2024-09-08 13:19:48 +09:00
|
|
|
package state
|
|
|
|
|
|
|
|
import (
|
2024-10-10 11:03:31 +09:00
|
|
|
"errors"
|
2024-09-08 13:19:48 +09:00
|
|
|
"fmt"
|
|
|
|
"os"
|
2024-09-22 00:29:36 +09:00
|
|
|
"path"
|
2024-09-08 13:19:48 +09:00
|
|
|
"strconv"
|
|
|
|
"strings"
|
|
|
|
"text/tabwriter"
|
2024-09-22 00:29:36 +09:00
|
|
|
"time"
|
2024-09-08 13:19:48 +09:00
|
|
|
|
2024-10-21 20:47:02 +09:00
|
|
|
"git.ophivana.moe/security/fortify/internal/fmsg"
|
2024-10-20 19:50:13 +09:00
|
|
|
"git.ophivana.moe/security/fortify/internal/system"
|
2024-09-08 13:19:48 +09:00
|
|
|
)
|
|
|
|
|
2024-09-22 00:29:36 +09:00
|
|
|
// MustPrintLauncherStateSimpleGlobal prints active launcher states of all simple stores
|
|
|
|
// in an implementation-specific way.
|
2024-10-10 11:03:31 +09:00
|
|
|
func MustPrintLauncherStateSimpleGlobal(w **tabwriter.Writer, runDir string) {
|
2024-09-22 00:29:36 +09:00
|
|
|
now := time.Now().UTC()
|
|
|
|
|
|
|
|
// read runtime directory to get all UIDs
|
2024-10-10 11:03:31 +09:00
|
|
|
if dirs, err := os.ReadDir(path.Join(runDir, "state")); err != nil && !errors.Is(err, os.ErrNotExist) {
|
2024-10-26 23:09:32 +09:00
|
|
|
fmsg.Fatal("cannot read runtime directory:", err)
|
2024-09-16 20:31:15 +09:00
|
|
|
} else {
|
|
|
|
for _, e := range dirs {
|
2024-09-22 00:29:36 +09:00
|
|
|
// skip non-directories
|
2024-09-16 20:31:15 +09:00
|
|
|
if !e.IsDir() {
|
2024-10-21 20:47:02 +09:00
|
|
|
fmsg.VPrintf("skipped non-directory entry %q", e.Name())
|
2024-09-16 20:31:15 +09:00
|
|
|
continue
|
|
|
|
}
|
2024-09-08 13:19:48 +09:00
|
|
|
|
2024-09-22 00:29:36 +09:00
|
|
|
// skip non-numerical names
|
2024-09-16 20:31:15 +09:00
|
|
|
if _, err = strconv.Atoi(e.Name()); err != nil {
|
2024-10-21 20:47:02 +09:00
|
|
|
fmsg.VPrintf("skipped non-uid entry %q", e.Name())
|
2024-09-16 20:31:15 +09:00
|
|
|
continue
|
2024-09-08 13:19:48 +09:00
|
|
|
}
|
|
|
|
|
2024-09-22 00:29:36 +09:00
|
|
|
// obtain temporary store
|
2024-12-19 11:48:48 +09:00
|
|
|
s := NewSimple(runDir, e.Name()).(*multiStore)
|
2024-09-22 00:29:36 +09:00
|
|
|
|
|
|
|
// print states belonging to this store
|
|
|
|
s.mustPrintLauncherState(w, now)
|
|
|
|
|
|
|
|
// mustPrintLauncherState causes store activity so store needs to be closed
|
|
|
|
if err = s.Close(); err != nil {
|
2024-10-21 20:47:02 +09:00
|
|
|
fmsg.Printf("cannot close store for user %q: %s", e.Name(), err)
|
2024-09-22 00:29:36 +09:00
|
|
|
}
|
2024-09-08 13:19:48 +09:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-12-19 11:48:48 +09:00
|
|
|
func (s *multiStore) mustPrintLauncherState(w **tabwriter.Writer, now time.Time) {
|
2024-09-22 00:29:36 +09:00
|
|
|
var innerErr error
|
2024-09-08 13:19:48 +09:00
|
|
|
|
2024-09-22 00:29:36 +09:00
|
|
|
if ok, err := s.Do(func(b Backend) {
|
|
|
|
innerErr = func() error {
|
|
|
|
// read launcher states
|
|
|
|
states, err := b.Load()
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2024-09-08 13:19:48 +09:00
|
|
|
|
2024-09-22 00:29:36 +09:00
|
|
|
// initialise tabwriter if nil
|
|
|
|
if *w == nil {
