Fixed incorrect executable path problem.

Previously, process name was grabbed from `/proc/pid/cmdline`. This was
revealed to be faulty, since the path to the executable might be
relative, and thus would change the result depending on how the program
was called. Also, it made executable renaming a viable bypass of the
entire access control.

I still don't fully undestand how I managed to not think of this before
:)

.gitignore

@@ -2,3 +2,5 @@ build/*
 .clang-tidy
 .cache
 test/protected/*
+test/.pt.db
+compile_commands.json

Makefile

@@ -12,7 +12,7 @@ CXX := g++
 
 # dependencies
 
-PACKAGE_NAMES := fuse3
+PACKAGE_NAMES := fuse3 sqlite3
 
 ifeq ($(TEST), 1)
 	#	PACKAGE_NAMES += check # TODO: use check?
@@ -43,7 +43,7 @@ endif
 
 # set up targets 
 
-TARGETS := icfs
+TARGETS := $(BUILD_DIR)/icfs
 
 ifeq ($(TEST), 1)
 	TARGETS += icfs_test
@@ -56,12 +56,11 @@ default: $(TARGETS)
 
 .PHONY: clean
 
-icfs: $(BUILD_DIR)/main.o $(BUILD_DIR)/fuse_operations.o $(BUILD_DIR)/sourcefs.o $(BUILD_DIR)/ui-socket.o
+$(BUILD_DIR)/icfs: $(BUILD_DIR)/main.o $(BUILD_DIR)/fuse_operations.o $(BUILD_DIR)/sourcefs.o $(BUILD_DIR)/ui-socket.o $(BUILD_DIR)/temp_permissions_table.o $(BUILD_DIR)/perm_permissions_table.o
 	$(CC) $(CFLAGS) $^ $(LDFLAGS) -o $(BUILD_DIR)/icfs
 
-icfs_test: $(BUILD_DIR)/main.o $(BUILD_DIR)/fuse_operations.o $(BUILD_DIR)/sourcefs.o $(BUILD_DIR)/ui-socket.o
-	$(CC) $(CFLAGS) $^ $(LDFLAGS) -o $(BUILD_DIR)/icfs_test
-	# $(BUILD_DIR)/icfs_test # TODO: implement testing
+icfs_test: $(BUILD_DIR)/icfs
+	cd ./test && ./test.bash
 
 $(BUILD_DIR)/test_access_control.o: $(TESTS_DIR)/test_access_control.c
 	$(CC) $(CFLAGS) -c $< $(LDFLAGS) -o $@
@@ -78,5 +77,12 @@ $(BUILD_DIR)/sourcefs.o: $(SOURCES_DIR)/sourcefs.c $(SOURCES_DIR)/sourcefs.h
 $(BUILD_DIR)/ui-socket.o: $(SOURCES_DIR)/ui-socket.c $(SOURCES_DIR)/ui-socket.h
 	$(CC) $(CFLAGS) -c $< $(LDFLAGS) -o $@
 
+$(BUILD_DIR)/temp_permissions_table.o: $(SOURCES_DIR)/temp_permissions_table.c $(SOURCES_DIR)/temp_permissions_table.h
+	$(CC) $(CFLAGS) -c $< $(LDFLAGS) -o $@
+
+$(BUILD_DIR)/perm_permissions_table.o: $(SOURCES_DIR)/perm_permissions_table.c $(SOURCES_DIR)/perm_permissions_table.h
+	$(CC) $(CFLAGS) -c $< $(LDFLAGS) -o $@
+
+
 clean:
 	rm $(BUILD_DIR)/*.o $(BUILD_DIR)/icfs*

src/fuse_operations.c

@@ -11,6 +11,7 @@
   See the file LICENSE.
 */
 
+#include <stddef.h>
 #define FUSE_USE_VERSION 31
 
 #define _GNU_SOURCE
@@ -39,23 +40,58 @@
 #include "sourcefs.h"
 #include "ui-socket.h"
 
-// TODO: move this to other file
 const char *get_process_name_by_pid(const int pid) {
-  char *name = (char *)calloc(1024, sizeof(char));
-  if (name) {
-    sprintf(name, "/proc/%d/cmdline", pid);
-    FILE *f = fopen(name, "r");
-    if (f) {
-      size_t size;
-      size = fread(name, sizeof(char), 1024, f);
-      if (size > 0) {
-        if ('\n' == name[size - 1])
-          name[size - 1] = '\0';
-      }
-      fclose(f);
+  char path[1024];
+  sprintf(path, "/proc/%d/exe", pid);
+
+  char *name = realpath(path, NULL);
+  if (name == NULL) {
+    fprintf(stderr, "Could not get process name by pid %d", pid);
+    perror("");
+  }
+
+  /*
+  size_t namelen = 32;
+  ssize_t readret = 0;
+  char *name = NULL;
+  while (namelen >= (size_t)readret && readret > 0) {
+    namelen *= 2;
+    name = calloc(namelen, sizeof(char));
+    if (name == NULL) {
+      free(path);
+      fprintf(stderr, "Could not get get process name by pid %d", pid);
+      perror("");
+      return NULL;
+    }
+    readret = readlink(path, name, namelen);
+    if (readret < 0) {
+      free(name);
+      free(path);
+      fprintf(stderr, "Couldn't get process name by pid %d", pid);
+      perror("");
+      return NULL;
+    }
+    if (namelen >= (size_t)readret) {
+      free(name);
     }
   }
+  */
+
   return name;
+
+  /*
+  FILE *file = fopen(path, "r");
+  if (file) {
+    size_t size = 0;
+    size = fread(path, sizeof(char), 1024, file);
+    if (size > 0) {
+      if ('\n' == path[size - 1]) {
+        path[size - 1] = '\0';
+      }
+    }
+    fclose(file);
+  }
+  */
 }
 
 // TODO: move this somewhere else
@@ -70,8 +106,8 @@ static void *xmp_init(struct fuse_conn_info *conn, struct fuse_config *cfg) {
      To make parallel_direct_writes valid, need either set cfg->direct_io
      in current function (recommended in high level API) or set fi->direct_io
      in xmp_create() or xmp_open(). */
-  // cfg->direct_io = 1;
-  // cfg->parallel_direct_writes = 1;
+  cfg->direct_io = 1;
+  cfg->parallel_direct_writes = 1;
 
