From 148cb72579915823a69d8c38251b409278b514ef Mon Sep 17 00:00:00 2001
From: Ophestra Umiker <cat@ophivana.moe>
Date: Sun, 27 Oct 2024 11:56:20 +0900
Subject: [PATCH] system/dbus: compare sealed value by string

Stringer method of dbus.Proxy returns a string representation of its args stream when sealed.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
---
 internal/app/app_nixos_test.go | 275 +++++++++++++++++++++++++++++++++
 internal/app/app_test.go       |  53 +++++++
 internal/system/dbus.go        |  12 +-
 3 files changed, 339 insertions(+), 1 deletion(-)

diff --git a/internal/app/app_nixos_test.go b/internal/app/app_nixos_test.go
index 9488c6b..e5f57e0 100644
--- a/internal/app/app_nixos_test.go
+++ b/internal/app/app_nixos_test.go
@@ -7,6 +7,7 @@ import (
 	"strconv"
 
 	"git.ophivana.moe/security/fortify/acl"
+	"git.ophivana.moe/security/fortify/dbus"
 	"git.ophivana.moe/security/fortify/helper/bwrap"
 	"git.ophivana.moe/security/fortify/internal"
 	"git.ophivana.moe/security/fortify/internal/app"
@@ -187,6 +188,262 @@ var testCasesNixos = []sealTestCase{
 			Bind("/tmp/fortify.1971/4a450b6596d7bc15bd01780eb9a607ac/group", "/etc/group").
 			Tmpfs("/var/run/nscd", 8192),
 	},
+	{
+		"nixos permissive defaults chromium", new(stubNixOS),
+		&app.Config{
+			ID:      "org.chromium.Chromium",
+			User:    "chronos",
+			Command: []string{"/run/current-system/sw/bin/zsh", "-c", "exec chromium "},
+			Confinement: app.ConfinementConfig{
+				SessionBus: &dbus.Config{
+					Talk: []string{
+						"org.freedesktop.Notifications",
+						"org.freedesktop.FileManager1",
+						"org.freedesktop.ScreenSaver",
+						"org.freedesktop.secrets",
+						"org.kde.kwalletd5",
+						"org.kde.kwalletd6",
+						"org.gnome.SessionManager",
+					},
+					Own: []string{
+						"org.chromium.Chromium.*",
+						"org.mpris.MediaPlayer2.org.chromium.Chromium.*",
+						"org.mpris.MediaPlayer2.chromium.*",
+					},
+					Call: map[string]string{
+						"org.freedesktop.portal.*": "*",
+					},
+					Broadcast: map[string]string{
+						"org.freedesktop.portal.*": "@/org/freedesktop/portal/*",
+					},
+					Filter: true,
+				},
+				SystemBus: &dbus.Config{
+					Talk: []string{
+						"org.bluez",
+						"org.freedesktop.Avahi",
+						"org.freedesktop.UPower",
+					},
+					Filter: true,
+				},
+				Enablements: system.EWayland.Mask() | system.EDBus.Mask() | system.EPulse.Mask(),
+			},
+			Method: "systemd",
+		},
+		app.ID{
+			0xeb, 0xf0, 0x83, 0xd1,
+			0xb1, 0x75, 0x91, 0x17,
+			0x82, 0xd4, 0x13, 0x36,
+			0x9b, 0x64, 0xce, 0x7c,
+		},
+		system.New(150).
+			Ensure("/tmp/fortify.1971", 0701).
+			Ephemeral(system.Process, "/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c", 0701).
+			Ensure("/tmp/fortify.1971/tmpdir", 0700).UpdatePermType(system.User, "/tmp/fortify.1971/tmpdir", acl.Execute).
+			Ensure("/tmp/fortify.1971/tmpdir/150", 01700).UpdatePermType(system.User, "/tmp/fortify.1971/tmpdir/150", acl.Read, acl.Write, acl.Execute).
