fedir/ICFS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: fedir:profiling
Branches Tags
fedir:main fedir:new-dialogue fedir:profiling fedir:setuid fedir:creation_permissions fedir:Temp_permission_table fedir:Testing fedir:API fedir:basic-passthough
..
compare: fedir:c4ef955ff1528d10646ca98a331ca9bfbde150f1
Branches Tags
fedir:main fedir:new-dialogue fedir:profiling fedir:setuid fedir:creation_permissions fedir:Temp_permission_table fedir:Testing fedir:API fedir:basic-passthough

3 Commits
profiling ... c4ef955ff1

Author SHA1 Message Date
fedir
c4ef955ff1 Added a cleaner way of allocating the zenity command. 2025-04-15 19:02:36 +02:00
fedir
3157940c0b add a missing header 2025-04-15 18:58:18 +02:00
fedir
92378c1cde add exerimental deny flag in the tables 
For now, perm table does not set the thrid parameter to anything useful
 2025-04-15 18:57:57 +02:00
9 changed files with 191 additions and 191 deletions
Expand all files Collapse all files

4
Makefile
View File

@@ -21,14 +21,14 @@ endif
# set up cflags and libs
CFLAGS := -D_FILE_OFFSET_BITS=64 -g
CFLAGS := -D_FILE_OFFSET_BITS=64
LDFLAGS :=
CFLAGS += $(shell pkg-config --cflags $(PACKAGE_NAMES))
LDFLAGS += $(shell pkg-config --libs $(PACKAGE_NAMES))
ifeq ($(DEBUG),1)
CFLAGS += -O0 -pedantic -Wall -Wextra -Wcast-align \
CFLAGS += -O0 -pedantic -g -Wall -Wextra -Wcast-align \
-Wcast-qual -Wdisabled-optimization -Wformat=2 \
-Winit-self -Wlogical-op -Wmissing-declarations \
-Wmissing-include-dirs -Wredundant-decls -Wshadow \

6
src/access_t.h Normal file
View File

@@ -0,0 +1,6 @@
#ifndef ACCESS_T_H
#define ACCESS_T_H
typedef enum { DENY, ALLOW, ALLOW_TEMP, NDEF } access_t;
#endif // !ACCESS_T_H