   /* Pick up changes from lower filesystem right away. This is
      also necessary for better hardlink support. When the kernel
@@ -83,18 +119,19 @@ static void *xmp_init(struct fuse_conn_info *conn, struct fuse_config *cfg) {
   cfg->entry_timeout = 0;
   cfg->attr_timeout = 0;
   cfg->negative_timeout = 0;
+  fprintf(stderr, "%d\n", getpid());
 
   return NULL;
 }
 
 static int xmp_getattr(const char *path, struct stat *stbuf,
-                       struct fuse_file_info *fi) {
+                       struct fuse_file_info *file_info) {
   int res;
 
   (void)path;
 
-  if (fi)
-    res = fstat(fi->fh, stbuf);
+  if (file_info)
+    res = fstat(file_info->fh, stbuf);
   else
     res = source_stat(path, stbuf);
   if (res == -1) {
@@ -106,17 +143,39 @@ static int xmp_getattr(const char *path, struct stat *stbuf,
 }
 
 static int xmp_access(const char *path, int mask) {
-  int res;
+  int res = -1;
 
-  res = access(path, mask);
-  if (res == -1)
+  // if mask is F_OK, then we don't need to check the permissions
+  // (is that possible?)
+
+  if (mask != F_OK) {
+    struct process_info proc_info;
+    struct fuse_context *context = fuse_get_context();
+
+    proc_info.PID = context->pid;
+    proc_info.name = get_process_name_by_pid(proc_info.PID);
+
+    // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
+
+    if (!interactive_access(real_filename(path), proc_info, 0)) {
+      free((void *)proc_info.name);
+      return -EACCES;
+    }
+
+    free((void *)proc_info.name);
+  }
+
+  res = source_access(path, mask);
+
+  if (res == -1) {
     return -errno;
+  }
 
   return 0;
 }
 
 static int xmp_readlink(const char *path, char *buf, size_t size) {
-  int res;
+  int res = -1;
 
   res = readlink(path, buf, size - 1);
   if (res == -1)
@@ -243,28 +302,28 @@ static int xmp_mknod(const char *path, mode_t mode, dev_t rdev) {
 */
 
 static int xmp_mkdir(const char *path, mode_t mode) {
-  int res;
+  int res = -1;
 
   res = source_mkdir(path, mode);
-  if (res == -1)
+  if (res == -1) {
     return -errno;
+  }
 
   return 0;
 }
 
 static int xmp_unlink(const char *path) {
-  int res;
+  int res = -1;
   struct process_info pi;
   struct fuse_context *fc = fuse_get_context();
 
   // ask the user for the permission for deleting the file
   pi.PID = fc->pid;
-  pi.UID = fc->uid;
   pi.name = get_process_name_by_pid(pi.PID);
 
   // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
 
-  if (interactive_access(real_filename(path), pi)) {
+  if (!interactive_access(real_filename(path), pi, 0)) {
     free(pi.name);
     return -EACCES;
   }
@@ -304,6 +363,29 @@ static int xmp_rename(const char *from, const char *to, unsigned int flags) {
   if (flags)
     return -EINVAL;
 
+  struct process_info pi;
+  struct fuse_context *fc = fuse_get_context();
+
+  pi.PID = fc->pid;
+  pi.name = get_process_name_by_pid(pi.PID);
+
+  // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
+
+  if (!interactive_access(real_filename(from), pi, 0)) {
+    free(pi.name);
+    return -EACCES;
+  }
+
+  // the "to" file may exist and the process needs to get persmission to modify
+  // it
+  if (source_access(to, F_OK) == 0 &&
+      !interactive_access(real_filename(to), pi, 0)) {
+    free(pi.name);
+    return -EACCES;
+  }
+
+  free(pi.name);
+
   res = source_rename(from, to);
   if (res == -1)
     return -errno;
@@ -313,6 +395,21 @@ static int xmp_rename(const char *from, const char *to, unsigned int flags) {
 
 static int xmp_link(const char *from, const char *to) {
   int res;
+  struct process_info pi;
+  struct fuse_context *fc = fuse_get_context();
+
+  pi.PID = fc->pid;
+  pi.name = get_process_name_by_pid(pi.PID);
+
+  // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
+  if (!interactive_access(real_filename(from), pi, 0)) {
+    free(pi.name);
+    return -EACCES;
+  }
+
+  // no need to check the access to the "to" file, see link(2)
+
+  free(pi.name);
 
   res = source_link(from, to);
   if (res == -1)
@@ -323,6 +420,19 @@ static int xmp_link(const char *from, const char *to) {
 
 static int xmp_chmod(const char *path, mode_t mode, struct fuse_file_info *fi) {
   int res;
+  struct process_info pi;
+  struct fuse_context *fc = fuse_get_context();
+
+  pi.PID = fc->pid;
+  pi.name = get_process_name_by_pid(pi.PID);
+
+  // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
+  if (!interactive_access(real_filename(path), pi, 0)) {
+    free(pi.name);
+    return -EACCES;
+  }
+
+  free(pi.name);
 
   if (fi)
     res = fchmod(fi->fh, mode);
@@ -334,9 +444,26 @@ static int xmp_chmod(const char *path, mode_t mode, struct fuse_file_info *fi) {
   return 0;
 }
 
+/**
+ * This filesystem is not designed for multiuser operation (e.g. with
+ * allow_other) so there is little point in having chown implemnted
+ */
 static int xmp_chown(const char *path, uid_t uid, gid_t gid,
                      struct fuse_file_info *fi) {
   int res;
+  struct process_info pi;
+  struct fuse_context *fc = fuse_get_context();
+
+  pi.PID = fc->pid;
+  pi.name = get_process_name_by_pid(pi.PID);
+
+  // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
+  if (!interactive_access(real_filename(path), pi, 0)) {
+    free(pi.name);
+    return -EACCES;
+  }
+
+  free(pi.name);
 
   if (fi)
     res = fchown(fi->fh, uid, gid);
@@ -382,17 +509,16 @@ static int xmp_utimens(const char *path, const struct timespec ts[2],
 
 static int xmp_create(const char *path, mode_t mode,
                       struct fuse_file_info *fi) {
-  int fd;
+  int fd = -1;
   struct process_info pi;
   struct fuse_context *fc = fuse_get_context();
 
   pi.PID = fc->pid;
-  pi.UID = fc->uid;
   pi.name = get_process_name_by_pid(pi.PID);
 
   // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
 
-  if (interactive_access(real_filename(path), pi)) {
+  if (!interactive_access(real_filename(path), pi, GRANT_PERM)) {
     free(pi.name);
     return -EACCES;
   }
@@ -413,11 +539,10 @@ static int xmp_open(const char *path, struct fuse_file_info *fi) {
   struct fuse_context *fc = fuse_get_context();
 
   pi.PID = fc->pid;
-  pi.UID = fc->uid;
   pi.name = get_process_name_by_pid(pi.PID);
 
   // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
-  if (interactive_access(real_filename(path), pi)) {
+  if (!interactive_access(real_filename(path), pi, 0)) {
     free(pi.name);
     return -EACCES;
   }
@@ -660,7 +785,7 @@ static off_t xmp_lseek(const char *path, off_t off, int whence,
 static const struct fuse_operations xmp_oper = {
     .init = xmp_init,
     .getattr = xmp_getattr,
-    // .access = xmp_access,
+    .access = xmp_access,
     .readlink = xmp_readlink,
     .opendir = xmp_opendir,
     .readdir = xmp_readdir,
@@ -676,7 +801,7 @@ static const struct fuse_operations xmp_oper = {
     .chown = xmp_chown,
     .truncate = xmp_truncate,
 #ifdef HAVE_UTIMENSAT
-// .utimens = xmp_utimens,
+//  .utimens = xmp_utimens,
 #endif
     .create = xmp_create,
     .open = xmp_open,

src/main.c

@@ -15,9 +15,10 @@
 #define _GNU_SOURCE
 
 #include <fuse3/fuse.h>
-
 #include <stdio.h>
 #include <stdlib.h>
+#include <sys/types.h>
+#include <unistd.h>
 
 #include "fuse_operations.h"
 #include "sourcefs.h"
@@ -26,24 +27,35 @@
 const char *mountpoint = NULL;
 
 int main(int argc, char *argv[]) {
+  if (argc < 3) {
+    fprintf(stderr, "Usage: icfs <FUSE arguments> [target directory] [path to "
+                    "the permanent permissions database\n");
+    return EXIT_FAILURE;
+  }
+
+  // if umask != 0, the filesystem will create files with more restrictive
+  // permissions than it's caller reqested
   umask(0);
 
-  mountpoint = realpath(argv[argc - 1], NULL);
+  // ui socket should always be initialized before anything else, since it
+  // handles the setuid bits!
+  int ret = init_ui_socket(argv[argc - 1]);
+  if (ret != 0) {
+    fprintf(stderr, "Could not initalize ui-socket.\n");
+    exit(EXIT_FAILURE);
+  }
 
-  int ret = source_init(mountpoint);
+  mountpoint = realpath(argv[argc - 2], NULL);
+
+  ret = source_init(mountpoint);
   if (ret != 0) {
     perror("source_init");
     exit(EXIT_FAILURE);
   }
 
-  ret = init_ui_socket("/home/fedir/.icfs-sock");
-  if (ret != 0) {
-    perror("init_ui_socket");
-    exit(EXIT_FAILURE);
-  }
+  ret = fuse_main(argc - 1, argv, get_fuse_operations(), NULL);
 
-  ret = fuse_main(argc, argv, get_fuse_operations(), NULL);
-
-  free(mountpoint);
+  free((void *)mountpoint);
+  destroy_ui_socket();
   return ret;
 }

