| // Copyright 2014 The Chromium OS Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "brillo/file_utils.h" |
| |
| #include <fcntl.h> |
| #include <unistd.h> |
| |
| #include <base/files/file_path.h> |
| #include <base/files/file_util.h> |
| #include <base/files/scoped_file.h> |
| #include <base/logging.h> |
| #include <base/posix/eintr_wrapper.h> |
| |
| namespace brillo { |
| |
| namespace { |
| |
| enum { |
| kPermissions600 = S_IRUSR | S_IWUSR, |
| kPermissions777 = S_IRWXU | S_IRWXG | S_IRWXO |
| }; |
| |
| // Verify that base file permission enums are compatible with S_Ixxx. If these |
| // asserts ever fail, we'll need to ensure that users of these functions switch |
| // away from using base permission enums and add a note to the function comments |
| // indicating that base enums can not be used. |
| static_assert(base::FILE_PERMISSION_READ_BY_USER == S_IRUSR, |
| "base file permissions don't match unistd.h permissions"); |
| static_assert(base::FILE_PERMISSION_WRITE_BY_USER == S_IWUSR, |
| "base file permissions don't match unistd.h permissions"); |
| static_assert(base::FILE_PERMISSION_EXECUTE_BY_USER == S_IXUSR, |
| "base file permissions don't match unistd.h permissions"); |
| static_assert(base::FILE_PERMISSION_READ_BY_GROUP == S_IRGRP, |
| "base file permissions don't match unistd.h permissions"); |
| static_assert(base::FILE_PERMISSION_WRITE_BY_GROUP == S_IWGRP, |
| "base file permissions don't match unistd.h permissions"); |
| static_assert(base::FILE_PERMISSION_EXECUTE_BY_GROUP == S_IXGRP, |
| "base file permissions don't match unistd.h permissions"); |
| static_assert(base::FILE_PERMISSION_READ_BY_OTHERS == S_IROTH, |
| "base file permissions don't match unistd.h permissions"); |
| static_assert(base::FILE_PERMISSION_WRITE_BY_OTHERS == S_IWOTH, |
| "base file permissions don't match unistd.h permissions"); |
| static_assert(base::FILE_PERMISSION_EXECUTE_BY_OTHERS == S_IXOTH, |
| "base file permissions don't match unistd.h permissions"); |
| |
| enum RegularFileOrDeleteResult { |
| kFailure = 0, // Failed to delete whatever was at the path. |
| kRegularFile = 1, // Regular file existed and was unchanged. |
| kEmpty = 2 // Anything that was at the path has been deleted. |
| }; |
| |
| // Checks if a regular file owned by |uid| and |gid| exists at |path|, otherwise |
| // deletes anything that might be at |path|. Returns a RegularFileOrDeleteResult |
| // enum indicating what is at |path| after the function finishes. |
| RegularFileOrDeleteResult RegularFileOrDelete(const base::FilePath& path, |
| uid_t uid, |
| gid_t gid) { |
| // Check for symlinks by setting O_NOFOLLOW and checking for ELOOP. This lets |
| // us use the safer fstat() instead of having to use lstat(). |
| base::ScopedFD scoped_fd(HANDLE_EINTR(openat( |
| AT_FDCWD, path.value().c_str(), O_RDONLY | O_CLOEXEC | O_NOFOLLOW))); |
| bool path_not_empty = (errno == ELOOP || scoped_fd != -1); |
| |
| // If there is a file/directory at |path|, see if it matches our criteria. |
| if (scoped_fd != -1) { |
| struct stat file_stat; |
| if (fstat(scoped_fd.get(), &file_stat) != -1 && |
| S_ISREG(file_stat.st_mode) && file_stat.st_uid == uid && |
| file_stat.st_gid == gid) { |
| return kRegularFile; |
| } |
| } |
| |
| // If we get here and anything was at |path|, try to delete it so we can put |
| // our file there. |
| if (path_not_empty) { |
| if (!base::DeleteFile(path, true)) { |
| PLOG(WARNING) << "Failed to delete entity at \"" << path.value() << '"'; |
| return kFailure; |
| } |
| } |
| |
| return kEmpty; |
| } |
| |
| // Handles common touch functionality but also provides an optional |fd_out| |
| // so that any further modifications to the file (e.g. permissions) can safely |
| // use the fd rather than the path. |fd_out| will only be set if a new file |
| // is created, otherwise it will be unchanged. |
| // If |fd_out| is null, this function will close the file, otherwise it's |
| // expected that |fd_out| will close the file when it goes out of scope. |
| bool TouchFileInternal(const base::FilePath& path, |
| uid_t uid, |
| gid_t gid, |
| base::ScopedFD* fd_out) { |
| RegularFileOrDeleteResult result = RegularFileOrDelete(path, uid, gid); |
| switch (result) { |
| case kFailure: |
| return false; |
| case kRegularFile: |
| return true; |
| case kEmpty: |
| break; |
| } |
| |
| // base::CreateDirectory() returns true if the directory already existed. |
| if (!base::CreateDirectory(path.DirName())) { |
| PLOG(WARNING) << "Failed to create directory for \"" << path.value() << '"'; |
| return false; |
| } |
| |
| // Create the file as owner-only initially. |
| base::ScopedFD scoped_fd( |
| HANDLE_EINTR(openat(AT_FDCWD, |
| path.value().c_str(), |
| O_RDONLY | O_NOFOLLOW | O_CREAT | O_EXCL | O_CLOEXEC, |
| kPermissions600))); |
| if (scoped_fd == -1) { |
| PLOG(WARNING) << "Failed to create file \"" << path.value() << '"'; |
| return false; |
| } |
| |
| if (fd_out) { |
| fd_out->swap(scoped_fd); |
| } |
| return true; |
| } |
| |
| } // namespace |
| |
| bool TouchFile(const base::FilePath& path, |
| int new_file_permissions, |
| uid_t uid, |
| gid_t gid) { |
| // Make sure |permissions| doesn't have any out-of-range bits. |
| if (new_file_permissions & ~kPermissions777) { |
| LOG(WARNING) << "Illegal permissions: " << new_file_permissions; |
| return false; |
| } |
| |
| base::ScopedFD scoped_fd; |
| if (!TouchFileInternal(path, uid, gid, &scoped_fd)) { |
| return false; |
| } |
| |
| // scoped_fd is valid only if a new file was created. |
| if (scoped_fd != -1 && |
| HANDLE_EINTR(fchmod(scoped_fd.get(), new_file_permissions)) == -1) { |
| PLOG(WARNING) << "Failed to set permissions for \"" << path.value() << '"'; |
| base::DeleteFile(path, false); |
| return false; |
| } |
| |
| return true; |
| } |
| |
| bool TouchFile(const base::FilePath& path) { |
| // Use TouchFile() instead of TouchFileInternal() to explicitly set |
| // permissions to 600 in case umask is set strangely. |
| return TouchFile(path, kPermissions600, geteuid(), getegid()); |
| } |
| |
| } // namespace brillo |