1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-29 06:55:07 +00:00

Kernel: Add Credentials to hold a set of user and group IDs

This patch adds a new object to hold a Process's user credentials:

- UID, EUID, SUID
- GID, EGID, SGID, extra GIDs

Credentials are immutable and child processes initially inherit the
Credentials object from their parent.

Whenever a process changes one or more of its user/group IDs, a new
Credentials object is constructed.

Any code that wants to inspect and act on a set of credentials can now
do so without worrying about data races.
This commit is contained in:
Andreas Kling 2022-08-20 18:25:54 +02:00
parent bec314611d
commit 122d7d9533
11 changed files with 366 additions and 128 deletions

View file

@ -11,17 +11,20 @@ namespace Kernel {
bool InodeMetadata::may_read(Process const& process) const
{
return may_read(process.euid(), process.egid(), process.extra_gids());
auto credentials = process.credentials();
return may_read(credentials->euid(), credentials->egid(), credentials->extra_gids());
}
bool InodeMetadata::may_write(Process const& process) const
{
return may_write(process.euid(), process.egid(), process.extra_gids());
auto credentials = process.credentials();
return may_write(credentials->euid(), credentials->egid(), credentials->extra_gids());
}
bool InodeMetadata::may_execute(Process const& process) const
{
return may_execute(process.euid(), process.egid(), process.extra_gids());
auto credentials = process.credentials();
return may_execute(credentials->euid(), credentials->egid(), credentials->extra_gids());
}
}