2020-01-18 09:38:21 +01:00
/*
* Copyright ( c ) 2018 - 2020 , Andreas Kling < kling @ serenityos . org >
* All rights reserved .
*
* Redistribution and use in source and binary forms , with or without
* modification , are permitted provided that the following conditions are met :
*
* 1. Redistributions of source code must retain the above copyright notice , this
* list of conditions and the following disclaimer .
*
* 2. Redistributions in binary form must reproduce the above copyright notice ,
* this list of conditions and the following disclaimer in the documentation
* and / or other materials provided with the distribution .
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS " AS IS "
* AND ANY EXPRESS OR IMPLIED WARRANTIES , INCLUDING , BUT NOT LIMITED TO , THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED . IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT , INDIRECT , INCIDENTAL , SPECIAL , EXEMPLARY , OR CONSEQUENTIAL
* DAMAGES ( INCLUDING , BUT NOT LIMITED TO , PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES ; LOSS OF USE , DATA , OR PROFITS ; OR BUSINESS INTERRUPTION ) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY , WHETHER IN CONTRACT , STRICT LIABILITY ,
* OR TORT ( INCLUDING NEGLIGENCE OR OTHERWISE ) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE , EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE .
*/
2020-05-26 14:52:44 +03:00
# include <AK/LexicalPath.h>
2018-10-28 12:20:25 +01:00
# include <AK/StringBuilder.h>
2020-02-16 01:50:16 +01:00
# include <Kernel/Devices/BlockDevice.h>
2019-05-30 17:46:08 +02:00
# include <Kernel/FileSystem/Custody.h>
2020-04-06 11:54:21 +03:00
# include <Kernel/FileSystem/FileBackedFileSystem.h>
2019-06-07 11:43:58 +02:00
# include <Kernel/FileSystem/FileDescription.h>
2019-06-07 19:29:34 +02:00
# include <Kernel/FileSystem/FileSystem.h>
# include <Kernel/FileSystem/VirtualFileSystem.h>
2020-02-16 01:27:42 +01:00
# include <Kernel/KSyms.h>
2019-06-07 11:43:58 +02:00
# include <Kernel/Process.h>
# include <LibC/errno_numbers.h>
2018-10-10 11:53:07 +02:00
//#define VFS_DEBUG
2020-02-16 01:27:42 +01:00
namespace Kernel {
2018-11-15 14:43:10 +01:00
static VFS * s_the ;
2019-12-24 22:39:21 +13:00
static constexpr int symlink_recursion_limit { 5 } ; // FIXME: increase?
2018-10-18 10:27:07 +02:00
2018-11-15 14:43:10 +01:00
VFS & VFS : : the ( )
2018-10-18 10:27:07 +02:00
{
ASSERT ( s_the ) ;
return * s_the ;
}
2018-11-15 14:43:10 +01:00
VFS : : VFS ( )
2018-10-10 11:53:07 +02:00
{
2018-10-22 11:15:16 +02:00
# ifdef VFS_DEBUG
2020-03-01 21:45:39 +02:00
klog ( ) < < " VFS: Constructing VFS " ;
2018-10-22 11:15:16 +02:00
# endif
2018-10-18 10:27:07 +02:00
s_the = this ;
2018-10-10 11:53:07 +02:00
}
2018-11-15 14:43:10 +01:00
VFS : : ~ VFS ( )
2018-10-10 11:53:07 +02:00
{
2018-10-30 15:33:37 +01:00
}
2018-11-18 23:28:43 +01:00
InodeIdentifier VFS : : root_inode_id ( ) const
{
2019-01-16 12:57:07 +01:00
ASSERT ( m_root_inode ) ;
return m_root_inode - > identifier ( ) ;
2018-11-18 23:28:43 +01:00
}
2020-01-11 18:25:26 +03:00
KResult VFS : : mount ( FS & file_system , Custody & mount_point , int flags )
2019-08-02 19:03:50 +02:00
{
auto & inode = mount_point . inode ( ) ;
2020-01-11 18:25:26 +03:00
dbg ( ) < < " VFS: Mounting " < < file_system . class_name ( ) < < " at " < < mount_point . absolute_path ( ) < < " (inode: " < < inode . identifier ( ) < < " ) with flags " < < flags ;
2019-08-02 19:03:50 +02:00
// FIXME: check that this is not already a mount point
2020-01-11 18:25:26 +03:00
Mount mount { file_system , & mount_point , flags } ;
2019-08-02 19:03:50 +02:00
m_mounts . append ( move ( mount ) ) ;
return KSuccess ;
}
2020-01-12 19:22:24 +03:00
KResult VFS : : bind_mount ( Custody & source , Custody & mount_point , int flags )
2020-01-11 19:08:35 +03:00
{
dbg ( ) < < " VFS: Bind-mounting " < < source . absolute_path ( ) < < " at " < < mount_point . absolute_path ( ) ;
// FIXME: check that this is not already a mount point
2020-01-12 19:22:24 +03:00
Mount mount { source . inode ( ) , mount_point , flags } ;
2020-01-11 19:08:35 +03:00
m_mounts . append ( move ( mount ) ) ;
return KSuccess ;
}
2019-08-17 14:24:50 +02:00
KResult VFS : : unmount ( InodeIdentifier guest_inode_id )
2019-08-11 23:56:39 +10:00
{
LOCKER ( m_lock ) ;
2019-08-17 14:24:50 +02:00
dbg ( ) < < " VFS: unmount called with inode " < < guest_inode_id ;
2020-02-25 14:49:47 +01:00
for ( size_t i = 0 ; i < m_mounts . size ( ) ; + + i ) {
2019-08-17 14:24:50 +02:00
auto & mount = m_mounts . at ( i ) ;
if ( mount . guest ( ) = = guest_inode_id ) {
auto result = mount . guest_fs ( ) . prepare_to_unmount ( ) ;
if ( result . is_error ( ) ) {
dbg ( ) < < " VFS: Failed to unmount! " ;
return result ;
2019-08-11 23:56:39 +10:00
}
2019-08-17 14:24:50 +02:00
dbg ( ) < < " VFS: found fs " < < mount . guest_fs ( ) . fsid ( ) < < " at mount index " < < i < < " ! Unmounting... " ;
2020-01-15 19:25:27 +01:00
m_mounts . unstable_remove ( i ) ;
2019-08-11 23:56:39 +10:00
return KSuccess ;
}
}
2019-08-17 14:24:50 +02:00
dbg ( ) < < " VFS: Nothing mounted on inode " < < guest_inode_id ;
2019-08-11 23:56:39 +10:00
return KResult ( - ENODEV ) ;
}
2020-01-11 18:05:24 +03:00
bool VFS : : mount_root ( FS & file_system )
2018-10-10 11:53:07 +02:00
{
2019-01-16 12:57:07 +01:00
if ( m_root_inode ) {
2020-03-01 21:45:39 +02:00
klog ( ) < < " VFS: mount_root can't mount another root " ;
2018-10-10 11:53:07 +02:00
return false ;
}
2020-01-12 19:40:50 +03:00
Mount mount { file_system , nullptr , MS_NODEV | MS_NOSUID } ;
2018-10-10 11:53:07 +02:00
2020-01-11 18:05:24 +03:00
auto root_inode_id = mount . guest ( ) . fs ( ) - > root_inode ( ) ;
auto root_inode = mount . guest ( ) . fs ( ) - > get_inode ( root_inode_id ) ;
2019-01-16 12:57:07 +01:00
if ( ! root_inode - > is_directory ( ) ) {
2020-03-01 21:45:39 +02:00
