fedir/ICFS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: fedir:profiling
Branches Tags
fedir:main fedir:new-dialogue fedir:profiling fedir:setuid fedir:creation_permissions fedir:Temp_permission_table fedir:Testing fedir:API fedir:basic-passthough
..
compare: fedir:5dff492663719ac687e682db5010fe360ad533a6
Branches Tags
fedir:main fedir:new-dialogue fedir:profiling fedir:setuid fedir:creation_permissions fedir:Temp_permission_table fedir:Testing fedir:API fedir:basic-passthough

63 Commits
profiling ... 5dff492663

Author SHA1 Message Date
fedir
5dff492663 Changed semantics of --no-perm-on-create flag 2025-05-22 09:02:11 +02:00
fedir
3566131705 Added memory errors warning 2025-05-22 09:01:50 +02:00
fedir
6423e3b2ef Fixed yet another SQL injection bug. 2025-05-21 19:04:52 +02:00
fedir
5c92ece0db Removed file logging 2025-05-21 18:56:35 +02:00
fedir
8700f4f5a2 Changed perm/temp permission logic 2025-05-21 18:54:35 +02:00
fedir
0df75ee195 Fixed old sqlite3 version compatibility bug. 2025-05-21 18:31:05 +02:00
fedir
467087d76e Added performance tests and creation permission flags 2025-05-21 16:21:33 +02:00
fedir
448c862731 Changed -O0 to -Og in the debug build 2025-05-20 11:25:38 +02:00
fedir
b550c93884 Fixed arbitrary permission order 2025-05-20 11:07:28 +02:00
fedir
a7e5d7d92d Fixed undefined order of permissions 2025-05-20 10:50:58 +02:00
fedir
56165c0b76 Fixed a mistake in README 2025-05-20 10:12:18 +02:00
fedir
b1ee452890 Updated readme 2025-05-20 10:11:32 +02:00
fedir
8e1c325f98 Added mutex to permissions checks to avoid inconsistent permission checking 2025-05-20 09:59:18 +02:00
fedir
754a26884c Changed realpath to readlink 
/proc/pid/exe already seems to be a link to the absolute path to the
executable. This fixes bugs related to containerised applications.
 2025-05-20 09:57:59 +02:00
fedir
2f82ab63ac Fixed undefined permission check errors 2025-05-20 09:24:07 +02:00
fedir
90d94c7615 Fixed SQL injection 
Fixed an emabarassignly obvious SQL injection bug by throwing
`sqlite3_exec` away.
 2025-05-19 21:18:19 +02:00
fedir
a1ba96bf67 Updated the test 2025-05-19 21:15:42 +02:00
fedir
e4dbc5becc Fixed wrong pid bug 
The issue was that the thread ID wasn't factored in. A presumption was,
that FUSE already returned the PID, not TID. The issue was fixed by
implementing a function that translates the TID to PID.
 2025-05-14 20:37:32 +02:00
fedir
33f55384bc Added more leak checks 2025-05-13 18:01:03 +02:00
fedir
c8f19fe30d Fixed invalid pi bug 2025-05-13 17:59:32 +02:00
fedir
4febeb7a82 Added a logfile 2025-05-13 17:59:00 +02:00
fedir
c7ec5819c6 Fixed typos 2025-05-08 10:16:02 +02:00
fedir
31f6cc6ab8 Added missing license headers 2025-05-07 16:06:19 +02:00
fedir
d4a2cb3749 Fixed garbage collector being inactive 2025-05-07 15:55:47 +02:00
fedir
bd4cedf996 Added garbage collection to the temporary permission table. 2025-05-07 15:43:34 +02:00
fedir
2a1e94f054 Updated readme 2025-05-06 18:22:15 +02:00
fedir
fb18484aa8 Merge pull request 'new-dialogue' (#8) from new-dialogue into main 
Reviewed-on: #8
 2025-05-06 18:10:43 +02:00
fedir
78e108d0d4 Added more tests 2025-05-06 17:56:55 +02:00
fedir
b4149ac425 Updated gitignore 2025-05-06 12:19:39 +02:00
fedir
6065a0c20a Added permissions globbing tests 2025-05-06 12:18:45 +02:00
fedir
15fa0fe193 Added filename return to the dialogue mockup 2025-05-06 12:18:21 +02:00
fedir
801a7cdb39 Added temp permission globbing 2025-05-06 12:17:50 +02:00
fedir
22b091f017 Fixed empty filename bug. 2025-05-06 12:17:26 +02:00
fedir
fd2144a1f9 Added a filename check 2025-05-05 18:59:57 +02:00
fedir
420f34a7f3 Added folder globbing for permanent permissions 2025-05-05 18:53:05 +02:00
fedir
4539df9842 Fixed wrong fallback filename bug 2025-05-04 17:39:39 +02:00
fedir
e32ce5add5 Renamed all zenity mentions to dialogue 2025-05-04 17:25:47 +02:00
fedir
4f98a4834e Updated gitignore 2025-05-04 17:10:58 +02:00
fedir
8a530b493c Added new tests for the new dialogue 2025-05-04 17:10:19 +02:00
fedir
c4ae40c7bd Finished the new dialogue functionality 2025-05-04 17:09:28 +02:00
fedir
ecedbbb4ce Added DENY_TEMP access type 2025-05-04 17:05:44 +02:00
fedir
10d2988761 Added a version check for the icfs-dialogue 2025-05-04 17:05:07 +02:00
fedir
f4576cf7ea Updated gitignore 2025-05-03 12:09:55 +02:00
fedir
a2eeb81fed Updated gitignore 2025-05-03 12:09:10 +02:00
fedir
3a89449c32 Added gitignore to the dialogue 2025-05-03 12:05:11 +02:00
fedir
ac1d7c1535 Renamed zenity-clone to icfs-dialogue and improved makefile 2025-05-03 12:03:54 +02:00
fedir
112d514f59 Adapted mock zenity to the new dialogue 2025-05-03 10:32:10 +02:00
fedir
d367d6ffe7 Adapted the ui-socket to the new dialogue 2025-05-03 10:31:42 +02:00
fedir
82f66a1df3 Fixed inverted responses 2025-05-03 10:30:13 +02:00
fedir
8cb7721e39 Updated ui-socket to use the new dialogue 2025-05-01 20:55:05 +02:00
fedir
fe84daecfe Removed const where it was simply wrong. 2025-05-01 20:54:39 +02:00
fedir
683da15953 Updated the cc.h version 2025-05-01 20:52:32 +02:00
fedir
5452c3d1d7 Added filename translation to the ui-socker 2025-05-01 16:17:50 +02:00
fedir
a1445c5423 Updated Makefile 2025-05-01 16:17:27 +02:00
fedir
ed441b3c5f Absolved fuse operations of responsibility for filename translation 2025-05-01 16:17:11 +02:00
fedir
48342b0d5f Updated sourcefs header 2025-05-01 16:16:24 +02:00
fedir
31b70b6069 Added mountpoint functions to sourcefs 2025-05-01 16:16:09 +02:00
fedir
07cb76f425 Updated the dialogue 2025-05-01 16:15:00 +02:00
fedir
747077f365 Update Makefile for the zenity clone 2025-05-01 16:13:31 +02:00
fedir
ccb449ae57 Added a new dialogue 2025-04-28 10:11:50 +02:00
fedir
c4ef955ff1 Added a cleaner way of allocating the zenity command. 2025-04-15 19:02:36 +02:00
fedir
3157940c0b add a missing header 2025-04-15 18:58:18 +02:00
fedir
92378c1cde add exerimental deny flag in the tables 
For now, perm table does not set the thrid parameter to anything useful
 2025-04-15 18:57:57 +02:00
29 changed files with 5484 additions and 1247 deletions
Expand all files Collapse all files

10
.gitignore vendored
View File

@@ -2,7 +2,13 @@ build/*
.clang-tidy .clang-tidy
.cache .cache
test/protected/* test/protected/*
test/.pt.db
compile_commands.json
test/perf* test/perf*
test/callgraph* test/callgraph*
test/openers
test/opener/opener
test/opener/opener.o
test/.*
*compile_commands.json
src/gui/ui/*
src/gui/*.o
src/gui/icfs_dialogue

47
Makefile
View File

@@ -2,9 +2,17 @@ SHELL=/bin/bash
# configurable options # configurable options
SOURCES_DIR := ./src ifndef ($(SOURCES_DIR))
TESTS_DIR := ./tests SOURCES_DIR := ./src
BUILD_DIR := ./build endif
ifndef ($(TESTS_DIR))
TESTS_DIR := ./tests
endif
ifndef ($(BUILD_DIR))
BUILD_DIR := ./build
endif
CC := gcc CC := gcc
CXX := g++ CXX := g++
@@ -21,14 +29,14 @@ endif
# set up cflags and libs # set up cflags and libs
CFLAGS := -D_FILE_OFFSET_BITS=64 -g CFLAGS := -D_FILE_OFFSET_BITS=64
LDFLAGS := LDFLAGS :=
CFLAGS += $(shell pkg-config --cflags $(PACKAGE_NAMES)) CFLAGS += $(shell pkg-config --cflags $(PACKAGE_NAMES))
LDFLAGS += $(shell pkg-config --libs $(PACKAGE_NAMES)) LDFLAGS += $(shell pkg-config --libs $(PACKAGE_NAMES))
ifeq ($(DEBUG),1) ifeq ($(DEBUG),1)
CFLAGS += -O0 -pedantic -Wall -Wextra -Wcast-align \ CFLAGS += -Og -pedantic -g -Wall -Wextra -Wcast-align \
-Wcast-qual -Wdisabled-optimization -Wformat=2 \ -Wcast-qual -Wdisabled-optimization -Wformat=2 \
-Winit-self -Wlogical-op -Wmissing-declarations \ -Winit-self -Wlogical-op -Wmissing-declarations \
-Wmissing-include-dirs -Wredundant-decls -Wshadow \ -Wmissing-include-dirs -Wredundant-decls -Wshadow \
@@ -49,14 +57,20 @@ ifeq ($(TEST), 1)
TARGETS += icfs_test TARGETS += icfs_test
endif endif
ifneq ($(DIALOGUE), 0)
TARGETS += $(BUILD_DIR)/icfs_dialogue
endif
# build! # build!
default: $(TARGETS) default: $(TARGETS)
.PHONY: clean .PHONY: clean icfs_test clean-icfs clean-icfs_dialogue
$(BUILD_DIR)/icfs: $(BUILD_DIR)/main.o $(BUILD_DIR)/fuse_operations.o $(BUILD_DIR)/sourcefs.o $(BUILD_DIR)/ui-socket.o $(BUILD_DIR)/temp_permissions_table.o $(BUILD_DIR)/perm_permissions_table.o $(BUILD_DIR)/icfs_dialogue:
make -C $(SOURCES_DIR)/gui TEST=$(TEST) DEBUG=$(shell realpath $(DEBUG)) SOURCES_DIR=$(shell realpath $(SOURCES_DIR)/gui) BUILD_DIR=$(shell realpath $(BUILD_DIR)) TESTS_DIR=$(shell realpath $(TESTS_DIR))
$(BUILD_DIR)/icfs: $(BUILD_DIR)/main.o $(BUILD_DIR)/fuse_operations.o $(BUILD_DIR)/sourcefs.o $(BUILD_DIR)/ui-socket.o $(BUILD_DIR)/temp_permissions_table.o $(BUILD_DIR)/perm_permissions_table.o $(BUILD_DIR)/proc_operations.o
$(CC) $(CFLAGS) $^ $(LDFLAGS) -o $(BUILD_DIR)/icfs $(CC) $(CFLAGS) $^ $(LDFLAGS) -o $(BUILD_DIR)/icfs
icfs_test: $(BUILD_DIR)/icfs icfs_test: $(BUILD_DIR)/icfs
@@ -71,7 +85,7 @@ $(BUILD_DIR)/main.o: $(SOURCES_DIR)/main.c
$(BUILD_DIR)/fuse_operations.o: $(SOURCES_DIR)/fuse_operations.c $(SOURCES_DIR)/fuse_operations.h $(BUILD_DIR)/fuse_operations.o: $(SOURCES_DIR)/fuse_operations.c $(SOURCES_DIR)/fuse_operations.h
$(CC) $(CFLAGS) -c $< $(LDFLAGS) -o $@ $(CC) $(CFLAGS) -c $< $(LDFLAGS) -o $@
$(BUILD_DIR)/sourcefs.o: $(SOURCES_DIR)/sourcefs.c $(SOURCES_DIR)/sourcefs.h $(BUILD_DIR)/sourcefs.o: $(SOURCES_DIR)/sourcefs.c $(SOURCES_DIR)/sourcefs.h $(SOURCES_DIR)/real_filename.h
$(CC) $(CFLAGS) -c $< $(LDFLAGS) -o $@ $(CC) $(CFLAGS) -c $< $(LDFLAGS) -o $@
$(BUILD_DIR)/ui-socket.o: $(SOURCES_DIR)/ui-socket.c $(SOURCES_DIR)/ui-socket.h $(BUILD_DIR)/ui-socket.o: $(SOURCES_DIR)/ui-socket.c $(SOURCES_DIR)/ui-socket.h
@@ -83,6 +97,19 @@ $(BUILD_DIR)/temp_permissions_table.o: $(SOURCES_DIR)/temp_permissions_table.c $
$(BUILD_DIR)/perm_permissions_table.o: $(SOURCES_DIR)/perm_permissions_table.c $(SOURCES_DIR)/perm_permissions_table.h $(BUILD_DIR)/perm_permissions_table.o: $(SOURCES_DIR)/perm_permissions_table.c $(SOURCES_DIR)/perm_permissions_table.h
$(CC) $(CFLAGS) -c $< $(LDFLAGS) -o $@ $(CC) $(CFLAGS) -c $< $(LDFLAGS) -o $@
$(BUILD_DIR)/proc_operations.o: $(SOURCES_DIR)/proc_operations.c $(SOURCES_DIR)/proc_operations.h
$(CC) $(CFLAGS) -c $< $(LDFLAGS) -o $@
clean: CLEAN_TARGETS=clean-icfs
rm $(BUILD_DIR)/*.o $(BUILD_DIR)/icfs*
ifneq ($(DIALOGUE), 0)
CLEAN_TARGETS += clean-icfs_dialogue
endif
clean: $(CLEAN_TARGETS)
clean-icfs:
rm $(BUILD_DIR)/*.o $(BUILD_DIR)/icfs
clean-icfs_dialogue:
make -C $(SOURCES_DIR)/gui clean SOURCES_DIR=$(shell realpath $(SOURCES_DIR)/gui) BUILD_DIR=$(shell realpath $(BUILD_DIR)) TESTS_DIR=$(shell realpath $(TESTS_DIR))

26
README.md
View File

@@ -15,20 +15,36 @@ Traditional access control mechanisms in operating systems allow the same level
- Install dependencies - Install dependencies
- libfuse3 - libfuse3
- Debian: `sudo apt install fuse3 libfuse3-dev` - Debian: `sudo apt install fuse3 libfuse3-dev`
- zenity
- Debian: `sudo apt install zenity`
- Build tools - Build tools
- Debian: `sudo apt install gcc make pkg-config` - Debian: `sudo apt install gcc make pkg-config`
- Build using `make`: - Build using `make`:
- In the project directory: `make` - In the project directory: `make`
- Use `make DEBUG=1` for testing. - Add `DEBUG=1` to show more compiler warnings.
