Add a way to initialize libpreopen.

sunfishcode · sunfishcode · commit fa4134efa28e · 2019-03-22T15:42:14.000-07:00
Revamp the libpreopen code so that we have a way to properly initialize
it and add some basic rights-checking code.
diff --git a/expected/wasm32-wasi/defined-symbols.txt b/expected/wasm32-wasi/defined-symbols.txt
@@ -242,6 +242,7 @@ __unlist_locked_file
 __uselocale
 __utc
 __wasilibc_fd_renumber
+__wasilibc_init_preopen
 __wasilibc_register_preopened_fd
 __wasilibc_rmdirat
 __wasilibc_rmfileat
diff --git a/libc-bottom-half/cloudlibc/src/common/errno.h b/libc-bottom-half/cloudlibc/src/common/errno.h
@@ -7,6 +7,7 @@
 
 #include <wasi/core.h>
 
+#ifdef __wasilibc_unmodified_upstream
 // Translates ENOTCAPABLE to ENOTDIR if not a directory.
 static inline __wasi_errno_t errno_fixup_directory(__wasi_fd_t fd,
                                                      __wasi_errno_t error) {
@@ -18,6 +19,13 @@ static inline __wasi_errno_t errno_fixup_directory(__wasi_fd_t fd,
   }
   return error;
 }
+#else
+// WASI syscalls should just return ENOTDIR if that's what the problem is.
+static inline __wasi_errno_t errno_fixup_directory(__wasi_fd_t fd,
+                                                     __wasi_errno_t error) {
+  return error;
+}
+#endif
 
 #ifdef __wasilibc_unmodified_upstream // posix_spawn etc.
 // Translates ENOTCAPABLE to EBADF if a regular file or EACCES otherwise.
@@ -48,6 +56,7 @@ static inline __wasi_errno_t errno_fixup_process(__wasi_fd_t fd,
 }
 #endif
 
+#ifdef __wasilibc_unmodified_upstream
 // Translates ENOTCAPABLE to ENOTSOCK if not a socket.
 static inline __wasi_errno_t errno_fixup_socket(__wasi_fd_t fd,
                                                   __wasi_errno_t error) {
@@ -64,5 +73,12 @@ static inline __wasi_errno_t errno_fixup_socket(__wasi_fd_t fd,
   }
   return error;
 }
+#else
+// WASI syscalls should just return ENOTSOCK if that's what the problem is.
+static inline __wasi_errno_t errno_fixup_socket(__wasi_fd_t fd,
+                                                  __wasi_errno_t error) {
+  return error;
+}
+#endif
 
 #endif
diff --git a/libc-bottom-half/libpreopen/include/libpreopen.h b/libc-bottom-half/libpreopen/include/libpreopen.h
@@ -163,11 +163,12 @@ int po_preopen(struct po_map *map, const char *path, int flags, ...);
  *          path, relative to the file (or undefined if no match found)
  */
 #ifdef __wasilibc_unmodified_upstream
-#else
-static
-#endif
 struct po_relpath po_find(struct po_map *map, const char *path,
 	cap_rights_t *rights);
+#else
+static struct po_relpath po_find(struct po_map *map, const char *path,
+	__wasi_rights_t rights);
+#endif
 
 #ifdef __wasilibc_unmodified_upstream
 /**
diff --git a/libc-bottom-half/libpreopen/lib/internal.h b/libc-bottom-half/libpreopen/lib/internal.h
@@ -43,12 +43,14 @@
 #endif
 
 #ifdef __wasilibc_unmodified_upstream
-#else
-#define WITH_CAPSICUM
-#endif
 #ifdef WITH_CAPSICUM
 #include <sys/capsicum.h>
 #endif
+#else
+// We do Capsicum-style rights-checking, though we use the WASI API directly
+// rather than the Capsicum API.
+#define WITH_CAPSICUM
+#endif
 
 #include <assert.h>
 #include <stdbool.h>
@@ -74,7 +76,11 @@ struct po_map_entry {
 
 #ifdef WITH_CAPSICUM
 	/** Capability rights associated with the file descriptor */
+#ifdef __wasilibc_unmodified_upstream
 	cap_rights_t rights;
+#else
+	__wasi_rights_t rights;
+#endif
 #endif
 };
 
diff --git a/libc-bottom-half/libpreopen/lib/libpreopen.c b/libc-bottom-half/libpreopen/lib/libpreopen.c
@@ -79,22 +79,35 @@ po_add(struct po_map *map, const char *path, int fd)
 	entry->fd = fd;
 
 #ifdef WITH_CAPSICUM
+#ifdef __wasilibc_unmodified_upstream
 	if (cap_rights_get(fd, &entry->rights) != 0) {
 		return (NULL);
 	}
+#else
+	__wasi_fdstat_t statbuf;
+	int r = __wasi_fd_stat_get(fd, &statbuf);
+	if (r != 0) {
+		errno = r;
+		return NULL; // fixme: actually there should be an infallible way to get the rights
+	}
+
+	entry->rights = statbuf.fs_rights_base;
 #endif
+#endif
+
 
 	po_map_assertvalid(map);
 
 	return (map);
 }
 
 #ifdef __wasilibc_unmodified_upstream
-#else
-static
-#endif
 struct po_relpath
 po_find(struct po_map* map, const char *path, cap_rights_t *rights)
+#else
+static struct po_relpath
+po_find(struct po_map* map, const char *path, __wasi_rights_t rights)
+#endif
 {
 	const char *relpath ;
 	struct po_relpath match = { .relative_path = NULL, .dirfd = -1 };
@@ -121,7 +134,11 @@ po_find(struct po_map* map, const char *path, cap_rights_t *rights)
 		}
 
 #ifdef WITH_CAPSICUM
+#ifdef __wasilibc_unmodified_upstream
 		if (rights && !cap_rights_contains(&entry->rights, rights)) {
+#else
+		if ((rights & ~entry->rights) != 0) {
+#endif
 			continue;
 		}
 #endif
diff --git a/libc-bottom-half/libpreopen/lib/po_libc_wrappers.c b/libc-bottom-half/libpreopen/lib/po_libc_wrappers.c