klog ( ) < < " VFS: root inode ( " < < String : : format ( " %02u " , root_inode_id . fsid ( ) ) < < " : " < < String : : format ( " %08u " , root_inode_id . index ( ) ) < < " ) for / is not a directory :( " ;
2018-10-10 11:53:07 +02:00
return false ;
}
2019-01-16 12:57:07 +01:00
m_root_inode = move ( root_inode ) ;
2020-04-06 11:54:21 +03:00
klog ( ) < < " VFS: mounted root from " < < m_root_inode - > fs ( ) . class_name ( ) < < " ( " < < static_cast < FileBackedFS & > ( m_root_inode - > fs ( ) ) . file_description ( ) . absolute_path ( ) < < " ) " ;
2018-10-10 11:53:07 +02:00
2018-10-17 11:40:58 +02:00
m_mounts . append ( move ( mount ) ) ;
2018-10-10 11:53:07 +02:00
return true ;
}
2018-11-15 15:10:12 +01:00
auto VFS : : find_mount_for_host ( InodeIdentifier inode ) - > Mount *
2018-10-10 11:53:07 +02:00
{
for ( auto & mount : m_mounts ) {
2019-07-24 09:15:33 +02:00
if ( mount . host ( ) = = inode )
return & mount ;
2018-10-10 11:53:07 +02:00
}
return nullptr ;
}
2018-11-15 15:10:12 +01:00
auto VFS : : find_mount_for_guest ( InodeIdentifier inode ) - > Mount *
2018-10-10 11:53:07 +02:00
{
for ( auto & mount : m_mounts ) {
2019-07-24 09:15:33 +02:00
if ( mount . guest ( ) = = inode )
return & mount ;
2018-10-10 11:53:07 +02:00
}
return nullptr ;
}
2018-11-15 14:43:10 +01:00
bool VFS : : is_vfs_root ( InodeIdentifier inode ) const
2018-10-10 11:53:07 +02:00
{
2019-01-16 12:57:07 +01:00
return inode = = root_inode_id ( ) ;
2018-10-10 11:53:07 +02:00
}
2018-12-19 21:18:28 +01:00
void VFS : : traverse_directory_inode ( Inode & dir_inode , Function < bool ( const FS : : DirectoryEntry & ) > callback )
2018-10-10 11:53:07 +02:00
{
2019-06-07 11:43:58 +02:00
dir_inode . traverse_as_directory ( [ & ] ( const FS : : DirectoryEntry & entry ) {
2019-01-31 17:31:23 +01:00
InodeIdentifier resolved_inode ;
2018-11-15 15:10:12 +01:00
if ( auto mount = find_mount_for_host ( entry . inode ) )
2019-01-31 17:31:23 +01:00
resolved_inode = mount - > guest ( ) ;
2018-10-10 11:53:07 +02:00
else
2019-01-31 17:31:23 +01:00
resolved_inode = entry . inode ;
2018-10-10 11:53:07 +02:00
2020-01-15 14:06:48 +03:00
// FIXME: This is now broken considering chroot and bind mounts.
2018-12-03 00:20:00 +01:00
if ( dir_inode . identifier ( ) . is_root_inode ( ) & & ! is_vfs_root ( dir_inode . identifier ( ) ) & & ! strcmp ( entry . name , " .. " ) ) {
2018-11-15 15:10:12 +01:00
auto mount = find_mount_for_guest ( entry . inode ) ;
2018-10-10 11:53:07 +02:00
ASSERT ( mount ) ;
2019-01-31 17:31:23 +01:00
resolved_inode = mount - > host ( ) ;
2018-10-10 11:53:07 +02:00
}
2019-01-31 17:31:23 +01:00
callback ( FS : : DirectoryEntry ( entry . name , entry . name_length , resolved_inode , entry . file_type ) ) ;
2018-10-10 11:53:07 +02:00
return true ;
} ) ;
}
2019-05-30 18:58:59 +02:00
KResult VFS : : utime ( StringView path , Custody & base , time_t atime , time_t mtime )
2019-02-21 16:37:41 +01:00
{
2019-03-06 22:14:31 +01:00
auto descriptor_or_error = VFS : : the ( ) . open ( move ( path ) , 0 , 0 , base ) ;
if ( descriptor_or_error . is_error ( ) )
return descriptor_or_error . error ( ) ;
auto & inode = * descriptor_or_error . value ( ) - > inode ( ) ;
2019-02-25 20:47:56 +01:00
if ( inode . fs ( ) . is_readonly ( ) )
return KResult ( - EROFS ) ;
2020-02-17 15:04:27 +01:00
if ( ! Process : : current - > is_superuser ( ) & & inode . metadata ( ) . uid ! = Process : : current - > euid ( ) )
2019-02-25 20:47:56 +01:00
return KResult ( - EACCES ) ;
2019-03-06 22:14:31 +01:00
int error = inode . set_atime ( atime ) ;
2019-02-21 16:37:41 +01:00
if ( error )
2019-02-25 20:47:56 +01:00
return KResult ( error ) ;
2019-02-21 16:37:41 +01:00
error = inode . set_mtime ( mtime ) ;
if ( error )
2019-02-25 20:47:56 +01:00
return KResult ( error ) ;
return KSuccess ;
2019-02-21 16:37:41 +01:00
}
2019-08-02 19:23:23 +02:00
KResultOr < InodeMetadata > VFS : : lookup_metadata ( StringView path , Custody & base , int options )
2019-02-21 16:09:12 +01:00
{
2019-05-31 15:30:09 +02:00
auto custody_or_error = resolve_path ( path , base , nullptr , options ) ;
2019-05-30 18:58:59 +02:00
if ( custody_or_error . is_error ( ) )
return custody_or_error . error ( ) ;
2019-08-02 19:23:23 +02:00
return custody_or_error . value ( ) - > inode ( ) . metadata ( ) ;
2019-02-21 16:09:12 +01:00
}
2020-01-03 20:13:21 +01:00
KResultOr < NonnullRefPtr < FileDescription > > VFS : : open ( StringView path , int options , mode_t mode , Custody & base , Optional < UidAndGid > owner )
2018-10-10 11:53:07 +02:00
{
2020-01-03 02:23:50 +01:00
if ( ( options & O_CREAT ) & & ( options & O_DIRECTORY ) )
return KResult ( - EINVAL ) ;
2019-06-21 18:37:47 +02:00
RefPtr < Custody > parent_custody ;
2019-06-09 19:52:03 +02:00
auto custody_or_error = resolve_path ( path , base , & parent_custody , options ) ;
2019-02-14 14:38:30 +01:00
if ( options & O_CREAT ) {
2019-06-09 19:52:03 +02:00
if ( ! parent_custody )
return KResult ( - ENOENT ) ;
if ( custody_or_error . is_error ( ) ) {
if ( custody_or_error . error ( ) ! = - ENOENT )
return custody_or_error . error ( ) ;
2020-01-03 20:13:21 +01:00
return create ( path , options , mode , * parent_custody , move ( owner ) ) ;
2019-06-09 19:52:03 +02:00
}
2019-03-06 22:14:31 +01:00
if ( options & O_EXCL )
return KResult ( - EEXIST ) ;
2019-01-22 00:58:13 +01:00
}
2019-05-30 18:58:59 +02:00
if ( custody_or_error . is_error ( ) )
return custody_or_error . error ( ) ;
2019-02-21 16:09:12 +01:00
2019-05-30 18:58:59 +02:00
auto & custody = * custody_or_error . value ( ) ;
auto & inode = custody . inode ( ) ;
auto metadata = inode . metadata ( ) ;
2019-03-27 16:42:30 +01:00
2020-01-03 02:23:11 +01:00
if ( ( options & O_DIRECTORY ) & & ! metadata . is_directory ( ) )
return KResult ( - ENOTDIR ) ;
2019-03-27 16:42:30 +01:00
bool should_truncate_file = false ;
2019-02-21 16:09:12 +01:00
2020-02-17 15:04:27 +01:00