- Add `TEST=1` to also test the program.
- Add `DIALOGUE=0` to not compile the dialogue program.
- Resulting binaries should appear in the `build` directory. - Resulting binaries should appear in the `build` directory.
## Installation
Currently, there is no installer implemented.
## Usage ## Usage
`icfs <FUSE arguments> [target directory]` ```
icfs <FUSE arguments> [target directory] [path to permanent permission database]
```
The filesystem will be mounted over the target directory, and ask user permission every time a file in that directory is opened. The filesystem will be mounted over the target directory, and ask user permission every time a file in that directory is opened. We highly recommend adding `-o default_permissions` to increase performance and add an additional security layer.
### Development build
Execute this command in the root directory of this project:
```
env PATH="$(realpath ./build):$PATH" build/icfs <FUSE arguments> [target directory] [path to permanent permission database]
```
The `env PATH="$(realpath ./build):$PATH"` adds the access dialogue program to PATH, allowing ICFS to call it seamlessly.
## Docs ## Docs

14
src/access_t.h Normal file
View File

@@ -0,0 +1,14 @@
/*
ICFS: Interactively Controlled File System
Copyright (C) 2024-2025 Fedir Kovalov
This program can be distributed under the terms of the GNU GPLv2.
See the file LICENSE.
*/
#ifndef ACCESS_T_H
#define ACCESS_T_H
typedef enum { DENY, ALLOW, ALLOW_TEMP, DENY_TEMP, NDEF } access_t;
#endif // !ACCESS_T_H

4769
src/cc.h
View File

File diff suppressed because it is too large Load Diff

117
src/fuse_operations.c
View File

@@ -11,6 +11,10 @@
See the file LICENSE. See the file LICENSE.
*/ */
#include "process_info.h"
#include "real_filename.h"
#include "set_mode_t.h"
#include <assert.h>
#include <stddef.h> #include <stddef.h>
#define FUSE_USE_VERSION 31 #define FUSE_USE_VERSION 31
@@ -37,65 +41,14 @@
#include <sys/file.h> /* flock(2) */ #include <sys/file.h> /* flock(2) */
#include "fuse_operations.h" #include "fuse_operations.h"
#include "proc_operations.h"
#include "sourcefs.h" #include "sourcefs.h"
#include "temp_permissions_table.h"
#include "ui-socket.h" #include "ui-socket.h"
const char *get_process_name_by_pid(const int pid) { int auto_create_perm = GRANT_TEMP;
char path[1024];
sprintf(path, "/proc/%d/exe", pid);
char *name = realpath(path, NULL); void set_auto_create_perm(int val) { auto_create_perm = val; }
if (name == NULL) {
fprintf(stderr, "Could not get process name by pid %d", pid);
perror("");
}
/*
size_t namelen = 32;
ssize_t readret = 0;
char *name = NULL;
while (namelen >= (size_t)readret && readret > 0) {
namelen *= 2;
name = calloc(namelen, sizeof(char));
if (name == NULL) {
free(path);
fprintf(stderr, "Could not get get process name by pid %d", pid);
perror("");
return NULL;
}
readret = readlink(path, name, namelen);
if (readret < 0) {
free(name);
free(path);
fprintf(stderr, "Couldn't get process name by pid %d", pid);
perror("");
return NULL;
}
if (namelen >= (size_t)readret) {
free(name);
}
}
*/
return name;
/*
FILE *file = fopen(path, "r");
if (file) {
size_t size = 0;
size = fread(path, sizeof(char), 1024, file);
if (size > 0) {
if ('\n' == path[size - 1]) {
path[size - 1] = '\0';
}
}
fclose(file);
}
*/
}
// TODO: move this somewhere else
const char *real_filename(const char *filename) { return filename; }
static void *xmp_init(struct fuse_conn_info *conn, struct fuse_config *cfg) { static void *xmp_init(struct fuse_conn_info *conn, struct fuse_config *cfg) {
(void)conn; (void)conn;
@@ -107,7 +60,9 @@ static void *xmp_init(struct fuse_conn_info *conn, struct fuse_config *cfg) {
in current function (recommended in high level API) or set fi->direct_io in current function (recommended in high level API) or set fi->direct_io
in xmp_create() or xmp_open(). */ in xmp_create() or xmp_open(). */
cfg->direct_io = 1; cfg->direct_io = 1;
#if FUSE_VERSION > FUSE_MAKE_VERSION(3, 14)
cfg->parallel_direct_writes = 1; cfg->parallel_direct_writes = 1;
#endif
/* Pick up changes from lower filesystem right away. This is /* Pick up changes from lower filesystem right away. This is
also necessary for better hardlink support. When the kernel also necessary for better hardlink support. When the kernel
@@ -120,6 +75,8 @@ static void *xmp_init(struct fuse_conn_info *conn, struct fuse_config *cfg) {
cfg->attr_timeout = 0; cfg->attr_timeout = 0;
cfg->negative_timeout = 0; cfg->negative_timeout = 0;
fprintf(stderr, "%d\n", getpid()); fprintf(stderr, "%d\n", getpid());
assert(get_mountpoint() != NULL);
init_garbage_collector();
return NULL; return NULL;
} }
@@ -135,7 +92,7 @@ static int xmp_getattr(const char *path, struct stat *stbuf,
else else
res = source_stat(path, stbuf); res = source_stat(path, stbuf);
if (res == -1) { if (res == -1) {
perror("Stat failed"); perror("[ICFS] Stat failed");
return -errno; return -errno;
} }
@@ -157,7 +114,7 @@ static int xmp_access(const char *path, int mask) {
// fprintf(stderr, "%s, %d\n", path, ask_access(path, pi)); // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
if (!interactive_access(real_filename(path), proc_info, 0)) { if (!interactive_access(path, proc_info, 0)) {
free((void *)proc_info.name); free((void *)proc_info.name);
return -EACCES; return -EACCES;
} }
@@ -199,7 +156,7 @@ static int xmp_opendir(const char *path, struct fuse_file_info *fi) {
d->dp = source_opendir(path); d->dp = source_opendir(path);
if (d->dp == NULL) { if (d->dp == NULL) {
perror("Opendir failed"); perror("[ICFS] Opendir failed");
res = -errno; res = -errno;
free(d); free(d);
return res; return res;
@@ -318,12 +275,11 @@ static int xmp_unlink(const char *path) {
struct fuse_context *fc = fuse_get_context(); struct fuse_context *fc = fuse_get_context();
// ask the user for the permission for deleting the file // ask the user for the permission for deleting the file
pi.PID = fc->pid; pi = get_process_info(fc->pid);
pi.name = get_process_name_by_pid(pi.PID);
// fprintf(stderr, "%s, %d\n", path, ask_access(path, pi)); // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
if (!interactive_access(real_filename(path), pi, 0)) { if (!interactive_access(path, pi, 0)) {
free(pi.name); free(pi.name);
return -EACCES; return -EACCES;
} }
@@ -366,20 +322,18 @@ static int xmp_rename(const char *from, const char *to, unsigned int flags) {
struct process_info pi; struct process_info pi;
struct fuse_context *fc = fuse_get_context(); struct fuse_context *fc = fuse_get_context();
pi.PID = fc->pid; pi = get_process_info(fc->pid);
pi.name = get_process_name_by_pid(pi.PID);
// fprintf(stderr, "%s, %d\n", path, ask_access(path, pi)); // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
if (!interactive_access(real_filename(from), pi, 0)) { if (!interactive_access(from, pi, 0)) {
free(pi.name); free(pi.name);
return -EACCES; return -EACCES;
} }
// the "to" file may exist and the process needs to get persmission to modify // the "to" file may exist and the process needs to get persmission to modify
// it // it
if (source_access(to, F_OK) == 0 && if (source_access(to, F_OK) == 0 && !interactive_access(to, pi, 0)) {
!interactive_access(real_filename(to), pi, 0)) {
free(pi.name); free(pi.name);
return -EACCES; return -EACCES;
} }
@@ -398,11 +352,10 @@ static int xmp_link(const char *from, const char *to) {
struct process_info pi; struct process_info pi;
struct fuse_context *fc = fuse_get_context(); struct fuse_context *fc = fuse_get_context();
pi.PID = fc->pid; pi = get_process_info(fc->pid);
pi.name = get_process_name_by_pid(pi.PID);
// fprintf(stderr, "%s, %d\n", path, ask_access(path, pi)); // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
if (!interactive_access(real_filename(from), pi, 0)) { if (!interactive_access(from, pi, 0)) {
free(pi.name); free(pi.name);
return -EACCES; return -EACCES;
} }
@@ -423,11 +376,10 @@ static int xmp_chmod(const char *path, mode_t mode, struct fuse_file_info *fi) {
struct process_info pi; struct process_info pi;
struct fuse_context *fc = fuse_get_context(); struct fuse_context *fc = fuse_get_context();
pi.PID = fc->pid; pi = get_process_info(fc->pid);
pi.name = get_process_name_by_pid(pi.PID);
// fprintf(stderr, "%s, %d\n", path, ask_access(path, pi)); // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
if (!interactive_access(real_filename(path), pi, 0)) { if (!interactive_access(path, pi, 0)) {
free(pi.name); free(pi.name);
return -EACCES; return -EACCES;
} }
@@ -454,11 +406,10 @@ static int xmp_chown(const char *path, uid_t uid, gid_t gid,
struct process_info pi; struct process_info pi;
struct fuse_context *fc = fuse_get_context(); struct fuse_context *fc = fuse_get_context();
pi.PID = fc->pid; pi = get_process_info(fc->pid);
pi.name = get_process_name_by_pid(pi.PID);
// fprintf(stderr, "%s, %d\n", path, ask_access(path, pi)); // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
if (!interactive_access(real_filename(path), pi, 0)) { if (!interactive_access(path, pi, 0)) {
free(pi.name); free(pi.name);
return -EACCES; return -EACCES;
} }
@@ -513,14 +464,15 @@ static int xmp_create(const char *path, mode_t mode,
struct process_info pi; struct process_info pi;
struct fuse_context *fc = fuse_get_context(); struct fuse_context *fc = fuse_get_context();
pi.PID = fc->pid; pi = get_process_info(fc->pid);
pi.name = get_process_name_by_pid(pi.PID);
// fprintf(stderr, "%s, %d\n", path, ask_access(path, pi)); // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
if (!interactive_access(real_filename(path), pi, GRANT_PERM)) { if (auto_create_perm != 0) {
free(pi.name); if (!interactive_access(path, pi, auto_create_perm)) {
return -EACCES; free(pi.name);
return -EACCES;
}
} }
free(pi.name); free(pi.name);
@@ -538,11 +490,10 @@ static int xmp_open(const char *path, struct fuse_file_info *fi) {
struct process_info pi; struct process_info pi;
struct fuse_context *fc = fuse_get_context(); struct fuse_context *fc = fuse_get_context();
pi.PID = fc->pid; pi = get_process_info(fc->pid);
pi.name = get_process_name_by_pid(pi.PID);
// fprintf(stderr, "%s, %d\n", path, ask_access(path, pi)); // fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
if (!interactive_access(real_filename(path), pi, 0)) { if (!interactive_access(path, pi, 0)) {
free(pi.name); free(pi.name);
return -EACCES; return -EACCES;
} }

1
src/fuse_operations.h
View File

@@ -14,5 +14,6 @@
#include <fuse3/fuse.h> #include <fuse3/fuse.h>
const struct fuse_operations *get_fuse_operations(); const struct fuse_operations *get_fuse_operations();
void set_auto_create_perm(int val);
#endif #endif

77
src/gui/Makefile Normal file
View File

@@ -0,0 +1,77 @@
SHELL=/bin/bash
# configurable options
ifndef ($(SOURCES_DIR))
SOURCES_DIR := .
endif
ifndef ($(TESTS_DIR))
TESTS_DIR := .
endif
ifndef ($(BUILD_DIR))
BUILD_DIR := .
endif
CC := gcc
CXX := g++
# dependencies
PACKAGE_NAMES := gtk4 libadwaita-1
ifeq ($(TEST), 1)
# PACKAGE_NAMES += check # TODO: use check?
endif
# set up cflags and libs
CFLAGS := -D_FILE_OFFSET_BITS=64
LDFLAGS :=
CFLAGS += $(shell pkg-config --cflags $(PACKAGE_NAMES))
LDFLAGS += $(shell pkg-config --libs $(PACKAGE_NAMES))
ifeq ($(DEBUG),1)
CFLAGS += -O0 -pedantic -g -Wall -Wextra -Wcast-align \
-Wcast-qual -Wdisabled-optimization -Wformat=2 \
-Winit-self -Wlogical-op -Wmissing-declarations \
-Wmissing-include-dirs -Wredundant-decls -Wshadow \
-Wsign-conversion -Wstrict-overflow=5 \
-Wswitch-default -Wundef -Wno-unused
LDFLAGS +=
else
CFLAGS += -O3
LDFLAGS +=
endif
# set up targets
TARGETS := $(BUILD_DIR)/icfs_dialogue
ifeq ($(TEST), 1)
