mirror of
https://github.com/RGBCube/serenity
synced 2025-05-30 13:58:11 +00:00
Kernel: Make O_RDONLY non-zero
Sergey suggested that having a non-zero O_RDONLY would make some things less confusing, and it seems like he's right about that. We can now easily check read/write permissions separately instead of dancing around with the bits. This patch also fixes unveil() validation for O_RDWR which previously forgot to check for "r" permission.
This commit is contained in:
parent
efbd1620d9
commit
6081c76515
6 changed files with 24 additions and 33 deletions
|
@ -239,13 +239,10 @@ KResultOr<NonnullRefPtr<FileDescription>> VFS::open(StringView path, int options
|
|||
|
||||
bool should_truncate_file = false;
|
||||
|
||||
// NOTE: Read permission is a bit weird, since O_RDONLY == 0,
|
||||
// so we check if (NOT write_only OR read_and_write)
|
||||
if (!(options & O_WRONLY) || (options & O_RDWR)) {
|
||||
if (!metadata.may_read(current->process()))
|
||||
return KResult(-EACCES);
|
||||
}
|
||||
if ((options & O_WRONLY) || (options & O_RDWR)) {
|
||||
if ((options & O_RDONLY) && !metadata.may_read(current->process()))
|
||||
return KResult(-EACCES);
|
||||
|
||||
if (options & O_WRONLY) {
|
||||
if (!metadata.may_write(current->process()))
|
||||
return KResult(-EACCES);
|
||||
if (metadata.is_directory())
|
||||
|
@ -748,21 +745,23 @@ KResult VFS::validate_path_against_process_veil(StringView path, int options)
|
|||
}
|
||||
return KSuccess;
|
||||
}
|
||||
if ((options & O_RDWR) || (options & O_WRONLY)) {
|
||||
if (options & O_RDONLY) {
|
||||
if (!(unveiled_path->permissions & UnveiledPath::Access::Read)) {
|
||||
dbg() << *current << " rejecting path '" << path << "' since it hasn't been unveiled with 'r' permission.";
|
||||
return KResult(-EACCES);
|
||||
}
|
||||
}
|
||||
if (options & O_WRONLY) {
|
||||
if (!(unveiled_path->permissions & UnveiledPath::Access::Write)) {
|
||||
dbg() << *current << " rejecting path '" << path << "' since it hasn't been unveiled with 'w' permission.";
|
||||
return KResult(-EACCES);
|
||||
}
|
||||
} else if (options & O_EXEC) {
|
||||
}
|
||||
if (options & O_EXEC) {
|
||||
if (!(unveiled_path->permissions & UnveiledPath::Access::Execute)) {
|
||||
dbg() << *current << " rejecting path '" << path << "' since it hasn't been unveiled with 'x' permission.";
|
||||
return KResult(-EACCES);
|
||||
}
|
||||
} else {
|
||||
if (!(unveiled_path->permissions & UnveiledPath::Access::Read)) {
|
||||
dbg() << *current << " rejecting path '" << path << "' since it hasn't been unveiled with 'r' permission.";
|
||||
return KResult(-EACCES);
|
||||
}
|
||||
}
|
||||
return KSuccess;
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue