fortify/helper/bwrap.go

package helper

import (
	"context"
	"errors"
	"io"
	"os"
	"slices"
	"strconv"
	"sync"

	"git.gensokyo.uk/security/fortify/helper/bwrap"
	"git.gensokyo.uk/security/fortify/helper/proc"
)

// BubblewrapName is the file name or path to bubblewrap.
var BubblewrapName = "bwrap"

type bubblewrap struct {
	// final args fd of bwrap process
	argsFd uintptr

	// name of the command to run in bwrap
	name string

	lock sync.RWMutex
	*helperCmd
}

func (b *bubblewrap) Start(ctx context.Context, stat bool) error {
	b.lock.Lock()
	defer b.lock.Unlock()

	// Check for doubled Start calls before we defer failure cleanup. If the prior
	// call to Start succeeded, we don't want to spuriously close its pipes.
	if b.Cmd != nil && b.Cmd.Process != nil {
		return errors.New("exec: already started")
	}

	args := b.finalise(ctx, stat)
	b.Cmd.Args = slices.Grow(b.Cmd.Args, 4+len(args))
	b.Cmd.Args = append(b.Cmd.Args, "--args", strconv.Itoa(int(b.argsFd)), "--", b.name)
	b.Cmd.Args = append(b.Cmd.Args, args...)
	return proc.Fulfill(ctx, b.Cmd, b.files, b.extraFiles)
}

// MustNewBwrap initialises a new Bwrap instance with wt as the null-terminated argument writer.
// If wt is nil, the child process spawned by bwrap will not get an argument pipe.
// Function argF returns an array of arguments passed directly to the child process.
func MustNewBwrap(
	conf *bwrap.Config, name string,
	wt io.WriterTo, argF func(argsFD, statFD int) []string,
	extraFiles []*os.File,
	syncFd *os.File,
) Helper {
	b, err := NewBwrap(conf, name, wt, argF, extraFiles, syncFd)
	if err != nil {
		panic(err.Error())
	} else {
		return b
	}
}

// NewBwrap initialises a new Bwrap instance with wt as the null-terminated argument writer.
// If wt is nil, the child process spawned by bwrap will not get an argument pipe.
// Function argF returns an array of arguments passed directly to the child process.
func NewBwrap(
	conf *bwrap.Config, name string,
	wt io.WriterTo, argF func(argsFd, statFd int) []string,
	extraFiles []*os.File,
	syncFd *os.File,
) (Helper, error) {
	b := new(bubblewrap)

	b.name = name
	b.helperCmd = newHelperCmd(b, BubblewrapName, wt, argF, extraFiles)

	if v, err := NewCheckedArgs(conf.Args(syncFd, b.extraFiles, &b.files)); err != nil {
		return nil, err
	} else {
		f := proc.NewWriterTo(v)
		b.argsFd = proc.InitFile(f, b.extraFiles)
		b.files = append(b.files, f)
	}

	return b, nil
}
helper: implementation of helper.Helper using bwrap Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-08 18:02:38 +09:00			`package helper`

			`import (`
helper: use generic extra files interface This replaces the pipes object and integrates context into helper process lifecycle. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-13 23:15:34 +09:00			`"context"`
helper: implementation of helper.Helper using bwrap Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-08 18:02:38 +09:00			`"errors"`
			`"io"`
helper/bwrap: implement sync fd This is required by wayland security-context-v1. Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-12-06 04:21:37 +09:00			`"os"`
helper: use generic extra files interface This replaces the pipes object and integrates context into helper process lifecycle. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-13 23:15:34 +09:00			`"slices"`
helper: implementation of helper.Helper using bwrap Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-08 18:02:38 +09:00			`"strconv"`
			`"sync"`

migrate to git.gensokyo.uk/security/fortify Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-12-20 00:20:02 +09:00			`"git.gensokyo.uk/security/fortify/helper/bwrap"`
helper: use generic extra files interface This replaces the pipes object and integrates context into helper process lifecycle. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-13 23:15:34 +09:00			`"git.gensokyo.uk/security/fortify/helper/proc"`
helper: implementation of helper.Helper using bwrap Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-08 18:02:38 +09:00			`)`

			`// BubblewrapName is the file name or path to bubblewrap.`
			`var BubblewrapName = "bwrap"`

			`type bubblewrap struct {`
helper: use generic extra files interface This replaces the pipes object and integrates context into helper process lifecycle. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-13 23:15:34 +09:00			`// final args fd of bwrap process`
			`argsFd uintptr`
helper: implementation of helper.Helper using bwrap Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-08 18:02:38 +09:00
helper: use generic extra files interface This replaces the pipes object and integrates context into helper process lifecycle. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-13 23:15:34 +09:00			`// name of the command to run in bwrap`
			`name string`
helper: implementation of helper.Helper using bwrap Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-08 18:02:38 +09:00
			`lock sync.RWMutex`
helper: use generic extra files interface This replaces the pipes object and integrates context into helper process lifecycle. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-13 23:15:34 +09:00			`*helperCmd`
helper: implementation of helper.Helper using bwrap Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-08 18:02:38 +09:00			`}`

helper: use generic extra files interface This replaces the pipes object and integrates context into helper process lifecycle. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-13 23:15:34 +09:00			`func (b *bubblewrap) Start(ctx context.Context, stat bool) error {`
helper: implementation of helper.Helper using bwrap Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-08 18:02:38 +09:00			`b.lock.Lock()`
			`defer b.lock.Unlock()`

