sys_util: Add wrappers for fchmod and fchown.

This wrappers allow for permissions and ownership changes that are less
sensitive to time-of-check-time-of-use vulnerabilities.

BUG=None
TEST=CQ passes

Change-Id: I6d5e4809a0b0113f3a95b0395d3cfb82431a3fd8
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3049330
Auto-Submit: Allen Webb <allenwebb@google.com>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Allen Webb <allenwebb@google.com>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>

sys_util/src/lib.rs

@@ -112,6 +112,7 @@ use libc::{
 pub type Pid = libc::pid_t;
 pub type Uid = libc::uid_t;
 pub type Gid = libc::gid_t;
+pub type Mode = libc::mode_t;
 
 /// Used to mark types as !Sync.
 pub type UnsyncMarker = std::marker::PhantomData<Cell<usize>>;
@@ -195,6 +196,20 @@ pub fn chown(path: &CStr, uid: Uid, gid: Gid) -> Result<()> {
     syscall!(unsafe { libc::chown(path.as_ptr(), uid, gid) }).map(|_| ())
 }
 
+/// Safe wrapper for fchmod(2).
+#[inline(always)]
+pub fn fchmod<A: AsRawFd>(fd: &A, mode: Mode) -> Result<()> {
+    // Safe since the function does not operate on pointers and check the return value.
+    syscall!(unsafe { libc::fchmod(fd.as_raw_fd(), mode) }).map(|_| ())
+}
+
+/// Safe wrapper for fchown(2).
+#[inline(always)]
+pub fn fchown<A: AsRawFd>(fd: &A, uid: Uid, gid: Gid) -> Result<()> {
+    // Safe since the function does not operate on pointers and check the return value.
+    syscall!(unsafe { libc::fchown(fd.as_raw_fd(), uid, gid) }).map(|_| ())
+}
+
 /// The operation to perform with `flock`.
 pub enum FlockOperation {
     LockShared,