diff --git a/config.go b/config.go index a4e27e7..aadf87f 100644 --- a/config.go +++ b/config.go @@ -9,7 +9,7 @@ import ( "git.ophivana.moe/cat/fortify/dbus" "git.ophivana.moe/cat/fortify/internal" "git.ophivana.moe/cat/fortify/internal/app" - "git.ophivana.moe/cat/fortify/internal/state" + "git.ophivana.moe/cat/fortify/internal/system" ) var ( @@ -24,7 +24,7 @@ var ( dbusVerbose bool userName string - enablements [state.EnableLength]bool + enablements [system.ELen]bool launchMethodText string ) @@ -42,10 +42,10 @@ func init() { flag.BoolVar(&dbusVerbose, "dbus-log", false, "Force logging in the D-Bus proxy") flag.StringVar(&userName, "u", "chronos", "Passwd name of user to run as") - flag.BoolVar(&enablements[state.EnableWayland], "wayland", false, "Share Wayland socket") - flag.BoolVar(&enablements[state.EnableX], "X", false, "Share X11 socket and allow connection") - flag.BoolVar(&enablements[state.EnableDBus], "dbus", false, "Proxy D-Bus connection") - flag.BoolVar(&enablements[state.EnablePulse], "pulse", false, "Share PulseAudio socket and cookie") + flag.BoolVar(&enablements[system.EWayland], "wayland", false, "Share Wayland socket") + flag.BoolVar(&enablements[system.EX11], "X", false, "Share X11 socket and allow connection") + flag.BoolVar(&enablements[system.EDBus], "dbus", false, "Proxy D-Bus connection") + flag.BoolVar(&enablements[system.EPulse], "pulse", false, "Share PulseAudio socket and cookie") } func init() { @@ -98,14 +98,14 @@ func configFromFlags() (config *app.Config) { } // enablements from flags - for i := state.Enablement(0); i < state.EnableLength; i++ { + for i := system.Enablement(0); i < system.Enablement(system.ELen); i++ { if enablements[i] { config.Confinement.Enablements.Set(i) } } // parse D-Bus config file from flags if applicable - if enablements[state.EnableDBus] { + if enablements[system.EDBus] { if dbusConfigSession == "builtin" { config.Confinement.SessionBus = dbus.NewConfig(dbusID, true, mpris) } else { diff --git a/internal/app/config.go b/internal/app/config.go index 72648f0..9a6e18e 100644 --- a/internal/app/config.go +++ b/internal/app/config.go @@ -6,7 +6,7 @@ import ( "git.ophivana.moe/cat/fortify/dbus" "git.ophivana.moe/cat/fortify/helper/bwrap" - "git.ophivana.moe/cat/fortify/internal/state" + "git.ophivana.moe/cat/fortify/internal/system" ) func init() { @@ -41,7 +41,7 @@ type ConfinementConfig struct { SessionBus *dbus.Config `json:"session_bus,omitempty"` // child capability enablements - Enablements state.Enablements `json:"enablements"` + Enablements system.Enablements `json:"enablements"` } // SandboxConfig describes resources made available to the sandbox. @@ -171,7 +171,7 @@ func Template() *Config { Log: false, Filter: true, }, - Enablements: state.EnableWayland.Mask() | state.EnableDBus.Mask() | state.EnablePulse.Mask(), + Enablements: system.EWayland.Mask() | system.EDBus.Mask() | system.EPulse.Mask(), }, } } diff --git a/internal/app/seal.go b/internal/app/seal.go index 76ce8d3..f8031b7 100644 --- a/internal/app/seal.go +++ b/internal/app/seal.go @@ -167,7 +167,7 @@ func (a *app) Seal(config *Config) error { conf.Override = append(conf.Override, nscd) } // bind GPU stuff - if config.Confinement.Enablements.Has(state.EnableX) || config.Confinement.Enablements.Has(state.EnableWayland) { + if config.Confinement.Enablements.Has(system.EX11) || config.Confinement.Enablements.Has(system.EWayland) { conf.Filesystem = append(conf.Filesystem, &FilesystemConfig{Src: "/dev/dri", Device: true}) } config.Confinement.Sandbox = conf diff --git a/internal/app/share.dbus.go b/internal/app/share.dbus.go index 6b0ff43..f9efc7b 100644 --- a/internal/app/share.dbus.go +++ b/internal/app/share.dbus.go @@ -5,7 +5,7 @@ import ( "git.ophivana.moe/cat/fortify/acl" "git.ophivana.moe/cat/fortify/dbus" - "git.ophivana.moe/cat/fortify/internal/state" + "git.ophivana.moe/cat/fortify/internal/system" ) const ( @@ -14,7 +14,7 @@ const ( ) func (seal *appSeal) shareDBus(config [2]*dbus.Config) error { - if !seal.et.Has(state.EnableDBus) { + if !seal.et.Has(system.EDBus) { return nil } diff --git a/internal/app/share.display.go b/internal/app/share.display.go index 2675c01..d6b28ea 100644 --- a/internal/app/share.display.go +++ b/internal/app/share.display.go @@ -7,7 +7,7 @@ import ( "git.ophivana.moe/cat/fortify/acl" "git.ophivana.moe/cat/fortify/internal/fmsg" - "git.ophivana.moe/cat/fortify/internal/state" + "git.ophivana.moe/cat/fortify/internal/system" ) const ( @@ -30,7 +30,7 @@ func (seal *appSeal) shareDisplay() error { } // set up wayland - if seal.et.Has(state.EnableWayland) { + if seal.et.Has(system.EWayland) { if wd, ok := os.LookupEnv(waylandDisplay); !ok { return fmsg.WrapError(ErrWayland, "WAYLAND_DISPLAY is not set") @@ -44,7 +44,7 @@ func (seal *appSeal) shareDisplay() error { seal.sys.bwrap.Bind(wpi, w) // ensure Wayland socket ACL (e.g. `/run/user/%d/wayland-%d`) - seal.sys.UpdatePermType(state.EnableWayland, wp, acl.Read, acl.Write, acl.Execute) + seal.sys.UpdatePermType(system.EWayland, wp, acl.Read, acl.Write, acl.Execute) } else { // set wayland socket path (e.g. `/run/user/%d/wayland-%d`) seal.wl = path.Join(seal.RuntimePath, wd) @@ -52,7 +52,7 @@ func (seal *appSeal) shareDisplay() error { } // set up X11 - if seal.et.Has(state.EnableX) { + if seal.et.Has(system.EX11) { // discover X11 and grant user permission via the `ChangeHosts` command if d, ok := os.LookupEnv(display); !ok { return fmsg.WrapError(ErrXDisplay, diff --git a/internal/app/share.pulse.go b/internal/app/share.pulse.go index 0103b89..4076c51 100644 --- a/internal/app/share.pulse.go +++ b/internal/app/share.pulse.go @@ -8,7 +8,7 @@ import ( "path" "git.ophivana.moe/cat/fortify/internal/fmsg" - "git.ophivana.moe/cat/fortify/internal/state" + "git.ophivana.moe/cat/fortify/internal/system" ) const ( @@ -26,7 +26,7 @@ var ( ) func (seal *appSeal) sharePulse() error { - if !seal.et.Has(state.EnablePulse) { + if !seal.et.Has(system.EPulse) { return nil } diff --git a/internal/app/start.go b/internal/app/start.go index 9e54063..ff65c0d 100644 --- a/internal/app/start.go +++ b/internal/app/start.go @@ -202,8 +202,8 @@ func (a *app) Wait() (int, error) { } // enablements of remaining launchers - rt, ec := new(state.Enablements), new(system.Criteria) - ec.Enablements = new(state.Enablements) + rt, ec := new(system.Enablements), new(system.Criteria) + ec.Enablements = new(system.Enablements) ec.Set(system.Process) if states, err := b.Load(); err != nil { return err @@ -222,14 +222,14 @@ func (a *app) Wait() (int, error) { } } // invert accumulated enablements for cleanup - for i := state.Enablement(0); i < state.EnableLength; i++ { + for i := system.Enablement(0); i < system.Enablement(system.ELen); i++ { if !rt.Has(i) { ec.Set(i) } } if verbose.Get() { - labels := make([]string, 0, state.EnableLength+1) - for i := state.Enablement(0); i < state.EnableLength+2; i++ { + labels := make([]string, 0, system.ELen+1) + for i := system.Enablement(0); i < system.Enablement(system.ELen+2); i++ { if ec.Has(i) { labels = append(labels, system.TypeString(i)) } diff --git a/internal/app/system.go b/internal/app/system.go index 5696647..4aeaec2 100644 --- a/internal/app/system.go +++ b/internal/app/system.go @@ -38,7 +38,7 @@ type appSeal struct { // path to launcher program toolPath string // pass-through enablement tracking from config - et state.Enablements + et system.Enablements // prevents sharing from happening twice shared bool diff --git a/internal/state/print.go b/internal/state/print.go index 8de5a59..fbd0110 100644 --- a/internal/state/print.go +++ b/internal/state/print.go @@ -10,6 +10,7 @@ import ( "text/tabwriter" "time" + "git.ophivana.moe/cat/fortify/internal/system" "git.ophivana.moe/cat/fortify/internal/verbose" ) @@ -85,7 +86,7 @@ func (s *simpleStore) mustPrintLauncherState(w **tabwriter.Writer, now time.Time // build enablements string ets := strings.Builder{} // append enablement strings in order - for i := Enablement(0); i < EnableLength; i++ { + for i := system.Enablement(0); i < system.Enablement(system.ELen); i++ { if state.Capability.Has(i) { ets.WriteString(", " + i.String()) } diff --git a/internal/state/state.go b/internal/state/state.go index 61aae2c..bc2be69 100644 --- a/internal/state/state.go +++ b/internal/state/state.go @@ -2,6 +2,8 @@ package state import ( "time" + + "git.ophivana.moe/cat/fortify/internal/system" ) type Store