2020-01-18 09:38:21 +01:00
|
|
|
/*
|
|
|
|
|
* Copyright (c) 2018-2020, Andreas Kling <kling@serenityos.org>
|
|
|
|
|
*
|
2021-04-22 01:24:48 -07:00
|
|
|
* SPDX-License-Identifier: BSD-2-Clause
|
2020-01-18 09:38:21 +01:00
|
|
|
*/
|
|
|
|
|
|
2020-05-26 14:52:44 +03:00
|
|
|
#include <AK/LexicalPath.h>
|
2020-08-24 19:35:19 -06:00
|
|
|
#include <AK/Singleton.h>
|
2018-10-28 12:20:25 +01:00
|
|
|
#include <AK/StringBuilder.h>
|
2021-01-25 16:07:10 +01:00
|
|
|
#include <Kernel/Debug.h>
|
2020-02-16 01:50:16 +01:00
|
|
|
#include <Kernel/Devices/BlockDevice.h>
|
2019-05-30 17:46:08 +02:00
|
|
|
#include <Kernel/FileSystem/Custody.h>
|
2020-04-06 11:54:21 +03:00
|
|
|
#include <Kernel/FileSystem/FileBackedFileSystem.h>
|
2019-06-07 11:43:58 +02:00
|
|
|
#include <Kernel/FileSystem/FileDescription.h>
|
2019-06-07 19:29:34 +02:00
|
|
|
#include <Kernel/FileSystem/FileSystem.h>
|
|
|
|
|
#include <Kernel/FileSystem/VirtualFileSystem.h>
|
2020-02-16 01:27:42 +01:00
|
|
|
#include <Kernel/KSyms.h>
|
2019-06-07 11:43:58 +02:00
|
|
|
#include <Kernel/Process.h>
|
|
|
|
|
#include <LibC/errno_numbers.h>
|
2018-10-10 11:53:07 +02:00
|
|
|
|
2020-02-16 01:27:42 +01:00
|
|
|
namespace Kernel {
|
|
|
|
|
|
2020-08-24 19:35:19 -06:00
|
|
|
static AK::Singleton<VFS> s_the;
|
2019-12-24 22:39:21 +13:00
|
|
|
static constexpr int symlink_recursion_limit { 5 }; // FIXME: increase?
|
2020-05-28 18:06:13 +03:00
|
|
|
static constexpr int root_mount_flags = MS_NODEV | MS_NOSUID | MS_RDONLY;
|
2018-10-18 10:27:07 +02:00
|
|
|
|
2021-02-19 18:41:50 +01:00
|
|
|
UNMAP_AFTER_INIT void VFS::initialize()
|
2020-08-24 19:35:19 -06:00
|
|
|
{
|
|
|
|
|
s_the.ensure_instance();
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-15 14:43:10 +01:00
|
|
|
VFS& VFS::the()
|
2018-10-18 10:27:07 +02:00
|
|
|
{
|
|
|
|
|
return *s_the;
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-19 18:41:50 +01:00
|
|
|
UNMAP_AFTER_INIT VFS::VFS()
|
2018-10-10 11:53:07 +02:00
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-19 18:41:50 +01:00
|
|
|
UNMAP_AFTER_INIT VFS::~VFS()
|
2018-10-10 11:53:07 +02:00
|
|
|
{
|
2018-10-30 15:33:37 +01:00
|
|
|
}
|
|
|
|
|
|
2018-11-18 23:28:43 +01:00
|
|
|
InodeIdentifier VFS::root_inode_id() const
|
|
|
|
|
{
|
2021-02-23 20:42:32 +01:00
|
|
|
VERIFY(m_root_inode);
|
2019-01-16 12:57:07 +01:00
|
|
|
return m_root_inode->identifier();
|
2018-11-18 23:28:43 +01:00
|
|
|
}
|
|
|
|
|
|
2020-01-11 18:25:26 +03:00
|
|
|
KResult VFS::mount(FS& file_system, Custody& mount_point, int flags)
|
2019-08-02 19:03:50 +02:00
|
|
|
{
|
2021-04-24 15:27:32 -07:00
|
|
|
Locker locker(m_lock);
|
2020-05-28 18:46:16 +03:00
|
|
|
|
2019-08-02 19:03:50 +02:00
|
|
|
auto& inode = mount_point.inode();
|
2021-01-10 15:17:54 +01:00
|
|
|
dbgln("VFS: Mounting {} at {} (inode: {}) with flags {}",
|
|
|
|
|
file_system.class_name(),
|
|
|
|
|
mount_point.absolute_path(),
|
|
|
|
|
inode.identifier(),
|
|
|
|
|
flags);
|
2019-08-02 19:03:50 +02:00
|
|
|
// FIXME: check that this is not already a mount point
|
2020-01-11 18:25:26 +03:00
|
|
|
Mount mount { file_system, &mount_point, flags };
|
2019-08-02 19:03:50 +02:00
|
|
|
m_mounts.append(move(mount));
|
|
|
|
|
return KSuccess;
|
|
|
|
|
}
|
|
|
|
|
|
2020-01-12 19:22:24 +03:00
|
|
|
KResult VFS::bind_mount(Custody& source, Custody& mount_point, int flags)
|
2020-01-11 19:08:35 +03:00
|
|
|
{
|
2021-04-24 15:27:32 -07:00
|
|
|
Locker locker(m_lock);
|
2020-05-28 18:46:16 +03:00
|
|
|
|
2021-01-10 15:17:54 +01:00
|
|
|
dbgln("VFS: Bind-mounting {} at {}", source.absolute_path(), mount_point.absolute_path());
|
2020-01-11 19:08:35 +03:00
|
|
|
// FIXME: check that this is not already a mount point
|
2020-01-12 19:22:24 +03:00
|
|
|
Mount mount { source.inode(), mount_point, flags };
|
2020-01-11 19:08:35 +03:00
|
|
|
m_mounts.append(move(mount));
|
|
|
|
|
return KSuccess;
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-28 21:12:13 +03:00
|
|
|
KResult VFS::remount(Custody& mount_point, int new_flags)
|
|
|
|
|
{
|
2021-04-24 15:27:32 -07:00
|
|
|
Locker locker(m_lock);
|
2020-05-28 21:12:13 +03:00
|
|
|
|
2021-01-10 15:17:54 +01:00
|
|
|
dbgln("VFS: Remounting {}", mount_point.absolute_path());
|
2020-05-28 21:12:13 +03:00
|
|
|
|
2020-06-25 00:16:24 +03:00
|
|
|
Mount* mount = find_mount_for_guest(mount_point.inode());
|
2020-05-28 21:12:13 +03:00
|
|
|
if (!mount)
|
2021-01-20 23:11:17 +01:00
|
|
|
return ENODEV;
|
2020-05-28 21:12:13 +03:00
|
|
|
|
|
|
|
|
mount->set_flags(new_flags);
|
|
|
|
|
return KSuccess;
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-25 00:16:24 +03:00
|
|
|
KResult VFS::unmount(Inode& guest_inode)
|
2019-08-11 23:56:39 +10:00
|
|
|
{
|
2021-04-24 15:27:32 -07:00
|
|
|
Locker locker(m_lock);
|
2021-01-10 15:17:54 +01:00
|
|
|
dbgln("VFS: unmount called with inode {}", guest_inode.identifier());
|
2019-08-17 14:24:50 +02:00
|
|
|
|
2020-02-25 14:49:47 +01:00
|
|
|
for (size_t i = 0; i < m_mounts.size(); ++i) {
|
2019-08-17 14:24:50 +02:00
|
|
|
auto& mount = m_mounts.at(i);
|
2020-06-25 00:16:24 +03:00
|
|
|
if (&mount.guest() == &guest_inode) {
|
2021-04-11 00:40:38 +02:00
|
|
|
if (auto result = mount.guest_fs().prepare_to_unmount(); result.is_error()) {
|
2021-01-09 18:51:44 +01:00
|
|
|
dbgln("VFS: Failed to unmount!");
|
2019-08-17 14:24:50 +02:00
|
|
|
return result;
|
2019-08-11 23:56:39 +10:00
|
|
|
}
|
2021-01-10 15:17:54 +01:00
|
|
|
dbgln("VFS: found fs {} at mount index {}! Unmounting...", mount.guest_fs().fsid(), i);
|
2020-07-02 11:51:46 +03:00
|
|
|
m_mounts.unstable_take(i);
|
2019-08-11 23:56:39 +10:00
|
|
|
return KSuccess;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-14 00:10:32 +01:00
|
|
|
dbgln("VFS: Nothing mounted on inode {}", guest_inode.identifier());
|
2021-01-20 23:11:17 +01:00
|
|
|
return ENODEV;
|
2019-08-11 23:56:39 +10:00
|
|
|
}
|
|
|
|
|
|
2020-01-11 18:05:24 +03:00
|
|
|
bool VFS::mount_root(FS& file_system)
|
2018-10-10 11:53:07 +02:00
|
|
|
{
|
2019-01-16 12:57:07 +01:00
|
|
|
if (m_root_inode) {
|
2021-03-09 20:17:57 +01:00
|
|
|
dmesgln("VFS: mount_root can't mount another root");
|
2018-10-10 11:53:07 +02:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-28 18:06:13 +03:00
|
|
|
Mount mount { file_system, nullptr, root_mount_flags };
|
2018-10-10 11:53:07 +02:00
|
|
|
|
2020-06-24 23:35:56 +03:00
|
|
|
auto root_inode = file_system.root_inode();
|
2019-01-16 12:57:07 +01:00
|
|
|
if (!root_inode->is_directory()) {
|
2021-03-09 20:17:57 +01:00
|
|
|
dmesgln("VFS: root inode ({}) for / is not a directory :(", root_inode->identifier());
|
2018-10-10 11:53:07 +02:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-16 12:57:07 +01:00
|
|
|
m_root_inode = move(root_inode);
|
2021-03-09 20:17:57 +01:00
|
|
|
