Add supplementary groups to user environment

1 files changed, 34 insertions, 13 deletions

diff --git a/cpukit/libcsupport/src/sup_fs_check_permissions.c b/cpukit/libcsupport/src/sup_fs_check_permissions.c
index f6fd0e91c9..394f945b0b 100644
--- a/cpukit/libcsupport/src/sup_fs_check_permissions.c
+++ b/cpukit/libcsupport/src/sup_fs_check_permissions.c
@@ -70,29 +70,50 @@ RTEMS_STATIC_ASSERT(
   S_IXOTH
 );
 
+static bool equals_supplementary_group(
+  const rtems_user_env_t *uenv,
+  gid_t object_gid
+)
+{
+  size_t i;
+
+  for (i = 0; i < uenv->ngroups; ++i) {
+    if (uenv->groups[i] == object_gid) {
+      return true;
+    }
+  }
+
+  return false;
+}
+
 bool rtems_filesystem_check_access(
-  int eval_flags,
-  mode_t node_mode,
-  uid_t node_uid,
-  gid_t node_gid
+  int flags,
+  mode_t object_mode,
+  uid_t object_uid,
+  gid_t object_gid
 )
 {
-  mode_t perm_flags = eval_flags & RTEMS_FS_PERMS_RWX;
-  uid_t task_uid = geteuid();
+  const rtems_user_env_t *uenv = rtems_current_user_env_get();
+  mode_t access_flags = flags & RTEMS_FS_PERMS_RWX;
+  uid_t task_uid = uenv->euid;
 
-  if (task_uid == 0 || task_uid == node_uid) {
-    perm_flags <<= RTEMS_FS_USR_SHIFT;
+  if (task_uid == 0 || task_uid == object_uid) {
+    access_flags <<= RTEMS_FS_USR_SHIFT;
   } else {
-    gid_t task_gid = getegid();
+    gid_t task_gid = uenv->egid;
 
-    if (task_gid == 0 || task_gid == node_gid) {
-      perm_flags <<= RTEMS_FS_GRP_SHIFT;
+    if (
+      task_gid == 0
+        || task_gid == object_gid
+        || equals_supplementary_group(uenv, object_gid)
+    ) {
+      access_flags <<= RTEMS_FS_GRP_SHIFT;
     } else {
-      perm_flags <<= RTEMS_FS_OTH_SHIFT;
+      access_flags <<= RTEMS_FS_OTH_SHIFT;
     }
   }
 
-  return (perm_flags & node_mode) == perm_flags;
+  return (access_flags & object_mode) == access_flags;
 }
 
 bool rtems_filesystem_eval_path_check_access(