TARGETS += icfs_dialogue_test
endif
# build!
default: $(TARGETS)
.PHONY: clean icfs_dialogue_test
icfs_dialogue_test: $(BUILD_DIR)/icfs_dialogue
$(BUILD_DIR)/icfs_dialogue 666 cat /home/fedir /Downloads
$(BUILD_DIR)/icfs_dialogue: $(BUILD_DIR)/icfs_dialogue.o
$(CC) $(CFLAGS) $^ $(LDFLAGS) -o $(BUILD_DIR)/icfs_dialogue
$(BUILD_DIR)/icfs_dialogue.o: $(SOURCES_DIR)/icfs_dialogue.c
$(CC) $(CFLAGS) -c $< $(LDFLAGS) -o $(BUILD_DIR)/icfs_dialogue.o
clean:
rm $(BUILD_DIR)/*.o $(BUILD_DIR)/icfs_dialogue

161
src/gui/icfs_dialogue.c Normal file
View File

@@ -0,0 +1,161 @@
#include "gio/gio.h"
#include "glib-object.h"
#include "glib.h"
#include <adwaita.h>
#include <gtk/gtk.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#define YES 0
#define NO 1
#define PERM 2
int exit_code = 0;
gboolean is_permanent = false;
GtkEntryBuffer *entry_buffer = NULL;
GtkWidget *checkbox = NULL;
static void positive_response(GtkWindow *window) {
fprintf(stdout, "%s", gtk_entry_buffer_get_text(entry_buffer));
exit_code = (gtk_check_button_get_active(GTK_CHECK_BUTTON(checkbox)))
? YES | PERM
: YES;
gtk_window_close(window);
}
static void negative_response(GtkWindow *window) {
fprintf(stdout, "%s", gtk_entry_buffer_get_text(entry_buffer));
exit_code = (gtk_check_button_get_active(GTK_CHECK_BUTTON(checkbox)))
? NO | PERM
: NO;
gtk_window_close(window);
}
static void on_check_button_toggled(GtkToggleButton *button,
gpointer user_data) {
gboolean active = gtk_toggle_button_get_active(button);
}
static void on_activate(GtkApplication *app, gpointer user_data) {
// Create the main window
AdwWindow *window = ADW_WINDOW(adw_window_new());
gtk_window_set_application(GTK_WINDOW(window), app);
gtk_window_set_title(GTK_WINDOW(window), "icfs");
// gtk_window_set_default_size(GTK_WINDOW(window), 300, 150);
AdwStatusPage *content = ADW_STATUS_PAGE(adw_status_page_new());
adw_status_page_set_title(content, "Allow access?");
char *description = NULL;
asprintf(
&description,
"Allow process <tt>%s</tt> with PID <tt>%s</tt> to access <tt>%s</tt>",
g_object_get_data(G_OBJECT(app), "accessing_name"),
g_object_get_data(G_OBJECT(app), "accessing_pid"),
g_object_get_data(G_OBJECT(app), "access_dir"));
adw_status_page_set_description(content, description);
free(description);
entry_buffer = gtk_entry_buffer_new(
g_object_get_data(G_OBJECT(app), "access_dir"),
strlen(g_object_get_data(G_OBJECT(app), "access_dir")));
GtkWidget *entry = gtk_entry_new();
gtk_entry_set_buffer(GTK_ENTRY(entry), entry_buffer);
gtk_entry_set_placeholder_text(GTK_ENTRY(entry), "Enter filename");
gtk_widget_set_hexpand(entry, TRUE);
// Create a prefix label and box
GtkWidget *entry_box = gtk_box_new(GTK_ORIENTATION_HORIZONTAL, 0);
GtkWidget *prefix_label =
gtk_label_new(g_object_get_data(G_OBJECT(app), "root_folder"));
gtk_box_append(GTK_BOX(entry_box), prefix_label);
gtk_box_append(GTK_BOX(entry_box), entry);
checkbox = gtk_check_button_new_with_label("Permanent");
gtk_check_button_set_active(GTK_CHECK_BUTTON(checkbox), false);
// gtk_widget_set_halign(checkbox, GTK_ALIGN_CENTER);
GtkWidget *yes_button = gtk_button_new_with_label("Yes");
gtk_widget_set_hexpand(yes_button, TRUE);
g_signal_connect_swapped(yes_button, "clicked", G_CALLBACK(positive_response),
window);
GtkWidget *no_button = gtk_button_new_with_label("No");
gtk_widget_set_hexpand(no_button, TRUE);
g_signal_connect_swapped(no_button, "clicked", G_CALLBACK(negative_response),
window);
GtkWidget *button_box = gtk_box_new(GTK_ORIENTATION_HORIZONTAL, 6);
gtk_box_append(GTK_BOX(button_box), yes_button);
gtk_box_append(GTK_BOX(button_box), no_button);
gtk_widget_set_halign(button_box, GTK_ALIGN_FILL);
// Combine everything in a box
GtkWidget *box = gtk_box_new(GTK_ORIENTATION_VERTICAL, 12);
gtk_box_append(GTK_BOX(box), GTK_WIDGET(content));
gtk_box_append(GTK_BOX(box), entry_box);
gtk_box_append(GTK_BOX(box), checkbox);
gtk_box_append(GTK_BOX(box), button_box);
gtk_widget_set_margin_top(GTK_WIDGET(box), 12);
gtk_widget_set_margin_bottom(GTK_WIDGET(box), 12);
gtk_widget_set_margin_start(GTK_WIDGET(box), 12);
gtk_widget_set_margin_end(GTK_WIDGET(box), 12);
// g_signal_connect(window, "response", G_CALLBACK(gtk_window_close), window);
// Show the dialog
adw_window_set_content(window, box);
gtk_window_present(GTK_WINDOW(window));
}
static int on_command_line(GApplication *app, GApplicationCommandLine *cmdline,
gpointer user_data) {
gchar **argv;
gint argc;
argv = g_application_command_line_get_arguments(cmdline, &argc);
// Handle your arguments here
if (argc >= 4) {
fprintf(stderr, "%s\n", argv[1]);
g_object_set_data_full(G_OBJECT(app), "accessing_pid", g_strdup(argv[1]),
g_free);
g_object_set_data_full(G_OBJECT(app), "accessing_name", g_strdup(argv[2]),
g_free);
g_object_set_data_full(G_OBJECT(app), "root_folder", g_strdup(argv[3]),
g_free);
g_object_set_data_full(G_OBJECT(app), "access_dir", g_strdup(argv[4]),
g_free);
}
g_strfreev(argv);
// Activate the application
g_application_activate(app);
return 0;
}
int main(int argc, char **argv) {
if (argc == 2 && strcmp(argv[1], "--version") == 0) {
fprintf(stdout, "icfs_dialogue 1.0.0");
}
// disable accessibility features to prevent attacks
g_setenv("NO_AT_BRIDGE", "1", TRUE);
// Create a new application
AdwApplication *app = adw_application_new("de.umbrasolis.icfs_dialogue",
G_APPLICATION_HANDLES_COMMAND_LINE);
g_signal_connect(app, "command-line", G_CALLBACK(on_command_line), NULL);
g_signal_connect(app, "activate", G_CALLBACK(on_activate), NULL);
// Run the application
int status = g_application_run(G_APPLICATION(app), argc, argv);
g_object_unref(app);
return (status == 0) ? exit_code : status;
}

38
src/main.c
View File

@@ -10,6 +10,7 @@
See the file LICENSE. See the file LICENSE.
*/ */
#include <string.h>
#define FUSE_USE_VERSION 31 #define FUSE_USE_VERSION 31
#define _GNU_SOURCE #define _GNU_SOURCE
@@ -29,7 +30,28 @@ const char *mountpoint = NULL;
int main(int argc, char *argv[]) { int main(int argc, char *argv[]) {
if (argc < 3) { if (argc < 3) {
fprintf(stderr, "Usage: icfs <FUSE arguments> [target directory] [path to " fprintf(stderr, "Usage: icfs <FUSE arguments> [target directory] [path to "
"the permanent permissions database\n"); "the permanent permissions database] <ICFS "
"arguments>\n\t--no-perm-on-create - do not give any "
"access permissions on file creation"
"(incompatible with --temp-on-create)\n\t--perm-on-create "
"- automatically give permanent access permission to files "
"a process creates "
"(incompatible with --no-perm-on-create)\n");
return EXIT_FAILURE;
}
if ((0 == strcmp(argv[argc - 1], "--no-perm-on-create") &&
0 == strcmp(argv[argc - 2], "--temp-on-create")) ||
(0 == strcmp(argv[argc - 2], "--no-perm-on-create") &&
0 == strcmp(argv[argc - 1], "--temp-on-create"))) {
fprintf(stderr, "Usage: icfs <FUSE arguments> [target directory] [path to "
"the permanent permissions database] <ICFS "
"arguments>\n\t--no-perm-on-create - do not give any "
"access permissions on file creation"
"(incompatible with --temp-on-create)\n\t--perm-on-create "
"- automatically give permanent access permission to files "
"a process creates "
"(incompatible with --no-perm-on-create)\n");
return EXIT_FAILURE; return EXIT_FAILURE;
} }
@@ -37,11 +59,20 @@ int main(int argc, char *argv[]) {
// permissions than it's caller reqested // permissions than it's caller reqested
umask(0); umask(0);
if (0 == strcmp(argv[argc - 1], "--no-perm-on-create")) {
set_auto_create_perm(0);
argc--;
}
if (0 == strcmp(argv[argc - 1], "--perm-on-create")) {
set_auto_create_perm(GRANT_PERM);
argc--;
}
// ui socket should always be initialized before anything else, since it // ui socket should always be initialized before anything else, since it
// handles the setuid bits! // handles the setuid bits!
int ret = init_ui_socket(argv[argc - 1]); int ret = init_ui_socket(argv[argc - 1]);
if (ret != 0) { if (ret != 0) {
fprintf(stderr, "Could not initalize ui-socket.\n"); fprintf(stderr, "[ICFS] Could not initalize ui-socket.\n");
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
@@ -49,13 +80,14 @@ int main(int argc, char *argv[]) {
ret = source_init(mountpoint); ret = source_init(mountpoint);
if (ret != 0) { if (ret != 0) {
perror("source_init"); perror("[ICFS] source_init");
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
ret = fuse_main(argc - 1, argv, get_fuse_operations(), NULL); ret = fuse_main(argc - 1, argv, get_fuse_operations(), NULL);
free((void *)mountpoint); free((void *)mountpoint);
source_destroy();
destroy_ui_socket(); destroy_ui_socket();
return ret; return ret;
} }

260
src/perm_permissions_table.c
View File

@@ -7,7 +7,10 @@
*/ */
#include "perm_permissions_table.h" #include "perm_permissions_table.h"
#include "access_t.h"
#include "proc_operations.h"
#include "process_info.h" #include "process_info.h"
#include "set_mode_t.h"
#include <fcntl.h> #include <fcntl.h>
#include <pthread.h> #include <pthread.h>
#include <sqlite3.h> #include <sqlite3.h>
@@ -23,23 +26,22 @@
sqlite3 *perm_database = NULL; sqlite3 *perm_database = NULL;
const char *const table_name = "permissions"; const char *const table_name = "permissions";
// one row corresponds to a permission to access one file for one executable // one row corresponds to a permission to access one file for one executable
const int column_count = 2; const int column_count = 3;
const char *const schema[] = {"executable", "filename"}; const char *const schema[] = {"executable", "filename", "mode"};
const char *const types[] = {"TEXT", "TEXT"}; const char *const types[] = {"TEXT", "TEXT", "INTEGER"};
uid_t ruid, euid, current_pid; uid_t ruid, euid, current_uid;
sqlite3_stmt *perm_check_statement = NULL;
pthread_mutex_t uid_switch = PTHREAD_MUTEX_INITIALIZER; pthread_mutex_t uid_switch = PTHREAD_MUTEX_INITIALIZER;
void set_db_fsuid() { void set_db_fsuid() {
pthread_mutex_lock(&uid_switch); pthread_mutex_lock(&uid_switch);
if (current_pid == ruid) if (current_uid == ruid)
return; return;
int status = -1; int status = -1;
status = setfsuid(ruid); status = setfsuid(ruid);
if (status < 0) { if (status < 0) {
fprintf(stderr, "Couldn't set uid to %d.\n", ruid); fprintf(stderr, "[ICFS] Couldn't set uid to %d.\n", ruid);
exit(status); exit(status);
} }
pthread_mutex_unlock(&uid_switch); pthread_mutex_unlock(&uid_switch);
@@ -47,14 +49,14 @@ void set_db_fsuid() {
void set_real_fsuid() { void set_real_fsuid() {
pthread_mutex_lock(&uid_switch); pthread_mutex_lock(&uid_switch);
if (current_pid == ruid) if (current_uid == ruid)
return; return;
int status = -1; int status = -1;
status = setfsuid(ruid); status = setfsuid(ruid);
if (status < 0) { if (status < 0) {
fprintf(stderr, "Couldn't set uid to %d.\n", euid); fprintf(stderr, "[ICFS] Couldn't set uid to %d.\n", euid);
exit(status); exit(status);
} }
pthread_mutex_unlock(&uid_switch); pthread_mutex_unlock(&uid_switch);
@@ -65,44 +67,60 @@ static int check_table_col_schema(void *notused, int argc, char **argv,
(void)notused; (void)notused;
(void)colname; (void)colname;
if (argc < 3) { if (argc < 3) {
fprintf(stderr, "Unexpected amount of arguments given to the callback.\n"); fprintf(stderr,
"[ICFS] Unexpected amount of arguments given to the callback.\n");
return 1; return 1;
} }
int column_num = atoi(argv[0]); int column_num = atoi(argv[0]);
if (column_num >= column_count) { if (column_num >= column_count) {
fprintf(stderr, "Table contains more columns than expected.\n"); fprintf(stderr, "[ICFS] Table contains unexpected amount of columns.\n");
return 1; return 1;
} }
if (strcmp(schema[column_num], argv[1]) == 0 && if (strcmp(schema[column_num], argv[1]) == 0 &&
strcmp(types[column_num], argv[2]) == 0) { strcmp(types[column_num], argv[2]) == 0) {
return 0; return 0;
} }
fprintf(stderr, "Column %d does not conform to the schema.\n", column_num); fprintf(stderr, "[ICFS] Column %d does not conform to the schema.\n",
column_num);
return 1; return 1;
} }
static int set_flag(void *flag, int argc, char **argv, char **colname) { static int set_flag(void *flag, int argc, char **argv, char **colname) {
(void)argc;
(void)argv;
(void)colname; (void)colname;
*(int *)flag = 1;
if (argc < 3) {
fprintf(
stderr,
"[ICFS] Unexpected amount of arguments given to the callback: %d.\n",
argc);
return 1;
}
if (atoi(argv[2])) {
fprintf(stderr, "[ICFS] Third column was: %s\n", argv[2]);
*(int *)flag = 1;
} else {
*(int *)flag = -1;
}
return 0; return 0;
} }
int create_database_schema() { int create_database_schema() {
fprintf(stderr, "Creating table 'permissions'.\n"); fprintf(stderr, "[ICFS] Creating table 'permissions'.\n");
const char *create_query = "CREATE TABLE permissions(executable TEXT NOT " const char *create_query =
"NULL, filename TEXT NOT NULL);"; "CREATE TABLE permissions(executable TEXT NOT "
"NULL, filename TEXT NOT NULL, mode INTEGER NOT NULL);";
char *err = NULL; char *err = NULL;
int ret = sqlite3_exec(perm_database, create_query, NULL, NULL, &err); int ret = sqlite3_exec(perm_database, create_query, NULL, NULL, &err);
if (ret != SQLITE_OK) { if (ret != SQLITE_OK) {
fprintf(stderr, "sqlite3 error: %s\n", err); fprintf(stderr, "[ICFS] sqlite3 error: %s\n", err);
sqlite3_free(err); sqlite3_free(err);
return 1; return 1;
} }
fprintf(stderr, "Database created successfully\n"); fprintf(stderr, "[ICFS] Database created successfully\n");
return 0; return 0;
} }
@@ -116,14 +134,14 @@ int ensure_database_schema() {
int result = sqlite3_table_column_metadata( int result = sqlite3_table_column_metadata(
perm_database, NULL, table_name, NULL, NULL, NULL, NULL, NULL, NULL); perm_database, NULL, table_name, NULL, NULL, NULL, NULL, NULL, NULL);
if (result == SQLITE_ERROR) { if (result == SQLITE_ERROR) {
fprintf(stderr, "Table '%s' does not exist.\n", table_name); fprintf(stderr, "[ICFS] Table '%s' does not exist.\n", table_name);
if (create_database_schema()) { if (create_database_schema()) {
fprintf(stderr, "Table could not be created.\n"); fprintf(stderr, "[ICFS] Table could not be created.\n");
return 1; return 1;
} }
return 0; return 0;
} else if (result != SQLITE_OK) { } else if (result != SQLITE_OK) {
fprintf(stderr, "Database metadata could not be retrieved.\n"); fprintf(stderr, "[ICFS] Database metadata could not be retrieved.\n");
return 1; return 1;
} }
@@ -133,54 +151,15 @@ int ensure_database_schema() {
sqlite3_exec(perm_database, pragma, check_table_col_schema, NULL, &err); sqlite3_exec(perm_database, pragma, check_table_col_schema, NULL, &err);
if (ret != SQLITE_OK) { if (ret != SQLITE_OK) {
fprintf(stderr, "sqlite3 error: %s\n", err); fprintf(stderr, "[ICFS] sqlite3 error: %s\n", err);
sqlite3_free(err); sqlite3_free(err);
return 1; return 1;
} }
fprintf(stderr, "Schema is correct.\n"); fprintf(stderr, "[ICFS] Schema is correct.\n");
return 0; return 0;
} }
int prepare_sql_queries() {
const char *query_template =
"SELECT * FROM %s WHERE executable = ? AND filename = ?;";
char *query_string = NULL;
int query_len = snprintf(NULL, 0, query_template, table_name) + 1;
if (query_len < 0) {
fprintf(stderr, "Failed to prepare statement");
perror("");
return 1;
}
query_string = malloc(query_len);
if (query_string == NULL) {
fprintf(stderr, "Failed to allocate memory for the query");
perror("");
return 1;
}
int ret = snprintf(query_string, query_len, query_template, table_name);
if (ret < 0) {
fprintf(stderr, "Failed to prepare statement");
perror("");
free(query_string);
return 1;
}
if (sqlite3_prepare_v2(perm_database, query_string, -1, &perm_check_statement,
NULL) != SQLITE_OK) {
fprintf(stderr, "Failed to prepare statement: %s\n",
sqlite3_errmsg(perm_database));
free(query_string);
return 1;
}
free(query_string);
return 0;
}
void free_sql_queries(void) { sqlite3_finalize(perm_check_statement); }
/** /**
* Initializes the permanent permissions table. * Initializes the permanent permissions table.
