Added missing license headers

Added the initial support for the database protection with the setuid
mechanism. In the beginning the program creates(or opens) the database
as a special user, and then switches to the real uid and functions
normally.

.gitignore

@@ -2,4 +2,5 @@ build/*
 .clang-tidy
 .cache
 test/protected/*
+test/.pt.db
 compile_commands.json

Makefile

@@ -12,7 +12,7 @@ CXX := g++
 
 # dependencies
 
-PACKAGE_NAMES := fuse3
+PACKAGE_NAMES := fuse3 sqlite3
 
 ifeq ($(TEST), 1)
 	#	PACKAGE_NAMES += check # TODO: use check?
@@ -43,7 +43,7 @@ endif
 
 # set up targets 
 
-TARGETS := icfs
+TARGETS := $(BUILD_DIR)/icfs
 
 ifeq ($(TEST), 1)
 	TARGETS += icfs_test
@@ -56,12 +56,11 @@ default: $(TARGETS)
 
 .PHONY: clean
 
-icfs: $(BUILD_DIR)/main.o $(BUILD_DIR)/fuse_operations.o $(BUILD_DIR)/sourcefs.o $(BUILD_DIR)/ui-socket.o
+$(BUILD_DIR)/icfs: $(BUILD_DIR)/main.o $(BUILD_DIR)/fuse_operations.o $(BUILD_DIR)/sourcefs.o $(BUILD_DIR)/ui-socket.o $(BUILD_DIR)/temp_permissions_table.o $(BUILD_DIR)/perm_permissions_table.o
 	$(CC) $(CFLAGS) $^ $(LDFLAGS) -o $(BUILD_DIR)/icfs
 
-icfs_test: $(BUILD_DIR)/main.o $(BUILD_DIR)/fuse_operations.o $(BUILD_DIR)/sourcefs.o $(BUILD_DIR)/ui-socket.o
-	$(CC) $(CFLAGS) $^ $(LDFLAGS) -o $(BUILD_DIR)/icfs_test
-	# $(BUILD_DIR)/icfs_test # TODO: implement testing
+icfs_test: $(BUILD_DIR)/icfs
+	cd ./test && ./test.bash
 
 $(BUILD_DIR)/test_access_control.o: $(TESTS_DIR)/test_access_control.c
 	$(CC) $(CFLAGS) -c $< $(LDFLAGS) -o $@
@@ -78,5 +77,12 @@ $(BUILD_DIR)/sourcefs.o: $(SOURCES_DIR)/sourcefs.c $(SOURCES_DIR)/sourcefs.h
 $(BUILD_DIR)/ui-socket.o: $(SOURCES_DIR)/ui-socket.c $(SOURCES_DIR)/ui-socket.h
 	$(CC) $(CFLAGS) -c $< $(LDFLAGS) -o $@
 
+$(BUILD_DIR)/temp_permissions_table.o: $(SOURCES_DIR)/temp_permissions_table.c $(SOURCES_DIR)/temp_permissions_table.h
+	$(CC) $(CFLAGS) -c $< $(LDFLAGS) -o $@
+
+$(BUILD_DIR)/perm_permissions_table.o: $(SOURCES_DIR)/perm_permissions_table.c $(SOURCES_DIR)/perm_permissions_table.h
+	$(CC) $(CFLAGS) -c $< $(LDFLAGS) -o $@
+
+
 clean:
 	rm $(BUILD_DIR)/*.o $(BUILD_DIR)/icfs*

src/fuse_operations.c

@@ -108,7 +108,28 @@ static int xmp_getattr(const char *path, struct stat *stbuf,
 static int xmp_access(const char *path, int mask) {
   int res;
 
-  res = access(path, mask);
+  // if mask is F_OK, then we don't need to check the permissions
+  // (is that possible?)
+
+  if (mask != F_OK) {
+    struct process_info pi;
+    struct fuse_context *fc = fuse_get_context();
+
+    pi.PID = fc->pid;
+    pi.name = get_process_name_by_pid(pi.PID);
+
+    // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
+
+    if (!interactive_access(real_filename(path), pi, 0)) {
+      free(pi.name);
+      return -EACCES;
+    }
+
+    free(pi.name);
+  }
+
+  res = source_access(path, mask);
+
   if (res == -1)
     return -errno;
 
@@ -259,12 +280,11 @@ static int xmp_unlink(const char *path) {
 
   // ask the user for the permission for deleting the file
   pi.PID = fc->pid;
-  pi.UID = fc->uid;
   pi.name = get_process_name_by_pid(pi.PID);
 
   // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
 
-  if (!interactive_access(real_filename(path), pi)) {
+  if (!interactive_access(real_filename(path), pi, 0)) {
     free(pi.name);
     return -EACCES;
   }
@@ -304,6 +324,29 @@ static int xmp_rename(const char *from, const char *to, unsigned int flags) {
   if (flags)
     return -EINVAL;
 
