kernel: descrip: Validate operations against seal

Ensure file I/O operations match the seal that their respective file descriptors were set with. Signed-off-by: Ian Moffett <ian@osmora.org>
author: Ian Moffett <ian@osmora.org> 2025-06-27 20:53:53 -0400
committer: Ian Moffett <ian@osmora.org> 2025-06-27 20:53:53 -0400
commit: 5e4cf6049be6cf8bd8033295973c5aa8282995b8 (patch)
tree: 00915671207db8f00ffce707953376ec1da66c17 /sys
parent: eb829b70db46ad86a1c85740f5ca02b7ba29ce4f (diff)
1 files changed, 11 insertions, 1 deletions
diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c
index da67530..d4c9885 100644
--- a/sys/kern/kern_descrip.c
+++ b/sys/kern/kern_descrip.c
@@ -149,6 +149,7 @@ fd_rw(unsigned int fd, void *buf, size_t count, uint8_t write)
 {
     char *kbuf = NULL;
     ssize_t n;
+    uint32_t seal;
     struct filedesc *filedes;
     struct sio_txn sio;
     scret_t retval = 0;
@@ -159,8 +160,17 @@ fd_rw(unsigned int fd, void *buf, size_t count, uint8_t write)
     }
 
     filedes = fd_get(fd);
-    kbuf = dynalloc(count);
+    seal = filedes->flags;
 
+    /* Check the seal */
+    if (write && !ISSET(seal, O_ALLOW_WR)) {
+        return -EPERM;
+    }
+    if (!write && ISSET(seal, O_WRONLY)) {
+        return -EPERM;
+    }
+
+    kbuf = dynalloc(count);
     if (kbuf == NULL) {
         retval = -ENOMEM;
         goto done;
author	Ian Moffett <ian@osmora.org>	2025-06-27 20:53:53 -0400
committer	Ian Moffett <ian@osmora.org>	2025-06-27 20:53:53 -0400
commit	5e4cf6049be6cf8bd8033295973c5aa8282995b8 (patch)
tree	00915671207db8f00ffce707953376ec1da66c17 /sys
parent	eb829b70db46ad86a1c85740f5ca02b7ba29ce4f (diff)