src/perm_permissions_table.c

@@ -0,0 +1,256 @@
+/*
+  ICFS: Interactively Controlled File System
+  Copyright (C) 2024-2025  Fedir Kovalov
+
+  This program can be distributed under the terms of the GNU GPLv2.
+  See the file LICENSE.
+*/
+
+#include "perm_permissions_table.h"
+#include "process_info.h"
+#include <fcntl.h>
+#include <pthread.h>
+#include <sqlite3.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/fsuid.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+sqlite3 *perm_database = NULL;
+const char *const table_name = "permissions";
+// one row corresponds to a permission to access one file for one executable
+const int column_count = 2;
+const char *const schema[] = {"executable", "filename"};
+const char *const types[] = {"TEXT", "TEXT"};
+uid_t ruid, euid, current_pid;
+pthread_mutex_t uid_switch = PTHREAD_MUTEX_INITIALIZER;
+
+void set_db_fsuid() {
+  pthread_mutex_lock(&uid_switch);
+  if (current_pid == ruid)
+    return;
+
+  int status = -1;
+
+  status = setfsuid(ruid);
+  if (status < 0) {
+    fprintf(stderr, "Couldn't set uid to %d.\n", ruid);
+    exit(status);
+  }
+  pthread_mutex_unlock(&uid_switch);
+}
+
+void set_real_fsuid() {
+  pthread_mutex_lock(&uid_switch);
+  if (current_pid == ruid)
+    return;
+
+  int status = -1;
+
+  status = setfsuid(ruid);
+  if (status < 0) {
+    fprintf(stderr, "Couldn't set uid to %d.\n", euid);
+    exit(status);
+  }
+  pthread_mutex_unlock(&uid_switch);
+}
+
+static int check_table_col_schema(void *notused, int argc, char **argv,
+                                  char **colname) {
+  (void)notused;
+  (void)colname;
+  if (argc < 3) {
+    fprintf(stderr, "Unexpected amount of arguments given to the callback.\n");
+    return 1;
+  }
+  int column_num = atoi(argv[0]);
+  if (column_num >= column_count) {
+    fprintf(stderr, "Table contains more columns than expected.\n");
+    return 1;
+  }
+  if (strcmp(schema[column_num], argv[1]) == 0 &&
+      strcmp(types[column_num], argv[2]) == 0) {
+    return 0;
+  }
+  fprintf(stderr, "Column %d does not conform to the schema.\n", column_num);
+  return 1;
+}
+
+static int set_flag(void *flag, int argc, char **argv, char **colname) {
+  (void)argc;
+  (void)argv;
+  (void)colname;
+  *(int *)flag = 1;
+  return 0;
+}
+
+int create_database_schema() {
+  fprintf(stderr, "Creating table 'permissions'.\n");
+  const char *create_query = "CREATE TABLE permissions(executable TEXT NOT "
+                             "NULL, filename TEXT NOT NULL);";
+  char *err = NULL;
+  int ret = sqlite3_exec(perm_database, create_query, NULL, NULL, &err);
+
+  if (ret != SQLITE_OK) {
+    fprintf(stderr, "sqlite3 error: %s\n", err);
+    sqlite3_free(err);
+    return 1;
+  }
+
+  fprintf(stderr, "Database created successfully\n");
+  return 0;
+}
+
+/**
+ * Ensures that the database schema is correct.
+ *
+ * @return: 0 if the schema is correct, 1 if the schema could not be corrected.
+ */
+int ensure_database_schema() {
+  // Check for the table.
+  int result = sqlite3_table_column_metadata(
+      perm_database, NULL, table_name, NULL, NULL, NULL, NULL, NULL, NULL);
+  if (result == SQLITE_ERROR) {
+    fprintf(stderr, "Table '%s' does not exist.\n", table_name);
+    if (create_database_schema()) {
+      fprintf(stderr, "Table could not be created.\n");
+      return 1;
+    }
+    return 0;
+  } else if (result != SQLITE_OK) {
+    fprintf(stderr, "Database metadata could not be retrieved.\n");
+    return 1;
+  }
+
+  const char *pragma = "PRAGMA table_info(permissions);";
+  char *err = NULL;
+  int ret =
+      sqlite3_exec(perm_database, pragma, check_table_col_schema, NULL, &err);
+
+  if (ret != SQLITE_OK) {
+    fprintf(stderr, "sqlite3 error: %s\n", err);
+    sqlite3_free(err);
+    return 1;
+  }
+
+  fprintf(stderr, "Schema is correct.\n");
+  return 0;
+}
+
+/**
+ * Initializes the permanent permissions table.
+ *
+ * @param db_filename: The filename of the permissions sqlite3 database
+ * @return: 0 on success, -1 on failure
+ */
+int init_perm_permissions_table(const char *db_filename) {
+  // we don't want the group and others to access the db
+  umask(0077);
+  ruid = getuid();
+  euid = geteuid();
+  fprintf(stderr, "Running with uid: %d, gid: %d\n", euid, getegid());
+
+  if (sqlite3_open_v2(db_filename, &perm_database,
+                      SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE |
+                          SQLITE_OPEN_FULLMUTEX,
+                      NULL)) {
+    perror("Can't open permanent permissions database");
+    return -1;
+  }
+  umask(0);
+  if (ensure_database_schema()) {
+    fprintf(stderr, "Database schema is not correct.\n");
+    return -1;
+  }
+
+  int status = seteuid(ruid);
+  if (status < 0) {
+    fprintf(stderr, "Couldn't set euid to ruid during database setup.\n");
+    exit(status);
+  }
+
+  return 0;
+}
+
+/**
+ * Destroys the permanent permissions table.
+ */
+void destroy_perm_permissions_table() { sqlite3_close(perm_database); }
+
+/**
+ * Checks if the process has a permanent access to the file.
+ *
+ * @param filename: The file that the process is trying to access
+ * @pram pi: The process information
+ * @return: 0 if access is denied, 1 if access is allowed
+ */
+int check_perm_access(const char *filename, struct process_info pi) {
+  size_t query_len =
+      56 + strlen(table_name) + strlen(filename) + strlen(pi.name);
+  const char *query = malloc(query_len);
+  size_t should_be_written = snprintf(
+      query, query_len,
+      "SELECT * FROM %s WHERE executable = \'%s\' AND filename = \'%s\';",
+      table_name, pi.name, filename);
+  // -1 for the \0
+  if (should_be_written != query_len - 1) {
+    fprintf(stderr,
+            "Unexpected query size while permanent access rule check: "
+            "Expected %lu, but snprintf returned %lu. The query: %s\n",
+            query_len, should_be_written, query);
+    return 0;
+  }
+
+  char *sqlite_error = NULL;
+  int flag = 0;
+  int ret = sqlite3_exec(perm_database, query, set_flag, &flag, &sqlite_error);
+  if (ret != SQLITE_OK) {
+    fprintf(stderr, "SQLite returned an error: %s\n", sqlite_error);
+    sqlite3_free(sqlite_error);
+    free(query);
+    return 0;
+  }
+
+  free(query);
+  return flag;
+}
+
+/**
+ * Gives permanent access to the process to the file.
+ *
+ * @param filename: The file that the process is trying to access
+ * @param pi: The process information
+ * @return: 0 on success, 1 on failure
+ */
+int give_perm_access(const char *filename, struct process_info pi) {
+  size_t query_len =
+      30 + strlen(table_name) + strlen(filename) + strlen(pi.name);
+  const char *query = malloc(query_len);
+  size_t should_be_written =
+      snprintf(query, query_len, "INSERT INTO %s VALUES (\'%s\', \'%s\');",
+               table_name, pi.name, filename);
+  // -1 for the \0
+  if (should_be_written != query_len - 1) {
+    fprintf(stderr,
+            "Unexpected query size while permanent access rule insertion: "
+            "Expected %lu, but snprintf returned %lu\n",
+            query_len, should_be_written);
+    return 1;
+  }
+
+  char *sqlite_error = NULL;
+  int ret = sqlite3_exec(perm_database, query, NULL, NULL, &sqlite_error);
+  if (ret != SQLITE_OK) {
+    fprintf(stderr, "SQLite returned an error: %s\n", sqlite_error);
+    sqlite3_free(sqlite_error);
+    free(query);
+    return 1;
+  }
+
+  free(query);
+  return 0;
+}

src/perm_permissions_table.h

@@ -0,0 +1,45 @@
+/*
+  ICFS: Interactively Controlled File System
+  Copyright (C) 2024-2025  Fedir Kovalov
+
+  This program can be distributed under the terms of the GNU GPLv2.
+  See the file LICENSE.
+*/
+
+#ifndef PERM_PERMISSION_TABLE_H
+#define PERM_PERMISSION_TABLE_H
+
+#include "process_info.h"
+
+/**
+ * Initializes the permanent permissions table.
+ *
+ * @param db_filename: The filename of the permissions sqlite3 database
+ * @return: 0 on success, -1 on failure (e.g. ENOMEM)
+ */
+int init_perm_permissions_table(const char *db_filename);
+
+/**
+ * Destroys the permanent permissions table.
+ */
+void destroy_perm_permissions_table();
+
+/**
+ * Checks if the process has a permanent access to the file.
+ *
+ * @param filename: The file that the process is trying to access
+ * @pram pi: The process information
+ * @return: 0 if access is denied, 1 if access is allowed
+ */
+int check_perm_access(const char *filename, struct process_info pi);
+
+/**
+ * Gives permanent access to the process to the file.
+ *
+ * @param filename: The file that the process is trying to access
+ * @param pi: The process information
+ * @return: 0 on success, -1 on failure
+ */
+int give_perm_access(const char *filename, struct process_info pi);
+
+#endif // #ifdef PERM_PERMISSION_TABLE_H

src/process_info.h

@@ -0,0 +1,18 @@
+/*
+  ICFS: Interactively Controlled File System
+  Copyright (C) 2024-2025  Fedir Kovalov
+
+  This program can be distributed under the terms of the GNU GPLv2.
+  See the file LICENSE.
+*/
+
+#ifndef PROCESS_INFO_H
+#define PROCESS_INFO_H
+
+#include <sys/types.h>
+struct process_info {
+  pid_t PID;
+  const char *name;
+};
+
+#endif // PROCESS_INFO_H

src/sourcefs.c

@@ -33,6 +33,8 @@ int source_init(const char *root_path) {
   int root_fd = open(root_path, O_PATH);
 
   if (root_fd == -1) {
+    fprintf(stderr, "Could not initialize source file system at %s", root_path);
+    perror("");
     return -1;
   }
 
@@ -66,6 +68,11 @@ int source_symlink(const char *target, const char *linkpath) {
   return symlinkat(target, handle.root_fd, relative_linkpath);
 }
 
+int source_access(const char *filename, int mode) {
+  const char *relative_filename = source_filename_translate(filename);
+  return faccessat(handle.root_fd, relative_filename, mode, 0);
+}
+
 DIR *source_opendir(const char *filename) {
   const char *relative_filename = source_filename_translate(filename);
   int fd = openat(handle.root_fd, relative_filename, 0);

src/sourcefs.h

@@ -47,6 +47,8 @@ int source_chown(const char *filename, uid_t owner, gid_t group);
 
 int source_truncate(const char *filename, off_t length);
 
+int source_access(const char *filename, int mode);
+
 /* `open` and `create` are designed to correspond to fuse operations, not the
  * libc's `open(2)`. Both of them actually call `openat`. */
 

src/temp_permissions_table.c

@@ -0,0 +1,232 @@
+/*
+  ICFS: Interactively Controlled File System
+  Copyright (C) 2024-2025  Fedir Kovalov
+
+  This program can be distributed under the terms of the GNU GPLv2.
+  See the file LICENSE.
+*/
+
+#include "temp_permissions_table.h"
+#include "cc.h"
+#include "process_info.h"
+#include <pthread.h>
+#include <stdio.h>
+#include <sys/types.h>
+
+struct temp_process_permissions {
+  // yes, this is a correct type for start time in jiffies (see
+  // proc_pid_stat(5))
+  unsigned long long creation_time;
+  vec(char *) allowed_files;
+};
+
+map(pid_t, struct temp_process_permissions) temp_permissions_table;
+pthread_mutex_t temp_permissions_table_lock;
+
+/**
+ * Function to get the process creation time (in jiffies) from the proc
+ * filesystem
+ *
+ * @param pid: The process ID of the process to get the creation time of
+ * @return: The process creation time in jiffies, or 0 on error
+ * @note: although nothing in the documentation says that the creation time is
+ * never really equal to 0, it exceptionally unlikely.
+ */
+unsigned long long get_process_creation_time(pid_t pid) {
+  char path[32];
+  FILE *fp;
+  unsigned long long creation_time = 0;
+
+  // Construct the path to the process's status file
+  snprintf(path, sizeof(path), "/proc/%u/stat", pid);
+
+  // Open the status file
+  fp = fopen(path, "r");
+  if (fp == NULL) {
+    perror("fopen");
+    return 0;
+  }
+
+  // Read the creation time (the 22nd field in the stat file)
+  for (int i = 1; i < 22; i++) {
+    if (fscanf(fp, "%*s") == EOF) {
+      fprintf(stderr, "Error reading process stat file on the number %d\n", i);
+      fclose(fp);
+      return 0;
+    }
+  }
+  if (fscanf(fp, "%llu", &creation_time) != 1) {
+    fprintf(stderr, "Error reading creation time\n");
+    fclose(fp);
+    return 0;
+  }
+
+  // Close the file
+  fclose(fp);
+
+  return creation_time;
+}
+
+/**
+ * Initializes the temporary permissions table.
+ *
+ * @return: 0 on success, -1 on failure (e.g. ENOMEM)
+ */
+int init_temp_permissions_table() {
+  pthread_mutex_init(&temp_permissions_table_lock, PTHREAD_MUTEX_DEFAULT);
+  init(&temp_permissions_table);
+  return 0;
+}
+
+/**
+ * Destroys the temporary permissions table.
+ *
+ * @note: the table is guranteed to be destroyed if it is already initialized
+ */
+void destroy_temp_permissions_table() {
+  // free the memory allocated for the table
+  for_each(&temp_permissions_table, entry) {
+    for_each(&entry->allowed_files, allowed_file) { free(*allowed_file); }
+    cleanup(&entry->allowed_files);
+  }
+  cleanup(&temp_permissions_table);
+  pthread_mutex_destroy(&temp_permissions_table_lock);
+}
+
+/**
+ * Checks if the process has a temporary access to the file.
+ *
+ * @param filename: The file that the process is trying to access
+ * @pram pid: PID of the process
+ * @return: 0 if access is denied, 1 if access is allowed
+ */
+
+int check_temp_access_noparent(const char *filename, pid_t pid) {
+  // TODO: more efficient locking
+  pthread_mutex_lock(&temp_permissions_table_lock);
+  struct temp_process_permissions *permission_entry =
+      get(&temp_permissions_table, pid);
+  if (permission_entry != NULL) {
+    unsigned long long process_creation_time = get_process_creation_time(pid);
+    if (process_creation_time == 0) {
+      perror("Could not retrieve process creation time");
+      pthread_mutex_unlock(&temp_permissions_table_lock);
+      return 0;
+    }
+
+    if (process_creation_time == permission_entry->creation_time) {
+      // the process is the same as the one that was granted temporary access
+      // to the file
+      for_each(&permission_entry->allowed_files, allowed_file) {
+        if (strncmp(*allowed_file, filename, strlen(filename)) == 0) {
+          pthread_mutex_unlock(&temp_permissions_table_lock);
+          return 1;
+        }
+      }
+    }
+  }
+  pthread_mutex_unlock(&temp_permissions_table_lock);
+  return 0;
+}
+
+/**
+ * Finds the parent process ID of a given process.
+ *
+ * @param pid: The process ID of the process to find the parent of
+ * @return: The parent process ID, or 0 if the parent process ID could not be
+ * found
+ */
+pid_t get_parent_pid(pid_t pid) {
+  pid_t ppid = 0;
+  char path[256];
+  snprintf(path, sizeof(path), "/proc/%u/status", pid);
+
+  FILE *file = fopen(path, "r");
+  if (file == NULL) {
+    perror("Failed to open /proc/<pid>/status");
+    return 0;
+  }
+
+  char line[256];
+  while (fgets(line, sizeof(line), file)) {
+    if (sscanf(line, "PPid:\t%d", &ppid) == 1) {
+      fclose(file);
+      return ppid;
+    }
+  }
+
+  fclose(file);
+  return 0; // Parent PID not found
+}
+
+/**
+ * Checks if the process or any of it's parents have temporary access to the
+ * file.
+ *
+ * @param filename: The file that the process is trying to access
+ * @pram pi: The process information
+ * @return: 0 if access is denied, 1 if access is allowed
+ * @note: In case one of the parent processes is killed while this function
+ * execution the result is not guranteed to be correct. It should only lead to
+ * false negatives, though.
+ */
+int check_temp_access(const char *filename, struct process_info pi) {
+  pid_t current_pid = pi.PID;
+  while (current_pid != 0) {
+    if (check_temp_access_noparent(filename, current_pid)) {
+      return 1;
+    }
+    current_pid = get_parent_pid(current_pid);
+  }
+
+  return 0;
+}
+
+/**
+ * Gives temporary access to the process to the file.
+ *
+ * @param filename: The file that the process is trying to access
+ * @param pi: The process information
+ * @return: 0 on success, -1 on failure (e.g. ENOMEM)
+ */
+int give_temp_access(const char *filename, struct process_info pi) {
+  pthread_mutex_lock(&temp_permissions_table_lock);
+  struct temp_process_permissions *permission_entry =
+      get(&temp_permissions_table, pi.PID);
+
+  if (permission_entry != NULL) {
+
+    unsigned long long process_creation_time =
+        get_process_creation_time(pi.PID);
+    if (process_creation_time == 0) {
+      perror("Could not retrieve process creation time");
+      pthread_mutex_unlock(&temp_permissions_table_lock);
+      return -1;
+    }
+
+    if (process_creation_time == permission_entry->creation_time) {
+      // the process is the same as the one that was granted temporary access
+      // to the file
+      push(&permission_entry->allowed_files, strdup(filename));
+      pthread_mutex_unlock(&temp_permissions_table_lock);
+      return 0;
+    }
+    // we have an entry for the process, but the process is different
+    // delete the entry and create a new one
+    erase(&temp_permissions_table, pi.PID);
+    permission_entry = NULL;
+  }
+
+  // no entry is present
+  // construct the entry
+  struct temp_process_permissions new_permission_entry;
+
+  new_permission_entry.creation_time = get_process_creation_time(pi.PID);
+  init(&new_permission_entry.allowed_files);
+  push(&new_permission_entry.allowed_files, strdup(filename));
+
+  insert(&temp_permissions_table, pi.PID, new_permission_entry);
+
+  pthread_mutex_unlock(&temp_permissions_table_lock);
+  return 0;
+}