+  struct process_info pi;
+  struct fuse_context *fc = fuse_get_context();
+
+  pi.PID = fc->pid;
+  pi.name = get_process_name_by_pid(pi.PID);
+
+  // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
+
+  if (!interactive_access(real_filename(from), pi, 0)) {
+    free(pi.name);
+    return -EACCES;
+  }
+
+  // the "to" file may exist and the process needs to get persmission to modify
+  // it
+  if (source_access(to, F_OK) == 0 &&
+      !interactive_access(real_filename(to), pi, 0)) {
+    free(pi.name);
+    return -EACCES;
+  }
+
+  free(pi.name);
+
   res = source_rename(from, to);
   if (res == -1)
     return -errno;
@@ -313,6 +356,21 @@ static int xmp_rename(const char *from, const char *to, unsigned int flags) {
 
 static int xmp_link(const char *from, const char *to) {
   int res;
+  struct process_info pi;
+  struct fuse_context *fc = fuse_get_context();
+
+  pi.PID = fc->pid;
+  pi.name = get_process_name_by_pid(pi.PID);
+
+  // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
+  if (!interactive_access(real_filename(from), pi, 0)) {
+    free(pi.name);
+    return -EACCES;
+  }
+
+  // no need to check the access to the "to" file, see link(2)
+
+  free(pi.name);
 
   res = source_link(from, to);
   if (res == -1)
@@ -323,6 +381,19 @@ static int xmp_link(const char *from, const char *to) {
 
 static int xmp_chmod(const char *path, mode_t mode, struct fuse_file_info *fi) {
   int res;
+  struct process_info pi;
+  struct fuse_context *fc = fuse_get_context();
+
+  pi.PID = fc->pid;
+  pi.name = get_process_name_by_pid(pi.PID);
+
+  // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
+  if (!interactive_access(real_filename(path), pi, 0)) {
+    free(pi.name);
+    return -EACCES;
+  }
+
+  free(pi.name);
 
   if (fi)
     res = fchmod(fi->fh, mode);
@@ -334,9 +405,26 @@ static int xmp_chmod(const char *path, mode_t mode, struct fuse_file_info *fi) {
   return 0;
 }
 
+/**
+ * This filesystem is not designed for multiuser operation (e.g. with
+ * allow_other) so there is little point in having chown implemnted
+ */
 static int xmp_chown(const char *path, uid_t uid, gid_t gid,
                      struct fuse_file_info *fi) {
   int res;
+  struct process_info pi;
+  struct fuse_context *fc = fuse_get_context();
+
+  pi.PID = fc->pid;
+  pi.name = get_process_name_by_pid(pi.PID);
+
+  // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
+  if (!interactive_access(real_filename(path), pi, 0)) {
+    free(pi.name);
+    return -EACCES;
+  }
+
+  free(pi.name);
 
   if (fi)
     res = fchown(fi->fh, uid, gid);
@@ -382,17 +470,16 @@ static int xmp_utimens(const char *path, const struct timespec ts[2],
 
 static int xmp_create(const char *path, mode_t mode,
                       struct fuse_file_info *fi) {
-  int fd;
+  int fd = -1;
   struct process_info pi;
   struct fuse_context *fc = fuse_get_context();
 
   pi.PID = fc->pid;
-  pi.UID = fc->uid;
   pi.name = get_process_name_by_pid(pi.PID);
 
   // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
 
-  if (!interactive_access(real_filename(path), pi)) {
+  if (!interactive_access(real_filename(path), pi, GRANT_PERM)) {
     free(pi.name);
     return -EACCES;
   }
@@ -413,11 +500,10 @@ static int xmp_open(const char *path, struct fuse_file_info *fi) {
   struct fuse_context *fc = fuse_get_context();
 
   pi.PID = fc->pid;
-  pi.UID = fc->uid;
   pi.name = get_process_name_by_pid(pi.PID);
 
   // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
-  if (!interactive_access(real_filename(path), pi)) {
+  if (!interactive_access(real_filename(path), pi, 0)) {
     free(pi.name);
     return -EACCES;
   }
@@ -660,7 +746,7 @@ static off_t xmp_lseek(const char *path, off_t off, int whence,
 static const struct fuse_operations xmp_oper = {
     .init = xmp_init,
     .getattr = xmp_getattr,
-    // .access = xmp_access,
+    .access = xmp_access,
     .readlink = xmp_readlink,
     .opendir = xmp_opendir,
     .readdir = xmp_readdir,

src/main.c

@@ -10,6 +10,8 @@
   See the file LICENSE.
 */
 
+#include <sys/types.h>
+#include <unistd.h>
 #define FUSE_USE_VERSION 31
 
 #define _GNU_SOURCE
@@ -28,22 +30,23 @@ const char *mountpoint = NULL;
 int main(int argc, char *argv[]) {
   umask(0);
 
-  mountpoint = realpath(argv[argc - 1], NULL);
-
-  int ret = source_init(mountpoint);
+  int ret = init_ui_socket();
   if (ret != 0) {
-    perror("source_init");
+    fprintf(stderr, "Could not initalize ui-socket.\n");
     exit(EXIT_FAILURE);
   }
 
-  ret = init_ui_socket("/home/fedir/.icfs-sock");
+  mountpoint = realpath(argv[argc - 1], NULL);
+
+  ret = source_init(mountpoint);
   if (ret != 0) {
-    perror("init_ui_socket");
+    perror("source_init");
     exit(EXIT_FAILURE);
   }
 
   ret = fuse_main(argc, argv, get_fuse_operations(), NULL);
 
