source: rtems/cpukit/libcsupport/src/sup_fs_check_permissions.c @ 255fe43

Last change on this file since 255fe43 was 255fe43, checked in by Joel Sherrill <joel@…>, on 03/01/22 at 20:40:44

cpukit/: Scripted embedded brains header file clean up

Updates #4625.
  • Property mode set to 100644
File size: 2.6 KB
Line 
1/**
2 *  @file
3 *
4 *  @brief RTEMS File System Permissions Check Support
5 *  @ingroup LibIOInternal
6 */
7
8/*
9 * Copyright (c) 2012 embedded brains GmbH.  All rights reserved.
10 *
11 * The license and distribution terms for this file may be
12 * found in the file LICENSE in this distribution or at
13 * http://www.rtems.org/license/LICENSE.
14 */
15
16#ifdef HAVE_CONFIG_H
17#include "config.h"
18#endif
19
20#include <sys/stat.h>
21
22#include <rtems/libio_.h>
23
24#define RTEMS_FS_USR_SHIFT 6
25#define RTEMS_FS_GRP_SHIFT 3
26#define RTEMS_FS_OTH_SHIFT 0
27
28RTEMS_STATIC_ASSERT(
29  (RTEMS_FS_PERMS_READ << RTEMS_FS_USR_SHIFT) == S_IRUSR,
30  S_IRUSR
31);
32RTEMS_STATIC_ASSERT(
33  (RTEMS_FS_PERMS_READ << RTEMS_FS_GRP_SHIFT) == S_IRGRP,
34  S_IRGRP
35);
36RTEMS_STATIC_ASSERT(
37  (RTEMS_FS_PERMS_READ << RTEMS_FS_OTH_SHIFT) == S_IROTH,
38  S_IROTH
39);
40
41RTEMS_STATIC_ASSERT(
42  (RTEMS_FS_PERMS_WRITE << RTEMS_FS_USR_SHIFT) == S_IWUSR,
43  S_IWUSR
44);
45RTEMS_STATIC_ASSERT(
46  (RTEMS_FS_PERMS_WRITE << RTEMS_FS_GRP_SHIFT) == S_IWGRP,
47  S_IWGRP
48);
49RTEMS_STATIC_ASSERT(
50  (RTEMS_FS_PERMS_WRITE << RTEMS_FS_OTH_SHIFT) == S_IWOTH,
51  S_IWOTH
52);
53
54RTEMS_STATIC_ASSERT(
55  (RTEMS_FS_PERMS_EXEC << RTEMS_FS_USR_SHIFT) == S_IXUSR,
56  S_IXUSR
57);
58RTEMS_STATIC_ASSERT(
59  (RTEMS_FS_PERMS_EXEC << RTEMS_FS_GRP_SHIFT) == S_IXGRP,
60  S_IXGRP
61);
62RTEMS_STATIC_ASSERT(
63  (RTEMS_FS_PERMS_EXEC << RTEMS_FS_OTH_SHIFT) == S_IXOTH,
64  S_IXOTH
65);
66
67static bool equals_supplementary_group(
68  const rtems_user_env_t *uenv,
69  gid_t object_gid
70)
71{
72  size_t i;
73
74  for (i = 0; i < uenv->ngroups; ++i) {
75    if (uenv->groups[i] == object_gid) {
76      return true;
77    }
78  }
79
80  return false;
81}
82
83bool rtems_filesystem_check_access(
84  int flags,
85  mode_t object_mode,
86  uid_t object_uid,
87  gid_t object_gid
88)
89{
90  const rtems_user_env_t *uenv = rtems_current_user_env_get();
91  mode_t access_flags = flags & RTEMS_FS_PERMS_RWX;
92  uid_t task_uid = uenv->euid;
93
94  if (task_uid == 0 || task_uid == object_uid) {
95    access_flags <<= RTEMS_FS_USR_SHIFT;
96  } else {
97    gid_t task_gid = uenv->egid;
98
99    if (
100      task_gid == 0
101        || task_gid == object_gid
102        || equals_supplementary_group(uenv, object_gid)
103    ) {
104      access_flags <<= RTEMS_FS_GRP_SHIFT;
105    } else {
106      access_flags <<= RTEMS_FS_OTH_SHIFT;
107    }
108  }
109
110  return (access_flags & object_mode) == access_flags;
111}
112
113bool rtems_filesystem_eval_path_check_access(
114  rtems_filesystem_eval_path_context_t *ctx,
115  int eval_flags,
116  mode_t node_mode,
117  uid_t node_uid,
118  gid_t node_gid
119)
120{
121  bool access_ok = rtems_filesystem_check_access(
122    eval_flags,
123    node_mode,
124    node_uid,
125    node_gid
126  );
127
128  if (!access_ok) {
129    rtems_filesystem_eval_path_error(ctx, EACCES);
130  }
131
132  return access_ok;
133}
Note: See TracBrowser for help on using the repository browser.