/* * Copyright (c) 2018-2020, Andreas Kling * * SPDX-License-Identifier: BSD-2-Clause */ #include #include #include #include #include namespace Kernel { KResultOr Process::sys$unveil(Userspace user_params) { Syscall::SC_unveil_params params; if (!copy_from_user(¶ms, user_params)) return EFAULT; if (!params.path.characters && !params.permissions.characters) { m_veil_state = VeilState::Locked; return 0; } if (m_veil_state == VeilState::Locked) return EPERM; if (!params.path.characters || !params.permissions.characters) return EINVAL; if (params.permissions.length > 5) return EINVAL; auto path_or_error = get_syscall_path_argument(params.path); if (path_or_error.is_error()) return path_or_error.error(); auto& path = *path_or_error.value(); if (path.is_empty() || !path.view().starts_with('/')) return EINVAL; auto permissions = copy_string_from_user(params.permissions); if (permissions.is_null()) return EFAULT; // Let's work out permissions first... unsigned new_permissions = 0; for (const char permission : permissions) { switch (permission) { case 'r': new_permissions |= UnveilAccess::Read; break; case 'w': new_permissions |= UnveilAccess::Write; break; case 'x': new_permissions |= UnveilAccess::Execute; break; case 'c': new_permissions |= UnveilAccess::CreateOrRemove; break; case 'b': new_permissions |= UnveilAccess::Browse; break; default: return EINVAL; } } // Now, let's try and resolve the path and obtain custody of the inode on the disk, and if not, bail out with // the error from resolve_path_without_veil() // However, if the user specified unveil() with "c" permissions, we don't set errno if ENOENT is encountered, // because they most likely intend the program to create the file for them later on. // If this case is encountered, the parent node of the path is returned and the custody of that inode is used instead. RefPtr parent_custody; // Parent inode in case of ENOENT String new_unveiled_path; auto custody_or_error = VFS::the().resolve_path_without_veil(path.view(), root_directory(), &parent_custody); if (!custody_or_error.is_error()) { new_unveiled_path = custody_or_error.value()->absolute_path(); } else if (custody_or_error.error() == -ENOENT && parent_custody && (new_permissions & UnveilAccess::CreateOrRemove)) { String basename = LexicalPath(path.view()).basename(); new_unveiled_path = String::formatted("{}/{}", parent_custody->absolute_path(), basename); } else { // FIXME Should this be EINVAL? return custody_or_error.error(); } LexicalPath lexical_path(new_unveiled_path); auto it = lexical_path.parts().begin(); auto& matching_node = m_unveiled_paths.traverse_until_last_accessible_node(it, lexical_path.parts().end()); if (it.is_end()) { auto old_permissions = matching_node.permissions(); // Allow "elevating" the permissions when the permissions are inherited from root (/), // as that would be the first time this path is unveiled. if (old_permissions != UnveilAccess::None || !matching_node.permissions_inherited_from_root()) { if (new_permissions & ~old_permissions) return EPERM; } matching_node.set_metadata({ matching_node.path(), (UnveilAccess)new_permissions, true, false }); return 0; } matching_node.insert( it, lexical_path.parts().end(), { new_unveiled_path, (UnveilAccess)new_permissions, true }, [](auto& parent, auto& it) -> Optional { return UnveilMetadata { String::formatted("{}/{}", parent.path(), *it), parent.permissions(), false, parent.permissions_inherited_from_root() }; }); VERIFY(m_veil_state != VeilState::Locked); m_veil_state = VeilState::Dropped; return 0; } }