   free(mountpoint);
+  destroy_ui_socket();
   return ret;
 }

src/perm_permissions_table.c

@@ -0,0 +1,253 @@
+/*
+  ICFS: Interactively Controlled File System
+  Copyright (C) 2024-2025  Fedir Kovalov
+
+  This program can be distributed under the terms of the GNU GPLv2.
+  See the file LICENSE.
+*/
+
+#include "perm_permissions_table.h"
+#include "process_info.h"
+#include <fcntl.h>
+#include <pthread.h>
+#include <sqlite3.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/fsuid.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+sqlite3 *perm_database = NULL;
+const char *const table_name = "permissions";
+// one row corresponds to a permission to access one file for one executable
+const int column_count = 2;
+const char *const schema[] = {"executable", "filename"};
+const char *const types[] = {"TEXT", "TEXT"};
+uid_t ruid, euid, current_pid;
+pthread_mutex_t uid_switch = PTHREAD_MUTEX_INITIALIZER;
+
+void set_db_fsuid() {
+  pthread_mutex_lock(&uid_switch);
+  if (current_pid == ruid)
+    return;
+
+  int status = -1;
+
+  status = setfsuid(ruid);
+  if (status < 0) {
+    fprintf(stderr, "Couldn't set uid to %d.\n", ruid);
+    exit(status);
+  }
+  pthread_mutex_unlock(&uid_switch);
+}
+
+void set_real_fsuid() {
+  pthread_mutex_lock(&uid_switch);
+  if (current_pid == ruid)
+    return;
+
+  int status = -1;
+
+  status = setfsuid(ruid);
+  if (status < 0) {
+    fprintf(stderr, "Couldn't set uid to %d.\n", euid);
+    exit(status);
+  }
+  pthread_mutex_unlock(&uid_switch);
+}
+
+static int check_table_col_schema(void *notused, int argc, char **argv,
+                                  char **colname) {
+  (void)notused;
+  (void)colname;
+  if (argc < 3) {
+    fprintf(stderr, "Unexpected amount of arguments given to the callback.\n");
+    return 1;
+  }
+  int column_num = atoi(argv[0]);
+  if (column_num >= column_count) {
+    fprintf(stderr, "Table contains more columns than expected.\n");
+    return 1;
+  }
+  if (strcmp(schema[column_num], argv[1]) == 0 &&
+      strcmp(types[column_num], argv[2]) == 0) {
+    return 0;
+  }
+  fprintf(stderr, "Column %d does not conform to the schema.\n", column_num);
+  return 1;
+}
+
+static int set_flag(void *flag, int argc, char **argv, char **colname) {
+  (void)argc;
+  (void)argv;
+  (void)colname;
+  *(int *)flag = 1;
+  return 0;
+}
+
+int create_database_schema() {
+  fprintf(stderr, "Creating table 'permissions'.\n");
+  const char *create_query = "CREATE TABLE permissions(executable TEXT NOT "
+                             "NULL, filename TEXT NOT NULL);";
+  char *err = NULL;
+  int ret = sqlite3_exec(perm_database, create_query, NULL, NULL, &err);
+
+  if (ret != SQLITE_OK) {
+    fprintf(stderr, "sqlite3 error: %s\n", err);
+    sqlite3_free(err);
+    return 1;
+  }
+
+  fprintf(stderr, "Database created successfully\n");
+  return 0;
+}
+
+/**
+ * Ensures that the database schema is correct.
+ *
+ * @return: 0 if the schema is correct, 1 if the schema could not be corrected.
+ */
+int ensure_database_schema() {
+  // Check for the table.
+  int result = sqlite3_table_column_metadata(
+      perm_database, NULL, table_name, NULL, NULL, NULL, NULL, NULL, NULL);
+  if (result == SQLITE_ERROR) {
+    fprintf(stderr, "Table '%s' does not exist.\n", table_name);
+    if (create_database_schema()) {
+      fprintf(stderr, "Table could not be created.\n");
+      return 1;
+    }
+    return 0;
+  } else if (result != SQLITE_OK) {
+    fprintf(stderr, "Database metadata could not be retrieved.\n");
+    return 1;
+  }
+
+  const char *pragma = "PRAGMA table_info(permissions);";
+  char *err = NULL;
+  int ret =
+      sqlite3_exec(perm_database, pragma, check_table_col_schema, NULL, &err);
+
+  if (ret != SQLITE_OK) {
+    fprintf(stderr, "sqlite3 error: %s\n", err);
+    sqlite3_free(err);
+    return 1;
+  }
+
+  fprintf(stderr, "Schema is correct.\n");
+  return 0;
+}
+
+/**
+ * Initializes the permanent permissions table.
+ *
+ * @param db_filename: The filename of the permissions sqlite3 database
+ * @return: 0 on success, -1 on failure
+ */
+int init_perm_permissions_table(const char *db_filename) {
+  // we don't want the group and others to access the db
+  umask(0077);
+  ruid = getuid();
+  euid = geteuid();
+  fprintf(stderr, "Running with uid: %d, gid: %d\n", euid, getegid());
+
+  if (sqlite3_open(db_filename, &perm_database)) {
+    perror("Can't open permanent permissions database:");
+    return -1;
+  }
+  umask(0);
+  if (ensure_database_schema()) {
+    fprintf(stderr, "Database schema is not correct.\n");
+    return -1;
+  }
+
+  int status = seteuid(ruid);
+  if (status < 0) {
+    fprintf(stderr, "Couldn't set euid to ruid during database setup.\n");
+    exit(status);
+  }
+
+  return 0;
+}
+
+/**
+ * Destroys the permanent permissions table.
+ */
+void destroy_perm_permissions_table() { sqlite3_close(perm_database); }
+
+/**
+ * Checks if the process has a permanent access to the file.
+ *
+ * @param filename: The file that the process is trying to access
+ * @pram pi: The process information
+ * @return: 0 if access is denied, 1 if access is allowed
+ */
+int check_perm_access(const char *filename, struct process_info pi) {
+  size_t query_len =
+      56 + strlen(table_name) + strlen(filename) + strlen(pi.name);
+  const char *query = malloc(query_len);
+  size_t should_be_written = snprintf(
+      query, query_len,
+      "SELECT * FROM %s WHERE executable = \'%s\' AND filename = \'%s\';",
+      table_name, pi.name, filename);
+  // -1 for the \0
+  if (should_be_written != query_len - 1) {
+    fprintf(stderr,
+            "Unexpected query size while permanent access rule check: "
+            "Expected %lu, but snprintf returned %lu. The query: %s\n",
+            query_len, should_be_written, query);
+    return 0;
+  }
+
+  char *sqlite_error = NULL;
+  int flag = 0;
+  int ret = sqlite3_exec(perm_database, query, set_flag, &flag, &sqlite_error);
+  if (ret != SQLITE_OK) {
+    fprintf(stderr, "SQLite returned an error: %s\n", sqlite_error);
+    sqlite3_free(sqlite_error);
+    free(query);
+    return 0;
+  }
+
+  free(query);
+  return flag;
+}
+
+/**
+ * Gives permanent access to the process to the file.
+ *
+ * @param filename: The file that the process is trying to access
+ * @param pi: The process information
+ * @return: 0 on success, 1 on failure
+ */
+int give_perm_access(const char *filename, struct process_info pi) {
+  size_t query_len =
+      30 + strlen(table_name) + strlen(filename) + strlen(pi.name);
+  const char *query = malloc(query_len);
+  size_t should_be_written =
+      snprintf(query, query_len, "INSERT INTO %s VALUES (\'%s\', \'%s\');",
+               table_name, pi.name, filename);
+  // -1 for the \0
+  if (should_be_written != query_len - 1) {
+    fprintf(stderr,
+            "Unexpected query size while permanent access rule insertion: "
+            "Expected %lu, but snprintf returned %lu\n",
+            query_len, should_be_written);
+    return 1;
+  }
+
+  char *sqlite_error = NULL;
+  int ret = sqlite3_exec(perm_database, query, NULL, NULL, &sqlite_error);
+  if (ret != SQLITE_OK) {
+    fprintf(stderr, "SQLite returned an error: %s\n", sqlite_error);
+    sqlite3_free(sqlite_error);
+    free(query);
+    return 1;
+  }
+
+  free(query);
+  return 0;
+}