+			Ensure("/run/user/1971/fortify", 0700).UpdatePermType(system.User, "/run/user/1971/fortify", acl.Execute).
+			Ensure("/run/user/1971", 0700).UpdatePermType(system.User, "/run/user/1971", acl.Execute). // this is ordered as is because the previous Ensure only calls mkdir if XDG_RUNTIME_DIR is unset
+			Ephemeral(system.Process, "/run/user/1971/fortify/ebf083d1b175911782d413369b64ce7c", 0700).UpdatePermType(system.Process, "/run/user/1971/fortify/ebf083d1b175911782d413369b64ce7c", acl.Execute).
+			WriteType(system.Process, "/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c/passwd", "chronos:x:65534:65534:Fortify:/home/chronos:/run/current-system/sw/bin/zsh\n").
+			WriteType(system.Process, "/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c/group", "fortify:x:65534:\n").
+			Link("/run/user/1971/wayland-0", "/run/user/1971/fortify/ebf083d1b175911782d413369b64ce7c/wayland").
+			UpdatePermType(system.EWayland, "/run/user/1971/wayland-0", acl.Read, acl.Write, acl.Execute).
+			Link("/run/user/1971/pulse/native", "/run/user/1971/fortify/ebf083d1b175911782d413369b64ce7c/pulse").
+			CopyFile("/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c/pulse-cookie", "/home/ophestra/xdg/config/pulse/cookie").
+			MustProxyDBus("/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c/bus", &dbus.Config{
+				Talk: []string{
+					"org.freedesktop.Notifications",
+					"org.freedesktop.FileManager1",
+					"org.freedesktop.ScreenSaver",
+					"org.freedesktop.secrets",
+					"org.kde.kwalletd5",
+					"org.kde.kwalletd6",
+					"org.gnome.SessionManager",
+				},
+				Own: []string{
+					"org.chromium.Chromium.*",
+					"org.mpris.MediaPlayer2.org.chromium.Chromium.*",
+					"org.mpris.MediaPlayer2.chromium.*",
+				},
+				Call: map[string]string{
+					"org.freedesktop.portal.*": "*",
+				},
+				Broadcast: map[string]string{
+					"org.freedesktop.portal.*": "@/org/freedesktop/portal/*",
+				},
+				Filter: true,
+			}, "/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c/system_bus_socket", &dbus.Config{
+				Talk: []string{
+					"org.bluez",
+					"org.freedesktop.Avahi",
+					"org.freedesktop.UPower",
+				},
+				Filter: true,
+			}).
+			UpdatePerm("/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c/bus", acl.Read, acl.Write).
+			UpdatePerm("/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c/system_bus_socket", acl.Read, acl.Write),
+		(&bwrap.Config{
+			Net:      true,
+			UserNS:   true,
+			Clearenv: true,
+			SetEnv: map[string]string{
+				"DBUS_SESSION_BUS_ADDRESS": "unix:path=/run/user/150/bus",
+				"DBUS_SYSTEM_BUS_ADDRESS":  "unix:path=/run/dbus/system_bus_socket",
+				"HOME":                     "/home/chronos",
+				"PULSE_COOKIE":             "/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c/pulse-cookie",
+				"PULSE_SERVER":             "unix:/run/user/150/pulse/native",
+				"SHELL":                    "/run/current-system/sw/bin/zsh",
+				"TERM":                     "xterm-256color",
+				"USER":                     "chronos",
+				"WAYLAND_DISPLAY":          "/run/user/150/wayland-0",
+				"XDG_RUNTIME_DIR":          "/run/user/150",
+				"XDG_SESSION_CLASS":        "user",
+				"XDG_SESSION_TYPE":         "tty",
+			},
+			Chmod:         make(bwrap.ChmodConfig),
+			DieWithParent: true,
+			AsInit:        true,
+		}).SetUID(65534).SetGID(65534).
+			Procfs("/proc").DevTmpfs("/dev").Mqueue("/dev/mqueue").
+			Tmpfs("/dev/fortify", 4096).
