1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
|
// Copyright 2014 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "brillo/file_utils.h"
#include <fcntl.h>
#include <unistd.h>
#include <base/files/file_path.h>
#include <base/files/file_util.h>
#include <base/files/scoped_file.h>
#include <base/logging.h>
#include <base/posix/eintr_wrapper.h>
namespace brillo {
namespace {
enum {
kPermissions600 = S_IRUSR | S_IWUSR,
kPermissions777 = S_IRWXU | S_IRWXG | S_IRWXO
};
// Verify that base file permission enums are compatible with S_Ixxx. If these
// asserts ever fail, we'll need to ensure that users of these functions switch
// away from using base permission enums and add a note to the function comments
// indicating that base enums can not be used.
static_assert(base::FILE_PERMISSION_READ_BY_USER == S_IRUSR,
"base file permissions don't match unistd.h permissions");
static_assert(base::FILE_PERMISSION_WRITE_BY_USER == S_IWUSR,
"base file permissions don't match unistd.h permissions");
static_assert(base::FILE_PERMISSION_EXECUTE_BY_USER == S_IXUSR,
"base file permissions don't match unistd.h permissions");
static_assert(base::FILE_PERMISSION_READ_BY_GROUP == S_IRGRP,
"base file permissions don't match unistd.h permissions");
static_assert(base::FILE_PERMISSION_WRITE_BY_GROUP == S_IWGRP,
"base file permissions don't match unistd.h permissions");
static_assert(base::FILE_PERMISSION_EXECUTE_BY_GROUP == S_IXGRP,
"base file permissions don't match unistd.h permissions");
static_assert(base::FILE_PERMISSION_READ_BY_OTHERS == S_IROTH,
"base file permissions don't match unistd.h permissions");
static_assert(base::FILE_PERMISSION_WRITE_BY_OTHERS == S_IWOTH,
"base file permissions don't match unistd.h permissions");
static_assert(base::FILE_PERMISSION_EXECUTE_BY_OTHERS == S_IXOTH,
"base file permissions don't match unistd.h permissions");
enum RegularFileOrDeleteResult {
kFailure = 0, // Failed to delete whatever was at the path.
kRegularFile = 1, // Regular file existed and was unchanged.
kEmpty = 2 // Anything that was at the path has been deleted.
};
// Checks if a regular file owned by |uid| and |gid| exists at |path|, otherwise
// deletes anything that might be at |path|. Returns a RegularFileOrDeleteResult
// enum indicating what is at |path| after the function finishes.
RegularFileOrDeleteResult RegularFileOrDelete(const base::FilePath& path,
uid_t uid,
gid_t gid) {
// Check for symlinks by setting O_NOFOLLOW and checking for ELOOP. This lets
// us use the safer fstat() instead of having to use lstat().
base::ScopedFD scoped_fd(HANDLE_EINTR(openat(
AT_FDCWD, path.value().c_str(), O_RDONLY | O_CLOEXEC | O_NOFOLLOW)));
bool path_not_empty = (errno == ELOOP || scoped_fd != -1);
// If there is a file/directory at |path|, see if it matches our criteria.
if (scoped_fd != -1) {
struct stat file_stat;
if (fstat(scoped_fd.get(), &file_stat) != -1 &&
S_ISREG(file_stat.st_mode) && file_stat.st_uid == uid &&
file_stat.st_gid == gid) {
return kRegularFile;
}
}
// If we get here and anything was at |path|, try to delete it so we can put
// our file there.
if (path_not_empty) {
if (!base::DeleteFile(path, true)) {
PLOG(WARNING) << "Failed to delete entity at \"" << path.value() << '"';
return kFailure;
}
}
return kEmpty;
}
// Handles common touch functionality but also provides an optional |fd_out|
// so that any further modifications to the file (e.g. permissions) can safely
// use the fd rather than the path. |fd_out| will only be set if a new file
// is created, otherwise it will be unchanged.
// If |fd_out| is null, this function will close the file, otherwise it's
// expected that |fd_out| will close the file when it goes out of scope.
bool TouchFileInternal(const base::FilePath& path,
uid_t uid,
gid_t gid,
base::ScopedFD* fd_out) {
RegularFileOrDeleteResult result = RegularFileOrDelete(path, uid, gid);
switch (result) {
case kFailure:
return false;
case kRegularFile:
return true;
case kEmpty:
break;
}
// base::CreateDirectory() returns true if the directory already existed.
if (!base::CreateDirectory(path.DirName())) {
PLOG(WARNING) << "Failed to create directory for \"" << path.value() << '"';
return false;
}
// Create the file as owner-only initially.
base::ScopedFD scoped_fd(
HANDLE_EINTR(openat(AT_FDCWD,
path.value().c_str(),
O_RDONLY | O_NOFOLLOW | O_CREAT | O_EXCL | O_CLOEXEC,
kPermissions600)));
if (scoped_fd == -1) {
PLOG(WARNING) << "Failed to create file \"" << path.value() << '"';
return false;
}
if (fd_out) {
fd_out->swap(scoped_fd);
}
return true;
}
} // namespace
bool TouchFile(const base::FilePath& path,
int new_file_permissions,
uid_t uid,
gid_t gid) {
// Make sure |permissions| doesn't have any out-of-range bits.
if (new_file_permissions & ~kPermissions777) {
LOG(WARNING) << "Illegal permissions: " << new_file_permissions;
return false;
}
base::ScopedFD scoped_fd;
if (!TouchFileInternal(path, uid, gid, &scoped_fd)) {
return false;
}
// scoped_fd is valid only if a new file was created.
if (scoped_fd != -1 &&
HANDLE_EINTR(fchmod(scoped_fd.get(), new_file_permissions)) == -1) {
PLOG(WARNING) << "Failed to set permissions for \"" << path.value() << '"';
base::DeleteFile(path, false);
return false;
}
return true;
}
bool TouchFile(const base::FilePath& path) {
// Use TouchFile() instead of TouchFileInternal() to explicitly set
// permissions to 600 in case umask is set strangely.
return TouchFile(path, kPermissions600, geteuid(), getegid());
}
} // namespace brillo
|
