Added mutex to permissions checks to avoid inconsistent permission checking

/proc/pid/exe already seems to be a link to the absolute path to the
executable. This fixes bugs related to containerised applications.

README.md

@@ -15,15 +15,19 @@ Traditional access control mechanisms in operating systems allow the same level
 - Install dependencies
   - libfuse3
     - Debian: `sudo apt install fuse3 libfuse3-dev`
-  - zenity
-    - Debian: `sudo apt install zenity`
   - Build tools
     - Debian: `sudo apt install gcc make pkg-config`
 - Build using `make`:
   - In the project directory: `make`
-  - Use `make DEBUG=1` for testing.
+  - Add `DEBUG=1` to show more compiler warnings.
+  - Add `TEST=1` to also test the program.
+  - Add `DIALOGUE=0` to not compile the dialogue program.
 - Resulting binaries should appear in the `build` directory.
 
+## Installation
+
+Currently, there is no installer implemented.
+
 ## Usage
 
 `icfs <FUSE arguments> [target directory]`

src/access_t.h

@@ -1,3 +1,11 @@
+/*
+  ICFS: Interactively Controlled File System
+  Copyright (C) 2024-2025  Fedir Kovalov
+
+  This program can be distributed under the terms of the GNU GPLv2.
+  See the file LICENSE.
+*/
+
 #ifndef ACCESS_T_H
 #define ACCESS_T_H
 

src/fuse_operations.c

@@ -11,6 +11,7 @@
   See the file LICENSE.
 */
 
+#include "process_info.h"
 #include "real_filename.h"
 #include <assert.h>
 #include <stddef.h>
@@ -41,6 +42,7 @@
 #include "fuse_operations.h"
 #include "proc_operations.h"
 #include "sourcefs.h"
+#include "temp_permissions_table.h"
 #include "ui-socket.h"
 
 static void *xmp_init(struct fuse_conn_info *conn, struct fuse_config *cfg) {
@@ -67,6 +69,7 @@ static void *xmp_init(struct fuse_conn_info *conn, struct fuse_config *cfg) {
   cfg->negative_timeout = 0;
   fprintf(stderr, "%d\n", getpid());
   assert(get_mountpoint() != NULL);
+  init_garbage_collector();
 
   return NULL;
 }
@@ -265,8 +268,7 @@ static int xmp_unlink(const char *path) {
   struct fuse_context *fc = fuse_get_context();
 
   // ask the user for the permission for deleting the file
-  pi.PID = fc->pid;
+  pi = get_process_info(fc->pid);
-  pi.name = get_process_name_by_pid(pi.PID);
 
   // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
 
@@ -313,8 +315,7 @@ static int xmp_rename(const char *from, const char *to, unsigned int flags) {
   struct process_info pi;
   struct fuse_context *fc = fuse_get_context();
 
-  pi.PID = fc->pid;
+  pi = get_process_info(fc->pid);
-  pi.name = get_process_name_by_pid(pi.PID);
 
   // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
 
@@ -344,8 +345,7 @@ static int xmp_link(const char *from, const char *to) {
   struct process_info pi;
   struct fuse_context *fc = fuse_get_context();
 
-  pi.PID = fc->pid;
+  pi = get_process_info(fc->pid);
-  pi.name = get_process_name_by_pid(pi.PID);
 
   // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
   if (!interactive_access(from, pi, 0)) {
@@ -369,8 +369,7 @@ static int xmp_chmod(const char *path, mode_t mode, struct fuse_file_info *fi) {
   struct process_info pi;
   struct fuse_context *fc = fuse_get_context();
 
-  pi.PID = fc->pid;
+  pi = get_process_info(fc->pid);
-  pi.name = get_process_name_by_pid(pi.PID);
 
   // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
   if (!interactive_access(path, pi, 0)) {
@@ -400,8 +399,7 @@ static int xmp_chown(const char *path, uid_t uid, gid_t gid,
   struct process_info pi;
   struct fuse_context *fc = fuse_get_context();
 
-  pi.PID = fc->pid;
+  pi = get_process_info(fc->pid);
-  pi.name = get_process_name_by_pid(pi.PID);
 
   // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
   if (!interactive_access(path, pi, 0)) {
@@ -459,8 +457,7 @@ static int xmp_create(const char *path, mode_t mode,
   struct process_info pi;
   struct fuse_context *fc = fuse_get_context();
 
-  pi.PID = fc->pid;
+  pi = get_process_info(fc->pid);
-  pi.name = get_process_name_by_pid(pi.PID);
 
   // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
 
@@ -484,8 +481,7 @@ static int xmp_open(const char *path, struct fuse_file_info *fi) {
   struct process_info pi;
   struct fuse_context *fc = fuse_get_context();
 
-  pi.PID = fc->pid;
+  pi = get_process_info(fc->pid);
-  pi.name = get_process_name_by_pid(pi.PID);
 
   // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
   if (!interactive_access(path, pi, 0)) {

src/perm_permissions_table.c

@@ -29,12 +29,12 @@ const char *const table_name = "permissions";
 const int column_count = 3;
 const char *const schema[] = {"executable", "filename", "mode"};
 const char *const types[] = {"TEXT", "TEXT", "INTEGER"};
-uid_t ruid, euid, current_pid;
+uid_t ruid, euid, current_uid;
 pthread_mutex_t uid_switch = PTHREAD_MUTEX_INITIALIZER;
 
 void set_db_fsuid() {
   pthread_mutex_lock(&uid_switch);
-  if (current_pid == ruid)
+  if (current_uid == ruid)
     return;
 
   int status = -1;
@@ -49,7 +49,7 @@ void set_db_fsuid() {
 
 void set_real_fsuid() {
   pthread_mutex_lock(&uid_switch);
-  if (current_pid == ruid)
+  if (current_uid == ruid)
     return;
 
   int status = -1;
@@ -201,48 +201,38 @@ void destroy_perm_permissions_table(void) { sqlite3_close(perm_database); }
  * Checks if the process has a permanent access to the file.
  *
  * @param filename: The file that the process is trying to access
- * @pram pi: The process information
+ * @param pi: The process information
  * @return: access status - ALLOW, DENY or NDEF in case if no information was
  * found
  */
 access_t check_perm_access_noparent(const char *filename,
                                     struct process_info pi) {
-
+  if (pi.name == NULL)
-  char *query = NULL;
-  int ret = asprintf(&query,
-                     "SELECT * FROM %s WHERE executable = \'%s\' "
-                     "AND ((\'%s\' LIKE CONCAT(filename, \'%%\') AND filename "
-                     "GLOB \'*/\') OR filename = \'%s\');",
-                     table_name, pi.name, filename, filename);
-  fprintf(stderr, "query: %s\n", query);
-
-  if (ret < 0) {
-    // If asprintf fails, the contents of query are undefined (see man
-    // asprintf). That does not explicitly rule out that query will be a valid
-    // pointer. But the risk of freeing a non-allocated pointer is too much to
-    // justify preparing for this.
-    fprintf(stderr, "Could not create query on access check");
-    perror("");
     return NDEF;
-  }
 
-  char *sqlite_error = NULL;
+  access_t ret = NDEF;
-  int flag = 0;
+  sqlite3_stmt *stmt = NULL;
-  ret = sqlite3_exec(perm_database, query, set_flag, &flag, &sqlite_error);
+  const char *sql = "SELECT mode FROM permissions WHERE executable = ?1 "
-  free((void *)query);
+                    "AND (( ?2 LIKE CONCAT(filename, \'%\') AND filename "
-  if (ret != SQLITE_OK) {
+                    "GLOB \'*/\') OR filename = ?2 );";
-    fprintf(stderr, "SQLite returned an error: %s\n", sqlite_error);
+  sqlite3_prepare_v2(perm_database, sql, -1, &stmt, NULL);
-    sqlite3_free(sqlite_error);
+  sqlite3_bind_text(stmt, 1, pi.name, -1, SQLITE_STATIC);
-    return NDEF;
+  sqlite3_bind_text(stmt, 2, filename, -1, SQLITE_STATIC);
-  }
 
