fedir/ICFS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: fedir:fe4b8801c0a4fa72eaf5fb3cc17e97bc4148d59f
Branches Tags
fedir:main
fedir:new-dialogue
fedir:profiling
fedir:setuid
fedir:creation_permissions
fedir:Temp_permission_table
fedir:Testing
fedir:API
fedir:basic-passthough
..
compare: fedir:b6ce6833640078d70b75996afbf0ac329f375b7e
Branches Tags
fedir:main
fedir:new-dialogue
fedir:profiling
fedir:setuid
fedir:creation_permissions
fedir:Temp_permission_table
fedir:Testing
fedir:API
fedir:basic-passthough

No commits in common. "fe4b8801c0a4fa72eaf5fb3cc17e97bc4148d59f" and "b6ce6833640078d70b75996afbf0ac329f375b7e" have entirely different histories.
fe4b8801c0 ... b6ce683364

8 changed files with 179 additions and 308 deletions
Show Stats Expand all files Collapse all files

5
Makefile
View File

@ -56,7 +56,7 @@ default: $(TARGETS)
.PHONY: clean
icfs: $(BUILD_DIR)/main.o $(BUILD_DIR)/fuse_operations.o $(BUILD_DIR)/sourcefs.o $(BUILD_DIR)/ui-socket.o $(BUILD_DIR)/temp_permissions_table.o
icfs: $(BUILD_DIR)/main.o $(BUILD_DIR)/fuse_operations.o $(BUILD_DIR)/sourcefs.o $(BUILD_DIR)/ui-socket.o
$(CC) $(CFLAGS) $^ $(LDFLAGS) -o $(BUILD_DIR)/icfs
icfs_test: $(BUILD_DIR)/main.o $(BUILD_DIR)/fuse_operations.o $(BUILD_DIR)/sourcefs.o $(BUILD_DIR)/ui-socket.o
@ -78,8 +78,5 @@ $(BUILD_DIR)/sourcefs.o: $(SOURCES_DIR)/sourcefs.c $(SOURCES_DIR)/sourcefs.h
$(BUILD_DIR)/ui-socket.o: $(SOURCES_DIR)/ui-socket.c $(SOURCES_DIR)/ui-socket.h
$(CC) $(CFLAGS) -c $< $(LDFLAGS) -o $@
$(BUILD_DIR)/temp_permissions_table.o: $(SOURCES_DIR)/temp_permissions_table.c $(SOURCES_DIR)/temp_permissions_table.h
$(CC) $(CFLAGS) -c $< $(LDFLAGS) -o $@
clean:
rm $(BUILD_DIR)/*.o $(BUILD_DIR)/icfs*

12
src/process_info.h
View File

@ -1,12 +0,0 @@
#ifndef PROCESS_INFO_H
#define PROCESS_INFO_H
#include <sys/types.h>
struct process_info {
pid_t PID;
const char *name;
uid_t UID;
};
#endif // PROCESS_INFO_H