src/perm_permissions_table.h

@@ -0,0 +1,45 @@
+/*
+  ICFS: Interactively Controlled File System
+  Copyright (C) 2024-2025  Fedir Kovalov
+
+  This program can be distributed under the terms of the GNU GPLv2.
+  See the file LICENSE.
+*/
+
+#ifndef PERM_PERMISSION_TABLE_H
+#define PERM_PERMISSION_TABLE_H
+
+#include "process_info.h"
+
+/**
+ * Initializes the permanent permissions table.
+ *
+ * @param db_filename: The filename of the permissions sqlite3 database
+ * @return: 0 on success, -1 on failure (e.g. ENOMEM)
+ */
+int init_perm_permissions_table(const char *db_filename);
+
+/**
+ * Destroys the permanent permissions table.
+ */
+void destroy_perm_permissions_table();
+
+/**
+ * Checks if the process has a permanent access to the file.
+ *
+ * @param filename: The file that the process is trying to access
+ * @pram pi: The process information
+ * @return: 0 if access is denied, 1 if access is allowed
+ */
+int check_perm_access(const char *filename, struct process_info pi);
+
+/**
+ * Gives permanent access to the process to the file.
+ *
+ * @param filename: The file that the process is trying to access
+ * @param pi: The process information
+ * @return: 0 on success, -1 on failure
+ */
+int give_perm_access(const char *filename, struct process_info pi);
+
+#endif // #ifdef PERM_PERMISSION_TABLE_H

src/process_info.h

@@ -0,0 +1,18 @@
+/*
+  ICFS: Interactively Controlled File System
+  Copyright (C) 2024-2025  Fedir Kovalov
+
+  This program can be distributed under the terms of the GNU GPLv2.
+  See the file LICENSE.
+*/
+
+#ifndef PROCESS_INFO_H
+#define PROCESS_INFO_H
+
+#include <sys/types.h>
+struct process_info {
+  pid_t PID;
+  const char *name;
+};
+
+#endif // PROCESS_INFO_H

src/sourcefs.c

@@ -33,6 +33,8 @@ int source_init(const char *root_path) {
   int root_fd = open(root_path, O_PATH);
 
   if (root_fd == -1) {
+    fprintf(stderr, "Could not initialize source file system at %s", root_path);
+    perror("");
     return -1;
   }
 
@@ -66,6 +68,11 @@ int source_symlink(const char *target, const char *linkpath) {
   return symlinkat(target, handle.root_fd, relative_linkpath);
 }
 
+int source_access(const char *filename, int mode) {
+  const char *relative_filename = source_filename_translate(filename);
+  return faccessat(handle.root_fd, relative_filename, mode, 0);
+}
+
 DIR *source_opendir(const char *filename) {
   const char *relative_filename = source_filename_translate(filename);
   int fd = openat(handle.root_fd, relative_filename, 0);

src/sourcefs.h

@@ -47,6 +47,8 @@ int source_chown(const char *filename, uid_t owner, gid_t group);
 
 int source_truncate(const char *filename, off_t length);
 
