1 Assume the following struct is declared for the permission

1. Assume the following struct is declared for the permission list of a file in Linux.

Each permission (u or g or o) is represented as an octal. For example, u=7 means rwx, u=5 means r-x.

typedef struct {

unsigned int uid; // owner id

unsigned int gid; // group id

unsigned char u; // owner\'s permission

unsigned char g; // group\'s permission

unsigned char o; // other\'s permission

} Permission;

The permission check procedure is

   (1) A user requests an operation on a file.

   (2) If the user is the owner of the file, the operation will be checked against the owner\'s permission of the file. The result is either grant or deny.

   (3) Otherwise, if the user is not the owner but in the group of the file, the operation will be checked against the group\'s permission of the file. The result is either grant or deny.

   (4) Otherwise, if the user is neither the owner nor in the group of the file, the operation will be checked against the other\'s permission of the file. The result is either grant or deny.

Write a C/C++ function accesscheck(unsigned int uid, unsigned int gid, unsigned char req, int fid) to enforce access control in Linux.

The arguments of the function accesscheck are explained below:

1) uid and gid are the user id and the group id of the user who requests to take an operation on the file.

2) fid is the file id.

3) req is the requested operation. For example, req=7 means three operations rwx, req=5 means two operation r-x.

Request will be granted only if req is contained by the permission set of the file.

Assume Permission getPermission(int fid) can get the permission of the file fid.

Copy and paste your code in report and explain each line of code of your function in comments.

Solution

char* accesscheck(unsigned int uid, unsigned int gid, unsigned char req, int fid) {
   Permission p = getPermission(fid); //get the Permission of the file
   char* msg = (char*)malloc(sizeof(char)*6); //dynamic declaration of array to store msg
   if (uid == p.uid) { //checks if it request is from owner
       if( p.u & req == req ) //bit wise and to see if all requests are granted
           msg = \"Allow\"; // since after bitwise and, req value does not change, we can say all requests are granted
       else //request not granted
           msg = \"Deny\"; // set msg as deny
   else if (gid == p.gid) //checks if it request is from group
       if( p.g & req == req ) //bit wise and to see if all requests are granted
           msg = \"Allow\"; // since after bitwise and, req value does not change, we can say all requests are granted
       else //request not granted
           msg = \"Deny\"; // set msg as deny
   else
       if( p.o & req == req ) //bit wise and to see if all requests are granted
           msg = \"Allow\"; // since after bitwise and, req value does not change, we can say all requests are granted
       else //request not granted
           msg = \"Deny\"; // set msg as deny
   return msg
}

note:
suppose request is 101
and permission is 111
so permission & request = 101
which indicates all request are granted

or
suppose request is 101
and permission is 110
so permission & request = 100 which is not equal to the original request
which indicates some request are not granted