139
src/perm_permissions_table.c
View File

@@ -7,6 +7,7 @@
*/
#include "perm_permissions_table.h"
#include "access_t.h"
#include "process_info.h"
#include <fcntl.h>
#include <pthread.h>
@@ -23,11 +24,10 @@
sqlite3 *perm_database = NULL;
const char *const table_name = "permissions";
// one row corresponds to a permission to access one file for one executable
const int column_count = 2;
const char *const schema[] = {"executable", "filename"};
const char *const types[] = {"TEXT", "TEXT"};
const int column_count = 3;
const char *const schema[] = {"executable", "filename", "mode"};
const char *const types[] = {"TEXT", "TEXT", "INTEGER"};
uid_t ruid, euid, current_pid;
sqlite3_stmt *perm_check_statement = NULL;
pthread_mutex_t uid_switch = PTHREAD_MUTEX_INITIALIZER;
void set_db_fsuid() {
@@ -70,9 +70,10 @@ static int check_table_col_schema(void *notused, int argc, char **argv,
}
int column_num = atoi(argv[0]);
if (column_num >= column_count) {
fprintf(stderr, "Table contains more columns than expected.\n");
fprintf(stderr, "Table contains unexpected amount of columns.\n");
return 1;
}
if (strcmp(schema[column_num], argv[1]) == 0 &&
strcmp(types[column_num], argv[2]) == 0) {
return 0;
@@ -91,8 +92,9 @@ static int set_flag(void *flag, int argc, char **argv, char **colname) {
int create_database_schema() {
fprintf(stderr, "Creating table 'permissions'.\n");
const char *create_query = "CREATE TABLE permissions(executable TEXT NOT "
"NULL, filename TEXT NOT NULL);";
const char *create_query =
"CREATE TABLE permissions(executable TEXT NOT "
"NULL, filename TEXT NOT NULL, mode INTEGER NOT NULL);";
char *err = NULL;
int ret = sqlite3_exec(perm_database, create_query, NULL, NULL, &err);
@@ -142,45 +144,6 @@ int ensure_database_schema() {
return 0;
}
int prepare_sql_queries() {
const char *query_template =
"SELECT * FROM %s WHERE executable = ? AND filename = ?;";
char *query_string = NULL;
int query_len = snprintf(NULL, 0, query_template, table_name) + 1;
if (query_len < 0) {
fprintf(stderr, "Failed to prepare statement");
perror("");
return 1;
}
query_string = malloc(query_len);
if (query_string == NULL) {
fprintf(stderr, "Failed to allocate memory for the query");
perror("");
return 1;
}
int ret = snprintf(query_string, query_len, query_template, table_name);
if (ret < 0) {
fprintf(stderr, "Failed to prepare statement");
perror("");
free(query_string);
return 1;
}
if (sqlite3_prepare_v2(perm_database, query_string, -1, &perm_check_statement,
NULL) != SQLITE_OK) {
fprintf(stderr, "Failed to prepare statement: %s\n",
sqlite3_errmsg(perm_database));
free(query_string);
return 1;
}
free(query_string);
return 0;
}
void free_sql_queries(void) { sqlite3_finalize(perm_check_statement); }
/**
* Initializes the permanent permissions table.
*
@@ -209,61 +172,58 @@ int init_perm_permissions_table(const char *db_filename) {
int status = seteuid(ruid);
if (status < 0) {
fprintf(stderr, "Couldn't set euid to ruid.\n");
fprintf(stderr, "Couldn't set euid to ruid during database setup.\n");
exit(status);
}
if (prepare_sql_queries()) {
fprintf(stderr, "Couldn't prepare sql queries.\n");
exit(status);
}
return 0;
}
/**
* Destroys the permanent permissions table.
*/
void destroy_perm_permissions_table(void) {
free_sql_queries();
sqlite3_close(perm_database);
}
void destroy_perm_permissions_table() { sqlite3_close(perm_database); }
/**
* Checks if the process has a permanent access to the file.
*