src/temp_permissions_table.h

@@ -0,0 +1,39 @@
+
+#ifndef TEMP_PERMISSIONS_TABLE_H
+#define TEMP_PERMISSIONS_TABLE_H
+
+#include "process_info.h"
+
+/**
+ * Initializes the temporary permissions table.
+ *
+ * @return: 0 on success, -1 on failure (e.g. ENOMEM)
+ */
+int init_temp_permissions_table();
+
+/**
+ * Destroys the temporary permissions table.
+ *
+ * @note: the table is guranteed to be destroyed if it is already initialized
+ */
+void destroy_temp_permissions_table();
+
+/**
+ * Checks if the process has a temporary access to the file.
+ *
+ * @param filename: The file that the process is trying to access
+ * @param pi: The process information
+ * @return: 0 if access is denied, 1 if access is allowed
+ */
+int check_temp_access(const char *filename, struct process_info pi);
+
+/**
+ * Gives temporary access to the process to the file.
+ *
+ * @param filename: The file that the process is trying to access
+ * @param pi: The process information
+ * @return: 0 on success, -1 on failure (e.g. ENOMEM)
+ */
+int give_temp_access(const char *filename, struct process_info pi);
+
+#endif // !TEMP_PERMISSIONS_TABLE_H

src/ui-socket.c

@@ -8,7 +8,10 @@
 
 #include <stddef.h>
 #include <sys/types.h>
+#include <time.h>
 #define _GNU_SOURCE
+#include "perm_permissions_table.h"
+#include "temp_permissions_table.h"
 #include "ui-socket.h"
 #include <errno.h>
 #include <pthread.h>
@@ -19,21 +22,36 @@
 #include <sys/un.h>
 #include <unistd.h>
 
-int init_ui_socket(const char *filename) {
+int init_ui_socket(const char *perm_permissions_db_filename) {
   char line[256];
   FILE *fp;
 
+  if (init_temp_permissions_table()) {
+    fprintf(stderr, "Could not initialize temporary permissions table.\n");
+    return 1;
+  }
+
+  if (init_perm_permissions_table(perm_permissions_db_filename)) {
+    fprintf(stderr, "Could not initialize permanent permissions table.\n");
+    return 1;
+  }
+
   // Test if Zenity is installed (get version)
   fp = popen("zenity --version", "r");
   if (fp == NULL) {
-    perror("Pipe returned a error");
+    perror("Pipe returned an error");
     return 1;
-  } else {
-    while (fgets(line, sizeof(line), fp))
-      printf("%s", line);
-    pclose(fp);
-    return 0;
   }
+
+  while (fgets(line, sizeof(line), fp))
+    printf("%s", line);
+  pclose(fp);
+  return 0;
+}
+
+void destroy_ui_socket() {
+  destroy_temp_permissions_table();
+  destroy_perm_permissions_table();
 }
 
