename(path));
|
2019-01-28 03:16:01 +00:00
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
void VirtualFileSystem::for_each_mount(Function<void(const Mount&)> callback) const
|
2018-10-26 16:43:25 +00:00
|
|
|
{
|
|
|
|
for (auto& mount : m_mounts) {
|
2019-07-24 07:15:33 +00:00
|
|
|
callback(mount);
|
2018-10-26 16:43:25 +00:00
|
|
|
}
|
|
|
|
}
|
2018-12-19 23:39:29 +00:00
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
void VirtualFileSystem::sync()
|
2018-12-19 23:39:29 +00:00
|
|
|
{
|
2021-07-10 22:20:38 +00:00
|
|
|
FileSystem::sync();
|
2018-12-19 23:39:29 +00:00
|
|
|
}
|
2019-05-30 15:46:08 +00:00
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
Custody& VirtualFileSystem::root_custody()
|
2019-05-30 15:46:08 +00:00
|
|
|
{
|
|
|
|
return *m_root_custody;
|
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
UnveilNode const& VirtualFileSystem::find_matching_unveiled_path(StringView path)
|
2020-12-26 10:24:34 +00:00
|
|
|
{
|
2021-06-06 21:13:26 +00:00
|
|
|
VERIFY(Process::current()->veil_state() != VeilState::None);
|
2020-12-26 10:24:34 +00:00
|
|
|
auto& unveil_root = Process::current()->unveiled_paths();
|
|
|
|
|
2021-07-06 09:21:52 +00:00
|
|
|
auto path_parts = KLexicalPath::parts(path);
|
2021-06-06 21:13:26 +00:00
|
|
|
return unveil_root.traverse_until_last_accessible_node(path_parts.begin(), path_parts.end());
|
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 21:12:04 +00:00
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
KResult VirtualFileSystem::validate_path_against_process_veil(Custody const& custody, int options)
|
2021-07-05 15:15:07 +00:00
|
|
|
{
|
|
|
|
if (Process::current()->veil_state() == VeilState::None)
|
|
|
|
return KSuccess;
|
2021-07-06 10:58:03 +00:00
|
|
|
auto absolute_path = custody.try_create_absolute_path();
|
|
|
|
if (!absolute_path)
|
|
|
|
return ENOMEM;
|
|
|
|
return validate_path_against_process_veil(absolute_path->view(), options);
|
2021-07-05 15:15:07 +00:00
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
KResult VirtualFileSystem::validate_path_against_process_veil(StringView path, int options)
|
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 21:12:04 +00:00
|
|
|
{
|
2020-06-28 21:34:31 +00:00
|
|
|
if (Process::current()->veil_state() == VeilState::None)
|
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 21:12:04 +00:00
|
|
|
return KSuccess;
|
2020-10-17 11:39:36 +00:00
|
|
|
if (path == "/usr/lib/Loader.so")
|
|
|
|
return KSuccess;
|
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 21:12:04 +00:00
|
|
|
|
2021-07-05 16:03:54 +00:00
|
|
|
VERIFY(path.starts_with('/'));
|
|
|
|
VERIFY(!path.contains("/../"sv) && !path.ends_with("/.."sv));
|
|
|
|
VERIFY(!path.contains("/./"sv) && !path.ends_with("/."sv));
|
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 21:12:04 +00:00
|
|
|
|
2021-06-06 21:13:26 +00:00
|
|
|
auto& unveiled_path = find_matching_unveiled_path(path);
|
|
|
|
if (unveiled_path.permissions() == UnveilAccess::None) {
|
2021-01-10 14:17:54 +00:00
|
|
|
dbgln("Rejecting path '{}' since it hasn't been unveiled.", path);
|
2020-01-30 11:05:36 +00:00
|
|
|
dump_backtrace();
|
2021-01-20 22:11:17 +00:00
|
|
|
return ENOENT;
|
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 21:12:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (options & O_CREAT) {
|
2021-06-06 21:13:26 +00:00
|
|
|
if (!(unveiled_path.permissions() & UnveilAccess::CreateOrRemove)) {
|
2021-01-10 14:17:54 +00:00
|
|
|
dbgln("Rejecting path '{}' since it hasn't been unveiled with 'c' permission.", path);
|
2020-01-30 11:05:36 +00:00
|
|
|
dump_backtrace();
|
2021-01-20 22:11:17 +00:00
|
|
|
return EACCES;
|
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 21:12:04 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
if (options & O_UNLINK_INTERNAL) {
|
2021-06-06 21:13:26 +00:00
|
|
|
if (!(unveiled_path.permissions() & UnveilAccess::CreateOrRemove)) {
|
2021-01-10 14:17:54 +00:00
|
|
|
dbgln("Rejecting path '{}' for unlink since it hasn't been unveiled with 'c' permission.", path);
|
2020-01-30 11:05:36 +00:00
|
|
|
dump_backtrace();
|
2021-01-20 22:11:17 +00:00
|
|
|
return EACCES;
|
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 21:12:04 +00:00
|
|
|
}
|
|
|
|
return KSuccess;
|
|
|
|
}
|
2020-01-21 12:14:26 +00:00
|
|
|
if (options & O_RDONLY) {
|
2020-11-21 19:55:20 +00:00
|
|
|
if (options & O_DIRECTORY) {
|
2021-06-06 21:13:26 +00:00
|
|
|
if (!(unveiled_path.permissions() & (UnveilAccess::Read | UnveilAccess::Browse))) {
|
2021-01-10 14:17:54 +00:00
|
|
|
dbgln("Rejecting path '{}' since it hasn't been unveiled with 'r' or 'b' permissions.", path);
|
2020-11-21 19:55:20 +00:00
|
|
|
dump_backtrace();
|
2021-01-20 22:11:17 +00:00
|
|
|
return EACCES;
|
2020-11-21 19:55:20 +00:00
|
|
|
}
|
|
|
|
} else {
|
2021-06-06 21:13:26 +00:00
|
|
|
if (!(unveiled_path.permissions() & UnveilAccess::Read)) {
|
2021-01-10 14:17:54 +00:00
|
|
|
dbgln("Rejecting path '{}' since it hasn't been unveiled with 'r' permission.", path);
|
2020-11-21 19:55:20 +00:00
|
|
|
dump_backtrace();
|
2021-01-20 22:11:17 +00:00
|
|
|
return EACCES;
|
2020-11-21 19:55:20 +00:00
|
|
|
}
|
2020-01-21 12:14:26 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
if (options & O_WRONLY) {
|
2021-06-06 21:13:26 +00:00
|
|
|
if (!(unveiled_path.permissions() & UnveilAccess::Write)) {
|
2021-01-10 14:17:54 +00:00
|
|
|
dbgln("Rejecting path '{}' since it hasn't been unveiled with 'w' permission.", path);
|
2020-01-30 11:05:36 +00:00
|
|
|
dump_backtrace();
|
2021-01-20 22:11:17 +00:00
|
|
|
return EACCES;
|
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 21:12:04 +00:00
|
|
|
}
|
2020-01-21 12:14:26 +00:00
|
|
|
}
|
|
|
|
if (options & O_EXEC) {
|
2021-06-06 21:13:26 +00:00
|
|
|
if (!(unveiled_path.permissions() & UnveilAccess::Execute)) {
|
2021-01-10 14:17:54 +00:00
|
|
|
dbgln("Rejecting path '{}' since it hasn't been unveiled with 'x' permission.", path);
|
2020-01-30 11:05:36 +00:00
|
|
|
dump_backtrace();
|
2021-01-20 22:11:17 +00:00
|
|
|
return EACCES;
|
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 21:12:04 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
return KSuccess;
|
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
KResultOr<NonnullRefPtr<Custody>> VirtualFileSystem::resolve_path(StringView path, Custody& base, RefPtr<Custody>* out_parent, int options, int symlink_recursion_level)
|
2019-05-30 15:46:08 +00:00
|
|
|
{
|
2020-03-19 08:57:34 +00:00
|
|
|
auto custody_or_error = resolve_path_without_veil(path, base, out_parent, options, symlink_recursion_level);
|
|
|
|
if (custody_or_error.is_error())
|
|
|
|
return custody_or_error.error();
|
|
|
|
|
|
|
|
auto& custody = custody_or_error.value();
|
2021-07-05 15:15:07 +00:00
|
|
|
if (auto result = validate_path_against_process_veil(*custody, options); result.is_error())
|
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 21:12:04 +00:00
|
|
|
return result;
|
|
|
|
|
2020-03-19 08:57:34 +00:00
|
|
|
return custody;
|
|
|
|
}
|
|
|
|
|
2021-01-19 17:12:09 +00:00
|
|
|
static bool safe_to_follow_symlink(const Inode& inode, const InodeMetadata& parent_metadata)
|
|
|
|
{
|
|
|
|
auto metadata = inode.metadata();
|
|
|
|
if (Process::current()->euid() == metadata.uid)
|
|
|
|
return true;
|
|
|
|
|
|
|
|
if (!(parent_metadata.is_sticky() && parent_metadata.mode & S_IWOTH))
|
|
|
|
return true;
|
|
|
|
|
|
|
|
if (metadata.uid == parent_metadata.uid)
|
|
|
|
return true;
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
KResultOr<NonnullRefPtr<Custody>> VirtualFileSystem::resolve_path_without_veil(StringView path, Custody& base, RefPtr<Custody>* out_parent, int options, int symlink_recursion_level)
|
2020-03-19 08:57:34 +00:00
|
|
|
{
|
2019-12-24 09:39:21 +00:00
|
|
|
if (symlink_recursion_level >= symlink_recursion_limit)
|
2021-01-20 22:11:17 +00:00
|
|
|
return ELOOP;
|
2019-08-25 16:18:51 +00:00
|
|
|
|
2019-05-30 15:46:08 +00:00
|
|
|
if (path.is_empty())
|
2021-01-20 22:11:17 +00:00
|
|
|
return EINVAL;
|
2019-05-30 15:46:08 +00:00
|
|
|
|
2021-05-21 22:12:32 +00:00
|
|
|
GenericLexer path_lexer(path);
|
2020-06-28 21:34:31 +00:00
|
|
|
auto current_process = Process::current();
|
|
|
|
auto& current_root = current_process->root_directory();
|
2020-01-10 22:14:04 +00:00
|
|
|
|
2020-01-15 07:52:33 +00:00
|
|
|
NonnullRefPtr<Custody> custody = path[0] == '/' ? current_root : base;
|
2021-05-21 22:12:32 +00:00
|
|
|
bool extra_iteration = path[path.length() - 1] == '/';
|
|
|
|
|
|
|
|
while (!path_lexer.is_eof() || extra_iteration) {
|
|
|
|
if (path_lexer.is_eof())
|
|
|
|
extra_iteration = false;
|
|
|
|
auto part = path_lexer.consume_until('/');
|
|
|
|
path_lexer.consume_specific('/');
|
2019-05-30 15:46:08 +00:00
|
|
|
|
2020-01-15 07:52:33 +00:00
|
|
|
Custody& parent = custody;
|
|
|
|
auto parent_metadata = parent.inode().metadata();
|
2020-01-14 10:30:15 +00:00
|
|
|
if (!parent_metadata.is_directory())
|
2021-01-20 22:11:17 +00:00
|
|
|
return ENOTDIR;
|
2020-01-14 10:30:15 +00:00
|
|
|
// Ensure the current user is allowed to resolve paths inside this directory.
|
2020-06-28 21:34:31 +00:00
|
|
|
if (!parent_metadata.may_execute(*current_process))
|
2021-01-20 22:11:17 +00:00
|
|
|
return EACCES;
|
2019-06-13 13:33:01 +00:00
|
|
|
|
2021-05-21 22:12:32 +00:00
|
|
|
bool have_more_parts = !path_lexer.is_eof() || extra_iteration;
|
2020-01-14 10:30:15 +00:00
|
|
|
|
|
|
|
if (part == "..") {
|
|
|
|
// If we encounter a "..", take a step back, but don't go beyond the root.
|
2020-01-15 07:52:33 +00:00
|
|
|
if (custody->parent())
|
|
|
|
custody = *custody->parent();
|
2019-09-20 21:45:16 +00:00
|
|
|
continue;
|
2020-01-14 10:30:15 +00:00
|
|
|
} else if (part == "." || part.is_empty()) {
|
|
|
|
continue;
|
|
|
|
}
|
2019-06-13 13:33:01 +00:00
|
|
|
|
2020-01-14 10:30:15 +00:00
|
|
|
// Okay, let's look up this part.
|
2020-02-01 08:23:46 +00:00
|
|
|
auto child_inode = parent.inode().lookup(part);
|
|
|
|
if (!child_inode) {
|
2020-01-15 07:52:33 +00:00
|
|
|
if (out_parent) {
|
2020-01-14 10:30:15 +00:00
|
|
|
// ENOENT with a non-null parent custody signals to caller that
|
2020-01-03 02:53:06 +00:00
|
|
|
// we found the immediate parent of the file, but the file itself
|
|
|
|
// does not exist yet.
