fortify/wl/c.go

package wl

//go:generate sh -c "wayland-scanner client-header `pkg-config --variable=datarootdir wayland-protocols`/wayland-protocols/staging/security-context/security-context-v1.xml security-context-v1-protocol.h"
//go:generate sh -c "wayland-scanner private-code `pkg-config --variable=datarootdir wayland-protocols`/wayland-protocols/staging/security-context/security-context-v1.xml security-context-v1-protocol.c"

/*
#cgo linux pkg-config: wayland-client
#cgo freebsd openbsd LDFLAGS: -lwayland-client

#include <stdint.h>
#include <stdlib.h>
#include <stdio.h>

#include <unistd.h>
#include <sys/socket.h>
#include <sys/un.h>

#include <wayland-client.h>
#include "security-context-v1-protocol.h"

static void registry_handle_global(void *data, struct wl_registry *registry, uint32_t name, const char *interface, uint32_t version) {
  struct wp_security_context_manager_v1 **out = data;

  if (strcmp(interface, wp_security_context_manager_v1_interface.name) == 0)
      *out = wl_registry_bind(registry, name, &wp_security_context_manager_v1_interface, 1);
}

static void registry_handle_global_remove(void *data, struct wl_registry *registry, uint32_t name) { } // no-op

static const struct wl_registry_listener registry_listener = {
  .global = registry_handle_global,
  .global_remove = registry_handle_global_remove,
};

static int32_t bind_wayland_fd(char *socket_path, int fd, const char *app_id, const char *instance_id, int sync_fd) {
  int32_t res = 0; // refer to resErr for meaning

  struct wl_display *display;
  display = wl_display_connect_to_fd(fd);
  if (!display) {
    res = 1;
    goto out;
  };

  struct wl_registry *registry;
  registry = wl_display_get_registry(display);

  struct wp_security_context_manager_v1 *security_context_manager = NULL;
  wl_registry_add_listener(registry, &registry_listener, &security_context_manager);
  int ret;
  ret = wl_display_roundtrip(display);
  wl_registry_destroy(registry);
  if (ret < 0)
    goto out;

  if (!security_context_manager) {
    res = 2;
    goto out;
  }

  int listen_fd = -1;
  listen_fd = socket(AF_UNIX, SOCK_STREAM, 0);
  if (listen_fd < 0)
    goto out;

  struct sockaddr_un sockaddr = {0};
  sockaddr.sun_family = AF_UNIX;
  snprintf(sockaddr.sun_path, sizeof(sockaddr.sun_path), "%s", socket_path);
  if (bind(listen_fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr)) != 0)
    goto out;

  if (listen(listen_fd, 0) != 0)
    goto out;

  struct wp_security_context_v1 *security_context;
  security_context = wp_security_context_manager_v1_create_listener(security_context_manager, listen_fd, sync_fd);
  wp_security_context_v1_set_sandbox_engine(security_context, "moe.ophivana.fortify");
  wp_security_context_v1_set_app_id(security_context, app_id);
  wp_security_context_v1_set_instance_id(security_context, instance_id);
  wp_security_context_v1_commit(security_context);
  wp_security_context_v1_destroy(security_context);
  if (wl_display_roundtrip(display) < 0)
    goto out;

out:
  if (listen_fd >= 0)
    close(listen_fd);
  if (security_context_manager)
    wp_security_context_manager_v1_destroy(security_context_manager);
  if (display)
    wl_display_disconnect(display);

  free((void *)socket_path);
  free((void *)app_id);
  free((void *)instance_id);
  return res;
}
*/
import "C"
import "errors"

var resErr = [...]error{
	0: nil,
	1: errors.New("wl_display_connect_to_fd() failed"),
	2: errors.New("wp_security_context_v1 not available"),
}

func bindWaylandFd(socketPath string, fd uintptr, appID, instanceID string, syncFD uintptr) error {
	res := C.bind_wayland_fd(C.CString(socketPath), C.int(fd), C.CString(appID), C.CString(instanceID), C.int(syncFD))
	return resErr[int32(res)]
}
wl: implement security-context-v1 Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-12-06 03:34:13 +09:00			`package wl`

