system: move enablements from state package

This removes the unnecessary import of the state package.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
Ophestra 2024-10-16 14:38:57 +09:00
parent 084cd84f36
commit c21168a741
Signed by: cat
SSH Key Fingerprint: SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
17 changed files with 63 additions and 67 deletions

View File

@ -9,7 +9,7 @@ import (
"git.ophivana.moe/cat/fortify/dbus"
"git.ophivana.moe/cat/fortify/internal"
"git.ophivana.moe/cat/fortify/internal/app"
"git.ophivana.moe/cat/fortify/internal/state"
"git.ophivana.moe/cat/fortify/internal/system"
)
var (
@ -24,7 +24,7 @@ var (
dbusVerbose bool
userName string
enablements [state.EnableLength]bool
enablements [system.ELen]bool
launchMethodText string
)
@ -42,10 +42,10 @@ func init() {
flag.BoolVar(&dbusVerbose, "dbus-log", false, "Force logging in the D-Bus proxy")
flag.StringVar(&userName, "u", "chronos", "Passwd name of user to run as")
flag.BoolVar(&enablements[state.EnableWayland], "wayland", false, "Share Wayland socket")
flag.BoolVar(&enablements[state.EnableX], "X", false, "Share X11 socket and allow connection")
flag.BoolVar(&enablements[state.EnableDBus], "dbus", false, "Proxy D-Bus connection")
flag.BoolVar(&enablements[state.EnablePulse], "pulse", false, "Share PulseAudio socket and cookie")
flag.BoolVar(&enablements[system.EWayland], "wayland", false, "Share Wayland socket")
flag.BoolVar(&enablements[system.EX11], "X", false, "Share X11 socket and allow connection")
flag.BoolVar(&enablements[system.EDBus], "dbus", false, "Proxy D-Bus connection")
flag.BoolVar(&enablements[system.EPulse], "pulse", false, "Share PulseAudio socket and cookie")
}
func init() {
@ -98,14 +98,14 @@ func configFromFlags() (config *app.Config) {
}
// enablements from flags
for i := state.Enablement(0); i < state.EnableLength; i++ {
for i := system.Enablement(0); i < system.Enablement(system.ELen); i++ {
if enablements[i] {
config.Confinement.Enablements.Set(i)
}
}
// parse D-Bus config file from flags if applicable
if enablements[state.EnableDBus] {
if enablements[system.EDBus] {
if dbusConfigSession == "builtin" {
config.Confinement.SessionBus = dbus.NewConfig(dbusID, true, mpris)
} else {

View File

@ -6,7 +6,7 @@ import (
"git.ophivana.moe/cat/fortify/dbus"
"git.ophivana.moe/cat/fortify/helper/bwrap"
"git.ophivana.moe/cat/fortify/internal/state"
"git.ophivana.moe/cat/fortify/internal/system"
)
func init() {
@ -41,7 +41,7 @@ type ConfinementConfig struct {
SessionBus *dbus.Config `json:"session_bus,omitempty"`
// child capability enablements
Enablements state.Enablements `json:"enablements"`
Enablements system.Enablements `json:"enablements"`
}
// SandboxConfig describes resources made available to the sandbox.
@ -171,7 +171,7 @@ func Template() *Config {
Log: false,
Filter: true,
},
Enablements: state.EnableWayland.Mask() | state.EnableDBus.Mask() | state.EnablePulse.Mask(),
Enablements: system.EWayland.Mask() | system.EDBus.Mask() | system.EPulse.Mask(),
},
}
}

View File

@ -167,7 +167,7 @@ func (a *app) Seal(config *Config) error {
conf.Override = append(conf.Override, nscd)
}
// bind GPU stuff
if config.Confinement.Enablements.Has(state.EnableX) || config.Confinement.Enablements.Has(state.EnableWayland) {
if config.Confinement.Enablements.Has(system.EX11) || config.Confinement.Enablements.Has(system.EWayland) {
conf.Filesystem = append(conf.Filesystem, &FilesystemConfig{Src: "/dev/dri", Device: true})
}
config.Confinement.Sandbox = conf