if ( ( options & O_RDONLY ) & & ! metadata . may_read ( * Process : : current ) )
2020-01-21 13:14:26 +01:00
return KResult ( - EACCES ) ;
if ( options & O_WRONLY ) {
2020-02-17 15:04:27 +01:00
if ( ! metadata . may_write ( * Process : : current ) )
2019-03-06 22:14:31 +01:00
return KResult ( - EACCES ) ;
if ( metadata . is_directory ( ) )
return KResult ( - EISDIR ) ;
2019-03-27 16:42:30 +01:00
should_truncate_file = options & O_TRUNC ;
2019-02-21 15:45:31 +01:00
}
2020-01-11 18:33:35 +03:00
if ( options & O_EXEC ) {
2020-02-17 15:04:27 +01:00
if ( ! metadata . may_execute ( * Process : : current ) | | ( custody . mount_flags ( ) & MS_NOEXEC ) )
2020-01-11 18:33:35 +03:00
return KResult ( - EACCES ) ;
}
2019-02-21 16:09:12 +01:00
2020-01-15 14:03:14 +03:00
if ( auto preopen_fd = inode . preopen_fd ( ) )
return * preopen_fd ;
2019-02-21 16:09:12 +01:00
if ( metadata . is_device ( ) ) {
2020-01-11 18:45:38 +03:00
if ( custody . mount_flags ( ) & MS_NODEV )
return KResult ( - EACCES ) ;
2019-08-18 14:48:15 +03:00
auto device = Device : : get_device ( metadata . major_device , metadata . minor_device ) ;
if ( device = = nullptr ) {
2019-03-06 22:14:31 +01:00
return KResult ( - ENODEV ) ;
2019-01-16 12:57:07 +01:00
}
2019-08-18 14:48:15 +03:00
auto descriptor_or_error = device - > open ( options ) ;
2019-03-20 02:55:12 +01:00
if ( descriptor_or_error . is_error ( ) )
return descriptor_or_error . error ( ) ;
2019-05-31 15:44:04 +02:00
descriptor_or_error . value ( ) - > set_original_inode ( { } , inode ) ;
2019-03-20 02:55:12 +01:00
return descriptor_or_error ;
2019-01-16 12:57:07 +01:00
}
2020-01-08 13:57:22 +01:00
if ( should_truncate_file ) {
2019-05-30 18:58:59 +02:00
inode . truncate ( 0 ) ;
2020-01-08 13:57:22 +01:00
inode . set_mtime ( kgettimeofday ( ) . tv_sec ) ;
}
2020-01-19 01:15:52 +03:00
auto description = FileDescription : : create ( custody ) ;
description - > set_rw_mode ( options ) ;
description - > set_file_flags ( options ) ;
return description ;
2018-10-10 11:53:07 +02:00
}
2019-05-30 18:58:59 +02:00
KResult VFS : : mknod ( StringView path , mode_t mode , dev_t dev , Custody & base )
2019-05-03 22:59:58 +02:00
{
if ( ! is_regular_file ( mode ) & & ! is_block_device ( mode ) & & ! is_character_device ( mode ) & & ! is_fifo ( mode ) & & ! is_socket ( mode ) )
return KResult ( - EINVAL ) ;
2019-06-21 18:37:47 +02:00
RefPtr < Custody > parent_custody ;
2019-05-31 15:30:09 +02:00
auto existing_file_or_error = resolve_path ( path , base , & parent_custody ) ;
2019-05-03 22:59:58 +02:00
if ( ! existing_file_or_error . is_error ( ) )
return KResult ( - EEXIST ) ;
2019-05-30 18:58:59 +02:00
if ( ! parent_custody )
2019-05-03 22:59:58 +02:00
return KResult ( - ENOENT ) ;
if ( existing_file_or_error . error ( ) ! = - ENOENT )
return existing_file_or_error . error ( ) ;
2019-05-30 18:58:59 +02:00
auto & parent_inode = parent_custody - > inode ( ) ;
2020-02-17 15:04:27 +01:00
if ( ! parent_inode . metadata ( ) . may_write ( * Process : : current ) )
2019-05-03 22:59:58 +02:00
return KResult ( - EACCES ) ;
2020-05-26 14:52:44 +03:00
LexicalPath p ( path ) ;
2019-07-08 15:38:44 +02:00
dbg ( ) < < " VFS::mknod: ' " < < p . basename ( ) < < " ' mode= " < < mode < < " dev= " < < dev < < " in " < < parent_inode . identifier ( ) ;
2020-02-17 15:04:27 +01:00
return parent_inode . fs ( ) . create_inode ( parent_inode . identifier ( ) , p . basename ( ) , mode , 0 , dev , Process : : current - > uid ( ) , Process : : current - > gid ( ) ) . result ( ) ;
2019-05-03 22:59:58 +02:00
}
2020-01-03 20:13:21 +01:00
KResultOr < NonnullRefPtr < FileDescription > > VFS : : create ( StringView path , int options , mode_t mode , Custody & parent_custody , Optional < UidAndGid > owner )
2018-10-10 11:53:07 +02:00
{
2020-04-04 16:40:36 +02:00
auto result = validate_path_against_process_veil ( path , options ) ;
if ( result . is_error ( ) )
return result ;
2019-01-31 17:31:23 +01:00
if ( ! is_socket ( mode ) & & ! is_fifo ( mode ) & & ! is_block_device ( mode ) & & ! is_character_device ( mode ) ) {
2019-01-23 04:29:56 +01:00
// Turn it into a regular file. (This feels rather hackish.)
mode | = 0100000 ;
}
2019-06-09 19:52:03 +02:00
auto & parent_inode = parent_custody . inode ( ) ;
2020-02-17 15:04:27 +01:00
if ( ! parent_inode . metadata ( ) . may_write ( * Process : : current ) )
2019-03-06 22:14:31 +01:00
return KResult ( - EACCES ) ;
2020-05-26 14:52:44 +03:00
LexicalPath p ( path ) ;
2020-01-12 10:00:56 +01:00
# ifdef VFS_DEBUG
2019-07-08 15:38:44 +02:00
dbg ( ) < < " VFS::create: ' " < < p . basename ( ) < < " ' in " < < parent_inode . identifier ( ) ;
2020-01-12 10:00:56 +01:00
# endif
2020-02-17 15:04:27 +01:00
uid_t uid = owner . has_value ( ) ? owner . value ( ) . uid : Process : : current - > uid ( ) ;
gid_t gid = owner . has_value ( ) ? owner . value ( ) . gid : Process : : current - > gid ( ) ;
2020-02-08 11:58:28 +01:00
auto inode_or_error = parent_inode . fs ( ) . create_inode ( parent_inode . identifier ( ) , p . basename ( ) , mode , 0 , 0 , uid , gid ) ;
if ( inode_or_error . is_error ( ) )
return inode_or_error . error ( ) ;
2019-01-22 00:58:13 +01:00
2020-02-08 11:58:28 +01:00
auto new_custody = Custody : : create ( & parent_custody , p . basename ( ) , inode_or_error . value ( ) , parent_custody . mount_flags ( ) ) ;
2020-01-19 01:15:52 +03:00
auto description = FileDescription : : create ( * new_custody ) ;
description - > set_rw_mode ( options ) ;
description - > set_file_flags ( options ) ;
return description ;
2018-10-16 00:35:03 +02:00
}
2019-05-30 18:58:59 +02:00
KResult VFS : : mkdir ( StringView path , mode_t mode , Custody & base )
2018-10-16 00:35:03 +02:00
{
2020-02-20 17:28:36 +03:00
// Unlike in basically every other case, where it's only the last
// path component (the one being created) that is allowed not to
// exist, POSIX allows mkdir'ed path to have trailing slashes.
