app: move wayland mediation to shim package

Values used in the Wayland mediation implementation is stored in various struct fields strewn across multiple app structs and checks are messy and confusing. This commit unifies them into a single struct and access it using much better looking methods. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-20 22:54:47 +09:00
parent 133f23e0de
commit 380d1f4585
7 changed files with 94 additions and 73 deletions
--- a/internal/app/seal.go
+++ b/internal/app/seal.go
@@ -11,6 +11,7 @@ import (
 	"git.ophivana.moe/security/fortify/dbus"
 	"git.ophivana.moe/security/fortify/internal"
 	"git.ophivana.moe/security/fortify/internal/fmsg"
+	"git.ophivana.moe/security/fortify/internal/shim"
 	"git.ophivana.moe/security/fortify/internal/state"
 	"git.ophivana.moe/security/fortify/internal/system"
 	"git.ophivana.moe/security/fortify/internal/verbose"
@@ -36,6 +37,43 @@ var (
 	ErrMachineCtl = errors.New("machinectl not available")
 )

+// appSeal seals the application with child-related information
+type appSeal struct {
+	// app unique ID string representation
+	id string
+	// wayland mediation, disabled if nil
+	wl *shim.Wayland
+
+	// freedesktop application ID
+	fid string
+	// argv to start process with in the final confined environment
+	command []string
+	// persistent process state store
+	store state.Store
+
+	// uint8 representation of launch method sealed from config
+	launchOption uint8
+	// process-specific share directory path
+	share string
+	// process-specific share directory path local to XDG_RUNTIME_DIR
+	shareLocal string
+
+	// path to launcher program
+	toolPath string
+	// pass-through enablement tracking from config
+	et system.Enablements
+
+	// prevents sharing from happening twice
+	shared bool
+	// seal system-level component
+	sys *appSealSys
+
+	// used in various sealing operations
+	internal.SystemConstants
+
+	// protected by upstream mutex
+}
+
 // Seal seals the app launch context
 func (a *app) Seal(config *Config) error {
 	a.lock.Lock()
@@ -176,10 +214,10 @@ func (a *app) Seal(config *Config) error {
 		seal.sys.bwrap.SetEnv = make(map[string]string)
 	}

-	// create wayland client wait channel if mediated wayland is enabled
-	// this channel being set enables mediated wayland setup later on
+	// create wayland struct and client wait channel if mediated wayland is enabled
+	// this field being set enables mediated wayland setup later on
 	if config.Confinement.Sandbox.Wayland {
-		seal.wlDone = make(chan struct{})
+		seal.wl = shim.NewWayland()
 	}

 	// open process state store