From 58c4e5a5e441d74e5957c0a97ba2e080907fede9 Mon Sep 17 00:00:00 2001
From: Christian Eltzschig <me@elchris.org>
Date: Thu, 10 Oct 2024 16:31:59 +0200
Subject: [PATCH] [#460] Add dev_permissions feature flag

---
 README.md                                          | 10 +++++-----
 iceoryx2-cal/Cargo.toml                            |  6 ++++++
 .../src/communication_channel/message_queue.rs     | 14 ++++++++++----
 .../src/dynamic_storage/posix_shared_memory.rs     |  8 +++++++-
 iceoryx2/Cargo.toml                                |  4 ++++
 iceoryx2/src/lib.rs                                |  3 +++
 6 files changed, 35 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index 864180e9b..d55943cfa 100644
--- a/README.md
+++ b/README.md
@@ -123,7 +123,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
 
     let publisher = service.publisher_builder().create()?;
 
-    while node.wait(CYCLE_TIME) != WaitEvent::TerminationRequest {
+    while node.wait(CYCLE_TIME).is_ok() {
         let sample = publisher.loan_uninit()?;
         let sample = sample.write_payload(1234);
         sample.send()?;
@@ -150,7 +150,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
 
     let subscriber = service.subscriber_builder().create()?;
 
-    while node.wait(CYCLE_TIME) != WaitEvent::TerminationRequest {
+    while node.wait(CYCLE_TIME).is_ok() {
         while let Some(sample) = subscriber.receive()? {
             println!("received: {:?}", *sample);
         }
@@ -200,7 +200,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
     let notifier = event.notifier_builder().create()?;
 
     let id = EventId::new(12);
-    while node.wait(CYCLE_TIME) != WaitEvent::TerminationRequest {
+    while node.wait(CYCLE_TIME).is_ok() {
         notifier.notify_with_custom_event_id(id)?;
 
         println!("Trigger event with id {:?} ...", id);
@@ -227,7 +227,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
 
     let listener = event.listener_builder().create()?;
 
-    while node.wait(Duration::ZERO) != WaitEvent::TerminationRequest {
+    while node.wait(Duration::ZERO).is_ok() {
         if let Ok(Some(event_id)) = listener.timed_wait_one(CYCLE_TIME) {
             println!("event was triggered with id: {:?}", event_id);
         }
@@ -254,7 +254,7 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
 
     let listener = event.listener_builder().create()?;
 
-    while node.wait(Duration::ZERO) != WaitEvent::TerminationRequest {
+    while node.wait(Duration::ZERO).is_ok() {
         listener.timed_wait_all(
             |event_id| {
                 println!("event was triggered with id: {:?}", event_id);
diff --git a/iceoryx2-cal/Cargo.toml b/iceoryx2-cal/Cargo.toml
index 2600d239b..8f0a7e308 100644
--- a/iceoryx2-cal/Cargo.toml
+++ b/iceoryx2-cal/Cargo.toml
@@ -10,6 +10,12 @@ repository = { workspace = true }
 rust-version = { workspace = true }
 version = { workspace = true }
 
+[features]
+# The permissions of all resources will be set to read, write, execute for everyone.
+# This shall not be used in production and is meant to be enabled in a docker environment
+# with inconsistent user configuration.
+dev_permissions = []
+
 [dependencies]
 iceoryx2-bb-posix = { workspace = true }
 iceoryx2-bb-container = { workspace = true }
diff --git a/iceoryx2-cal/src/communication_channel/message_queue.rs b/iceoryx2-cal/src/communication_channel/message_queue.rs
index bd8614ba9..bf616f43c 100644
--- a/iceoryx2-cal/src/communication_channel/message_queue.rs
+++ b/iceoryx2-cal/src/communication_channel/message_queue.rs
@@ -35,6 +35,14 @@ pub struct Channel<T: Copy> {
     _phantom_data: PhantomData<T>,
 }
 
+const INIT_PERMISSIONS: Permission = Permission::OWNER_WRITE;
+
+#[cfg(not(feature = "dev_permissions"))]
+const FINAL_PERMISSIONS: Permission = Permission::OWNER_ALL;
+
+#[cfg(feature = "dev_permissions")]
+const FINAL_PERMISSIONS: Permission = Permission::ALL;
+
 impl<T: Copy + Debug> NamedConceptMgmt for Channel<T> {
     type Configuration = Configuration;
 