+int source_access(const char *filename, int mode);
+
 /* `open` and `create` are designed to correspond to fuse operations, not the
  * libc's `open(2)`. Both of them actually call `openat`. */
 

src/temp_permissions_table.c

@@ -0,0 +1,232 @@
+/*
+  ICFS: Interactively Controlled File System
+  Copyright (C) 2024-2025  Fedir Kovalov
+
+  This program can be distributed under the terms of the GNU GPLv2.
+  See the file LICENSE.
+*/
+
+#include "temp_permissions_table.h"
+#include "cc.h"
+#include "process_info.h"
+#include <pthread.h>
+#include <stdio.h>
+#include <sys/types.h>
+
+struct temp_process_permissions {
+  // yes, this is a correct type for start time in jiffies (see
+  // proc_pid_stat(5))
+  unsigned long long creation_time;
+  vec(char *) allowed_files;
+};
+
+map(pid_t, struct temp_process_permissions) temp_permissions_table;
+pthread_mutex_t temp_permissions_table_lock;
+
+/**
+ * Function to get the process creation time (in jiffies) from the proc
+ * filesystem
+ *
+ * @param pid: The process ID of the process to get the creation time of
+ * @return: The process creation time in jiffies, or 0 on error
+ * @note: although nothing in the documentation says that the creation time is
+ * never really equal to 0, it exceptionally unlikely.
+ */
+unsigned long long get_process_creation_time(pid_t pid) {
+  char path[32];
+  FILE *fp;
+  unsigned long long creation_time = 0;
+
+  // Construct the path to the process's status file
+  snprintf(path, sizeof(path), "/proc/%u/stat", pid);
+
+  // Open the status file
+  fp = fopen(path, "r");
+  if (fp == NULL) {
+    perror("fopen");
+    return 0;
+  }
+
+  // Read the creation time (the 22nd field in the stat file)
+  for (int i = 1; i < 22; i++) {
+    if (fscanf(fp, "%*s") == EOF) {
+      fprintf(stderr, "Error reading process stat file on the number %d\n", i);
+      fclose(fp);
+      return 0;
+    }
+  }
+  if (fscanf(fp, "%llu", &creation_time) != 1) {
+    fprintf(stderr, "Error reading creation time\n");
+    fclose(fp);
+    return 0;
+  }
+
+  // Close the file
+  fclose(fp);
+
+  return creation_time;
+}
+
+/**
+ * Initializes the temporary permissions table.
+ *
+ * @return: 0 on success, -1 on failure (e.g. ENOMEM)
+ */
+int init_temp_permissions_table() {
+  pthread_mutex_init(&temp_permissions_table_lock, PTHREAD_MUTEX_DEFAULT);
+  init(&temp_permissions_table);
+}
+
+/**
+ * Destroys the temporary permissions table.
+ *
+ * @note: the table is guranteed to be destroyed if it is already initialized
+ */
+void destroy_temp_permissions_table() {
+  // free the memory allocated for the table
+  for_each(&temp_permissions_table, entry) {
+    for_each(&entry->allowed_files, allowed_file) { free(*allowed_file); }
+    cleanup(&entry->allowed_files);
+  }
+  cleanup(&temp_permissions_table);
+  pthread_mutex_destroy(&temp_permissions_table_lock);
+}
+
+/**
+ * Checks if the process has a temporary access to the file.
+ *
+ * @param filename: The file that the process is trying to access
+ * @pram pid: PID of the process
+ * @return: 0 if access is denied, 1 if access is allowed
+ */
+
+int check_temp_access_noparent(const char *filename, pid_t pid) {
+  // TODO: more efficient locking
+  pthread_mutex_lock(&temp_permissions_table_lock);
+  struct temp_process_permissions *permission_entry =
+      get(&temp_permissions_table, pid);
+  if (permission_entry != NULL) {
+    unsigned long long process_creation_time = get_process_creation_time(pid);
+    if (process_creation_time == 0) {
+      perror("Could not retrieve process creation time");
+      pthread_mutex_unlock(&temp_permissions_table_lock);
+      return 0;
+    }
+
+    if (process_creation_time == permission_entry->creation_time) {
+      // the process is the same as the one that was granted temporary access
+      // to the file
+      for_each(&permission_entry->allowed_files, allowed_file) {
+        if (strncmp(*allowed_file, filename, strlen(filename)) == 0) {
+          pthread_mutex_unlock(&temp_permissions_table_lock);
+          return 1;
+        }
+      }
+    }
+  }
+  pthread_mutex_unlock(&temp_permissions_table_lock);
+  return 0;
+}
+
+/**
+ * Finds the parent process ID of a given process.
+ *
+ * @param pid: The process ID of the process to find the parent of
+ * @return: The parent process ID, or 0 if the parent process ID could not be
+ * found
+ */
+pid_t get_parent_pid(pid_t pid) {
+  pid_t ppid = 0;
+  char path[256];
+  snprintf(path, sizeof(path), "/proc/%u/status", pid);
+
+  FILE *file = fopen(path, "r");
+  if (file == NULL) {
+    perror("Failed to open /proc/<pid>/status");
+    return 0;
+  }
+
+  char line[256];
+  while (fgets(line, sizeof(line), file)) {
+    if (sscanf(line, "PPid:\t%d", &ppid) == 1) {
+      fclose(file);
+      return ppid;
+    }
+  }
+
+  fclose(file);
+  return 0; // Parent PID not found
+}
+
+/**
+ * Checks if the process or any of it's parents have temporary access to the
+ * file.
+ *
+ * @param filename: The file that the process is trying to access
+ * @pram pi: The process information
+ * @return: 0 if access is denied, 1 if access is allowed
+ * @note: In case one of the parent processes is killed while this function
+ * execution the result is not guranteed to be correct. It should only lead to
+ * false negatives, though.
+ */
+int check_temp_access(const char *filename, struct process_info pi) {
+  pid_t current_pid = pi.PID;
+  while (current_pid != 0) {
+    if (check_temp_access_noparent(filename, current_pid)) {
+      return 1;
+    }
+    current_pid = get_parent_pid(current_pid);
+  }
+
+  return 0;
+}
+
+/**
+ * Gives temporary access to the process to the file.
+ *
+ * @param filename: The file that the process is trying to access
+ * @param pi: The process information
+ * @return: 0 on success, -1 on failure (e.g. ENOMEM)
+ */
+int give_temp_access(const char *filename, struct process_info pi) {
+  pthread_mutex_lock(&temp_permissions_table_lock);
+  struct temp_process_permissions *permission_entry =
+      get(&temp_permissions_table, pi.PID);
+
+  if (permission_entry != NULL) {
+
+    unsigned long long process_creation_time =
+        get_process_creation_time(pi.PID);
+    if (process_creation_time == 0) {
+      perror("Could not retrieve process creation time");
+      pthread_mutex_unlock(&temp_permissions_table_lock);
+      return -1;
+    }
+
+    if (process_creation_time == permission_entry->creation_time) {
+      // the process is the same as the one that was granted temporary access
+      // to the file
+      push(&permission_entry->allowed_files, strdup(filename));
+      pthread_mutex_unlock(&temp_permissions_table_lock);
+      return 0;
+    }
+    // we have an entry for the process, but the process is different
+    // delete the entry and create a new one
+    erase(&temp_permissions_table, pi.PID);
+    permission_entry = NULL;
+  }
+
+  // no entry is present
+  // construct the entry
+  struct temp_process_permissions new_permission_entry;
+
+  new_permission_entry.creation_time = get_process_creation_time(pi.PID);
+  init(&new_permission_entry.allowed_files);
+  push(&new_permission_entry.allowed_files, strdup(filename));
+
+  insert(&temp_permissions_table, pi.PID, new_permission_entry);
+  printf("temp_permissions_table size: %ld\n", size(&temp_permissions_table));
+
+  pthread_mutex_unlock(&temp_permissions_table_lock);
+  return 0;
+}

