cap_primitives/fs/
set_permissions.rs

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
//! This defines `set_permissions`, the primary entrypoint to sandboxed
//! filesystem permissions modification.

#[cfg(racy_asserts)]
use crate::fs::{map_result, stat, stat_unchecked, FollowSymlinks, Metadata};
use crate::fs::{set_permissions_impl, set_symlink_permissions_impl, Permissions};
use std::path::Path;
use std::{fs, io};

/// Perform a `chmodat`-like operation, ensuring that the resolution of the
/// path never escapes the directory tree rooted at `start`.
#[cfg_attr(not(racy_asserts), allow(clippy::let_and_return))]
#[inline]
pub fn set_permissions(start: &fs::File, path: &Path, perm: Permissions) -> io::Result<()> {
    #[cfg(racy_asserts)]
    let perm_clone = perm.clone();

    #[cfg(racy_asserts)]
    let stat_before = stat(start, path, FollowSymlinks::Yes);

    // Call the underlying implementation.
    let result = set_permissions_impl(start, path, perm);

    #[cfg(racy_asserts)]
    let stat_after = stat_unchecked(start, path, FollowSymlinks::Yes);

    #[cfg(racy_asserts)]
    check_set_permissions(start, path, perm_clone, &stat_before, &result, &stat_after);

    result
}

/// Perform a `chmodat`-like operation, ensuring that the resolution of the
/// path never escapes the directory tree rooted at `start`, without following
/// symlinks.
#[cfg_attr(not(racy_asserts), allow(clippy::let_and_return))]
#[inline]
pub fn set_symlink_permissions(start: &fs::File, path: &Path, perm: Permissions) -> io::Result<()> {
    #[cfg(racy_asserts)]
    let perm_clone = perm.clone();

    #[cfg(racy_asserts)]
    let stat_before = stat(start, path, FollowSymlinks::No);

    // Call the underlying implementation.
    let result = set_symlink_permissions_impl(start, path, perm);

    #[cfg(racy_asserts)]
    let stat_after = stat_unchecked(start, path, FollowSymlinks::No);

    #[cfg(racy_asserts)]
    check_set_permissions(start, path, perm_clone, &stat_before, &result, &stat_after);

    result
}

#[cfg(racy_asserts)]
fn check_set_permissions(
    start: &fs::File,
    path: &Path,
    perm: Permissions,
    stat_before: &io::Result<Metadata>,
    result: &io::Result<()>,
    stat_after: &io::Result<Metadata>,
) {
    match (
        map_result(stat_before),
        map_result(result),
        map_result(stat_after),
    ) {
        (Ok(_), Ok(()), Ok(metadata)) => {
            assert_eq!(perm, metadata.permissions());
        }

        (Ok(metadata_before), Err(_), Ok(metadata_after)) => {
            assert_eq!(metadata_before.permissions(), metadata_after.permissions());
        }

        // TODO: Check error messages
        (Err(_), Err(_), Err(_)) => (),

        other => panic!(
            "inconsistent set_permissions checks: start='{:?}' path='{}':\n{:#?}",
            start,
            path.display(),
            other,
        ),
    }
}