// Let's handle that case by trimming any trailing slashes.
while ( path . length ( ) > 1 & & path . ends_with ( " / " ) )
path = path . substring_view ( 0 , path . length ( ) - 1 ) ;
2019-06-21 18:37:47 +02:00
RefPtr < Custody > parent_custody ;
2019-05-31 15:30:09 +02:00
auto result = resolve_path ( path , base , & parent_custody ) ;
2019-02-25 20:47:56 +01:00
if ( ! result . is_error ( ) )
return KResult ( - EEXIST ) ;
2019-05-30 18:58:59 +02:00
if ( ! parent_custody )
2019-02-25 20:47:56 +01:00
return KResult ( - ENOENT ) ;
if ( result . error ( ) ! = - ENOENT )
return result . error ( ) ;
2019-05-30 18:58:59 +02:00
auto & parent_inode = parent_custody - > inode ( ) ;
2020-02-17 15:04:27 +01:00
if ( ! parent_inode . metadata ( ) . may_write ( * Process : : current ) )
2019-02-25 20:47:56 +01:00
return KResult ( - EACCES ) ;
2019-02-21 15:45:31 +01:00
2020-05-26 14:52:44 +03:00
LexicalPath p ( path ) ;
2020-01-12 10:00:56 +01:00
# ifdef VFS_DEBUG
2019-07-08 15:38:44 +02:00
dbg ( ) < < " VFS::mkdir: ' " < < p . basename ( ) < < " ' in " < < parent_inode . identifier ( ) ;
2020-01-12 10:00:56 +01:00
# endif
2020-02-17 15:04:27 +01:00
return parent_inode . fs ( ) . create_directory ( parent_inode . identifier ( ) , p . basename ( ) , mode , Process : : current - > uid ( ) , Process : : current - > gid ( ) ) ;
2018-10-10 11:53:07 +02:00
}
2019-05-30 18:58:59 +02:00
KResult VFS : : access ( StringView path , int mode , Custody & base )
2019-02-26 15:57:59 +01:00
{
2019-05-31 15:30:09 +02:00
auto custody_or_error = resolve_path ( path , base ) ;
2019-05-30 18:58:59 +02:00
if ( custody_or_error . is_error ( ) )
return custody_or_error . error ( ) ;
auto & custody = * custody_or_error . value ( ) ;
auto & inode = custody . inode ( ) ;
auto metadata = inode . metadata ( ) ;
2019-02-26 15:57:59 +01:00
if ( mode & R_OK ) {
2020-02-17 15:04:27 +01:00
if ( ! metadata . may_read ( * Process : : current ) )
2019-02-26 15:57:59 +01:00
return KResult ( - EACCES ) ;
}
if ( mode & W_OK ) {
2020-02-17 15:04:27 +01:00
if ( ! metadata . may_write ( * Process : : current ) )
2019-02-26 15:57:59 +01:00
return KResult ( - EACCES ) ;
}
if ( mode & X_OK ) {
2020-02-17 15:04:27 +01:00
if ( ! metadata . may_execute ( * Process : : current ) )
2019-02-26 15:57:59 +01:00
return KResult ( - EACCES ) ;
}
return KSuccess ;
}
2019-06-21 18:37:47 +02:00
KResultOr < NonnullRefPtr < Custody > > VFS : : open_directory ( StringView path , Custody & base )
2019-03-01 23:54:07 +01:00
{
2019-05-31 15:30:09 +02:00
auto inode_or_error = resolve_path ( path , base ) ;
2019-03-01 23:54:07 +01:00
if ( inode_or_error . is_error ( ) )
return inode_or_error . error ( ) ;
2019-05-30 18:58:59 +02:00
auto & custody = * inode_or_error . value ( ) ;
auto & inode = custody . inode ( ) ;
if ( ! inode . is_directory ( ) )
2019-03-01 23:54:07 +01:00
return KResult ( - ENOTDIR ) ;
2020-02-17 15:04:27 +01:00
if ( ! inode . metadata ( ) . may_execute ( * Process : : current ) )
2019-03-01 23:54:07 +01:00
return KResult ( - EACCES ) ;
2019-05-30 18:58:59 +02:00
return custody ;
2019-03-01 23:54:07 +01:00
}
2020-05-28 17:41:04 +03:00
KResult VFS : : chmod ( Custody & custody , mode_t mode )
2019-01-29 04:55:08 +01:00
{
2020-05-28 17:41:04 +03:00
auto & inode = custody . inode ( ) ;
2019-03-01 10:39:19 +01:00
if ( inode . fs ( ) . is_readonly ( ) )
2019-02-25 20:47:56 +01:00
return KResult ( - EROFS ) ;
2019-02-21 15:45:31 +01:00
2020-02-17 15:04:27 +01:00
if ( Process : : current - > euid ( ) ! = inode . metadata ( ) . uid & & ! Process : : current - > is_superuser ( ) )
2019-02-25 20:47:56 +01:00
return KResult ( - EPERM ) ;
2019-01-29 04:55:08 +01:00
// Only change the permission bits.