|
|
|
|
*w = tabwriter.NewWriter(os.Stdout, 0, 1, 4, ' ', 0)
|
2024-09-08 13:19:48 +09:00
|
|
|
|
2024-09-22 00:29:36 +09:00
|
|
|
// write header when initialising
|
2024-10-21 20:47:02 +09:00
|
|
|
if !fmsg.Verbose() {
|
2024-11-16 21:19:45 +09:00
|
|
|
_, _ = fmt.Fprintln(*w, "\tPID\tApp\tUptime\tEnablements\tCommand")
|
2024-09-22 00:29:36 +09:00
|
|
|
} else {
|
|
|
|
// argv is emitted in body when verbose
|
2024-11-16 21:19:45 +09:00
|
|
|
_, _ = fmt.Fprintln(*w, "\tPID\tApp\tArgv")
|
2024-09-22 00:29:36 +09:00
|
|
|
}
|
2024-09-08 13:19:48 +09:00
|
|
|
}
|
|
|
|
|
2024-09-22 00:29:36 +09:00
|
|
|
// print each state
|
|
|
|
for _, state := range states {
|
|
|
|
// skip nil states
|
|
|
|
if state == nil {
|
|
|
|
_, _ = fmt.Fprintln(*w, "\tnil state entry")
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
2024-12-18 13:45:55 +09:00
|
|
|
// build enablements and command string
|
|
|
|
var (
|
|
|
|
ets *strings.Builder
|
|
|
|
cs = "(No command information)"
|
|
|
|
)
|
|
|
|
|
|
|
|
// check if enablements are provided
|
|
|
|
if state.Config != nil {
|
|
|
|
ets = new(strings.Builder)
|
|
|
|
// append enablement strings in order
|
|
|
|
for i := system.Enablement(0); i < system.Enablement(system.ELen); i++ {
|
|
|
|
if state.Config.Confinement.Enablements.Has(i) {
|
|
|
|
ets.WriteString(", " + i.String())
|
|
|
|
}
|
2024-09-22 00:29:36 +09:00
|
|
|
}
|
2024-12-18 13:45:55 +09:00
|
|
|
|
|
|
|
cs = fmt.Sprintf("%q", state.Config.Command)
|
2024-09-22 00:29:36 +09:00
|
|
|
}
|
2024-12-18 13:45:55 +09:00
|
|
|
if ets != nil {
|
|
|
|
// prevent an empty string
|
|
|
|
if ets.Len() == 0 {
|
|
|
|
ets.WriteString("(No enablements)")
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
ets = new(strings.Builder)
|
|
|
|
ets.WriteString("(No confinement information)")
|
2024-09-22 00:29:36 +09:00
|
|
|
}
|
|
|
|
|
2024-10-21 20:47:02 +09:00
|
|
|
if !fmsg.Verbose() {
|
2024-11-16 21:19:45 +09:00
|
|
|
_, _ = fmt.Fprintf(*w, "\t%d\t%s\t%s\t%s\t%s\n",
|
2024-12-18 13:45:55 +09:00
|
|
|
state.PID, s.path[len(s.path)-1], now.Sub(state.Time).Round(time.Second).String(), strings.TrimPrefix(ets.String(), ", "), cs)
|
2024-09-22 00:29:36 +09:00
|
|
|
} else {
|
|
|
|
// emit argv instead when verbose
|
2024-11-16 21:19:45 +09:00
|
|
|
_, _ = fmt.Fprintf(*w, "\t%d\t%s\t%s\n",
|
2024-12-18 13:45:55 +09:00
|
|
|
state.PID, s.path[len(s.path)-1], state.ID)
|
2024-09-22 00:29:36 +09:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}()
|
|
|
|
}); err != nil {
|
2024-10-21 20:47:02 +09:00
|
|
|
fmsg.Printf("cannot perform action on store %q: %s", path.Join(s.path...), err)
|
2024-09-22 00:29:36 +09:00
|
|
|
if !ok {
|
2024-10-26 23:09:32 +09:00
|
|
|
fmsg.Fatal("store faulted before printing")
|
2024-09-08 13:19:48 +09:00
|
|
|
}
|
|
|
|
}
|
2024-09-22 00:29:36 +09:00
|
|
|
|
|
|
|
if innerErr != nil {
|
2024-10-26 23:09:32 +09:00
|
|
|
fmsg.Fatalf("cannot print launcher state for store %q: %s", path.Join(s.path...), innerErr)
|
2024-09-22 00:29:36 +09:00
|
|
|
}
|
2024-09-08 13:19:48 +09:00
|
|
|
}
|