			`// Check for doubled Start calls before we defer failure cleanup. If the prior`
			`// call to Start succeeded, we don't want to spuriously close its pipes.`
helper: use generic extra files interface This replaces the pipes object and integrates context into helper process lifecycle. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-13 23:15:34 +09:00			`if b.Cmd != nil && b.Cmd.Process != nil {`
helper: implementation of helper.Helper using bwrap Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-08 18:02:38 +09:00			`return errors.New("exec: already started")`
			`}`

helper: use generic extra files interface This replaces the pipes object and integrates context into helper process lifecycle. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-13 23:15:34 +09:00			`args := b.finalise(ctx, stat)`
			`b.Cmd.Args = slices.Grow(b.Cmd.Args, 4+len(args))`
			`b.Cmd.Args = append(b.Cmd.Args, "--args", strconv.Itoa(int(b.argsFd)), "--", b.name)`
			`b.Cmd.Args = append(b.Cmd.Args, args...)`
			`return proc.Fulfill(ctx, b.Cmd, b.files, b.extraFiles)`
helper: implementation of helper.Helper using bwrap Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-08 18:02:38 +09:00			`}`

			`// MustNewBwrap initialises a new Bwrap instance with wt as the null-terminated argument writer.`
			`// If wt is nil, the child process spawned by bwrap will not get an argument pipe.`
			`// Function argF returns an array of arguments passed directly to the child process.`
helper/bwrap: move sync to helper state Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-01-19 18:38:13 +09:00			`func MustNewBwrap(`
			`conf *bwrap.Config, name string,`
			`wt io.WriterTo, argF func(argsFD, statFD int) []string,`
helper/bwrap: integrate seccomp into helper interface This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-01-22 01:51:10 +09:00			`extraFiles []*os.File,`
			`syncFd *os.File,`
helper/bwrap: move sync to helper state Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-01-19 18:38:13 +09:00			`) Helper {`
helper/bwrap: integrate seccomp into helper interface This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-01-22 01:51:10 +09:00			`b, err := NewBwrap(conf, name, wt, argF, extraFiles, syncFd)`
helper: implementation of helper.Helper using bwrap Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-08 18:02:38 +09:00			`if err != nil {`
			`panic(err.Error())`
			`} else {`
			`return b`
			`}`
			`}`

			`// NewBwrap initialises a new Bwrap instance with wt as the null-terminated argument writer.`
			`// If wt is nil, the child process spawned by bwrap will not get an argument pipe.`
			`// Function argF returns an array of arguments passed directly to the child process.`
helper/bwrap: move sync to helper state Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-01-19 18:38:13 +09:00			`func NewBwrap(`
			`conf *bwrap.Config, name string,`
helper: use generic extra files interface This replaces the pipes object and integrates context into helper process lifecycle. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-13 23:15:34 +09:00			`wt io.WriterTo, argF func(argsFd, statFd int) []string,`
helper/bwrap: integrate seccomp into helper interface This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-01-22 01:51:10 +09:00			`extraFiles []*os.File,`
			`syncFd *os.File,`
helper/bwrap: move sync to helper state Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-01-19 18:38:13 +09:00			`) (Helper, error) {`
helper: implementation of helper.Helper using bwrap Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-08 18:02:38 +09:00			`b := new(bubblewrap)`

			`b.name = name`
helper: use generic extra files interface This replaces the pipes object and integrates context into helper process lifecycle. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-13 23:15:34 +09:00			`b.helperCmd = newHelperCmd(b, BubblewrapName, wt, argF, extraFiles)`
helper/bwrap: integrate seccomp into helper interface This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-01-22 01:51:10 +09:00
helper/bwrap: merge Args and FDArgs Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-14 18:13:06 +09:00			`if v, err := NewCheckedArgs(conf.Args(syncFd, b.extraFiles, &b.files)); err != nil {`
helper/bwrap: integrate seccomp into helper interface This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-01-22 01:51:10 +09:00			`return nil, err`
			`} else {`
helper: use generic extra files interface This replaces the pipes object and integrates context into helper process lifecycle. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-13 23:15:34 +09:00			`f := proc.NewWriterTo(v)`
			`b.argsFd = proc.InitFile(f, b.extraFiles)`
			`b.files = append(b.files, f)`
helper/bwrap: integrate seccomp into helper interface This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-01-22 01:51:10 +09:00			`}`
helper: implementation of helper.Helper using bwrap Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-08 18:02:38 +09:00
			`return b, nil`
			`}`