Add FileExec flag to OpenOptions

This allow callers to say whether the file is being opened to be executed, so that the proper checks can be done from FilesystemImpl.OpenAt() Updates #1623 PiperOrigin-RevId: 295042595
author: gVisor bot <gvisor-bot@google.com> 2020-02-13 17:56:34 -0800
committer: gVisor bot <gvisor-bot@google.com> 2020-02-13 17:57:36 -0800
commit: a6024f7f5f6f438c11e30be0f93657b1956fd5ba (patch)
tree: a18288d9dec9d08a934d52570ebf6694f7ea1c0c /pkg/sentry/vfs/permissions.go
parent: 336f758d59a8a0411c745d744a1e5c3294eaf78a (diff)
1 files changed, 12 insertions, 7 deletions
diff --git a/pkg/sentry/vfs/permissions.go b/pkg/sentry/vfs/permissions.go
index f664581f4..8e250998a 100644
--- a/pkg/sentry/vfs/permissions.go
+++ b/pkg/sentry/vfs/permissions.go
@@ -103,17 +103,22 @@ func GenericCheckPermissions(creds *auth.Credentials, ats AccessTypes, isDir boo
 // AccessTypesForOpenFlags returns MayRead|MayWrite in this case.
 //
 // Use May{Read,Write}FileWithOpenFlags() for these checks instead.
-func AccessTypesForOpenFlags(flags uint32) AccessTypes {
-	switch flags & linux.O_ACCMODE {
+func AccessTypesForOpenFlags(opts *OpenOptions) AccessTypes {
+	ats := AccessTypes(0)
+	if opts.FileExec {
+		ats |= MayExec
+	}
+
+	switch opts.Flags & linux.O_ACCMODE {
 	case linux.O_RDONLY:
-		if flags&linux.O_TRUNC != 0 {
-			return MayRead | MayWrite
+		if opts.Flags&linux.O_TRUNC != 0 {
+			return ats | MayRead | MayWrite
 		}
-		return MayRead
+		return ats | MayRead
 	case linux.O_WRONLY:
-		return MayWrite
+		return ats | MayWrite
 	default:
-		return MayRead | MayWrite
+		return ats | MayRead | MayWrite
 	}
 }
author	gVisor bot <gvisor-bot@google.com>	2020-02-13 17:56:34 -0800
committer	gVisor bot <gvisor-bot@google.com>	2020-02-13 17:57:36 -0800
commit	a6024f7f5f6f438c11e30be0f93657b1956fd5ba (patch)
tree	a18288d9dec9d08a934d52570ebf6694f7ea1c0c /pkg/sentry/vfs/permissions.go
parent	336f758d59a8a0411c745d744a1e5c3294eaf78a (diff)