+			Bind("/bin", "/bin", false, true).
+			Bind("/boot", "/boot", false, true).
+			Bind("/etc", "/dev/fortify/etc").
+			Bind("/home", "/home", false, true).
+			Bind("/lib", "/lib", false, true).
+			Bind("/lib64", "/lib64", false, true).
+			Bind("/nix", "/nix", false, true).
+			Bind("/root", "/root", false, true).
+			Bind("/srv", "/srv", false, true).
+			Bind("/sys", "/sys", false, true).
+			Bind("/usr", "/usr", false, true).
+			Bind("/var", "/var", false, true).
+			Bind("/run/agetty.reload", "/run/agetty.reload", false, true).
+			Bind("/run/binfmt", "/run/binfmt", false, true).
+			Bind("/run/booted-system", "/run/booted-system", false, true).
+			Bind("/run/credentials", "/run/credentials", false, true).
+			Bind("/run/cryptsetup", "/run/cryptsetup", false, true).
+			Bind("/run/current-system", "/run/current-system", false, true).
+			Bind("/run/host", "/run/host", false, true).
+			Bind("/run/keys", "/run/keys", false, true).
+			Bind("/run/libvirt", "/run/libvirt", false, true).
+			Bind("/run/libvirtd.pid", "/run/libvirtd.pid", false, true).
+			Bind("/run/lock", "/run/lock", false, true).
+			Bind("/run/log", "/run/log", false, true).
+			Bind("/run/lvm", "/run/lvm", false, true).
+			Bind("/run/mount", "/run/mount", false, true).
+			Bind("/run/NetworkManager", "/run/NetworkManager", false, true).
+			Bind("/run/nginx", "/run/nginx", false, true).
+			Bind("/run/nixos", "/run/nixos", false, true).
+			Bind("/run/nscd", "/run/nscd", false, true).
+			Bind("/run/opengl-driver", "/run/opengl-driver", false, true).
+			Bind("/run/pppd", "/run/pppd", false, true).
+			Bind("/run/resolvconf", "/run/resolvconf", false, true).
+			Bind("/run/sddm", "/run/sddm", false, true).
+			Bind("/run/store", "/run/store", false, true).
+			Bind("/run/syncoid", "/run/syncoid", false, true).
+			Bind("/run/system", "/run/system", false, true).
+			Bind("/run/systemd", "/run/systemd", false, true).
+			Bind("/run/tmpfiles.d", "/run/tmpfiles.d", false, true).
+			Bind("/run/udev", "/run/udev", false, true).
+			Bind("/run/udisks2", "/run/udisks2", false, true).
+			Bind("/run/utmp", "/run/utmp", false, true).
+			Bind("/run/virtlogd.pid", "/run/virtlogd.pid", false, true).
+			Bind("/run/wrappers", "/run/wrappers", false, true).
+			Bind("/run/zed.pid", "/run/zed.pid", false, true).
+			Bind("/run/zed.state", "/run/zed.state", false, true).
+			Bind("/dev/dri", "/dev/dri", true, true, true).
+			Symlink("/dev/fortify/etc/alsa", "/etc/alsa").
+			Symlink("/dev/fortify/etc/bashrc", "/etc/bashrc").
+			Symlink("/dev/fortify/etc/binfmt.d", "/etc/binfmt.d").
+			Symlink("/dev/fortify/etc/dbus-1", "/etc/dbus-1").
+			Symlink("/dev/fortify/etc/default", "/etc/default").
+			Symlink("/dev/fortify/etc/ethertypes", "/etc/ethertypes").
+			Symlink("/dev/fortify/etc/fonts", "/etc/fonts").
+			Symlink("/dev/fortify/etc/fstab", "/etc/fstab").
+			Symlink("/dev/fortify/etc/fuse.conf", "/etc/fuse.conf").
+			Symlink("/dev/fortify/etc/host.conf", "/etc/host.conf").
+			Symlink("/dev/fortify/etc/hostid", "/etc/hostid").
