mgmt: mcumgr: lib: fs: Add file read/write access callback

This allows an application to inspect a mcumgr file access command and
either allow it or deny it with a result code.

Signed-off-by: Jamie McCrae <[email protected]>

Author: Jamie McCrae

subsys/mgmt/mcumgr/lib/cmd/fs_mgmt/Kconfig

@@ -136,4 +136,14 @@ config FS_MGMT_PATH_SIZE
 	  of this size gets allocated on the stack during handling of file upload
 	  and download commands.
 
+config FS_MGMT_FILE_ACCESS_HOOK
+	bool "File read/write access hook"
+	help
+	  Allows applications to control file read and write access by
+	  registering for a callback which is then triggered whenever a file
+	  read or write attempt is made. This also, optionally, allows
+	  re-writing or changing of supplied file paths.
+	  Note that this will be called multiple times for each file read and
+	  write due to mcumgr's method of stateless operation.
+
 endif

subsys/mgmt/mcumgr/lib/cmd/fs_mgmt/include/fs_mgmt/fs_mgmt.h

@@ -1,5 +1,6 @@
 /*
  * Copyright (c) 2018-2022 mcumgr authors
+ * Copyright (c) 2022 Laird Connectivity
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -18,11 +19,38 @@ extern "C" {
 #define FS_MGMT_ID_STAT			 1
 #define FS_MGMT_ID_HASH_CHECKSUM	 2
 
+#ifdef CONFIG_FS_MGMT_FILE_ACCESS_HOOK
+/** @typedef fs_mgmt_on_evt_cb
+ * @brief Function to be called on fs mgmt event.
+ *
+ * This callback function is used to notify the application about a pending file
+ * read/write request and to authorise or deny it.
+ *
+ * @param write		True if write access is requested, false for read access
+ * @param path		The path of the file to query.
+ *
+ * @note That the path can potentially be changed by the application code so
+ *	 long as it does not exceed the maximum path string size.
+ *
+ * @return 0 to allow read/write, MGMT_ERR_[...] code to disallow read/write.
+ */
+typedef int (*fs_mgmt_on_evt_cb)(bool write, char *path);
+#endif
+
 /**
  * @brief Registers the file system management command handler group.
  */
 void fs_mgmt_register_group(void);
 
+#ifdef CONFIG_FS_MGMT_FILE_ACCESS_HOOK
+/**
+ * @brief Register file read/write access event callback function.
+ *
+ * @param cb Callback function or NULL to disable.
+ */
+void fs_mgmt_register_evt_cb(fs_mgmt_on_evt_cb cb);
+#endif
+
 #ifdef __cplusplus
 }
 #endif

subsys/mgmt/mcumgr/lib/cmd/fs_mgmt/src/fs_mgmt.c

@@ -68,6 +68,10 @@ static struct {
 
 static const struct mgmt_handler fs_mgmt_handlers[];
 
+#ifdef CONFIG_FS_MGMT_FILE_ACCESS_HOOK
+static fs_mgmt_on_evt_cb fs_evt_cb;
+#endif
+
 /**
  * Encodes a file upload response.
  */
@@ -117,6 +121,17 @@ fs_mgmt_file_download(struct mgmt_ctxt *ctxt)
 	memcpy(path, name.value, name.len);
 	path[name.len] = '\0';
 
+#ifdef CONFIG_FS_MGMT_FILE_ACCESS_HOOK
+	if (fs_evt_cb != NULL) {
+		/* Send request to application to check if access should be allowed or not */
+		rc = fs_evt_cb(false, path);
+
+		if (rc != 0) {
+			return rc;
+		}
+	}
+#endif
+
 	/* Only the response to the first download request contains the total file
 	 * length.
 	 */
@@ -180,6 +195,17 @@ fs_mgmt_file_upload(struct mgmt_ctxt *ctxt)
 	memcpy(file_name, name.value, name.len);
 	file_name[name.len] = '\0';
 
+#ifdef CONFIG_FS_MGMT_FILE_ACCESS_HOOK
+	if (fs_evt_cb != NULL) {
+		/* Send request to application to check if access should be allowed or not */
+		rc = fs_evt_cb(true, file_name);
+
+		if (rc != 0) {
+			return rc;
+		}
+	}
+#endif
+
 	if (off == 0) {
 		/* Total file length is a required field in the first chunk request. */
 		if (len == ULLONG_MAX) {
@@ -462,3 +488,10 @@ fs_mgmt_register_group(void)
 #endif
 #endif
 }
+
+#ifdef CONFIG_FS_MGMT_FILE_ACCESS_HOOK
+void fs_mgmt_register_evt_cb(fs_mgmt_on_evt_cb cb)
+{
+	fs_evt_cb = cb;
+}
+#endif