* @param filename: The file that the process is trying to access
* @pram pi: The process information
* @return: 0 if access is denied, 1 if access is allowed
* @return: access status - ALLOW, DENY or NDEF in case if no information was
* found
*/
int check_perm_access(const char *filename, struct process_info pi) {
size_t query_len =
56 + strlen(table_name) + strlen(filename) + strlen(pi.name);
const char *query = malloc(query_len);
size_t should_be_written = snprintf(
query, query_len,
"SELECT * FROM %s WHERE executable = \'%s\' AND filename = \'%s\';",
table_name, pi.name, filename);
// -1 for the \0
if (should_be_written != query_len - 1) {
fprintf(stderr,
"Unexpected query size while permanent access rule check: "
"Expected %lu, but snprintf returned %lu. The query: %s\n",
query_len, should_be_written, query);
return 0;
access_t check_perm_access(const char *filename, struct process_info pi) {
char *query = NULL;
int ret = asprintf(&query,
"SELECT * FROM %s WHERE executable = \'%s\' "
"AND filename = \'%s\' AND mode = TRUE;",
table_name, pi.name, filename);
if (ret < 0) {
// If asprintf fails, the contents of query are undefined (see man
// asprintf). That does not explicitly rule out that query will be a valid
// pointer. But the risk of freeing a non-allocated pointer is too much to
// justify preparing for this.
fprintf(stderr, "Could not create query on access check");
perror("");
return NDEF;
}
char *sqlite_error = NULL;
int flag = 0;
int ret = sqlite3_exec(perm_database, query, set_flag, &flag, &sqlite_error);
ret = sqlite3_exec(perm_database, query, set_flag, &flag, &sqlite_error);
free((void *)query);
if (ret != SQLITE_OK) {
fprintf(stderr, "SQLite returned an error: %s\n", sqlite_error);
sqlite3_free(sqlite_error);
free(query);
return 0;
return NDEF;
}
free(query);
return flag;
if (flag) {
return ALLOW;
}
return NDEF;
}
/**
@@ -274,23 +234,23 @@ int check_perm_access(const char *filename, struct process_info pi) {
* @return: 0 on success, 1 on failure
*/
int give_perm_access(const char *filename, struct process_info pi) {
size_t query_len =
30 + strlen(table_name) + strlen(filename) + strlen(pi.name);
const char *query = malloc(query_len);
size_t should_be_written =
snprintf(query, query_len, "INSERT INTO %s VALUES (\'%s\', \'%s\');",
table_name, pi.name, filename);
// -1 for the \0
if (should_be_written != query_len - 1) {
fprintf(stderr,
"Unexpected query size while permanent access rule insertion: "
"Expected %lu, but snprintf returned %lu\n",
query_len, should_be_written);
char *query = NULL;
int ret = asprintf(&query, "INSERT INTO %s VALUES (\'%s\', \'%s\', TRUE);",
table_name, pi.name, filename);
if (ret < 0) {
// If asprintf fails, the contents of query are undefined (see man
// asprintf). That does not explicitly rule out that query will be a valid
// pointer. But the risk of freeing a non-allocated pointer is too much to
// justify preparing for this.
fprintf(stderr, "Could not create query on rule insertion");
perror("");
return 1;
}
char *sqlite_error = NULL;
int ret = sqlite3_exec(perm_database, query, NULL, NULL, &sqlite_error);
ret = sqlite3_exec(perm_database, query, NULL, NULL, &sqlite_error);
free(query);
if (ret != SQLITE_OK) {
fprintf(stderr, "SQLite returned an error: %s\n", sqlite_error);
sqlite3_free(sqlite_error);
@@ -298,6 +258,5 @@ int give_perm_access(const char *filename, struct process_info pi) {
return 1;
}
free(query);
return 0;
}

