From 0513a17e81aa0b9e879a0bcaf0e8b7c9def4c846 Mon Sep 17 00:00:00 2001
From: LI Qing <geding.lq@antgroup.com>
Date: Tue, 2 Aug 2022 11:18:08 +0800
Subject: [PATCH] Skip the inode permission check if uid is root

---
 src/libos/src/fs/inode_file.rs | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/libos/src/fs/inode_file.rs b/src/libos/src/fs/inode_file.rs
index e2989c6c..81454ded 100644
--- a/src/libos/src/fs/inode_file.rs
+++ b/src/libos/src/fs/inode_file.rs
@@ -1,5 +1,6 @@
 use super::*;
 use crate::net::PollEventFlags;
+use crate::process::do_getuid;
 use rcore_fs::vfs::FallocateMode;
 use rcore_fs_sefs::dev::SefsMac;
 
@@ -409,12 +410,23 @@ impl INodeExt for dyn INode {
     }
 
     fn allow_write(&self) -> Result<bool> {
+        // TODO: Since Occlum does not support the capability,
+        //       just skip the permission check if uid is root.
+        if do_getuid().unwrap() == 0 {
+            return Ok(true);
+        }
+
         let info = self.metadata()?;
         let file_mode = FileMode::from_bits_truncate(info.mode);
         Ok(file_mode.is_writable())
     }
 
     fn allow_read(&self) -> Result<bool> {
+        // TODO: See the comments in allow_write
+        if do_getuid().unwrap() == 0 {
+            return Ok(true);
+        }
+
         let info = self.metadata()?;
         let file_mode = FileMode::from_bits_truncate(info.mode);
         Ok(file_mode.is_readable())