+			Symlink("/dev/fortify/etc/hostname", "/etc/hostname").
+			Symlink("/dev/fortify/etc/hostname.CHECKSUM", "/etc/hostname.CHECKSUM").
+			Symlink("/dev/fortify/etc/hosts", "/etc/hosts").
+			Symlink("/dev/fortify/etc/inputrc", "/etc/inputrc").
+			Symlink("/dev/fortify/etc/ipsec.d", "/etc/ipsec.d").
+			Symlink("/dev/fortify/etc/issue", "/etc/issue").
+			Symlink("/dev/fortify/etc/kbd", "/etc/kbd").
+			Symlink("/dev/fortify/etc/libblockdev", "/etc/libblockdev").
+			Symlink("/dev/fortify/etc/locale.conf", "/etc/locale.conf").
+			Symlink("/dev/fortify/etc/localtime", "/etc/localtime").
+			Symlink("/dev/fortify/etc/login.defs", "/etc/login.defs").
+			Symlink("/dev/fortify/etc/lsb-release", "/etc/lsb-release").
+			Symlink("/dev/fortify/etc/lvm", "/etc/lvm").
+			Symlink("/dev/fortify/etc/machine-id", "/etc/machine-id").
+			Symlink("/dev/fortify/etc/man_db.conf", "/etc/man_db.conf").
+			Symlink("/dev/fortify/etc/modprobe.d", "/etc/modprobe.d").
+			Symlink("/dev/fortify/etc/modules-load.d", "/etc/modules-load.d").
+			Symlink("/proc/mounts", "/etc/mtab").
+			Symlink("/dev/fortify/etc/nanorc", "/etc/nanorc").
+			Symlink("/dev/fortify/etc/netgroup", "/etc/netgroup").
+			Symlink("/dev/fortify/etc/NetworkManager", "/etc/NetworkManager").
+			Symlink("/dev/fortify/etc/nix", "/etc/nix").
+			Symlink("/dev/fortify/etc/nixos", "/etc/nixos").
+			Symlink("/dev/fortify/etc/NIXOS", "/etc/NIXOS").
+			Symlink("/dev/fortify/etc/nscd.conf", "/etc/nscd.conf").
+			Symlink("/dev/fortify/etc/nsswitch.conf", "/etc/nsswitch.conf").
+			Symlink("/dev/fortify/etc/opensnitchd", "/etc/opensnitchd").
+			Symlink("/dev/fortify/etc/os-release", "/etc/os-release").
+			Symlink("/dev/fortify/etc/pam", "/etc/pam").
+			Symlink("/dev/fortify/etc/pam.d", "/etc/pam.d").
+			Symlink("/dev/fortify/etc/pipewire", "/etc/pipewire").
+			Symlink("/dev/fortify/etc/pki", "/etc/pki").
+			Symlink("/dev/fortify/etc/polkit-1", "/etc/polkit-1").
+			Symlink("/dev/fortify/etc/profile", "/etc/profile").
+			Symlink("/dev/fortify/etc/protocols", "/etc/protocols").
+			Symlink("/dev/fortify/etc/qemu", "/etc/qemu").
+			Symlink("/dev/fortify/etc/resolv.conf", "/etc/resolv.conf").
+			Symlink("/dev/fortify/etc/resolvconf.conf", "/etc/resolvconf.conf").
+			Symlink("/dev/fortify/etc/rpc", "/etc/rpc").
+			Symlink("/dev/fortify/etc/samba", "/etc/samba").
+			Symlink("/dev/fortify/etc/sddm.conf", "/etc/sddm.conf").
+			Symlink("/dev/fortify/etc/secureboot", "/etc/secureboot").
+			Symlink("/dev/fortify/etc/services", "/etc/services").
+			Symlink("/dev/fortify/etc/set-environment", "/etc/set-environment").
+			Symlink("/dev/fortify/etc/shadow", "/etc/shadow").
+			Symlink("/dev/fortify/etc/shells", "/etc/shells").
