diff --git a/src/fuse_operations.c b/src/fuse_operations.c index a63837a..2ae2de1 100644 --- a/src/fuse_operations.c +++ b/src/fuse_operations.c @@ -116,12 +116,11 @@ static int xmp_access(const char *path, int mask) { struct fuse_context *fc = fuse_get_context(); pi.PID = fc->pid; - pi.UID = fc->uid; pi.name = get_process_name_by_pid(pi.PID); // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi)); - if (!interactive_access(real_filename(path), pi)) { + if (!interactive_access(real_filename(path), pi, 0)) { free(pi.name); return -EACCES; } @@ -281,12 +280,11 @@ static int xmp_unlink(const char *path) { // ask the user for the permission for deleting the file pi.PID = fc->pid; - pi.UID = fc->uid; pi.name = get_process_name_by_pid(pi.PID); // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi)); - if (!interactive_access(real_filename(path), pi)) { + if (!interactive_access(real_filename(path), pi, 0)) { free(pi.name); return -EACCES; } @@ -330,12 +328,11 @@ static int xmp_rename(const char *from, const char *to, unsigned int flags) { struct fuse_context *fc = fuse_get_context(); pi.PID = fc->pid; - pi.UID = fc->uid; pi.name = get_process_name_by_pid(pi.PID); // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi)); - if (!interactive_access(real_filename(from), pi)) { + if (!interactive_access(real_filename(from), pi, 0)) { free(pi.name); return -EACCES; } @@ -343,7 +340,7 @@ static int xmp_rename(const char *from, const char *to, unsigned int flags) { // the "to" file may exist and the process needs to get persmission to modify // it if (source_access(to, F_OK) == 0 && - !interactive_access(real_filename(to), pi)) { + !interactive_access(real_filename(to), pi, 0)) { free(pi.name); return -EACCES; } @@ -363,11 +360,10 @@ static int xmp_link(const char *from, const char *to) { struct fuse_context *fc = fuse_get_context(); pi.PID = fc->pid; - pi.UID = fc->uid; pi.name = get_process_name_by_pid(pi.PID); // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi)); - if (!interactive_access(real_filename(from), pi)) { + if (!interactive_access(real_filename(from), pi, 0)) { free(pi.name); return -EACCES; } @@ -389,11 +385,10 @@ static int xmp_chmod(const char *path, mode_t mode, struct fuse_file_info *fi) { struct fuse_context *fc = fuse_get_context(); pi.PID = fc->pid; - pi.UID = fc->uid; pi.name = get_process_name_by_pid(pi.PID); // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi)); - if (!interactive_access(real_filename(path), pi)) { + if (!interactive_access(real_filename(path), pi, 0)) { free(pi.name); return -EACCES; } @@ -421,11 +416,10 @@ static int xmp_chown(const char *path, uid_t uid, gid_t gid, struct fuse_context *fc = fuse_get_context(); pi.PID = fc->pid; - pi.UID = fc->uid; pi.name = get_process_name_by_pid(pi.PID); // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi)); - if (!interactive_access(real_filename(path), pi)) { + if (!interactive_access(real_filename(path), pi, 0)) { free(pi.name); return -EACCES; } @@ -476,17 +470,16 @@ static int xmp_utimens(const char *path, const struct timespec ts[2], static int xmp_create(const char *path, mode_t mode, struct fuse_file_info *fi) { - int fd; + int fd = -1; struct process_info pi; struct fuse_context *fc = fuse_get_context(); pi.PID = fc->pid; - pi.UID = fc->uid; pi.name = get_process_name_by_pid(pi.PID); // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi)); - if (!interactive_access(real_filename(path), pi)) { + if (!interactive_access(real_filename(path), pi, GRANT_PERM)) { free(pi.name); return -EACCES; } @@ -507,11 +500,10 @@ static int xmp_open(const char *path, struct fuse_file_info *fi) { struct fuse_context *fc = fuse_get_context(); pi.PID = fc->pid; - pi.UID = fc->uid; pi.name = get_process_name_by_pid(pi.PID); // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi)); - if (!interactive_access(real_filename(path), pi)) { + if (!interactive_access(real_filename(path), pi, 0)) { free(pi.name); return -EACCES; } diff --git a/src/process_info.h b/src/process_info.h index 8e59c81..fe2e7d0 100644 --- a/src/process_info.h +++ b/src/process_info.h @@ -6,7 +6,6 @@ struct process_info { pid_t PID; const char *name; - uid_t UID; }; #endif // PROCESS_INFO_H diff --git a/src/ui-socket.c b/src/ui-socket.c index f9f6228..8c8982f 100644 --- a/src/ui-socket.c +++ b/src/ui-socket.c @@ -10,7 +10,6 @@ #include #include #define _GNU_SOURCE -#include "cc.h" #include "perm_permissions_table.h" #include "temp_permissions_table.h" #include "ui-socket.h" @@ -61,9 +60,9 @@ void destroy_ui_socket() { * GUI * * @param filename: The file that the process is trying to access - * @pram pi: The process information - * @return: 0 if access is denied, 1 if access is allowed, 2 if access is allwed - * for the runtime of the process + * @param pi: The process information + * @return: 0 if access is denied, 1 if access is allowed, 2 if access is + * allowed for the runtime of the process */ int