* *
@@ -192,78 +171,115 @@ int init_perm_permissions_table(const char *db_filename) {
umask(0077); umask(0077);
ruid = getuid(); ruid = getuid();
euid = geteuid(); euid = geteuid();
fprintf(stderr, "Running with uid: %d, gid: %d\n", euid, getegid()); fprintf(stderr, "[ICFS] Running with uid: %d, gid: %d\n", euid, getegid());
if (sqlite3_open_v2(db_filename, &perm_database, if (sqlite3_open_v2(db_filename, &perm_database,
SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE | SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE |
SQLITE_OPEN_FULLMUTEX, SQLITE_OPEN_FULLMUTEX,
NULL)) { NULL)) {
perror("Can't open permanent permissions database"); perror("[ICFS] Can't open permanent permissions database");
return -1; return -1;
} }
umask(0); umask(0);
if (ensure_database_schema()) { if (ensure_database_schema()) {
fprintf(stderr, "Database schema is not correct.\n"); fprintf(stderr, "[ICFS] Database schema is not correct.\n");
return -1; return -1;
} }
int status = seteuid(ruid); int status = seteuid(ruid);
if (status < 0) { if (status < 0) {
fprintf(stderr, "Couldn't set euid to ruid.\n"); fprintf(stderr,
"[ICFS] Couldn't set euid to ruid during database setup.\n");
exit(status); exit(status);
} }
if (prepare_sql_queries()) {
fprintf(stderr, "Couldn't prepare sql queries.\n");
exit(status);
}
return 0; return 0;
} }
/** /**
* Destroys the permanent permissions table. * Destroys the permanent permissions table.
*/ */
void destroy_perm_permissions_table(void) { void destroy_perm_permissions_table(void) { sqlite3_close(perm_database); }
free_sql_queries();
sqlite3_close(perm_database);
}
/** /**
* Checks if the process has a permanent access to the file. * Checks if the process has a permanent access to the file.
* *
* @param filename: The file that the process is trying to access * @param filename: The file that the process is trying to access
* @pram pi: The process information * @param pi: The process information
* @return: 0 if access is denied, 1 if access is allowed * @return: access status - ALLOW, DENY or NDEF in case if no information was
* found
*/ */
int check_perm_access(const char *filename, struct process_info pi) { access_t check_perm_access_noparent(const char *filename,
size_t query_len = struct process_info pi) {
56 + strlen(table_name) + strlen(filename) + strlen(pi.name); if (pi.name == NULL)
const char *query = malloc(query_len); return NDEF;
size_t should_be_written = snprintf(
query, query_len, access_t ret = NDEF;
"SELECT * FROM %s WHERE executable = \'%s\' AND filename = \'%s\';", sqlite3_stmt *stmt = NULL;
table_name, pi.name, filename); const char *sql =
// -1 for the \0 "SELECT mode FROM permissions WHERE executable = ?1 "
if (should_be_written != query_len - 1) { "AND (( ?2 LIKE (filename || \'%\') AND filename "
fprintf(stderr, "GLOB \'*/\') OR filename = ?2 ) ORDER BY LENGTH( filename ) DESC;";
"Unexpected query size while permanent access rule check: " sqlite3_prepare_v2(perm_database, sql, -1, &stmt, NULL);
"Expected %lu, but snprintf returned %lu. The query: %s\n", sqlite3_bind_text(stmt, 1, pi.name, -1, SQLITE_STATIC);
query_len, should_be_written, query); sqlite3_bind_text(stmt, 2, filename, -1, SQLITE_STATIC);
return 0;
int step_ret = sqlite3_step(stmt);
if (step_ret != SQLITE_ROW && step_ret != SQLITE_DONE) {
fprintf(stderr, "[ICFS] SQLite error: %s\n", sqlite3_errstr(step_ret));
sqlite3_finalize(stmt);
return ret;
}
if (step_ret == SQLITE_ROW) {
int mode_col = sqlite3_column_int(stmt, 0);
if (mode_col) {
ret = ALLOW;
} else {
ret = DENY;
}
}
sqlite3_finalize(stmt);
return ret;
}
/**
* Checks if the process or any of it's parents have permanent access to the
* file.
*
* @param filename: The file that the process is trying to access
* @param pi: The process information
* @return: access status - ALLOW, DENY or NDEF in case if no information was
* found. Does not return ALLOW_TEMP or DENY_TEMP.
* @note: In case one of the parent processes is killed while this function
* execution the result is not guranteed to be correct. It should only lead to
* false negatives, though.
*/
access_t check_perm_access(const char *filename, struct process_info pi) {
if (pi.PID == 0 || pi.name == NULL) {
return NDEF;
} }
char *sqlite_error = NULL; struct process_info current_pi = pi;
int flag = 0; current_pi.name = strdup(current_pi.name);
int ret = sqlite3_exec(perm_database, query, set_flag, &flag, &sqlite_error); while (current_pi.PID != 0) {
if (ret != SQLITE_OK) { access_t access = check_perm_access_noparent(filename, current_pi);
fprintf(stderr, "SQLite returned an error: %s\n", sqlite_error); free(current_pi.name);
sqlite3_free(sqlite_error); if (access != NDEF) {
free(query); return access;
return 0; }
current_pi.name = NULL;
while (current_pi.name == NULL) {
current_pi.PID = get_main_thread_pid(get_parent_pid(current_pi.PID));
if (current_pi.PID != 0) {
current_pi.name = get_process_name_by_pid(current_pi.PID);
} else {
break;
}
}
} }
free(query); return NDEF;
return flag;
} }
/** /**
@@ -273,31 +289,29 @@ int check_perm_access(const char *filename, struct process_info pi) {
* @param pi: The process information * @param pi: The process information
* @return: 0 on success, 1 on failure * @return: 0 on success, 1 on failure
*/ */
int give_perm_access(const char *filename, struct process_info pi) { int set_perm_access(const char *filename, struct process_info pi,
size_t query_len = set_mode_t mode) {
30 + strlen(table_name) + strlen(filename) + strlen(pi.name); sqlite3_stmt *stmt = NULL;
const char *query = malloc(query_len); char *sql = NULL;
size_t should_be_written =
snprintf(query, query_len, "INSERT INTO %s VALUES (\'%s\', \'%s\');", if (mode == SET_ALLOW) {
table_name, pi.name, filename); sql = "INSERT INTO permissions VALUES (?1, ?2, TRUE);";
// -1 for the \0 } else if (mode == SET_DENY) {
if (should_be_written != query_len - 1) { sql = "INSERT INTO permissions VALUES (?1, ?2, FALSE);";
fprintf(stderr, } else {
"Unexpected query size while permanent access rule insertion: "
"Expected %lu, but snprintf returned %lu\n",
query_len, should_be_written);
return 1; return 1;
} }
char *sqlite_error = NULL; sqlite3_prepare_v2(perm_database, sql, -1, &stmt, NULL);
int ret = sqlite3_exec(perm_database, query, NULL, NULL, &sqlite_error); sqlite3_bind_text(stmt, 1, pi.name, -1, SQLITE_STATIC);
if (ret != SQLITE_OK) { sqlite3_bind_text(stmt, 2, filename, -1, SQLITE_STATIC);
fprintf(stderr, "SQLite returned an error: %s\n", sqlite_error); int step_ret = sqlite3_step(stmt);
sqlite3_free(sqlite_error); if (step_ret != SQLITE_DONE) {
free(query); fprintf(stderr, "[ICFS] SQLite error: %s\n", sqlite3_errstr(step_ret));
sqlite3_finalize(stmt);
return 1; return 1;
} }
sqlite3_finalize(stmt);
free(query);
return 0; return 0;
} }

16
src/perm_permissions_table.h
View File

@@ -9,7 +9,9 @@
#ifndef PERM_PERMISSION_TABLE_H #ifndef PERM_PERMISSION_TABLE_H
#define PERM_PERMISSION_TABLE_H #define PERM_PERMISSION_TABLE_H
#include "access_t.h"
#include "process_info.h" #include "process_info.h"
#include "set_mode_t.h"
/** /**
* Initializes the permanent permissions table. * Initializes the permanent permissions table.
@@ -28,18 +30,22 @@ void destroy_perm_permissions_table();
* Checks if the process has a permanent access to the file. * Checks if the process has a permanent access to the file.
* *
* @param filename: The file that the process is trying to access * @param filename: The file that the process is trying to access
* @pram pi: The process information * @param pi: The process information
* @return: 0 if access is denied, 1 if access is allowed * @return: access status - ALLOW, DENY or NDEF in case if no information was
* found
*/ */
int check_perm_access(const char *filename, struct process_info pi); access_t check_perm_access(const char *filename, struct process_info pi);
/** /**
* Gives permanent access to the process to the file. * Gives permanent access to the process to the file.
* *
* @param filename: The file that the process is trying to access * @param filename: The file that the process is trying to access
* @param pi: The process information * @param pi: The process information
* @return: 0 on success, -1 on failure * @param mode: Kind of access rule to be set - SET_DENY to deny access, and
* SET_ALLOW to allow access.
* @return: 0 on success, 1 on failure
*/ */
int give_perm_access(const char *filename, struct process_info pi); int set_perm_access(const char *filename, struct process_info pi,
set_mode_t mode);
#endif // #ifdef PERM_PERMISSION_TABLE_H #endif // #ifdef PERM_PERMISSION_TABLE_H

123
src/proc_operations.c Normal file
View File

@@ -0,0 +1,123 @@
/*
ICFS: Interactively Controlled File System
Copyright (C) 2024-2025 Fedir Kovalov
This program can be distributed under the terms of the GNU GPLv2.
See the file LICENSE.
*/
#include "proc_operations.h"
#include <linux/limits.h>
#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
/**
* @brief Returns the PID of the main thread (i.e., the process ID) of the
* process that the given thread ID (tid) belongs to.
*
* @param tid The thread ID (TID) of any thread in the process.
* @return pid_t The process ID (main thread's PID), or -1 on error.
*/
pid_t get_main_thread_pid(pid_t tid) {
// Validate input
if (tid <= 0) {
// errno = EINVAL;
return 0;
}
char path[PATH_MAX];
snprintf(path, sizeof(path), "/proc/%d/status", tid);
FILE *fp = fopen(path, "r");
if (!fp) {
return 0; // Could not open the file
}
pid_t tgid = 0;
char line[256];
while (fgets(line, sizeof(line), fp)) {
if (sscanf(line, "Tgid: %d", &tgid) == 1) {
break;
}
}
fclose(fp);
if (tgid != tid) {
fprintf(stderr,
"[ICFS] The tid and and pid wasn't equal. tid:%d, pid:%d.\n", tid,
tgid);
}
return tgid;
}
char *get_process_name_by_pid(const int pid) {
char path[1024];
sprintf(path, "/proc/%d/exe", pid);
size_t size = 128;
char *name = malloc(size);
if (name == NULL) {
fprintf(stderr, "[ICFS] Could not get process name by pid %d", pid);
perror("");
return NULL;
}
while (1) {
ssize_t len = readlink(path, name, size);
if (len == -1) {
fprintf(stderr, "[ICFS] Could not get process name by pid %d", pid);
perror("");
free(name);
return NULL;
}
if ((size_t)len >= size) {
size *= 2;
char *new_name = realloc(name, size);
if (!new_name) {
free(name);
return NULL;
}
name = new_name;
} else {
// readlink does not set the null character
name[len] = 0;
break;
}
}
return name;
}
/**
* Finds the parent process ID of a given process.
*
* @param pid: The process ID of the process to find the parent of
* @return: The parent process ID, or 0 if the parent process ID could not be
* found
*/
pid_t get_parent_pid(pid_t pid) {
pid_t ppid = 0;
char path[256];
snprintf(path, sizeof(path), "/proc/%u/status", pid);
FILE *file = fopen(path, "r");
if (file == NULL) {
perror("[ICFS] Failed to open /proc/<pid>/status");
return 0;
}
char line[256];
while (fgets(line, sizeof(line), file)) {
if (sscanf(line, "PPid:\t%d", &ppid) == 1) {
fclose(file);
return ppid;
}
}
fclose(file);
return 0; // Parent PID not found
}

34
src/proc_operations.h Normal file
View File

@@ -0,0 +1,34 @@
/*
ICFS: Interactively Controlled File System
Copyright (C) 2024-2025 Fedir Kovalov
This program can be distributed under the terms of the GNU GPLv2.
See the file LICENSE.
*/
#ifndef PROC_OPERATIONS
#define PROC_OPERATIONS
#include <time.h>
char *get_process_name_by_pid(const int pid);
/**
* Finds the parent process ID of a given process.