src/temp_permissions_table.h

@@ -0,0 +1,39 @@
+
+#ifndef TEMP_PERMISSIONS_TABLE_H
+#define TEMP_PERMISSIONS_TABLE_H
+
+#include "process_info.h"
+
+/**
+ * Initializes the temporary permissions table.
+ *
+ * @return: 0 on success, -1 on failure (e.g. ENOMEM)
+ */
+int init_temp_permissions_table();
+
+/**
+ * Destroys the temporary permissions table.
+ *
+ * @note: the table is guranteed to be destroyed if it is already initialized
+ */
+void destroy_temp_permissions_table();
+
+/**
+ * Checks if the process has a temporary access to the file.
+ *
+ * @param filename: The file that the process is trying to access
+ * @param pi: The process information
+ * @return: 0 if access is denied, 1 if access is allowed
+ */
+int check_temp_access(const char *filename, struct process_info pi);
+
+/**
+ * Gives temporary access to the process to the file.
+ *
+ * @param filename: The file that the process is trying to access
+ * @param pi: The process information
+ * @return: 0 on success, -1 on failure (e.g. ENOMEM)
+ */
+int give_temp_access(const char *filename, struct process_info pi);
+
+#endif // !TEMP_PERMISSIONS_TABLE_H

src/ui-socket.c

@@ -8,7 +8,10 @@
 
 #include <stddef.h>
 #include <sys/types.h>
+#include <time.h>
 #define _GNU_SOURCE
+#include "perm_permissions_table.h"
+#include "temp_permissions_table.h"
 #include "ui-socket.h"
 #include <errno.h>
 #include <pthread.h>
@@ -19,21 +22,37 @@
 #include <sys/un.h>
 #include <unistd.h>
 
-int init_ui_socket(const char *filename) {
+int init_ui_socket() {
   char line[256];
   FILE *fp;
 
+  if (init_temp_permissions_table()) {
+    fprintf(stderr, "Could not initialize temporary permissions table.\n");
+    return 1;
+  }
+
+  if (init_perm_permissions_table(
+          "/home/fedir/Developement/uni/ICFS/test/.pt.db")) {
+    fprintf(stderr, "Could not initialize permanent permissions table.\n");
+    return 1;
+  }
+
   // Test if Zenity is installed (get version)
   fp = popen("zenity --version", "r");
   if (fp == NULL) {
-    perror("Pipe returned a error");
+    perror("Pipe returned an error");
     return 1;
-  } else {
+  }
+
   while (fgets(line, sizeof(line), fp))
     printf("%s", line);
   pclose(fp);
   return 0;
 }
+
+void destroy_ui_socket() {
+  destroy_temp_permissions_table();
+  destroy_perm_permissions_table();
 }
 
