--:Minify:--
local kernel = ...

local P    = kernel.vfs.P
local PERM = kernel.vfs.PERM

local RW_R_R    = P.OWNER_R + P.OWNER_W + P.GROUP_R + P.WORLD_R
local RWX_RX_RX = P.OWNER_R + P.OWNER_W + P.OWNER_X
                + P.GROUP_R + P.GROUP_X
                + P.WORLD_R + P.WORLD_X
local RW_R__    = P.OWNER_R + P.OWNER_W + P.GROUP_R
local RW____    = P.OWNER_R + P.OWNER_W
local RWXRWXRWX = PERM.RWXRWXRWX
local SUID_755  = PERM.SUID_755

local META_VERSION = 0x02
local rootDisk = kernel.disks["$"]

local function makeEntry(name, etype, owner, group, perms, cmeta)
    cmeta = cmeta or ""
    local plo = perms % 256
    local phi = math.floor(perms / 256) % 256
    local olo = (owner or 0) % 256
    local ohi = math.floor((owner or 0) / 256) % 256
    local glo = (group or 0) % 256
    local ghi = math.floor((group or 0) / 256) % 256
    return string.char(#name) .. name
         .. string.char(etype, olo, ohi, glo, ghi, plo, phi)
         .. string.char(#cmeta) .. cmeta
end

local REG = 0x00

local function mergeMeta(dir, entries)
    local diskDir = dir
    if diskDir:sub(1,1) == "/" then diskDir = diskDir:sub(2) end
    local metaPath = (diskDir == "" and ".meta" or diskDir .. "/.meta")

    local existing = {}
    local rok, rf = pcall(function() return rootDisk:open(metaPath, "r") end)
    if rok and rf then
        local raw = rf.read(65535)
        if rf.close then rf.close() end
        existing = (kernel.vfs._parseMetafile and kernel.vfs._parseMetafile(raw)) or {}
    end

    for _, e in ipairs(entries) do
        local name  = e[1]
        local etype = e[2] or REG
        local owner = e[3] or 0
        local group = e[4] or 0
        local perms = e[5] or RWX_RX_RX
        local cmeta = e[6] or ""
        existing[name] = {
            etype = etype,
            owner = owner,
            group = group,
            perms = perms,
            cmeta = cmeta,
        }
    end

    local data = string.char(META_VERSION)
    for name, m in pairs(existing) do
        data = data .. makeEntry(
            name,
            m.etype or REG,
            m.owner or 0,
            m.group or 0,
            m.perms or RWX_RX_RX,
            m.cmeta or ""
        )
    end

    local ok, err = pcall(function()
        local f = rootDisk:open(metaPath, "w")
        f.write(data)
        f.close()
    end)
    if not ok then
        kernel.log("permissions: failed to write " .. metaPath .. ": " .. tostring(err), "WARN", 8)
    end
end

if kernel.firstBoot then
    kernel.log("Seeding filesystem permissions...")

    mergeMeta("/", {
        {"bin",  REG, 0, 0, RWX_RX_RX},
        {"boot", REG, 0, 0, RWX_RX_RX},
        {"dev",  REG, 0, 0, RWXRWXRWX},
        {"etc",  REG, 0, 0, RWX_RX_RX},
        {"home", REG, 0, 0, RWX_RX_RX},
        {"lib",  REG, 0, 0, RWX_RX_RX},
        {"root", REG, 0, 0, RW____   },
        {"sbin", REG, 0, 0, RWX_RX_RX},
        {"tmp",  REG, 0, 0, RWXRWXRWX},
        {"usr",  REG, 0, 0, RWX_RX_RX},
        {"var",  REG, 0, 0, RWXRWXRWX},
        {"opt",  REG, 0, 0, RWX_RX_RX},
    })

    mergeMeta("/bin", {
        {"login",       REG, 0, 0, SUID_755 },
        {"su",          REG, 0, 0, SUID_755 },
        {"sudo",        REG, 0, 0, SUID_755 },
    })

    mergeMeta("/etc", {
        {"passwd", REG, 0, 0, RW_R_R   },
        {"shadow", REG, 0, 0, RW____   },
        {"pam.d",  REG, 0, 0, RW____   },
    })

    mergeMeta("/etc/pam.d", {
        {"secret", REG, 0, 0, RW____},
    })

    kernel.log("Filesystem permissions seeded.")
end