RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 18:27:35 +00:00
Code Issues Activity Actions

Kernel: Make VirtualFileSystem functions take credentials as input

Browse source 
Instead of getting credentials from Process::current(), we now require
that they be provided as input to the various VFS functions.

This ensures that an atomic set of credentials is used throughout an
entire VFS operation.
This commit is contained in:
Andreas Kling 2022-08-21 16:02:24 +02:00
parent 9744dedb50
commit c3351d4b9f
33 changed files with 159 additions and 165 deletions
Download patch file Download diff file Expand all files Collapse all files

5
Kernel/Syscalls/mmap.cpp
View file

@ -105,15 +105,16 @@ ErrorOr<void> Process::validate_mmap_prot(int prot, bool map_stack, bool map_ano
ErrorOr<void> Process::validate_inode_mmap_prot(int prot, Inode const& inode, bool map_shared) const
{
auto credentials = this->credentials();
auto metadata = inode.metadata();
if ((prot & PROT_READ) && !metadata.may_read(*this))
if ((prot & PROT_READ) && !metadata.may_read(credentials))
return EACCES;
if (map_shared) {
// FIXME: What about readonly filesystem mounts? We cannot make a
// decision here without knowing the mount flags, so we would need to
// keep a Custody or something from mmap time.
if ((prot & PROT_WRITE) && !metadata.may_write(*this))
if ((prot & PROT_WRITE) && !metadata.may_write(credentials))
return EACCES;
if (auto shared_vmobject = inode.shared_vmobject()) {
if ((prot & PROT_EXEC) && shared_vmobject->writable_mappings())