|
2020-01-15 07:52:33 +00:00
|
|
|
*out_parent = have_more_parts ? nullptr : &parent;
|
2020-01-03 02:53:06 +00:00
|
|
|
}
|
2021-01-20 22:11:17 +00:00
|
|
|
return ENOENT;
|
2020-01-03 02:53:06 +00:00
|
|
|
}
|
2020-01-14 10:30:15 +00:00
|
|
|
|
2020-01-15 07:52:33 +00:00
|
|
|
int mount_flags_for_child = parent.mount_flags();
|
2020-02-01 08:23:46 +00:00
|
|
|
|
2020-01-14 10:30:15 +00:00
|
|
|
// See if there's something mounted on the child; in that case
|
|
|
|
// we would need to return the guest inode, not the host inode.
|
2021-07-10 22:50:08 +00:00
|
|
|
if (auto mount = find_mount_for_host(child_inode->identifier())) {
|
2020-06-24 21:16:24 +00:00
|
|
|
child_inode = mount->guest();
|
2020-01-14 10:30:15 +00:00
|
|
|
mount_flags_for_child = mount->flags();
|
2019-05-30 15:46:08 +00:00
|
|
|
}
|
2019-05-31 04:42:49 +00:00
|
|
|
|
2021-05-28 09:23:00 +00:00
|
|
|
auto new_custody_or_error = Custody::try_create(&parent, part, *child_inode, mount_flags_for_child);
|
|
|
|
if (new_custody_or_error.is_error())
|
|
|
|
return new_custody_or_error.error();
|
2021-05-10 07:28:23 +00:00
|
|
|
|
2021-05-28 09:23:00 +00:00
|
|
|
custody = new_custody_or_error.release_value();
|
2019-05-31 04:42:49 +00:00
|
|
|
|
2020-01-14 10:30:15 +00:00
|
|
|
if (child_inode->metadata().is_symlink()) {
|
|
|
|
if (!have_more_parts) {
|
2019-05-30 15:46:08 +00:00
|
|
|
if (options & O_NOFOLLOW)
|
2021-01-20 22:11:17 +00:00
|
|
|
return ELOOP;
|
2019-05-30 15:46:08 +00:00
|
|
|
if (options & O_NOFOLLOW_NOERROR)
|
2020-01-14 10:30:15 +00:00
|
|
|
break;
|
2019-05-30 15:46:08 +00:00
|
|
|
}
|
2021-01-19 17:12:09 +00:00
|
|
|
|
|
|
|
if (!safe_to_follow_symlink(*child_inode, parent_metadata))
|
2021-01-20 22:11:17 +00:00
|
|
|
return EACCES;
|
2021-01-19 17:12:09 +00:00
|
|
|
|
2021-07-05 15:15:07 +00:00
|
|
|
if (auto result = validate_path_against_process_veil(*custody, options); result.is_error())
|
2021-02-06 18:11:44 +00:00
|
|
|
return result;
|
|
|
|
|
2020-01-15 10:59:50 +00:00
|
|
|
auto symlink_target = child_inode->resolve_as_link(parent, out_parent, options, symlink_recursion_level + 1);
|
2020-01-14 10:30:15 +00:00
|
|
|
if (symlink_target.is_error() || !have_more_parts)
|
2019-06-12 13:36:05 +00:00
|
|
|
return symlink_target;
|
|
|
|
|
2020-01-14 10:30:15 +00:00
|
|
|
// Now, resolve the remaining path relative to the symlink target.
|
|
|
|
// We prepend a "." to it to ensure that it's not empty and that
|
|
|
|
// any initial slashes it might have get interpreted properly.
|
|
|
|
StringBuilder remaining_path;
|
|
|
|
remaining_path.append('.');
|
|
|
|
remaining_path.append(path.substring_view_starting_after_substring(part));
|
2019-06-12 13:36:05 +00:00
|
|
|
|
2020-03-19 08:57:34 +00:00
|
|
|
return resolve_path_without_veil(remaining_path.to_string(), *symlink_target.value(), out_parent, options, symlink_recursion_level + 1);
|
2019-05-30 15:46:08 +00:00
|
|
|
}
|
|
|
|
}
|
2020-01-14 10:30:15 +00:00
|
|
|
|
2020-01-15 07:52:33 +00:00
|
|
|
if (out_parent)
|
|
|
|
*out_parent = custody->parent();
|
|
|
|
return custody;
|
2019-05-30 15:46:08 +00:00
|
|
|
}
|
2020-02-16 00:27:42 +00:00
|
|
|
}
|