Kernel: Allow unveiling subfolders regardless of parent's permissions

This fixes a bug where unveiling a subdirectory of an already unveiled
path would sometimes be allowed and sometimes not (depending on what
other unveil calls have been made).

Now, it is always allowed to unveil a subdirectory of an already
unveiled directory, even if it has higher permissions.

This removes the need for the permissions_inherited_from_root flag in
UnveilMetadata, so it has been removed.

Kernel/Process.h

@@ -629,7 +629,7 @@ private:
     RefPtr<Timer> m_alarm_timer;
 
     VeilState m_veil_state { VeilState::None };
-    UnveilNode m_unveiled_paths { "/", { .full_path = "/", .unveil_inherited_from_root = true } };
+    UnveilNode m_unveiled_paths { "/", { .full_path = "/" } };
 
     OwnPtr<PerformanceEventBuffer> m_perf_event_buffer;
 

Kernel/Syscalls/unveil.cpp

@@ -1,5 +1,6 @@
 /*
  * Copyright (c) 2018-2020, Andreas Kling <kling@serenityos.org>
+ * Copyright (c) 2021, Max Wipfli <mail@maxwipfli.ch>
  *
  * SPDX-License-Identifier: BSD-2-Clause
  */
@@ -90,14 +91,12 @@ KResultOr<int> Process::sys$unveil(Userspace<const Syscall::SC_unveil_params*> u
     auto it = lexical_path.parts().begin();
     auto& matching_node = m_unveiled_paths.traverse_until_last_accessible_node(it, lexical_path.parts().end());
     if (it.is_end()) {
-        auto old_permissions = matching_node.permissions();
+        // If the path has already been explicitly unveiled, do not allow elevating its permissions.
-        // Allow "elevating" the permissions when the permissions are inherited from root (/),
+        if (matching_node.was_explicitly_unveiled()) {
-        // as that would be the first time this path is unveiled.
+            if (new_permissions & ~matching_node.permissions())
-        if (old_permissions != UnveilAccess::None || !matching_node.permissions_inherited_from_root()) {
-            if (new_permissions & ~old_permissions)
                 return EPERM;
         }
-        matching_node.set_metadata({ matching_node.path(), (UnveilAccess)new_permissions, true, false });
+        matching_node.set_metadata({ matching_node.path(), (UnveilAccess)new_permissions, true });
         return 0;
     }
 
@@ -107,8 +106,9 @@ KResultOr<int> Process::sys$unveil(Userspace<const Syscall::SC_unveil_params*> u
         { new_unveiled_path, (UnveilAccess)new_permissions, true },
         [](auto& parent, auto& it) -> Optional<UnveilMetadata> {
             auto path = LexicalPath::join(parent.path(), *it).string();
-            return UnveilMetadata { path, parent.permissions(), false, parent.permissions_inherited_from_root() };
+            return UnveilMetadata { path, parent.permissions(), false };
         });
+
     VERIFY(m_veil_state != VeilState::Locked);
     m_veil_state = VeilState::Dropped;
     return 0;

Kernel/UnveilNode.h

@@ -27,13 +27,11 @@ struct UnveilMetadata {
     String full_path;
     UnveilAccess permissions { None };
     bool explicitly_unveiled { false };
-    bool unveil_inherited_from_root { false }; // true if permissions are inherited from the tree root (/).
 };
 
 struct UnveilNode final : public Trie<String, UnveilMetadata, Traits<String>, UnveilNode> {
     using Trie<String, UnveilMetadata, Traits<String>, UnveilNode>::Trie;
 
-    bool permissions_inherited_from_root() const { return this->metadata_value().unveil_inherited_from_root; }
     bool was_explicitly_unveiled() const { return this->metadata_value().explicitly_unveiled; }
     UnveilAccess permissions() const { return this->metadata_value().permissions; }
     const String& path() const { return this->metadata_value().full_path; }