178
src/temp_permissions_table.c
View File

@ -1,178 +0,0 @@
/*
ICFS: Interactively Controlled File System
Copyright (C) 2024-2025 Fedir Kovalov
This program can be distributed under the terms of the GNU GPLv2.
See the file LICENSE.
*/
#include "temp_permissions_table.h"
#include "cc.h"
#include "process_info.h"
#include <pthread.h>
#include <stdio.h>
#include <sys/types.h>
struct temp_process_permissions {
// yes, this is a correct type for start time in jiffies (see
// proc_pid_stat(5))
unsigned long long creation_time;
vec(char *) allowed_files;
};
map(pid_t, struct temp_process_permissions) temp_permissions_table;
pthread_mutex_t temp_permissions_table_lock;
/**
* Function to get the process creation time (in jiffies) from the proc
* filesystem
*
* @param pid: The process ID of the process to get the creation time of
* @return: The process creation time in jiffies, or 0 on error
* @note: although nothing in the documentation says that the creation time is
* never really equal to 0, it exceptionally unlikely.
*/
unsigned long long get_process_creation_time(pid_t pid) {
char path[32];
FILE *fp;
unsigned long long creation_time = 0;
// Construct the path to the process's status file
snprintf(path, sizeof(path), "/proc/%d/stat", pid);
// Open the status file
fp = fopen(path, "r");
if (fp == NULL) {
perror("fopen");
return 0;
}
// Read the creation time (the 22nd field in the stat file)
for (int i = 1; i < 22; i++) {
if (fscanf(fp, "%*s") != 1) {
fprintf(stderr, "Error reading process stat file\n");
fclose(fp);
return 0;
}
}
if (fscanf(fp, "%llu", &creation_time) != 1) {
fprintf(stderr, "Error reading creation time\n");
fclose(fp);
return 0;
}
// Close the file
fclose(fp);
return creation_time;
}
/**
* Initializes the temporary permissions table.
*
* @return: 0 on success, -1 on failure (e.g. ENOMEM)
*/
int init_temp_permissions_table() {
pthread_mutex_init(&temp_permissions_table_lock, PTHREAD_MUTEX_DEFAULT);
init(&temp_permissions_table);
}
/**
* Destroys the temporary permissions table.
*
* @note: the table is guranteed to be destroyed if it is already initialized
*/
void destroy_temp_permissions_table() {
// free the memory allocated for the table
for_each(&temp_permissions_table, entry) {
for_each(&entry->allowed_files, allowed_file) { free(*allowed_file); }
cleanup(&entry->allowed_files);
}
cleanup(&temp_permissions_table);
pthread_mutex_destroy(&temp_permissions_table_lock);
}
/**
* Checks if the process has a temporary access to the file.
*
* @param filename: The file that the process is trying to access
* @pram pi: The process information
* @return: 0 if access is denied, 1 if access is allowed
*/
int check_temp_access(const char *filename, struct process_info pi) {
// TODO: more efficient locking
pthread_mutex_lock(&temp_permissions_table_lock);
struct temp_process_permissions *permission_entry =
get(&temp_permissions_table, pi.PID);
if (permission_entry != NULL) {
unsigned long long process_creation_time =
get_process_creation_time(pi.PID);
if (process_creation_time == 0) {
perror("Could not retrieve process creation time");
pthread_mutex_unlock(&temp_permissions_table_lock);
return 0;
}
if (process_creation_time == permission_entry->creation_time) {
// the process is the same as the one that was granted temporary access
// to the file
for_each(&permission_entry->allowed_files, allowed_file) {
if (strncmp(*allowed_file, filename, strlen(filename)) == 0) {
pthread_mutex_unlock(&temp_permissions_table_lock);
return 1;
}
}
}
}
pthread_mutex_unlock(&temp_permissions_table_lock);
return 0;
}
/**
* Gives temporary access to the process to the file.
*
* @param filename: The file that the process is trying to access
* @param pi: The process information
* @return: 0 on success, -1 on failure (e.g. ENOMEM)
*/
int give_temp_access(const char *filename, struct process_info pi) {
pthread_mutex_lock(&temp_permissions_table_lock);
struct temp_process_permissions *permission_entry =
get(&temp_permissions_table, pi.PID);
if (permission_entry != NULL) {
unsigned long long process_creation_time =
get_process_creation_time(pi.PID);
if (process_creation_time == 0) {
perror("Could not retrieve process creation time");
pthread_mutex_unlock(&temp_permissions_table_lock);
return -1;
}
if (process_creation_time == permission_entry->creation_time) {
// the process is the same as the one that was granted temporary access
// to the file
push(&permission_entry->allowed_files, strdup(filename));
pthread_mutex_unlock(&temp_permissions_table_lock);
return 0;
}
// we have an entry for the process, but the process is different
// delete the entry and create a new one
erase(&temp_permissions_table, pi.PID);
permission_entry = NULL;
}
// no entry is present
// construct the entry
struct temp_process_permissions new_permission_entry;
new_permission_entry.creation_time = get_process_creation_time(pi.PID);
init(&new_permission_entry.allowed_files);
push(&new_permission_entry.allowed_files, strdup(filename));
insert(&temp_permissions_table, pi.PID, new_permission_entry);
pthread_mutex_unlock(&temp_permissions_table_lock);
return 0;
}

39
src/temp_permissions_table.h
View File

@ -1,39 +0,0 @@
#ifndef TEMP_PERMISSIONS_TABLE_H
#define TEMP_PERMISSIONS_TABLE_H
#include "process_info.h"
/**
* Initializes the temporary permissions table.
*
* @return: 0 on success, -1 on failure (e.g. ENOMEM)
*/
int init_temp_permissions_table();
/**
* Destroys the temporary permissions table.
*
* @note: the table is guranteed to be destroyed if it is already initialized
*/
void destroy_temp_permissions_table();
/**
* Checks if the process has a temporary access to the file.
*
* @param filename: The file that the process is trying to access
* @param pi: The process information
* @return: 0 if access is denied, 1 if access is allowed
*/
int check_temp_access(const char *filename, struct process_info pi);
/**
* Gives temporary access to the process to the file.
*
* @param filename: The file that the process is trying to access
* @param pi: The process information
* @return: 0 on success, -1 on failure (e.g. ENOMEM)
*/
int give_temp_access(const char *filename, struct process_info pi);
#endif // !TEMP_PERMISSIONS_TABLE_H

0
src/temp_premissions_table.h
View File

150
src/ui-socket.c
View File

@ -11,7 +11,6 @@
#include <time.h>
#define _GNU_SOURCE
#include "cc.h"
#include "temp_permissions_table.h"
#include "ui-socket.h"
#include <errno.h>
#include <pthread.h>
@ -22,18 +21,72 @@
#include <sys/un.h>
#include <unistd.h>
/**
* Function to get the process creation time (in jiffies) from the proc
* filesystem
*
* @param pid: The process ID of the process to get the creation time of
* @return: The process creation time in jiffies, or 0 on error
* @note: although nothing in the documentation says that the creation time is
* never really equal to 0, it exceptionally unlikely.
*/
unsigned long long get_process_creation_time(pid_t pid) {
char path[32];
FILE *fp;
unsigned long long creation_time = 0;
// Construct the path to the process's status file
snprintf(path, sizeof(path), "/proc/%d/stat", pid);
// Open the status file
fp = fopen(path, "r");
if (fp == NULL) {
perror("fopen");
return 0;
}
// Read the creation time (the 22nd field in the stat file)
for (int i = 1; i < 22; i++) {
if (fscanf(fp, "%*s") != 1) {
fprintf(stderr, "Error reading process stat file\n");
fclose(fp);
return 0;
}
}
if (fscanf(fp, "%llu", &creation_time) != 1) {
fprintf(stderr, "Error reading creation time\n");
fclose(fp);
return 0;
}
// Close the file
fclose(fp);
return creation_time;
}
struct temp_process_permissions {
// yes, this is a correct type for start time in jiffies (see
// proc_pid_stat(5))
unsigned long long creation_time;
vec(char *) allowed_files;
};
map(pid_t, struct temp_process_permissions) temp_permissions_table;
pthread_mutex_t temp_permissions_table_lock;
int init_ui_socket() {
char line[256];
FILE *fp;
init_temp_permissions_table();
// Test if Zenity is installed (get version)
fp = popen("zenity --version", "r");
if (fp == NULL) {
perror("Pipe returned an error");
perror("Pipe returned a error");
return 1;
}
pthread_mutex_init(&temp_permissions_table_lock, PTHREAD_MUTEX_DEFAULT);
init(&temp_permissions_table);
while (fgets(line, sizeof(line), fp))
printf("%s", line);
@ -41,7 +94,15 @@ int init_ui_socket() {
return 0;
}
void destroy_ui_socket() { destroy_temp_permissions_table(); }
