Kernel: Make VirtualFileSystem functions take credentials as input

Instead of getting credentials from Process::current(), we now require that they be provided as input to the various VFS functions. This ensures that an atomic set of credentials is used throughout an entire VFS operation.
lanmonster · Aug 21, 2022 · c3351d4 · c3351d4
1 parent 9744ded
commit c3351d4
Show file tree

Hide file tree

Showing 33 changed files with 159 additions and 165 deletions.
diff --git a/Kernel/Coredump.cpp b/Kernel/Coredump.cpp
@@ -62,19 +62,21 @@ Coredump::Coredump(NonnullLockRefPtr<Process> process, NonnullLockRefPtr<OpenFil
 ErrorOr<NonnullLockRefPtr<OpenFileDescription>> Coredump::try_create_target_file(Process const& process, StringView output_path)
 {
  auto output_directory = KLexicalPath::dirname(output_path);
- auto dump_directory = TRY(VirtualFileSystem::the().open_directory(output_directory, VirtualFileSystem::the().root_custody()));
+ auto dump_directory = TRY(VirtualFileSystem::the().open_directory(Process::current().credentials(), output_directory, VirtualFileSystem::the().root_custody()));
  auto dump_directory_metadata = dump_directory->inode().metadata();
  if (dump_directory_metadata.uid != 0 || dump_directory_metadata.gid != 0 || dump_directory_metadata.mode != 040777) {
  dbgln("Refusing to put coredump in sketchy directory '{}'", output_directory);
  return EINVAL;
  }
- auto credentials = process.credentials();
+
+ auto process_credentials = process.credentials();
  return TRY(VirtualFileSystem::the().open(
+ Process::current().credentials(),
  KLexicalPath::basename(output_path),
  O_CREAT | O_WRONLY | O_EXCL,
  S_IFREG, // We will enable reading from userspace when we finish generating the coredump file
  *dump_directory,
- UidAndGid { credentials->uid(), credentials->gid() }));
+ UidAndGid { process_credentials->uid(), process_credentials->gid() }));
 }
 
 ErrorOr<void> Coredump::write_elf_header()

diff --git a/Kernel/Credentials.cpp b/Kernel/Credentials.cpp
@@ -29,4 +29,9 @@ Credentials::Credentials(UserID uid, GroupID gid, UserID euid, GroupID egid, Use
 
 Credentials::~Credentials() = default;
 
+bool Credentials::in_group(Kernel::GroupID gid) const
+{
+ return m_gid == gid || m_extra_gids.contains_slow(gid);
+}
+
 }
diff --git a/Kernel/Credentials.h b/Kernel/Credentials.h
@@ -27,6 +27,8 @@ class Credentials final : public AtomicRefCounted<Credentials> {
  GroupID sgid() const { return m_sgid; }
  Span<GroupID const> extra_gids() const { return m_extra_gids.span(); }
 
+ bool in_group(GroupID) const;
+
 private:
  Credentials(UserID uid, GroupID gid, UserID euid, GroupID egid, UserID suid, GroupID sgid, FixedArray<GroupID> extra_gids);
 

diff --git a/Kernel/FileSystem/Inode.cpp b/Kernel/FileSystem/Inode.cpp
@@ -82,7 +82,7 @@ ErrorOr<NonnullRefPtr<Custody>> Inode::resolve_as_link(Custody& base, RefPtr<Cus
  // contents as a path and resolves that. That is, it
  // behaves exactly how you would expect a symlink to work.
  auto contents = TRY(read_entire());
- return VirtualFileSystem::the().resolve_path(StringView { contents->bytes() }, base, out_parent, options, symlink_recursion_level);
+ return VirtualFileSystem::the().resolve_path(Process::current().credentials(), StringView { contents->bytes() }, base, out_parent, options, symlink_recursion_level);
 }
 
 Inode::Inode(FileSystem& fs, InodeIndex index)

diff --git a/Kernel/FileSystem/InodeFile.cpp b/Kernel/FileSystem/InodeFile.cpp
@@ -119,14 +119,14 @@ ErrorOr<void> InodeFile::chown(OpenFileDescription& description, UserID uid, Gro
 {
  VERIFY(description.inode() == m_inode);
  VERIFY(description.custody());
- return VirtualFileSystem::the().chown(*description.custody(), uid, gid);
+ return VirtualFileSystem::the().chown(Process::current().credentials(), *description.custody(), uid, gid);
 }
 
 ErrorOr<void> InodeFile::chmod(OpenFileDescription& description, mode_t mode)
 {
  VERIFY(description.inode() == m_inode);
  VERIFY(description.custody());
- return VirtualFileSystem::the().chmod(*description.custody(), mode);
+ return VirtualFileSystem::the().chmod(Process::current().credentials(), *description.custody(), mode);
 }
 
 }
diff --git a/Kernel/FileSystem/InodeMetadata.cpp b/Kernel/FileSystem/InodeMetadata.cpp
@@ -9,22 +9,19 @@
 
 namespace Kernel {
 
-bool InodeMetadata::may_read(Process const& process) const
+bool InodeMetadata::may_read(Credentials const& credentials) const
 {
- auto credentials = process.credentials();
- return may_read(credentials->euid(), credentials->egid(), credentials->extra_gids());
+ return may_read(credentials.euid(), credentials.egid(), credentials.extra_gids());
 }
 
-bool InodeMetadata::may_write(Process const& process) const
+bool InodeMetadata::may_write(Credentials const& credentials) const
 {
- auto credentials = process.credentials();
- return may_write(credentials->euid(), credentials->egid(), credentials->extra_gids());
+ return may_write(credentials.euid(), credentials.egid(), credentials.extra_gids());
 }
 
-bool InodeMetadata::may_execute(Process const& process) const
+bool InodeMetadata::may_execute(Credentials const& credentials) const
 {
- auto credentials = process.credentials();
- return may_execute(credentials->euid(), credentials->egid(), credentials->extra_gids());
+ return may_execute(credentials.euid(), credentials.egid(), credentials.extra_gids());
 }
 
 }
diff --git a/Kernel/FileSystem/InodeMetadata.h b/Kernel/FileSystem/InodeMetadata.h
@@ -42,6 +42,10 @@ struct InodeMetadata {
  bool may_write(Process const&) const;
  bool may_execute(Process const&) const;
 
+ bool may_read(Credentials const&) const;
+ bool may_write(Credentials const&) const;
+ bool may_execute(Credentials const&) const;
+
  bool may_read(UserID u, GroupID g, Span<GroupID const> eg) const
  {
  if (u == 0)