Kernel+Userland: Add mount MS_SRCHIDDEN option

Either we mount from a loop device or other source, the user might want to obfuscate the given source for security reasons, so this option will ensure this will happen. If passed during a mount, the source will be hidden when reading from the /sys/kernel/df node.
Author: https://github.com/supercomputer7 Commit: https://github.com/SerenityOS/serenity/commit/0734de9f9a Pull-request: https://github.com/SerenityOS/serenity/pull/23138 Reviewed-by: https://github.com/ADKaster ✅ Reviewed-by: https://github.com/Hendiadyoin1 Reviewed-by: https://github.com/gmta
2024-11-21 23:20:20 +00:00 · 2024-02-10 12:27:32 +02:00 · 2024-02-10 12:27:32 +02:00 · 0734de9f9a · 2024-07-17 06:54:15 +09:00
commit 0734de9f9a
parent 0739b5df11
3 changed files with 21 additions and 11 deletions
--- a/Kernel/API/POSIX/unistd.h
+++ b/Kernel/API/POSIX/unistd.h
@ -30,6 +30,7 @@ extern "C" {
 #define MS_WXALLOWED (1 << 6)
 #define MS_AXALLOWED (1 << 7)
 #define MS_NOREGULAR (1 << 8)
+#define MS_SRCHIDDEN (1 << 9)

 enum {
    _SC_MONOTONIC_CLOCK,
--- a/Kernel/FileSystem/SysFS/Subsystems/Kernel/DiskUsage.cpp
+++ b/Kernel/FileSystem/SysFS/Subsystems/Kernel/DiskUsage.cpp
@ -5,6 +5,7 @@
 */

 #include <AK/JsonObjectSerializer.h>
+#include <Kernel/API/POSIX/unistd.h>
 #include <Kernel/Devices/Loop/LoopDevice.h>
 #include <Kernel/FileSystem/FileBackedFileSystem.h>
 #include <Kernel/FileSystem/SysFS/Subsystems/Kernel/DiskUsage.h>
@ -40,18 +41,22 @@ ErrorOr<void> SysFSDiskUsage::try_generate(KBufferBuilder& builder)
        TRY(fs_object.add("readonly"sv, fs.is_readonly()));
        TRY(fs_object.add("mount_flags"sv, mount.flags()));

-        if (fs.is_file_backed()) {
-            auto& file = static_cast<const FileBackedFileSystem&>(fs).file();
-            if (file.is_loop_device()) {
-                auto& device = static_cast<LoopDevice const&>(file);
-                auto path = TRY(device.custody().try_serialize_absolute_path());
-                TRY(fs_object.add("source"sv, path->view()));
-            } else {
-                auto pseudo_path = TRY(static_cast<const FileBackedFileSystem&>(fs).file_description().pseudo_path());
-                TRY(fs_object.add("source"sv, pseudo_path->view()));
-            }
+        if (mount.flags() & MS_SRCHIDDEN) {
+            TRY(fs_object.add("source"sv, "unknown"));
        } else {
-            TRY(fs_object.add("source"sv, "none"));
+            if (fs.is_file_backed()) {
+                auto& file = static_cast<const FileBackedFileSystem&>(fs).file();
+                if (file.is_loop_device()) {
+                    auto& device = static_cast<LoopDevice const&>(file);
+                    auto path = TRY(device.custody().try_serialize_absolute_path());
+                    TRY(fs_object.add("source"sv, path->view()));
+                } else {
+                    auto pseudo_path = TRY(static_cast<const FileBackedFileSystem&>(fs).file_description().pseudo_path());
+                    TRY(fs_object.add("source"sv, pseudo_path->view()));
+                }
+            } else {
+                TRY(fs_object.add("source"sv, "none"));
+            }
        }

        TRY(fs_object.finish());
--- a/Userland/Utilities/mount.cpp
+++ b/Userland/Utilities/mount.cpp
@ -43,6 +43,8 @@ static int parse_options(StringView options)
            flags |= MS_AXALLOWED;
        else if (part == "noregular")
            flags |= MS_NOREGULAR;
+        else if (part == "srchidden")
+            flags |= MS_SRCHIDDEN;
        else
            warnln("Ignoring invalid option: {}", part);
    }
@ -181,6 +183,8 @@ static ErrorOr<void> print_mounts()
            out(",nodev");
        if (mount_flags & MS_NOREGULAR)
            out(",noregular");
+        if (mount_flags & MS_SRCHIDDEN)
+            out(",srcobfuscate");
        if (mount_flags & MS_NOEXEC)
            out(",noexec");
        if (mount_flags & MS_NOSUID)