A manifest option allowing applications to create files which are not in trusted/allowed file lists (#182)

* Adding the feature with which the users could create files at runtime whose filename are not in the trusted or allowed file lists

* Adding comments for function load_trusted_files and logic of allow_file_creation

* Adding allow_file_creation in manifest of PAL unite test. As a result, File.c can be a unite test of the feature 'allow_file_creation'

Pal/src/host/Linux-SGX/db_files.c

@@ -67,7 +67,7 @@ static int file_open (PAL_HANDLE * handle, const char * type, const char * uri,
 
     sgx_stub_t * stubs;
     uint64_t total;
-    int ret = load_trusted_file(hdl, &stubs, &total);
+    int ret = load_trusted_file(hdl, &stubs, &total, create);
     if (ret < 0) {
         SGX_DBG(DBG_E, "Accessing file:%s is denied. (%s) "
                 "This file is not trusted or allowed.\n", hdl->file.realpath,

Pal/src/host/Linux-SGX/enclave_framework.c

@@ -17,6 +17,8 @@ void * enclave_base, * enclave_top;
 
 struct pal_enclave_config pal_enclave_config;
 
+static int register_trusted_file (const char * uri, const char * checksum_str);
+
 bool sgx_is_within_enclave (const void * addr, uint64_t size)
 {
     return (addr >= enclave_base &&
@@ -120,9 +122,23 @@ DEFINE_LISTP(trusted_file);
 static LISTP_TYPE(trusted_file) trusted_file_list = LISTP_INIT;
 static struct spinlock trusted_file_lock = LOCK_INIT;
 static int trusted_file_indexes = 0;
+static int allow_file_creation = 0;
+
+
+/* Function: load_trusted_file
+ * checks if the file to be opened is trusted or allowed,
+ * according to the setting in manifest
+ *
+ * file:     file handle to be opened
+ * stubptr:  buffer for catching matched file stub.
+ * sizeptr:  size pointer
+ * create:   this file is newly created or not
+ *
+ * return:  0 succeed
+ */
 
 int load_trusted_file (PAL_HANDLE file, sgx_stub_t ** stubptr,
-                       uint64_t * sizeptr)
+                       uint64_t * sizeptr, int create)
 {
     struct trusted_file * tf = NULL, * tmp;
     char uri[URI_MAX];
@@ -136,6 +152,14 @@ int load_trusted_file (PAL_HANDLE file, sgx_stub_t ** stubptr,
     if (uri_len < 0)
         return uri_len;
 
+    /* Allow to create the file when allow_file_creation is turned on;
+       The created file is added to allowed_file list for later access */
+    if (create && allow_file_creation) {
+       register_trusted_file(uri, NULL);
+       *sizeptr = 0;
+       return 0;
+    }
+
     /* Normalize the uri */
     if (!strpartcmp_static(uri, "file:")) {
         SGX_DBG(DBG_E, "Invalid URI [%s]: Trusted files must start with 'file:'\n", uri);;
@@ -540,6 +564,12 @@ no_trusted:
 
 no_allowed:
     ret = 0;
+
+    if (get_config(store, "sgx.allow_file_creation", cfgbuf, CONFIG_MAX) <= 0) {
+        allow_file_creation = 0;
+    } else
+        allow_file_creation = 1;
+
 out:
     free(cfgbuf);
     return ret;

Pal/src/host/Linux-SGX/pal_linux.h

@@ -104,8 +104,22 @@ typedef struct { char bytes[32]; } sgx_checksum_t;
 typedef struct { char bytes[16]; } sgx_stub_t;
 
 int init_trusted_files (void);
+
+/* Function: load_trusted_file
+ * checks if the file to be opened is trusted or allowed,
+ * according to the setting in manifest
+ *
+ * file:     file handle to be opened
+ * stubptr:  buffer for catching matched file stub.
+ * sizeptr:  size pointer
+ * create:   this file is newly created or not
+ *
+ * return:  0 succeed
+ */
+
 int load_trusted_file
-    (PAL_HANDLE file, sgx_stub_t ** stubptr, uint64_t * sizeptr);
+    (PAL_HANDLE file, sgx_stub_t ** stubptr, uint64_t * sizeptr, int create);
+
 int verify_trusted_file
     (const char * uri, void * mem, uint64_t offset, uint64_t size,
      sgx_stub_t * stubs, uint64_t total_size);

Pal/test/File.c

@@ -15,7 +15,7 @@ int main (int argc, char ** argv, char ** envp)
     pal_printf("Enter Main Thread\n");
 
     PAL_HANDLE out = DkStreamOpen(file_uri, PAL_ACCESS_RDWR,
-                                  PAL_SHARE_OWNER_W,
+                                  PAL_SHARE_OWNER_W | PAL_SHARE_OWNER_R,
                                   PAL_CREAT_TRY, 0);
 
     if (out == NULL) {

Pal/test/manifest.template

@@ -9,3 +9,6 @@
 net.allow_bind.1 = 127.0.0.1:8000
 # allow to connect to port 8000
 net.allow_peer.1 = 127.0.0.1:8000
+
+# allow files are newly created
+sgx.allow_file_creation = 1