2019-03-01 10:39:19 +01:00
mode = ( inode . mode ( ) & ~ 04777u ) | ( mode & 04777u ) ;
return inode . chmod ( mode ) ;
}
2019-01-29 04:55:08 +01:00
2019-05-30 18:58:59 +02:00
KResult VFS : : chmod ( StringView path , mode_t mode , Custody & base )
2019-03-01 10:39:19 +01:00
{
2019-05-31 15:30:09 +02:00
auto custody_or_error = resolve_path ( path , base ) ;
2019-05-30 18:58:59 +02:00
if ( custody_or_error . is_error ( ) )
return custody_or_error . error ( ) ;
auto & custody = * custody_or_error . value ( ) ;
2020-05-28 17:41:04 +03:00
return chmod ( custody , mode ) ;
2019-02-25 20:47:56 +01:00
}
2019-05-30 18:58:59 +02:00
KResult VFS : : rename ( StringView old_path , StringView new_path , Custody & base )
2019-04-07 23:35:26 +02:00
{
2019-06-21 18:37:47 +02:00
RefPtr < Custody > old_parent_custody ;
2019-05-31 15:30:09 +02:00
auto old_custody_or_error = resolve_path ( old_path , base , & old_parent_custody ) ;
2019-05-30 18:58:59 +02:00
if ( old_custody_or_error . is_error ( ) )
return old_custody_or_error . error ( ) ;
auto & old_custody = * old_custody_or_error . value ( ) ;
auto & old_inode = old_custody . inode ( ) ;
2019-04-07 23:35:26 +02:00
2019-06-21 18:37:47 +02:00
RefPtr < Custody > new_parent_custody ;
2019-05-31 15:30:09 +02:00
auto new_custody_or_error = resolve_path ( new_path , base , & new_parent_custody ) ;
2019-05-30 18:58:59 +02:00
if ( new_custody_or_error . is_error ( ) ) {
2020-02-20 17:33:14 +03:00
if ( new_custody_or_error . error ( ) ! = - ENOENT | | ! new_parent_custody )
2019-05-30 18:58:59 +02:00
return new_custody_or_error . error ( ) ;
2019-04-07 23:35:26 +02:00
}
2019-05-30 18:58:59 +02:00
auto & old_parent_inode = old_parent_custody - > inode ( ) ;
auto & new_parent_inode = new_parent_custody - > inode ( ) ;
2020-01-03 04:10:05 +01:00
if ( & old_parent_inode . fs ( ) ! = & new_parent_inode . fs ( ) )
return KResult ( - EXDEV ) ;
2020-02-17 15:04:27 +01:00
if ( ! new_parent_inode . metadata ( ) . may_write ( * Process : : current ) )
2019-04-07 23:35:26 +02:00
return KResult ( - EACCES ) ;
2020-02-17 15:04:27 +01:00
if ( ! old_parent_inode . metadata ( ) . may_write ( * Process : : current ) )
2019-04-07 23:35:26 +02:00
return KResult ( - EACCES ) ;
2019-05-30 18:58:59 +02:00
if ( old_parent_inode . metadata ( ) . is_sticky ( ) ) {
2020-02-17 15:04:27 +01:00
if ( ! Process : : current - > is_superuser ( ) & & old_inode . metadata ( ) . uid ! = Process : : current - > euid ( ) )
2019-04-28 22:54:30 +02:00
return KResult ( - EACCES ) ;
}
2020-05-26 14:52:44 +03:00
auto new_basename = LexicalPath ( new_path ) . basename ( ) ;
2019-05-31 15:22:52 +02:00
2019-05-30 18:58:59 +02:00
if ( ! new_custody_or_error . is_error ( ) ) {
auto & new_custody = * new_custody_or_error . value ( ) ;
auto & new_inode = new_custody . inode ( ) ;
2019-04-07 23:35:26 +02:00
// FIXME: Is this really correct? Check what other systems do.
2019-05-30 18:58:59 +02:00
if ( & new_inode = = & old_inode )
2019-04-07 23:35:26 +02:00
return KSuccess ;
2019-05-30 18:58:59 +02:00
if ( new_parent_inode . metadata ( ) . is_sticky ( ) ) {
2020-02-17 15:04:27 +01:00
if ( ! Process : : current - > is_superuser ( ) & & new_inode . metadata ( ) . uid ! = Process : : current - > euid ( ) )
2019-04-28 23:34:33 +02:00
return KResult ( - EACCES ) ;
}
2019-05-30 18:58:59 +02:00
if ( new_inode . is_directory ( ) & & ! old_inode . is_directory ( ) )
2019-04-07 23:35:26 +02:00
return KResult ( - EISDIR ) ;
2019-05-31 15:22:52 +02:00
auto result = new_parent_inode . remove_child ( new_basename ) ;
2019-04-07 23:35:26 +02:00
if ( result . is_error ( ) )
return result ;
}
2019-05-31 17:41:33 +02:00
auto result = new_parent_inode . add_child ( old_inode . identifier ( ) , new_basename , old_inode . mode ( ) ) ;
2019-04-07 23:35:26 +02:00
if ( result . is_error ( ) )
return result ;
2020-05-26 14:52:44 +03:00
result = old_parent_inode . remove_child ( LexicalPath ( old_path ) . basename ( ) ) ;
2019-04-07 23:35:26 +02:00
if ( result . is_error ( ) )
return result ;
return KSuccess ;
}
2020-05-28 17:41:04 +03:00
KResult VFS : : chown ( Custody & custody , uid_t a_uid , gid_t a_gid )
2019-02-27 12:32:53 +01:00
{
2020-05-28 17:41:04 +03:00
auto & inode = custody . inode ( ) ;
2019-05-30 18:58:59 +02:00
if ( inode . fs ( ) . is_readonly ( ) )
2019-02-27 12:32:53 +01:00
return KResult ( - EROFS ) ;
2019-06-02 10:31:25 +02:00
auto metadata = inode . metadata ( ) ;
2020-02-17 15:04:27 +01:00
if ( Process : : current - > euid ( ) ! = metadata . uid & & ! Process : : current - > is_superuser ( ) )
2019-02-27 12:32:53 +01:00
return KResult ( - EPERM ) ;
2019-06-02 10:31:25 +02:00
uid_t new_uid = metadata . uid ;
gid_t new_gid = metadata . gid ;
2019-02-27 12:32:53 +01:00
if ( a_uid ! = ( uid_t ) - 1 ) {
2020-02-17 15:04:27 +01:00
if ( Process : : current - > euid ( ) ! = a_uid & & ! Process : : current - > is_superuser ( ) )
2019-02-27 12:32:53 +01:00
return KResult ( - EPERM ) ;
new_uid = a_uid ;
}
if ( a_gid ! = ( gid_t ) - 1 ) {
2020-02-17 15:04:27 +01:00
if ( ! Process : : current - > in_group ( a_gid ) & & ! Process : : current - > is_superuser ( ) )
2019-02-27 12:32:53 +01:00
return KResult ( - EPERM ) ;
new_gid = a_gid ;
}
2019-07-08 15:38:44 +02:00
dbg ( ) < < " VFS::chown(): inode " < < inode . identifier ( ) < < " <- uid: " < < new_uid < < " gid: " < < new_gid ;
2020-04-04 19:46:55 +02:00
if ( metadata . is_setuid ( ) | | metadata . is_setgid ( ) ) {
dbg ( ) < < " VFS::chown(): Stripping SUID/SGID bits from " < < inode . identifier ( ) ;
auto result = inode . chmod ( metadata . mode & ~ ( 04000 | 02000 ) ) ;
if ( result . is_error ( ) )
return result ;
}
2019-05-30 18:58:59 +02:00
return inode . chown ( new_uid , new_gid ) ;
2019-02-27 12:32:53 +01:00
}
2019-06-02 12:30:24 +02:00
KResult VFS : : chown ( StringView path , uid_t a_uid , gid_t a_gid , Custody & base )
{
auto custody_or_error = resolve_path ( path , base ) ;
