-
Notifications
You must be signed in to change notification settings - Fork 0
/
hook_manager.go
121 lines (98 loc) · 2.35 KB
/
hook_manager.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
package permissions
import (
"fmt"
"hooks"
"io/fs"
"os"
"strings"
"time"
)
type hookManager struct {
permissionsManager *PermissionsManager
}
var manager hookManager
// Temp for printing.
var (
Times [5000]int64
Times_c = 0
)
func NewHookManager(pm *PermissionsManager) (*hookManager, error) {
// TODO: check error.
hooks.SetManager(&manager)
manager.permissionsManager = pm
return &manager, nil
}
func envMatches(val, req string) bool {
return val == "*" || val == req
}
func fsMatches(val, req string) bool {
// /etc/ssl/certs/* /etc/ssl/certs
// TODO: this function needs proper testing.
if val == "*" {
return true
}
if strings.HasSuffix(val, "*") {
val = val[:len(val)-1]
}
// WARNING: do not remove the `/`.
if req == val {
return true
}
if val[len(val)-1] != os.PathSeparator {
val += string(os.PathSeparator)
}
if strings.HasPrefix(req, val) {
return true
}
if req[len(req)-1] != os.PathSeparator {
req += string(os.PathSeparator)
}
return strings.HasPrefix(req, val)
// match, err := filepath.Match(val, req)
// if err != nil {
// // we are conservative
// return true
// }
}
func (hm *hookManager) Getenv(key string) error {
mylog("Getenv(%s)\n", key)
// mylog("stack info:")
start := time.Now()
if err := hm.permissionsManager.OnAccess(key, envMatches, ResourceTypeEnv, AccessRead); err != nil {
return err
}
elapsed := time.Since(start)
Times[Times_c] = elapsed.Nanoseconds()
Times_c++
mylog("perm check took ", fmt.Sprint(elapsed.Nanoseconds()))
return nil
}
func (hm *hookManager) Environ() error {
// disabled for testing
// return
mylog("Environ()\n")
start := time.Now()
if err := hm.permissionsManager.OnAccess("*", envMatches, ResourceTypeEnv, AccessRead); err != nil {
return err
}
elapsed := time.Since(start)
Times[Times_c] = elapsed.Nanoseconds()
Times_c++
mylog("perm check took ", fmt.Sprint(elapsed.Nanoseconds()))
return nil
}
func (hm *hookManager) Open(file string, flag int, perms fs.FileMode) error {
// disabled
// return
mylog("Open(%s)\n", file)
start := time.Now()
// TODO: Do this properly.
if err := hm.permissionsManager.OnAccess(file, fsMatches, ResourceTypeFs, AccessRead); err != nil {
return err
}
elapsed := time.Since(start)
Times[Times_c] = elapsed.Nanoseconds()
Times_c++
mylog("perm check took ", fmt.Sprint(elapsed.Nanoseconds()))
return nil
}