2 files changed, 101 insertions, 0 deletions

diff --git a/tools/lint/file-perm.yml b/tools/lint/file-perm.yml
new file mode 100644
index 0000000000..566472e7fb
--- /dev/null
+++ b/tools/lint/file-perm.yml
@@ -0,0 +1,56 @@
+---
+file-perm:
+    description: File permission check
+    include:
+        - .
+    extensions:
+        - .build
+        - .c
+        - .cc
+        - .cpp
+        - .flac
+        - .h
+        - .html
+        - .idl
+        - .js
+        - .jsm
+        - .json
+        - .jsx
+        - .m
+        - .m4s
+        - .md
+        - .mjs
+        - .mm
+        - .mn
+        - .mozbuild
+        - .mp4
+        - .png
+        - .rs
+        - .rst
+        - .svg
+        - .toml
+        - .ttf
+        - .wasm
+        - .webidl
+        - .xhtml
+        - .xml
+        - .yaml
+        - .yml
+    support-files:
+        - 'tools/lint/file-perm/**'
+    type: external
+    payload: file-perm:lint
+
+maybe-shebang-file-perm:
+    description: "File permission check for files that might have `#!` header."
+    include:
+        - .
+    allow-shebang: true
+    extensions:
+        - .js
+        - .py
+        - .sh
+    support-files:
+        - 'tools/lint/file-perm/**'
+    type: external
+    payload: file-perm:lint
diff --git a/tools/lint/file-perm/__init__.py b/tools/lint/file-perm/__init__.py
new file mode 100644
index 0000000000..c5f31c008c
--- /dev/null
+++ b/tools/lint/file-perm/__init__.py
@@ -0,0 +1,45 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+import os
+import platform
+
+from mozlint import result
+from mozlint.pathutils import expand_exclusions
+
+
+def lint(paths, config, fix=None, **lintargs):
+    results = []
+    fixed = 0
+
+    if platform.system() == "Windows":
+        # Windows doesn't have permissions in files
+        # Exit now
+        return {"results": results, "fixed": fixed}
+
+    files = list(expand_exclusions(paths, config, lintargs["root"]))
+    for f in files:
+        if os.access(f, os.X_OK):
+            if config.get("allow-shebang"):
+                with open(f, "r+") as content:
+                    # Some source files have +x permissions
+                    line = content.readline()
+                    if line.startswith("#!"):
+                        # Check if the file doesn't start with a shebang
+                        # if it does, not a warning
+                        continue
+
+            if fix:
+                # We want to fix it, do it and leave
+                os.chmod(f, 0o644)
+                fixed += 1
+                continue
+
+            res = {
+                "path": f,
+                "message": "Execution permissions on a source file",
+                "level": "error",
+            }
+            results.append(result.from_config(config, **res))
+    return {"results": results, "fixed": fixed}