general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix the access and faccessat system calls

Browse Source
This commit is contained in:
LI Qing 2020-04-29 05:18:01 +00:00 committed by Tate, Hongliang Tian
parent 6d27595195
commit 1dcabb09cd
6 changed files with 192 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
src/libos/src/fs/file_ops/access.rs
View File

@ -2,27 +2,37 @@ use super::*;
bitflags! { bitflags! {
pub struct AccessibilityCheckMode : u32 { pub struct AccessibilityCheckMode : u32 {
/// F_OK = 0, test for the existence of the file
/// X_OK, test for execute permission
const X_OK = 1; const X_OK = 1;
/// W_OK, test for write permission
const W_OK = 2; const W_OK = 2;
/// R_OK, test for read permission
const R_OK = 4; const R_OK = 4;
} }
} }
impl AccessibilityCheckMode { impl AccessibilityCheckMode {
pub fn from_u32(bits: u32) -> Result<AccessibilityCheckMode> { pub fn from_u32(bits: u32) -> Result<Self> {
AccessibilityCheckMode::from_bits(bits).ok_or_else(|| errno!(EINVAL, "invalid mode")) AccessibilityCheckMode::from_bits(bits).ok_or_else(|| errno!(EINVAL, "invalid mode"))
} }
pub fn test_for_exist(&self) -> bool {
self.bits == 0
}
} }
bitflags! { bitflags! {
pub struct AccessibilityCheckFlags : u32 { pub struct AccessibilityCheckFlags : u32 {
/// If path is a symbolic link, do not dereference it
const AT_SYMLINK_NOFOLLOW = 0x100; const AT_SYMLINK_NOFOLLOW = 0x100;
/// Perform access checks using the effective user and group IDs
const AT_EACCESS = 0x200; const AT_EACCESS = 0x200;
} }
} }
impl AccessibilityCheckFlags { impl AccessibilityCheckFlags {
pub fn from_u32(bits: u32) -> Result<AccessibilityCheckFlags> { pub fn from_u32(bits: u32) -> Result<Self> {
AccessibilityCheckFlags::from_bits(bits).ok_or_else(|| errno!(EINVAL, "invalid flags")) AccessibilityCheckFlags::from_bits(bits).ok_or_else(|| errno!(EINVAL, "invalid flags"))
} }
} }
@ -37,21 +47,36 @@ pub fn do_faccessat(
"faccessat: dirfd: {:?}, path: {:?}, mode: {:?}, flags: {:?}", "faccessat: dirfd: {:?}, path: {:?}, mode: {:?}, flags: {:?}",
dirfd, path, mode, flags dirfd, path, mode, flags
); );
match dirfd { if Path::new(path).is_absolute() {
// TODO: handle dirfd // Path is absolute, so dirfd is ignored
DirFd::Fd(dirfd) => return_errno!(ENOSYS, "cannot accept dirfd"), return Ok(do_access(path, mode)?);
DirFd::Cwd => do_access(path, mode),
} }
let path = match dirfd {
DirFd::Fd(dirfd) => {
let dir_path = get_dir_path(dirfd)?;
dir_path + "/" + path
}
DirFd::Cwd => path.to_owned(),
};
do_access(&path, mode)
} }
pub fn do_access(path: &str, mode: AccessibilityCheckMode) -> Result<()> { fn do_access(path: &str, mode: AccessibilityCheckMode) -> Result<()> {
debug!("access: path: {:?}, mode: {:?}", path, mode);
let inode = { let inode = {
let current = current!(); let current = current!();
let fs = current.fs().lock().unwrap(); let fs = current.fs().lock().unwrap();
fs.lookup_inode(path)? fs.lookup_inode(path)?
}; };
//let metadata = inode.get_metadata(); if mode.test_for_exist() {
// TODO: check metadata.mode with mode return Ok(());
}
// Check the permissions of file owner
let owner_file_mode = {
let metadata = inode.metadata()?;
AccessibilityCheckMode::from_u32((metadata.mode >> 6) as u32 & 0b111)?
};
if !owner_file_mode.contains(mode) {
return_errno!(EACCES, "the requested access is denied");
}
Ok(()) Ok(())
} }

2
src/libos/src/fs/file_ops/mod.rs
View File

@ -2,7 +2,7 @@ use super::dev_fs::{DevNull, DevRandom, DevSgx, DevZero};
use super::*; use super::*;
use process::Process; use process::Process;
pub use self::access::{do_access, do_faccessat, AccessibilityCheckFlags, AccessibilityCheckMode}; pub use self::access::{do_faccessat, AccessibilityCheckFlags, AccessibilityCheckMode};
pub use self::chmod::{do_chmod, do_fchmod, FileMode}; pub use self::chmod::{do_chmod, do_fchmod, FileMode};
pub use self::chown::{do_chown, do_fchown, do_lchown}; pub use self::chown::{do_chown, do_fchown, do_lchown};
pub use self::close::do_close; pub use self::close::do_close;

3
src/libos/src/fs/syscalls.rs
View File

@ -197,7 +197,8 @@ pub fn do_access(path: *const i8, mode: u32) -> Result<isize> {
.to_string_lossy() .to_string_lossy()
.into_owned(); .into_owned();
let mode = AccessibilityCheckMode::from_u32(mode)?; let mode = AccessibilityCheckMode::from_u32(mode)?;
file_ops::do_access(&path, mode).map(|_| 0) let flags = AccessibilityCheckFlags::empty();
file_ops::do_faccessat(DirFd::Cwd, &path, mode, flags).map(|_| 0)
} }
pub fn do_faccessat(dirfd: i32, path: *const i8, mode: u32, flags: u32) -> Result<isize> { pub fn do_faccessat(dirfd: i32, path: *const i8, mode: u32, flags: u32) -> Result<isize> {

