From 7140b1fdca1cc9c9c711955a49e6e7fc41f339d9 Mon Sep 17 00:00:00 2001
From: Shiva Prasanth <kesavarapu.siva@gmail.com>
Date: Wed, 10 Apr 2019 10:48:28 -0700
Subject: Fixed /proc/cpuinfo permissions

This also applies these permissions to other static proc files.

Change-Id: I4167e585fed49ad271aa4e1f1260babb3239a73d
PiperOrigin-RevId: 242898575
---
 pkg/sentry/fs/fsutil/inode.go | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'pkg/sentry/fs/fsutil')

diff --git a/pkg/sentry/fs/fsutil/inode.go b/pkg/sentry/fs/fsutil/inode.go
index 2673d73d7..37490e5b2 100644
--- a/pkg/sentry/fs/fsutil/inode.go
+++ b/pkg/sentry/fs/fsutil/inode.go
@@ -452,3 +452,15 @@ type InodeGenericChecker struct{}
 func (InodeGenericChecker) Check(ctx context.Context, inode *fs.Inode, p fs.PermMask) bool {
 	return fs.ContextCanAccessFile(ctx, inode, p)
 }
+
+// InodeDenyWriteChecker implements fs.InodeOperations.Check which denies all
+// write operations.
+type InodeDenyWriteChecker struct{}
+
+// Check implements fs.InodeOperations.Check.
+func (InodeDenyWriteChecker) Check(ctx context.Context, inode *fs.Inode, p fs.PermMask) bool {
+	if p.Write {
+		return false
+	}
+	return fs.ContextCanAccessFile(ctx, inode, p)
+}
-- 
cgit v1.2.3