[PATCH i-g-t 1/2] lib/igt_fs: add igt_fs_check_root_perm() helper

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Peter Senna Tschudin <peter.senna@linux.intel.com>
To: igt-dev@lists.freedesktop.org
Cc: Peter Senna Tschudin <peter.senna@linux.intel.com>,
	Rodrigo Vivi <rodrigo.vivi@intel.com>,
	Michal Winiarski <michal.winiarski@intel.com>,
	Kamil Konieczny <kamil.konieczny@linux.intel.com>
Subject: [PATCH i-g-t 1/2] lib/igt_fs: add igt_fs_check_root_perm() helper
Date: Tue,  9 Sep 2025 15:08:07 +0200	[thread overview]
Message-ID: <20250909130808.54117-2-peter.senna@linux.intel.com> (raw)
In-Reply-To: <20250909130808.54117-1-peter.senna@linux.intel.com>

Add igt_fs_check_root_perm() to check that a file is owned by root
(uid=0, gid=0) and that only the owner has write permissions.

This will be used for validating the permissions and ownership of files
where strict root-only write access is required.

Cc: Rodrigo Vivi <rodrigo.vivi@intel.com>
Cc: Michal Winiarski <michal.winiarski@intel.com>
Cc: Kamil Konieczny  <kamil.konieczny@linux.intel.com>
Signed-off-by: Peter Senna Tschudin <peter.senna@linux.intel.com>
---
 lib/igt_fs.c | 28 ++++++++++++++++++++++++++++
 lib/igt_fs.h |  1 +
 2 files changed, 29 insertions(+)

diff --git a/lib/igt_fs.c b/lib/igt_fs.c
index 8f4d17546..0e408c89b 100644
--- a/lib/igt_fs.c
+++ b/lib/igt_fs.c
@@ -25,6 +25,7 @@
 #include <fcntl.h>
 #include <stdlib.h>
 #include <sys/stat.h>
+#include <stdbool.h>
 #include <unistd.h>
 
 #include "igt_fs.h"
@@ -141,3 +142,30 @@ int igt_fs_remove_dir(int fd, const char *name)
 
 	return 0;
 }
+
+/**
+ * igt_fs_check_root_perm: Checks if the user and group are root and that
+ *                         only the user can write to the file.
+ * @dirfd: file descriptor of the directory containing the file
+ * @pathname: name of the file to check
+ *
+ * Returns: true if the file is owned by root and only root can write to it.
+ */
+bool igt_fs_check_root_perm(int dirfd, const char *pathname)
+{
+	struct stat st;
+
+	if (fstatat(dirfd, pathname, &st, 0))
+		return false;
+
+	if (st.st_uid != 0 || st.st_gid != 0)
+		return false;
+
+	if (st.st_mode & S_IWGRP)
+		return false;
+
+	if (st.st_mode & S_IWOTH)
+		return false;
+
+	return true;
+}
diff --git a/lib/igt_fs.h b/lib/igt_fs.h
index ee3e7593b..ee547c133 100644
--- a/lib/igt_fs.h
+++ b/lib/igt_fs.h
@@ -31,5 +31,6 @@ int igt_fs_create_dir(int fd, const char *name, mode_t mode);
 int igt_fs_remove_dir(int fd, const char *name);
 ssize_t igt_readn(int fd, char *buf, size_t len);
 ssize_t igt_writen(int fd, const char *buf, size_t len);
+bool igt_fs_check_root_perm(int dirfd, const char *pathname);
 
 #endif /* __IGT_FS_H__ */
-- 
2.43.0

next prev parent reply	other threads:[~2025-09-09 13:09 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-09-09 13:08 [PATCH i-g-t 0/2] tests/intel/xe_compute: check root-only write permission for ccs_mode Peter Senna Tschudin
2025-09-09 13:08 ` Peter Senna Tschudin [this message]
2025-09-12 15:57   ` [PATCH i-g-t 1/2] lib/igt_fs: add igt_fs_check_root_perm() helper Kamil Konieczny
2025-09-09 13:08 ` [PATCH i-g-t 2/2] tests/intel/xe_compute: check root-only write permission for ccs_mode Peter Senna Tschudin
2025-09-15 12:28   ` Kamil Konieczny
2025-09-10  0:20 ` ✓ Xe.CI.BAT: success for " Patchwork
2025-09-10  0:26 ` ✓ i915.CI.BAT: " Patchwork
2025-09-10  7:16 ` ✓ Xe.CI.Full: " Patchwork
2025-09-10 13:04 ` ✗ i915.CI.Full: failure " Patchwork
2026-01-18 20:00 ` [PATCH v2 i-g-t 1/2] lib/igt_fs: add igt_fs_check_root_perm() helper Peter Senna Tschudin
2026-01-18 20:00   ` [PATCH v2 i-g-t 2/2] tests/intel/xe_compute: check root-only write permission for ccs_mode Peter Senna Tschudin
2026-01-19 12:29     ` Kamil Konieczny
2026-01-18 20:33 ` ✓ Xe.CI.BAT: success for tests/intel/xe_compute: check root-only write permission for ccs_mode (rev2) Patchwork
2026-01-18 20:51 ` ✓ i915.CI.BAT: " Patchwork
2026-01-18 21:40 ` ✗ Xe.CI.Full: failure " Patchwork
2026-01-18 22:55 ` ✗ i915.CI.Full: " Patchwork

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:8f4d1754 dfblob:0e408c89 dfblob:ee3e7593 dfblob:ee547c13 )
 OR (
bs:"[PATCH i-g-t 1/2] lib/igt_fs: add igt_fs_check_root_perm() helper" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250909130808.54117-2-peter.senna@linux.intel.com \
    --to=peter.senna@linux.intel.com \
    --cc=igt-dev@lists.freedesktop.org \
    --cc=kamil.konieczny@linux.intel.com \
    --cc=michal.winiarski@intel.com \
    --cc=rodrigo.vivi@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.