dmesgln("VFS: mounted root from {} ({})", file_system.class_name(), static_cast<FileBackedFS&>(file_system).file_description().absolute_path());
|
2018-10-10 11:53:07 +02:00
|
|
|
|
2018-10-17 11:40:58 +02:00
|
|
|
m_mounts.append(move(mount));
|
2021-05-10 00:28:23 -07:00
|
|
|
|
|
|
|
|
auto root_custody = Custody::create(nullptr, "", *m_root_inode, root_mount_flags);
|
|
|
|
|
if (root_custody.is_error())
|
|
|
|
|
return false;
|
|
|
|
|
m_root_custody = root_custody.release_value();
|
|
|
|
|
|
2018-10-10 11:53:07 +02:00
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-25 00:16:24 +03:00
|
|
|
auto VFS::find_mount_for_host(Inode& inode) -> Mount*
|
2018-10-10 11:53:07 +02:00
|
|
|
{
|
|
|
|
|
for (auto& mount : m_mounts) {
|
2020-06-25 00:16:24 +03:00
|
|
|
if (mount.host() == &inode)
|
2019-07-24 09:15:33 +02:00
|
|
|
return &mount;
|
2018-10-10 11:53:07 +02:00
|
|
|
}
|
|
|
|
|
return nullptr;
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-25 00:16:24 +03:00
|
|
|
auto VFS::find_mount_for_host(InodeIdentifier id) -> Mount*
|
2018-10-10 11:53:07 +02:00
|
|
|
{
|
|
|
|
|
for (auto& mount : m_mounts) {
|
2020-06-25 00:16:24 +03:00
|
|
|
if (mount.host() && mount.host()->identifier() == id)
|
|
|
|
|
return &mount;
|
|
|
|
|
}
|
|
|
|
|
return nullptr;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
auto VFS::find_mount_for_guest(Inode& inode) -> Mount*
|
|
|
|
|
{
|
|
|
|
|
for (auto& mount : m_mounts) {
|
|
|
|
|
if (&mount.guest() == &inode)
|
|
|
|
|
return &mount;
|
|
|
|
|
}
|
|
|
|
|
return nullptr;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
auto VFS::find_mount_for_guest(InodeIdentifier id) -> Mount*
|
|
|
|
|
{
|
|
|
|
|
for (auto& mount : m_mounts) {
|
|
|
|
|
if (mount.guest().identifier() == id)
|
2019-07-24 09:15:33 +02:00
|
|
|
return &mount;
|
2018-10-10 11:53:07 +02:00
|
|
|
}
|
|
|
|
|
return nullptr;
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-15 14:43:10 +01:00
|
|
|
bool VFS::is_vfs_root(InodeIdentifier inode) const
|
2018-10-10 11:53:07 +02:00
|
|
|
{
|
2019-01-16 12:57:07 +01:00
|
|
|
return inode == root_inode_id();
|
2018-10-10 11:53:07 +02:00
|
|
|
}
|
|
|
|
|
|
2020-08-18 12:41:27 +02:00
|
|
|
KResult VFS::traverse_directory_inode(Inode& dir_inode, Function<bool(const FS::DirectoryEntryView&)> callback)
|
2018-10-10 11:53:07 +02:00
|
|
|
{
|
2020-08-18 12:41:27 +02:00
|
|
|
return dir_inode.traverse_as_directory([&](auto& entry) {
|
2019-01-31 17:31:23 +01:00
|
|
|
InodeIdentifier resolved_inode;
|
2018-11-15 15:10:12 +01:00
|
|
|
if (auto mount = find_mount_for_host(entry.inode))
|
2020-06-25 00:16:24 +03:00
|
|
|
resolved_inode = mount->guest().identifier();
|
2018-10-10 11:53:07 +02:00
|
|
|
else
|
2019-01-31 17:31:23 +01:00
|
|
|
resolved_inode = entry.inode;
|
2018-10-10 11:53:07 +02:00
|
|
|
|
2020-01-15 14:06:48 +03:00
|
|
|
// FIXME: This is now broken considering chroot and bind mounts.
|
2020-06-24 23:35:56 +03:00
|
|
|
bool is_root_inode = dir_inode.identifier() == dir_inode.fs().root_inode()->identifier();
|
2020-08-18 12:41:27 +02:00
|
|
|
if (is_root_inode && !is_vfs_root(dir_inode.identifier()) && entry.name == "..") {
|
2020-07-02 12:46:07 +03:00
|
|
|
auto mount = find_mount_for_guest(dir_inode);
|
2021-02-23 20:42:32 +01:00
|
|
|
VERIFY(mount);
|
|
|
|
|
VERIFY(mount->host());
|
2020-06-25 00:16:24 +03:00
|
|
|
resolved_inode = mount->host()->identifier();
|
2018-10-10 11:53:07 +02:00
|
|
|
}
|
2020-08-18 12:41:27 +02:00
|
|
|
callback({ entry.name, resolved_inode, entry.file_type });
|
2018-10-10 11:53:07 +02:00
|
|
|
return true;
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-30 18:58:59 +02:00
|
|
|
KResult VFS::utime(StringView path, Custody& base, time_t atime, time_t mtime)
|
2019-02-21 16:37:41 +01:00
|
|
|
{
|
2020-05-28 17:56:25 +03:00
|
|
|
auto custody_or_error = VFS::the().resolve_path(move(path), base);
|
|
|
|
|
if (custody_or_error.is_error())
|
|
|
|
|
return custody_or_error.error();
|
|
|
|
|
auto& custody = *custody_or_error.value();
|
|
|
|
|
auto& inode = custody.inode();
|
2020-06-28 15:34:31 -06:00
|
|
|
auto current_process = Process::current();
|
|
|
|
|
if (!current_process->is_superuser() && inode.metadata().uid != current_process->euid())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EACCES;
|
2020-05-28 17:56:25 +03:00
|
|
|
if (custody.is_readonly())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EROFS;
|
2019-03-06 22:14:31 +01:00
|
|
|
|
2021-04-30 15:51:06 +02:00
|
|
|
if (auto result = inode.set_atime(atime); result.is_error())
|
|
|
|
|
return result;
|
|
|
|
|
if (auto result = inode.set_mtime(mtime); result.is_error())
|
|
|
|
|
return result;
|
2019-02-25 20:47:56 +01:00
|
|
|
return KSuccess;
|
2019-02-21 16:37:41 +01:00
|
|
|
}
|
|
|
|
|
|
2019-08-02 19:23:23 +02:00
|
|
|
KResultOr<InodeMetadata> VFS::lookup_metadata(StringView path, Custody& base, int options)
|
2019-02-21 16:09:12 +01:00
|
|
|
{
|
2019-05-31 15:30:09 +02:00
|
|
|
auto custody_or_error = resolve_path(path, base, nullptr, options);
|
2019-05-30 18:58:59 +02:00
|
|
|
if (custody_or_error.is_error())
|
|
|
|
|
return custody_or_error.error();
|
2019-08-02 19:23:23 +02:00
|
|
|
return custody_or_error.value()->inode().metadata();
|
2019-02-21 16:09:12 +01:00
|
|
|
}
|
|
|
|
|
|
2020-01-03 20:13:21 +01:00
|
|
|
KResultOr<NonnullRefPtr<FileDescription>> VFS::open(StringView path, int options, mode_t mode, Custody& base, Optional<UidAndGid> owner)
|
2018-10-10 11:53:07 +02:00
|
|
|
{
|
2020-01-03 02:23:50 +01:00
|
|
|
if ((options & O_CREAT) && (options & O_DIRECTORY))
|
2021-01-20 23:11:17 +01:00
|
|
|
return EINVAL;
|
2020-01-03 02:23:50 +01:00
|
|
|
|
2019-06-21 18:37:47 +02:00
|
|
|
RefPtr<Custody> parent_custody;
|
2019-06-09 19:52:03 +02:00
|
|
|
auto custody_or_error = resolve_path(path, base, &parent_custody, options);
|
2019-02-14 14:38:30 +01:00
|
|
|
if (options & O_CREAT) {
|
2019-06-09 19:52:03 +02:00
|
|
|
if (!parent_custody)
|
2021-01-20 23:11:17 +01:00
|
|
|
return ENOENT;
|
2019-06-09 19:52:03 +02:00
|
|
|
if (custody_or_error.is_error()) {
|
|
|
|
|
if (custody_or_error.error() != -ENOENT)
|
|
|
|
|
return custody_or_error.error();
|
2020-01-03 20:13:21 +01:00
|
|
|
return create(path, options, mode, *parent_custody, move(owner));
|
2019-06-09 19:52:03 +02:00
|
|
|
}
|
2019-03-06 22:14:31 +01:00
|
|
|
if (options & O_EXCL)
|
2021-01-20 23:11:17 +01:00
|
|
|
return EEXIST;
|
2019-01-22 00:58:13 +01:00
|
|
|
}
|
2019-05-30 18:58:59 +02:00
|
|
|
if (custody_or_error.is_error())
|
|
|
|
|
return custody_or_error.error();
|
2019-02-21 16:09:12 +01:00
|
|
|
|
2019-05-30 18:58:59 +02:00
|
|
|
auto& custody = *custody_or_error.value();
|
|
|
|
|
auto& inode = custody.inode();
|
|
|
|
|
auto metadata = inode.metadata();
|
2019-03-27 16:42:30 +01:00
|
|
|
|
2020-01-03 02:23:11 +01:00
|
|
|
if ((options & O_DIRECTORY) && !metadata.is_directory())
|