void destroy_ui_socket() {
// free the memory allocated for the table
for_each(&temp_permissions_table, entry) {
for_each(&entry->allowed_files, allowed_file) { free(*allowed_file); }
cleanup(&entry->allowed_files);
}
cleanup(&temp_permissions_table);
pthread_mutex_destroy(&temp_permissions_table_lock);
}
/**
* Asks the user if the process should be allowed to access the file using the
@ -94,6 +155,42 @@ int ask_access(const char *filename, struct process_info pi) {
return 0;
}
/**
* Checks if the process has a temporary access to the file.
*
* @param filename: The file that the process is trying to access
* @pram pi: The process information
* @return: 0 if access is denied, 1 if access is allowed
*/
int check_temp_access(const char *filename, struct process_info pi) {
// TODO: more efficient locking
pthread_mutex_lock(&temp_permissions_table_lock);
struct temp_process_permissions *permission_entry =
get(&temp_permissions_table, pi.PID);
if (permission_entry != NULL) {
unsigned long long process_creation_time =
get_process_creation_time(pi.PID);
if (process_creation_time == 0) {
perror("Could not retrieve process creation time");
pthread_mutex_unlock(&temp_permissions_table_lock);
return 0;
}
if (process_creation_time == permission_entry->creation_time) {
// the process is the same as the one that was granted temporary access
// to the file
for_each(&permission_entry->allowed_files, allowed_file) {
if (strncmp(*allowed_file, filename, strlen(filename)) == 0) {
pthread_mutex_unlock(&temp_permissions_table_lock);
return 1;
}
}
}
}
pthread_mutex_unlock(&temp_permissions_table_lock);
return 0;
}
/**
* Checks if the process has a permanent access to the file.
*
@ -105,6 +202,49 @@ int check_perm_access(const char *filename, struct process_info pi) {
perror("Not implemented");
return 0;
}
int give_temp_access(const char *filename, struct process_info pi) {
pthread_mutex_lock(&temp_permissions_table_lock);
struct temp_process_permissions *permission_entry =
get(&temp_permissions_table, pi.PID);
if (permission_entry != NULL) {
unsigned long long process_creation_time =
get_process_creation_time(pi.PID);
if (process_creation_time == 0) {
perror("Could not retrieve process creation time");
pthread_mutex_unlock(&temp_permissions_table_lock);
return -1;
}
if (process_creation_time == permission_entry->creation_time) {
// the process is the same as the one that was granted temporary access
// to the file
push(&permission_entry->allowed_files, strdup(filename));
pthread_mutex_unlock(&temp_permissions_table_lock);
return 0;
}
// we have an entry for the process, but the process is different
// delete the entry and create a new one
erase(&temp_permissions_table, pi.PID);
permission_entry = NULL;
}
// no entry is present
// construct the entry
struct temp_process_permissions new_permission_entry;
new_permission_entry.creation_time = get_process_creation_time(pi.PID);
init(&new_permission_entry.allowed_files);
push(&new_permission_entry.allowed_files, strdup(filename));
insert(&temp_permissions_table, pi.PID, new_permission_entry);
pthread_mutex_unlock(&temp_permissions_table_lock);
return 0;
}
int give_perm_access(const char *filename, struct process_info pi) {
perror("Not implemented");
return -1;

