Commit 137a42c5 authored by Nick Mathewson's avatar Nick Mathewson 🦀
Browse files

Merge branch 'fs-mistrust-ios' into 'main'

fix compilation and execution on iOS

Closes #519

See merge request tpo/core/arti!652
parents bab36d45 4f6c23a1
Loading
Loading
Loading
Loading
+3 −1
Original line number Diff line number Diff line
@@ -23,9 +23,11 @@ walkdir = { version = "2", optional = true }

[target.'cfg(unix)'.dependencies]
libc = "0.2"
users = "0.11"
once_cell = "1"

[target.'cfg(all(unix, not(target_os="ios")))'.dependencies]
users = "0.11"

[dev-dependencies]
anyhow = "1.0.23"
serde_json = "1.0.50"
+1 −0
Original line number Diff line number Diff line
MODIFIED: New facilities to configure how we look at the environment.
BREAKING: Some functions and types were remove when targeting iOS.
+18 −3
Original line number Diff line number Diff line
@@ -166,6 +166,8 @@ impl<'a> super::Verifier<'a> {
    /// Check whether a given file has the correct ownership and permissions,
    /// and push errors into `errors` if not. Other inputs are as for
    /// `check_one`.
    ///
    /// On iOS, check permissions but assumes the owner is the current user.
    #[cfg(target_family = "unix")]
    fn check_permissions(
        &self,
@@ -178,10 +180,14 @@ impl<'a> super::Verifier<'a> {
        // always change the permissions of the object.  (If we're talking
        // about a directory, the owner cah change the permissions and owner
        // of anything in the directory.)

        #[cfg(not(target_os = "ios"))]
        {
            let uid = meta.uid();
            if uid != 0 && Some(uid) != self.mistrust.trust_user {
                errors.push(Error::BadOwner(path.into(), uid));
            }
        }

        // On Unix-like platforms, symlink permissions are ignored (and usually
        // not settable). Theoretically, the symlink owner shouldn't matter, but
@@ -219,9 +225,18 @@ impl<'a> super::Verifier<'a> {
            }
        };
        // If we trust the GID, then we allow even more bits to be set.
        #[cfg(not(target_os = "ios"))]
        if self.mistrust.trust_group == Some(meta.gid()) {
            forbidden_bits &= !0o070;
        }

        // rational: on iOS the platform already protect user data, and not setting this poses
        // issue with the default application data folder.
        #[cfg(target_os = "ios")]
        {
            forbidden_bits &= !0o070;
        }

        let bad_bits = meta.mode() & forbidden_bits;
        if bad_bits != 0 {
            errors.push(Error::BadPermission(
+6 −6
Original line number Diff line number Diff line
@@ -283,7 +283,7 @@ mod dir;
mod disable;
mod err;
mod imp;
#[cfg(target_family = "unix")]
#[cfg(all(target_family = "unix", not(target_os = "ios")))]
mod user;

#[cfg(test)]
@@ -305,7 +305,7 @@ pub use err::Error;
/// A result type as returned by this crate
pub type Result<T> = std::result::Result<T, Error>;

#[cfg(target_family = "unix")]
#[cfg(all(target_family = "unix", not(target_os = "ios")))]
pub use user::{TrustedGroup, TrustedUser};

/// Configuration for verifying that a file or directory is really "private".
@@ -361,7 +361,7 @@ pub struct Mistrust {
    status: disable::Status,

    /// What user ID do we trust by default (if any?)
    #[cfg(target_family = "unix")]
    #[cfg(all(target_family = "unix", not(target_os = "ios")))]
    #[builder(
        setter(into),
        field(type = "TrustedUser", build = "self.trust_user.get_uid()?")
@@ -369,7 +369,7 @@ pub struct Mistrust {
    trust_user: Option<u32>,

    /// What group ID do we trust by default (if any?)
    #[cfg(target_family = "unix")]
    #[cfg(all(target_family = "unix", not(target_os = "ios")))]
    #[builder(
        setter(into),
        field(type = "TrustedGroup", build = "self.trust_group.get_gid()?")
@@ -400,7 +400,7 @@ impl MistrustBuilder {
    /// trusted.
    ///
    /// This option disables the default group-trust behavior as well.
    #[cfg(target_family = "unix")]
    #[cfg(all(target_family = "unix", not(target_os = "ios")))]
    pub fn trust_admin_only(&mut self) -> &mut Self {
        self.trust_user = TrustedUser::None;
        self.trust_group = TrustedGroup::None;
@@ -415,7 +415,7 @@ impl MistrustBuilder {
    /// With this option set, no group is trusted, and and any group-readable or
    /// group-writable objects are treated the same as world-readable and
    /// world-writable objects respectively.
    #[cfg(target_family = "unix")]
    #[cfg(all(target_family = "unix", not(target_os = "ios")))]
    pub fn trust_no_group_id(&mut self) -> &mut Self {
        self.trust_group = TrustedGroup::None;
        self
+6 −4
Original line number Diff line number Diff line
@@ -1325,17 +1325,19 @@ impl<B: AbstractCircBuilder + 'static, R: Runtime> AbstractCircMgr<B, R> {
    /// no longer be given out for new circuits.
    pub(crate) fn expire_circs(&self, now: Instant) {
        let mut list = self.circs.lock().expect("poisoned lock");
        let dirty_cutoff = now - self.circuit_timing().max_dirtiness;
        if let Some(dirty_cutoff) = now.checked_sub(self.circuit_timing().max_dirtiness) {
            list.expire_circs(now, dirty_cutoff);
        }
    }

    /// Consider expiring the circuit with given circuit `id`,
    /// according to the rules in `config` and the current time `now`.
    pub(crate) fn expire_circ(&self, circ_id: &<B::Circ as AbstractCirc>::Id, now: Instant) {
        let mut list = self.circs.lock().expect("poisoned lock");
        let dirty_cutoff = now - self.circuit_timing().max_dirtiness;
        if let Some(dirty_cutoff) = now.checked_sub(self.circuit_timing().max_dirtiness) {
            list.expire_circ(circ_id, now, dirty_cutoff);
        }
    }

    /// Return the number of open circuits held by this circuit manager.
    pub(crate) fn n_circs(&self) -> usize {
Loading