dbus: use name resolved by exec.Command

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
Ophestra 2024-10-07 16:55:27 +09:00
parent 85407dd3c0
commit 55a5b6f242
Signed by: cat
SSH Key Fingerprint: SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
5 changed files with 20 additions and 29 deletions

View File

@ -9,12 +9,16 @@ import (
"git.ophivana.moe/cat/fortify/helper" "git.ophivana.moe/cat/fortify/helper"
) )
// ProxyName is the file name or path to the proxy program.
// Overriding ProxyName will only affect Proxy instance created after the change.
var ProxyName = "xdg-dbus-proxy"
// Proxy holds references to a xdg-dbus-proxy process, and should never be copied. // Proxy holds references to a xdg-dbus-proxy process, and should never be copied.
// Once sealed, configuration changes will no longer be possible and attempting to do so will result in a panic. // Once sealed, configuration changes will no longer be possible and attempting to do so will result in a panic.
type Proxy struct { type Proxy struct {
helper helper.Helper helper helper.Helper
path string name string
session [2]string session [2]string
system [2]string system [2]string
@ -75,6 +79,6 @@ func (p *Proxy) Seal(session, system *Config) error {
} }
// New returns a reference to a new unsealed Proxy. // New returns a reference to a new unsealed Proxy.
func New(binPath string, session, system [2]string) *Proxy { func New(session, system [2]string) *Proxy {
return &Proxy{path: binPath, session: session, system: system} return &Proxy{name: ProxyName, session: session, system: system}
} }

View File

@ -9,10 +9,6 @@ import (
"git.ophivana.moe/cat/fortify/helper" "git.ophivana.moe/cat/fortify/helper"
) )
const (
binPath = "/usr/bin/bwrap"
)
func TestNew(t *testing.T) { func TestNew(t *testing.T) {
for _, tc := range [][2][2]string{ for _, tc := range [][2][2]string{
{ {
@ -33,9 +29,9 @@ func TestNew(t *testing.T) {
}, },
} { } {
t.Run("create instance for "+tc[0][0]+" and "+tc[1][0], func(t *testing.T) { t.Run("create instance for "+tc[0][0]+" and "+tc[1][0], func(t *testing.T) {
if got := dbus.New(binPath, tc[0], tc[1]); !got.CompareTestNew(binPath, tc[0], tc[1]) { if got := dbus.New(tc[0], tc[1]); !got.CompareTestNew(tc[0], tc[1]) {
t.Errorf("New(%q, %q, %q) = %v", t.Errorf("New(%q, %q) = %v",
binPath, tc[0], tc[1], tc[0], tc[1],
got) got)
} }
}) })
@ -52,12 +48,12 @@ func TestProxy_Seal(t *testing.T) {
} }
}() }()
p := dbus.New(binPath, [2]string{}, [2]string{}) p := dbus.New([2]string{}, [2]string{})
_ = p.Seal(dbus.NewConfig("", true, false), nil) _ = p.Seal(dbus.NewConfig("", true, false), nil)
_ = p.Seal(dbus.NewConfig("", true, false), nil) _ = p.Seal(dbus.NewConfig("", true, false), nil)
}) })
ep := dbus.New(binPath, [2]string{}, [2]string{}) ep := dbus.New([2]string{}, [2]string{})
if err := ep.Seal(nil, nil); !errors.Is(err, dbus.ErrConfig) { if err := ep.Seal(nil, nil); !errors.Is(err, dbus.ErrConfig) {
t.Errorf("Seal(nil, nil) error = %v, want %v", t.Errorf("Seal(nil, nil) error = %v, want %v",
err, dbus.ErrConfig) err, dbus.ErrConfig)
@ -65,7 +61,7 @@ func TestProxy_Seal(t *testing.T) {
for id, tc := range testCasePairs() { for id, tc := range testCasePairs() {
t.Run("create seal for "+id, func(t *testing.T) { t.Run("create seal for "+id, func(t *testing.T) {
p := dbus.New(binPath, tc[0].bus, tc[1].bus) p := dbus.New(tc[0].bus, tc[1].bus)
if err := p.Seal(tc[0].c, tc[1].c); (errors.Is(err, helper.ErrContainsNull)) != tc[0].wantErr { if err := p.Seal(tc[0].c, tc[1].c); (errors.Is(err, helper.ErrContainsNull)) != tc[0].wantErr {
t.Errorf("Seal(%p, %p) error = %v, wantErr %v", t.Errorf("Seal(%p, %p) error = %v, wantErr %v",
tc[0].c, tc[1].c, tc[0].c, tc[1].c,
@ -119,7 +115,7 @@ func TestProxy_Start_Wait_Close_String(t *testing.T) {
t.Run("proxy for "+id, func(t *testing.T) { t.Run("proxy for "+id, func(t *testing.T) {
helper.InternalReplaceExecCommand(t) helper.InternalReplaceExecCommand(t)
p := dbus.New(binPath, tc[0].bus, tc[1].bus) p := dbus.New(tc[0].bus, tc[1].bus)
t.Run("unsealed behaviour of "+id, func(t *testing.T) { t.Run("unsealed behaviour of "+id, func(t *testing.T) {
t.Run("unsealed string of "+id, func(t *testing.T) { t.Run("unsealed string of "+id, func(t *testing.T) {
@ -164,7 +160,7 @@ func TestProxy_Start_Wait_Close_String(t *testing.T) {
} }
t.Run("started string of "+id, func(t *testing.T) { t.Run("started string of "+id, func(t *testing.T) {
wantSubstr := binPath + " --args=3" wantSubstr := dbus.ProxyName + " --args=3"
if got := p.String(); !strings.Contains(got, wantSubstr) { if got := p.String(); !strings.Contains(got, wantSubstr) {
t.Errorf("String() = %v, want %v", t.Errorf("String() = %v, want %v",
p.String(), wantSubstr) p.String(), wantSubstr)