if ( custody_or_error . is_error ( ) )
return custody_or_error . error ( ) ;
auto & custody = * custody_or_error . value ( ) ;
2020-05-28 17:41:04 +03:00
return chown ( custody , a_uid , a_gid ) ;
2019-06-02 12:30:24 +02:00
}
2019-05-30 18:58:59 +02:00
KResult VFS : : link ( StringView old_path , StringView new_path , Custody & base )
2019-02-21 13:26:40 +01:00
{
2019-05-31 15:30:09 +02:00
auto old_custody_or_error = resolve_path ( old_path , base ) ;
2019-05-30 18:58:59 +02:00
if ( old_custody_or_error . is_error ( ) )
return old_custody_or_error . error ( ) ;
auto & old_custody = * old_custody_or_error . value ( ) ;
auto & old_inode = old_custody . inode ( ) ;
2019-02-21 13:26:40 +01:00
2019-06-21 18:37:47 +02:00
RefPtr < Custody > parent_custody ;
2019-05-31 15:30:09 +02:00
auto new_custody_or_error = resolve_path ( new_path , base , & parent_custody ) ;
2019-05-30 18:58:59 +02:00
if ( ! new_custody_or_error . is_error ( ) )
2019-02-27 15:31:26 +01:00
return KResult ( - EEXIST ) ;
2019-01-22 07:03:44 +01:00
2019-05-30 18:58:59 +02:00
if ( ! parent_custody )
2019-02-27 15:31:26 +01:00
return KResult ( - ENOENT ) ;
2019-05-30 18:58:59 +02:00
auto & parent_inode = parent_custody - > inode ( ) ;
if ( parent_inode . fsid ( ) ! = old_inode . fsid ( ) )
2019-02-27 15:31:26 +01:00
return KResult ( - EXDEV ) ;
2019-05-30 18:58:59 +02:00
if ( parent_inode . fs ( ) . is_readonly ( ) )
2019-02-27 15:31:26 +01:00
return KResult ( - EROFS ) ;
2020-02-17 15:04:27 +01:00
if ( ! parent_inode . metadata ( ) . may_write ( * Process : : current ) )
2019-02-27 15:31:26 +01:00
return KResult ( - EACCES ) ;
2020-01-15 22:10:38 +01:00
if ( old_inode . is_directory ( ) )
return KResult ( - EPERM ) ;
2020-05-26 14:52:44 +03:00
return parent_inode . add_child ( old_inode . identifier ( ) , LexicalPath ( new_path ) . basename ( ) , old_inode . mode ( ) ) ;
2019-02-21 13:26:40 +01:00
}
2019-05-30 18:58:59 +02:00
KResult VFS : : unlink ( StringView path , Custody & base )
2019-02-21 13:26:40 +01:00
{
2019-06-21 18:37:47 +02:00
RefPtr < Custody > parent_custody ;
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 22:12:04 +01:00
auto custody_or_error = resolve_path ( path , base , & parent_custody , O_NOFOLLOW_NOERROR | O_UNLINK_INTERNAL ) ;
2019-05-30 18:58:59 +02:00
if ( custody_or_error . is_error ( ) )
return custody_or_error . error ( ) ;
auto & custody = * custody_or_error . value ( ) ;
auto & inode = custody . inode ( ) ;
2019-01-23 05:35:42 +01:00
2019-05-30 18:58:59 +02:00
if ( inode . is_directory ( ) )
2019-02-27 14:11:25 +01:00
return KResult ( - EISDIR ) ;
2019-02-21 15:45:31 +01:00
2019-05-30 18:58:59 +02:00
auto & parent_inode = parent_custody - > inode ( ) ;
2020-02-17 15:04:27 +01:00
if ( ! parent_inode . metadata ( ) . may_write ( * Process : : current ) )
2019-02-27 14:11:25 +01:00
return KResult ( - EACCES ) ;
2019-01-22 07:03:44 +01:00
2019-05-30 18:58:59 +02:00
if ( parent_inode . metadata ( ) . is_sticky ( ) ) {
2020-02-17 15:04:27 +01:00
if ( ! Process : : current - > is_superuser ( ) & & inode . metadata ( ) . uid ! = Process : : current - > euid ( ) )
2019-04-28 22:54:30 +02:00
return KResult ( - EACCES ) ;
}
2020-05-26 14:52:44 +03:00
auto result = parent_inode . remove_child ( LexicalPath ( path ) . basename ( ) ) ;
2019-05-31 15:22:52 +02:00
if ( result . is_error ( ) )
return result ;
return KSuccess ;
2019-01-22 07:03:44 +01:00
}
2019-05-30 18:58:59 +02:00
KResult VFS : : symlink ( StringView target , StringView linkpath , Custody & base )
2019-03-02 01:50:34 +01:00
{
2019-06-21 18:37:47 +02:00
RefPtr < Custody > parent_custody ;
2019-05-31 15:30:09 +02:00
auto existing_custody_or_error = resolve_path ( linkpath , base , & parent_custody ) ;
2019-05-30 18:58:59 +02:00
if ( ! existing_custody_or_error . is_error ( ) )
2019-03-02 01:50:34 +01:00
return KResult ( - EEXIST ) ;
2019-05-30 18:58:59 +02:00
if ( ! parent_custody )
2019-03-02 01:50:34 +01:00
return KResult ( - ENOENT ) ;
2019-05-30 18:58:59 +02:00
if ( existing_custody_or_error . error ( ) ! = - ENOENT )
return existing_custody_or_error . error ( ) ;
auto & parent_inode = parent_custody - > inode ( ) ;
2020-02-17 15:04:27 +01:00
if ( ! parent_inode . metadata ( ) . may_write ( * Process : : current ) )
2019-03-02 01:50:34 +01:00
return KResult ( - EACCES ) ;
2020-05-26 14:52:44 +03:00
LexicalPath p ( linkpath ) ;
2019-07-08 15:38:44 +02:00
dbg ( ) < < " VFS::symlink: ' " < < p . basename ( ) < < " ' (-> ' " < < target < < " ') in " < < parent_inode . identifier ( ) ;
2020-02-17 15:04:27 +01:00
auto inode_or_error = parent_inode . fs ( ) . create_inode ( parent_inode . identifier ( ) , p . basename ( ) , 0120644 , 0 , 0 , Process : : current - > uid ( ) , Process : : current - > gid ( ) ) ;
2020-02-08 11:58:28 +01:00
if ( inode_or_error . is_error ( ) )
return inode_or_error . error ( ) ;
auto & inode = inode_or_error . value ( ) ;
ssize_t nwritten = inode - > write_bytes ( 0 , target . length ( ) , ( const u8 * ) target . characters_without_null_termination ( ) , nullptr ) ;
2019-03-02 01:50:34 +01:00
if ( nwritten < 0 )
return KResult ( nwritten ) ;
return KSuccess ;
}
2019-05-30 18:58:59 +02:00
KResult VFS : : rmdir ( StringView path , Custody & base )
2019-01-28 04:16:01 +01:00
{
2019-06-21 18:37:47 +02:00
RefPtr < Custody > parent_custody ;
2019-05-31 15:30:09 +02:00
auto custody_or_error = resolve_path ( path , base , & parent_custody ) ;
2019-05-30 18:58:59 +02:00
if ( custody_or_error . is_error ( ) )
return KResult ( custody_or_error . error ( ) ) ;
2019-01-28 04:16:01 +01:00
2019-05-30 18:58:59 +02:00
auto & custody = * custody_or_error . value ( ) ;
auto & inode = custody . inode ( ) ;
if ( inode . fs ( ) . is_readonly ( ) )
2019-02-27 14:11:25 +01:00
return KResult ( - EROFS ) ;
2019-01-28 04:16:01 +01:00
// FIXME: We should return EINVAL if the last component of the path is "."
// FIXME: We should return ENOTEMPTY if the last component of the path is ".."