-  if (flag == 1) {
+  int step_ret = sqlite3_step(stmt);
-    return ALLOW;
+  if (step_ret == SQLITE_ROW) {
+    int mode_col = sqlite3_column_int(stmt, 0);
+    if (mode_col) {
+      ret = ALLOW;
+    } else {
+      ret = DENY;
+    }
+  } else {
+    fprintf(stderr, "SQLite error: %s\n", sqlite3_errstr(step_ret));
   }
-  if (flag == -1) {
+  sqlite3_finalize(stmt);
-    return DENY;
+
-  }
+  return ret;
-  return NDEF;
 }
 
 /**
@@ -250,7 +240,7 @@ access_t check_perm_access_noparent(const char *filename,
  * file.
  *
  * @param filename: The file that the process is trying to access
- * @pram pi: The process information
+ * @param pi: The process information
  * @return: access status - ALLOW, DENY or NDEF in case if no information was
  * found. Does not return ALLOW_TEMP or DENY_TEMP.
  * @note: In case one of the parent processes is killed while this function
@@ -258,7 +248,7 @@ access_t check_perm_access_noparent(const char *filename,
  * false negatives, though.
  */
 access_t check_perm_access(const char *filename, struct process_info pi) {
-  if (pi.PID == 0) {
+  if (pi.PID == 0 || pi.name == NULL) {
     return NDEF;
   }
 
@@ -272,7 +262,7 @@ access_t check_perm_access(const char *filename, struct process_info pi) {
     }
     current_pi.name = NULL;
     while (current_pi.name == NULL) {
-      current_pi.PID = get_parent_pid(current_pi.PID);
+      current_pi.PID = get_main_thread_pid(get_parent_pid(current_pi.PID));
       if (current_pi.PID != 0) {
         current_pi.name = get_process_name_by_pid(current_pi.PID);
       } else {
@@ -310,7 +300,7 @@ int set_perm_access(const char *filename, struct process_info pi,
     // asprintf). That does not explicitly rule out that query will be a valid
     // pointer. But the risk of freeing a non-allocated pointer is too much to
     // justify preparing for this.
-    fprintf(stderr, "Could not create query on rule insertion");
+    fprintf(stderr, "Could not create query on rule insertion\n");
     perror("");
     return 1;
   }
@@ -321,7 +311,6 @@ int set_perm_access(const char *filename, struct process_info pi,
   if (ret != SQLITE_OK) {
     fprintf(stderr, "SQLite returned an error: %s\n", sqlite_error);
     sqlite3_free(sqlite_error);
-    free(query);
     return 1;
   }
 

src/perm_permissions_table.h

@@ -30,7 +30,7 @@ void destroy_perm_permissions_table();
  * Checks if the process has a permanent access to the file.
  *
  * @param filename: The file that the process is trying to access
- * @pram pi: The process information
+ * @param pi: The process information
  * @return: access status - ALLOW, DENY or NDEF in case if no information was
  * found
  */
@@ -43,7 +43,7 @@ access_t check_perm_access(const char *filename, struct process_info pi);
  * @param pi: The process information
  * @param mode: Kind of access rule to be set - SET_DENY to deny access, and
  * SET_ALLOW to allow access.
- * @return: 0 on success, -1 on failure
+ * @return: 0 on success, 1 on failure
  */
 int set_perm_access(const char *filename, struct process_info pi,
                     set_mode_t mode);

src/proc_operations.c

@@ -1,16 +1,93 @@
+/*
+  ICFS: Interactively Controlled File System
+  Copyright (C) 2024-2025  Fedir Kovalov
+
+  This program can be distributed under the terms of the GNU GPLv2.
+  See the file LICENSE.
+*/
+
 #include "proc_operations.h"
+#include <linux/limits.h>
+#include <stddef.h>
 #include <stdio.h>
 #include <stdlib.h>
+#include <unistd.h>
+
+/**
+ * @brief Returns the PID of the main thread (i.e., the process ID) of the
+ * process that the given thread ID (tid) belongs to.
+ *
+ * @param tid The thread ID (TID) of any thread in the process.
+ * @return pid_t The process ID (main thread's PID), or -1 on error.
+ */
+pid_t get_main_thread_pid(pid_t tid) {
+  // Validate input
+  if (tid <= 0) {
+    // errno = EINVAL;
+    return 0;
+  }
+
+  char path[PATH_MAX];
+  snprintf(path, sizeof(path), "/proc/%d/status", tid);
+
+  FILE *fp = fopen(path, "r");
+  if (!fp) {
+    return 0; // Could not open the file
+  }
+
+  pid_t tgid = 0;
+  char line[256];
+
+  while (fgets(line, sizeof(line), fp)) {
+    if (sscanf(line, "Tgid: %d", &tgid) == 1) {
+      break;
+    }
+  }
+
+  fclose(fp);
+  if (tgid != tid) {
+    fprintf(stderr, "The tid and and pid wasn't equal. tid:%d, pid:%d.\n", tid,
+            tgid);
+  }
+  return tgid;
+}
 