+			Symlink("/dev/fortify/etc/ssh", "/etc/ssh").
+			Symlink("/dev/fortify/etc/ssl", "/etc/ssl").
+			Symlink("/dev/fortify/etc/static", "/etc/static").
+			Symlink("/dev/fortify/etc/subgid", "/etc/subgid").
+			Symlink("/dev/fortify/etc/subuid", "/etc/subuid").
+			Symlink("/dev/fortify/etc/sudoers", "/etc/sudoers").
+			Symlink("/dev/fortify/etc/sysctl.d", "/etc/sysctl.d").
+			Symlink("/dev/fortify/etc/systemd", "/etc/systemd").
+			Symlink("/dev/fortify/etc/terminfo", "/etc/terminfo").
+			Symlink("/dev/fortify/etc/tmpfiles.d", "/etc/tmpfiles.d").
+			Symlink("/dev/fortify/etc/udev", "/etc/udev").
+			Symlink("/dev/fortify/etc/udisks2", "/etc/udisks2").
+			Symlink("/dev/fortify/etc/UPower", "/etc/UPower").
+			Symlink("/dev/fortify/etc/vconsole.conf", "/etc/vconsole.conf").
+			Symlink("/dev/fortify/etc/X11", "/etc/X11").
+			Symlink("/dev/fortify/etc/zfs", "/etc/zfs").
+			Symlink("/dev/fortify/etc/zinputrc", "/etc/zinputrc").
+			Symlink("/dev/fortify/etc/zoneinfo", "/etc/zoneinfo").
+			Symlink("/dev/fortify/etc/zprofile", "/etc/zprofile").
+			Symlink("/dev/fortify/etc/zshenv", "/etc/zshenv").
+			Symlink("/dev/fortify/etc/zshrc", "/etc/zshrc").
+			Bind("/tmp/fortify.1971/tmpdir/150", "/tmp", false, true).
+			Tmpfs("/tmp/fortify.1971", 1048576).
+			Tmpfs("/run/user", 1048576).
+			Tmpfs("/run/user/150", 8388608).
+			Bind("/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c/passwd", "/etc/passwd").
+			Bind("/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c/group", "/etc/group").
+			Bind("/run/user/1971/fortify/ebf083d1b175911782d413369b64ce7c/wayland", "/run/user/150/wayland-0").
+			Bind("/run/user/1971/fortify/ebf083d1b175911782d413369b64ce7c/pulse", "/run/user/150/pulse/native").
+			Bind("/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c/pulse-cookie", "/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c/pulse-cookie").
+			Bind("/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c/bus", "/run/user/150/bus").
+			Bind("/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c/system_bus_socket", "/run/dbus/system_bus_socket").
+			Tmpfs("/var/run/nscd", 8192),
+	},
 }
 
 // fs methods are not implemented using a real FS
@@ -206,6 +463,14 @@ func (s *stubNixOS) LookupEnv(key string) (string, bool) {
 		return "/run/current-system/sw/bin/zsh", true
 	case "TERM":
 		return "xterm-256color", true
+	case "WAYLAND_DISPLAY":
+		return "wayland-0", true
+	case "PULSE_COOKIE":
+		return "", false
+	case "HOME":
+		return "/home/ophestra", true
+	case "XDG_CONFIG_HOME":
+		return "/home/ophestra/xdg/config", true
 	default:
 		panic(fmt.Sprintf("attempted to access unexpected environment variable %q", key))
 	}
@@ -225,6 +490,8 @@ func (s *stubNixOS) LookPath(file string) (string, error) {
 	switch file {
 	case "sudo":
 		return "/run/wrappers/bin/sudo", nil
+	case "machinectl":
+		return "/home/ophestra/.nix-profile/bin/machinectl", nil
 	default:
 		panic(fmt.Sprintf("attempted to look up unexpected executable %q", file))