2021-01-20 23:11:17 +01:00
|
|
|
return ENOTDIR;
|
2020-01-03 02:23:11 +01:00
|
|
|
|
2019-03-27 16:42:30 +01:00
|
|
|
bool should_truncate_file = false;
|
2019-02-21 16:09:12 +01:00
|
|
|
|
2020-06-28 15:34:31 -06:00
|
|
|
auto current_process = Process::current();
|
|
|
|
|
if ((options & O_RDONLY) && !metadata.may_read(*current_process))
|
2021-01-20 23:11:17 +01:00
|
|
|
return EACCES;
|
2020-01-21 13:14:26 +01:00
|
|
|
|
|
|
|
|
if (options & O_WRONLY) {
|
2020-06-28 15:34:31 -06:00
|
|
|
if (!metadata.may_write(*current_process))
|
2021-01-20 23:11:17 +01:00
|
|
|
return EACCES;
|
2019-03-06 22:14:31 +01:00
|
|
|
if (metadata.is_directory())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EISDIR;
|
2019-03-27 16:42:30 +01:00
|
|
|
should_truncate_file = options & O_TRUNC;
|
2019-02-21 15:45:31 +01:00
|
|
|
}
|
2020-01-11 18:33:35 +03:00
|
|
|
if (options & O_EXEC) {
|
2020-06-28 15:34:31 -06:00
|
|
|
if (!metadata.may_execute(*current_process) || (custody.mount_flags() & MS_NOEXEC))
|
2021-01-20 23:11:17 +01:00
|
|
|
return EACCES;
|
2020-01-11 18:33:35 +03:00
|
|
|
}
|
2019-02-21 16:09:12 +01:00
|
|
|
|
2020-01-15 14:03:14 +03:00
|
|
|
if (auto preopen_fd = inode.preopen_fd())
|
|
|
|
|
return *preopen_fd;
|
|
|
|
|
|
2020-07-16 15:23:03 -06:00
|
|
|
if (metadata.is_fifo()) {
|
2020-12-31 02:10:31 +01:00
|
|
|
auto fifo = inode.fifo();
|
2020-07-16 15:23:03 -06:00
|
|
|
if (options & O_WRONLY) {
|
2020-09-17 13:51:09 -06:00
|
|
|
auto open_result = fifo->open_direction_blocking(FIFO::Direction::Writer);
|
|
|
|
|
if (open_result.is_error())
|
|
|
|
|
return open_result.error();
|
|
|
|
|
auto& description = open_result.value();
|
2020-07-16 15:23:03 -06:00
|
|
|
description->set_rw_mode(options);
|
|
|
|
|
description->set_file_flags(options);
|
|
|
|
|
description->set_original_inode({}, inode);
|
|
|
|
|
return description;
|
|
|
|
|
} else if (options & O_RDONLY) {
|
2020-09-17 13:51:09 -06:00
|
|
|
auto open_result = fifo->open_direction_blocking(FIFO::Direction::Reader);
|
|
|
|
|
if (open_result.is_error())
|
|
|
|
|
return open_result.error();
|
|
|
|
|
auto& description = open_result.value();
|
2020-07-16 15:23:03 -06:00
|
|
|
description->set_rw_mode(options);
|
|
|
|
|
description->set_file_flags(options);
|
|
|
|
|
description->set_original_inode({}, inode);
|
|
|
|
|
return description;
|
|
|
|
|
}
|
2021-01-20 23:11:17 +01:00
|
|
|
return EINVAL;
|
2020-07-16 15:23:03 -06:00
|
|
|
}
|
|
|
|
|
|
2019-02-21 16:09:12 +01:00
|
|
|
if (metadata.is_device()) {
|
2020-01-11 18:45:38 +03:00
|
|
|
if (custody.mount_flags() & MS_NODEV)
|
2021-01-20 23:11:17 +01:00
|
|
|
return EACCES;
|
2019-08-18 14:48:15 +03:00
|
|
|
auto device = Device::get_device(metadata.major_device, metadata.minor_device);
|
|
|
|
|
if (device == nullptr) {
|
2021-01-20 23:11:17 +01:00
|
|
|
return ENODEV;
|
2019-01-16 12:57:07 +01:00
|
|
|
}
|
2019-08-18 14:48:15 +03:00
|
|
|
auto descriptor_or_error = device->open(options);
|
2019-03-20 02:55:12 +01:00
|
|
|
if (descriptor_or_error.is_error())
|
|
|
|
|
return descriptor_or_error.error();
|
2019-05-31 15:44:04 +02:00
|
|
|
descriptor_or_error.value()->set_original_inode({}, inode);
|
2019-03-20 02:55:12 +01:00
|
|
|
return descriptor_or_error;
|
2019-01-16 12:57:07 +01:00
|
|
|
}
|
2020-05-28 17:56:25 +03:00
|
|
|
|
|
|
|
|
// Check for read-only FS. Do this after handling preopen FD and devices,
|
|
|
|
|
// but before modifying the inode in any way.
|
|
|
|
|
if ((options & O_WRONLY) && custody.is_readonly())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EROFS;
|
2020-05-28 17:56:25 +03:00
|
|
|
|
2020-01-08 13:57:22 +01:00
|
|
|
if (should_truncate_file) {
|
2021-04-30 15:51:06 +02:00
|
|
|
if (auto result = inode.truncate(0); result.is_error())
|
|
|
|
|
return result;
|
|
|
|
|
if (auto result = inode.set_mtime(kgettimeofday().to_truncated_seconds()); result.is_error())
|
2020-08-05 02:07:31 -07:00
|
|
|
return result;
|
2020-01-08 13:57:22 +01:00
|
|
|
}
|
2020-01-19 01:15:52 +03:00
|
|
|
auto description = FileDescription::create(custody);
|
2020-09-17 13:51:09 -06:00
|
|
|
if (!description.is_error()) {
|
|
|
|
|
description.value()->set_rw_mode(options);
|
|
|
|
|
description.value()->set_file_flags(options);
|
|
|
|
|
}
|
2020-01-19 01:15:52 +03:00
|
|
|
return description;
|
2018-10-10 11:53:07 +02:00
|
|
|
}
|
|
|
|
|
|
2019-05-30 18:58:59 +02:00
|
|
|
KResult VFS::mknod(StringView path, mode_t mode, dev_t dev, Custody& base)
|
2019-05-03 22:59:58 +02:00
|
|
|
{
|
|
|
|
|
if (!is_regular_file(mode) && !is_block_device(mode) && !is_character_device(mode) && !is_fifo(mode) && !is_socket(mode))
|
2021-01-20 23:11:17 +01:00
|
|
|
return EINVAL;
|
2019-05-03 22:59:58 +02:00
|
|
|
|
2019-06-21 18:37:47 +02:00
|
|
|
RefPtr<Custody> parent_custody;
|
2019-05-31 15:30:09 +02:00
|
|
|
auto existing_file_or_error = resolve_path(path, base, &parent_custody);
|
2019-05-03 22:59:58 +02:00
|
|
|
if (!existing_file_or_error.is_error())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EEXIST;
|
2019-05-30 18:58:59 +02:00
|
|
|
if (!parent_custody)
|
2021-01-20 23:11:17 +01:00
|
|
|
return ENOENT;
|
2019-05-03 22:59:58 +02:00
|
|
|
if (existing_file_or_error.error() != -ENOENT)
|
|
|
|
|
return existing_file_or_error.error();
|
2019-05-30 18:58:59 +02:00
|
|
|
auto& parent_inode = parent_custody->inode();
|
2020-06-28 15:34:31 -06:00
|
|
|
auto current_process = Process::current();
|
|
|
|
|
if (!parent_inode.metadata().may_write(*current_process))
|
2021-01-20 23:11:17 +01:00
|
|
|
return EACCES;
|
2020-05-28 17:56:25 +03:00
|
|
|
if (parent_custody->is_readonly())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EROFS;
|
2019-05-03 22:59:58 +02:00
|
|
|
|
2020-05-26 14:52:44 +03:00
|
|
|
LexicalPath p(path);
|
2021-01-10 15:17:54 +01:00
|
|
|
dbgln("VFS::mknod: '{}' mode={} dev={} in {}", p.basename(), mode, dev, parent_inode.identifier());
|
2021-01-21 09:56:18 +01:00
|
|
|
return parent_inode.create_child(p.basename(), mode, dev, current_process->euid(), current_process->egid()).result();
|
2019-05-03 22:59:58 +02:00
|
|
|
}
|
|
|
|
|
|
2020-01-03 20:13:21 +01:00
|
|
|
KResultOr<NonnullRefPtr<FileDescription>> VFS::create(StringView path, int options, mode_t mode, Custody& parent_custody, Optional<UidAndGid> owner)
|
2018-10-10 11:53:07 +02:00
|
|
|
{
|
2021-02-07 05:11:44 +11:00
|
|
|
LexicalPath p(path);
|
2021-04-11 00:40:38 +02:00
|
|
|
if (auto result = validate_path_against_process_veil(String::formatted("{}/{}", parent_custody.absolute_path(), p.basename()), options); result.is_error())
|
2020-04-04 16:40:36 +02:00
|
|
|
return result;
|
|
|
|
|
|
2021-01-24 08:31:18 +01:00
|
|
|
if (!is_socket(mode) && !is_fifo(mode) && !is_block_device(mode) && !is_character_device(mode)) {
|
|
|
|
|
// Turn it into a regular file. (This feels rather hackish.)
