Fix rights checks across the codebase.

* Fix path_open granting more rights than requested * Add missing rights checks in: fd_fdstat_set_flags, fd_filestat_get, poll_oneoff * Fix `open_scratch_directory` not requesting any rights. * Properly request needed rights in various tests * Add some extra trace-level logging * Remove a no-op restriction of rights to the ones returned by `determine_type_rights`. It was redundant, because `FdEntry:from` internally also called `determine_type_rights` and only dropped some of them.
2020-01-07 17:19:20 +01:00
parent 5efa640e23
commit f7f10c12b3
12 changed files with 71 additions and 36 deletions
--- a/crates/wasi-common/src/fdentry.rs
+++ b/crates/wasi-common/src/fdentry.rs
@@ -155,8 +155,21 @@ impl FdEntry {
        rights_base: wasi::__wasi_rights_t,
        rights_inheriting: wasi::__wasi_rights_t,
    ) -> Result<()> {
-        if !self.rights_base & rights_base != 0 || !self.rights_inheriting & rights_inheriting != 0
-        {
+        let missing_base = !self.rights_base & rights_base;
+        let missing_inheriting = !self.rights_inheriting & rights_inheriting;
+        if missing_base != 0 || missing_inheriting != 0 {
+            log::trace!(
+                "     | validate_rights failed: required: \
+                 rights_base = {:#x}, rights_inheriting = {:#x}; \
+                 actual: rights_base = {:#x}, rights_inheriting = {:#x}; \
+                 missing_base = {:#x}, missing_inheriting = {:#x}",
+                rights_base,
+                rights_inheriting,
+                self.rights_base,
+                self.rights_inheriting,
+                missing_base,
+                missing_inheriting
+            );
            Err(Error::ENOTCAPABLE)
        } else {
            Ok(())