ask_access(const char *filename, struct process_info pi) { FILE *fp; @@ -115,15 +114,28 @@ int ask_access(const char *filename, struct process_info pi) { * * @param filename: The file that the process is trying to access * @pram pi: The process information + * @param opts: options (GRANT_TEMP, GRANT_PERM) * @return: 0 if access is denied, 1 if access is allowed */ -int interactive_access(const char *filename, struct process_info pi) { +int interactive_access(const char *filename, struct process_info pi, int opts) { if (check_temp_access(filename, pi) || check_perm_access(filename, pi)) { // access was already granted before return 1; } + // if noth GRANT_TEMP and GRANT_PERM are selected, then only permanent + // permissions are granted + + if (opts & GRANT_PERM) { + give_perm_access(filename, pi); + return 1; + } + if (opts & GRANT_TEMP) { + give_temp_access(filename, pi); + return 1; + } + int user_response = ask_access(filename, pi); if (user_response == 1) { // user said "yes" diff --git a/src/ui-socket.h b/src/ui-socket.h index 14b8ddd..6d0ee74 100644 --- a/src/ui-socket.h +++ b/src/ui-socket.h @@ -36,8 +36,13 @@ void destroy_ui_socket(void); * * @param filename: The file that the process is trying to access * @pram pi: The process information + * @param opts: options (GRANT_TEMP, GRANT_PERM) * @return: 0 if access is denied, 1 if access is allowed */ -int interactive_access(const char *filename, struct process_info pi); +int interactive_access(const char *filename, struct process_info pi, int opts); + +#define GRANT_TEMP 1 +#define GRANT_PERM 2 +// #define TABLE_ONLY 4 // NOTE: Add this in the future? #endif // !UI_SOCKET_H diff --git a/test/test.bash b/test/test.bash index 7b98fe2..574e8db 100755 --- a/test/test.bash +++ b/test/test.bash @@ -20,27 +20,30 @@ valgrind -s ../build/icfs -o default_permissions ./protected & sleep 5 +# WARN: please don't use `>` or `>>` operators. They force **this script** to open the file, **not the program you are trying to run**. This is probably not what you mean when you want to test a specific program's access. +# WARN: avoid using touch, since it generates errors because setting times is not implemented in icfs **yet**. + # create files zenity --set-fake-response no -touch ./protected/should-not-exist 2>/dev/null && - echo "[ICFS-TEST]: touch can create protected/should-not-exist despite access being denied!" || - echo "[ICFS-TEST]: OK" # EACCESS +truncate -s 0 ./protected/should-exist-anyway 2>/dev/null && + echo "[ICFS-TEST]: OK" || + echo "[ICFS-TEST]: truncate cannot create protected/should-exist despite access being permitted!" # OK zenity --set-fake-response yes_tmp -touch ./protected/should-exist 2>/dev/null && +truncate -s 0 ./protected/should-exist 2>/dev/null && echo "[ICFS-TEST]: OK" || - echo "[ICFS-TEST]: touch cannot create protected/should-exist despite access being permitted!" # OK + echo "[ICFS-TEST]: truncate cannot create protected/should-exist despite access being permitted!" # OK # write to files zenity --set-fake-response no -echo "Linux is a cancer that attaches itself in an intellectual property sense to everything it touches." >./protected/truth 2>/dev/null && +sed -e 'a\'"Linux is a cancer that attaches itself in an intellectual property sense to everything it touches." "./protected/truth" 2>/dev/null && echo "[ICFS-TEST]: echo can write to protected/lie despite access being denied!" || echo "[ICFS-TEST]: OK" # EACCESS zenity --set-fake-response yes_tmp -echo "Sharing knowledge is the most fundamental act of friendship. Because it is a way you can give something without loosing something." >./protected/truth 2>/dev/null && +sed -e 'a\'"Sharing knowledge is the most fundamental act of friendship. Because it is a way you can give something without loosing something." "./protected/truth" 2>/dev/null && echo "[ICFS-TEST]: OK" || echo "[ICFS-TEST]: echo cannot write to protected/truth despite access being permitted!" # OK @@ -90,17 +93,17 @@ chmod 000 ./protected/perm000 2>/dev/null && echo "[ICFS-TEST]: OK" || echo "[ICFS-TEST]: chmod cannot change permissions of protected/perm000 despite access being permitted!" # OK -# create files with permanent permissions +# test permanent permissions zenity --set-fake-response yes -touch ./protected/friendly 2>/dev/null && +cat ./protected/motto >/dev/null 2>/dev/null && echo "[ICFS-TEST]: OK" || - echo "[ICFS-TEST]: touch cannot create protected/friendly despite access being permitted!" # OK + echo "[ICFS-TEST]: echo cannot read protected/motto despite access being permitted!" # OK zenity --set-fake-response no # this should be ignored -touch ./protected/friendly-again 2>/dev/null && +cat ./protected/motto >/dev/null 2>/dev/null && echo "[ICFS-TEST]: OK" || - echo "[ICFS-TEST]: touch cannot create protected/friendly-again despite access being permitted!" # OK + echo "[ICFS-TEST]: echo cannot read protected/motto despite access being permitted!" # OK # unmount