fedir/ICFS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

creation_permissions #6

Merged
fedir merged 4 commits from creation_permissions into main 2025-03-31 14:37:26 +02:00
Conversation 0 Commits 4 Files Changed 5 +48 -37
5 changed files with 48 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/fuse_operations.c
View File

@ -116,12 +116,11 @@ static int xmp_access(const char *path, int mask) {
struct fuse_context *fc = fuse_get_context();
pi.PID = fc->pid;
pi.UID = fc->uid;
pi.name = get_process_name_by_pid(pi.PID);
// fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
if (!interactive_access(real_filename(path), pi)) {
if (!interactive_access(real_filename(path), pi, 0)) {
free(pi.name);
return -EACCES;
}
@ -281,12 +280,11 @@ static int xmp_unlink(const char *path) {
// ask the user for the permission for deleting the file
pi.PID = fc->pid;
pi.UID = fc->uid;
pi.name = get_process_name_by_pid(pi.PID);
// fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
if (!interactive_access(real_filename(path), pi)) {
if (!interactive_access(real_filename(path), pi, 0)) {
free(pi.name);
return -EACCES;
}
@ -330,12 +328,11 @@ static int xmp_rename(const char *from, const char *to, unsigned int flags) {
struct fuse_context *fc = fuse_get_context();
pi.PID = fc->pid;
pi.UID = fc->uid;
pi.name = get_process_name_by_pid(pi.PID);
// fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
if (!interactive_access(real_filename(from), pi)) {
if (!interactive_access(real_filename(from), pi, 0)) {
free(pi.name);
return -EACCES;
}
@ -343,7 +340,7 @@ static int xmp_rename(const char *from, const char *to, unsigned int flags) {
// the "to" file may exist and the process needs to get persmission to modify
// it
if (source_access(to, F_OK) == 0 &&
!interactive_access(real_filename(to), pi)) {
!interactive_access(real_filename(to), pi, 0)) {
free(pi.name);
return -EACCES;
}
@ -363,11 +360,10 @@ static int xmp_link(const char *from, const char *to) {
struct fuse_context *fc = fuse_get_context();
pi.PID = fc->pid;
pi.UID = fc->uid;
pi.name = get_process_name_by_pid(pi.PID);
// fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
if (!interactive_access(real_filename(from), pi)) {
if (!interactive_access(real_filename(from), pi, 0)) {
free(pi.name);
return -EACCES;
}
@ -389,11 +385,10 @@ static int xmp_chmod(const char *path, mode_t mode, struct fuse_file_info *fi) {
struct fuse_context *fc = fuse_get_context();
pi.PID = fc->pid;
pi.UID = fc->uid;
pi.name = get_process_name_by_pid(pi.PID);
// fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
if (!interactive_access(real_filename(path), pi)) {
if (!interactive_access(real_filename(path), pi, 0)) {
free(pi.name);
return -EACCES;
}
@ -421,11 +416,10 @@ static int xmp_chown(const char *path, uid_t uid, gid_t gid,
struct fuse_context *fc = fuse_get_context();
pi.PID = fc->pid;
pi.UID = fc->uid;
pi.name = get_process_name_by_pid(pi.PID);
// fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
if (!interactive_access(real_filename(path), pi)) {
if (!interactive_access(real_filename(path), pi, 0)) {
free(pi.name);
return -EACCES;
}
@ -476,17 +470,16 @@ static int xmp_utimens(const char *path, const struct timespec ts[2],
static int xmp_create(const char *path, mode_t mode,
struct fuse_file_info *fi) {
int fd;
int fd = -1;
struct process_info pi;
struct fuse_context *fc = fuse_get_context();
pi.PID = fc->pid;
pi.UID = fc->uid;
pi.name = get_process_name_by_pid(pi.PID);
// fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
if (!interactive_access(real_filename(path), pi)) {
if (!interactive_access(real_filename(path), pi, GRANT_PERM)) {
free(pi.name);
return -EACCES;
}
@ -507,11 +500,10 @@ static int xmp_open(const char *path, struct fuse_file_info *fi) {
struct fuse_context *fc = fuse_get_context();
pi.PID = fc->pid;
pi.UID = fc->uid;
pi.name = get_process_name_by_pid(pi.PID);
// fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
if (!interactive_access(real_filename(path), pi)) {
if (!interactive_access(real_filename(path), pi, 0)) {
free(pi.name);
return -EACCES;
}

1
src/process_info.h
View File

@ -6,7 +6,6 @@
struct process_info {
pid_t PID;
const char *name;
uid_t UID;
};
#endif // PROCESS_INFO_H