 /**
@@ -41,12 +60,11 @@ int init_ui_socket(const char *filename) {
  * GUI
  *
  * @param filename: The file that the process is trying to access
- * @pram pi: The process information
- * @return: 0 if access is denied, 1 if access is allowed, 2 if access is allwed
- * for the runtime of the process
+ * @param pi: The process information
+ * @return: 0 if access is denied, 1 if access is allowed, 2 if access is
+ * allowed for the runtime of the process
  */
 int ask_access(const char *filename, struct process_info pi) {
-
   FILE *fp;
   size_t command_len =
       139 + sizeof(pid_t) * 8 + strlen(pi.name) + strlen(filename);
@@ -71,6 +89,7 @@ int ask_access(const char *filename, struct process_info pi) {
   // to manually check the output.
   char buffer[1024];
   while (fgets(buffer, sizeof(buffer), fp)) {
+    printf("%s", buffer);
     if (strcmp(buffer, "Allow this time\n") == 0) {
       pclose(fp);
       return 2;
@@ -78,6 +97,7 @@ int ask_access(const char *filename, struct process_info pi) {
   }
 
   int zenity_exit_code = WEXITSTATUS(pclose(fp));
+  fprintf(stderr, "zenity returned %d\n", zenity_exit_code);
   // zenity returns 1 on "No" >:(
   if (zenity_exit_code == 0) {
     return 1;
@@ -86,37 +106,6 @@ int ask_access(const char *filename, struct process_info pi) {
   return 0;
 }
 
-/**
- * Checks if the process has a temporary access to the file.
- *
- * @param filename: The file that the process is trying to access
- * @pram pi: The process information
- * @return: 0 if access is denied, 1 if access is allowed
- */
-int check_temp_access(const char *filename, struct process_info pi) {
-  perror("Not implemented");
-  return 0;
-}
-
-/**
- * Checks if the process has a permanent access to the file.
- *
- * @param filename: The file that the process is trying to access
- * @pram pi: The process information
- * @return: 0 if access is denied, 1 if access is allowed
- */
-int check_perm_access(const char *filename, struct process_info pi) {
-  perror("Not implemented");
-  return 0;
-}
-
-void give_temp_access(const char *filename, struct process_info pi) {
-  perror("Not implemented");
-}
-void give_perm_access(const char *filename, struct process_info pi) {
-  perror("Not implemented");
-}
-
 /**
  * Check access according to:
  * 1. temp permission table
@@ -125,15 +114,28 @@ void give_perm_access(const char *filename, struct process_info pi) {
  *
  * @param filename: The file that the process is trying to access
  * @pram pi: The process information
+ * @param opts: options (GRANT_TEMP, GRANT_PERM)
  * @return: 0 if access is denied, 1 if access is allowed
  */
-int interactive_access(const char *filename, struct process_info pi) {
+int interactive_access(const char *filename, struct process_info pi, int opts) {
 
   if (check_temp_access(filename, pi) || check_perm_access(filename, pi)) {
     // access was already granted before
     return 1;
   }
 
+  // if noth GRANT_TEMP and GRANT_PERM are selected, then only permanent
+  // permissions are granted
+
+  if (opts & GRANT_PERM) {
+    give_perm_access(filename, pi);
+    return 1;
+  }
+  if (opts & GRANT_TEMP) {
+    give_temp_access(filename, pi);
+    return 1;
+  }
+
   int user_response = ask_access(filename, pi);
   if (user_response == 1) {
     // user said "yes"

src/ui-socket.h

@@ -13,17 +13,36 @@
 #ifndef UI_SOCKET_H
 #define UI_SOCKET_H
 
+#include "process_info.h"
 #include <sys/types.h>
 
-struct process_info {
-  pid_t PID;
-  const char *name;
-  uid_t UID;
-};
+/**
+ * Initialize the GUI communication.
+ *
+ * @return: 0 on success, -1 on faliure.
+ */
+int init_ui_socket(void);
 
-// For default socket location, set socket_path = NULL.
-int init_ui_socket(const char *socket_path);
+/**
+ * Close the GUI communication.
+ */
+void destroy_ui_socket(void);
 
-int interactive_access(const char *filename, struct process_info pi);
+/**
+ * Check access according to:
+ * 1. temporary permission table
+ * 2. permanent permission table
+ * 3. user descision
+ *
+ * @param filename: The file that the process is trying to access
+ * @pram pi: The process information
+ * @param opts: options (GRANT_TEMP, GRANT_PERM)
+ * @return: 0 if access is denied, 1 if access is allowed
+ */
+int interactive_access(const char *filename, struct process_info pi, int opts);
+
+#define GRANT_TEMP 1
+#define GRANT_PERM 2
+// #define TABLE_ONLY 4 // NOTE: Add this in the future?
 
 #endif // !UI_SOCKET_H

test/mock/zenity

@@ -20,4 +20,4 @@ else
   fi
 fi
 
-exit -1 # TODO: call actual zenity here
+exit 255 # TODO: call actual zenity here

test/test.bash

@@ -2,9 +2,10 @@
 
 # clean what was left from previous tests
 
+rm -f ./.pt.db
 rm -rf ./protected
 mkdir protected
-touch ./protected/do-not-remove ./protected/should-be-removed ./protected/truth ./protected/perm000 ./protected/perm777 ./protected/this-name-is-wrong
+touch ./protected/do-not-remove ./protected/should-be-removed ./protected/truth ./protected/perm000 ./protected/perm777 ./protected/should-be-renamed ./protected/do-not-rename
 chmod 777 ./protected/perm777 ./protected/perm000
 echo "Free code, free world." >./protected/motto
 
