feat(fs): add filesystem isolation support

Add LLRT_FS_ALLOW and LLRT_FS_DENY environment variables to control
filesystem access, similar to existing network isolation (LLRT_NET_ALLOW/DENY).

- LLRT_FS_ALLOW: whitespace-separated list of allowed paths/patterns
- LLRT_FS_DENY: whitespace-separated list of denied paths/patterns

Supports exact paths (/tmp/file.txt), directory prefixes (/tmp/),
and glob patterns (/tmp/*.txt).

Closes #686

Author: chessbyte

llrt_core/src/environment.rs

@@ -4,6 +4,10 @@
 //network
 pub const ENV_LLRT_NET_ALLOW: &str = "LLRT_NET_ALLOW";
 pub const ENV_LLRT_NET_DENY: &str = "LLRT_NET_DENY";
+
+//filesystem
+pub const ENV_LLRT_FS_ALLOW: &str = "LLRT_FS_ALLOW";
+pub const ENV_LLRT_FS_DENY: &str = "LLRT_FS_DENY";
 pub const ENV_LLRT_NET_POOL_IDLE_TIMEOUT: &str = "LLRT_NET_POOL_IDLE_TIMEOUT";
 pub const ENV_LLRT_HTTP_VERSION: &str = "LLRT_HTTP_VERSION";
 pub const ENV_LLRT_TLS_VERSION: &str = "LLRT_TLS_VERSION";

llrt_core/src/security.rs

@@ -4,10 +4,13 @@ use std::{env, result::Result as StdResult};
 
 use hyper::{http::uri::InvalidUri, Uri};
 
-use crate::environment::{ENV_LLRT_NET_ALLOW, ENV_LLRT_NET_DENY};
-use crate::modules::{fetch, net};
+use crate::environment::{
+    ENV_LLRT_FS_ALLOW, ENV_LLRT_FS_DENY, ENV_LLRT_NET_ALLOW, ENV_LLRT_NET_DENY,
+};
+use crate::modules::{fetch, fs, net};
 
 pub fn init() -> StdResult<(), Box<dyn std::error::Error + Send + Sync>> {
+    // Network isolation
     if let Ok(env_value) = env::var(ENV_LLRT_NET_ALLOW) {
         let allow_list = build_access_list(env_value);
         fetch::set_allow_list(build_http_access_list(&allow_list)?);
@@ -20,6 +23,17 @@ pub fn init() -> StdResult<(), Box<dyn std::error::Error + Send + Sync>> {
         net::set_deny_list(deny_list);
     }
 
+    // Filesystem isolation
+    if let Ok(env_value) = env::var(ENV_LLRT_FS_ALLOW) {
+        let allow_list = build_fs_access_list(env_value);
+        fs::security::set_allow_list(allow_list);
+    }
+
+    if let Ok(env_value) = env::var(ENV_LLRT_FS_DENY) {
+        let deny_list = build_fs_access_list(env_value);
+        fs::security::set_deny_list(deny_list);
+    }
+
     Ok(())
 }
 
@@ -47,3 +61,10 @@ fn build_access_list(env_value: String) -> Vec<String> {
         })
         .collect()
 }
+
+fn build_fs_access_list(env_value: String) -> Vec<String> {
+    env_value
+        .split_whitespace()
+        .map(|entry| entry.to_string())
+        .collect()
+}

modules/llrt_fs/src/access.rs

@@ -6,10 +6,14 @@ use llrt_utils::result::ResultExt;
 use rquickjs::{prelude::Opt, Ctx, Exception, Result};
 use tokio::fs;
 
+use crate::security::ensure_access;
+
 #[allow(dead_code, unused_imports)]
 use super::{CONSTANT_F_OK, CONSTANT_R_OK, CONSTANT_W_OK, CONSTANT_X_OK};
 
 pub async fn access(ctx: Ctx<'_>, path: String, mode: Opt<u32>) -> Result<()> {
+    ensure_access(&ctx, &path)?;
+
     let metadata = fs::metadata(&path).await.or_throw_msg(
         &ctx,
         &["No such file or directory \"", &path, "\""].concat(),
@@ -19,6 +23,8 @@ pub async fn access(ctx: Ctx<'_>, path: String, mode: Opt<u32>) -> Result<()> {
 }
 
 pub fn access_sync(ctx: Ctx<'_>, path: String, mode: Opt<u32>) -> Result<()> {
+    ensure_access(&ctx, &path)?;
+
     let metadata = std::fs::metadata(path.clone()).or_throw_msg(
         &ctx,
         &["No such file or directory \"", &path, "\""].concat(),

modules/llrt_fs/src/chmod.rs

@@ -4,6 +4,8 @@ use rquickjs::{Ctx, Result};
 #[cfg(unix)]
 use std::os::unix::prelude::PermissionsExt;
 
