2024-09-22 00:29:36 +09:00
|
|
|
package app
|
|
|
|
|
|
|
|
import (
|
|
|
|
"path"
|
|
|
|
|
2024-12-20 00:20:02 +09:00
|
|
|
"git.gensokyo.uk/security/fortify/acl"
|
|
|
|
"git.gensokyo.uk/security/fortify/dbus"
|
|
|
|
"git.gensokyo.uk/security/fortify/internal/system"
|
2024-09-22 00:29:36 +09:00
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
|
|
|
dbusSessionBusAddress = "DBUS_SESSION_BUS_ADDRESS"
|
|
|
|
dbusSystemBusAddress = "DBUS_SYSTEM_BUS_ADDRESS"
|
|
|
|
)
|
|
|
|
|
|
|
|
func (seal *appSeal) shareDBus(config [2]*dbus.Config) error {
|
2024-10-16 14:38:57 +09:00
|
|
|
if !seal.et.Has(system.EDBus) {
|
2024-09-22 00:29:36 +09:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// downstream socket paths
|
2024-10-16 01:38:59 +09:00
|
|
|
sessionPath, systemPath := path.Join(seal.share, "bus"), path.Join(seal.share, "system_bus_socket")
|
2024-09-22 00:29:36 +09:00
|
|
|
|
2024-10-16 01:38:59 +09:00
|
|
|
// configure dbus proxy
|
2024-11-03 03:07:02 +09:00
|
|
|
if f, err := seal.sys.ProxyDBus(config[0], config[1], sessionPath, systemPath); err != nil {
|
2024-10-16 01:38:59 +09:00
|
|
|
return err
|
2024-11-03 03:07:02 +09:00
|
|
|
} else {
|
|
|
|
seal.dbusMsg = f
|
2024-09-22 00:29:36 +09:00
|
|
|
}
|
|
|
|
|
|
|
|
// share proxy sockets
|
2024-10-11 04:18:15 +09:00
|
|
|
sessionInner := path.Join(seal.sys.runtime, "bus")
|
2024-10-16 01:38:59 +09:00
|
|
|
seal.sys.bwrap.SetEnv[dbusSessionBusAddress] = "unix:path=" + sessionInner
|
|
|
|
seal.sys.bwrap.Bind(sessionPath, sessionInner)
|
|
|
|
seal.sys.UpdatePerm(sessionPath, acl.Read, acl.Write)
|
|
|
|
if config[1] != nil {
|
2024-10-11 04:18:15 +09:00
|
|
|
systemInner := "/run/dbus/system_bus_socket"
|
2024-10-16 01:38:59 +09:00
|
|
|
seal.sys.bwrap.SetEnv[dbusSystemBusAddress] = "unix:path=" + systemInner
|
|
|
|
seal.sys.bwrap.Bind(systemPath, systemInner)
|
|
|
|
seal.sys.UpdatePerm(systemPath, acl.Read, acl.Write)
|
2024-09-22 00:29:36 +09:00
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|