|
|
|
|
|
mode |= 0100000;
|
|
|
|
|
}
|
2019-01-23 04:29:56 +01:00
|
|
|
|
2019-06-09 19:52:03 +02:00
|
|
|
auto& parent_inode = parent_custody.inode();
|
2020-06-28 15:34:31 -06:00
|
|
|
auto current_process = Process::current();
|
|
|
|
|
if (!parent_inode.metadata().may_write(*current_process))
|
2021-01-20 23:11:17 +01:00
|
|
|
return EACCES;
|
2020-05-28 17:56:25 +03:00
|
|
|
if (parent_custody.is_readonly())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EROFS;
|
2020-05-28 17:56:25 +03:00
|
|
|
|
2021-02-07 15:33:24 +03:30
|
|
|
dbgln_if(VFS_DEBUG, "VFS::create: '{}' in {}", p.basename(), parent_inode.identifier());
|
2021-01-21 09:56:18 +01:00
|
|
|
uid_t uid = owner.has_value() ? owner.value().uid : current_process->euid();
|
|
|
|
|
gid_t gid = owner.has_value() ? owner.value().gid : current_process->egid();
|
2020-06-24 23:35:56 +03:00
|
|
|
auto inode_or_error = parent_inode.create_child(p.basename(), mode, 0, uid, gid);
|
2020-02-08 11:58:28 +01:00
|
|
|
if (inode_or_error.is_error())
|
|
|
|
|
return inode_or_error.error();
|
2019-01-22 00:58:13 +01:00
|
|
|
|
2020-02-08 11:58:28 +01:00
|
|
|
auto new_custody = Custody::create(&parent_custody, p.basename(), inode_or_error.value(), parent_custody.mount_flags());
|
2021-05-10 00:28:23 -07:00
|
|
|
if (new_custody.is_error())
|
|
|
|
|
return new_custody.error();
|
|
|
|
|
auto description = FileDescription::create(*new_custody.release_value());
|
2020-09-17 13:51:09 -06:00
|
|
|
if (!description.is_error()) {
|
|
|
|
|
description.value()->set_rw_mode(options);
|
|
|
|
|
description.value()->set_file_flags(options);
|
|
|
|
|
}
|
2020-01-19 01:15:52 +03:00
|
|
|
return description;
|
2018-10-16 00:35:03 +02:00
|
|
|
}
|
|
|
|
|
|
2019-05-30 18:58:59 +02:00
|
|
|
KResult VFS::mkdir(StringView path, mode_t mode, Custody& base)
|
2018-10-16 00:35:03 +02:00
|
|
|
{
|
2020-02-20 17:28:36 +03:00
|
|
|
// Unlike in basically every other case, where it's only the last
|
|
|
|
|
// path component (the one being created) that is allowed not to
|
|
|
|
|
// exist, POSIX allows mkdir'ed path to have trailing slashes.
|
|
|
|
|
// Let's handle that case by trimming any trailing slashes.
|
|
|
|
|
while (path.length() > 1 && path.ends_with("/"))
|
|
|
|
|
path = path.substring_view(0, path.length() - 1);
|
|
|
|
|
|
2019-06-21 18:37:47 +02:00
|
|
|
RefPtr<Custody> parent_custody;
|
2021-04-11 00:40:38 +02:00
|
|
|
if (auto result = resolve_path(path, base, &parent_custody); !result.is_error())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EEXIST;
|
2021-04-11 00:40:38 +02:00
|
|
|
else if (!parent_custody)
|
2021-01-20 23:11:17 +01:00
|
|
|
return ENOENT;
|
2021-04-11 00:40:38 +02:00
|
|
|
else if (result.error() != -ENOENT)
|
2019-02-25 20:47:56 +01:00
|
|
|
return result.error();
|
|
|
|
|
|
2019-05-30 18:58:59 +02:00
|
|
|
auto& parent_inode = parent_custody->inode();
|
2020-06-28 15:34:31 -06:00
|
|
|
auto current_process = Process::current();
|
|
|
|
|
if (!parent_inode.metadata().may_write(*current_process))
|
2021-01-20 23:11:17 +01:00
|
|
|
return EACCES;
|
2020-05-28 17:56:25 +03:00
|
|
|
if (parent_custody->is_readonly())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EROFS;
|
2019-02-21 15:45:31 +01:00
|
|
|
|
2020-05-26 14:52:44 +03:00
|
|
|
LexicalPath p(path);
|
2021-02-07 15:33:24 +03:30
|
|
|
dbgln_if(VFS_DEBUG, "VFS::mkdir: '{}' in {}", p.basename(), parent_inode.identifier());
|
2021-01-21 09:56:18 +01:00
|
|
|
return parent_inode.create_child(p.basename(), S_IFDIR | mode, 0, current_process->euid(), current_process->egid()).result();
|
2018-10-10 11:53:07 +02:00
|
|
|
}
|
|
|
|
|
|
2019-05-30 18:58:59 +02:00
|
|
|
KResult VFS::access(StringView path, int mode, Custody& base)
|
2019-02-26 15:57:59 +01:00
|
|
|
{
|
2019-05-31 15:30:09 +02:00
|
|
|
auto custody_or_error = resolve_path(path, base);
|
2019-05-30 18:58:59 +02:00
|
|
|
if (custody_or_error.is_error())
|
|
|
|
|
return custody_or_error.error();
|
|
|
|
|
auto& custody = *custody_or_error.value();
|
|
|
|
|
auto& inode = custody.inode();
|
|
|
|
|
auto metadata = inode.metadata();
|
2020-06-28 15:34:31 -06:00
|
|
|
auto current_process = Process::current();
|
2019-02-26 15:57:59 +01:00
|
|
|
if (mode & R_OK) {
|
2020-06-28 15:34:31 -06:00
|
|
|
if (!metadata.may_read(*current_process))
|
2021-01-20 23:11:17 +01:00
|
|
|
return EACCES;
|
2019-02-26 15:57:59 +01:00
|
|
|
}
|
|
|
|
|
if (mode & W_OK) {
|
2020-06-28 15:34:31 -06:00
|
|
|
if (!metadata.may_write(*current_process))
|
2021-01-20 23:11:17 +01:00
|
|
|
return EACCES;
|
2020-05-28 17:56:25 +03:00
|
|
|
if (custody.is_readonly())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EROFS;
|
2019-02-26 15:57:59 +01:00
|
|
|
}
|
|
|
|
|
if (mode & X_OK) {
|
2020-06-28 15:34:31 -06:00
|
|
|
if (!metadata.may_execute(*current_process))
|
2021-01-20 23:11:17 +01:00
|
|
|
return EACCES;
|
2019-02-26 15:57:59 +01:00
|
|
|
}
|
|
|
|
|
return KSuccess;
|
|
|
|
|
}
|
|
|
|
|
|
2019-06-21 18:37:47 +02:00
|
|
|
KResultOr<NonnullRefPtr<Custody>> VFS::open_directory(StringView path, Custody& base)
|
2019-03-01 23:54:07 +01:00
|
|
|
{
|
2019-05-31 15:30:09 +02:00
|
|
|
auto inode_or_error = resolve_path(path, base);
|
2019-03-01 23:54:07 +01:00
|
|
|
if (inode_or_error.is_error())
|
|
|
|
|
return inode_or_error.error();
|
2019-05-30 18:58:59 +02:00
|
|
|
auto& custody = *inode_or_error.value();
|
|
|
|
|
auto& inode = custody.inode();
|
|
|
|
|
if (!inode.is_directory())
|
2021-01-20 23:11:17 +01:00
|
|
|
return ENOTDIR;
|
2020-06-28 15:34:31 -06:00
|
|
|
if (!inode.metadata().may_execute(*Process::current()))
|
2021-01-20 23:11:17 +01:00
|
|
|
return EACCES;
|
2019-05-30 18:58:59 +02:00
|
|
|
return custody;
|
2019-03-01 23:54:07 +01:00
|
|
|
}
|
|
|
|
|
|
2020-05-28 17:41:04 +03:00
|
|
|
KResult VFS::chmod(Custody& custody, mode_t mode)
|
2019-01-29 04:55:08 +01:00
|
|
|
{
|
2020-05-28 17:41:04 +03:00
|
|
|
auto& inode = custody.inode();
|
2019-02-21 15:45:31 +01:00
|
|
|
|
2020-06-28 15:34:31 -06:00
|
|
|
auto current_process = Process::current();
|
|
|
|
|
if (current_process->euid() != inode.metadata().uid && !current_process->is_superuser())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EPERM;
|
2020-05-28 17:56:25 +03:00
|
|
|
if (custody.is_readonly())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EROFS;
|
2019-01-29 04:55:08 +01:00
|
|
|
|
|
|
|
|
// Only change the permission bits.