22
src/ui-socket.c
View File

@ -10,7 +10,6 @@
#include <sys/types.h>
#include <time.h>
#define _GNU_SOURCE
#include "cc.h"
#include "perm_permissions_table.h"
#include "temp_permissions_table.h"
#include "ui-socket.h"
@ -61,9 +60,9 @@ void destroy_ui_socket() {
* GUI
*
* @param filename: The file that the process is trying to access
* @pram pi: The process information
* @return: 0 if access is denied, 1 if access is allowed, 2 if access is allwed
* for the runtime of the process
* @param pi: The process information
* @return: 0 if access is denied, 1 if access is allowed, 2 if access is
* allowed for the runtime of the process
*/
int ask_access(const char *filename, struct process_info pi) {
FILE *fp;
@ -115,15 +114,28 @@ int ask_access(const char *filename, struct process_info pi) {
*
* @param filename: The file that the process is trying to access
* @pram pi: The process information
* @param opts: options (GRANT_TEMP, GRANT_PERM)
* @return: 0 if access is denied, 1 if access is allowed
*/
int interactive_access(const char *filename, struct process_info pi) {
int interactive_access(const char *filename, struct process_info pi, int opts) {
if (check_temp_access(filename, pi) || check_perm_access(filename, pi)) {
// access was already granted before
return 1;
}
// if noth GRANT_TEMP and GRANT_PERM are selected, then only permanent
// permissions are granted
if (opts & GRANT_PERM) {
give_perm_access(filename, pi);
return 1;
}
if (opts & GRANT_TEMP) {
give_temp_access(filename, pi);
return 1;
}
int user_response = ask_access(filename, pi);
if (user_response == 1) {
// user said "yes"

7
src/ui-socket.h
View File

@ -36,8 +36,13 @@ void destroy_ui_socket(void);
*
* @param filename: The file that the process is trying to access
* @pram pi: The process information
* @param opts: options (GRANT_TEMP, GRANT_PERM)
* @return: 0 if access is denied, 1 if access is allowed
*/
int interactive_access(const char *filename, struct process_info pi);
int interactive_access(const char *filename, struct process_info pi, int opts);
#define GRANT_TEMP 1
#define GRANT_PERM 2
// #define TABLE_ONLY 4 // NOTE: Add this in the future?
#endif // !UI_SOCKET_H

27
test/test.bash
View File

@ -20,27 +20,30 @@ valgrind -s ../build/icfs -o default_permissions ./protected &
sleep 5
# WARN: please don't use `>` or `>>` operators. They force **this script** to open the file, **not the program you are trying to run**. This is probably not what you mean when you want to test a specific program's access.
# WARN: avoid using touch, since it generates errors because setting times is not implemented in icfs **yet**.
# create files
zenity --set-fake-response no
touch ./protected/should-not-exist 2>/dev/null &&
echo "[ICFS-TEST]: touch can create protected/should-not-exist despite access being denied!" ||
echo "[ICFS-TEST]: OK" # EACCESS
truncate -s 0 ./protected/should-exist-anyway 2>/dev/null &&
echo "[ICFS-TEST]: OK" ||
echo "[ICFS-TEST]: truncate cannot create protected/should-exist despite access being permitted!" # OK
zenity --set-fake-response yes_tmp
touch ./protected/should-exist 2>/dev/null &&
truncate -s 0 ./protected/should-exist 2>/dev/null &&
echo "[ICFS-TEST]: OK" ||
echo "[ICFS-TEST]: touch cannot create protected/should-exist despite access being permitted!" # OK
echo "[ICFS-TEST]: truncate cannot create protected/should-exist despite access being permitted!" # OK
# write to files
zenity --set-fake-response no
echo "Linux is a cancer that attaches itself in an intellectual property sense to everything it touches." >./protected/truth 2>/dev/null &&
sed -e 'a\'"Linux is a cancer that attaches itself in an intellectual property sense to everything it touches." "./protected/truth" 2>/dev/null &&
echo "[ICFS-TEST]: echo can write to protected/lie despite access being denied!" ||
echo "[ICFS-TEST]: OK" # EACCESS
zenity --set-fake-response yes_tmp
echo "Sharing knowledge is the most fundamental act of friendship. Because it is a way you can give something without loosing something." >./protected/truth 2>/dev/null &&
sed -e 'a\'"Sharing knowledge is the most fundamental act of friendship. Because it is a way you can give something without loosing something." "./protected/truth" 2>/dev/null &&
echo "[ICFS-TEST]: OK" ||
echo "[ICFS-TEST]: echo cannot write to protected/truth despite access being permitted!" # OK
@ -90,17 +93,17 @@ chmod 000 ./protected/perm000 2>/dev/null &&
echo "[ICFS-TEST]: OK" ||
echo "[ICFS-TEST]: chmod cannot change permissions of protected/perm000 despite access being permitted!" # OK
# create files with permanent permissions
# test permanent permissions
zenity --set-fake-response yes
touch ./protected/friendly 2>/dev/null &&
cat ./protected/motto >/dev/null 2>/dev/null &&
echo "[ICFS-TEST]: OK" ||
echo "[ICFS-TEST]: touch cannot create protected/friendly despite access being permitted!" # OK
echo "[ICFS-TEST]: echo cannot read protected/motto despite access being permitted!" # OK
zenity --set-fake-response no # this should be ignored
touch ./protected/friendly-again 2>/dev/null &&
cat ./protected/motto >/dev/null 2>/dev/null &&
echo "[ICFS-TEST]: OK" ||
echo "[ICFS-TEST]: touch cannot create protected/friendly-again despite access being permitted!" # OK
echo "[ICFS-TEST]: echo cannot read protected/motto despite access being permitted!" # OK
# unmount