Add functions for working with file permissions.

phases/ephemeral/witx/typenames.witx

@@ -253,12 +253,16 @@
     $path_filestat_set_size
     ;;; The right to invoke `path_filestat_set_times`.
     $path_filestat_set_times
+    ;;; The right to invoke `path_filestat_set_permissions`.
+    $path_permissions_set
     ;;; The right to invoke `fd_filestat_get`.
     $fd_filestat_get
     ;;; The right to invoke `fd_filestat_set_size`.
     $fd_filestat_set_size
     ;;; The right to invoke `fd_filestat_set_times`.
     $fd_filestat_set_times
+    ;;; The right to invoke `fd_filestat_set_permissions`.
+    $fd_permissions_set
     ;;; The right to invoke `path_symlink`.
     $path_symlink
     ;;; The right to invoke `path_remove_directory`.
@@ -455,6 +459,37 @@
 ;;; Number of hard links to an inode.
 (typename $linkcount u64)
 
+;;; File permissions. This represents the permissions associated with a
+;;; file in a filesystem, and don't fully reflect all the conditions
+;;; which determine whether a given WASI program can access the file.
+(typename $permissions
+  (flags u8
+    ;;; For files, permission to read the file.
+    ;;; For directories, permission to do `readdir` and access files
+    ;;; within the directory.
+    ;;;
+    ;;; Note: This is similar to the read bit being set on files, and the
+    ;;; read *and* execute bits being set on directories, in POSIX.
+    $read
+
+    ;;; For files, permission to mutate the file.
+    ;;; For directories, permission to create, remove, and rename items
+    ;;; within the directory.
+    $write
+
+    ;;; For files, permission to "execute" the file, using whatever
+    ;;; concept of "executing" the host filesystem has.
+    ;;; This flag is not valid for directories.
+    $execute
+
+    ;;; For filesystems which have a concept of multiple "users", this flag
+    ;;; indicates that the file is only accessible by the effective "user"
+    ;;; that the WASI store uses to access the filesystem, and inaccessible
+    ;;; to other "users".
+    $private
+  )
+)
+
 ;;; File attributes.
 (typename $filestat
   (struct
@@ -464,6 +499,8 @@
     (field $ino $inode)
     ;;; File type.
     (field $filetype $filetype)
+    ;;; File permissions.
+    (field $permissions $permissions)
     ;;; Number of hard links to the file.
     (field $nlink $linkcount)
     ;;; For regular files, the file size in bytes. For symbolic links, the length in bytes of the pathname contained in the symbolic link.

phases/ephemeral/witx/wasi_ephemeral_fd.witx

@@ -107,6 +107,25 @@
     (result $error $errno)
   )
 
+  ;;; Set the permissions of a file or directory.
+  ;;;
+  ;;; This sets the permissions associated with a file or directory in
+  ;;; a filesystem at the time it is called. The ability to actually access
+  ;;; a file or directory may depend on additional permissions not reflected
+  ;;; here.
+  ;;;
+  ;;; Note: This is similar `fchmod` in POSIX.
+  ;;;
+  ;;; Unlike POSIX, this doesn't expose a user/group/other distinction;
+  ;;; implementations in POSIX environments are suggested to consult the
+  ;;; umask to determine which of the user/group/other flags to modify.
+  (@interface func (export "permissions_set")
+    (param $fd $fd)
+    ;;; The permissions associated with the file.
+    (result $permissions $permissions)
+    (result $error $errno)
+  )
+
   ;;; Read from a file descriptor, without using and updating the file descriptor's offset.
   ;;; Note: This is similar to `preadv` in POSIX.
   (@interface func (export "pread")

phases/ephemeral/witx/wasi_ephemeral_path.witx

@@ -50,6 +50,29 @@
     (result $error $errno)
   )
 
+  ;;; Set the permissions of a file or directory.
+  ;;;
+  ;;; This sets the permissions associated with a file or directory in
+  ;;; a filesystem at the time it is called. The ability to actually access
+  ;;; a file or directory may depend on additional permissions not reflected
+  ;;; here.
+  ;;;
+  ;;; Note: This is similar to `fchmodat` in POSIX.
+  ;;;
+  ;;; Unlike POSIX, this doesn't expose a user/group/other distinction;
+  ;;; implementations in POSIX environments are suggested to consult the
+  ;;; umask to determine which of the user/group/other flags to modify.
+  (@interface func (export "permissions_set")
+    (param $fd $fd)
+    ;;; Flags determining the method of how the path is resolved.
+    (param $flags $lookupflags)
+    ;;; The path to a file to query.
+    (param $path string)
+    ;;; The permissions to associate with the file.
+    (param $permissions $permissions)
+    (result $error $errno)
+  )
+
   ;;; Create a hard link.
   ;;; Note: This is similar to `linkat` in POSIX.
   (@interface func (export "link")
@@ -94,6 +117,8 @@
     (param $fs_rights_base $rights)
     (param $fs_rights_inherting $rights)
     (param $fdflags $fdflags)
+    ;;; If a file is created, the filesystem permissions to associate with it.
+    (param $permissions $permissions)
     (result $error $errno)
     ;;; The file descriptor of the file that has been opened.
     (result $opened_fd $fd)
@@ -147,7 +172,6 @@
     (result $error $errno)
   )
 
-
   ;;; Unlink a file.
   ;;; Return `EISDIR` if the path refers to a directory.
   ;;; Note: This is similar to `unlinkat(fd, path, 0)` in POSIX.