fixup! [LibOS] Move trusted and allowed files logic to LibOS

This fixup commit removes now-useless PAL_OPTION_PASSTHROUGH. Signed-off-by: Dmitrii Kuvaiskii <dmitrii.kuvaiskii@intel.com>
gramineproject · Jul 29, 2024 · d4c6f52 · d4c6f52
1 parent bd85458
commit d4c6f52
Show file tree

Hide file tree

Showing 6 changed files with 9 additions and 10 deletions.
diff --git a/libos/src/fs/chroot/encrypted.c b/libos/src/fs/chroot/encrypted.c
@@ -273,7 +273,7 @@ static int chroot_encrypted_mkdir(struct libos_dentry* dent, mode_t perm) {
     /* This opens a "dir:..." URI */
     PAL_HANDLE palhdl;
     ret = PalStreamOpen(uri, PAL_ACCESS_RDONLY, HOST_PERM(perm), PAL_CREATE_ALWAYS,
-                        PAL_OPTION_PASSTHROUGH, &palhdl);
+                        /*options=*/0, &palhdl);
     if (ret < 0) {
         ret = pal_to_unix_errno(ret);
         goto out;
@@ -303,7 +303,7 @@ static int chroot_encrypted_unlink(struct libos_dentry* dent) {
 
     PAL_HANDLE palhdl;
     ret = PalStreamOpen(uri, PAL_ACCESS_RDONLY, /*share_flags=*/0, PAL_CREATE_NEVER,
-                        PAL_OPTION_PASSTHROUGH, &palhdl);
+                        /*options=*/0, &palhdl);
     if (ret < 0) {
         ret = pal_to_unix_errno(ret);
         goto out;
@@ -368,7 +368,7 @@ static int chroot_encrypted_chmod(struct libos_dentry* dent, mode_t perm) {
 
     PAL_HANDLE palhdl;
     ret = PalStreamOpen(uri, PAL_ACCESS_RDONLY, /*share_flags=*/0, PAL_CREATE_NEVER,
-                        PAL_OPTION_PASSTHROUGH, &palhdl);
+                        /*options=*/0, &palhdl);
     if (ret < 0) {
         ret = pal_to_unix_errno(ret);
         goto out;

diff --git a/libos/src/fs/chroot/fs.c b/libos/src/fs/chroot/fs.c
@@ -364,7 +364,7 @@ static int chroot_temp_open(struct libos_dentry* dent, PAL_HANDLE* out_palhdl) {
     }
 
     ret = PalStreamOpen(uri, PAL_ACCESS_RDONLY, /*share_flags=*/0, PAL_CREATE_NEVER,
-                        PAL_OPTION_PASSTHROUGH, out_palhdl);
+                        /*options=*/0, out_palhdl);
     if (ret < 0) {
         ret = pal_to_unix_errno(ret);
         goto out;
@@ -393,7 +393,7 @@ static int chroot_do_open(struct libos_handle* hdl, struct libos_dentry* dent, m
     enum pal_create_mode create = LINUX_OPEN_FLAGS_TO_PAL_CREATE(flags);
     pal_stream_options_t options = LINUX_OPEN_FLAGS_TO_PAL_OPTIONS(flags);
     mode_t host_perm = HOST_PERM(perm);
-    ret = PalStreamOpen(uri, access, host_perm, create, options | PAL_OPTION_PASSTHROUGH, &palhdl);
+    ret = PalStreamOpen(uri, access, host_perm, create, options, &palhdl);
     if (ret < 0) {
         ret = pal_to_unix_errno(ret);
         goto out;

diff --git a/libos/src/fs/chroot/trusted.c b/libos/src/fs/chroot/trusted.c
@@ -128,7 +128,7 @@ int load_trusted_file(struct trusted_file* tf, size_t file_size,
     }
 
     ret = PalStreamOpen(uri, PAL_ACCESS_RDONLY, /*share_flags=*/0, PAL_CREATE_NEVER,
-                        PAL_OPTION_PASSTHROUGH, &handle);
+                        /*options=*/0, &handle);
     if (ret < 0) {
         ret = pal_to_unix_errno(ret);
         goto out;

diff --git a/libos/src/fs/libos_fs_encrypted.c b/libos/src/fs/libos_fs_encrypted.c
@@ -169,7 +169,7 @@ static int encrypted_file_internal_open(struct libos_encrypted_file* enc, PAL_HA
     if (!pal_handle) {
         enum pal_create_mode create_mode = create ? PAL_CREATE_ALWAYS : PAL_CREATE_NEVER;
         ret = PalStreamOpen(enc->uri, PAL_ACCESS_RDWR, share_flags, create_mode,
-                            PAL_OPTION_PASSTHROUGH, &pal_handle);
+                            /*options=*/0, &pal_handle);
         if (ret < 0) {
             log_warning("PalStreamOpen failed: %s", pal_strerror(ret));
             return pal_to_unix_errno(ret);

diff --git a/pal/include/host/linux-common/pal_flags_conv.h b/pal/include/host/linux-common/pal_flags_conv.h
@@ -60,6 +60,6 @@ static inline int PAL_CREATE_TO_LINUX_OPEN(enum pal_create_mode create) {
 }
 
 static inline int PAL_OPTION_TO_LINUX_OPEN(pal_stream_options_t options) {
-    assert(WITHIN_MASK(options, PAL_OPTION_NONBLOCK | PAL_OPTION_PASSTHROUGH));
+    assert(WITHIN_MASK(options, PAL_OPTION_NONBLOCK));
     return options & PAL_OPTION_NONBLOCK ? O_NONBLOCK : 0;
 }
diff --git a/pal/include/pal/pal.h b/pal/include/pal/pal.h
@@ -325,8 +325,7 @@ enum pal_create_mode {
 typedef uint32_t pal_stream_options_t; /* bitfield */
 #define PAL_OPTION_EFD_SEMAPHORE   0x1 /*!< specific to `eventfd` syscall */
 #define PAL_OPTION_NONBLOCK        0x2
-#define PAL_OPTION_PASSTHROUGH     0x4 /*!< Disregard `sgx.{allowed,trusted}_files` */
-#define PAL_OPTION_MASK            0x7
+#define PAL_OPTION_MASK            0x3
 
 /*!
  * \brief Open/create a stream resource specified by `uri`.