2019-05-30 18:58:59 +02:00
if ( ! inode . is_directory ( ) )
2019-02-27 14:11:25 +01:00
return KResult ( - ENOTDIR ) ;
2019-02-21 15:45:31 +01:00
2020-04-19 18:07:16 +02:00
if ( ! parent_custody )
return KResult ( - EBUSY ) ;
2019-05-30 18:58:59 +02:00
auto & parent_inode = parent_custody - > inode ( ) ;
2020-02-17 15:04:27 +01:00
if ( ! parent_inode . metadata ( ) . may_write ( * Process : : current ) )
2019-02-27 14:11:25 +01:00
return KResult ( - EACCES ) ;
2019-01-28 04:16:01 +01:00
2019-05-30 18:58:59 +02:00
if ( inode . directory_entry_count ( ) ! = 2 )
2019-02-27 14:11:25 +01:00
return KResult ( - ENOTEMPTY ) ;
2019-01-28 04:16:01 +01:00
2019-05-30 18:58:59 +02:00
auto result = inode . remove_child ( " . " ) ;
2019-02-27 14:11:25 +01:00
if ( result . is_error ( ) )
return result ;
2019-01-28 04:16:01 +01:00
2019-05-30 18:58:59 +02:00
result = inode . remove_child ( " .. " ) ;
2019-02-27 14:11:25 +01:00
if ( result . is_error ( ) )
return result ;
2019-01-28 04:16:01 +01:00
2020-05-26 14:52:44 +03:00
return parent_inode . remove_child ( LexicalPath ( path ) . basename ( ) ) ;
2019-01-28 04:16:01 +01:00
}
2019-06-21 18:37:47 +02:00
RefPtr < Inode > VFS : : get_inode ( InodeIdentifier inode_id )
2018-10-28 12:20:25 +01:00
{
2018-12-03 00:20:00 +01:00
if ( ! inode_id . is_valid ( ) )
2018-11-13 23:44:54 +01:00
return nullptr ;
2018-12-03 00:20:00 +01:00
return inode_id . fs ( ) - > get_inode ( inode_id ) ;
2018-11-13 23:44:54 +01:00
}
2019-01-31 06:13:55 +01:00
2020-01-11 18:25:26 +03:00
VFS : : Mount : : Mount ( FS & guest_fs , Custody * host_custody , int flags )
2020-01-11 18:05:24 +03:00
: m_guest ( guest_fs . root_inode ( ) )
, m_guest_fs ( guest_fs )
, m_host_custody ( host_custody )
2020-01-11 18:25:26 +03:00
, m_flags ( flags )
2019-05-30 21:29:26 +02:00
{
}
2020-01-12 19:22:24 +03:00
VFS : : Mount : : Mount ( Inode & source , Custody & host_custody , int flags )
2020-01-11 19:08:35 +03:00
: m_guest ( source . identifier ( ) )
, m_guest_fs ( source . fs ( ) )
, m_host_custody ( host_custody )
2020-01-12 19:22:24 +03:00
, m_flags ( flags )
2020-01-11 19:08:35 +03:00
{
}
2019-05-30 21:29:26 +02:00
String VFS : : Mount : : absolute_path ( ) const
{
if ( ! m_host_custody )
return " / " ;
return m_host_custody - > absolute_path ( ) ;
}
InodeIdentifier VFS : : Mount : : host ( ) const
2018-10-10 11:53:07 +02:00
{
2019-05-30 21:29:26 +02:00
if ( ! m_host_custody )
2019-06-07 11:43:58 +02:00
return { } ;
2019-05-30 21:29:26 +02:00
return m_host_custody - > inode ( ) . identifier ( ) ;
2018-10-10 11:53:07 +02:00
}
2018-11-15 15:10:12 +01:00
void VFS : : for_each_mount ( Function < void ( const Mount & ) > callback ) const
2018-10-26 18:43:25 +02:00
{
for ( auto & mount : m_mounts ) {
2019-07-24 09:15:33 +02:00
callback ( mount ) ;
2018-10-26 18:43:25 +02:00
}
}
2018-12-20 00:39:29 +01:00
void VFS : : sync ( )
{
FS : : sync ( ) ;
}
2019-05-30 17:46:08 +02:00
Custody & VFS : : root_custody ( )
{
if ( ! m_root_custody )
2020-01-12 19:40:50 +03:00
m_root_custody = Custody : : create ( nullptr , " " , * m_root_inode , MS_NODEV | MS_NOSUID ) ;
2019-05-30 17:46:08 +02:00
return * m_root_custody ;
}
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 22:12:04 +01:00
const UnveiledPath * VFS : : find_matching_unveiled_path ( StringView path )
{
2020-02-17 15:04:27 +01:00
for ( auto & unveiled_path : Process : : current - > unveiled_paths ( ) ) {
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 22:12:04 +01:00
if ( path = = unveiled_path . path )
return & unveiled_path ;
if ( path . starts_with ( unveiled_path . path ) & & path . length ( ) > unveiled_path . path . length ( ) & & path [ unveiled_path . path . length ( ) ] = = ' / ' )
return & unveiled_path ;
}
return nullptr ;
}
KResult VFS : : validate_path_against_process_veil ( StringView path , int options )
{
2020-02-17 15:04:27 +01:00
if ( Process : : current - > veil_state ( ) = = VeilState : : None )
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 22:12:04 +01:00
return KSuccess ;
// FIXME: Figure out a nicer way to do this.
if ( String ( path ) . contains ( " /.. " ) )
return KResult ( - EINVAL ) ;
auto * unveiled_path = find_matching_unveiled_path ( path ) ;
if ( ! unveiled_path ) {
2020-01-21 16:14:39 +01:00
dbg ( ) < < " Rejecting path ' " < < path < < " ' since it hasn't been unveiled. " ;
2020-01-30 14:05:36 +03:00
dump_backtrace ( ) ;
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 22:12:04 +01:00
return KResult ( - ENOENT ) ;
}
if ( options & O_CREAT ) {
if ( ! ( unveiled_path - > permissions & UnveiledPath : : Access : : CreateOrRemove ) ) {
2020-01-21 16:14:39 +01:00
dbg ( ) < < " Rejecting path ' " < < path < < " ' since it hasn't been unveiled with 'c' permission. " ;
2020-01-30 14:05:36 +03:00
dump_backtrace ( ) ;
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 22:12:04 +01:00
return KResult ( - EACCES ) ;
}
}
if ( options & O_UNLINK_INTERNAL ) {
if ( ! ( unveiled_path - > permissions & UnveiledPath : : Access : : CreateOrRemove ) ) {
2020-01-21 16:14:39 +01:00
dbg ( ) < < " Rejecting path ' " < < path < < " ' for unlink since it hasn't been unveiled with 'c' permission. " ;
2020-01-30 14:05:36 +03:00
dump_backtrace ( ) ;
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 22:12:04 +01:00
return KResult ( - EACCES ) ;
}
return KSuccess ;
}
2020-01-21 13:14:26 +01:00
if ( options & O_RDONLY ) {
if ( ! ( unveiled_path - > permissions & UnveiledPath : : Access : : Read ) ) {
2020-01-21 16:14:39 +01:00
dbg ( ) < < " Rejecting path ' " < < path < < " ' since it hasn't been unveiled with 'r' permission. " ;
2020-01-30 14:05:36 +03:00
dump_backtrace ( ) ;
2020-01-21 13:14:26 +01:00
return KResult ( - EACCES ) ;
}
}
if ( options & O_WRONLY ) {
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 22:12:04 +01:00
if ( ! ( unveiled_path - > permissions & UnveiledPath : : Access : : Write ) ) {
2020-01-21 16:14:39 +01:00
dbg ( ) < < " Rejecting path ' " < < path < < " ' since it hasn't been unveiled with 'w' permission. " ;
