2024-10-11 01:55:33 +09:00
|
|
|
package shim
|
|
|
|
|
|
|
|
import (
|
|
|
|
"encoding/gob"
|
|
|
|
"errors"
|
|
|
|
"net"
|
|
|
|
"os"
|
|
|
|
"syscall"
|
|
|
|
|
2024-10-20 19:50:13 +09:00
|
|
|
"git.ophivana.moe/security/fortify/acl"
|
2024-10-21 20:47:02 +09:00
|
|
|
"git.ophivana.moe/security/fortify/internal/fmsg"
|
2024-10-11 01:55:33 +09:00
|
|
|
)
|
|
|
|
|
|
|
|
// called in the parent process
|
|
|
|
|
2024-10-21 21:23:56 +09:00
|
|
|
func ServeConfig(socket string, abort chan error, uid int, payload *Payload, wl *Wayland) error {
|
2024-10-11 01:55:33 +09:00
|
|
|
if payload.WL {
|
2024-10-20 22:54:47 +09:00
|
|
|
if f, err := net.DialUnix("unix", nil, &net.UnixAddr{Name: wl.Path, Net: "unix"}); err != nil {
|
|
|
|
return err
|
2024-10-11 01:55:33 +09:00
|
|
|
} else {
|
2024-10-21 20:47:02 +09:00
|
|
|
fmsg.VPrintf("connected to wayland at %q", wl.Path)
|
2024-10-20 22:54:47 +09:00
|
|
|
wl.UnixConn = f
|
2024-10-11 01:55:33 +09:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-10-21 21:23:56 +09:00
|
|
|
// setup success state accessed by abort
|
|
|
|
var success bool
|
|
|
|
|
2024-10-11 01:55:33 +09:00
|
|
|
if c, err := net.ListenUnix("unix", &net.UnixAddr{Name: socket, Net: "unix"}); err != nil {
|
2024-10-20 22:54:47 +09:00
|
|
|
return err
|
2024-10-11 01:55:33 +09:00
|
|
|
} else {
|
2024-10-21 21:23:56 +09:00
|
|
|
c.SetUnlinkOnClose(true)
|
|
|
|
|
|
|
|
go func() {
|
|
|
|
err1 := <-abort
|
|
|
|
if !success {
|
|
|
|
fmsg.VPrintln("aborting shim setup, reason:", err1)
|
|
|
|
if err1 = c.Close(); err1 != nil {
|
|
|
|
fmsg.Println("cannot abort shim setup:", err1)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
close(abort)
|
|
|
|
}()
|
|
|
|
|
2024-10-21 20:47:02 +09:00
|
|
|
fmsg.VPrintf("configuring shim on socket %q", socket)
|
2024-10-15 02:15:55 +09:00
|
|
|
if err = acl.UpdatePerm(socket, uid, acl.Read, acl.Write, acl.Execute); err != nil {
|
2024-10-21 20:47:02 +09:00
|
|
|
fmsg.Println("cannot change permissions of shim setup socket:", err)
|
2024-10-11 01:55:33 +09:00
|
|
|
}
|
|
|
|
|
|
|
|
go func() {
|
|
|
|
var conn *net.UnixConn
|
|
|
|
if conn, err = c.AcceptUnix(); err != nil {
|
2024-10-21 21:23:56 +09:00
|
|
|
if errors.Is(err, net.ErrClosed) {
|
|
|
|
fmsg.VPrintln("accept failed due to shim setup abort")
|
|
|
|
} else {
|
|
|
|
fmsg.Println("cannot accept connection from shim:", err)
|
|
|
|
}
|
2024-10-11 01:55:33 +09:00
|
|
|
} else {
|
|
|
|
if err = gob.NewEncoder(conn).Encode(*payload); err != nil {
|
2024-10-21 20:47:02 +09:00
|
|
|
fmsg.Println("cannot stream shim payload:", err)
|
2024-10-15 02:15:55 +09:00
|
|
|
_ = os.Remove(socket)
|
2024-10-11 01:55:33 +09:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if payload.WL {
|
|
|
|
// get raw connection
|
|
|
|
var rc syscall.RawConn
|
2024-10-20 22:54:47 +09:00
|
|
|
if rc, err = wl.SyscallConn(); err != nil {
|
2024-10-21 20:47:02 +09:00
|
|
|
fmsg.Println("cannot obtain raw wayland connection:", err)
|
2024-10-11 01:55:33 +09:00
|
|
|
return
|
|
|
|
} else {
|
|
|
|
go func() {
|
|
|
|
// pass wayland socket fd
|
|
|
|
if err = rc.Control(func(fd uintptr) {
|
|
|
|
if _, _, err = conn.WriteMsgUnix(nil, syscall.UnixRights(int(fd)), nil); err != nil {
|
2024-10-21 20:47:02 +09:00
|
|
|
fmsg.Println("cannot pass wayland connection to shim:", err)
|
2024-10-11 01:55:33 +09:00
|
|
|
return
|
|
|
|
}
|
|
|
|
_ = conn.Close()
|
|
|
|
|
|
|
|
// block until shim exits
|
2024-10-20 22:54:47 +09:00
|
|
|
<-wl.done
|
2024-10-21 20:47:02 +09:00
|
|
|
fmsg.VPrintln("releasing wayland connection")
|
2024-10-11 01:55:33 +09:00
|
|
|
}); err != nil {
|
2024-10-21 20:47:02 +09:00
|
|
|
fmsg.Println("cannot obtain wayland connection fd:", err)
|
2024-10-11 01:55:33 +09:00
|
|
|
}
|
|
|
|
}()
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
_ = conn.Close()
|
|
|
|
}
|
|
|
|
}
|
2024-10-21 21:23:56 +09:00
|
|
|
|
|
|
|
success = true
|
2024-10-11 01:55:33 +09:00
|
|
|
if err = c.Close(); err != nil {
|
2024-10-21 21:23:56 +09:00
|
|
|
if errors.Is(err, net.ErrClosed) {
|
|
|
|
fmsg.VPrintln("close failed due to shim setup abort")
|
|
|
|
} else {
|
|
|
|
fmsg.Println("cannot close shim socket:", err)
|
|
|
|
}
|
2024-10-11 01:55:33 +09:00
|
|
|
}
|
|
|
|
}()
|
2024-10-20 22:54:47 +09:00
|
|
|
return nil
|
2024-10-11 01:55:33 +09:00
|
|
|
}
|
|
|
|
}
|