From 57091bf0ce1f385df451c937991c892dd54ee3dd Mon Sep 17 00:00:00 2001
From: BritishTeapot <f.kovalyoff@gmail.com>
Date: Sun, 30 Mar 2025 19:48:11 +0200
Subject: [PATCH] Made create to grant permissions automatically.

Creating files grants permanent permissions to them now. This makes
sense because if a program creates a new file, then it clearly can't
steal any data. This is particularly useful for programs which open an
obscene amount of auxilary files (e.g. neovim with a huge amount of
plugins).
---
 src/fuse_operations.c |  7 ++++++-
 test/test.bash        | 27 +++++++++++++++------------
 2 files changed, 21 insertions(+), 13 deletions(-)

diff --git a/src/fuse_operations.c b/src/fuse_operations.c
index a63837a..36e4df1 100644
--- a/src/fuse_operations.c
+++ b/src/fuse_operations.c
@@ -36,6 +36,7 @@
 #include <sys/file.h> /* flock(2) */
 
 #include "fuse_operations.h"
+#include "perm_permissions_table.h"
 #include "sourcefs.h"
 #include "ui-socket.h"
 
@@ -476,7 +477,7 @@ static int xmp_utimens(const char *path, const struct timespec ts[2],
 
 static int xmp_create(const char *path, mode_t mode,
                       struct fuse_file_info *fi) {
-  int fd;
+  int fd = -1;
   struct process_info pi;
   struct fuse_context *fc = fuse_get_context();
 
@@ -486,10 +487,14 @@ static int xmp_create(const char *path, mode_t mode,
 
   // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
 
+  /*
   if (!interactive_access(real_filename(path), pi)) {
     free(pi.name);
     return -EACCES;
   }
+  */
+
+  give_perm_access(real_filename(path), pi);
 
   free(pi.name);
 
diff --git a/test/test.bash b/test/test.bash
index 7b98fe2..574e8db 100755
--- a/test/test.bash
+++ b/test/test.bash
@@ -20,27 +20,30 @@ valgrind -s ../build/icfs -o default_permissions ./protected &
 
 sleep 5
 
+# WARN: please don't use `>` or `>>` operators. They force **this script** to open the file, **not the program you are trying to run**. This is probably not what you mean when you want to test a specific program's access.
+# WARN: avoid using touch, since it generates errors because setting times is not implemented in icfs **yet**.
+
 # create files
 
 zenity --set-fake-response no
-touch ./protected/should-not-exist 2>/dev/null &&
-  echo "[ICFS-TEST]: touch can create protected/should-not-exist despite access being denied!" ||
-  echo "[ICFS-TEST]: OK" # EACCESS
+truncate -s 0 ./protected/should-exist-anyway 2>/dev/null &&
+  echo "[ICFS-TEST]: OK" ||
+  echo "[ICFS-TEST]: truncate cannot create protected/should-exist despite access being permitted!" # OK
 
 zenity --set-fake-response yes_tmp
-touch ./protected/should-exist 2>/dev/null &&
+truncate -s 0 ./protected/should-exist 2>/dev/null &&
   echo "[ICFS-TEST]: OK" ||
-  echo "[ICFS-TEST]: touch cannot create protected/should-exist despite access being permitted!" # OK
+  echo "[ICFS-TEST]: truncate cannot create protected/should-exist despite access being permitted!" # OK
 
 # write to files
 
 zenity --set-fake-response no
-echo "Linux is a cancer that attaches itself in an intellectual property sense to everything it touches." >./protected/truth 2>/dev/null &&
+sed -e 'a\'"Linux is a cancer that attaches itself in an intellectual property sense to everything it touches." "./protected/truth" 2>/dev/null &&
   echo "[ICFS-TEST]: echo can write to protected/lie despite access being denied!" ||
   echo "[ICFS-TEST]: OK" # EACCESS
 
 zenity --set-fake-response yes_tmp
-echo "Sharing knowledge is the most fundamental act of friendship. Because it is a way you can give something without loosing something." >./protected/truth 2>/dev/null &&
+sed -e 'a\'"Sharing knowledge is the most fundamental act of friendship. Because it is a way you can give something without loosing something." "./protected/truth" 2>/dev/null &&
   echo "[ICFS-TEST]: OK" ||
   echo "[ICFS-TEST]: echo cannot write to protected/truth despite access being permitted!" # OK
 
@@ -90,17 +93,17 @@ chmod 000 ./protected/perm000 2>/dev/null &&
   echo "[ICFS-TEST]: OK" ||
   echo "[ICFS-TEST]: chmod cannot change permissions of protected/perm000 despite access being permitted!" # OK
 
-# create files with permanent permissions
+# test permanent permissions
 
 zenity --set-fake-response yes
-touch ./protected/friendly 2>/dev/null &&
+cat ./protected/motto >/dev/null 2>/dev/null &&
   echo "[ICFS-TEST]: OK" ||
-  echo "[ICFS-TEST]: touch cannot create protected/friendly despite access being permitted!" # OK
+  echo "[ICFS-TEST]: echo cannot read protected/motto despite access being permitted!" # OK
 
 zenity --set-fake-response no # this should be ignored
-touch ./protected/friendly-again 2>/dev/null &&
+cat ./protected/motto >/dev/null 2>/dev/null &&
   echo "[ICFS-TEST]: OK" ||
-  echo "[ICFS-TEST]: touch cannot create protected/friendly-again despite access being permitted!" # OK
+  echo "[ICFS-TEST]: echo cannot read protected/motto despite access being permitted!" # OK
 
 # unmount