 char *get_process_name_by_pid(const int pid) {
   char path[1024];
   sprintf(path, "/proc/%d/exe", pid);
 
-  char *name = realpath(path, NULL);
+  size_t size = 128;
+  char *name = malloc(size);
   if (name == NULL) {
     fprintf(stderr, "Could not get process name by pid %d", pid);
     perror("");
+    return NULL;
   }
+
+  while (1) {
+    ssize_t len = readlink(path, name, size);
+
+    if (len == -1) {
+      fprintf(stderr, "Could not get process name by pid %d", pid);
+      perror("");
+      free(name);
+      return NULL;
+    }
+    if ((size_t)len >= size) {
+      size *= 2;
+      char *new_name = realloc(name, size);
+      if (!new_name) {
+        free(name);
+        return NULL;
+      }
+      name = new_name;
+    } else {
+      // readlink does not set the null character
+      name[len] = 0;
+      break;
+    }
+  }
+
   return name;
 }
 

src/proc_operations.h

@@ -1,3 +1,11 @@
+/*
+  ICFS: Interactively Controlled File System
+  Copyright (C) 2024-2025  Fedir Kovalov
+
+  This program can be distributed under the terms of the GNU GPLv2.
+  See the file LICENSE.
+*/
+
 #ifndef PROC_OPERATIONS
 #define PROC_OPERATIONS
 
@@ -14,4 +22,13 @@ char *get_process_name_by_pid(const int pid);
  */
 pid_t get_parent_pid(pid_t pid);
 
+/**
+ * @brief Returns the PID of the main thread (i.e., the process ID) of the
+ * process that the given thread ID (tid) belongs to.
+ *
+ * @param tid The thread ID (TID) of any thread in the process.
+ * @return pid_t The process ID (main thread's PID), or -1 on error.
+ */
+pid_t get_main_thread_pid(pid_t tid);
+
 #endif // !PROC_OPERATIONS

src/process_info.h

@@ -9,10 +9,25 @@
 #ifndef PROCESS_INFO_H
 #define PROCESS_INFO_H
 
+#include "proc_operations.h"
+#include <errno.h>
+#include <limits.h>
+#include <stdio.h>
 #include <sys/types.h>
+#include <unistd.h>
 struct process_info {
   pid_t PID;
   char *name;
 };
 
+static inline struct process_info get_process_info(pid_t pid) {
+  struct process_info pi;
+  pi.PID = get_main_thread_pid(pid);
+  pi.name = get_process_name_by_pid(pi.PID);
+  if (pi.name == NULL) {
+    pi.PID = 0;
+  }
+  return pi;
+}
+
 #endif // PROCESS_INFO_H

src/real_filename.h

@@ -1,3 +1,11 @@
+/*
+  ICFS: Interactively Controlled File System
+  Copyright (C) 2024-2025  Fedir Kovalov
+
+  This program can be distributed under the terms of the GNU GPLv2.
+  See the file LICENSE.
+*/
+
 #ifndef REAL_FILENAME_H
 #define REAL_FILENAME_H
 

src/set_mode_t.h

@@ -1,3 +1,10 @@
+/*
+  ICFS: Interactively Controlled File System
+  Copyright (C) 2024-2025  Fedir Kovalov
+
+  This program can be distributed under the terms of the GNU GPLv2.
+  See the file LICENSE.
+*/
 
