Re: [PR] fs/inode: Add shared permission helpers and pseudoFS open checks [nuttx]

Wed, 17 Jun 2026 08:11:54 -0700 


xiaoxiang781216 commented on code in PR #19162:
URL: https://github.com/apache/nuttx/pull/19162#discussion_r3429273456


##########
fs/inode/fs_inode.c:
##########
@@ -65,9 +66,86 @@ static rw_semaphore_t g_inode_lock = RWSEM_INITIALIZER;
  *
  ****************************************************************************/
 
+#if defined(CONFIG_FS_PERMISSION)
+/****************************************************************************
+ * Name: fs_checkmode
+ *
+ * Description:
+ *   Test the calling task's effective credentials against the owner, group,
+ *   and mode of a file or directory.  Kernel threads always pass.
+ *
+ ****************************************************************************/
+
+int fs_checkmode(uid_t owner, gid_t group, mode_t mode, int amode)
+{
+  FAR struct tcb_s *rtcb;
+  mode_t perm;
+  uid_t uid;
+  gid_t gid;
+
+  rtcb = nxsched_self();
+  if ((rtcb->flags & TCB_FLAG_TTYPE_MASK) == TCB_FLAG_TTYPE_KERNEL)
+    {
+      return OK;
+    }
+
+  DEBUGASSERT(rtcb->group != NULL);
+  uid = rtcb->group->tg_euid;
+  gid = rtcb->group->tg_egid;
+
+  if (uid == owner)
+    {
+      perm = (mode >> 6) & 7;
+    }
+  else if (gid == group)
+    {
+      perm = (mode >> 3) & 7;
+    }
+  else
+    {
+      perm = mode & 7;
+    }
+
+  if ((amode & perm) != amode)
+    {
+      return -EACCES;
+    }
+
+  return OK;
+}
+
+/****************************************************************************
+ * Name: fs_checkopenperm
+ *
+ * Description:
+ *   Test open access for the calling task against owner, group, and mode.
+ *
+ ****************************************************************************/
+
+int fs_checkopenperm(uid_t owner, gid_t group, mode_t mode, int oflags)
+{
+  int amode = 0;
+
+  if ((oflags & O_RDOK) != 0)
+    {
+      amode |= R_OK;
+    }
+
+  if ((oflags & O_WROK) != 0)
+    {
+      amode |= W_OK;
+    }
+
+  return fs_checkmode(owner, group, mode, amode);
+}
+#endif /* CONFIG_FS_PERMISSION */
+
 #if defined(CONFIG_PSEUDOFS_ATTRIBUTES) && defined(CONFIG_SCHED_USER_IDENTITY)
 static int _inode_checkmode(FAR struct inode *inode, int amode)
 {
+#ifdef CONFIG_FS_PERMISSION
+  return fs_checkmode(inode->i_owner, inode->i_group, inode->i_mode, amode);
+#else

Review Comment:
   why has #else branch? it doesn't make sense to only check the permission on 
inode.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to