View File

@ -5,7 +5,7 @@ import (
"git.ophivana.moe/cat/fortify/acl"
"git.ophivana.moe/cat/fortify/dbus"
"git.ophivana.moe/cat/fortify/internal/state"
"git.ophivana.moe/cat/fortify/internal/system"
)
const (
@ -14,7 +14,7 @@ const (
)
func (seal *appSeal) shareDBus(config [2]*dbus.Config) error {
if !seal.et.Has(state.EnableDBus) {
if !seal.et.Has(system.EDBus) {
return nil
}

View File

@ -7,7 +7,7 @@ import (
"git.ophivana.moe/cat/fortify/acl"
"git.ophivana.moe/cat/fortify/internal/fmsg"
"git.ophivana.moe/cat/fortify/internal/state"
"git.ophivana.moe/cat/fortify/internal/system"
)
const (
@ -30,7 +30,7 @@ func (seal *appSeal) shareDisplay() error {
}
// set up wayland
if seal.et.Has(state.EnableWayland) {
if seal.et.Has(system.EWayland) {
if wd, ok := os.LookupEnv(waylandDisplay); !ok {
return fmsg.WrapError(ErrWayland,
"WAYLAND_DISPLAY is not set")
@ -44,7 +44,7 @@ func (seal *appSeal) shareDisplay() error {
seal.sys.bwrap.Bind(wpi, w)
// ensure Wayland socket ACL (e.g. `/run/user/%d/wayland-%d`)
seal.sys.UpdatePermType(state.EnableWayland, wp, acl.Read, acl.Write, acl.Execute)
seal.sys.UpdatePermType(system.EWayland, wp, acl.Read, acl.Write, acl.Execute)
} else {
// set wayland socket path (e.g. `/run/user/%d/wayland-%d`)
seal.wl = path.Join(seal.RuntimePath, wd)
@ -52,7 +52,7 @@ func (seal *appSeal) shareDisplay() error {
}
// set up X11
if seal.et.Has(state.EnableX) {
if seal.et.Has(system.EX11) {
// discover X11 and grant user permission via the `ChangeHosts` command
if d, ok := os.LookupEnv(display); !ok {
return fmsg.WrapError(ErrXDisplay,

View File

@ -8,7 +8,7 @@ import (
"path"
"git.ophivana.moe/cat/fortify/internal/fmsg"
"git.ophivana.moe/cat/fortify/internal/state"
"git.ophivana.moe/cat/fortify/internal/system"
)
const (
@ -26,7 +26,7 @@ var (
)
func (seal *appSeal) sharePulse() error {
if !seal.et.Has(state.EnablePulse) {
if !seal.et.Has(system.EPulse) {
return nil
}

View File

@ -202,8 +202,8 @@ func (a *app) Wait() (int, error) {
}
// enablements of remaining launchers
rt, ec := new(state.Enablements), new(system.Criteria)
ec.Enablements = new(state.Enablements)
rt, ec := new(system.Enablements), new(system.Criteria)
ec.Enablements = new(system.Enablements)
ec.Set(system.Process)
if states, err := b.Load(); err != nil {
return err
@ -222,14 +222,14 @@ func (a *app) Wait() (int, error) {
}
}
// invert accumulated enablements for cleanup
for i := state.Enablement(0); i < state.EnableLength; i++ {
for i := system.Enablement(0); i < system.Enablement(system.ELen); i++ {
if !rt.Has(i) {
ec.Set(i)
}
}
if verbose.Get() {
labels := make([]string, 0, state.EnableLength+1)
for i := state.Enablement(0); i < state.EnableLength+2; i++ {
labels := make([]string, 0, system.ELen+1)
for i := system.Enablement(0); i < system.Enablement(system.ELen+2); i++ {
if ec.Has(i) {
labels = append(labels, system.TypeString(i))
}