 #ifndef SET_MODE_T_H
 #define SET_MODE_T_H

src/temp_permissions_table.c

@@ -16,6 +16,8 @@
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
+#include <time.h>
+#include <unistd.h>
 
 struct temp_process_permissions {
   // yes, this is a correct type for start time in jiffies (see
@@ -26,7 +28,9 @@ struct temp_process_permissions {
 };
 
 map(pid_t, struct temp_process_permissions) temp_permissions_table;
-pthread_mutex_t temp_permissions_table_lock;
+pthread_rwlock_t temp_permissions_table_lock = PTHREAD_RWLOCK_INITIALIZER;
+pthread_t gc_thread;
+int is_gc_active = 0;
 
 /**
  * Function to get the process creation time (in jiffies) from the proc
@@ -72,16 +76,70 @@ unsigned long long get_process_creation_time(pid_t pid) {
   return creation_time;
 }
 
+int is_valid(pid_t pid, struct temp_process_permissions *entry) {
+  unsigned long long creation_time = get_process_creation_time(pid);
+  if (creation_time == 0) {
+    return 0;
+  }
+
+  if (creation_time != entry->creation_time) {
+    return 0;
+  }
+
+  return 1;
+}
+
+void *garbage_collector(void *arg) {
+  (void)arg;
+
+  while (is_gc_active) {
+    sleep(1);
+    pthread_rwlock_wrlock(&temp_permissions_table_lock);
+
+    vec(pid_t) blacklist;
+    init(&blacklist);
+
+    for_each(&temp_permissions_table, pid, entry) {
+      if (!is_valid(*pid, entry)) {
+        push(&blacklist, *pid);
+        for_each(&entry->allowed_files, allowed_file) { free(*allowed_file); }
+        cleanup(&entry->allowed_files);
+        for_each(&entry->denied_files, denied_file) { free(*denied_file); }
+        cleanup(&entry->denied_files);
+      }
+    }
+
+    for_each(&blacklist, pid) { erase(&temp_permissions_table, *pid); }
+
+    cleanup(&blacklist);
+
+    pthread_rwlock_unlock(&temp_permissions_table_lock);
+  }
+
+  return NULL;
+}
+
 /**
  * Initializes the temporary permissions table.
  *
  * @return: 0 on success, -1 on failure (e.g. ENOMEM)
  */
 int init_temp_permissions_table(void) {
-  pthread_mutex_init(&temp_permissions_table_lock, PTHREAD_MUTEX_DEFAULT);
   init(&temp_permissions_table);
   return 0;
 }
+/**
+ * Starts the temporary permissions table garbage_collector.
+ *
+ * @return: 0 on success, -1 on failure (e.g. ENOMEM)
+ */
+int init_garbage_collector(void) {
+  is_gc_active = 1;
+  if (pthread_create(&gc_thread, NULL, garbage_collector, NULL) != 0) {
+    return -1;
+  }
+  return 0;
+}
 
 /**
  * Destroys the temporary permissions table.
@@ -91,6 +149,11 @@ int init_temp_permissions_table(void) {
  * screwed.
  */
 void destroy_temp_permissions_table(void) {
+  if (is_gc_active) {
+    is_gc_active = 0;
+    pthread_join(gc_thread, NULL);
+  }
+
   // free the memory allocated for the table
   for_each(&temp_permissions_table, entry) {
     for_each(&entry->allowed_files, allowed_file) { free(*allowed_file); }
@@ -102,27 +165,26 @@ void destroy_temp_permissions_table(void) {
   }
 
   cleanup(&temp_permissions_table);
-  pthread_mutex_destroy(&temp_permissions_table_lock);
 }
 
 /**
  * Checks if the process has a temporary access to the file.
  *
  * @param filename: The file that the process is trying to access
- * @pram pid: PID of the process
+ * @param pid: PID of the process
  * @return: access status - ALLOW, DENY or NDEF in case if no information was
  * found is avaliable
  */
 access_t check_temp_access_noparent(const char *filename, pid_t pid) {
   // TODO: more efficient locking
-  pthread_mutex_lock(&temp_permissions_table_lock);
+  pthread_rwlock_rdlock(&temp_permissions_table_lock);
   struct temp_process_permissions *permission_entry =
       get(&temp_permissions_table, pid);
   if (permission_entry != NULL) {
     unsigned long long process_creation_time = get_process_creation_time(pid);
     if (process_creation_time == 0) {
       perror("Could not retrieve process creation time");
-      pthread_mutex_unlock(&temp_permissions_table_lock);
+      pthread_rwlock_unlock(&temp_permissions_table_lock);
       return NDEF;
     }
 