*
* @param pid: The process ID of the process to find the parent of
* @return: The parent process ID, or 0 if the parent process ID could not be
* found
*/
pid_t get_parent_pid(pid_t pid);
/**
* @brief Returns the PID of the main thread (i.e., the process ID) of the
* process that the given thread ID (tid) belongs to.
*
* @param tid The thread ID (TID) of any thread in the process.
* @return pid_t The process ID (main thread's PID), or -1 on error.
*/
pid_t get_main_thread_pid(pid_t tid);
#endif // !PROC_OPERATIONS

17
src/process_info.h
View File

@@ -9,10 +9,25 @@
#ifndef PROCESS_INFO_H #ifndef PROCESS_INFO_H
#define PROCESS_INFO_H #define PROCESS_INFO_H
#include "proc_operations.h"
#include <errno.h>
#include <limits.h>
#include <stdio.h>
#include <sys/types.h> #include <sys/types.h>
#include <unistd.h>
struct process_info { struct process_info {
pid_t PID; pid_t PID;
const char *name; char *name;
}; };
static inline struct process_info get_process_info(pid_t pid) {
struct process_info pi;
pi.PID = get_main_thread_pid(pid);
pi.name = get_process_name_by_pid(pi.PID);
if (pi.name == NULL) {
pi.PID = 0;
}
return pi;
}
#endif // PROCESS_INFO_H #endif // PROCESS_INFO_H

15
src/real_filename.h Normal file
View File

@@ -0,0 +1,15 @@
/*
ICFS: Interactively Controlled File System
Copyright (C) 2024-2025 Fedir Kovalov
This program can be distributed under the terms of the GNU GPLv2.
See the file LICENSE.
*/
#ifndef REAL_FILENAME_H
#define REAL_FILENAME_H
const char *real_filename(const char *filename);
const char *get_mountpoint(void);
#endif // !REAL_FILENAME_H

12
src/set_mode_t.h Normal file
View File

@@ -0,0 +1,12 @@
/*
ICFS: Interactively Controlled File System
Copyright (C) 2024-2025 Fedir Kovalov
This program can be distributed under the terms of the GNU GPLv2.
See the file LICENSE.
*/
#ifndef SET_MODE_T_H
#define SET_MODE_T_H
typedef enum { SET_DENY, SET_ALLOW } set_mode_t;
#endif // !SET_MODE_T_H

45
src/sourcefs.c
View File

@@ -10,14 +10,14 @@
#include "sourcefs.h" #include "sourcefs.h"
#include <dirent.h> #include <dirent.h>
#include <errno.h>
#include <fcntl.h> #include <fcntl.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h>
#include <string.h> #include <string.h>
#include <sys/stat.h>
#include <unistd.h> #include <unistd.h>
static struct source_files_handle { static struct source_files_handle {
const char *mountpoint;
int root_fd; int root_fd;
} handle; } handle;
@@ -30,10 +30,19 @@ const char *source_filename_translate(const char *filename) {
} }
int source_init(const char *root_path) { int source_init(const char *root_path) {
handle.mountpoint = malloc(strlen(root_path) + 1);
if (handle.mountpoint == NULL) {
perror("[ICFS] Malloc failed");
return -1;
}
strcpy(handle.mountpoint, root_path);
int root_fd = open(root_path, O_PATH); int root_fd = open(root_path, O_PATH);
if (root_fd == -1) { if (root_fd == -1) {
fprintf(stderr, "Could not initialize source file system at %s", root_path); fprintf(stderr, "[ICFS] Could not initialize source file system at %s",
root_path);
perror(""); perror("");
return -1; return -1;
} }
@@ -43,6 +52,32 @@ int source_init(const char *root_path) {
return 0; return 0;
} }
void source_destroy(void) { free(handle.mountpoint); }
const char *get_mountpoint(void) { return handle.mountpoint; }
const char *real_filename(const char *filename) {
const char *mountpoint = get_mountpoint();
// Calculate required length
size_t len1 = strlen(mountpoint);
size_t len2 = strlen(filename);
size_t total_len = len1 + len2;
// Allocate memory (+1 for null terminator)
char *result = malloc(total_len + 1);
if (result == NULL) {
fprintf(stderr, "[ICFS] Memory allocation failed");
perror("");
return NULL;
}
// Copy strings
strcpy(result, mountpoint);
strcat(result, filename);
return result;
}
int source_mkdir(const char *filename, mode_t mode) { int source_mkdir(const char *filename, mode_t mode) {
const char *relative_filename = source_filename_translate(filename); const char *relative_filename = source_filename_translate(filename);
return mkdirat(handle.root_fd, relative_filename, mode); return mkdirat(handle.root_fd, relative_filename, mode);
@@ -77,7 +112,7 @@ DIR *source_opendir(const char *filename) {
const char *relative_filename = source_filename_translate(filename); const char *relative_filename = source_filename_translate(filename);
int fd = openat(handle.root_fd, relative_filename, 0); int fd = openat(handle.root_fd, relative_filename, 0);
if (fd < 0) { if (fd < 0) {
perror("Openat failed"); perror("[ICFS] Openat failed");
return NULL; return NULL;
} }
DIR *dir_pointer = fdopendir(fd); DIR *dir_pointer = fdopendir(fd);
@@ -114,7 +149,7 @@ int source_truncate(const char *filename, off_t length) {
const char *relative_filename = source_filename_translate(filename); const char *relative_filename = source_filename_translate(filename);
int fd = openat(handle.root_fd, relative_filename, 0); int fd = openat(handle.root_fd, relative_filename, 0);
if (fd < 0) { if (fd < 0) {
perror("Openat failed"); perror("[ICFS] Openat failed");
return -1; return -1;
} }
return ftruncate(fd, length); return ftruncate(fd, length);

1
src/sourcefs.h
View File

@@ -19,6 +19,7 @@
* @return 0 on success, -1 on failure. * @return 0 on success, -1 on failure.
*/ */
int source_init(const char *root_path); int source_init(const char *root_path);
void source_destroy(void);
/* All of the functions below are designed to behave exactly as their non-source /* All of the functions below are designed to behave exactly as their non-source
* counterparts. */ * counterparts. */

229
src/temp_permissions_table.c
View File

@@ -7,21 +7,30 @@
*/ */
#include "temp_permissions_table.h" #include "temp_permissions_table.h"
#include "access_t.h"
#include "cc.h" #include "cc.h"
#include "proc_operations.h"
#include "process_info.h" #include "process_info.h"
#include <pthread.h> #include <pthread.h>
#include <stddef.h>
#include <stdio.h> #include <stdio.h>
#include <string.h>
#include <sys/types.h> #include <sys/types.h>
#include <time.h>
#include <unistd.h>
struct temp_process_permissions { struct temp_process_permissions {
// yes, this is a correct type for start time in jiffies (see // yes, this is a correct type for start time in jiffies (see
// proc_pid_stat(5)) // proc_pid_stat(5))
unsigned long long creation_time; unsigned long long creation_time;
vec(char *) allowed_files; vec(char *) allowed_files;
vec(char *) denied_files;
}; };
map(pid_t, struct temp_process_permissions) temp_permissions_table; map(pid_t, struct temp_process_permissions) temp_permissions_table;
pthread_mutex_t temp_permissions_table_lock; pthread_rwlock_t temp_permissions_table_lock = PTHREAD_RWLOCK_INITIALIZER;
pthread_t gc_thread;
int is_gc_active = 0;
/** /**
* Function to get the process creation time (in jiffies) from the proc * Function to get the process creation time (in jiffies) from the proc
@@ -33,8 +42,8 @@ pthread_mutex_t temp_permissions_table_lock;
* never really equal to 0, it exceptionally unlikely. * never really equal to 0, it exceptionally unlikely.
*/ */
unsigned long long get_process_creation_time(pid_t pid) { unsigned long long get_process_creation_time(pid_t pid) {
char path[32]; char path[256];
FILE *fp; FILE *fp = NULL;
unsigned long long creation_time = 0; unsigned long long creation_time = 0;
// Construct the path to the process's status file // Construct the path to the process's status file
@@ -43,20 +52,21 @@ unsigned long long get_process_creation_time(pid_t pid) {
// Open the status file // Open the status file
fp = fopen(path, "r"); fp = fopen(path, "r");
if (fp == NULL) { if (fp == NULL) {
perror("fopen"); perror("[ICFS] fopen");
return 0; return 0;
} }
// Read the creation time (the 22nd field in the stat file) // Read the creation time (the 22nd field in the stat file)
for (int i = 1; i < 22; i++) { for (int i = 1; i < 22; i++) {
if (fscanf(fp, "%*s") == EOF) { if (fscanf(fp, "%*s") == EOF) {
fprintf(stderr, "Error reading process stat file on the number %d\n", i); fprintf(stderr,
"[ICFS] Error reading process stat file on the number %d\n", i);
fclose(fp); fclose(fp);
return 0; return 0;
} }
} }
if (fscanf(fp, "%llu", &creation_time) != 1) { if (fscanf(fp, "%llu", &creation_time) != 1) {
fprintf(stderr, "Error reading creation time\n"); fprintf(stderr, "[ICFS] Error reading creation time\n");
fclose(fp); fclose(fp);
return 0; return 0;
} }
@@ -67,96 +77,152 @@ unsigned long long get_process_creation_time(pid_t pid) {
return creation_time; return creation_time;
} }
int is_valid(pid_t pid, struct temp_process_permissions *entry) {
unsigned long long creation_time = get_process_creation_time(pid);
if (creation_time == 0) {
return 0;
}
if (creation_time != entry->creation_time) {
return 0;
}
return 1;
}
void *garbage_collector(void *arg) {
(void)arg;
while (is_gc_active) {
sleep(1);
pthread_rwlock_wrlock(&temp_permissions_table_lock);
vec(pid_t) blacklist;
init(&blacklist);
for_each(&temp_permissions_table, pid, entry) {
if (!is_valid(*pid, entry)) {
push(&blacklist, *pid);
for_each(&entry->allowed_files, allowed_file) { free(*allowed_file); }
cleanup(&entry->allowed_files);
for_each(&entry->denied_files, denied_file) { free(*denied_file); }
cleanup(&entry->denied_files);
}
}
for_each(&blacklist, pid) { erase(&temp_permissions_table, *pid); }
cleanup(&blacklist);
pthread_rwlock_unlock(&temp_permissions_table_lock);
}
return NULL;
}
/** /**
* Initializes the temporary permissions table. * Initializes the temporary permissions table.
* *
* @return: 0 on success, -1 on failure (e.g. ENOMEM) * @return: 0 on success, -1 on failure (e.g. ENOMEM)
*/ */
int init_temp_permissions_table() { int init_temp_permissions_table(void) {
pthread_mutex_init(&temp_permissions_table_lock, PTHREAD_MUTEX_DEFAULT);
init(&temp_permissions_table); init(&temp_permissions_table);
return 0; return 0;
} }
/**
* Starts the temporary permissions table garbage_collector.
*
* @return: 0 on success, -1 on failure (e.g. ENOMEM)
*/
int init_garbage_collector(void) {
is_gc_active = 1;
if (pthread_create(&gc_thread, NULL, garbage_collector, NULL) != 0) {
return -1;
}
return 0;
}
/** /**
* Destroys the temporary permissions table. * Destroys the temporary permissions table.
* *
* @note: the table is guranteed to be destroyed if it is already initialized * @note: the table is guranteed to be destroyed if it is already initialized.
* It does not indicate any errors whatsoever. If something goes wrong - you are
* screwed.
*/ */
void destroy_temp_permissions_table() { void destroy_temp_permissions_table(void) {
if (is_gc_active) {
is_gc_active = 0;
pthread_join(gc_thread, NULL);
}
// free the memory allocated for the table // free the memory allocated for the table
for_each(&temp_permissions_table, entry) { for_each(&temp_permissions_table, entry) {
for_each(&entry->allowed_files, allowed_file) { free(*allowed_file); } for_each(&entry->allowed_files, allowed_file) { free(*allowed_file); }
cleanup(&entry->allowed_files); cleanup(&entry->allowed_files);
} }
for_each(&temp_permissions_table, entry) {
for_each(&entry->denied_files, denied_file) { free(*denied_file); }
cleanup(&entry->denied_files);
}
cleanup(&temp_permissions_table); cleanup(&temp_permissions_table);
pthread_mutex_destroy(&temp_permissions_table_lock);
} }
/** /**
* Checks if the process has a temporary access to the file. * Checks if the process has a temporary access to the file.
* *
* @param filename: The file that the process is trying to access * @param filename: The file that the process is trying to access
* @pram pid: PID of the process * @param pid: PID of the process
* @return: 0 if access is denied, 1 if access is allowed * @return: access status - ALLOW, DENY or NDEF in case if no information was
* found is avaliable
*/ */
access_t check_temp_access_noparent(const char *filename, pid_t pid) {
int check_temp_access_noparent(const char *filename, pid_t pid) {
// TODO: more efficient locking // TODO: more efficient locking
pthread_mutex_lock(&temp_permissions_table_lock); pthread_rwlock_rdlock(&temp_permissions_table_lock);
struct temp_process_permissions *permission_entry = struct temp_process_permissions *permission_entry =
get(&temp_permissions_table, pid); get(&temp_permissions_table, pid);
if (permission_entry != NULL) { if (permission_entry != NULL) {
unsigned long long process_creation_time = get_process_creation_time(pid); unsigned long long process_creation_time = get_process_creation_time(pid);
if (process_creation_time == 0) { if (process_creation_time == 0) {
perror("Could not retrieve process creation time"); perror("[ICFS] Could not retrieve process creation time");
pthread_mutex_unlock(&temp_permissions_table_lock); pthread_rwlock_unlock(&temp_permissions_table_lock);
return 0; return NDEF;
} }
if (process_creation_time == permission_entry->creation_time) { if (process_creation_time == permission_entry->creation_time) {
// the process is the same as the one that was granted temporary access // the process is the same as the one that was granted temporary access
// to the file // to the file
for_each(&permission_entry->allowed_files, allowed_file) { size_t filename_len = strlen(filename);
if (strncmp(*allowed_file, filename, strlen(filename)) == 0) { access_t ret = NDEF;
pthread_mutex_unlock(&temp_permissions_table_lock); size_t maxlen = 0;
return 1; for_each(&permission_entry->denied_files, denied_file) {
size_t denied_file_len = strlen(*denied_file);
if ((strncmp(*denied_file, filename, denied_file_len) == 0 &&
((denied_file_len < filename_len &&
(*denied_file)[denied_file_len - 1] == '/') ||
(denied_file_len == filename_len))) &&
denied_file_len > maxlen) {
maxlen = denied_file_len;
ret = DENY;
} }
} }
for_each(&permission_entry->allowed_files, allowed_file) {
size_t allowed_file_len = strlen(*allowed_file);
if ((strncmp(*allowed_file, filename, allowed_file_len) == 0 &&
((allowed_file_len < filename_len &&
(*allowed_file)[allowed_file_len - 1] == '/') ||
(allowed_file_len == filename_len))) &&
allowed_file > maxlen) {
maxlen = allowed_file_len;
ret = ALLOW;
}
}
pthread_rwlock_unlock(&temp_permissions_table_lock);
return ret;
} }
} }
pthread_mutex_unlock(&temp_permissions_table_lock); pthread_rwlock_unlock(&temp_permissions_table_lock);
return 0; return NDEF;
}
/**
* Finds the parent process ID of a given process.
