sys_util: Add wrappers for fchmod and fchown.

This wrappers allow for permissions and ownership changes that are less sensitive to time-of-check-time-of-use vulnerabilities. BUG=None TEST=CQ passes Change-Id: I6d5e4809a0b0113f3a95b0395d3cfb82431a3fd8 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3049330 Auto-Submit: Allen Webb <allenwebb@google.com> Tested-by: kokoro <noreply+kokoro@google.com> Commit-Queue: Allen Webb <allenwebb@google.com> Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
2025-02-11 04:26:38 +00:00 · 2021-07-23 09:48:00 -05:00 · 2021-07-23 09:48:00 -05:00 · 87b96033b7
commit 87b96033b7
parent 8bf5dcade3
1 changed files with 15 additions and 0 deletions
--- a/sys_util/src/lib.rs
+++ b/sys_util/src/lib.rs
@ -112,6 +112,7 @@ use libc::{
 pub type Pid = libc::pid_t;
 pub type Uid = libc::uid_t;
 pub type Gid = libc::gid_t;
+pub type Mode = libc::mode_t;

 /// Used to mark types as !Sync.
 pub type UnsyncMarker = std::marker::PhantomData<Cell<usize>>;
@ -195,6 +196,20 @@ pub fn chown(path: &CStr, uid: Uid, gid: Gid) -> Result<()> {
    syscall!(unsafe { libc::chown(path.as_ptr(), uid, gid) }).map(|_| ())
 }

+/// Safe wrapper for fchmod(2).
+#[inline(always)]
+pub fn fchmod<A: AsRawFd>(fd: &A, mode: Mode) -> Result<()> {
+    // Safe since the function does not operate on pointers and check the return value.
+    syscall!(unsafe { libc::fchmod(fd.as_raw_fd(), mode) }).map(|_| ())
+}
+
+/// Safe wrapper for fchown(2).
+#[inline(always)]
+pub fn fchown<A: AsRawFd>(fd: &A, uid: Uid, gid: Gid) -> Result<()> {
+    // Safe since the function does not operate on pointers and check the return value.
+    syscall!(unsafe { libc::fchown(fd.as_raw_fd(), uid, gid) }).map(|_| ())
+}
+
 /// The operation to perform with `flock`.
 pub enum FlockOperation {
    LockShared,