|
2021-01-19 18:21:43 +01:00
|
|
|
mode = (inode.mode() & ~07777u) | (mode & 07777u);
|
2019-03-01 10:39:19 +01:00
|
|
|
return inode.chmod(mode);
|
|
|
|
|
}
|
2019-01-29 04:55:08 +01:00
|
|
|
|
2019-05-30 18:58:59 +02:00
|
|
|
KResult VFS::chmod(StringView path, mode_t mode, Custody& base)
|
2019-03-01 10:39:19 +01:00
|
|
|
{
|
2019-05-31 15:30:09 +02:00
|
|
|
auto custody_or_error = resolve_path(path, base);
|
2019-05-30 18:58:59 +02:00
|
|
|
if (custody_or_error.is_error())
|
|
|
|
|
return custody_or_error.error();
|
|
|
|
|
auto& custody = *custody_or_error.value();
|
2020-05-28 17:41:04 +03:00
|
|
|
return chmod(custody, mode);
|
2019-02-25 20:47:56 +01:00
|
|
|
}
|
|
|
|
|
|
2019-05-30 18:58:59 +02:00
|
|
|
KResult VFS::rename(StringView old_path, StringView new_path, Custody& base)
|
2019-04-07 23:35:26 +02:00
|
|
|
{
|
2019-06-21 18:37:47 +02:00
|
|
|
RefPtr<Custody> old_parent_custody;
|
2020-12-27 15:38:07 +01:00
|
|
|
auto old_custody_or_error = resolve_path(old_path, base, &old_parent_custody, O_NOFOLLOW_NOERROR);
|
2019-05-30 18:58:59 +02:00
|
|
|
if (old_custody_or_error.is_error())
|
|
|
|
|
return old_custody_or_error.error();
|
|
|
|
|
auto& old_custody = *old_custody_or_error.value();
|
|
|
|
|
auto& old_inode = old_custody.inode();
|
2019-04-07 23:35:26 +02:00
|
|
|
|
2019-06-21 18:37:47 +02:00
|
|
|
RefPtr<Custody> new_parent_custody;
|
2019-05-31 15:30:09 +02:00
|
|
|
auto new_custody_or_error = resolve_path(new_path, base, &new_parent_custody);
|
2019-05-30 18:58:59 +02:00
|
|
|
if (new_custody_or_error.is_error()) {
|
2020-02-20 17:33:14 +03:00
|
|
|
if (new_custody_or_error.error() != -ENOENT || !new_parent_custody)
|
2019-05-30 18:58:59 +02:00
|
|
|
return new_custody_or_error.error();
|
2019-04-07 23:35:26 +02:00
|
|
|
}
|
|
|
|
|
|
2021-05-06 18:35:34 +01:00
|
|
|
if (!old_parent_custody || !new_parent_custody) {
|
|
|
|
|
return EPERM;
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-30 18:58:59 +02:00
|
|
|
auto& old_parent_inode = old_parent_custody->inode();
|
|
|
|
|
auto& new_parent_inode = new_parent_custody->inode();
|
|
|
|
|
|
2020-01-03 04:10:05 +01:00
|
|
|
if (&old_parent_inode.fs() != &new_parent_inode.fs())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EXDEV;
|
2020-01-03 04:10:05 +01:00
|
|
|
|
2020-11-01 17:17:23 +01:00
|
|
|
for (auto* new_ancestor = new_parent_custody.ptr(); new_ancestor; new_ancestor = new_ancestor->parent()) {
|
|
|
|
|
if (&old_inode == &new_ancestor->inode())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EDIRINTOSELF;
|
2020-11-01 17:17:23 +01:00
|
|
|
}
|
|
|
|
|
|
2020-06-28 15:34:31 -06:00
|
|
|
auto current_process = Process::current();
|
|
|
|
|
if (!new_parent_inode.metadata().may_write(*current_process))
|
2021-01-20 23:11:17 +01:00
|
|
|
return EACCES;
|
2019-04-07 23:35:26 +02:00
|
|
|
|
2020-06-28 15:34:31 -06:00
|
|
|
if (!old_parent_inode.metadata().may_write(*current_process))
|
2021-01-20 23:11:17 +01:00
|
|
|
return EACCES;
|
2019-04-07 23:35:26 +02:00
|
|
|
|
2019-05-30 18:58:59 +02:00
|
|
|
if (old_parent_inode.metadata().is_sticky()) {
|
2020-06-28 15:34:31 -06:00
|
|
|
if (!current_process->is_superuser() && old_inode.metadata().uid != current_process->euid())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EACCES;
|
2019-04-28 22:54:30 +02:00
|
|
|
}
|
|
|
|
|
|
2020-05-28 17:56:25 +03:00
|
|
|
if (old_parent_custody->is_readonly() || new_parent_custody->is_readonly())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EROFS;
|
2020-05-28 17:56:25 +03:00
|
|
|
|
2020-05-26 14:52:44 +03:00
|
|
|
auto new_basename = LexicalPath(new_path).basename();
|
2019-05-31 15:22:52 +02:00
|
|
|
|
2019-05-30 18:58:59 +02:00
|
|
|
if (!new_custody_or_error.is_error()) {
|
|
|
|
|
auto& new_custody = *new_custody_or_error.value();
|
|
|
|
|
auto& new_inode = new_custody.inode();
|
2019-04-07 23:35:26 +02:00
|
|
|
// FIXME: Is this really correct? Check what other systems do.
|
2019-05-30 18:58:59 +02:00
|
|
|
if (&new_inode == &old_inode)
|
2019-04-07 23:35:26 +02:00
|
|
|
return KSuccess;
|
2019-05-30 18:58:59 +02:00
|
|
|
if (new_parent_inode.metadata().is_sticky()) {
|
2020-06-28 15:34:31 -06:00
|
|
|
if (!current_process->is_superuser() && new_inode.metadata().uid != current_process->euid())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EACCES;
|
2019-04-28 23:34:33 +02:00
|
|
|
}
|
2019-05-30 18:58:59 +02:00
|
|
|
if (new_inode.is_directory() && !old_inode.is_directory())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EISDIR;
|
2021-04-11 00:40:38 +02:00
|
|
|
if (auto result = new_parent_inode.remove_child(new_basename); result.is_error())
|
2019-04-07 23:35:26 +02:00
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-11 00:40:38 +02:00
|
|
|
if (auto result = new_parent_inode.add_child(old_inode, new_basename, old_inode.mode()); result.is_error())
|
2019-04-07 23:35:26 +02:00
|
|
|
return result;
|
|
|
|
|
|
2021-04-11 00:40:38 +02:00
|
|
|
if (auto result = old_parent_inode.remove_child(LexicalPath(old_path).basename()); result.is_error())
|
2019-04-07 23:35:26 +02:00
|
|
|
return result;
|
|
|
|
|
|
|
|
|
|
return KSuccess;
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-28 17:41:04 +03:00
|
|
|
KResult VFS::chown(Custody& custody, uid_t a_uid, gid_t a_gid)
|
2019-02-27 12:32:53 +01:00
|
|
|
{
|
2020-05-28 17:41:04 +03:00
|
|
|
auto& inode = custody.inode();
|
2019-06-02 10:31:25 +02:00
|
|
|
auto metadata = inode.metadata();
|
|
|
|
|
|
2020-06-28 15:34:31 -06:00
|
|
|
auto current_process = Process::current();
|
|
|
|
|
if (current_process->euid() != metadata.uid && !current_process->is_superuser())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EPERM;
|
2019-02-27 12:32:53 +01:00
|
|
|
|
2019-06-02 10:31:25 +02:00
|
|
|
uid_t new_uid = metadata.uid;
|
|
|
|
|
gid_t new_gid = metadata.gid;
|
2019-02-27 12:32:53 +01:00
|
|
|
|
|
|
|
|
if (a_uid != (uid_t)-1) {
|
2020-06-28 15:34:31 -06:00
|
|
|
if (current_process->euid() != a_uid && !current_process->is_superuser())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EPERM;
|
2019-02-27 12:32:53 +01:00
|
|
|
new_uid = a_uid;
|
|
|
|
|
}
|
|
|
|
|
if (a_gid != (gid_t)-1) {
|
2020-06-28 15:34:31 -06:00
|
|
|
if (!current_process->in_group(a_gid) && !current_process->is_superuser())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EPERM;
|
2019-02-27 12:32:53 +01:00
|
|
|
new_gid = a_gid;
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-28 17:56:25 +03:00
|
|
|
if (custody.is_readonly())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EROFS;
|
2020-05-28 17:56:25 +03:00
|
|
|
|
2021-03-11 12:58:26 +01:00
|
|
|
dbgln_if(VFS_DEBUG, "VFS::chown(): inode {} <- uid={} gid={}", inode.identifier(), new_uid, new_gid);
|
2020-04-04 19:46:55 +02:00
|
|
|
|
|
|
|
|
if (metadata.is_setuid() || metadata.is_setgid()) {
|
2021-03-11 12:58:26 +01:00
|
|
|
dbgln_if(VFS_DEBUG, "VFS::chown(): Stripping SUID/SGID bits from {}", inode.identifier());
|
2021-04-11 00:40:38 +02:00
|
|
|
if (auto result = inode.chmod(metadata.mode & ~(04000 | 02000)); result.is_error())
|
2020-04-04 19:46:55 +02:00
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-30 18:58:59 +02:00
|
|
|
return inode.chown(new_uid, new_gid);
|
2019-02-27 12:32:53 +01:00
|
|
|
}
|
|
|
|
|
|
2019-06-02 12:30:24 +02:00
|
|
|
KResult VFS::chown(StringView path, uid_t a_uid, gid_t a_gid, Custody& base)
|
|
|
|
|
{
|
|
|
|
|
auto custody_or_error = resolve_path(path, base);
|
|
|
|
|
if (custody_or_error.is_error())
|
|
|
|
|
return custody_or_error.error();
|
|
|
|
|
auto& custody = *custody_or_error.value();
|
2020-05-28 17:41:04 +03:00
|
|
|
return chown(custody, a_uid, a_gid);
|
