commit 928d503ccad1f8a14002f79dfb74d0b2a3166f2b
author Victor Hsieh <victorhsieh@google.com> Tue Feb 15 00:06:20 2022 +0000
committer Victor Hsieh <victorhsieh@google.com> Tue Feb 15 16:42:36 2022 +0000
tree 7bdf5b70d839212dff373b27297a2d839aac4b79
parent e3ee1c9d6d1e1bf15aecd677f258b25424190b1e

Add comment for how O_CREAT and O_TRUNC is handled

Bug: 205172873
Test: Wrote a small program to verify the theory
Change-Id: Ic89f10884b2f25d86cfe027ea3541e5a5a5ad621

authfs/fd_server/src/aidl.rs

diff --git a/authfs/fd_server/src/aidl.rs b/authfs/fd_server/src/aidl.rs
index 125b991..f13f249 100644
--- a/authfs/fd_server/src/aidl.rs
+++ b/authfs/fd_server/src/aidl.rs
@@ -290,8 +290,10 @@
                 let new_fd = openat(
                     dir.as_raw_fd(),
                     basename,
-                    // TODO(205172873): handle the case when the file already exist, e.g. truncate
-                    // or fail, and possibly allow the client to specify. For now, always truncate.
+                    // This function is supposed to be only called when FUSE/authfs thinks the file
+                    // does not exist. However, if the file does exist from the view of fd_server
+                    // (where the execution context is considered untrusted), we prefer to honor
+                    // authfs and still allow the create to success. Therefore, always use O_TRUNC.
                     OFlag::O_CREAT | OFlag::O_RDWR | OFlag::O_TRUNC,
                     mode,
                 )

authfs/src/fusefs.rs

diff --git a/authfs/src/fusefs.rs b/authfs/src/fusefs.rs
index 84129b6..9c17fc4 100644
--- a/authfs/src/fusefs.rs
+++ b/authfs/src/fusefs.rs
@@ -664,7 +664,6 @@
         _flags: u32,
         umask: u32,
     ) -> io::Result<(Entry, Option<Self::Handle>, FuseOpenOptions)> {
-        // TODO(205172873): handle O_TRUNC and O_EXCL properly.
         let new_inode = self.create_new_entry_with_ref_count(
             parent,
             name,