6
src/perm_permissions_table.h
View File

@@ -9,6 +9,7 @@
#ifndef PERM_PERMISSION_TABLE_H
#define PERM_PERMISSION_TABLE_H
#include "access_t.h"
#include "process_info.h"
/**
@@ -29,9 +30,10 @@ void destroy_perm_permissions_table();
*
* @param filename: The file that the process is trying to access
* @pram pi: The process information
* @return: 0 if access is denied, 1 if access is allowed
* @return: access status - ALLOW, DENY or NDEF in case if no information was
* found
*/
int check_perm_access(const char *filename, struct process_info pi);
access_t check_perm_access(const char *filename, struct process_info pi);
/**
* Gives permanent access to the process to the file.

74
src/temp_permissions_table.c
View File

@@ -7,6 +7,7 @@
*/
#include "temp_permissions_table.h"
#include "access_t.h"
#include "cc.h"
#include "process_info.h"
#include <pthread.h>
@@ -18,6 +19,7 @@ struct temp_process_permissions {
// proc_pid_stat(5))
unsigned long long creation_time;
vec(char *) allowed_files;
vec(char *) denied_files;
};
map(pid_t, struct temp_process_permissions) temp_permissions_table;
@@ -33,8 +35,8 @@ pthread_mutex_t temp_permissions_table_lock;
* never really equal to 0, it exceptionally unlikely.
*/
unsigned long long get_process_creation_time(pid_t pid) {
char path[32];
FILE *fp;
char path[256];
FILE *fp = NULL;
unsigned long long creation_time = 0;
// Construct the path to the process's status file
@@ -72,7 +74,7 @@ unsigned long long get_process_creation_time(pid_t pid) {
*
* @return: 0 on success, -1 on failure (e.g. ENOMEM)
*/
int init_temp_permissions_table() {
int init_temp_permissions_table(void) {
pthread_mutex_init(&temp_permissions_table_lock, PTHREAD_MUTEX_DEFAULT);
init(&temp_permissions_table);
return 0;
@@ -81,14 +83,21 @@ int init_temp_permissions_table() {
/**
* Destroys the temporary permissions table.
*
* @note: the table is guranteed to be destroyed if it is already initialized
* @note: the table is guranteed to be destroyed if it is already initialized.
* It does not indicate any errors whatsoever. If something goes wrong - you are
* screwed.
*/
void destroy_temp_permissions_table() {
void destroy_temp_permissions_table(void) {
// free the memory allocated for the table
for_each(&temp_permissions_table, entry) {
for_each(&entry->allowed_files, allowed_file) { free(*allowed_file); }
cleanup(&entry->allowed_files);
}
for_each(&temp_permissions_table, entry) {
for_each(&entry->denied_files, denied_file) { free(*denied_file); }
cleanup(&entry->denied_files);
}
cleanup(&temp_permissions_table);
pthread_mutex_destroy(&temp_permissions_table_lock);
}
@@ -98,10 +107,10 @@ void destroy_temp_permissions_table() {
*
* @param filename: The file that the process is trying to access
* @pram pid: PID of the process
* @return: 0 if access is denied, 1 if access is allowed
* @return: access status - ALLOW, DENY or NDEF in case if no information was
* found is avaliable
*/
int check_temp_access_noparent(const char *filename, pid_t pid) {
access_t check_temp_access_noparent(const char *filename, pid_t pid) {
// TODO: more efficient locking
pthread_mutex_lock(&temp_permissions_table_lock);
struct temp_process_permissions *permission_entry =
@@ -111,22 +120,28 @@ int check_temp_access_noparent(const char *filename, pid_t pid) {
if (process_creation_time == 0) {
perror("Could not retrieve process creation time");
pthread_mutex_unlock(&temp_permissions_table_lock);
return 0;
return NDEF;
}
if (process_creation_time == permission_entry->creation_time) {
// the process is the same as the one that was granted temporary access
// to the file
for_each(&permission_entry->denied_files, denied_file) {
if (strncmp(*denied_file, filename, strlen(filename)) == 0) {
pthread_mutex_unlock(&temp_permissions_table_lock);
return DENY;
}
}
for_each(&permission_entry->allowed_files, allowed_file) {
if (strncmp(*allowed_file, filename, strlen(filename)) == 0) {
pthread_mutex_unlock(&temp_permissions_table_lock);
return 1;
return ALLOW;
}
}
}
}
pthread_mutex_unlock(&temp_permissions_table_lock);
return 0;
return NDEF;
}
/**
@@ -165,31 +180,36 @@ pid_t get_parent_pid(pid_t pid) {
*
* @param filename: The file that the process is trying to access
* @pram pi: The process information
* @return: 0 if access is denied, 1 if access is allowed
* @return: access status - ALLOW, DENY or NDEF in case if no information was
* found. Does not return ALLOW_TEMP.
* @note: In case one of the parent processes is killed while this function
* execution the result is not guranteed to be correct. It should only lead to
* false negatives, though.
*/
int check_temp_access(const char *filename, struct process_info pi) {
access_t check_temp_access(const char *filename, struct process_info pi) {
pid_t current_pid = pi.PID;
while (current_pid != 0) {
if (check_temp_access_noparent(filename, current_pid)) {
return 1;
access_t access = check_temp_access_noparent(filename, current_pid);
if (access != NDEF) {
return access;
}
current_pid = get_parent_pid(current_pid);
}
return 0;
return NDEF;
}
/**
* Gives temporary access to the process to the file.
* Sets temporary access mode of the process to the file.
*
* @param filename: The file that the process is trying to access
* @param pi: The process information
* @return: 0 on success, -1 on failure (e.g. ENOMEM)
* @param mode: Kind of access rule to be set - SET_DENY to deny access, and
* SET_ALLOW to allow access.
* @return: 0 on success, -1 on failure.
*/
int give_temp_access(const char *filename, struct process_info pi) {
int set_temp_access(const char *filename, struct process_info pi,
set_mode_t mode) {
pthread_mutex_lock(&temp_permissions_table_lock);
struct temp_process_permissions *permission_entry =
get(&temp_permissions_table, pi.PID);
@@ -207,7 +227,13 @@ int give_temp_access(const char *filename, struct process_info pi) {
if (process_creation_time == permission_entry->creation_time) {
// the process is the same as the one that was granted temporary access
// to the file
push(&permission_entry->allowed_files, strdup(filename));
if (mode == SET_ALLOW) {
push(&permission_entry->allowed_files, strdup(filename));
}
if (mode == SET_DENY) {
push(&permission_entry->denied_files, strdup(filename));
}
pthread_mutex_unlock(&temp_permissions_table_lock);
return 0;
}
@@ -223,7 +249,13 @@ int give_temp_access(const char *filename, struct process_info pi) {
new_permission_entry.creation_time = get_process_creation_time(pi.PID);
init(&new_permission_entry.allowed_files);
push(&new_permission_entry.allowed_files, strdup(filename));
init(&new_permission_entry.denied_files);
if (mode == SET_ALLOW) {
push(&new_permission_entry.allowed_files, strdup(filename));
}
if (mode == SET_DENY) {
push(&new_permission_entry.denied_files, strdup(filename));
}
insert(&temp_permissions_table, pi.PID, new_permission_entry);

