diff --git a/phases/ephemeral/witx/typenames.witx b/phases/ephemeral/witx/typenames.witx index 904aa1ca9..aac53061e 100644 --- a/phases/ephemeral/witx/typenames.witx +++ b/phases/ephemeral/witx/typenames.witx @@ -253,12 +253,16 @@ $path_filestat_set_size ;;; The right to invoke `path_filestat_set_times`. $path_filestat_set_times + ;;; The right to invoke `path_filestat_set_permissions`. + $path_permissions_set ;;; The right to invoke `fd_filestat_get`. $fd_filestat_get ;;; The right to invoke `fd_filestat_set_size`. $fd_filestat_set_size ;;; The right to invoke `fd_filestat_set_times`. $fd_filestat_set_times + ;;; The right to invoke `fd_filestat_set_permissions`. + $fd_permissions_set ;;; The right to invoke `path_symlink`. $path_symlink ;;; The right to invoke `path_remove_directory`. @@ -455,6 +459,37 @@ ;;; Number of hard links to an inode. (typename $linkcount u64) +;;; File permissions. This represents the permissions associated with a +;;; file in a filesystem, and don't fully reflect all the conditions +;;; which determine whether a given WASI program can access the file. +(typename $permissions + (flags u8 + ;;; For files, permission to read the file. + ;;; For directories, permission to do `readdir` and access files + ;;; within the directory. + ;;; + ;;; Note: This is similar to the read bit being set on files, and the + ;;; read *and* execute bits being set on directories, in POSIX. + $read + + ;;; For files, permission to mutate the file. + ;;; For directories, permission to create, remove, and rename items + ;;; within the directory. + $write + + ;;; For files, permission to "execute" the file, using whatever + ;;; concept of "executing" the host filesystem has. + ;;; This flag is not valid for directories. + $execute + + ;;; For filesystems which have a concept of multiple "users", this flag + ;;; indicates that the file is only accessible by the effective "user" + ;;; that the WASI store uses to access the filesystem, and inaccessible + ;;; to other "users". + $private + ) +) + ;;; File attributes. (typename $filestat (struct @@ -464,6 +499,8 @@ (field $ino $inode) ;;; File type. (field $filetype $filetype) + ;;; File permissions. + (field $permissions $permissions) ;;; Number of hard links to the file. (field $nlink $linkcount) ;;; For regular files, the file size in bytes. For symbolic links, the length in bytes of the pathname contained in the symbolic link. diff --git a/phases/ephemeral/witx/wasi_ephemeral_fd.witx b/phases/ephemeral/witx/wasi_ephemeral_fd.witx index 9fbad9ab7..89d86e1bc 100644 --- a/phases/ephemeral/witx/wasi_ephemeral_fd.witx +++ b/phases/ephemeral/witx/wasi_ephemeral_fd.witx @@ -107,6 +107,25 @@ (result $error $errno) ) + ;;; Set the permissions of a file or directory. + ;;; + ;;; This sets the permissions associated with a file or directory in + ;;; a filesystem at the time it is called. The ability to actually access + ;;; a file or directory may depend on additional permissions not reflected + ;;; here. + ;;; + ;;; Note: This is similar `fchmod` in POSIX. + ;;; + ;;; Unlike POSIX, this doesn't expose a user/group/other distinction; + ;;; implementations in POSIX environments are suggested to consult the + ;;; umask to determine which of the user/group/other flags to modify. + (@interface func (export "permissions_set") + (param $fd $fd) + ;;; The permissions associated with the file. + (result $permissions $permissions) + (result $error $errno) + ) + ;;; Read from a file descriptor, without using and updating the file descriptor's offset. ;;; Note: This is similar to `preadv` in POSIX. (@interface func (export "pread") diff --git a/phases/ephemeral/witx/wasi_ephemeral_path.witx b/phases/ephemeral/witx/wasi_ephemeral_path.witx index 16c974692..97d8cfb56 100644 --- a/phases/ephemeral/witx/wasi_ephemeral_path.witx +++ b/phases/ephemeral/witx/wasi_ephemeral_path.witx @@ -50,6 +50,29 @@ (result $error $errno) ) + ;;; Set the permissions of a file or directory. + ;;; + ;;; This sets the permissions associated with a file or directory in + ;;; a filesystem at the time it is called. The ability to actually access + ;;; a file or directory may depend on additional permissions not reflected + ;;; here. + ;;; + ;;; Note: This is similar to `fchmodat` in POSIX. + ;;; + ;;; Unlike POSIX, this doesn't expose a user/group/other distinction; + ;;; implementations in POSIX environments are suggested to consult the + ;;; umask to determine which of the user/group/other flags to modify. + (@interface func (export "permissions_set") + (param $fd $fd) + ;;; Flags determining the method of how the path is resolved. + (param $flags $lookupflags) + ;;; The path to a file to query. + (param $path string) + ;;; The permissions to associate with the file. + (param $permissions $permissions) + (result $error $errno) + ) + ;;; Create a hard link. ;;; Note: This is similar to `linkat` in POSIX. (@interface func (export "link") @@ -94,6 +117,8 @@ (param $fs_rights_base $rights) (param $fs_rights_inherting $rights) (param $fdflags $fdflags) + ;;; If a file is created, the filesystem permissions to associate with it. + (param $permissions $permissions) (result $error $errno) ;;; The file descriptor of the file that has been opened. (result $opened_fd $fd) @@ -147,7 +172,6 @@ (result $error $errno) ) - ;;; Unlink a file. ;;; Return `EISDIR` if the path refers to a directory. ;;; Note: This is similar to `unlinkat(fd, path, 0)` in POSIX.