2019-06-02 12:30:24 +02:00
|
|
|
}
|
|
|
|
|
|
2021-01-19 17:59:32 +01:00
|
|
|
static bool hard_link_allowed(const Inode& inode)
|
|
|
|
|
{
|
|
|
|
|
auto metadata = inode.metadata();
|
|
|
|
|
|
|
|
|
|
if (Process::current()->euid() == metadata.uid)
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
if (metadata.is_regular_file()
|
|
|
|
|
&& !metadata.is_setuid()
|
|
|
|
|
&& !(metadata.is_setgid() && metadata.mode & S_IXGRP)
|
|
|
|
|
&& metadata.may_write(*Process::current())) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-30 18:58:59 +02:00
|
|
|
KResult VFS::link(StringView old_path, StringView new_path, Custody& base)
|
2019-02-21 13:26:40 +01:00
|
|
|
{
|
2019-05-31 15:30:09 +02:00
|
|
|
auto old_custody_or_error = resolve_path(old_path, base);
|
2019-05-30 18:58:59 +02:00
|
|
|
if (old_custody_or_error.is_error())
|
|
|
|
|
return old_custody_or_error.error();
|
|
|
|
|
auto& old_custody = *old_custody_or_error.value();
|
|
|
|
|
auto& old_inode = old_custody.inode();
|
2019-02-21 13:26:40 +01:00
|
|
|
|
2019-06-21 18:37:47 +02:00
|
|
|
RefPtr<Custody> parent_custody;
|
2019-05-31 15:30:09 +02:00
|
|
|
auto new_custody_or_error = resolve_path(new_path, base, &parent_custody);
|
2019-05-30 18:58:59 +02:00
|
|
|
if (!new_custody_or_error.is_error())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EEXIST;
|
2019-01-22 07:03:44 +01:00
|
|
|
|
2019-05-30 18:58:59 +02:00
|
|
|
if (!parent_custody)
|
2021-01-20 23:11:17 +01:00
|
|
|
return ENOENT;
|
2019-02-27 15:31:26 +01:00
|
|
|
|
2019-05-30 18:58:59 +02:00
|
|
|
auto& parent_inode = parent_custody->inode();
|
|
|
|
|
|
|
|
|
|
if (parent_inode.fsid() != old_inode.fsid())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EXDEV;
|
2019-02-27 15:31:26 +01:00
|
|
|
|
2020-06-28 15:34:31 -06:00
|
|
|
if (!parent_inode.metadata().may_write(*Process::current()))
|
2021-01-20 23:11:17 +01:00
|
|
|
return EACCES;
|
2019-02-27 15:31:26 +01:00
|
|
|
|
2020-01-15 22:10:38 +01:00
|
|
|
if (old_inode.is_directory())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EPERM;
|
2020-01-15 22:10:38 +01:00
|
|
|
|
2020-05-28 17:56:25 +03:00
|
|
|
if (parent_custody->is_readonly())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EROFS;
|
2020-05-28 17:56:25 +03:00
|
|
|
|
2021-01-19 17:59:32 +01:00
|
|
|
if (!hard_link_allowed(old_inode))
|
2021-01-20 23:11:17 +01:00
|
|
|
return EPERM;
|
2021-01-19 17:59:32 +01:00
|
|
|
|
2020-06-24 23:35:56 +03:00
|
|
|
return parent_inode.add_child(old_inode, LexicalPath(new_path).basename(), old_inode.mode());
|
2019-02-21 13:26:40 +01:00
|
|
|
}
|
|
|
|
|
|
2019-05-30 18:58:59 +02:00
|
|
|
KResult VFS::unlink(StringView path, Custody& base)
|
2019-02-21 13:26:40 +01:00
|
|
|
{
|
2019-06-21 18:37:47 +02:00
|
|
|
RefPtr<Custody> parent_custody;
|
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 22:12:04 +01:00
|
|
|
auto custody_or_error = resolve_path(path, base, &parent_custody, O_NOFOLLOW_NOERROR | O_UNLINK_INTERNAL);
|
2019-05-30 18:58:59 +02:00
|
|
|
if (custody_or_error.is_error())
|
|
|
|
|
return custody_or_error.error();
|
|
|
|
|
auto& custody = *custody_or_error.value();
|
|
|
|
|
auto& inode = custody.inode();
|
2019-01-23 05:35:42 +01:00
|
|
|
|
2019-05-30 18:58:59 +02:00
|
|
|
if (inode.is_directory())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EISDIR;
|
2019-02-21 15:45:31 +01:00
|
|
|
|
2020-05-28 17:56:25 +03:00
|
|
|
// We have just checked that the inode is not a directory, and thus it's not
|
|
|
|
|
// the root. So it should have a parent. Note that this would be invalidated
|
|
|
|
|
// if we were to support bind-mounting regular files on top of the root.
|
2021-02-23 20:42:32 +01:00
|
|
|
VERIFY(parent_custody);
|
2020-05-28 17:56:25 +03:00
|
|
|
|
2019-05-30 18:58:59 +02:00
|
|
|
auto& parent_inode = parent_custody->inode();
|
2020-06-28 15:34:31 -06:00
|
|
|
auto current_process = Process::current();
|
|
|
|
|
if (!parent_inode.metadata().may_write(*current_process))
|
2021-01-20 23:11:17 +01:00
|
|
|
return EACCES;
|
2019-01-22 07:03:44 +01:00
|
|
|
|
2019-05-30 18:58:59 +02:00
|
|
|
if (parent_inode.metadata().is_sticky()) {
|
2020-06-28 15:34:31 -06:00
|
|
|
if (!current_process->is_superuser() && inode.metadata().uid != current_process->euid())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EACCES;
|
2019-04-28 22:54:30 +02:00
|
|
|
}
|
|
|
|
|
|
2020-05-28 17:56:25 +03:00
|
|
|
if (parent_custody->is_readonly())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EROFS;
|
2020-05-28 17:56:25 +03:00
|
|
|
|
2021-04-11 00:40:38 +02:00
|
|
|
if (auto result = parent_inode.remove_child(LexicalPath(path).basename()); result.is_error())
|
2019-05-31 15:22:52 +02:00
|
|
|
return result;
|
|
|
|
|
|
|
|
|
|
return KSuccess;
|
2019-01-22 07:03:44 +01:00
|
|
|
}
|
|
|
|
|
|
2019-05-30 18:58:59 +02:00
|
|
|
KResult VFS::symlink(StringView target, StringView linkpath, Custody& base)
|
2019-03-02 01:50:34 +01:00
|
|
|
{
|
2019-06-21 18:37:47 +02:00
|
|
|
RefPtr<Custody> parent_custody;
|
2019-05-31 15:30:09 +02:00
|
|
|
auto existing_custody_or_error = resolve_path(linkpath, base, &parent_custody);
|
2019-05-30 18:58:59 +02:00
|
|
|
if (!existing_custody_or_error.is_error())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EEXIST;
|
2019-05-30 18:58:59 +02:00
|
|
|
if (!parent_custody)
|
2021-01-20 23:11:17 +01:00
|
|
|
return ENOENT;
|
2019-05-30 18:58:59 +02:00
|
|
|
if (existing_custody_or_error.error() != -ENOENT)
|
|
|
|
|
return existing_custody_or_error.error();
|
|
|
|
|
auto& parent_inode = parent_custody->inode();
|
2020-06-28 15:34:31 -06:00
|
|
|
auto current_process = Process::current();
|
|
|
|
|
if (!parent_inode.metadata().may_write(*current_process))
|
2021-01-20 23:11:17 +01:00
|
|
|
return EACCES;
|
2020-05-28 17:56:25 +03:00
|
|
|
if (parent_custody->is_readonly())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EROFS;
|
2019-03-02 01:50:34 +01:00
|
|
|
|
2020-05-26 14:52:44 +03:00
|
|
|
LexicalPath p(linkpath);
|
2021-03-11 12:58:26 +01:00
|
|
|
dbgln_if(VFS_DEBUG, "VFS::symlink: '{}' (-> '{}') in {}", p.basename(), target, parent_inode.identifier());
|
2021-01-21 09:56:18 +01:00
|
|
|
auto inode_or_error = parent_inode.create_child(p.basename(), S_IFLNK | 0644, 0, current_process->euid(), current_process->egid());
|
2020-02-08 11:58:28 +01:00
|
|
|
if (inode_or_error.is_error())
|
|
|
|
|
return inode_or_error.error();
|
|
|
|
|
auto& inode = inode_or_error.value();
|
2020-09-11 21:11:07 -06:00
|
|
|
auto target_buffer = UserOrKernelBuffer::for_kernel_buffer(const_cast<u8*>((const u8*)target.characters_without_null_termination()));
|
2021-05-01 14:29:39 -07:00
|
|
|
auto result = inode->write_bytes(0, target.length(), target_buffer, nullptr);
|
|
|
|
|
if (result.is_error())
|
|
|
|
|
return result.error();
|
2019-03-02 01:50:34 +01:00
|
|
|
return KSuccess;
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-30 18:58:59 +02:00
|
|
|
KResult VFS::rmdir(StringView path, Custody& base)
|
2019-01-28 04:16:01 +01:00
|
|
|
{
|
2019-06-21 18:37:47 +02:00
|
|
|
RefPtr<Custody> parent_custody;
|
2019-05-31 15:30:09 +02:00
|
|
|
auto custody_or_error = resolve_path(path, base, &parent_custody);
|
2019-05-30 18:58:59 +02:00
|
|
|
if (custody_or_error.is_error())
|
|
|
|
|
return KResult(custody_or_error.error());
|
2019-01-28 04:16:01 +01:00
|
|
|
|
2019-05-30 18:58:59 +02:00
|
|
|
auto& custody = *custody_or_error.value();
|
|
|
|
|
auto& inode = custody.inode();
|
2019-01-28 04:16:01 +01:00
|
|
|
|
|
|
|
|
// FIXME: We should return EINVAL if the last component of the path is "."
|
|
|
|
|
// FIXME: We should return ENOTEMPTY if the last component of the path is ".."