2
test/Makefile
View File

@ -14,7 +14,7 @@ TEST_DEPS := client data_sink
TESTS ?= empty env hello_world malloc mmap file fs_perms getpid spawn sched pipe time \ TESTS ?= empty env hello_world malloc mmap file fs_perms getpid spawn sched pipe time \
truncate readdir mkdir open stat link symlink chmod chown tls pthread uname rlimit \ truncate readdir mkdir open stat link symlink chmod chown tls pthread uname rlimit \
server server_epoll unix_socket cout hostfs cpuid rdtsc device sleep exit_group \ server server_epoll unix_socket cout hostfs cpuid rdtsc device sleep exit_group \
ioctl fcntl eventfd emulate_syscall ioctl fcntl eventfd emulate_syscall access
# Benchmarks: need to be compiled and run by bench-% target # Benchmarks: need to be compiled and run by bench-% target
BENCHES := spawn_and_exit_latency pipe_throughput unix_socket_throughput BENCHES := spawn_and_exit_latency pipe_throughput unix_socket_throughput

5
test/access/Makefile Normal file
View File

@ -0,0 +1,5 @@
include ../test_common.mk
EXTRA_C_FLAGS :=
EXTRA_LINK_FLAGS :=
BIN_ARGS :=

148
test/access/main.c Normal file
View File

@ -0,0 +1,148 @@
#include <sys/stat.h>
#include <errno.h>
#include <fcntl.h>
#include <libgen.h>
#include <unistd.h>
#include <stdio.h>
#include "test.h"
// ============================================================================
// Helper function
// ============================================================================
static int create_file(const char *file_path, mode_t mode) {
int flags = O_RDONLY | O_CREAT| O_TRUNC;
int fd;
fd = open(file_path, flags, mode);
if (fd < 0) {
THROW_ERROR("failed to create a file");
}
close(fd);
return 0;
}
static int remove_file(const char *file_path) {
int ret;
ret = unlink(file_path);
if (ret < 0) {
THROW_ERROR("failed to unlink the created file");
}
return 0;
}
// ============================================================================
// Test cases for access
// ============================================================================
static int __test_access(const char *file_path) {
if (access(file_path, F_OK) < 0) {
THROW_ERROR("failed to access file with F_OK");
}
if (access(file_path, R_OK | W_OK) < 0) {
THROW_ERROR("failed to access file");
}
if (access(file_path, R_OK | W_OK | X_OK) >= 0 || errno != EACCES) {
THROW_ERROR("failed to access file with X_OK");
}
if (access(file_path, 0xF) >= 0 || errno != EINVAL) {
THROW_ERROR("failed to access file with invalid mode");
}
if (remove_file(file_path) < 0) {
return -1;
}
if (access(file_path, F_OK) >= 0 || errno != ENOENT) {
THROW_ERROR("failed to access file after unlink");
}
return 0;
}
static int __test_faccessat_with_abs_path(const char *file_path) {
if (faccessat(AT_FDCWD, file_path, F_OK, 0) < 0) {
THROW_ERROR("failed to faccessat file with abs path");
}
if (remove_file(file_path) < 0) {
return -1;
}
if (faccessat(AT_FDCWD, file_path, F_OK, 0) >= 0 || errno != ENOENT) {
THROW_ERROR("failed to faccessat file after unlink");
}
return 0;
}
static int __test_faccessat_with_dirfd(const char *file_path) {
char dir_buf[128] = { 0 };
char base_buf[128] = { 0 };
char *dir_name, *file_name;
int dirfd, ret;
ret = snprintf(dir_buf, sizeof(dir_buf), "%s", file_path);
if (ret >= sizeof(dir_buf) || ret < 0) {
THROW_ERROR("failed to copy file path to the dir buffer");
}
ret = snprintf(base_buf, sizeof(base_buf), "%s", file_path);
if (ret >= sizeof(base_buf) || ret < 0) {
THROW_ERROR("failed to copy file path to the base buffer");
}
dir_name = dirname(dir_buf);
file_name = basename(base_buf);
dirfd = open(dir_name, O_RDONLY);
if (dirfd < 0) {
THROW_ERROR("failed to open dir");
}
if (faccessat(dirfd, file_name, F_OK, 0) < 0) {
close(dirfd);
THROW_ERROR("failed to faccessat file with dirfd");
}
if (remove_file(file_path) < 0) {
close(dirfd);
return -1;
}
if (faccessat(dirfd, file_name, F_OK, 0) >= 0 || errno != ENOENT) {
close(dirfd);
THROW_ERROR("failed to faccessat file after unlink");
}
close(dirfd);
return 0;
}
typedef int(*test_access_func_t)(const char *);
static int test_access_framework(test_access_func_t fn) {
const char *file_path = "/root/test_filesystem_access.txt";
mode_t mode = 00666;
if (create_file(file_path, mode) < 0) {
return -1;
}
if (fn(file_path) < 0)
return -1;
return 0;
}
static int test_access() {
return test_access_framework(__test_access);
}
static int test_faccessat_with_abs_path() {
return test_access_framework(__test_faccessat_with_abs_path);
}
static int test_faccessat_with_dirfd() {
return test_access_framework(__test_faccessat_with_dirfd);
}
// ============================================================================
// Test suite main
// ============================================================================
static test_case_t test_cases[] = {
TEST_CASE(test_access),
TEST_CASE(test_faccessat_with_abs_path),
TEST_CASE(test_faccessat_with_dirfd),
};
int main(int argc, const char *argv[]) {
return test_suite_run(test_cases, ARRAY_SIZE(test_cases));
}