 	}
@@ -288,6 +555,14 @@ func (s *stubNixOS) Stat(name string) (fs.FileInfo, error) {
 	switch name {
 	case "/var/run/nscd":
 		return nil, nil
+	case "/run/user/1971/pulse":
+		return nil, nil
+	case "/run/user/1971/pulse/native":
+		return stubFileInfoMode(0666), nil
+	case "/home/ophestra/.pulse-cookie":
+		return stubFileInfoIsDir(true), nil
+	case "/home/ophestra/xdg/config/pulse/cookie":
+		return stubFileInfoIsDir(false), nil
 	default:
 		panic(fmt.Sprintf("attempted to stat unexpected path %q", name))
 	}
diff --git a/internal/app/app_test.go b/internal/app/app_test.go
index 2d7958b..fd223af 100644
--- a/internal/app/app_test.go
+++ b/internal/app/app_test.go
@@ -4,6 +4,7 @@ import (
 	"io/fs"
 	"reflect"
 	"testing"
+	"time"
 
 	"git.ophivana.moe/security/fortify/helper/bwrap"
 	"git.ophivana.moe/security/fortify/internal"
@@ -79,3 +80,55 @@ func (p stubDirEntryPath) Type() fs.FileMode {
 func (p stubDirEntryPath) Info() (fs.FileInfo, error) {
 	panic("attempted to call Info")
 }
+
+type stubFileInfoMode fs.FileMode
+
+func (s stubFileInfoMode) Name() string {
+	panic("attempted to call Name")
+}
+
+func (s stubFileInfoMode) Size() int64 {
+	panic("attempted to call Size")
+}
+
+func (s stubFileInfoMode) Mode() fs.FileMode {
+	return fs.FileMode(s)
+}
+
+func (s stubFileInfoMode) ModTime() time.Time {
+	panic("attempted to call ModTime")
+}
+
+func (s stubFileInfoMode) IsDir() bool {
+	panic("attempted to call IsDir")
+}
+
+func (s stubFileInfoMode) Sys() any {
+	panic("attempted to call Sys")
+}
+
+type stubFileInfoIsDir bool
+
+func (s stubFileInfoIsDir) Name() string {
+	panic("attempted to call Name")
+}
+
+func (s stubFileInfoIsDir) Size() int64 {
+	panic("attempted to call Size")
+}
+
+func (s stubFileInfoIsDir) Mode() fs.FileMode {
+	panic("attempted to call Mode")
+}
+
+func (s stubFileInfoIsDir) ModTime() time.Time {
+	panic("attempted to call ModTime")
+}
+
+func (s stubFileInfoIsDir) IsDir() bool {
+	return bool(s)
+}
+
+func (s stubFileInfoIsDir) Sys() any {
+	panic("attempted to call Sys")
+}
diff --git a/internal/system/dbus.go b/internal/system/dbus.go
index 7c003e4..349963c 100644
--- a/internal/system/dbus.go
+++ b/internal/system/dbus.go
@@ -12,6 +12,14 @@ var (
 	ErrDBusConfig = errors.New("dbus config not supplied")
 )
 
+func (sys *I) MustProxyDBus(sessionPath string, session *dbus.Config, systemPath string, system *dbus.Config) *I {
+	if err := sys.ProxyDBus(session, system, sessionPath, systemPath); err != nil {
+		panic(err.Error())
+	} else {
+		return sys
+	}
+}
+
 func (sys *I) ProxyDBus(session, system *dbus.Config, sessionPath, systemPath string) error {
 	d := new(DBus)
 
@@ -144,7 +152,9 @@ func (d *DBus) revert(_ *I, _ *Criteria) error {
 
 func (d *DBus) Is(o Op) bool {
 	d0, ok := o.(*DBus)
-	return ok && d0 != nil && *d == *d0
+	return ok && d0 != nil &&
+		((d.proxy == nil && d0.proxy == nil) ||
+			(d.proxy != nil && d0.proxy != nil && d.proxy.String() == d0.proxy.String()))
 }
 
 func (d *DBus) Path() string {