chroot: enforce writeable policy decision

The writeable decision given in the policy will always override the decision made by the client. Fixes #2643
2024-12-21 22:47:50 +00:00 · 2018-02-15 10:56:52 +01:00 · 2018-02-15 10:56:52 +01:00 · 2e9a19d5b0
commit 2e9a19d5b0
parent 7bee21a4fd
2 changed files with 22 additions and 0 deletions
--- a/repos/os/src/server/chroot/README
+++ b/repos/os/src/server/chroot/README
@ -31,3 +31,7 @@ file system session from "X" would be rooted to the directory
 !   </route>
 !   ...
 ! </start>
+
+In addition, the 'chroot' component will intercept the 'writeable' session
+argument and only if its own policy allows it (i.e. the 'writeable' attribute
+is to 'yes') the child is permitted to create a writeable connection.
--- a/repos/os/src/server/chroot/component.cc
+++ b/repos/os/src/server/chroot/component.cc
@ -170,6 +170,24 @@ struct Chroot::Main
 		/* sacrifice the label to make space for the root argument */
 		Arg_string::remove_arg(new_args, "label");

+		/* enforce writeable policy decision */
+		{
+			enum { WRITEABLE_ARG_MAX_LEN = 4, };
+			char tmp[WRITEABLE_ARG_MAX_LEN];
+			Arg_string::find_arg(new_args, "writeable").string(tmp, sizeof(tmp), "no");
+
+			/* session argument */
+			bool const writeable_arg =
+				Arg_string::find_arg(new_args, "writeable").bool_value(false);
+
+			/* label-based session policy */
+			bool const writeable_policy =
+				policy.attribute_value("writeable", false);
+
+			bool const writeable = writeable_arg && writeable_policy;
+			Arg_string::set_arg(new_args, ARGS_MAX_LEN, "writeable", writeable);
+		}
+
 		Arg_string::set_arg_string(new_args, ARGS_MAX_LEN, "root", new_root);

 		Affinity affinity;