Prevent both host and CircuitPython rw access to mounted filesystems

Author: dhalbert

py/circuitpy_mpconfig.h

@@ -345,6 +345,9 @@ typedef long mp_off_t;
 #endif
 
 
+// For easy debugging printf's.
+#define PLAT_PRINTF(...) mp_printf(&mp_plat_print, __VA_ARGS__)
+
 #if MICROPY_PY_ASYNC_AWAIT && !CIRCUITPY_TRACEBACK
 #error CIRCUITPY_ASYNCIO requires CIRCUITPY_TRACEBACK
 #endif

shared-bindings/storage/__init__.c

@@ -54,15 +54,23 @@ static mp_obj_t storage_mount(size_t n_args, const mp_obj_t *pos_args, mp_map_t
     // get the mount point
     const char *mnt_str = mp_obj_str_get_str(args[ARG_mount_path].u_obj);
 
+
+    mp_obj_t vfs_obj = args[ARG_filesystem].u_obj;
+
+    // Currently, the only supported filesystem is VfsFat.
+    mp_arg_validate_type(vfs_obj, &mp_fat_vfs_type, MP_QSTR_filesystem);
+
+    // Add this back if/when we start supporting other filesystems.
+    #if 0
     // Make sure we're given an object we can mount.
     // TODO(tannewt): Make sure we have all the methods we need to operating it
     // as a file system.
-    mp_obj_t vfs_obj = args[ARG_filesystem].u_obj;
     mp_obj_t dest[2];
     mp_load_method_maybe(vfs_obj, MP_QSTR_mount, dest);
     if (dest[0] == MP_OBJ_NULL) {
         mp_raise_ValueError(MP_ERROR_TEXT("filesystem must provide mount method"));
     }
+    #endif
 
     common_hal_storage_mount(vfs_obj, mnt_str, args[ARG_readonly].u_bool);
 

shared-module/storage/__init__.c

@@ -126,6 +126,11 @@ void common_hal_storage_mount(mp_obj_t vfs_obj, const char *mount_path, bool rea
     // call the underlying object to do any mounting operation
     mp_vfs_proxy_call(vfs, MP_QSTR_mount, 2, (mp_obj_t *)&args);
 
+    fs_user_mount_t *vfs_fat = MP_OBJ_TO_PTR(vfs_obj);
+    // Filesystem is read-only to USB if writable by CircuitPython, and vice versa.
+    filesystem_set_writable_by_usb(vfs_fat, readonly);
+    filesystem_set_concurrent_write_protection(vfs_fat, true);
+
     // Insert the vfs into the mount table by pushing it onto the front of the
     // mount table.
     mp_vfs_mount_t **vfsp = &MP_STATE_VM(vfs_mount_table);

supervisor/shared/filesystem.c

@@ -247,13 +247,13 @@ void filesystem_set_writable_by_usb(fs_user_mount_t *vfs, bool usb_writable) {
 }
 
 bool filesystem_is_writable_by_python(fs_user_mount_t *vfs) {
-    return (vfs->blockdev.flags & MP_BLOCKDEV_FLAG_CONCURRENT_WRITE_PROTECTED) == 0 ||
-           (vfs->blockdev.flags & MP_BLOCKDEV_FLAG_USB_WRITABLE) == 0;
+    return ((vfs->blockdev.flags & MP_BLOCKDEV_FLAG_CONCURRENT_WRITE_PROTECTED) == 0) ||
+           ((vfs->blockdev.flags & MP_BLOCKDEV_FLAG_USB_WRITABLE) == 0);
 }
 
 bool filesystem_is_writable_by_usb(fs_user_mount_t *vfs) {
-    return (vfs->blockdev.flags & MP_BLOCKDEV_FLAG_CONCURRENT_WRITE_PROTECTED) == 0 ||
-           (vfs->blockdev.flags & MP_BLOCKDEV_FLAG_USB_WRITABLE) != 0;
+    return ((vfs->blockdev.flags & MP_BLOCKDEV_FLAG_CONCURRENT_WRITE_PROTECTED) == 0) ||
+           ((vfs->blockdev.flags & MP_BLOCKDEV_FLAG_USB_WRITABLE) != 0);
 }
 
 void filesystem_set_internal_concurrent_write_protection(bool concurrent_write_protection) {