29
src/ui-socket.h
View File

@ -13,31 +13,18 @@
#ifndef UI_SOCKET_H
#define UI_SOCKET_H
#include "process_info.h"
#include <sys/types.h>
/**
* Initialize the GUI communication.
*
* @return: 0 on success, -1 on faliure.
*/
int init_ui_socket(void);
struct process_info {
pid_t PID;
const char *name;
uid_t UID;
};
/**
* Close the GUI communication.
*/
void destroy_ui_socket(void);
int init_ui_socket();
void destroy_ui_socket();
/**
* Check access according to:
* 1. temporary permission table
* 2. permanent permission table
* 3. user descision
*
* @param filename: The file that the process is trying to access
* @pram pi: The process information
* @return: 0 if access is denied, 1 if access is allowed
*/
int interactive_access(const char *filename, struct process_info pi);
#endif // !UI_SOCKET_H

74
test/test.bash
View File

@ -4,9 +4,8 @@
rm -rf ./protected
mkdir protected
touch ./protected/do-not-remove ./protected/should-be-removed ./protected/truth ./protected/perm000 ./protected/perm777 ./protected/this-name-is-wrong
chmod 777 ./protected/perm777 ./protected/perm000
echo "Free code, free world." >./protected/motto
touch ./protected/do-not-remove ./protected/should-be-removed
echo "Free code, free world." >./protected/this-only
# set up the fake-zenity
@ -19,43 +18,42 @@ valgrind -s ../build/icfs -o default_permissions ./protected &
sleep 1
# create files
# Try to touch files in the directory
#echo \"manual\" >./protected/manual
zenity --set-fake-response no
touch ./protected/should-not-exist 2>/dev/null &&
echo "[ICFS-TEST]: touch can create protected/should-not-exist despite access being denied!" ||
echo "first" >./protected/first 2>/dev/null &&
echo "[ICFS-TEST]: echo can create protected/first despite access being denied!" ||
echo "[ICFS-TEST]: OK" # EACCESS
zenity --set-fake-response yes_tmp
touch ./protected/should-exist 2>/dev/null &&
echo "second" >./protected/second 2>/dev/null &&
echo "[ICFS-TEST]: OK" ||
echo "[ICFS-TEST]: touch cannot create protected/should-exist despite access being permitted!" # OK
echo "[ICFS-TEST]: echo cannot create protected/second despite access being permitted!" # OK
# write to files
zenity --set-fake-response no
echo "Linux is a cancer that attaches itself in an intellectual property sense to everything it touches." >./protected/truth 2>/dev/null &&
echo "[ICFS-TEST]: echo can write to protected/lie despite access being denied!" ||
echo "[ICFS-TEST]: OK" # EACCESS
# Test whether permissons work
zenity --set-fake-response yes_tmp
echo "Sharing knowledge is the most fundamental act of friendship. Because it is a way you can give something without loosing something." >./protected/truth 2>/dev/null &&
echo "[ICFS-TEST]: OK" ||
echo "[ICFS-TEST]: echo cannot write to protected/truth despite access being permitted!" # OK
# Read files
zenity --set-fake-response no
cat ./protected/motto >/dev/null 2>/dev/null &&
echo "[ICFS-TEST]: cat can read protected/this-only despite access being denied!" ||
echo "[ICFS-TEST]: OK" # EACCESS
cat ./protected/first >/dev/null 2>/dev/null &&
echo "[ICFS-TEST]: cat can read a non-existant file ./protected/first!" ||
echo "[ICFS-TEST]: OK" # ENOENT
zenity --set-fake-response yes_tmp
cat ./protected/motto >/dev/null 2>/dev/null &&
cat ./protected/second >/dev/null 2>/dev/null &&
echo "[ICFS-TEST]: OK" ||
echo "[ICFS-TEST]: echo cannot create protected/this-only despite access being permitted!" # "Free code, free world."
echo "[ICFS-TEST]: cat cannot open protected/second despite access being permitted!" # "second"
# remove files
zenity --set-fake-response yes_tmp
cat ./protected/this-only >/dev/null 2>/dev/null &&
echo "[ICFS-TEST]: OK" ||
echo "[ICFS-TEST]: echo cannot create protected/second despite access being permitted!" # "Free code, free world."
#parallel ::: "cat ./protected/sudo-only > /dev/null 2> /dev/null \
# && echo \"[ICFS-TEST]: cat can access files owned by root!\" \
# || echo \"[ICFS-TEST]: OK\"" # EACCESS
# test the removal
zenity --set-fake-response no
rm ./protected/do-not-remove >/dev/null 2>/dev/null &&
@ -67,28 +65,6 @@ rm ./protected/should-be-removed >/dev/null 2>/dev/null &&
echo "[ICFS-TEST]: OK" ||
echo "[ICFS-TEST]: rm cannot unlink protected/should-be-removed despite access being permitted!" # OK
# rename files
zenity --set-fake-response no
mv ./protected/truth ./protected/lie 2>/dev/null &&
echo "[ICFS-TEST]: mv can rename protected/truth despite access being denied!" ||
echo "[ICFS-TEST]: OK" # EACCESS
zenity --set-fake-response yes_tmp
mv ./protected/this-name-is-wrong ./protected/this-name-is-correct 2>/dev/null &&
echo "[ICFS-TEST]: OK" ||
echo "[ICFS-TEST]: mv cannot rename should-be-removed to renamed-file despite access being permitted!" # OK
# change permissions
zenity --set-fake-response no
chmod 000 ./protected/perm777 2>/dev/null &&
echo "[ICFS-TEST]: chmod can change permissions of protected/perm777 despite access being denied!" ||
echo "[ICFS-TEST]: OK" # EACCESS
zenity --set-fake-response yes_tmp
chmod 000 ./protected/perm000 2>/dev/null &&
echo "[ICFS-TEST]: OK" ||
echo "[ICFS-TEST]: chmod cannot change permissions of protected/perm000 despite access being permitted!" # OK
# unmount
sleep 0.5