@@ -136,7 +198,7 @@ access_t check_temp_access_noparent(const char *filename, pid_t pid) {
             ((denied_file_len < filename_len &&
               (*denied_file)[denied_file_len - 1] == '/') ||
              (denied_file_len == filename_len))) {
-          pthread_mutex_unlock(&temp_permissions_table_lock);
+          pthread_rwlock_unlock(&temp_permissions_table_lock);
           return DENY;
         }
       }
@@ -146,13 +208,13 @@ access_t check_temp_access_noparent(const char *filename, pid_t pid) {
             ((allowed_file_len < filename_len &&
               (*allowed_file)[allowed_file_len - 1] == '/') ||
              (allowed_file_len == filename_len))) {
-          pthread_mutex_unlock(&temp_permissions_table_lock);
+          pthread_rwlock_unlock(&temp_permissions_table_lock);
           return ALLOW;
         }
       }
     }
   }
-  pthread_mutex_unlock(&temp_permissions_table_lock);
+  pthread_rwlock_unlock(&temp_permissions_table_lock);
   return NDEF;
 }
 
@@ -161,7 +223,7 @@ access_t check_temp_access_noparent(const char *filename, pid_t pid) {
  * file.
  *
  * @param filename: The file that the process is trying to access
- * @pram pi: The process information
+ * @param pi: The process information
  * @return: access status - ALLOW, DENY or NDEF in case if no information was
  * found. Does not return ALLOW_TEMP.
  * @note: In case one of the parent processes is killed while this function
@@ -175,7 +237,7 @@ access_t check_temp_access(const char *filename, struct process_info pi) {
     if (access != NDEF) {
       return access;
     }
-    current_pid = get_parent_pid(current_pid);
+    current_pid = get_main_thread_pid(get_parent_pid(current_pid));
   }
 
   return NDEF;
@@ -192,7 +254,9 @@ access_t check_temp_access(const char *filename, struct process_info pi) {
  */
 int set_temp_access(const char *filename, struct process_info pi,
                     set_mode_t mode) {
-  pthread_mutex_lock(&temp_permissions_table_lock);
+  if (pi.PID == 0)
+    return NDEF;
+  pthread_rwlock_wrlock(&temp_permissions_table_lock);
   struct temp_process_permissions *permission_entry =
       get(&temp_permissions_table, pi.PID);
 
@@ -202,7 +266,7 @@ int set_temp_access(const char *filename, struct process_info pi,
         get_process_creation_time(pi.PID);
     if (process_creation_time == 0) {
       perror("Could not retrieve process creation time");
-      pthread_mutex_unlock(&temp_permissions_table_lock);
+      pthread_rwlock_unlock(&temp_permissions_table_lock);
       return -1;
     }
 
@@ -216,7 +280,7 @@ int set_temp_access(const char *filename, struct process_info pi,
         push(&permission_entry->denied_files, strdup(filename));
       }
 
-      pthread_mutex_unlock(&temp_permissions_table_lock);
+      pthread_rwlock_unlock(&temp_permissions_table_lock);
       return 0;
     }
     // we have an entry for the process, but the process is different
@@ -241,6 +305,6 @@ int set_temp_access(const char *filename, struct process_info pi,
 
   insert(&temp_permissions_table, pi.PID, new_permission_entry);
 
-  pthread_mutex_unlock(&temp_permissions_table_lock);
+  pthread_rwlock_unlock(&temp_permissions_table_lock);
   return 0;
 }

src/temp_permissions_table.h

@@ -1,3 +1,10 @@
+/*
+  ICFS: Interactively Controlled File System
+  Copyright (C) 2024-2025  Fedir Kovalov
+
+  This program can be distributed under the terms of the GNU GPLv2.
+  See the file LICENSE.
+*/
 