View File

@ -38,7 +38,7 @@ type appSeal struct {
// path to launcher program
toolPath string
// pass-through enablement tracking from config
et state.Enablements
et system.Enablements
// prevents sharing from happening twice
shared bool

View File

@ -10,6 +10,7 @@ import (
"text/tabwriter"
"time"
"git.ophivana.moe/cat/fortify/internal/system"
"git.ophivana.moe/cat/fortify/internal/verbose"
)
@ -85,7 +86,7 @@ func (s *simpleStore) mustPrintLauncherState(w **tabwriter.Writer, now time.Time
// build enablements string
ets := strings.Builder{}
// append enablement strings in order
for i := Enablement(0); i < EnableLength; i++ {
for i := system.Enablement(0); i < system.Enablement(system.ELen); i++ {
if state.Capability.Has(i) {
ets.WriteString(", " + i.String())
}

View File

@ -2,6 +2,8 @@ package state
import (
"time"
"git.ophivana.moe/cat/fortify/internal/system"
)
type Store interface {
@ -29,7 +31,7 @@ type State struct {
// command used to seal the app
Command []string
// capability enablements applied to child
Capability Enablements
Capability system.Enablements
// resolved launcher path
Launcher string

View File

@ -6,7 +6,6 @@ import (
"git.ophivana.moe/cat/fortify/acl"
"git.ophivana.moe/cat/fortify/internal/fmsg"
"git.ophivana.moe/cat/fortify/internal/state"
"git.ophivana.moe/cat/fortify/internal/verbose"
)
@ -16,7 +15,7 @@ func (sys *I) UpdatePerm(path string, perms ...acl.Perm) {
}
// UpdatePermType appends an acl update Op.
func (sys *I) UpdatePermType(et state.Enablement, path string, perms ...acl.Perm) {
func (sys *I) UpdatePermType(et Enablement, path string, perms ...acl.Perm) {
sys.lock.Lock()
defer sys.lock.Unlock()
@ -24,12 +23,12 @@ func (sys *I) UpdatePermType(et state.Enablement, path string, perms ...acl.Perm
}
type ACL struct {
et state.Enablement
et Enablement
path string
perms []acl.Perm
}
func (a *ACL) Type() state.Enablement {
func (a *ACL) Type() Enablement {
return a.et
}

View File

@ -7,7 +7,6 @@ import (
"git.ophivana.moe/cat/fortify/dbus"
"git.ophivana.moe/cat/fortify/internal/fmsg"
"git.ophivana.moe/cat/fortify/internal/state"
"git.ophivana.moe/cat/fortify/internal/verbose"
)
@ -69,7 +68,7 @@ type DBus struct {
done chan struct{}
}
func (d *DBus) Type() state.Enablement {
func (d *DBus) Type() Enablement {
return Process
}

View File

@ -1,4 +1,4 @@
package state
package system
type (
// Enablement represents an optional system resource
@ -8,21 +8,21 @@ type (
)
const (
EnableWayland Enablement = iota
EnableX
EnableDBus
EnablePulse
EnableLength
EWayland Enablement = iota
EX11
EDBus
EPulse
)
var enablementString = [EnableLength]string{
"Wayland",
"X11",
"D-Bus",
"PulseAudio",
var enablementString = [...]string{
EWayland: "Wayland",
EX11: "X11",
EDBus: "D-Bus",
EPulse: "PulseAudio",
}
const ELen = len(enablementString)
func (e Enablement) String() string {
return enablementString[e]
}

