--:Minify:-- local kernel = ... local bit32 = require("bit32") local bor = bit32.bor local lshift = bit32.lshift -- bit 0 = everyone-write, bit 1 = everyone-read -- bit 2 = group-write, bit 3 = group-read -- bit 4 = owner-write, bit 5 = owner-read -- bit 6 = suid local P_OWNER_R = lshift(1, 5) local P_OWNER_W = lshift(1, 4) local P_GROUP_R = lshift(1, 3) local P_GROUP_W = lshift(1, 2) local P_WORLD_R = lshift(1, 1) local P_WORLD_W = lshift(1, 0) local P_SUID = lshift(1, 6) local RW_R_R = bor(P_OWNER_R, P_OWNER_W, P_GROUP_R, P_WORLD_R) -- 644 / rw-r--r-- local RWX_R_R = bor(P_OWNER_R, P_OWNER_W, P_GROUP_R, P_WORLD_R) -- 755 / rwxr--r-- local RW_R__ = bor(P_OWNER_R, P_OWNER_W, P_GROUP_R) -- 640 / rw-r----- local RW____ = bor(P_OWNER_R, P_OWNER_W) -- 600 / rw------- local SUID_755 = bor(P_SUID, P_OWNER_R, P_OWNER_W, P_GROUP_R, P_WORLD_R) -- 4755 local function metaEntry(name, owner, group, perms) return string.char(#name) .. name .. string.char(owner, group, perms) .. string.char(0) end local rootDisk = kernel.disks["$"] local function writeMeta(dir, entries) local diskDir = dir == "/" and "/" or dir local path = (diskDir:sub(-1) == "/" and diskDir or diskDir .. "/") .. ".meta" if path:sub(1,1) == "/" then path = path:sub(2) end if path == "" then path = ".meta" end local data = "" for _, e in ipairs(entries) do data = data .. metaEntry(e[1], e[2], e[3], e[4]) end local ok, err = pcall(function() local f = rootDisk:open(path, "w") f.write(data) f.close() end) if not ok then kernel.log("permissions: failed to write /" .. path .. ": " .. tostring(err), "WARN", 8) end end if rootDisk:fileExists(".meta") then kernel.log("Permissions already seeded, skipping.", "INFO") else kernel.log("Seeding filesystem permissions...", "INFO") writeMeta("/", { {"bin", 0, 0, RWX_R_R}, {"boot", 0, 0, RWX_R_R}, {"dev", 0, 0, RWX_R_R}, {"etc", 0, 0, RWX_R_R}, {"home", 0, 0, RWX_R_R}, {"lib", 0, 0, RWX_R_R}, {"root", 0, 0, RW____ }, {"sbin", 0, 0, RWX_R_R}, {"tmp", 0, 0, bor(P_OWNER_R, P_OWNER_W, P_GROUP_R, P_GROUP_W, P_WORLD_R, P_WORLD_W)}, {"usr", 0, 0, RWX_R_R}, {"var", 0, 0, RWX_R_R}, }) writeMeta("/bin", { {"cat", 0, 0, RWX_R_R}, {"clear", 0, 0, RWX_R_R}, {"echo", 0, 0, RWX_R_R}, {"hfetch", 0, 0, RWX_R_R}, {"hysh", 0, 0, RWX_R_R}, {"hyshex", 0, 0, RWX_R_R}, {"install", 0, 0, RWX_R_R}, {"login", 0, 0, SUID_755}, {"ls", 0, 0, RWX_R_R}, {"lua", 0, 0, RWX_R_R}, {"luaold", 0, 0, RWX_R_R}, {"mkdir", 0, 0, RWX_R_R}, {"ps", 0, 0, RWX_R_R}, {"pwd", 0, 0, RWX_R_R}, {"spm", 0, 0, RWX_R_R}, {"su", 0, 0, SUID_755}, {"sudo", 0, 0, SUID_755}, {"sysdump", 0, 0, RWX_R_R}, {"whoami", 0, 0, RWX_R_R}, {"yes", 0, 0, RWX_R_R}, {"startup", 0, 0, RWX_R_R}, }) writeMeta("/bin/startup", { {"test.lua", 0, 0, RWX_R_R}, }) writeMeta("/etc", { {"passwd", 0, 0, RW_R_R}, {"shadow", 0, 0, RW____ }, {"pam.d", 0, 0, RWX_R_R}, }) writeMeta("/etc/pam.d", { {"secret", 0, 0, RW____}, }) writeMeta("/sbin", { {"init.lua", 0, 0, RWX_R_R}, }) writeMeta("/boot", { {"kernel.lua", 0, 0, RW_R_R}, {"boot.cfg", 0, 0, RW_R_R}, {"safeboot.cfg", 0, 0, RW_R_R}, {"fstab", 0, 0, RW_R_R}, {"initfs", 0, 0, RW_R_R}, {"cct", 0, 0, RWX_R_R}, {"oc", 0, 0, RWX_R_R}, }) writeMeta("/lib", { {"sys", 0, 0, RWX_R_R}, {"modules", 0, 0, RWX_R_R}, {"crypto", 0, 0, RWX_R_R}, {"store", 0, 0, RWX_R_R}, {"snip", 0, 0, RW_R_R}, {"io", 0, 0, RW_R_R}, {"bit32", 0, 0, RW_R_R}, }) kernel.log("Filesystem permissions seeded.", "INFO") end -- TODO: move this to vfs.kmod local _orig_open = kernel.vfs.open kernel.vfs.open = function(path, mode) local fd = _orig_open(path, mode) if mode == "r" then local task = kernel.currentTask local fobj = task.fd[fd] if fobj and fobj.meta then local suid_set = bit32.extract(fobj.meta.perms, 6) == 1 if suid_set then fobj.suid_owner = fobj.meta.owner end end end return fd end kernel.syscalls["fget_suid"] = function(fd) local task = kernel.currentTask local fobj = task and task.fd[fd] if fobj and fobj.suid_owner then return fobj.suid_owner end return nil end kernel.log("Permission module loaded.", "INFO")