@@ -257,7 +265,7 @@ impl<T: Copy + Debug> CommunicationChannelCreator<T, Channel<T>> for Creator<T>
 
         let mut _shared_memory = match SharedMemoryBuilder::new(&full_name)
             .creation_mode(CreationMode::CreateExclusive)
-            .permission(Permission::OWNER_WRITE)
+            .permission(INIT_PERMISSIONS)
             .size(std::mem::size_of::<SharedConfiguration>())
             .create()
         {
@@ -281,9 +289,7 @@ impl<T: Copy + Debug> CommunicationChannelCreator<T, Channel<T>> for Creator<T>
         };
 
         // we are finished with the setup and we open the channel for others to connect
-        _shared_memory
-            .set_permission(Permission::OWNER_READ | Permission::OWNER_WRITE)
-            .unwrap();
+        _shared_memory.set_permission(FINAL_PERMISSIONS).unwrap();
 
         Ok(Receiver {
             name: self.channel_name,
diff --git a/iceoryx2-cal/src/dynamic_storage/posix_shared_memory.rs b/iceoryx2-cal/src/dynamic_storage/posix_shared_memory.rs
index d93153605..1bc2c90a4 100644
--- a/iceoryx2-cal/src/dynamic_storage/posix_shared_memory.rs
+++ b/iceoryx2-cal/src/dynamic_storage/posix_shared_memory.rs
@@ -59,8 +59,14 @@ use std::sync::atomic::Ordering;
 
 use self::dynamic_storage_configuration::DynamicStorageConfiguration;
 
+const INIT_PERMISSIONS: Permission = Permission::OWNER_WRITE;
+
+#[cfg(not(feature = "dev_permissions"))]
 const FINAL_PERMISSIONS: Permission = Permission::OWNER_ALL;
 
+#[cfg(feature = "dev_permissions")]
+const FINAL_PERMISSIONS: Permission = Permission::ALL;
+
 /// The builder of [`Storage`].
 #[derive(Debug)]
 pub struct Builder<'builder, T: Send + Sync + Debug> {
@@ -257,7 +263,7 @@ impl<'builder, T: Send + Sync + Debug> Builder<'builder, T> {
             // posix shared memory is always aligned to the greatest possible value (PAGE_SIZE)
             // therefore we do not have to add additional alignment space for T
             .size(std::mem::size_of::<Data<T>>() + self.supplementary_size)
-            .permission(Permission::OWNER_WRITE)
+            .permission(INIT_PERMISSIONS)
             .zero_memory(false)
             .has_ownership(self.has_ownership)
             .create()
diff --git a/iceoryx2/Cargo.toml b/iceoryx2/Cargo.toml
index bf052f7b3..ed536d038 100644
--- a/iceoryx2/Cargo.toml
+++ b/iceoryx2/Cargo.toml
@@ -16,6 +16,10 @@ version = { workspace = true }
 logger_log = ["iceoryx2-bb-log/logger_log"]
 # Enables https://crates.io/crates/tracing as default logger
 logger_tracing = ["iceoryx2-bb-log/logger_tracing"]
+# The permissions of all resources will be set to read, write, execute for everyone.
+# This shall not be used in production and is meant to be enabled in a docker environment
+# with inconsistent user configuration.
+dev_permissions = ["iceoryx2-cal/dev_permissions"]
 
 [dependencies]
 iceoryx2-bb-container = { workspace = true }
diff --git a/iceoryx2/src/lib.rs b/iceoryx2/src/lib.rs
index 4f0cb4ecd..beb57b2d8 100644
--- a/iceoryx2/src/lib.rs
+++ b/iceoryx2/src/lib.rs
@@ -267,6 +267,9 @@
 //!
 //! # Feature Flags
 //!
+//!  * `dev_permissions` - The permissions of all resources will be set to read, write, execute
+//!     for everyone. This shall not be used in production and is meant to be enabled in a docker
+//!     environment with inconsistent user configuration.
 //!  * `logger_log` - Uses the [log crate](https://crates.io/crates/log) as default log backend
 //!  * `logger_tracing` - Uses the [tracing crate](https://crates.io/crates/tracing) as default log
 //!     backend