+use crate::security::ensure_access;
+
 #[cfg(unix)]
 pub(crate) fn chmod_error(path: &str) -> String {
     ["Can't set permissions of \"", path, "\""].concat()
@@ -41,9 +43,11 @@ pub(crate) fn set_mode_sync(ctx: Ctx<'_>, path: &str, mode: u32) -> Result<()> {
 }
 
 pub async fn chmod(ctx: Ctx<'_>, path: String, mode: u32) -> Result<()> {
+    ensure_access(&ctx, &path)?;
     set_mode(ctx, &path, mode).await
 }
 
 pub fn chmod_sync(ctx: Ctx<'_>, path: String, mode: u32) -> Result<()> {
+    ensure_access(&ctx, &path)?;
     set_mode_sync(ctx, &path, mode)
 }

modules/llrt_fs/src/lib.rs

@@ -9,6 +9,7 @@ mod read_dir;
 mod read_file;
 mod rename;
 mod rm;
+pub mod security;
 mod stats;
 mod symlink;
 mod write_file;

modules/llrt_fs/src/mkdir.rs

@@ -1,6 +1,7 @@
 // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 use crate::chmod::{set_mode, set_mode_sync};
+use crate::security::ensure_access;
 
 use llrt_path::resolve_path;
 use llrt_utils::result::ResultExt;
@@ -11,6 +12,8 @@ use tokio::fs;
 pub async fn mkdir<'js>(ctx: Ctx<'js>, path: String, options: Opt<Object<'js>>) -> Result<String> {
     let (recursive, mode, path) = get_params(&path, options)?;
 
+    ensure_access(&ctx, &path)?;
+
     if recursive {
         fs::create_dir_all(&path).await
     } else {
@@ -26,6 +29,8 @@ pub async fn mkdir<'js>(ctx: Ctx<'js>, path: String, options: Opt<Object<'js>>)
 pub fn mkdir_sync<'js>(ctx: Ctx<'js>, path: String, options: Opt<Object<'js>>) -> Result<String> {
     let (recursive, mode, path) = get_params(&path, options)?;
 
+    ensure_access(&ctx, &path)?;
+
     if recursive {
         std::fs::create_dir_all(&path)
     } else {
@@ -68,6 +73,9 @@ fn random_chars(len: usize) -> String {
 
 pub async fn mkdtemp(ctx: Ctx<'_>, prefix: String) -> Result<String> {
     let path = [prefix.as_str(), random_chars(6).as_str()].join(",");
+
+    ensure_access(&ctx, &path)?;
+
     fs::create_dir_all(&path)
         .await
         .or_throw_msg(&ctx, &["Can't create dir \"", &path, "\""].concat())?;
@@ -76,6 +84,9 @@ pub async fn mkdtemp(ctx: Ctx<'_>, prefix: String) -> Result<String> {
 
 pub fn mkdtemp_sync(ctx: Ctx<'_>, prefix: String) -> Result<String> {
     let path = [prefix.as_str(), random_chars(6).as_str()].join(",");
+
+    ensure_access(&ctx, &path)?;
+
     std::fs::create_dir_all(&path)
         .or_throw_msg(&ctx, &["Can't create dir \"", &path, "\""].concat())?;
     Ok(path)

modules/llrt_fs/src/open.rs

@@ -7,13 +7,16 @@ use rquickjs::{function::Opt, Ctx, Exception, Result};
 use tokio::fs::OpenOptions;
 
 use super::file_handle::FileHandle;
+use crate::security::ensure_access;
 
 pub async fn open(
     ctx: Ctx<'_>,
     path: String,
     flags: Opt<String>,
     mode: Opt<u32>,
 ) -> Result<FileHandle> {
+    ensure_access(&ctx, &path)?;
+
     let mut options = OpenOptions::new();
     match flags.0.as_deref().unwrap_or("r") {
         // We are not supporting the sync modes

modules/llrt_fs/src/read_dir.rs

@@ -10,6 +10,8 @@ use rquickjs::{
     atom::PredefinedAtom, prelude::Opt, Array, Class, Ctx, IntoJs, Object, Result, Value,
 };
 