43
src/temp_permissions_table.h
View File

@@ -2,6 +2,7 @@
#ifndef TEMP_PERMISSIONS_TABLE_H
#define TEMP_PERMISSIONS_TABLE_H
#include "access_t.h"
#include "process_info.h"
/**
@@ -9,31 +10,43 @@
*
* @return: 0 on success, -1 on failure (e.g. ENOMEM)
*/
int init_temp_permissions_table();
int init_temp_permissions_table(void);
/**
* Destroys the temporary permissions table.
*
* @note: the table is guranteed to be destroyed if it is already initialized
* @note: the table is guranteed to be destroyed if it is already initialized.
* It does not indicate any errors whatsoever. If something goes wrong - you are
* screwed.
*/
void destroy_temp_permissions_table();
void destroy_temp_permissions_table(void);
/**
* Checks if the process has a temporary access to the file.
* Checks if the process or any of it's parents have temporary access to the
* file.
*
* @param filename: The file that the process is trying to access
* @pram pi: The process information
* @return: access status - ALLOW, DENY or NDEF in case if no information was
* found. Does not return ALLOW_TEMP.
* @note: In case one of the parent processes is killed while this function
* execution the result is not guranteed to be correct. It should only lead to
* false negatives, though.
*/
access_t check_temp_access(const char *filename, struct process_info pi);
typedef enum { SET_DENY, SET_ALLOW } set_mode_t;
/**
* Sets temporary access mode of the process to the file.
*
* @param filename: The file that the process is trying to access
* @param pi: The process information
* @return: 0 if access is denied, 1 if access is allowed
* @param mode: Kind of access rule to be set - SET_DENY to deny access, and
* SET_ALLOW to allow access.
* @return: 0 on success, -1 on failure.
*/
int check_temp_access(const char *filename, struct process_info pi);
/**
* Gives temporary access to the process to the file.
*
* @param filename: The file that the process is trying to access
* @param pi: The process information
* @return: 0 on success, -1 on failure (e.g. ENOMEM)
*/
int give_temp_access(const char *filename, struct process_info pi);
int set_temp_access(const char *filename, struct process_info pi,
set_mode_t mode);
#endif // !TEMP_PERMISSIONS_TABLE_H

73
src/ui-socket.c
View File

@@ -6,6 +6,7 @@
See the file LICENSE.
*/
#include "access_t.h"
#include <stddef.h>
#include <sys/types.h>
#include <time.h>
@@ -58,19 +59,28 @@ void destroy_ui_socket(void) {
*
* @param filename: The file that the process is trying to access
* @param pi: The process information
* @return: 0 if access is denied, 1 if access is allowed, 2 if access is
* @return: access status - ALLOW, DENY or ALLOW_TEMP
* allowed for the runtime of the process
*/
int ask_access(const char *filename, struct process_info proc_info) {
access_t ask_access(const char *filename, struct process_info proc_info) {
FILE *fp = NULL;
size_t command_len =
139 + sizeof(pid_t) * 8 + strlen(proc_info.name) + strlen(filename);
char *command = (char *)malloc(command_len);
snprintf(command, command_len,
"zenity --question --extra-button \"Allow this time\" --title "
"\"Allow Access?\" --text \"Allow process "
"<tt>%s</tt> with PID <tt>%d</tt> to access <tt>%s</tt>\"",
proc_info.name, proc_info.PID, filename);
char *command = NULL;
int ret =
asprintf(&command,
"zenity --question --extra-button \"Allow this time\" --title "
"\"Allow Access?\" --text \"Allow process "
"<tt>%s</tt> with PID <tt>%d</tt> to access <tt>%s</tt>\"",
proc_info.name, proc_info.PID, filename);
if (ret < 0) {
// If asprintf fails, the contents of command are undefined (see man
// asprintf). That does not explicitly rule out that command will be a valid
// pointer. But the risk of freeing a non-allocated pointer is too much to
// justify preparing for this.
fprintf(stderr, "Could not create query on rule insertion");
perror("");
return 1;
}
// Zenity Question Message Popup
fp = popen(command, "r");
@@ -78,7 +88,7 @@ int ask_access(const char *filename, struct process_info proc_info) {
if (fp == NULL) {
perror("Pipe returned a error");
return -1;
return DENY;
}
// if the user clicks the "Allow this time" button, `zenity` will only
@@ -89,7 +99,7 @@ int ask_access(const char *filename, struct process_info proc_info) {
printf("%s", buffer);
if (strcmp(buffer, ZENITY_TEMP_ALLOW_MESSAGE) == 0) {
pclose(fp);
return 2;
return ALLOW_TEMP;
}
}
@@ -97,10 +107,10 @@ int ask_access(const char *filename, struct process_info proc_info) {
fprintf(stderr, "zenity returned %d\n", zenity_exit_code);
// zenity returns 1 on "No" >:(
if (zenity_exit_code == 0) {
return 1;
return ALLOW;
}
return 0;
return DENY;
}
/**
@@ -117,11 +127,21 @@ int ask_access(const char *filename, struct process_info proc_info) {
int interactive_access(const char *filename, struct process_info proc_info,
int opts) {
if (check_temp_access(filename, proc_info) ||
check_perm_access(filename, proc_info)) {
// access was already granted before
access_t access = check_temp_access(filename, proc_info);
if (access == ALLOW) {
return 1;
}
if (access == DENY) {
return 0;
}
access = check_perm_access(filename, proc_info);
if (access == ALLOW) {
return 1;
}
if (access == DENY) {
return 0;
}
// if noth GRANT_TEMP and GRANT_PERM are selected, then only permanent
// permissions are granted
@@ -131,23 +151,26 @@ int interactive_access(const char *filename, struct process_info proc_info,
return 1;
}
if (opts & GRANT_TEMP) {
give_temp_access(filename, proc_info);
set_temp_access(filename, proc_info, SET_ALLOW);
return 1;
}
int user_response = ask_access(filename, proc_info);
if (user_response == 1) {
// user said "yes"
access_t user_response = ask_access(filename, proc_info);
if (user_response == ALLOW) {
give_perm_access(filename, proc_info);
return 1;
}
if (user_response == 2) {
// user said "yes, but only this time"
give_temp_access(filename, proc_info);
if (user_response == ALLOW_TEMP) {
set_temp_access(filename, proc_info, SET_ALLOW);
return 1;
}
// otherwise "no"
if (user_response == DENY) {
set_temp_access(filename, proc_info, SET_DENY);
return 0;
}
// deny on unknown options.
return 0;
}