*
* @param pid: The process ID of the process to find the parent of
* @return: The parent process ID, or 0 if the parent process ID could not be
* found
*/
pid_t get_parent_pid(pid_t pid) {
pid_t ppid = 0;
char path[256];
snprintf(path, sizeof(path), "/proc/%u/status", pid);
FILE *file = fopen(path, "r");
if (file == NULL) {
perror("Failed to open /proc/<pid>/status");
return 0;
}
char line[256];
while (fgets(line, sizeof(line), file)) {
if (sscanf(line, "PPid:\t%d", &ppid) == 1) {
fclose(file);
return ppid;
}
}
fclose(file);
return 0; // Parent PID not found
} }
/** /**
@@ -164,33 +230,40 @@ pid_t get_parent_pid(pid_t pid) {
* file. * file.
* *
* @param filename: The file that the process is trying to access * @param filename: The file that the process is trying to access
* @pram pi: The process information * @param pi: The process information
* @return: 0 if access is denied, 1 if access is allowed * @return: access status - ALLOW, DENY or NDEF in case if no information was
* found. Does not return ALLOW_TEMP.
* @note: In case one of the parent processes is killed while this function * @note: In case one of the parent processes is killed while this function
* execution the result is not guranteed to be correct. It should only lead to * execution the result is not guranteed to be correct. It should only lead to
* false negatives, though. * false negatives, though.
*/ */
int check_temp_access(const char *filename, struct process_info pi) { access_t check_temp_access(const char *filename, struct process_info pi) {
pid_t current_pid = pi.PID; pid_t current_pid = pi.PID;
while (current_pid != 0) { while (current_pid != 0) {
if (check_temp_access_noparent(filename, current_pid)) { access_t access = check_temp_access_noparent(filename, current_pid);
return 1; if (access != NDEF) {
return access;
} }
current_pid = get_parent_pid(current_pid); current_pid = get_main_thread_pid(get_parent_pid(current_pid));
} }
return 0; return NDEF;
} }
/** /**
* Gives temporary access to the process to the file. * Sets temporary access mode of the process to the file.
* *
* @param filename: The file that the process is trying to access * @param filename: The file that the process is trying to access
* @param pi: The process information * @param pi: The process information
* @return: 0 on success, -1 on failure (e.g. ENOMEM) * @param mode: Kind of access rule to be set - SET_DENY to deny access, and
* SET_ALLOW to allow access.
* @return: 0 on success, -1 on failure.
*/ */
int give_temp_access(const char *filename, struct process_info pi) { int set_temp_access(const char *filename, struct process_info pi,
pthread_mutex_lock(&temp_permissions_table_lock); set_mode_t mode) {
if (pi.PID == 0)
return NDEF;
pthread_rwlock_wrlock(&temp_permissions_table_lock);
struct temp_process_permissions *permission_entry = struct temp_process_permissions *permission_entry =
get(&temp_permissions_table, pi.PID); get(&temp_permissions_table, pi.PID);
@@ -199,16 +272,22 @@ int give_temp_access(const char *filename, struct process_info pi) {
unsigned long long process_creation_time = unsigned long long process_creation_time =
get_process_creation_time(pi.PID); get_process_creation_time(pi.PID);
if (process_creation_time == 0) { if (process_creation_time == 0) {
perror("Could not retrieve process creation time"); perror("[ICFS] Could not retrieve process creation time");
pthread_mutex_unlock(&temp_permissions_table_lock); pthread_rwlock_unlock(&temp_permissions_table_lock);
return -1; return -1;
} }
if (process_creation_time == permission_entry->creation_time) { if (process_creation_time == permission_entry->creation_time) {
// the process is the same as the one that was granted temporary access // the process is the same as the one that was granted temporary access
// to the file // to the file
push(&permission_entry->allowed_files, strdup(filename)); if (mode == SET_ALLOW) {
pthread_mutex_unlock(&temp_permissions_table_lock); push(&permission_entry->allowed_files, strdup(filename));
}
if (mode == SET_DENY) {
push(&permission_entry->denied_files, strdup(filename));
}
pthread_rwlock_unlock(&temp_permissions_table_lock);
return 0; return 0;
} }
// we have an entry for the process, but the process is different // we have an entry for the process, but the process is different
@@ -223,10 +302,16 @@ int give_temp_access(const char *filename, struct process_info pi) {
new_permission_entry.creation_time = get_process_creation_time(pi.PID); new_permission_entry.creation_time = get_process_creation_time(pi.PID);
init(&new_permission_entry.allowed_files); init(&new_permission_entry.allowed_files);
push(&new_permission_entry.allowed_files, strdup(filename)); init(&new_permission_entry.denied_files);
if (mode == SET_ALLOW) {
push(&new_permission_entry.allowed_files, strdup(filename));
}
if (mode == SET_DENY) {
push(&new_permission_entry.denied_files, strdup(filename));
}
insert(&temp_permissions_table, pi.PID, new_permission_entry); insert(&temp_permissions_table, pi.PID, new_permission_entry);
pthread_mutex_unlock(&temp_permissions_table_lock); pthread_rwlock_unlock(&temp_permissions_table_lock);
return 0; return 0;
} }

44
src/temp_permissions_table.h
View File

@@ -1,39 +1,65 @@
/*
ICFS: Interactively Controlled File System
Copyright (C) 2024-2025 Fedir Kovalov
This program can be distributed under the terms of the GNU GPLv2.
See the file LICENSE.
*/
#ifndef TEMP_PERMISSIONS_TABLE_H #ifndef TEMP_PERMISSIONS_TABLE_H
#define TEMP_PERMISSIONS_TABLE_H #define TEMP_PERMISSIONS_TABLE_H
#include "access_t.h"
#include "process_info.h" #include "process_info.h"
#include "set_mode_t.h"
/** /**
* Initializes the temporary permissions table. * Initializes the temporary permissions table.
* *
* @return: 0 on success, -1 on failure (e.g. ENOMEM) * @return: 0 on success, -1 on failure (e.g. ENOMEM)
*/ */
int init_temp_permissions_table(); int init_temp_permissions_table(void);
/**
* Starts the temporary permissions table garbage_collector.
*
* @return: 0 on success, -1 on failure (e.g. ENOMEM)
*/
int init_garbage_collector(void);
/** /**
* Destroys the temporary permissions table. * Destroys the temporary permissions table.
* *
* @note: the table is guranteed to be destroyed if it is already initialized * @note: the table is guranteed to be destroyed if it is already initialized.
* It does not indicate any errors whatsoever. If something goes wrong - you are
* screwed.
*/ */
void destroy_temp_permissions_table(); void destroy_temp_permissions_table(void);
/** /**
* Checks if the process has a temporary access to the file. * Checks if the process or any of it's parents have temporary access to the
* file.
* *
* @param filename: The file that the process is trying to access * @param filename: The file that the process is trying to access
* @param pi: The process information * @param pi: The process information
* @return: 0 if access is denied, 1 if access is allowed * @return: access status - ALLOW, DENY or NDEF in case if no information was
* found. Does not return ALLOW_TEMP.
* @note: In case one of the parent processes is killed while this function
* execution the result is not guranteed to be correct. It should only lead to
* false negatives, though.
*/ */
int check_temp_access(const char *filename, struct process_info pi); access_t check_temp_access(const char *filename, struct process_info pi);
/** /**
* Gives temporary access to the process to the file. * Sets temporary access mode of the process to the file.
* *
* @param filename: The file that the process is trying to access * @param filename: The file that the process is trying to access
* @param pi: The process information * @param pi: The process information
* @return: 0 on success, -1 on failure (e.g. ENOMEM) * @param mode: Kind of access rule to be set - SET_DENY to deny access, and
* SET_ALLOW to allow access.
* @return: 0 on success, -1 on failure.
*/ */
int give_temp_access(const char *filename, struct process_info pi); int set_temp_access(const char *filename, struct process_info pi,
set_mode_t mode);
#endif // !TEMP_PERMISSIONS_TABLE_H #endif // !TEMP_PERMISSIONS_TABLE_H

249
src/ui-socket.c
View File

@@ -6,13 +6,18 @@
See the file LICENSE. See the file LICENSE.
*/ */
#include "access_t.h"
#include <stddef.h> #include <stddef.h>
#include <sys/types.h> #include <sys/types.h>
#include <time.h> #include <time.h>
#define _GNU_SOURCE #define _GNU_SOURCE
#include "cc.h"
#include "perm_permissions_table.h" #include "perm_permissions_table.h"
#include "real_filename.h"
#include "sourcefs.h"
#include "temp_permissions_table.h" #include "temp_permissions_table.h"
#include "ui-socket.h" #include "ui-socket.h"
#include <assert.h>
#include <pthread.h> #include <pthread.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
@@ -21,25 +26,36 @@
#include <sys/un.h> #include <sys/un.h>
#include <unistd.h> #include <unistd.h>
#define ZENITY_TEMP_ALLOW_MESSAGE "Allow this time\n" #define DIALOGUE_YES 0
#define DIALOGUE_NO 1
#define DIALOGUE_PERM 2
pthread_mutex_t access_check_mutex = PTHREAD_MUTEX_INITIALIZER;
struct dialogue_response {
access_t decision;
char *filename;
};
int init_ui_socket(const char *perm_permissions_db_filename) { int init_ui_socket(const char *perm_permissions_db_filename) {
FILE *fp = NULL; FILE *fp = NULL;
if (init_temp_permissions_table()) { if (init_temp_permissions_table()) {
fprintf(stderr, "Could not initialize temporary permissions table.\n"); fprintf(stderr,
"[ICFS] Could not initialize temporary permissions table.\n");
return 1; return 1;
} }
if (init_perm_permissions_table(perm_permissions_db_filename)) { if (init_perm_permissions_table(perm_permissions_db_filename)) {
fprintf(stderr, "Could not initialize permanent permissions table.\n"); fprintf(stderr,
"[ICFS] Could not initialize permanent permissions table.\n");
return 1; return 1;
} }
// Test if Zenity is installed (get version) // Test if dialogue is installed (get version)
fp = popen("zenity --version", "r"); fp = popen("icfs_dialogue --version", "r");
if (fp == NULL) { if (fp == NULL) {
perror("Pipe returned an error"); perror("[ICFS] Pipe returned an error");
return 1; return 1;
} }
@@ -58,49 +74,87 @@ void destroy_ui_socket(void) {
* *
* @param filename: The file that the process is trying to access * @param filename: The file that the process is trying to access
* @param pi: The process information * @param pi: The process information
* @return: 0 if access is denied, 1 if access is allowed, 2 if access is * @return: access status - ALLOW, DENY or ALLOW_TEMP
* allowed for the runtime of the process * allowed for the runtime of the process
*/ */
int ask_access(const char *filename, struct process_info proc_info) { struct dialogue_response ask_access(const char *filename,
struct process_info proc_info) {
FILE *fp = NULL; FILE *fp = NULL;
size_t command_len = char *command = NULL;
139 + sizeof(pid_t) * 8 + strlen(proc_info.name) + strlen(filename); int ret = asprintf(&command, "icfs_dialogue \"%d\" \"%s\" \"%s\" \"%s\"",
char *command = (char *)malloc(command_len); proc_info.PID, proc_info.name, get_mountpoint(), filename);
snprintf(command, command_len,
"zenity --question --extra-button \"Allow this time\" --title "
"\"Allow Access?\" --text \"Allow process "
"<tt>%s</tt> with PID <tt>%d</tt> to access <tt>%s</tt>\"",
proc_info.name, proc_info.PID, filename);
// Zenity Question Message Popup struct dialogue_response response;
response.decision = DENY;
response.filename = NULL;
if (ret < 0) {
// If asprintf fails, the contents of command are undefined (see man
// asprintf). That does not explicitly rule out that command will be a valid
// pointer. But the risk of freeing a non-allocated pointer is too much to
// justify preparing for this.
fprintf(stderr, "[ICFS] Could not create query on rule insertion");
perror("");
response.decision = DENY;
response.filename = malloc(2);
response.filename[0] = '/';
response.filename[1] = 0;
return response;
}
// dialogue Question Message Popup
fp = popen(command, "r"); fp = popen(command, "r");
free(command); free(command);
if (fp == NULL) { if (fp == NULL) {
perror("Pipe returned a error"); perror("[ICFS] Pipe returned a error");
return -1; response.decision = DENY;
response.filename = malloc(2);
response.filename[0] = '/';
response.filename[1] = 0;
return response;
} }
// if the user clicks the "Allow this time" button, `zenity` will only str(char) dialogue_output;
// write it to `stdout`, but the exit code will still be `1`. So, we need init(&dialogue_output);
// to manually check the output.
