Kernel/vfs/acls.c

   1 /*
   2  * Acess Micro VFS
   3  */
   4 #include <common.h>
   5 #include "vfs.h"
   6 #include "vfs_int.h"
   7
   8 // === GLOBALS ===
   9 tVFS_ACL        gVFS_ACL_EveryoneRWX = { {1,-1}, {0,VFS_PERM_ALL} };
  10 tVFS_ACL        gVFS_ACL_EveryoneRW = { {1,-1}, {0,VFS_PERM_ALL^VFS_PERM_EXECUTE} };
  11 tVFS_ACL        gVFS_ACL_EveryoneRX = { {1,-1}, {0,VFS_PERM_READ|VFS_PERM_EXECUTE} };
  12 tVFS_ACL        gVFS_ACL_EveryoneRO = { {1,-1}, {0,VFS_PERM_READ} };
  13
  14 // === CODE ===
  15 /**
  16  * \fn int VFS_CheckACL(tVFS_Node *Node, Uint Permissions)
  17  * \brief Checks the permissions on a file
  18  */
  19 int VFS_CheckACL(tVFS_Node *Node, Uint Permissions)
  20 {
  21          int    i;
  22          int    uid = Threads_GetUID();
  23          int    gid = Threads_GetGID();
  24
  25         // Root can do anything
  26         if(uid == 0)    return 1;
  27
  28         // Root only file?, fast return
  29         if( Node->NumACLs == 0 )        return 0;
  30
  31         // Check Deny Permissions
  32         for(i=0;i<Node->NumACLs;i++)
  33         {
  34                 if(!Node->ACLs[i].Inv)  continue;       // Ignore ALLOWs
  35                 if(Node->ACLs[i].ID != -1)
  36                 {
  37                         if(!Node->ACLs[i].Group && Node->ACLs[i].ID != uid)     continue;
  38                         if(Node->ACLs[i].Group && Node->ACLs[i].ID != gid)      continue;
  39                 }
  40
  41                 if(Node->ACLs[i].Perms & Permissions)   return 0;
  42         }
  43
  44         // Check for allow permissions
  45         for(i=0;i<Node->NumACLs;i++)
  46         {
  47                 if(Node->ACLs[i].Inv)   continue;       // Ignore DENYs
  48                 if(Node->ACLs[i].ID != -1)
  49                 {
  50                         if(!Node->ACLs[i].Group && Node->ACLs[i].ID != uid)     continue;
  51                         if(Node->ACLs[i].Group && Node->ACLs[i].ID != gid)      continue;
  52                 }
  53
  54                 if((Node->ACLs[i].Perms & Permissions) == Permissions)  return 1;
  55         }
  56
  57         return 0;
  58 }
  59 /**
  60  * \fn int VFS_GetACL(int FD, tVFS_ACL *Dest)
  61  */
  62 int VFS_GetACL(int FD, tVFS_ACL *Dest)
  63 {
  64          int    i;
  65         tVFS_Handle     *h = VFS_GetHandle(FD);
  66
  67         ENTER("ph pDest", h, Dest);
  68
  69         // Error check
  70         if(!h) {
  71                 LEAVE('i', -1);
  72                 return -1;
  73         }
  74
  75         LOG("h->Node = %p", h->Node);
  76
  77         // Root can do anything
  78         if(Dest->Group == 0 && Dest->ID == 0) {
  79                 Dest->Inv = 0;
  80                 Dest->Perms = -1;
  81                 LEAVE('i', 1);
  82                 return 1;
  83         }
  84
  85         // Root only file?, fast return
  86         if( h->Node->NumACLs == 0 ) {
  87                 Dest->Inv = 0;
  88                 Dest->Perms = 0;
  89                 LEAVE('i', 0);
  90                 return 0;
  91         }
  92
  93         // Check Deny Permissions
  94         for(i=0;i<h->Node->NumACLs;i++)
  95         {
  96                 if(h->Node->ACLs[i].Group != Dest->Group)       continue;
  97                 if(h->Node->ACLs[i].ID != Dest->ID)     continue;
  98
  99                 Dest->Inv = h->Node->ACLs[i].Inv;
 100                 Dest->Perms = h->Node->ACLs[i].Perms;
 101                 LEAVE('i', 1);
 102                 return 1;
 103         }
 104
 105
 106         Dest->Inv = 0;
 107         Dest->Perms = 0;
 108         LEAVE('i', 0);
 109         return 0;
 110 }