diff --git a/headers/private/fs_shell/fssh_api_wrapper.h b/headers/private/fs_shell/fssh_api_wrapper.h index f445fbaaf2..6a9e601ffa 100644 --- a/headers/private/fs_shell/fssh_api_wrapper.h +++ b/headers/private/fs_shell/fssh_api_wrapper.h @@ -938,6 +938,7 @@ #define unremove_vnode fssh_unremove_vnode #define get_vnode_removed fssh_get_vnode_removed #define volume_for_vnode fssh_volume_for_vnode +#define check_access_permissions fssh_check_access_permissions #define read_pages fssh_read_pages #define write_pages fssh_write_pages #define read_file_io_vec_pages fssh_read_file_io_vec_pages diff --git a/headers/private/fs_shell/fssh_fs_interface.h b/headers/private/fs_shell/fssh_fs_interface.h index 6a0fdd0a2b..48dfce0545 100644 --- a/headers/private/fs_shell/fssh_fs_interface.h +++ b/headers/private/fs_shell/fssh_fs_interface.h @@ -361,7 +361,9 @@ extern fssh_status_t fssh_unremove_vnode(fssh_fs_volume *volume, extern fssh_status_t fssh_get_vnode_removed(fssh_fs_volume *volume, fssh_vnode_id vnodeID, bool* removed); extern fssh_fs_volume* fssh_volume_for_vnode(fssh_fs_vnode *vnode); - +extern fssh_status_t fssh_check_access_permissions(int accessMode, + fssh_mode_t mode, fssh_gid_t nodeGroupID, + fssh_uid_t nodeUserID); extern fssh_status_t fssh_read_pages(int fd, fssh_off_t pos, const struct fssh_iovec *vecs, fssh_size_t count, diff --git a/src/tools/fs_shell/vfs.cpp b/src/tools/fs_shell/vfs.cpp index 55a37b5dd4..9308a351da 100644 --- a/src/tools/fs_shell/vfs.cpp +++ b/src/tools/fs_shell/vfs.cpp @@ -2128,6 +2128,42 @@ fssh_volume_for_vnode(fssh_fs_vnode *_vnode) } +extern "C" fssh_status_t +fssh_check_access_permissions(int accessMode, fssh_mode_t mode, + fssh_gid_t nodeGroupID, fssh_uid_t nodeUserID) +{ + // get node permissions + int userPermissions = (mode & FSSH_S_IRWXU) >> 6; + int groupPermissions = (mode & FSSH_S_IRWXG) >> 3; + int otherPermissions = mode & FSSH_S_IRWXO; + + // get the node permissions for this uid/gid + int permissions = 0; + fssh_uid_t uid = fssh_geteuid(); + + if (uid == 0) { + // user is root + // root has always read/write permission, but at least one of the + // X bits must be set for execute permission + permissions = userPermissions | groupPermissions | otherPermissions + | FSSH_S_IROTH | FSSH_S_IWOTH; + if (FSSH_S_ISDIR(mode)) + permissions |= FSSH_S_IXOTH; + } else if (uid == nodeUserID) { + // user is node owner + permissions = userPermissions; + } else if (fssh_getegid() == nodeGroupID) { + // user is in owning group + permissions = groupPermissions; + } else { + // user is one of the others + permissions = otherPermissions; + } + + return (accessMode & ~permissions) == 0 ? FSSH_B_OK : FSSH_B_NOT_ALLOWED; +} + + //! Works directly on the host's file system extern "C" fssh_status_t fssh_read_pages(int fd, fssh_off_t pos, const fssh_iovec *vecs,