 /**
@@ -41,12 +59,11 @@ int init_ui_socket(const char *filename) {
  * GUI
  *
  * @param filename: The file that the process is trying to access
- * @pram pi: The process information
- * @return: 0 if access is denied, 1 if access is allowed, 2 if access is allwed
- * for the runtime of the process
+ * @param pi: The process information
+ * @return: 0 if access is denied, 1 if access is allowed, 2 if access is
+ * allowed for the runtime of the process
  */
 int ask_access(const char *filename, struct process_info pi) {
-
   FILE *fp;
   size_t command_len =
       139 + sizeof(pid_t) * 8 + strlen(pi.name) + strlen(filename);
@@ -71,47 +88,23 @@ int ask_access(const char *filename, struct process_info pi) {
   // to manually check the output.
   char buffer[1024];
   while (fgets(buffer, sizeof(buffer), fp)) {
-    if (strcmp(buffer, "Allow this time.\n") == 0) {
+    printf("%s", buffer);
+    if (strcmp(buffer, "Allow this time\n") == 0) {
       pclose(fp);
       return 2;
     }
   }
 
   int zenity_exit_code = WEXITSTATUS(pclose(fp));
-  return zenity_exit_code;
-}
+  fprintf(stderr, "zenity returned %d\n", zenity_exit_code);
+  // zenity returns 1 on "No" >:(
+  if (zenity_exit_code == 0) {
+    return 1;
+  }
 
-/**
- * Checks if the process has a temporary access to the file.
- *
- * @param filename: The file that the process is trying to access
- * @pram pi: The process information
- * @return: 0 if access is denied, 1 if access is allowed
- */
-int check_temp_access(const char *filename, struct process_info pi) {
-  perror("Not implemented");
   return 0;
 }
 
-/**
- * Checks if the process has a permanent access to the file.
- *
- * @param filename: The file that the process is trying to access
- * @pram pi: The process information
- * @return: 0 if access is denied, 1 if access is allowed
- */
-int check_perm_access(const char *filename, struct process_info pi) {
-  perror("Not implemented");
-  return 0;
-}
-
-void give_temp_access(const char *filename, struct process_info pi) {
-  perror("Not implemented");
-}
-void give_perm_access(const char *filename, struct process_info pi) {
-  perror("Not implemented");
-}
-
 /**
  * Check access according to:
  * 1. temp permission table
@@ -120,15 +113,28 @@ void give_perm_access(const char *filename, struct process_info pi) {
  *
  * @param filename: The file that the process is trying to access
  * @pram pi: The process information
+ * @param opts: options (GRANT_TEMP, GRANT_PERM)
  * @return: 0 if access is denied, 1 if access is allowed
  */
-int interactive_access(const char *filename, struct process_info pi) {
+int interactive_access(const char *filename, struct process_info pi, int opts) {
 
   if (check_temp_access(filename, pi) || check_perm_access(filename, pi)) {
     // access was already granted before
     return 1;
   }
 
+  // if noth GRANT_TEMP and GRANT_PERM are selected, then only permanent
+  // permissions are granted
+
+  if (opts & GRANT_PERM) {
+    give_perm_access(filename, pi);
+    return 1;
+  }
+  if (opts & GRANT_TEMP) {
+    give_temp_access(filename, pi);
+    return 1;
+  }
+
   int user_response = ask_access(filename, pi);
   if (user_response == 1) {
     // user said "yes"

src/ui-socket.h

@@ -13,17 +13,36 @@
 #ifndef UI_SOCKET_H
 #define UI_SOCKET_H
 
+#include "process_info.h"
 #include <sys/types.h>
 
-struct process_info {
-  pid_t PID;
-  const char *name;
-  uid_t UID;
-};
+/**
+ * Initialize the GUI communication.
+ *
+ * @return: 0 on success, -1 on faliure.
+ */
+int init_ui_socket(const char *perm_permissions_db_filename);
 
-// For default socket location, set socket_path = NULL.
-int init_ui_socket(const char *socket_path);
+/**
+ * Close the GUI communication.
+ */
+void destroy_ui_socket(void);
 
-int interactive_access(const char *filename, struct process_info pi);
+/**
+ * Check access according to:
+ * 1. temporary permission table
+ * 2. permanent permission table
+ * 3. user descision
+ *
+ * @param filename: The file that the process is trying to access
+ * @pram pi: The process information
+ * @param opts: options (GRANT_TEMP, GRANT_PERM)
+ * @return: 0 if access is denied, 1 if access is allowed
+ */
+int interactive_access(const char *filename, struct process_info pi, int opts);
+
+#define GRANT_TEMP 1
+#define GRANT_PERM 2
+// #define TABLE_ONLY 4 // NOTE: Add this in the future?
 
 #endif // !UI_SOCKET_H

test/mock/zenity

@@ -20,4 +20,4 @@ else
   fi
 fi
 
-exit -1 # TODO: call actual zenity here
+exit 255 # TODO: call actual zenity here

test/test.bash

@@ -2,10 +2,12 @@
 
 # clean what was left from previous tests
 
+rm -f ./.pt.db
 rm -rf ./protected
 mkdir protected
-touch ./protected/do-not-remove ./protected/should-be-removed
-echo "Free code, free world." >./protected/this-only
+touch ./protected/do-not-remove ./protected/should-be-removed ./protected/truth ./protected/perm000 ./protected/perm777 ./protected/should-be-renamed ./protected/do-not-rename
+chmod 777 ./protected/perm777 ./protected/perm000
+echo "Free code, free world." >./protected/motto
 
 # set up the fake-zenity
 
@@ -14,46 +16,64 @@ PATH="$(realpath ./mock/):$PATH"
 # mount the filesystem
 
 echo "Run $(date -u +%Y-%m-%dT%H:%M:%S) "
-valgrind -s ../build/icfs -o default_permissions ./protected &
+if [[ $1 == "--setuid" ]]; then
+  echo "Setting the setuid bit..."
+  echo "root privilieges are required to create a special user and set correct ownership of the executable."
+  id -u icfs &>/dev/null || sudo useradd --system --user-group icfs
+  sudo chown icfs: ../build/icfs && sudo chmod 4777 ../build/icfs
+  chmod g+w . # needed for icfs to be able to create the database
+  echo "Valgrind will not be used due to setuid compatibility issues."
+  ../build/icfs -o default_permissions ./protected ./.pt.db &
+  sleep 1
+else
+  echo "Database protection will not be tested due to the lack of setuid capabilites."
+  echo "To test it, run this script with '--setuid'."
+  valgrind -s ../build/icfs -o default_permissions ./protected ./.pt.db &
+  sleep 5
+fi
 
-sleep 1
+#valgrind -s ../build/icfs -o default_permissions ./protected &
 
-# Try to touch files in the directory
+# WARN: please don't use `>` or `>>` operators. They force **this script** to open the file, **not the program you are trying to run**. This is probably not what you mean when you want to test a specific program's access.
+# WARN: avoid using touch, since it generates errors because setting times is not implemented in icfs **yet**.
 