7
test/mock/zenity
View File

@@ -12,17 +12,10 @@ else
if [[ $FAKE_ZENITY_RESPONSE == "yes_tmp" ]]; then
printf "Allow this time\n"
exit 1
elif [[ $FAKE_ZENITY_RESPONSE == "yes_tmp_alt" ]]; then
printf "Allow this time\n"
echo "yes_alt" >~/.fake_zenity_response
exit 1
elif [[ $FAKE_ZENITY_RESPONSE == "no" ]]; then
exit 1
elif [[ $FAKE_ZENITY_RESPONSE == "yes" ]]; then
exit 0
elif [[ $FAKE_ZENITY_RESPONSE == "yes_alt" ]]; then
echo "yes_tmp_alt" >~/.fake_zenity_response
exit 0
fi
fi
fi

30
test/test.bash
View File

@@ -25,18 +25,10 @@ if [[ $1 == "--setuid" ]]; then
echo "Valgrind will not be used due to setuid compatibility issues."
../build/icfs -o default_permissions ./protected ./.pt.db &
sleep 1
elif [[ $1 == "--perf" ]]; then
echo "Profiling with perf..."
../build/icfs -o default_permissions ./protected ./.pt.db &
echo "Profiling will require root privilieges."
sleep 3
echo "Attaching to $(pgrep icfs)"
sudo perf record -g -e cycles:u --call-graph dwarf -p $(pgrep icfs) &
sleep 10
else
echo "Database protection will not be tested due to the lack of setuid capabilites."
echo "To test it, run this script with '--setuid'."
valgrind --leak-check=full -s ../build/icfs -o default_permissions ./protected ./.pt.db &
valgrind -s ../build/icfs -o default_permissions ./protected ./.pt.db &
sleep 5
fi
@@ -134,29 +126,9 @@ else
echo "[ICFS-TEST]: OK"
fi
if [[ $1 == "--perf" ]]; then
zenity --set-fake-response yes_tmp
rm -rf ./protected/*
zenity --set-fake-response yes_alt
bonnie++ -p 4
bonnie++ -d ./protected -c 4 -r 256 -y s >/dev/null &
bonnie++ -d ./protected -c 4 -r 256 -y s >/dev/null &
bonnie++ -d ./protected -c 4 -r 256 -y s >/dev/null &
bonnie++ -d ./protected -c 4 -r 256 -y s >/dev/null
bonnie++ -p -1
fi
# unmount
sleep 0.5
#lsof +f -- $(realpath ./protected)
umount $(realpath ./protected)
sleep 0.5
if [[ $1 == "--perf" ]]; then
mv ./callgraph.png ./callgraph_old.png
real_user=$USER
sudo chown "$real_user" ./perf.data
perf script --dsos=icfs | gprof2dot -f perf | dot -Tpng -o callgraph.png
echo "Profile graph was written to \"callgraph.png\""
fi