View File

@ -6,7 +6,6 @@ import (
"os"
"git.ophivana.moe/cat/fortify/internal/fmsg"
"git.ophivana.moe/cat/fortify/internal/state"
"git.ophivana.moe/cat/fortify/internal/verbose"
)
@ -19,7 +18,7 @@ func (sys *I) Ensure(name string, perm os.FileMode) {
}
// Ephemeral ensures the temporary existence and mode of a directory through the life of et.
func (sys *I) Ephemeral(et state.Enablement, name string, perm os.FileMode) {
func (sys *I) Ephemeral(et Enablement, name string, perm os.FileMode) {
sys.lock.Lock()
defer sys.lock.Unlock()
@ -27,13 +26,13 @@ func (sys *I) Ephemeral(et state.Enablement, name string, perm os.FileMode) {
}
type Mkdir struct {
et state.Enablement
et Enablement
path string
perm os.FileMode
ephemeral bool
}
func (m *Mkdir) Type() state.Enablement {
func (m *Mkdir) Type() Enablement {
return m.et
}

View File

@ -4,19 +4,17 @@ import (
"errors"
"fmt"
"sync"
"git.ophivana.moe/cat/fortify/internal/state"
)
const (
// Process type is unconditionally reverted on exit.
Process = state.EnableLength + 1
// User type is reverted at final launcher exit.
User = state.EnableLength
User = Enablement(ELen)
// Process type is unconditionally reverted on exit.
Process = Enablement(ELen + 1)
)
type Criteria struct {
*state.Enablements
*Enablements
}
func (ec *Criteria) hasType(o Op) bool {
@ -31,7 +29,7 @@ func (ec *Criteria) hasType(o Op) bool {
// Op is a reversible system operation.
type Op interface {
// Type returns Op's enablement type.
Type() state.Enablement
Type() Enablement
// apply the Op
apply(sys *I) error
@ -43,7 +41,7 @@ type Op interface {
String() string
}
func TypeString(e state.Enablement) string {
func TypeString(e Enablement) string {
switch e {
case User:
return "User"

View File

@ -9,7 +9,6 @@ import (
"git.ophivana.moe/cat/fortify/acl"
"git.ophivana.moe/cat/fortify/internal/fmsg"
"git.ophivana.moe/cat/fortify/internal/state"
"git.ophivana.moe/cat/fortify/internal/verbose"
)
@ -19,7 +18,7 @@ func (sys *I) CopyFile(dst, src string) {
}
// CopyFileType registers a file copying Op labelled with type et.
func (sys *I) CopyFileType(et state.Enablement, dst, src string) {
func (sys *I) CopyFileType(et Enablement, dst, src string) {
sys.lock.Lock()
sys.ops = append(sys.ops, &Tmpfile{et, tmpfileCopy, dst, src})
sys.lock.Unlock()
@ -33,7 +32,7 @@ func (sys *I) Link(oldname, newname string) {
}
// LinkFileType registers a file linking Op labelled with type et.
func (sys *I) LinkFileType(et state.Enablement, oldname, newname string) {
func (sys *I) LinkFileType(et Enablement, oldname, newname string) {
sys.lock.Lock()
defer sys.lock.Unlock()
@ -46,7 +45,7 @@ func (sys *I) Write(dst, src string) {
}
// WriteType registers a file writing Op labelled with type et.
func (sys *I) WriteType(et state.Enablement, dst, src string) {
func (sys *I) WriteType(et Enablement, dst, src string) {
sys.lock.Lock()
sys.ops = append(sys.ops, &Tmpfile{et, tmpfileWrite, dst, src})
sys.lock.Unlock()
@ -61,12 +60,12 @@ const (
)
type Tmpfile struct {
et state.Enablement
et Enablement
method uint8
dst, src string
}
func (t *Tmpfile) Type() state.Enablement {
func (t *Tmpfile) Type() Enablement {
return t.et
}

View File

@ -4,7 +4,6 @@ import (
"fmt"
"git.ophivana.moe/cat/fortify/internal/fmsg"
"git.ophivana.moe/cat/fortify/internal/state"
"git.ophivana.moe/cat/fortify/internal/verbose"
"git.ophivana.moe/cat/fortify/xcb"
)
@ -19,8 +18,8 @@ func (sys *I) ChangeHosts(username string) {
type XHost string
func (x XHost) Type() state.Enablement {
return state.EnableX
func (x XHost) Type() Enablement {
return EX11
}
func (x XHost) apply(_ *I) error {