-#echo \"manual\" >./protected/manual
+# create files
 
 zenity --set-fake-response no
-echo "first" >./protected/first 2>/dev/null &&
-  echo "[ICFS-TEST]: echo can create protected/first despite access being denied!" ||
+truncate -s 0 ./protected/should-exist-anyway 2>/dev/null &&
+  echo "[ICFS-TEST]: OK" ||
+  echo "[ICFS-TEST]: truncate cannot create protected/should-exist despite access being permitted!" # OK
+
+zenity --set-fake-response yes_tmp
+truncate -s 0 ./protected/should-exist 2>/dev/null &&
+  echo "[ICFS-TEST]: OK" ||
+  echo "[ICFS-TEST]: truncate cannot create protected/should-exist despite access being permitted!" # OK
+
+# write to files
+
+zenity --set-fake-response no
+sed -e 'a\'"Linux is a cancer that attaches itself in an intellectual property sense to everything it touches." "./protected/truth" 2>/dev/null &&
+  echo "[ICFS-TEST]: echo can write to protected/lie despite access being denied!" ||
   echo "[ICFS-TEST]: OK" # EACCESS
 
 zenity --set-fake-response yes_tmp
-echo "second" >./protected/second 2>/dev/null &&
+sed -e 'a\'"Sharing knowledge is the most fundamental act of friendship. Because it is a way you can give something without loosing something." "./protected/truth" 2>/dev/null &&
   echo "[ICFS-TEST]: OK" ||
-  echo "[ICFS-TEST]: echo cannot create protected/second despite access being permitted!" # OK
+  echo "[ICFS-TEST]: echo cannot write to protected/truth despite access being permitted!" # OK
 
-# Test whether permissons work
+# Read files
+
+zenity --set-fake-response no
+cat ./protected/motto >/dev/null 2>/dev/null &&
+  echo "[ICFS-TEST]: cat can read protected/this-only despite access being denied!" ||
+  echo "[ICFS-TEST]: OK" # EACCESS
 
 zenity --set-fake-response yes_tmp
-cat ./protected/first >/dev/null 2>/dev/null &&
-  echo "[ICFS-TEST]: cat can read a non-existant file ./protected/first!" ||
-  echo "[ICFS-TEST]: OK" # ENOENT
-
-zenity --set-fake-response yes_tmp
-cat ./protected/second >/dev/null 2>/dev/null &&
+cat ./protected/motto >/dev/null 2>/dev/null &&
   echo "[ICFS-TEST]: OK" ||
-  echo "[ICFS-TEST]: cat cannot open protected/second despite access being permitted!" # "second"
+  echo "[ICFS-TEST]: echo cannot create protected/this-only despite access being permitted!" # "Free code, free world."
 
-zenity --set-fake-response yes_tmp
-cat ./protected/this-only >/dev/null 2>/dev/null &&
-  echo "[ICFS-TEST]: OK" ||
-  echo "[ICFS-TEST]: echo cannot create protected/second despite access being permitted!" # "Free code, free world."
-
-#parallel ::: "cat ./protected/sudo-only > /dev/null 2> /dev/null \
-#    && echo \"[ICFS-TEST]: cat can access files owned by root!\" \
-#    || echo \"[ICFS-TEST]: OK\"" # EACCESS
-
-# test the removal
+# remove files
 
 zenity --set-fake-response no
 rm ./protected/do-not-remove >/dev/null 2>/dev/null &&
@@ -65,6 +85,47 @@ rm ./protected/should-be-removed >/dev/null 2>/dev/null &&
   echo "[ICFS-TEST]: OK" ||
   echo "[ICFS-TEST]: rm cannot unlink protected/should-be-removed despite access being permitted!" # OK
 
+# rename files
+
+zenity --set-fake-response no
+mv ./protected/do-not-rename ./protected/terrible-name 2>/dev/null &&
+  echo "[ICFS-TEST]: mv can rename protected/truth despite access being denied!" ||
+  echo "[ICFS-TEST]: OK" # EACCESS
+zenity --set-fake-response yes_tmp
+mv ./protected/should-be-renamed ./protected/great-name 2>/dev/null &&
+  echo "[ICFS-TEST]: OK" ||
+  echo "[ICFS-TEST]: mv cannot rename should-be-removed to renamed-file despite access being permitted!" # OK
+
+# change permissions
+
+zenity --set-fake-response no
+chmod 000 ./protected/perm777 2>/dev/null &&
+  echo "[ICFS-TEST]: chmod can change permissions of protected/perm777 despite access being denied!" ||
+  echo "[ICFS-TEST]: OK" # EACCESS
+zenity --set-fake-response yes_tmp
+chmod 000 ./protected/perm000 2>/dev/null &&
+  echo "[ICFS-TEST]: OK" ||
+  echo "[ICFS-TEST]: chmod cannot change permissions of protected/perm000 despite access being permitted!" # OK
+
+# test permanent permissions
+
+zenity --set-fake-response yes
+cat ./protected/motto >/dev/null 2>/dev/null &&
+  echo "[ICFS-TEST]: OK" ||
+  echo "[ICFS-TEST]: echo cannot read protected/motto despite access being permitted!" # OK
+
+zenity --set-fake-response no # this should be ignored
+cat ./protected/motto >/dev/null 2>/dev/null &&
+  echo "[ICFS-TEST]: OK" ||
+  echo "[ICFS-TEST]: echo cannot read protected/motto despite access being permitted!" # OK
+
+# test database access
+if [[ -r "./.pt.db" || -w "./.pt.db" ]]; then
+  echo "[ICFS-TEST]: permanent permissions is accessible!"
+else
+  echo "[ICFS-TEST]: OK"
+fi
+
 # unmount
 
 sleep 0.5