From a835fa4792fa2afd84d7e27bd242add06763db72 Mon Sep 17 00:00:00 2001 From: dzwdz Date: Sun, 2 Oct 2022 15:49:24 +0200 Subject: user/libc: rework fs_whitelist; fix minor bugs --- src/user/lib/fs/misc.c | 81 +------------------------------- src/user/lib/fs/whitelist.c | 109 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 110 insertions(+), 80 deletions(-) create mode 100644 src/user/lib/fs/whitelist.c (limited to 'src/user') diff --git a/src/user/lib/fs/misc.c b/src/user/lib/fs/misc.c index 7a66b80..f660f6f 100644 --- a/src/user/lib/fs/misc.c +++ b/src/user/lib/fs/misc.c @@ -22,8 +22,7 @@ bool fork2_n_mount(const char *path) { } static int dir_seglen(const char *path) { - /* in human terms: - * if path contains /, return its position + 1 + /* if path contains /, return its position + 1 * otherwise, return strlen */ int len = 0; while (path[len]) { @@ -85,84 +84,6 @@ void fs_passthru(const char *prefix) { exit(0); } -void fs_whitelist(const char **list) { - const size_t buflen = 1024; - char *buf = malloc(buflen); - if (!buf) exit(1); - for (;;) { - struct ufs_request res; - handle_t reqh = _syscall_fs_wait(buf, buflen, &res); - if (reqh < 0) break; - - char *ipath = res.id; - size_t blen; - bool passthru, inject; - struct dirbuild db; - - switch (res.op) { - case VFSOP_OPEN: - passthru = false; - inject = false; - - for (const char **iter = list; *iter; iter++) { - size_t len = strlen(*iter); - bool ro = false; - if (len >= 3 && !memcmp(*iter + len - 3, ":ro", 3)) { - ro = true; - len -= 3; - } - if (len <= res.len && !memcmp(buf, *iter, len)) { - if (ro) res.flags |= OPEN_RO; - passthru = true; - break; - } - if (res.len < len && - buf[res.len - 1] == '/' && - !memcmp(buf, *iter, res.len)) - { - inject = true; - } - } - if (passthru) { - forward_open(reqh, buf, res.len, res.flags); - } else if (inject) { - // TODO all the inject points could be precomputed - ipath = malloc(res.len + 1); - memcpy(ipath, buf, res.len); - ipath[res.len] = '\0'; - _syscall_fs_respond(reqh, ipath, 0, 0); - } else { - _syscall_fs_respond(reqh, NULL, -1, 0); - } - break; - - case VFSOP_READ: - case VFSOP_GETSIZE: - blen = strlen(ipath); - char *target = res.op == VFSOP_READ ? buf : NULL; - dir_start(&db, res.offset, target, buflen); - for (const char **iter = list; *iter; iter++) { - // TODO could be precomputed too - size_t len = strlen(*iter); // inefficient, whatever - if (blen < len && !memcmp(ipath, *iter, blen)) - dir_appendl(&db, *iter + blen, dir_seglen(*iter + blen)); - } - _syscall_fs_respond(reqh, target, dir_finish(&db), 0); - break; - - case VFSOP_CLOSE: - free(ipath); - _syscall_fs_respond(reqh, NULL, 0, 0); - break; - - default: - _syscall_fs_respond(reqh, NULL, -1, 0); - break; - } - } - exit(0); -} - void fs_union(const char **list) { struct ufs_request res; diff --git a/src/user/lib/fs/whitelist.c b/src/user/lib/fs/whitelist.c new file mode 100644 index 0000000..676b36f --- /dev/null +++ b/src/user/lib/fs/whitelist.c @@ -0,0 +1,109 @@ +#include +#include +#include +#include +#include +#include + +static int dir_seglen2(const char *path, size_t len) { + /* returns the length of the first segment of the path, including the trailing / (if any). */ + for (size_t i = 0; i < len; i++) { + if (path[i] == '/') + return i + 1; + } + return len; +} + +/** @return the length of the path w/o suffixes */ +static size_t suffix_parse(const char *path, size_t len, bool *ro_ptr) { + bool ro = false; + if (len >= 3 && !memcmp(path + len - 3, ":ro", 3)) { + ro = true; + len -= 3; + } + if (ro_ptr) *ro_ptr = ro; + return len; +} + +/** Check if a path is a prefix of another path. */ +// TODO move to libc; tests +static bool prefix_match(const char *prefix, size_t plen, const char *full, size_t flen) { + if (flen < plen) return false; + if (flen == plen) + return memcmp(full, prefix, flen) == 0; + return plen >= 1 + && prefix[plen - 1] == '/' /* prefixes must point to one of the parent directories */ + && memcmp(full, prefix, plen) == 0; +} + +void fs_whitelist(const char **whitelist) { + const size_t buflen = 1024; + char *buf = malloc(buflen); + if (!buf) exit(1); + for (;;) { + struct ufs_request res; + handle_t reqh = _syscall_fs_wait(buf, buflen, &res); + if (reqh < 0) break; + + char *ipath = res.id; /* the path of the open()ed directory */ + + switch (res.op) { + case VFSOP_OPEN: { + bool passthru = false; + bool inject = false; + + for (const char **entry = whitelist; *entry; entry++) { + bool ro = false; + size_t entry_len = suffix_parse(*entry, strlen(*entry), &ro); + /* If *entry is a prefix of the opened path, pass the open() through. */ + if (prefix_match(*entry, entry_len, buf, res.len)) { + if (ro) res.flags |= OPEN_RO; + passthru = true; + break; + } + /* If the path is a prefix of *entry, we might need to inject a directory. */ + if (prefix_match(buf, res.len, *entry, entry_len)) { + inject = true; + } + } + if (passthru) { + forward_open(reqh, buf, res.len, res.flags); + } else if (inject) { + // TODO all the inject points could be precomputed + ipath = malloc(res.len + 1); + memcpy(ipath, buf, res.len); + ipath[res.len] = '\0'; + _syscall_fs_respond(reqh, ipath, 0, 0); + } else { + _syscall_fs_respond(reqh, NULL, -1, 0); + } + break; + } + case VFSOP_READ: + case VFSOP_GETSIZE: { + struct dirbuild db; + size_t ilen = strlen(ipath); + char *target = res.op == VFSOP_READ ? buf : NULL; + dir_start(&db, res.offset, target, buflen); + for (const char **entry = whitelist; *entry; entry++) { + // TODO could be precomputed too + size_t elen = suffix_parse(*entry, strlen(*entry), NULL); + if (ilen < elen && !memcmp(ipath, *entry, ilen)) + dir_appendl(&db, *entry + ilen, dir_seglen2(*entry + ilen, elen - ilen)); + } + _syscall_fs_respond(reqh, target, dir_finish(&db), 0); + break; + } + case VFSOP_CLOSE: { + free(ipath); + _syscall_fs_respond(reqh, NULL, 0, 0); + break; + } + default: { + _syscall_fs_respond(reqh, NULL, -1, 0); + break; + } + } + } + exit(0); +} -- cgit v1.2.3