@@ -15,31 +16,48 @@ PATH="$(realpath ./mock/):$PATH"
 # mount the filesystem
 
 echo "Run $(date -u +%Y-%m-%dT%H:%M:%S) "
-valgrind -s ../build/icfs -o default_permissions ./protected &
-
+if [[ $1 == "--setuid" ]]; then
+  echo "Setting the setuid bit..."
+  echo "root privilieges are required to create a special user and set correct ownership of the executable."
+  id -u icfs &>/dev/null || sudo useradd --system --user-group icfs
+  sudo chown icfs: ../build/icfs && sudo chmod 4777 ../build/icfs
+  chmod g+w . # needed for icfs to be able to create the database
+  echo "Valgrind will not be used due to setuid compatibility issues."
+  ../build/icfs -o default_permissions ./protected &
   sleep 1
+else
+  echo "Database protection will not be tested due to the lack of setuid capabilites."
+  echo "To test it, run this script with '--setuid'."
+  valgrind -s ../build/icfs -o default_permissions ./protected &
+  sleep 5
+fi
+
+#valgrind -s ../build/icfs -o default_permissions ./protected &
+
+# WARN: please don't use `>` or `>>` operators. They force **this script** to open the file, **not the program you are trying to run**. This is probably not what you mean when you want to test a specific program's access.
+# WARN: avoid using touch, since it generates errors because setting times is not implemented in icfs **yet**.
 
 # create files
 
 zenity --set-fake-response no
-touch ./protected/should-not-exist 2>/dev/null &&
-  echo "[ICFS-TEST]: touch can create protected/should-not-exist despite access being denied!" ||
-  echo "[ICFS-TEST]: OK" # EACCESS
+truncate -s 0 ./protected/should-exist-anyway 2>/dev/null &&
+  echo "[ICFS-TEST]: OK" ||
+  echo "[ICFS-TEST]: truncate cannot create protected/should-exist despite access being permitted!" # OK
 
 zenity --set-fake-response yes_tmp
-touch ./protected/should-exist 2>/dev/null &&
+truncate -s 0 ./protected/should-exist 2>/dev/null &&
   echo "[ICFS-TEST]: OK" ||
-  echo "[ICFS-TEST]: touch cannot create protected/should-exist despite access being permitted!" # OK
+  echo "[ICFS-TEST]: truncate cannot create protected/should-exist despite access being permitted!" # OK
 
 # write to files
 
 zenity --set-fake-response no
-echo "Linux is a cancer that attaches itself in an intellectual property sense to everything it touches." >./protected/truth 2>/dev/null &&
+sed -e 'a\'"Linux is a cancer that attaches itself in an intellectual property sense to everything it touches." "./protected/truth" 2>/dev/null &&
   echo "[ICFS-TEST]: echo can write to protected/lie despite access being denied!" ||
   echo "[ICFS-TEST]: OK" # EACCESS
 
 zenity --set-fake-response yes_tmp
-echo "Sharing knowledge is the most fundamental act of friendship. Because it is a way you can give something without loosing something." >./protected/truth 2>/dev/null &&
+sed -e 'a\'"Sharing knowledge is the most fundamental act of friendship. Because it is a way you can give something without loosing something." "./protected/truth" 2>/dev/null &&
   echo "[ICFS-TEST]: OK" ||
   echo "[ICFS-TEST]: echo cannot write to protected/truth despite access being permitted!" # OK
 
@@ -70,11 +88,11 @@ rm ./protected/should-be-removed >/dev/null 2>/dev/null &&
 # rename files
 
 zenity --set-fake-response no
-mv ./protected/truth ./protected/lie 2>/dev/null &&
+mv ./protected/do-not-rename ./protected/terrible-name 2>/dev/null &&
   echo "[ICFS-TEST]: mv can rename protected/truth despite access being denied!" ||
   echo "[ICFS-TEST]: OK" # EACCESS
 zenity --set-fake-response yes_tmp
-mv ./protected/this-name-is-wrong ./protected/this-name-is-correct 2>/dev/null &&
+mv ./protected/should-be-renamed ./protected/great-name 2>/dev/null &&
   echo "[ICFS-TEST]: OK" ||
   echo "[ICFS-TEST]: mv cannot rename should-be-removed to renamed-file despite access being permitted!" # OK
 
@@ -89,6 +107,25 @@ chmod 000 ./protected/perm000 2>/dev/null &&
   echo "[ICFS-TEST]: OK" ||
   echo "[ICFS-TEST]: chmod cannot change permissions of protected/perm000 despite access being permitted!" # OK
 
+# test permanent permissions
+
+zenity --set-fake-response yes
+cat ./protected/motto >/dev/null 2>/dev/null &&
+  echo "[ICFS-TEST]: OK" ||
+  echo "[ICFS-TEST]: echo cannot read protected/motto despite access being permitted!" # OK
+
+zenity --set-fake-response no # this should be ignored
+cat ./protected/motto >/dev/null 2>/dev/null &&
+  echo "[ICFS-TEST]: OK" ||
+  echo "[ICFS-TEST]: echo cannot read protected/motto despite access being permitted!" # OK
+
+# test database access
+if [[ -r "./.pt.db" || -w "./.pt.db" ]]; then
+  echo "[ICFS-TEST]: permanent permissions is accessible!"
+else
+  echo "[ICFS-TEST]: OK"
+fi
+
 # unmount
 
 sleep 0.5