			//go:generate sh -c "wayland-scanner client-header `pkg-config --variable=datarootdir wayland-protocols`/wayland-protocols/staging/security-context/security-context-v1.xml security-context-v1-protocol.h"
			//go:generate sh -c "wayland-scanner private-code `pkg-config --variable=datarootdir wayland-protocols`/wayland-protocols/staging/security-context/security-context-v1.xml security-context-v1-protocol.c"

			`/*`
			`#cgo linux pkg-config: wayland-client`
			`#cgo freebsd openbsd LDFLAGS: -lwayland-client`

			`#include <stdint.h>`
			`#include <stdlib.h>`
			`#include <stdio.h>`

			`#include <unistd.h>`
			`#include <sys/socket.h>`
			`#include <sys/un.h>`

			`#include <wayland-client.h>`
			`#include "security-context-v1-protocol.h"`

			`static void registry_handle_global(void data, struct wl_registry registry, uint32_t name, const char *interface, uint32_t version) {`
			`struct wp_security_context_manager_v1 **out = data;`

			`if (strcmp(interface, wp_security_context_manager_v1_interface.name) == 0)`
			`*out = wl_registry_bind(registry, name, &wp_security_context_manager_v1_interface, 1);`
			`}`

			`static void registry_handle_global_remove(void data, struct wl_registry registry, uint32_t name) { } // no-op`

			`static const struct wl_registry_listener registry_listener = {`
			`.global = registry_handle_global,`
			`.global_remove = registry_handle_global_remove,`
			`};`

			`static int32_t bind_wayland_fd(char socket_path, int fd, const char app_id, const char *instance_id, int sync_fd) {`
			`int32_t res = 0; // refer to resErr for meaning`

			`struct wl_display *display;`
			`display = wl_display_connect_to_fd(fd);`
			`if (!display) {`
			`res = 1;`
			`goto out;`
			`};`

			`struct wl_registry *registry;`
			`registry = wl_display_get_registry(display);`

			`struct wp_security_context_manager_v1 *security_context_manager = NULL;`
			`wl_registry_add_listener(registry, &registry_listener, &security_context_manager);`
			`int ret;`
			`ret = wl_display_roundtrip(display);`
			`wl_registry_destroy(registry);`
			`if (ret < 0)`
			`goto out;`

			`if (!security_context_manager) {`
			`res = 2;`
			`goto out;`
			`}`

			`int listen_fd = -1;`
			`listen_fd = socket(AF_UNIX, SOCK_STREAM, 0);`
			`if (listen_fd < 0)`
			`goto out;`

			`struct sockaddr_un sockaddr = {0};`
			`sockaddr.sun_family = AF_UNIX;`
			`snprintf(sockaddr.sun_path, sizeof(sockaddr.sun_path), "%s", socket_path);`
			`if (bind(listen_fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr)) != 0)`
			`goto out;`

			`if (listen(listen_fd, 0) != 0)`
			`goto out;`

			`struct wp_security_context_v1 *security_context;`
			`security_context = wp_security_context_manager_v1_create_listener(security_context_manager, listen_fd, sync_fd);`
			`wp_security_context_v1_set_sandbox_engine(security_context, "moe.ophivana.fortify");`
			`wp_security_context_v1_set_app_id(security_context, app_id);`
			`wp_security_context_v1_set_instance_id(security_context, instance_id);`
			`wp_security_context_v1_commit(security_context);`
			`wp_security_context_v1_destroy(security_context);`
			`if (wl_display_roundtrip(display) < 0)`
			`goto out;`

			`out:`
			`if (listen_fd >= 0)`
			`close(listen_fd);`
			`if (security_context_manager)`
			`wp_security_context_manager_v1_destroy(security_context_manager);`
			`if (display)`
			`wl_display_disconnect(display);`

			`free((void *)socket_path);`
			`free((void *)app_id);`
			`free((void *)instance_id);`
			`return res;`
			`}`
			`*/`
			`import "C"`
			`import "errors"`

			`var resErr = [...]error{`
			`0: nil,`
			`1: errors.New("wl_display_connect_to_fd() failed"),`
			`2: errors.New("wp_security_context_v1 not available"),`
			`}`

			`func bindWaylandFd(socketPath string, fd uintptr, appID, instanceID string, syncFD uintptr) error {`
			`res := C.bind_wayland_fd(C.CString(socketPath), C.int(fd), C.CString(appID), C.CString(instanceID), C.int(syncFD))`
			`return resErr[int32(res)]`
			`}`