|
|
|
|
|
|
2019-05-30 18:58:59 +02:00
|
|
|
if (!inode.is_directory())
|
2021-01-20 23:11:17 +01:00
|
|
|
return ENOTDIR;
|
2019-02-21 15:45:31 +01:00
|
|
|
|
2020-04-19 18:07:16 +02:00
|
|
|
if (!parent_custody)
|
2021-01-20 23:11:17 +01:00
|
|
|
return EBUSY;
|
2020-04-19 18:07:16 +02:00
|
|
|
|
2019-05-30 18:58:59 +02:00
|
|
|
auto& parent_inode = parent_custody->inode();
|
2021-01-10 10:12:15 +01:00
|
|
|
auto parent_metadata = parent_inode.metadata();
|
2019-05-30 18:58:59 +02:00
|
|
|
|
2021-01-10 10:12:15 +01:00
|
|
|
if (!parent_metadata.may_write(*Process::current()))
|
2021-01-20 23:11:17 +01:00
|
|
|
return EACCES;
|
2019-01-28 04:16:01 +01:00
|
|
|
|
2021-01-10 10:12:15 +01:00
|
|
|
if (parent_metadata.is_sticky()) {
|
|
|
|
|
if (!Process::current()->is_superuser() && inode.metadata().uid != Process::current()->euid())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EACCES;
|
2021-01-10 10:12:15 +01:00
|
|
|
}
|
|
|
|
|
|
2020-08-05 01:00:18 -07:00
|
|
|
KResultOr<size_t> dir_count_result = inode.directory_entry_count();
|
|
|
|
|
if (dir_count_result.is_error())
|
|
|
|
|
return dir_count_result.result();
|
|
|
|
|
|
|
|
|
|
if (dir_count_result.value() != 2)
|
2021-01-20 23:11:17 +01:00
|
|
|
return ENOTEMPTY;
|
2019-01-28 04:16:01 +01:00
|
|
|
|
2020-05-28 17:56:25 +03:00
|
|
|
if (custody.is_readonly())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EROFS;
|
2020-05-28 17:56:25 +03:00
|
|
|
|
2021-04-11 00:40:38 +02:00
|
|
|
if (auto result = inode.remove_child("."); result.is_error())
|
2019-02-27 14:11:25 +01:00
|
|
|
return result;
|
2019-01-28 04:16:01 +01:00
|
|
|
|
2021-04-11 00:40:38 +02:00
|
|
|
if (auto result = inode.remove_child(".."); result.is_error())
|
2019-02-27 14:11:25 +01:00
|
|
|
return result;
|
2019-01-28 04:16:01 +01:00
|
|
|
|
2020-05-26 14:52:44 +03:00
|
|
|
return parent_inode.remove_child(LexicalPath(path).basename());
|
2019-01-28 04:16:01 +01:00
|
|
|
}
|
|
|
|
|
|
2020-01-11 18:25:26 +03:00
|
|
|
VFS::Mount::Mount(FS& guest_fs, Custody* host_custody, int flags)
|
2020-06-25 00:16:24 +03:00
|
|
|
: m_guest(guest_fs.root_inode())
|
2020-01-11 18:05:24 +03:00
|
|
|
, m_guest_fs(guest_fs)
|
|
|
|
|
, m_host_custody(host_custody)
|
2020-01-11 18:25:26 +03:00
|
|
|
, m_flags(flags)
|
2019-05-30 21:29:26 +02:00
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
2020-01-12 19:22:24 +03:00
|
|
|
VFS::Mount::Mount(Inode& source, Custody& host_custody, int flags)
|
2020-06-25 00:16:24 +03:00
|
|
|
: m_guest(source)
|
2020-01-11 19:08:35 +03:00
|
|
|
, m_guest_fs(source.fs())
|
|
|
|
|
, m_host_custody(host_custody)
|
2020-01-12 19:22:24 +03:00
|
|
|
, m_flags(flags)
|
2020-01-11 19:08:35 +03:00
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-30 21:29:26 +02:00
|
|
|
String VFS::Mount::absolute_path() const
|
|
|
|
|
{
|
|
|
|
|
if (!m_host_custody)
|
|
|
|
|
return "/";
|
|
|
|
|
return m_host_custody->absolute_path();
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-25 00:16:24 +03:00
|
|
|
Inode* VFS::Mount::host()
|
2018-10-10 11:53:07 +02:00
|
|
|
{
|
2019-05-30 21:29:26 +02:00
|
|
|
if (!m_host_custody)
|
2020-06-25 00:16:24 +03:00
|
|
|
return nullptr;
|
|
|
|
|
return &m_host_custody->inode();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const Inode* VFS::Mount::host() const
|
|
|
|
|
{
|
|
|
|
|
if (!m_host_custody)
|
|
|
|
|
return nullptr;
|
|
|
|
|
return &m_host_custody->inode();
|
2018-10-10 11:53:07 +02:00
|
|
|
}
|
|
|
|
|
|
2018-11-15 15:10:12 +01:00
|
|
|
void VFS::for_each_mount(Function<void(const Mount&)> callback) const
|
2018-10-26 18:43:25 +02:00
|
|
|
{
|
|
|
|
|
for (auto& mount : m_mounts) {
|
2019-07-24 09:15:33 +02:00
|
|
|
callback(mount);
|
2018-10-26 18:43:25 +02:00
|
|
|
}
|
|
|
|
|
}
|
2018-12-20 00:39:29 +01:00
|
|
|
|
|
|
|
|
void VFS::sync()
|
|
|
|
|
{
|
|
|
|
|
FS::sync();
|
|
|
|
|
}
|
2019-05-30 17:46:08 +02:00
|
|
|
|
|
|
|
|
Custody& VFS::root_custody()
|
|
|
|
|
{
|
|
|
|
|
return *m_root_custody;
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-26 13:54:34 +03:30
|
|
|
const UnveilNode* VFS::find_matching_unveiled_path(StringView path)
|
|
|
|
|
{
|
|
|
|
|
auto& unveil_root = Process::current()->unveiled_paths();
|
|
|
|
|
if (unveil_root.is_empty())
|
|
|
|
|
return nullptr;
|
|
|
|
|
|
|
|
|
|
LexicalPath lexical_path { path };
|
|
|
|
|
auto& path_parts = lexical_path.parts();
|
|
|
|
|
auto& last_matching_node = unveil_root.traverse_until_last_accessible_node(path_parts.begin(), path_parts.end());
|
|
|
|
|
return &last_matching_node;
|
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 22:12:04 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
KResult VFS::validate_path_against_process_veil(StringView path, int options)
|
|
|
|
|
{
|
2020-06-28 15:34:31 -06:00
|
|
|
if (Process::current()->veil_state() == VeilState::None)
|
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 22:12:04 +01:00
|
|
|
return KSuccess;
|
2020-10-17 14:39:36 +03:00
|
|
|
if (path == "/usr/lib/Loader.so")
|
|
|
|
|
return KSuccess;
|
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 22:12:04 +01:00
|
|
|
|
|
|
|
|
// FIXME: Figure out a nicer way to do this.
|
|
|
|
|
if (String(path).contains("/.."))
|
2021-01-20 23:11:17 +01:00
|
|
|
return EINVAL;
|
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 22:12:04 +01:00
|
|
|
|
|
|
|
|
auto* unveiled_path = find_matching_unveiled_path(path);
|
|
|
|
|
if (!unveiled_path) {
|
2021-01-10 15:17:54 +01:00
|
|
|
dbgln("Rejecting path '{}' since it hasn't been unveiled.", path);
|
2020-01-30 14:05:36 +03:00
|
|
|
dump_backtrace();
|
2021-01-20 23:11:17 +01:00
|
|
|
return ENOENT;
|
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 22:12:04 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (options & O_CREAT) {
|
2020-12-26 13:54:34 +03:30
|
|
|
if (!(unveiled_path->permissions() & UnveilAccess::CreateOrRemove)) {
|
2021-01-10 15:17:54 +01:00
|
|
|
dbgln("Rejecting path '{}' since it hasn't been unveiled with 'c' permission.", path);
|
2020-01-30 14:05:36 +03:00
|
|
|
dump_backtrace();
|
2021-01-20 23:11:17 +01:00
|
|
|
return EACCES;
|
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 22:12:04 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (options & O_UNLINK_INTERNAL) {
|
2020-12-26 13:54:34 +03:30
|
|
|
if (!(unveiled_path->permissions() & UnveilAccess::CreateOrRemove)) {
|
2021-01-10 15:17:54 +01:00
|
|
|
dbgln("Rejecting path '{}' for unlink since it hasn't been unveiled with 'c' permission.", path);
|
2020-01-30 14:05:36 +03:00
|
|
|
dump_backtrace();
|
2021-01-20 23:11:17 +01:00
|
|
|
return EACCES;
|
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 22:12:04 +01:00
|
|
|
}
|
|
|
|
|
return KSuccess;
|
|
|
|
|
}
|
2020-01-21 13:14:26 +01:00
|
|
|
if (options & O_RDONLY) {
|
2020-11-21 22:55:20 +03:00
|
|
|
if (options & O_DIRECTORY) {
|
2020-12-26 13:54:34 +03:30
|
|
|
if (!(unveiled_path->permissions() & (UnveilAccess::Read | UnveilAccess::Browse))) {
|
2021-01-10 15:17:54 +01:00
|
|
|
dbgln("Rejecting path '{}' since it hasn't been unveiled with 'r' or 'b' permissions.", path);
|
2020-11-21 22:55:20 +03:00
|
|
|
dump_backtrace();
|
2021-01-20 23:11:17 +01:00
|
|
|
return EACCES;
|
2020-11-21 22:55:20 +03:00
|
|
|
}
|
|
|
|
|
} else {
|
2020-12-26 13:54:34 +03:30
|
|
|
if (!(unveiled_path->permissions() & UnveilAccess::Read)) {
|
2021-01-10 15:17:54 +01:00
|
|
|
dbgln("Rejecting path '{}' since it hasn't been unveiled with 'r' permission.", path);
|
2020-11-21 22:55:20 +03:00
|
|
|
dump_backtrace();
|
2021-01-20 23:11:17 +01:00
|
|
|
return EACCES;
|
2020-11-21 22:55:20 +03:00
|
|
|
}
|
2020-01-21 13:14:26 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (options & O_WRONLY) {
|
2020-12-26 13:54:34 +03:30
|
|
|
if (!(unveiled_path->permissions() & UnveilAccess::Write)) {
|
2021-01-10 15:17:54 +01:00
