forked from Hyperion/HyperionOS
143 lines
4.3 KiB
Plaintext
143 lines
4.3 KiB
Plaintext
-- :Minify:--
|
|
local kernel = ...
|
|
|
|
local P = kernel.vfs.P
|
|
local PERM = kernel.vfs.PERM
|
|
|
|
local RW_R_R = P.OWNER_R + P.OWNER_W + P.GROUP_R + P.WORLD_R
|
|
local RWX_RX_RX = P.OWNER_R + P.OWNER_W + P.OWNER_X
|
|
+ P.GROUP_R + P.GROUP_X
|
|
+ P.WORLD_R + P.WORLD_X
|
|
local RW_R__ = P.OWNER_R + P.OWNER_W + P.GROUP_R
|
|
local RW____ = P.OWNER_R + P.OWNER_W
|
|
local RWXRWXRWX = PERM.RWXRWXRWX
|
|
local SUID_755 = PERM.SUID_755
|
|
|
|
local META_VERSION = 0x01
|
|
local rootDisk = kernel.disks["$"]
|
|
|
|
local function makeEntry(name, etype, owner, group, perms, cmeta)
|
|
cmeta = cmeta or ""
|
|
local plo = perms % 256
|
|
local phi = math.floor(perms / 256) % 256
|
|
return string.char(#name) .. name
|
|
.. string.char(etype, owner, group, plo, phi)
|
|
.. string.char(#cmeta) .. cmeta
|
|
end
|
|
|
|
local function writeMeta(dir, entries)
|
|
local diskDir = dir
|
|
if diskDir:sub(1,1) == "/" then diskDir = diskDir:sub(2) end
|
|
local metaPath = (diskDir == "" and ".meta" or diskDir .. "/.meta")
|
|
|
|
local data = string.char(META_VERSION)
|
|
for _, e in ipairs(entries) do
|
|
data = data .. makeEntry(e[1], e[2] or 0x00, e[3], e[4], e[5], e[6])
|
|
end
|
|
|
|
local ok, err = pcall(function()
|
|
local f = rootDisk:open(metaPath, "w")
|
|
f.write(data)
|
|
f.close()
|
|
end)
|
|
if not ok then
|
|
kernel.log("permissions: failed to write " .. metaPath .. ": " .. tostring(err), "WARN", 8)
|
|
end
|
|
end
|
|
|
|
local REG = 0x00
|
|
|
|
if rootDisk:fileExists(".meta") then
|
|
kernel.log("Permissions already seeded, skipping.", "INFO")
|
|
else
|
|
kernel.log("Seeding filesystem permissions...", "INFO")
|
|
|
|
-- /
|
|
writeMeta("/", {
|
|
{"bin", REG, 0, 0, RWX_RX_RX},
|
|
{"boot", REG, 0, 0, RWX_RX_RX},
|
|
{"dev", REG, 0, 0, RWX_RX_RX},
|
|
{"etc", REG, 0, 0, RWX_RX_RX},
|
|
{"home", REG, 0, 0, RWX_RX_RX},
|
|
{"lib", REG, 0, 0, RWX_RX_RX},
|
|
{"root", REG, 0, 0, RW____ },
|
|
{"sbin", REG, 0, 0, RWX_RX_RX},
|
|
{"tmp", REG, 0, 0, RWXRWXRWX},
|
|
{"usr", REG, 0, 0, RWX_RX_RX},
|
|
{"var", REG, 0, 0, RWX_RX_RX},
|
|
})
|
|
|
|
-- /bin
|
|
writeMeta("/bin", {
|
|
{"cat", REG, 0, 0, RWX_RX_RX},
|
|
{"clear", REG, 0, 0, RWX_RX_RX},
|
|
{"echo", REG, 0, 0, RWX_RX_RX},
|
|
{"hfetch", REG, 0, 0, RWX_RX_RX},
|
|
{"hysh", REG, 0, 0, RWX_RX_RX},
|
|
{"hyshex", REG, 0, 0, RWX_RX_RX},
|
|
{"install", REG, 0, 0, RWX_RX_RX},
|
|
{"login", REG, 0, 0, SUID_755 },
|
|
{"ls", REG, 0, 0, RWX_RX_RX},
|
|
{"lua", REG, 0, 0, RWX_RX_RX},
|
|
{"luaold", REG, 0, 0, RWX_RX_RX},
|
|
{"mkdir", REG, 0, 0, RWX_RX_RX},
|
|
{"ps", REG, 0, 0, RWX_RX_RX},
|
|
{"pwd", REG, 0, 0, RWX_RX_RX},
|
|
{"spm", REG, 0, 0, RWX_RX_RX},
|
|
{"su", REG, 0, 0, SUID_755 },
|
|
{"sudo", REG, 0, 0, SUID_755 },
|
|
{"sysdump", REG, 0, 0, RWX_RX_RX},
|
|
{"whoami", REG, 0, 0, RWX_RX_RX},
|
|
{"yes", REG, 0, 0, RWX_RX_RX},
|
|
{"startup", REG, 0, 0, RWX_RX_RX},
|
|
{"ln", REG, 0, 0, RWX_RX_RX},
|
|
{"readlink", REG, 0, 0, RWX_RX_RX},
|
|
})
|
|
|
|
writeMeta("/bin/startup", {
|
|
{"test.lua", REG, 0, 0, RWX_RX_RX},
|
|
})
|
|
|
|
-- /etc
|
|
writeMeta("/etc", {
|
|
{"passwd", REG, 0, 0, RW_R_R},
|
|
{"shadow", REG, 0, 0, RW____},
|
|
{"pam.d", REG, 0, 0, RWX_RX_RX},
|
|
})
|
|
|
|
writeMeta("/etc/pam.d", {
|
|
{"secret", REG, 0, 0, RW____},
|
|
})
|
|
|
|
-- /sbin
|
|
writeMeta("/sbin", {
|
|
{"init.lua", REG, 0, 0, RWX_RX_RX},
|
|
})
|
|
|
|
-- /boot
|
|
writeMeta("/boot", {
|
|
{"kernel.lua", REG, 0, 0, RW_R_R },
|
|
{"boot.cfg", REG, 0, 0, RW_R_R },
|
|
{"safeboot.cfg", REG, 0, 0, RW_R_R },
|
|
{"fstab", REG, 0, 0, RW_R_R },
|
|
{"initfs", REG, 0, 0, RW_R_R },
|
|
{"cct", REG, 0, 0, RWX_RX_RX},
|
|
{"oc", REG, 0, 0, RWX_RX_RX},
|
|
})
|
|
|
|
-- /lib
|
|
writeMeta("/lib", {
|
|
{"sys", REG, 0, 0, RWX_RX_RX},
|
|
{"modules", REG, 0, 0, RWX_RX_RX},
|
|
{"crypto", REG, 0, 0, RWX_RX_RX},
|
|
{"store", REG, 0, 0, RWX_RX_RX},
|
|
{"snip", REG, 0, 0, RW_R_R },
|
|
{"io", REG, 0, 0, RW_R_R },
|
|
{"bit32", REG, 0, 0, RW_R_R },
|
|
})
|
|
|
|
kernel.log("Filesystem permissions seeded.", "INFO")
|
|
end
|
|
|
|
kernel.log("Permission module loaded.", "INFO")
|