 #ifndef TEMP_PERMISSIONS_TABLE_H
 #define TEMP_PERMISSIONS_TABLE_H
@@ -13,6 +20,13 @@
  */
 int init_temp_permissions_table(void);
 
+/**
+ * Starts the temporary permissions table garbage_collector.
+ *
+ * @return: 0 on success, -1 on failure (e.g. ENOMEM)
+ */
+int init_garbage_collector(void);
+
 /**
  * Destroys the temporary permissions table.
  *
@@ -27,7 +41,7 @@ void destroy_temp_permissions_table(void);
  * file.
  *
  * @param filename: The file that the process is trying to access
- * @pram pi: The process information
+ * @param pi: The process information
  * @return: access status - ALLOW, DENY or NDEF in case if no information was
  * found. Does not return ALLOW_TEMP.
  * @note: In case one of the parent processes is killed while this function

src/ui-socket.c

@@ -30,14 +30,20 @@
 #define DIALOGUE_NO 1
 #define DIALOGUE_PERM 2
 
+pthread_mutex_t access_check_mutex = PTHREAD_MUTEX_INITIALIZER;
+
 struct dialogue_response {
   access_t decision;
   char *filename;
 };
 
+FILE *access_log;
+
 int init_ui_socket(const char *perm_permissions_db_filename) {
   FILE *fp = NULL;
 
+  access_log = fopen("/etc/icfs-log", "a+");
+
   if (init_temp_permissions_table()) {
     fprintf(stderr, "Could not initialize temporary permissions table.\n");
     return 1;
@@ -60,6 +66,7 @@ int init_ui_socket(const char *perm_permissions_db_filename) {
 }
 
 void destroy_ui_socket(void) {
+  fclose(access_log);
   destroy_temp_permissions_table();
   destroy_perm_permissions_table();
 }
@@ -122,6 +129,7 @@ struct dialogue_response ask_access(const char *filename,
   }
 
   int dialogue_exit_code = WEXITSTATUS(pclose(fp));
+
   fprintf(stderr, "dialogue wrote out %s\n", first(&dialogue_output));
   fprintf(stderr, "dialogue returned %d\n", dialogue_exit_code);
 
@@ -137,6 +145,8 @@ struct dialogue_response ask_access(const char *filename,
 
   // assert(0 == strcmp(response.filename, first(&dialogue_output)));
   cleanup(&dialogue_output);
+  time_t now = time(0);
+  fprintf(access_log, "%ld\n", now);
 
   if (dialogue_exit_code == (DIALOGUE_YES | DIALOGUE_PERM)) {
     response.decision = ALLOW;
@@ -158,13 +168,14 @@ struct dialogue_response ask_access(const char *filename,
  * 3. user descision
  *
  * @param filename: The file that the process is trying to access
- * @pram pi: The process information
+ * @param pi: The process information
  * @param opts: options (GRANT_TEMP, GRANT_PERM)
  * @return: 0 if access is denied, 1 if access is allowed
  */
 int interactive_access(const char *filename, struct process_info proc_info,
                        int opts) {
   char *real_path = real_filename(filename);
+  pthread_mutex_lock(&access_check_mutex);
 
   access_t access = check_temp_access(real_path, proc_info);
   if (access == ALLOW) {
@@ -173,6 +184,7 @@ int interactive_access(const char *filename, struct process_info proc_info,
             "permission table.\n",
             proc_info.name);
     free(real_path);
+    pthread_mutex_unlock(&access_check_mutex);
     return 1;
   }
   if (access == DENY) {
@@ -181,6 +193,7 @@ int interactive_access(const char *filename, struct process_info proc_info,
             "permission table.\n",
             proc_info.name);
     free(real_path);
+    pthread_mutex_unlock(&access_check_mutex);
     return 0;
   }
 