|
|
|
dbgln("Rejecting path '{}' since it hasn't been unveiled with 'w' permission.", path);
|
2020-01-30 14:05:36 +03:00
|
|
|
dump_backtrace();
|
2021-01-20 23:11:17 +01:00
|
|
|
return EACCES;
|
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 22:12:04 +01:00
|
|
|
}
|
2020-01-21 13:14:26 +01:00
|
|
|
}
|
|
|
|
|
if (options & O_EXEC) {
|
2020-12-26 13:54:34 +03:30
|
|
|
if (!(unveiled_path->permissions() & UnveilAccess::Execute)) {
|
2021-01-10 15:17:54 +01:00
|
|
|
dbgln("Rejecting path '{}' since it hasn't been unveiled with 'x' permission.", path);
|
2020-01-30 14:05:36 +03:00
|
|
|
dump_backtrace();
|
2021-01-20 23:11:17 +01:00
|
|
|
return EACCES;
|
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 22:12:04 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return KSuccess;
|
|
|
|
|
}
|
|
|
|
|
|
2020-01-15 10:52:33 +03:00
|
|
|
KResultOr<NonnullRefPtr<Custody>> VFS::resolve_path(StringView path, Custody& base, RefPtr<Custody>* out_parent, int options, int symlink_recursion_level)
|
2019-05-30 17:46:08 +02:00
|
|
|
{
|
2020-03-19 08:57:34 +00:00
|
|
|
auto custody_or_error = resolve_path_without_veil(path, base, out_parent, options, symlink_recursion_level);
|
|
|
|
|
if (custody_or_error.is_error())
|
|
|
|
|
return custody_or_error.error();
|
|
|
|
|
|
|
|
|
|
auto& custody = custody_or_error.value();
|
2021-04-11 00:40:38 +02:00
|
|
|
if (auto result = validate_path_against_process_veil(custody->absolute_path(), options); result.is_error())
|
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 22:12:04 +01:00
|
|
|
return result;
|
|
|
|
|
|
2020-03-19 08:57:34 +00:00
|
|
|
return custody;
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-19 18:12:09 +01:00
|
|
|
static bool safe_to_follow_symlink(const Inode& inode, const InodeMetadata& parent_metadata)
|
|
|
|
|
{
|
|
|
|
|
auto metadata = inode.metadata();
|
|
|
|
|
if (Process::current()->euid() == metadata.uid)
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
if (!(parent_metadata.is_sticky() && parent_metadata.mode & S_IWOTH))
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
if (metadata.uid == parent_metadata.uid)
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-19 08:57:34 +00:00
|
|
|
KResultOr<NonnullRefPtr<Custody>> VFS::resolve_path_without_veil(StringView path, Custody& base, RefPtr<Custody>* out_parent, int options, int symlink_recursion_level)
|
|
|
|
|
{
|
2019-12-24 22:39:21 +13:00
|
|
|
if (symlink_recursion_level >= symlink_recursion_limit)
|
2021-01-20 23:11:17 +01:00
|
|
|
return ELOOP;
|
2019-08-25 18:18:51 +02:00
|
|
|
|
2019-05-30 17:46:08 +02:00
|
|
|
if (path.is_empty())
|
2021-01-20 23:11:17 +01:00
|
|
|
return EINVAL;
|
2019-05-30 17:46:08 +02:00
|
|
|
|
2019-09-21 00:45:16 +03:00
|
|
|
auto parts = path.split_view('/', true);
|
2020-06-28 15:34:31 -06:00
|
|
|
auto current_process = Process::current();
|
|
|
|
|
auto& current_root = current_process->root_directory();
|
2020-01-10 23:14:04 +01:00
|
|
|
|
2020-01-15 10:52:33 +03:00
|
|
|
NonnullRefPtr<Custody> custody = path[0] == '/' ? current_root : base;
|
2019-05-30 17:46:08 +02:00
|
|
|
|
2020-02-25 14:49:47 +01:00
|
|
|
for (size_t i = 0; i < parts.size(); ++i) {
|
2020-01-15 10:52:33 +03:00
|
|
|
Custody& parent = custody;
|
|
|
|
|
auto parent_metadata = parent.inode().metadata();
|
2020-01-14 13:30:15 +03:00
|
|
|
if (!parent_metadata.is_directory())
|
2021-01-20 23:11:17 +01:00
|
|
|
return ENOTDIR;
|
2020-01-14 13:30:15 +03:00
|
|
|
// Ensure the current user is allowed to resolve paths inside this directory.
|
2020-06-28 15:34:31 -06:00
|
|
|
if (!parent_metadata.may_execute(*current_process))
|
2021-01-20 23:11:17 +01:00
|
|
|
return EACCES;
|
2019-06-13 16:33:01 +03:00
|
|
|
|
|
|
|
|
auto& part = parts[i];
|
2020-01-14 13:30:15 +03:00
|
|
|
bool have_more_parts = i + 1 < parts.size();
|
|
|
|
|
|
|
|
|
|
if (part == "..") {
|
|
|
|
|
// If we encounter a "..", take a step back, but don't go beyond the root.
|
2020-01-15 10:52:33 +03:00
|
|
|
if (custody->parent())
|
|
|
|
|
custody = *custody->parent();
|
2019-09-21 00:45:16 +03:00
|
|
|
continue;
|
2020-01-14 13:30:15 +03:00
|
|
|
} else if (part == "." || part.is_empty()) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2019-06-13 16:33:01 +03:00
|
|
|
|
2020-01-14 13:30:15 +03:00
|
|
|
// Okay, let's look up this part.
|
2020-02-01 09:23:46 +01:00
|
|
|
auto child_inode = parent.inode().lookup(part);
|
|
|
|
|
if (!child_inode) {
|
2020-01-15 10:52:33 +03:00
|
|
|
if (out_parent) {
|
2020-01-14 13:30:15 +03:00
|
|
|
// ENOENT with a non-null parent custody signals to caller that
|
2020-01-03 03:53:06 +01:00
|
|
|
// we found the immediate parent of the file, but the file itself
|
|
|
|
|
// does not exist yet.
|
2020-01-15 10:52:33 +03:00
|
|
|
*out_parent = have_more_parts ? nullptr : &parent;
|
2020-01-03 03:53:06 +01:00
|
|
|
}
|
2021-01-20 23:11:17 +01:00
|
|
|
return ENOENT;
|
2020-01-03 03:53:06 +01:00
|
|
|
}
|
2020-01-14 13:30:15 +03:00
|
|
|
|
2020-01-15 10:52:33 +03:00
|
|
|
int mount_flags_for_child = parent.mount_flags();
|
2020-02-01 09:23:46 +01:00
|
|
|
|
2020-01-14 13:30:15 +03:00
|
|
|
// See if there's something mounted on the child; in that case
|
|
|
|
|
// we would need to return the guest inode, not the host inode.
|
2020-06-25 00:16:24 +03:00
|
|
|
if (auto mount = find_mount_for_host(*child_inode)) {
|
|
|
|
|
child_inode = mount->guest();
|
2020-01-14 13:30:15 +03:00
|
|
|
mount_flags_for_child = mount->flags();
|
2019-05-30 17:46:08 +02:00
|
|
|
}
|
2019-05-31 06:42:49 +02:00
|
|
|
|
2021-05-10 00:28:23 -07:00
|
|
|
auto new_custody = Custody::create(&parent, part, *child_inode, mount_flags_for_child);
|
|
|
|
|
if (new_custody.is_error())
|
|
|
|
|
return new_custody.error();
|
|
|
|
|
|
|
|
|
|
custody = new_custody.release_value();
|
2019-05-31 06:42:49 +02:00
|
|
|
|
2020-01-14 13:30:15 +03:00
|
|
|
if (child_inode->metadata().is_symlink()) {
|
|
|
|
|
if (!have_more_parts) {
|
2019-05-30 17:46:08 +02:00
|
|
|
if (options & O_NOFOLLOW)
|
2021-01-20 23:11:17 +01:00
|
|
|
return ELOOP;
|
2019-05-30 17:46:08 +02:00
|
|
|
if (options & O_NOFOLLOW_NOERROR)
|
2020-01-14 13:30:15 +03:00
|
|
|
break;
|
2019-05-30 17:46:08 +02:00
|
|
|
}
|
2021-01-19 18:12:09 +01:00
|
|
|
|
|
|
|
|
if (!safe_to_follow_symlink(*child_inode, parent_metadata))
|
2021-01-20 23:11:17 +01:00
|
|
|
return EACCES;
|
2021-01-19 18:12:09 +01:00
|
|
|
|
2021-04-11 00:40:38 +02:00
|
|
|
if (auto result = validate_path_against_process_veil(custody->absolute_path(), options); result.is_error())
|
2021-02-07 05:11:44 +11:00
|
|
|
return result;
|
|
|
|
|
|
2020-01-15 13:59:50 +03:00
|
|
|
auto symlink_target = child_inode->resolve_as_link(parent, out_parent, options, symlink_recursion_level + 1);
|
2020-01-14 13:30:15 +03:00
|
|
|
if (symlink_target.is_error() || !have_more_parts)
|
2019-06-12 16:36:05 +03:00
|
|
|
return symlink_target;
|
|
|
|
|
|
2020-01-14 13:30:15 +03:00
|
|
|
// Now, resolve the remaining path relative to the symlink target.
|
|
|
|
|
// We prepend a "." to it to ensure that it's not empty and that
|
|
|
|
|
// any initial slashes it might have get interpreted properly.
|
|
|
|
|
StringBuilder remaining_path;
|
|
|
|
|
remaining_path.append('.');
|
|
|
|
|
remaining_path.append(path.substring_view_starting_after_substring(part));
|
2019-06-12 16:36:05 +03:00
|
|
|
|
2020-03-19 08:57:34 +00:00
|
|
|
return resolve_path_without_veil(remaining_path.to_string(), *symlink_target.value(), out_parent, options, symlink_recursion_level + 1);
|
2019-05-30 17:46:08 +02:00
|
|
|
}
|
|
|
|
|
}
|
2020-01-14 13:30:15 +03:00
|
|
|
|
2020-01-15 10:52:33 +03:00
|
|
|
if (out_parent)
|
|
|
|
|
*out_parent = custody->parent();
|
|
|
|
|
return custody;
|
2019-05-30 17:46:08 +02:00
|
|
|
}
|
2020-02-16 01:27:42 +01:00
|
|
|
}
|
