-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfilesecurity.aml
54 lines (46 loc) · 1.77 KB
/
filesecurity.aml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
(* starts the security mechanism to trigger on file io code *)
(*val fileExecuteMask:Int = 1
val fileWriteMask:Int = 2
val fileReadMask:Int = 4
val fileDeleteMask:Int = 8
val fileAllMask:Int = fileExecuteMask orb fileWriteMask orb fileReadMask orb fileDeleteMask
val fileNoneMask:Int = 0*)
(* checkRead : stack * string -> unit *)
(* checks that the stack allows a read of the file *)
fun checkRead (st,
f : String) : Bool =
checkStack (st, newFilePermissionMask (f, fileReadMask))
(* checkWrite : stack * string -> unit *)
(* checks that the stack allows a write to the file *)
fun checkWrite (st,
f : String) : Bool =
checkStack (st, newFilePermissionMask (f, fileWriteMask))
(* checkDelete : stack * string -> unit *)
(* checks that the stack allows a delete of the file *)
fun checkDelete (st,
f : String) : Bool =
checkStack (st, newFilePermissionMask (f, fileDeleteMask))
(*** Read Checks ***)
val readPC = #fileCanRead,fileExists,fileIsDirectory,fileIsFile,fileLastModified,fileLength,fileList,fileOpenRead#
advice before (| readPC |) (arg, stk, _) =
if checkRead (stk, arg)
then arg
else abort "Failed security check"
(*** Write Checks ***)
advice before (| #fileCanWrite,fileCreateNewFile,fileMkdir,fileOpenAppend,fileOpenWrite# |) (farg, fstk, fname) =
if checkWrite (fstk, farg)
then farg
else abort "Failed security check"
advice before (| #fileRenameTo# |) (farg, fstk, fname) =
let
val (farg1, farg2) = farg
in
if (checkWrite (fstk, farg1)) andalso (checkWrite (fstk, farg2))
then farg
else abort "Failed security check"
end
(*** Delete Checks ***)
advice before (| #fileDelete# |) (farg, fstk, fname) =
if checkDelete (fstk, farg)
then farg
else abort "Failed security check"