Kernel: Ensure that an unveil node with no permission is never accepted

Otherwise nodes inheriting from root may still be accessed with `access(..., F_OK)`. Also adds a test case to TestKernelUnveil about this behaviour.
Author: https://github.com/alimpfard Commit: 90de1ded55 Pull-request: https://github.com/SerenityOS/serenity/pull/7569
2025-04-27 14:58:46 +00:00 · 2021-05-30 00:05:55 +04:30 · 2021-05-30 00:05:55 +04:30 · 90de1ded55 · 2024-07-18 17:11:46 +09:00
commit 90de1ded55
parent 8ce015742d
2 changed files with 5 additions and 1 deletions
--- a/Kernel/FileSystem/VirtualFileSystem.cpp
+++ b/Kernel/FileSystem/VirtualFileSystem.cpp
@ -851,7 +851,7 @@ KResult VFS::validate_path_against_process_veil(StringView path, int options)
        return EINVAL;

    auto* unveiled_path = find_matching_unveiled_path(path);
-    if (!unveiled_path) {
+    if (!unveiled_path || unveiled_path->permissions() == UnveilAccess::None) {
        dbgln("Rejecting path '{}' since it hasn't been unveiled.", path);
        dump_backtrace();
        return ENOENT;