@@ -191,6 +204,7 @@ int interactive_access(const char *filename, struct process_info proc_info,
             "permission table.\n",
             proc_info.name);
     free(real_path);
+    pthread_mutex_unlock(&access_check_mutex);
     return 1;
   }
   if (access == DENY) {
@@ -199,6 +213,7 @@ int interactive_access(const char *filename, struct process_info proc_info,
             "permission table.\n",
             proc_info.name);
     free(real_path);
+    pthread_mutex_unlock(&access_check_mutex);
     return 0;
   }
 
@@ -209,12 +224,14 @@ int interactive_access(const char *filename, struct process_info proc_info,
     fprintf(stderr, "Permission granted permanently to %s.\n", proc_info.name);
     set_perm_access(real_path, proc_info, SET_ALLOW);
     free(real_path);
+    pthread_mutex_unlock(&access_check_mutex);
     return 1;
   }
   if (opts & GRANT_TEMP) {
     fprintf(stderr, "Permission granted temporarily to %s.\n", proc_info.name);
     set_temp_access(real_path, proc_info, SET_ALLOW);
     free(real_path);
+    pthread_mutex_unlock(&access_check_mutex);
     return 1;
   }
 
@@ -238,43 +255,36 @@ int interactive_access(const char *filename, struct process_info proc_info,
   real_path = real_filename(response.filename);
   free(response.filename);
 
+  int ret = 0;
+
   if (response.decision == ALLOW) {
     fprintf(stderr,
             "Permission granted permanently to %s based on zenty response.\n",
             proc_info.name);
     set_perm_access(real_path, proc_info, SET_ALLOW);
-    free(real_path);
+    ret = 1;
-    return 1;
+  } else if (response.decision == ALLOW_TEMP) {
-  }
-
-  if (response.decision == ALLOW_TEMP) {
     fprintf(stderr,
             "Permission granted temporarily to %s based on zenty response.\n",
             proc_info.name);
     set_temp_access(real_path, proc_info, SET_ALLOW);
-    free(real_path);
+    ret = 1;
-    return 1;
+  } else if (response.decision == DENY_TEMP) {
-  }
-
-  if (response.decision == DENY_TEMP) {
     fprintf(stderr,
             "Permission denied temporarily to %s based on zenty response.\n",
             proc_info.name);
     set_temp_access(real_path, proc_info, SET_DENY);
-    free(real_path);
+    ret = 0;
-    return 0;
+  } else if (response.decision == DENY) {
-  }
-
-  if (response.decision == DENY) {
     fprintf(stderr,
             "Permission denied permanently to %s based on zenty response.\n",
             proc_info.name);
     set_perm_access(real_path, proc_info, SET_DENY);
-    free(real_path);
+    ret = 0;
-    return 0;
   }
+  pthread_mutex_unlock(&access_check_mutex);
 
   free(real_path);
   // deny on unknown options.
-  return 0;
+  return ret;
 }

src/ui-socket.h

@@ -35,7 +35,7 @@ void destroy_ui_socket(void);
  * 3. user descision
  *
  * @param filename: The file that the process is trying to access
- * @pram pi: The process information
+ * @param pi: The process information
  * @param opts: options (GRANT_TEMP, GRANT_PERM)
  * @return: 0 if access is denied, 1 if access is allowed
  */

test/test.bash

@@ -46,8 +46,8 @@ if [[ $1 == "--setuid" ]]; then
 else
   echo "Database protection will not be tested due to the lack of setuid capabilites."
   echo "To test it, run this script with '--setuid'."
-  #valgrind --leak-check=full -s ../build/icfs -o default_permissions -o debug ./protected ./.pt.db 2>&1 | grep "==\|zenity\|Permission\|column\|callback" &
+  #valgrind --leak-check=full -s ../build/icfs -o default_permissions -o debug ./protected ./.pt.db 2>&1 | grep "==\|zenity\|Permission\|column\|callback\|SQLite" &
-  valgrind --leak-check=full -s ../build/icfs -o default_permissions ./protected ./.pt.db &
+  valgrind --leak-check=full --show-leak-kinds=all -s ../build/icfs -o default_permissions ./protected ./.pt.db &
   sleep 5
 fi
 
@@ -210,4 +210,4 @@ fi
 sleep 0.5
 #lsof +f -- $(realpath ./protected)
 umount "$(realpath ./protected)"
-sleep 0.5
+sleep 2