View File

@ -3,8 +3,8 @@ package dbus
import "io" import "io"
// CompareTestNew provides TestNew with comparison access to unexported Proxy fields. // CompareTestNew provides TestNew with comparison access to unexported Proxy fields.
func (p *Proxy) CompareTestNew(path string, session, system [2]string) bool { func (p *Proxy) CompareTestNew(session, system [2]string) bool {
return path == p.path && session == p.session && system == p.system return session == p.session && system == p.system
} }
// AccessTestProxySeal provides TestProxy_Seal with access to unexported Proxy seal field. // AccessTestProxySeal provides TestProxy_Seal with access to unexported Proxy seal field.

View File

@ -18,7 +18,7 @@ func (p *Proxy) Start(ready chan error, output io.Writer) error {
return errors.New("proxy not sealed") return errors.New("proxy not sealed")
} }
h := helper.New(p.seal, p.path, h := helper.New(p.seal, p.name,
func(argsFD, statFD int) []string { func(argsFD, statFD int) []string {
if statFD == -1 { if statFD == -1 {
return []string{"--args=" + strconv.Itoa(argsFD)} return []string{"--args=" + strconv.Itoa(argsFD)}

View File

@ -4,7 +4,6 @@ import (
"errors" "errors"
"fmt" "fmt"
"os" "os"
"os/exec"
"path" "path"
"git.ophivana.moe/cat/fortify/acl" "git.ophivana.moe/cat/fortify/acl"
@ -16,13 +15,10 @@ import (
const ( const (
dbusSessionBusAddress = "DBUS_SESSION_BUS_ADDRESS" dbusSessionBusAddress = "DBUS_SESSION_BUS_ADDRESS"
dbusSystemBusAddress = "DBUS_SYSTEM_BUS_ADDRESS" dbusSystemBusAddress = "DBUS_SYSTEM_BUS_ADDRESS"
xdgDBusProxy = "xdg-dbus-proxy"
) )
var ( var (
ErrDBusConfig = errors.New("dbus config not supplied") ErrDBusConfig = errors.New("dbus config not supplied")
ErrDBusProxy = errors.New(xdgDBusProxy + " not found")
) )
type ( type (
@ -68,13 +64,8 @@ func (seal *appSeal) shareDBus(config [2]*dbus.Config) error {
systemBus[0] = addr systemBus[0] = addr
} }
// look up proxy program path for dbus.New // create proxy instance
if b, err := exec.LookPath(xdgDBusProxy); err != nil { seal.sys.dbus = dbus.New(sessionBus, systemBus)
return (*LookupDBusError)(wrapError(ErrDBusProxy, xdgDBusProxy, "not found"))
} else {
// create proxy instance
seal.sys.dbus = dbus.New(b, sessionBus, systemBus)
}
// seal dbus proxy // seal dbus proxy
if err := seal.sys.dbus.Seal(config[0], config[1]); err != nil { if err := seal.sys.dbus.Seal(config[0], config[1]); err != nil {