+use crate::security::ensure_access;
+
 #[derive(rquickjs::class::Trace, rquickjs::JsLifetime)]
 #[rquickjs::class]
 pub struct Dirent {
@@ -105,7 +107,9 @@ impl<'js> IntoJs<'js> for ReadDir {
     }
 }
 
-pub async fn read_dir(mut path: String, options: Opt<Object<'_>>) -> Result<ReadDir> {
+pub async fn read_dir(ctx: Ctx<'_>, mut path: String, options: Opt<Object<'_>>) -> Result<ReadDir> {
+    ensure_access(&ctx, &path)?;
+
     let (with_file_types, skip_root_pos, mut directory_walker) =
         process_options_and_create_directory_walker(&mut path, options);
 
@@ -126,7 +130,9 @@ pub async fn read_dir(mut path: String, options: Opt<Object<'_>>) -> Result<Read
     Ok(ReadDir { items, root: path })
 }
 
-pub fn read_dir_sync(mut path: String, options: Opt<Object<'_>>) -> Result<ReadDir> {
+pub fn read_dir_sync(ctx: Ctx<'_>, mut path: String, options: Opt<Object<'_>>) -> Result<ReadDir> {
+    ensure_access(&ctx, &path)?;
+
     let (with_file_types, skip_root_pos, mut directory_walker) =
         process_options_and_create_directory_walker(&mut path, options);
 

modules/llrt_fs/src/read_file.rs

@@ -6,11 +6,15 @@ use llrt_utils::{object::ObjectExt, result::ResultExt};
 use rquickjs::{function::Opt, Ctx, Error, FromJs, IntoJs, Result, Value};
 use tokio::fs;
 
+use crate::security::ensure_access;
+
 pub async fn read_file(
     ctx: Ctx<'_>,
     path: String,
     options: Opt<Either<String, ReadFileOptions>>,
 ) -> Result<Value<'_>> {
+    ensure_access(&ctx, &path)?;
+
     let bytes = fs::read(&path)
         .await
         .or_throw_msg(&ctx, &["Can't read \"", &path, "\""].concat())?;
@@ -23,6 +27,8 @@ pub fn read_file_sync(
     path: String,
     options: Opt<Either<String, ReadFileOptions>>,
 ) -> Result<Value<'_>> {
+    ensure_access(&ctx, &path)?;
+
     let bytes =
         std::fs::read(&path).or_throw_msg(&ctx, &["Can't read \"", &path, "\""].concat())?;
 

modules/llrt_fs/src/rename.rs

@@ -1,6 +1,8 @@
 use llrt_utils::result::ResultExt;
 use rquickjs::{Ctx, Result};
 
+use crate::security::ensure_access;
+
 pub(crate) fn rename_error(from: &str, to: &str) -> String {
     [
         "Can't rename file/folder from \"",
@@ -13,13 +15,19 @@ pub(crate) fn rename_error(from: &str, to: &str) -> String {
 }
 
 pub async fn rename(ctx: Ctx<'_>, old_path: String, new_path: String) -> Result<()> {
+    ensure_access(&ctx, &old_path)?;
+    ensure_access(&ctx, &new_path)?;
+
     tokio::fs::rename(&old_path, &new_path)
         .await
         .or_throw_msg(&ctx, &rename_error(&old_path, &new_path))?;
     Ok(())
 }
 
 pub fn rename_sync(ctx: Ctx<'_>, old_path: String, new_path: String) -> Result<()> {
+    ensure_access(&ctx, &old_path)?;
+    ensure_access(&ctx, &new_path)?;
+
     std::fs::rename(&old_path, &new_path)
         .or_throw_msg(&ctx, &rename_error(&old_path, &new_path))?;
     Ok(())