char buffer[sizeof(ZENITY_TEMP_ALLOW_MESSAGE) + 1]; char line[1024]; // Buffer to read individual lines
while (fgets(buffer, sizeof(buffer), fp)) {
printf("%s", buffer); // Read the command output line by line
if (strcmp(buffer, ZENITY_TEMP_ALLOW_MESSAGE) == 0) { while (fgets(line, sizeof(line), fp)) {
pclose(fp); push_fmt(&dialogue_output, line);
return 2;
}
} }
int zenity_exit_code = WEXITSTATUS(pclose(fp)); int dialogue_exit_code = WEXITSTATUS(pclose(fp));
fprintf(stderr, "zenity returned %d\n", zenity_exit_code);
// zenity returns 1 on "No" >:( fprintf(stderr, "[ICFS] dialogue wrote out %s\n", first(&dialogue_output));
if (zenity_exit_code == 0) { fprintf(stderr, "[ICFS] dialogue returned %d\n", dialogue_exit_code);
return 1;
if (size(&dialogue_output) == 0) {
push(&dialogue_output, '/');
} }
return 0; assert(strlen(first(&dialogue_output)) == size(&dialogue_output));
response.filename = malloc(size(&dialogue_output) + 1);
strcpy(response.filename, first(&dialogue_output));
// response.filename[size(&dialogue_output)] = 0;
// assert(0 == strcmp(response.filename, first(&dialogue_output)));
cleanup(&dialogue_output);
time_t now = time(0);
if (dialogue_exit_code == (DIALOGUE_YES | DIALOGUE_PERM)) {
response.decision = ALLOW;
} else if (dialogue_exit_code == DIALOGUE_YES) {
response.decision = ALLOW_TEMP;
} else if (dialogue_exit_code == (DIALOGUE_NO | DIALOGUE_PERM)) {
response.decision = DENY;
} else {
response.decision = DENY_TEMP;
}
return response;
} }
/** /**
@@ -110,44 +164,133 @@ int ask_access(const char *filename, struct process_info proc_info) {
* 3. user descision * 3. user descision
* *
* @param filename: The file that the process is trying to access * @param filename: The file that the process is trying to access
* @pram pi: The process information * @param pi: The process information
* @param opts: options (GRANT_TEMP, GRANT_PERM) * @param opts: options (GRANT_TEMP, GRANT_PERM)
* @return: 0 if access is denied, 1 if access is allowed * @return: 0 if access is denied, 1 if access is allowed
*/ */
int interactive_access(const char *filename, struct process_info proc_info, int interactive_access(const char *filename, struct process_info proc_info,
int opts) { int opts) {
char *real_path = real_filename(filename);
pthread_mutex_lock(&access_check_mutex);
if (check_temp_access(filename, proc_info) || access_t access = check_temp_access(real_path, proc_info);
check_perm_access(filename, proc_info)) { if (access == ALLOW) {
// access was already granted before fprintf(
stderr,
"[ICFS] Permission allowed to %s based on a rule present in the temp "
"permission table.\n",
proc_info.name);
free(real_path);
pthread_mutex_unlock(&access_check_mutex);
return 1; return 1;
} }
if (access == DENY) {
fprintf(
stderr,
"[ICFS] Permission denied to %s based on a rule present in the temp "
"permission table.\n",
proc_info.name);
free(real_path);
pthread_mutex_unlock(&access_check_mutex);
return 0;
}
access = check_perm_access(real_path, proc_info);
if (access == ALLOW) {
fprintf(
stderr,
"[ICFS] Permission allowed to %s based on a rule present in the perm "
"permission table.\n",
proc_info.name);
free(real_path);
pthread_mutex_unlock(&access_check_mutex);
return 1;
}
if (access == DENY) {
fprintf(
stderr,
"[ICFS] Permission denied to %s based on a rule present in the perm "
"permission table.\n",
proc_info.name);
free(real_path);
pthread_mutex_unlock(&access_check_mutex);
return 0;
}
// if noth GRANT_TEMP and GRANT_PERM are selected, then only permanent // if noth GRANT_TEMP and GRANT_PERM are selected, then only permanent
// permissions are granted // permissions are granted
if (opts & GRANT_PERM) { if (opts & GRANT_PERM) {
give_perm_access(filename, proc_info); fprintf(stderr, "[ICFS] Permission granted permanently to %s.\n",
proc_info.name);
set_perm_access(real_path, proc_info, SET_ALLOW);
free(real_path);
pthread_mutex_unlock(&access_check_mutex);
return 1; return 1;
} }
if (opts & GRANT_TEMP) { if (opts & GRANT_TEMP) {
give_temp_access(filename, proc_info); fprintf(stderr, "[ICFS] Permission granted temporarily to %s.\n",
proc_info.name);
set_temp_access(real_path, proc_info, SET_ALLOW);
free(real_path);
pthread_mutex_unlock(&access_check_mutex);
return 1; return 1;
} }
int user_response = ask_access(filename, proc_info); struct dialogue_response response = ask_access(filename, proc_info);
if (user_response == 1) { // fprintf(stderr, "%s", response.filename);
// user said "yes" // assert(0 != strlen(response.filename));
give_perm_access(filename, proc_info);
return 1; // the user might specify a different file in the dialogue, so we need to
// check if it is valid
while (source_access(response.filename, F_OK)) {
// if it is invalid, just ask again.
fprintf(stderr, "[ICFS] Filename returned by zenty wasn't correct: %s\n",
response.filename);
free(response.filename);
response = ask_access(filename, proc_info);
} }
if (user_response == 2) { free(real_path);
// user said "yes, but only this time"
give_temp_access(filename, proc_info);
return 1;
}
// otherwise "no" real_path = real_filename(response.filename);
return 0; free(response.filename);
int ret = 0;
if (response.decision == ALLOW) {
fprintf(stderr,
"[ICFS] Permission granted permanently to %s based on zenty "
"response.\n",
proc_info.name);
set_perm_access(real_path, proc_info, SET_ALLOW);
ret = 1;
} else if (response.decision == ALLOW_TEMP) {
fprintf(stderr,
"[ICFS] Permission granted temporarily to %s based on zenty "
"response.\n",
proc_info.name);
set_temp_access(real_path, proc_info, SET_ALLOW);
ret = 1;
} else if (response.decision == DENY_TEMP) {
fprintf(
stderr,
"[ICFS] Permission denied temporarily to %s based on zenty response.\n",
proc_info.name);
set_temp_access(real_path, proc_info, SET_DENY);
ret = 0;
} else if (response.decision == DENY) {
fprintf(
stderr,
"[ICFS] Permission denied permanently to %s based on zenty response.\n",
proc_info.name);
set_perm_access(real_path, proc_info, SET_DENY);
ret = 0;
}
pthread_mutex_unlock(&access_check_mutex);
free(real_path);
// deny on unknown options.
return ret;
} }

2
src/ui-socket.h
View File

@@ -35,7 +35,7 @@ void destroy_ui_socket(void);
* 3. user descision * 3. user descision
* *
* @param filename: The file that the process is trying to access * @param filename: The file that the process is trying to access
* @pram pi: The process information * @param pi: The process information
* @param opts: options (GRANT_TEMP, GRANT_PERM) * @param opts: options (GRANT_TEMP, GRANT_PERM)
* @return: 0 if access is denied, 1 if access is allowed * @return: 0 if access is denied, 1 if access is allowed
*/ */

41
test/mock/icfs_dialogue Executable file
View File

@@ -0,0 +1,41 @@
#!/bin/bash
# fake-icfs_dialogue: script that mocks the behavior of icfs_dialogue based on the ./.fake-icfs_dialogue-response file
ICFS_DIALOGUE_YES=0
ICFS_DIALOGUE_NO=1
ICFS_DIALOGUE_PERM=2
if [[ $1 == "--set-fake-response" ]]; then
#someone knows we are fake :)
echo "$2" >~/.fake_icfs_dialogue_response
elif [[ $1 == "--set-fake-response-filename" ]]; then
echo "$2" >~/.fake_icfs_dialogue_response_filename
elif [[ $1 == "--reset-fake-response" ]]; then
rm ~/.fake_icfs_dialogue_response ~/.fake_icfs_dialogue_response_filename
else
if [ -f ~/.fake_icfs_dialogue_response ]; then
FAKE_ICFS_DIALOGUE_RESPONSE=$(cat ~/.fake_icfs_dialogue_response)
if [[ -f ~/.fake_icfs_dialogue_response_filename ]]; then
FAKE_ICFS_DIALOGUE_RESPONSE_FILENAME=$(cat ~/.fake_icfs_dialogue_response_filename)
if [[ $FAKE_ICFS_DIALOGUE_RESPONSE_FILENAME == "" ]]; then
printf "%s" "$4"
else
printf "%s" "$(cat ~/.fake_icfs_dialogue_response_filename)"
fi
fi
if [[ $FAKE_ICFS_DIALOGUE_RESPONSE == "yes" ]]; then
exit "$ICFS_DIALOGUE_YES"
elif [[ $FAKE_ICFS_DIALOGUE_RESPONSE == "no" ]]; then
exit "$ICFS_DIALOGUE_NO"
elif [[ $FAKE_ICFS_DIALOGUE_RESPONSE == "yes_perm" ]]; then
exit "$((ICFS_DIALOGUE_YES | ICFS_DIALOGUE_PERM))"
elif [[ $FAKE_ICFS_DIALOGUE_RESPONSE == "no_perm" ]]; then
exit "$((ICFS_DIALOGUE_NO | ICFS_DIALOGUE_PERM))"
fi
fi
fi
exit 255 # TODO: call actual icfs_dialogue here

30
test/mock/zenity
View File

@@ -1,30 +0,0 @@
#!/bin/bash
# fake-zenity: script that mocks the behavior of zenity based on the ./.fake-zenity-response file
if [[ $1 == "--set-fake-response" ]]; then
#someone knows we are fake :)
echo $2 >~/.fake_zenity_response
else
if [ -f ~/.fake_zenity_response ]; then
FAKE_ZENITY_RESPONSE=$(cat ~/.fake_zenity_response)
if [[ $FAKE_ZENITY_RESPONSE == "yes_tmp" ]]; then
printf "Allow this time\n"
exit 1
elif [[ $FAKE_ZENITY_RESPONSE == "yes_tmp_alt" ]]; then
printf "Allow this time\n"
echo "yes_alt" >~/.fake_zenity_response
exit 1
elif [[ $FAKE_ZENITY_RESPONSE == "no" ]]; then
exit 1
elif [[ $FAKE_ZENITY_RESPONSE == "yes" ]]; then
exit 0
elif [[ $FAKE_ZENITY_RESPONSE == "yes_alt" ]]; then
echo "yes_tmp_alt" >~/.fake_zenity_response
exit 0
fi
fi
fi
exit 255 # TODO: call actual zenity here

81
test/opener/Makefile Normal file
View File

@@ -0,0 +1,81 @@
SHELL=/bin/bash
# configurable options
ifndef ($(SOURCES_DIR))
SOURCES_DIR := .
endif
ifndef ($(TESTS_DIR))
TESTS_DIR := .
endif
ifndef ($(BUILD_DIR))
BUILD_DIR := .
endif
CC := gcc
CXX := g++
NAME := opener
# dependencies
PACKAGE_NAMES :=
ifeq ($(TEST), 1)
# PACKAGE_NAMES += check # TODO: use check?
endif
# set up cflags and libs
CFLAGS :=
LDFLAGS :=
ifneq ($(PACKAGE_NAMES),)
CFLAGS += $(shell pkg-config --cflags $(PACKAGE_NAMES))
LDFLAGS += $(shell pkg-config --libs $(PACKAGE_NAMES))
endif
ifeq ($(DEBUG),1)
CFLAGS += -O0 -pedantic -g -Wall -Wextra -Wcast-align \
-Wcast-qual -Wdisabled-optimization -Wformat=2 \
-Winit-self -Wlogical-op -Wmissing-declarations \
-Wmissing-include-dirs -Wredundant-decls -Wshadow \
-Wsign-conversion -Wstrict-overflow=5 \
-Wswitch-default -Wundef -Wno-unused
LDFLAGS +=
else
CFLAGS += -O3
LDFLAGS +=
endif
# set up targets
TARGETS := $(BUILD_DIR)/$(NAME)
ifeq ($(TEST), 1)
TARGETS += $(NAME)_test
endif
# build!
default: $(TARGETS)
.PHONY: clean $(NAME)_test
$(NAME)_test: $(BUILD_DIR)/$(NAME)
echo "No tests defined."
#$(BUILD_DIR)/$(NAME)
$(BUILD_DIR)/$(NAME): $(BUILD_DIR)/$(NAME).o
$(CC) $(CFLAGS) $^ $(LDFLAGS) -o $(BUILD_DIR)/$(NAME)
$(BUILD_DIR)/$(NAME).o: $(SOURCES_DIR)/$(NAME).c
$(CC) $(CFLAGS) -c $< $(LDFLAGS) -o $(BUILD_DIR)/$(NAME).o
clean:
rm $(BUILD_DIR)/*.o $(BUILD_DIR)/$(NAME)

86
test/opener/opener.c Normal file
View File

@@ -0,0 +1,86 @@
#include <dirent.h>
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
#define PATH_MAX 4096
int main(int argc, char *argv[]) {
// Check for correct usage
if (argc != 2) {
fprintf(stderr, "Usage: %s <pathname>\n", argv[0]);
return 1;
}
const char *path = argv[1];
struct stat statbuf;
// Stat the given path to determine if it's a directory
if (lstat(path, &statbuf) == -1) {
perror("lstat");
return 1;
}
// Case 1: The path is not a directory
if (!S_ISDIR(statbuf.st_mode)) {
int fd = open(path, O_RDONLY);
if (fd == -1) {
perror("open");
return 1;
}
close(fd);
return 0;
}
// Case 2: The path is a directory
DIR *dirp = opendir(path);
if (dirp == NULL) {
perror("opendir");
return 1;
}
struct dirent *entry;
int success = 1;
while ((entry = readdir(dirp)) != NULL) {
// Skip . and ..
if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0) {
continue;
}
// Construct the full path
char fullpath[PATH_MAX];
snprintf(fullpath, PATH_MAX, "%s/%s", path, entry->d_name);
// Stat the entry to check if it's a regular file
struct stat entry_stat;
if (lstat(fullpath, &entry_stat) == -1) {
perror("lstat");
success = 0;
break;
}
// Only process regular files
if (!S_ISREG(entry_stat.st_mode)) {
continue;
}
// Try to open and immediately close the file
int fd = open(fullpath, O_RDONLY);
if (fd == -1) {
perror("open");
success = 0;
break;
}
close(fd);
}
closedir(dirp);
return (success ? 0 : 1);
}

6
test/stress.bash Executable file
View File

@@ -0,0 +1,6 @@
#!/bin/bash
count=$1
for i in $(seq $count); do
$2 ./protected/haystack/
done

180
test/test.bash
View File

@@ -9,6 +9,24 @@ touch ./protected/do-not-remove ./protected/should-be-removed ./protected/truth
chmod 777 ./protected/perm777 ./protected/perm000 chmod 777 ./protected/perm777 ./protected/perm000
echo "Free code, free world." >./protected/motto echo "Free code, free world." >./protected/motto
mkdir protected/haystack
for i in {1..100}; do
touch "./protected/haystack/hay$i"
done
touch ./protected/haystack/needle
echo "Liberty in every line." >./protected/haystack/needle
rm -rf ./openers
mkdir openers
make -C ./opener || (
echo "Could not make the opener program."
exit 1
)
for i in {1..12}; do
cp ./opener/opener "./openers/opener$i"
ln --symbolic "$(realpath "./openers/opener$i")" "./openers/symlinked_opener$i"
done
# set up the fake-zenity # set up the fake-zenity
PATH="$(realpath ./mock/):$PATH" PATH="$(realpath ./mock/):$PATH"
@@ -25,138 +43,206 @@ if [[ $1 == "--setuid" ]]; then
echo "Valgrind will not be used due to setuid compatibility issues." echo "Valgrind will not be used due to setuid compatibility issues."
../build/icfs -o default_permissions ./protected ./.pt.db & ../build/icfs -o default_permissions ./protected ./.pt.db &
sleep 1 sleep 1
elif [[ $1 == "--perf" ]]; then elif [[ $1 == "--performance" ]]; then
echo "Profiling with perf..." echo "Database protection will not be tested due to the lack of setuid capabilites."
echo "To test it, run this script with '--setuid'."
echo "valgrind won't be used to make performance measurements more accurate."
../build/icfs -o default_permissions ./protected ./.pt.db & ../build/icfs -o default_permissions ./protected ./.pt.db &
echo "Profiling will require root privilieges." sleep 5
sleep 3
echo "Attaching to $(pgrep icfs)"
sudo perf record -g -e cycles:u --call-graph dwarf -p $(pgrep icfs) &
sleep 10
else else
echo "Database protection will not be tested due to the lack of setuid capabilites." echo "Database protection will not be tested due to the lack of setuid capabilites."
echo "To test it, run this script with '--setuid'." echo "To test it, run this script with '--setuid'."
valgrind --leak-check=full -s ../build/icfs -o default_permissions ./protected ./.pt.db & #valgrind --leak-check=full -s ../build/icfs -o default_permissions -o debug ./protected ./.pt.db 2>&1 | grep "==\|zenity\|Permission\|column\|callback\|SQLite" &
valgrind --leak-check=full --show-leak-kinds=all -s ../build/icfs -o default_permissions ./protected ./.pt.db &
sleep 5 sleep 5
fi fi
#valgrind -s ../build/icfs -o default_permissions ./protected & #valgrind -s ../build/icfs -o default_permissions ./protected &
echo "[ICFS-TEST]: You may see memory errors from valgrind at this stage. This is normal - memory isn't lost, the libfuse just forked the process."
# WARN: please don't use `>` or `>>` operators. They force **this script** to open the file, **not the program you are trying to run**. This is probably not what you mean when you want to test a specific program's access. # WARN: please don't use `>` or `>>` operators. They force **this script** to open the file, **not the program you are trying to run**. This is probably not what you mean when you want to test a specific program's access.
# WARN: avoid using touch, since it generates errors because setting times is not implemented in icfs **yet**. # WARN: avoid using touch, since it generates errors because setting times is not implemented in icfs **yet**.
# create files # create files
zenity --set-fake-response no icfs_dialogue --set-fake-response no
truncate -s 0 ./protected/should-exist-anyway 2>/dev/null && truncate -s 0 ./protected/should-exist-anyway 2>/dev/null &&
echo "[ICFS-TEST]: OK" || echo "[ICFS-TEST]: OK" ||
echo "[ICFS-TEST]: truncate cannot create protected/should-exist despite access being permitted!" # OK echo "[ICFS-TEST]: truncate cannot create protected/should-exist despite access being permitted!" # OK
zenity --set-fake-response yes_tmp icfs_dialogue --set-fake-response yes
truncate -s 0 ./protected/should-exist 2>/dev/null && truncate -s 0 ./protected/should-exist 2>/dev/null &&
echo "[ICFS-TEST]: OK" || echo "[ICFS-TEST]: OK" ||
echo "[ICFS-TEST]: truncate cannot create protected/should-exist despite access being permitted!" # OK echo "[ICFS-TEST]: truncate cannot create protected/should-exist despite access being permitted!" # OK
# write to files # write to files
zenity --set-fake-response no icfs_dialogue --set-fake-response no
sed -e 'a\'"Linux is a cancer that attaches itself in an intellectual property sense to everything it touches." "./protected/truth" 2>/dev/null && sed -e 'a\'"Linux is a cancer that attaches itself in an intellectual property sense to everything it touches." "./protected/truth" 2>/dev/null &&
echo "[ICFS-TEST]: echo can write to protected/lie despite access being denied!" || echo "[ICFS-TEST]: echo can write to protected/lie despite access being denied!" ||
echo "[ICFS-TEST]: OK" # EACCESS echo "[ICFS-TEST]: OK" # EACCESS
zenity --set-fake-response yes_tmp icfs_dialogue --set-fake-response yes
sed -e 'a\'"Sharing knowledge is the most fundamental act of friendship. Because it is a way you can give something without loosing something." "./protected/truth" 2>/dev/null && sed -e 'a\'"Sharing knowledge is the most fundamental act of friendship. Because it is a way you can give something without loosing something." "./protected/truth" 2>/dev/null &&
echo "[ICFS-TEST]: OK" || echo "[ICFS-TEST]: OK" ||
echo "[ICFS-TEST]: echo cannot write to protected/truth despite access being permitted!" # OK echo "[ICFS-TEST]: echo cannot write to protected/truth despite access being permitted!" # OK
# Read files # Read files
zenity --set-fake-response no icfs_dialogue --set-fake-response no
cat ./protected/motto >/dev/null 2>/dev/null && cat ./protected/motto >/dev/null 2>/dev/null &&
echo "[ICFS-TEST]: cat can read protected/this-only despite access being denied!" || echo "[ICFS-TEST]: cat can read protected/this-only despite access being denied!" ||
echo "[ICFS-TEST]: OK" # EACCESS echo "[ICFS-TEST]: OK" # EACCESS
zenity --set-fake-response yes_tmp icfs_dialogue --set-fake-response yes
cat ./protected/motto >/dev/null 2>/dev/null && cat ./protected/motto >/dev/null 2>/dev/null &&
echo "[ICFS-TEST]: OK" || echo "[ICFS-TEST]: OK" ||
echo "[ICFS-TEST]: echo cannot create protected/this-only despite access being permitted!" # "Free code, free world." echo "[ICFS-TEST]: echo cannot create protected/this-only despite access being permitted!" # "Free code, free world."
# remove files # remove files
zenity --set-fake-response no icfs_dialogue --set-fake-response no
rm ./protected/do-not-remove >/dev/null 2>/dev/null && rm ./protected/do-not-remove >/dev/null 2>/dev/null &&
echo "[ICFS-TEST]: rm can unlink protected/do-not-remove despite access being denied!" || echo "[ICFS-TEST]: rm can unlink protected/do-not-remove despite access being denied!" ||
echo "[ICFS-TEST]: OK" # EACCESS echo "[ICFS-TEST]: OK" # EACCESS
zenity --set-fake-response yes_tmp icfs_dialogue --set-fake-response yes
rm ./protected/should-be-removed >/dev/null 2>/dev/null && rm ./protected/should-be-removed >/dev/null 2>/dev/null &&
echo "[ICFS-TEST]: OK" || echo "[ICFS-TEST]: OK" ||
echo "[ICFS-TEST]: rm cannot unlink protected/should-be-removed despite access being permitted!" # OK echo "[ICFS-TEST]: rm cannot unlink protected/should-be-removed despite access being permitted!" # OK
# rename files # rename files
zenity --set-fake-response no icfs_dialogue --set-fake-response no
mv ./protected/do-not-rename ./protected/terrible-name 2>/dev/null && mv ./protected/do-not-rename ./protected/terrible-name 2>/dev/null &&
echo "[ICFS-TEST]: mv can rename protected/truth despite access being denied!" || echo "[ICFS-TEST]: mv can rename protected/truth despite access being denied!" ||
echo "[ICFS-TEST]: OK" # EACCESS echo "[ICFS-TEST]: OK" # EACCESS
zenity --set-fake-response yes_tmp icfs_dialogue --set-fake-response yes
mv ./protected/should-be-renamed ./protected/great-name 2>/dev/null && mv ./protected/should-be-renamed ./protected/great-name 2>/dev/null &&
echo "[ICFS-TEST]: OK" || echo "[ICFS-TEST]: OK" ||
echo "[ICFS-TEST]: mv cannot rename should-be-removed to renamed-file despite access being permitted!" # OK echo "[ICFS-TEST]: mv cannot rename should-be-removed to renamed-file despite access being permitted!" # OK
# change permissions # change permissions
zenity --set-fake-response no icfs_dialogue --set-fake-response no
chmod 000 ./protected/perm777 2>/dev/null && chmod 000 ./protected/perm777 2>/dev/null &&
echo "[ICFS-TEST]: chmod can change permissions of protected/perm777 despite access being denied!" || echo "[ICFS-TEST]: chmod can change permissions of protected/perm777 despite access being denied!" ||
echo "[ICFS-TEST]: OK" # EACCESS echo "[ICFS-TEST]: OK" # EACCESS
zenity --set-fake-response yes_tmp icfs_dialogue --set-fake-response yes
chmod 000 ./protected/perm000 2>/dev/null && chmod 000 ./protected/perm000 2>/dev/null &&
echo "[ICFS-TEST]: OK" || echo "[ICFS-TEST]: OK" ||
echo "[ICFS-TEST]: chmod cannot change permissions of protected/perm000 despite access being permitted!" # OK echo "[ICFS-TEST]: chmod cannot change permissions of protected/perm000 despite access being permitted!" # OK
# test permanent permissions # test permanent permissions
zenity --set-fake-response yes icfs_dialogue --set-fake-response yes_perm
cat ./protected/motto >/dev/null 2>/dev/null && openers/opener1 ./protected/motto >/dev/null 2>/dev/null &&
echo "[ICFS-TEST]: OK" || echo "[ICFS-TEST]: OK" ||
echo "[ICFS-TEST]: echo cannot read protected/motto despite access being permitted!" # OK echo "[ICFS-TEST]: openers/opener1 cannot read protected/motto despite access being permitted!" # OK
zenity --set-fake-response no # this should be ignored icfs_dialogue --set-fake-response no # this should be ignored
cat ./protected/motto >/dev/null 2>/dev/null && openers/opener1 ./protected/motto >/dev/null 2>/dev/null &&
echo "[ICFS-TEST]: OK" || echo "[ICFS-TEST]: OK" ||
echo "[ICFS-TEST]: echo cannot read protected/motto despite access being permitted!" # OK echo "[ICFS-TEST]: openers/opener1 cannot read protected/motto despite access being permitted!" # OK
icfs_dialogue --set-fake-response no # this should be ignored
openers/symlinked_opener1 ./protected/motto >/dev/null 2>/dev/null &&
echo "[ICFS-TEST]: OK" ||
echo "[ICFS-TEST]: openers/symlinked_opener1 cannot read protected/motto despite access being permitted!" # OK
icfs_dialogue --set-fake-response no_perm
openers/opener2 ./protected/motto >/dev/null 2>/dev/null &&
echo "[ICFS-TEST]: openers/opener2 can read protected/motto despite access being denied!" ||
echo "[ICFS-TEST]: OK" # EACCESS
icfs_dialogue --set-fake-response yes # this should be ignored
openers/opener2 ./protected/motto >/dev/null 2>/dev/null &&
echo "[ICFS-TEST]: openers/opener2 can read protected/motto despite access being denied!" ||
echo "[ICFS-TEST]: OK" # EACCESS
icfs_dialogue --set-fake-response yes # this should be ignored
openers/symlinked_opener2 ./protected/motto >/dev/null 2>/dev/null &&
echo "[ICFS-TEST]: openers/symlinked_opener2 can read protected/motto despite access being denied!" ||
echo "[ICFS-TEST]: OK" # EACCESS
# test permission globbing
icfs_dialogue --set-fake-response yes
icfs_dialogue --set-fake-response-filename "/"
openers/opener3 ./protected/haystack >/dev/null 2>/dev/null &&
echo "[ICFS-TEST]: OK" ||
echo "[ICFS-TEST]: openers/opener3 cannot read protected/haystack/needle despite access being permitted!" # OK
icfs_dialogue --set-fake-response no
icfs_dialogue --set-fake-response-filename "/"
openers/opener4 ./protected/haystack >/dev/null 2>/dev/null &&
echo "[ICFS-TEST]: openers/opener4 can read files in protected/haystack despite access being denied!" ||
echo "[ICFS-TEST]: OK" # EACCESS
icfs_dialogue --set-fake-response yes_perm
icfs_dialogue --set-fake-response-filename "/"
openers/opener5 ./protected/haystack/needle >/dev/null 2>/dev/null &&
echo "[ICFS-TEST]: OK" ||
echo "[ICFS-TEST]: openers/opener5 cannot read protected/haystack/needle despite access being permitted!" # OK
icfs_dialogue --set-fake-response no # this should be ignored
openers/opener5 ./protected/haystack >/dev/null 2>/dev/null &&
echo "[ICFS-TEST]: OK" ||
echo "[ICFS-TEST]: openers/opener5 cannot read files in protected/haystack despite access being permitted!" # OK
icfs_dialogue --set-fake-response no_perm
icfs_dialogue --set-fake-response-filename "/"
openers/opener6 ./protected/haystack/needle >/dev/null 2>/dev/null &&
echo "[ICFS-TEST]: openers/opener6 can read protected/haystack/needle despite access being denied!" ||
echo "[ICFS-TEST]: OK" # EACCESS
icfs_dialogue --set-fake-response yes # this should be ignored
openers/opener6 ./protected/haystack >/dev/null 2>/dev/null &&
echo "[ICFS-TEST]: openers/opener6 can read files in protected/haystack despite access being denied!" ||
echo "[ICFS-TEST]: OK" # EACCESS
# test database access # test database access
if [[ -r "./.pt.db" || -w "./.pt.db" ]]; then if [[ $1 == '--setuid' ]]; then
echo "[ICFS-TEST]: permanent permissions is accessible!" if [[ -r "./.pt.db" || -w "./.pt.db" ]]; then
echo "[ICFS-TEST]: permanent permissions database is accessible!"
else
echo "[ICFS-TEST]: OK"
fi
else else
echo "[ICFS-TEST]: OK" echo "[ICFS-TEST]: permanent permissions database access was not tested due to the lack of seuid bit setting capabilites. To test this, run the script with '--setuid' flag"
fi fi
if [[ $1 == "--perf" ]]; then RUNS_NUM=500
zenity --set-fake-response yes_tmp
rm -rf ./protected/* if [[ $1 == '--performance' ]]; then
zenity --set-fake-response yes_alt
bonnie++ -p 4 #warmup
bonnie++ -d ./protected -c 4 -r 256 -y s >/dev/null & icfs_dialogue --set-fake-response yes
bonnie++ -d ./protected -c 4 -r 256 -y s >/dev/null & parallel -j8 ::: "./stress.bash $RUNS_NUM openers/opener10"
bonnie++ -d ./protected -c 4 -r 256 -y s >/dev/null &
bonnie++ -d ./protected -c 4 -r 256 -y s >/dev/null icfs_dialogue --set-fake-response yes
bonnie++ -p -1 echo "[ICFS-TEST]: temp permissions"
time parallel -j8 ::: "./stress.bash $RUNS_NUM openers/opener7"
icfs_dialogue --set-fake-response yes_perm
echo "[ICFS-TEST]: perm permissions"
time parallel -j8 ::: "./stress.bash $RUNS_NUM openers/opener8"
fi fi
# unmount # unmount
sleep 0.5 sleep 0.5
#lsof +f -- $(realpath ./protected) #lsof +f -- $(realpath ./protected)
umount $(realpath ./protected) umount "$(realpath ./protected)"
sleep 0.5 sleep 3
if [[ $1 == "--perf" ]]; then if [[ $1 == '--performance' ]]; then
mv ./callgraph.png ./callgraph_old.png
real_user=$USER #warmup
sudo chown "$real_user" ./perf.data parallel -j8 ::: "./stress.bash $RUNS_NUM openers/opener9"
perf script --dsos=icfs | gprof2dot -f perf | dot -Tpng -o callgraph.png
echo "Profile graph was written to \"callgraph.png\"" echo "[ICFS-TEST]: bare filesystem"
time parallel -j8 ::: "./stress.bash $RUNS_NUM openers/opener9"
fi fi