Kernel/vfs/acls.c

   1 /*
   2  * Acess Micro VFS
   3  */
   4 #include <common.h>
   5 #include "vfs.h"
   6 #include "vfs_int.h"
   7
   8 // === GLOBALS ===
   9 tVFS_ACL        gVFS_ACL_EveryoneRWX = { {1,-1}, {0,VFS_PERM_ALL} };
  10 tVFS_ACL        gVFS_ACL_EveryoneRW = { {1,-1}, {0,VFS_PERM_ALL^VFS_PERM_EXECUTE} };
  11 tVFS_ACL        gVFS_ACL_EveryoneRX = { {1,-1}, {0,VFS_PERM_READ|VFS_PERM_EXECUTE} };
  12 tVFS_ACL        gVFS_ACL_EveryoneRO = { {1,-1}, {0,VFS_PERM_READ} };
  13
  14 // === CODE ===
  15 /**
  16  * \fn int VFS_CheckACL(tVFS_Node *Node, Uint Permissions)
  17  * \brief Checks the permissions on a file
  18  */
  19 int VFS_CheckACL(tVFS_Node *Node, Uint Permissions)
  20 {
  21          int    i;
  22          int    uid = Threads_GetUID();
  23          int    gid = Threads_GetGID();
  24
  25         // Root can do anything
  26         if(uid == 0)    return 1;
  27
  28         // Root only file?, fast return
  29         if( Node->NumACLs == 0 )        return 0;
  30
  31         // Check Deny Permissions
  32         for(i=0;i<Node->NumACLs;i++)
  33         {
  34                 if(!Node->ACLs[i].Inv)  continue;       // Ignore ALLOWs
  35                 if(Node->ACLs[i].ID != -1)
  36                 {
  37                         if(!Node->ACLs[i].Group && Node->ACLs[i].ID != uid)     continue;
  38                         if(Node->ACLs[i].Group && Node->ACLs[i].ID != gid)      continue;
  39                 }
  40
  41                 if(Node->ACLs[i].Perms & Permissions)   return 0;
  42         }
  43
  44         // Check for allow permissions
  45         for(i=0;i<Node->NumACLs;i++)
  46         {
  47                 if(Node->ACLs[i].Inv)   continue;       // Ignore DENYs
  48                 if(Node->ACLs[i].ID != -1)
  49                 {
  50                         if(!Node->ACLs[i].Group && Node->ACLs[i].ID != uid)     continue;
  51                         if(Node->ACLs[i].Group && Node->ACLs[i].ID != gid)      continue;
  52                 }
  53
  54                 if((Node->ACLs[i].Perms & Permissions) == Permissions)  return 1;
  55         }
  56
  57         return 0;
  58 }
  59 /**
  60  * \fn int VFS_GetACL(int FD, tVFS_ACL *Dest)
  61  */
  62 int VFS_GetACL(int FD, tVFS_ACL *Dest)
  63 {
  64          int    i;
  65         tVFS_Handle     *h = VFS_GetHandle(FD);
  66
  67         // Error check
  68         if(!h)  return -1;
  69
  70         // Root can do anything
  71         if(Dest->Group == 0 && Dest->ID == 0) {
  72                 Dest->Inv = 0;
  73                 Dest->Perms = -1;
  74                 return 1;
  75         }
  76
  77         // Root only file?, fast return
  78         if( h->Node->NumACLs == 0 ) {
  79                 Dest->Inv = 0;
  80                 Dest->Perms = 0;
  81                 return 0;
  82         }
  83
  84         // Check Deny Permissions
  85         for(i=0;i<h->Node->NumACLs;i++)
  86         {
  87                 if(h->Node->ACLs[i].Group != Dest->Group)       continue;
  88                 if(h->Node->ACLs[i].ID != Dest->ID)     continue;
  89
  90                 Dest->Inv = h->Node->ACLs[i].Inv;
  91                 Dest->Perms = h->Node->ACLs[i].Perms;
  92                 return 1;
  93         }
  94
  95
  96         Dest->Inv = 0;
  97         Dest->Perms = 0;
  98         return 0;
  99 }