2020-01-30 14:05:36 +03:00
dump_backtrace ( ) ;
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 22:12:04 +01:00
return KResult ( - EACCES ) ;
}
2020-01-21 13:14:26 +01:00
}
if ( options & O_EXEC ) {
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 22:12:04 +01:00
if ( ! ( unveiled_path - > permissions & UnveiledPath : : Access : : Execute ) ) {
2020-01-21 16:14:39 +01:00
dbg ( ) < < " Rejecting path ' " < < path < < " ' since it hasn't been unveiled with 'x' permission. " ;
2020-01-30 14:05:36 +03:00
dump_backtrace ( ) ;
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 22:12:04 +01:00
return KResult ( - EACCES ) ;
}
}
return KSuccess ;
}
2020-01-15 10:52:33 +03:00
KResultOr < NonnullRefPtr < Custody > > VFS : : resolve_path ( StringView path , Custody & base , RefPtr < Custody > * out_parent , int options , int symlink_recursion_level )
2019-05-30 17:46:08 +02:00
{
2020-03-19 08:57:34 +00:00
auto custody_or_error = resolve_path_without_veil ( path , base , out_parent , options , symlink_recursion_level ) ;
if ( custody_or_error . is_error ( ) )
return custody_or_error . error ( ) ;
auto & custody = custody_or_error . value ( ) ;
auto result = validate_path_against_process_veil ( custody - > absolute_path ( ) , options ) ;
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 22:12:04 +01:00
if ( result . is_error ( ) )
return result ;
2020-03-19 08:57:34 +00:00
return custody ;
}
KResultOr < NonnullRefPtr < Custody > > VFS : : resolve_path_without_veil ( StringView path , Custody & base , RefPtr < Custody > * out_parent , int options , int symlink_recursion_level )
{
2019-12-24 22:39:21 +13:00
if ( symlink_recursion_level > = symlink_recursion_limit )
return KResult ( - ELOOP ) ;
2019-08-25 18:18:51 +02:00
2019-05-30 17:46:08 +02:00
if ( path . is_empty ( ) )
return KResult ( - EINVAL ) ;
2019-09-21 00:45:16 +03:00
auto parts = path . split_view ( ' / ' , true ) ;
2020-02-17 15:04:27 +01:00
auto & current_root = Process : : current - > root_directory ( ) ;
2020-01-10 23:14:04 +01:00
2020-01-15 10:52:33 +03:00
NonnullRefPtr < Custody > custody = path [ 0 ] = = ' / ' ? current_root : base ;
2019-05-30 17:46:08 +02:00
2020-02-25 14:49:47 +01:00
for ( size_t i = 0 ; i < parts . size ( ) ; + + i ) {
2020-01-15 10:52:33 +03:00
Custody & parent = custody ;
auto parent_metadata = parent . inode ( ) . metadata ( ) ;
2020-01-14 13:30:15 +03:00
if ( ! parent_metadata . is_directory ( ) )
2019-05-30 17:46:08 +02:00
return KResult ( - ENOTDIR ) ;
2020-01-14 13:30:15 +03:00
// Ensure the current user is allowed to resolve paths inside this directory.
2020-02-17 15:04:27 +01:00
if ( ! parent_metadata . may_execute ( * Process : : current ) )
2019-05-30 17:46:08 +02:00
return KResult ( - EACCES ) ;
2019-06-13 16:33:01 +03:00
auto & part = parts [ i ] ;
2020-01-14 13:30:15 +03:00
bool have_more_parts = i + 1 < parts . size ( ) ;
if ( part = = " .. " ) {
// If we encounter a "..", take a step back, but don't go beyond the root.
2020-01-15 10:52:33 +03:00
if ( custody - > parent ( ) )
custody = * custody - > parent ( ) ;
2019-09-21 00:45:16 +03:00
continue ;
2020-01-14 13:30:15 +03:00
} else if ( part = = " . " | | part . is_empty ( ) ) {
continue ;
}
2019-06-13 16:33:01 +03:00
2020-01-14 13:30:15 +03:00
// Okay, let's look up this part.
2020-02-01 09:23:46 +01:00
auto child_inode = parent . inode ( ) . lookup ( part ) ;
if ( ! child_inode ) {
2020-01-15 10:52:33 +03:00
if ( out_parent ) {
2020-01-14 13:30:15 +03:00
// ENOENT with a non-null parent custody signals to caller that
2020-01-03 03:53:06 +01:00
// we found the immediate parent of the file, but the file itself
// does not exist yet.
2020-01-15 10:52:33 +03:00
* out_parent = have_more_parts ? nullptr : & parent ;
2020-01-03 03:53:06 +01:00
}
2019-05-30 17:46:08 +02:00
return KResult ( - ENOENT ) ;
2020-01-03 03:53:06 +01:00
}
2020-01-14 13:30:15 +03:00
2020-01-15 10:52:33 +03:00
int mount_flags_for_child = parent . mount_flags ( ) ;
2020-02-01 09:23:46 +01:00
2020-01-14 13:30:15 +03:00
// See if there's something mounted on the child; in that case
// we would need to return the guest inode, not the host inode.
2020-02-01 09:23:46 +01:00
if ( auto mount = find_mount_for_host ( child_inode - > identifier ( ) ) ) {
child_inode = get_inode ( mount - > guest ( ) ) ;
2020-01-14 13:30:15 +03:00
mount_flags_for_child = mount - > flags ( ) ;
2019-05-30 17:46:08 +02:00
}
2019-05-31 06:42:49 +02:00
2020-01-15 10:52:33 +03:00
custody = Custody : : create ( & parent , part , * child_inode , mount_flags_for_child ) ;
2019-05-31 06:42:49 +02:00
2020-01-14 13:30:15 +03:00
if ( child_inode - > metadata ( ) . is_symlink ( ) ) {
if ( ! have_more_parts ) {
2019-05-30 17:46:08 +02:00
if ( options & O_NOFOLLOW )
return KResult ( - ELOOP ) ;
if ( options & O_NOFOLLOW_NOERROR )
2020-01-14 13:30:15 +03:00
break ;
2019-05-30 17:46:08 +02:00
}
2020-01-15 13:59:50 +03:00
auto symlink_target = child_inode - > resolve_as_link ( parent , out_parent , options , symlink_recursion_level + 1 ) ;
2020-01-14 13:30:15 +03:00
if ( symlink_target . is_error ( ) | | ! have_more_parts )
2019-06-12 16:36:05 +03:00
return symlink_target ;
2020-01-14 13:30:15 +03:00
// Now, resolve the remaining path relative to the symlink target.
// We prepend a "." to it to ensure that it's not empty and that
// any initial slashes it might have get interpreted properly.
StringBuilder remaining_path ;
remaining_path . append ( ' . ' ) ;
remaining_path . append ( path . substring_view_starting_after_substring ( part ) ) ;
2019-06-12 16:36:05 +03:00
2020-03-19 08:57:34 +00:00
return resolve_path_without_veil ( remaining_path . to_string ( ) , * symlink_target . value ( ) , out_parent , options , symlink_recursion_level + 1 ) ;
2019-05-30 17:46:08 +02:00
}
}
2020-01-14 13:30:15 +03:00
2020-01-15 10:52:33 +03:00
if ( out_parent )
* out_parent = custody - > parent ( ) ;
return custody ;
2019-05-30 17:46:08 +02:00
}
2020-02-16 01:27:42 +01:00
}