interface { @@ -29,7 +31,7 @@ type State struct { // command used to seal the app Command []string // capability enablements applied to child - Capability Enablements + Capability system.Enablements // resolved launcher path Launcher string diff --git a/internal/system/acl.go b/internal/system/acl.go index 9c89752..9fc047f 100644 --- a/internal/system/acl.go +++ b/internal/system/acl.go @@ -6,7 +6,6 @@ import ( "git.ophivana.moe/cat/fortify/acl" "git.ophivana.moe/cat/fortify/internal/fmsg" - "git.ophivana.moe/cat/fortify/internal/state" "git.ophivana.moe/cat/fortify/internal/verbose" ) @@ -16,7 +15,7 @@ func (sys *I) UpdatePerm(path string, perms ...acl.Perm) { } // UpdatePermType appends an acl update Op. -func (sys *I) UpdatePermType(et state.Enablement, path string, perms ...acl.Perm) { +func (sys *I) UpdatePermType(et Enablement, path string, perms ...acl.Perm) { sys.lock.Lock() defer sys.lock.Unlock() @@ -24,12 +23,12 @@ func (sys *I) UpdatePermType(et state.Enablement, path string, perms ...acl.Perm } type ACL struct { - et state.Enablement + et Enablement path string perms []acl.Perm } -func (a *ACL) Type() state.Enablement { +func (a *ACL) Type() Enablement { return a.et } diff --git a/internal/system/dbus.go b/internal/system/dbus.go index 3e4a6e6..21b8cef 100644 --- a/internal/system/dbus.go +++ b/internal/system/dbus.go @@ -7,7 +7,6 @@ import ( "git.ophivana.moe/cat/fortify/dbus" "git.ophivana.moe/cat/fortify/internal/fmsg" - "git.ophivana.moe/cat/fortify/internal/state" "git.ophivana.moe/cat/fortify/internal/verbose" ) @@ -69,7 +68,7 @@ type DBus struct { done chan struct{} } -func (d *DBus) Type() state.Enablement { +func (d *DBus) Type() Enablement { return Process } diff --git a/internal/state/enablement.go b/internal/system/enablement.go similarity index 72% rename from internal/state/enablement.go rename to internal/system/enablement.go index 9cc8f60..7876f6b 100644 --- a/internal/state/enablement.go +++ b/internal/system/enablement.go @@ -1,4 +1,4 @@ -package state +package system type ( // Enablement represents an optional system resource @@ -8,21 +8,21 @@ type ( ) const ( - EnableWayland Enablement = iota - EnableX - EnableDBus - EnablePulse - - EnableLength + EWayland Enablement = iota + EX11 + EDBus + EPulse ) -var enablementString = [EnableLength]string{ - "Wayland", - "X11", - "D-Bus", - "PulseAudio", +var enablementString = [...]string{ + EWayland: "Wayland", + EX11: "X11", + EDBus: "D-Bus", + EPulse: "PulseAudio", } +const ELen = len(enablementString) + func (e Enablement) String() string { return enablementString[e] } diff --git a/internal/system/mkdir.go b/internal/system/mkdir.go index 2c30363..9733b05 100644 --- a/internal/system/mkdir.go +++ b/internal/system/mkdir.go @@ -6,7 +6,6 @@ import ( "os" "git.ophivana.moe/cat/fortify/internal/fmsg" - "git.ophivana.moe/cat/fortify/internal/state" "git.ophivana.moe/cat/fortify/internal/verbose" ) @@ -19,7 +18,7 @@ func (sys *I) Ensure(name string, perm os.FileMode) { } // Ephemeral ensures the temporary existence and mode of a directory through the life of et. -func (sys *I) Ephemeral(et state.Enablement, name string, perm os.FileMode) { +func (sys *I) Ephemeral(et Enablement, name string, perm os.FileMode) { sys.lock.Lock() defer sys.lock.Unlock() @@ -27,13 +26,13 @@ func (sys *I) Ephemeral(et state.Enablement, name string, perm os.FileMode) { } type Mkdir struct { - et state.Enablement + et Enablement path string perm os.FileMode ephemeral bool } -func (m *Mkdir) Type() state.Enablement { +func (m *Mkdir) Type() Enablement { return m.et } diff --git a/internal/system/op.go b/internal/system/op.go index c3f93cd..a904018 100644 --- a/internal/system/op.go +++ b/internal/system/op.go @@ -4,19 +4,17 @@ import ( "errors" "fmt" "sync" - - "git.ophivana.moe/cat/fortify/internal/state" ) const ( - // Process type is unconditionally reverted on exit. - Process = state.EnableLength + 1 // User type is reverted at final launcher exit. - User = state.EnableLength + User = Enablement(ELen) + // Process type is unconditionally reverted on exit. + Process = Enablement(ELen + 1) ) type Criteria struct { - *state.Enablements + *Enablements } func (ec *Criteria) hasType(o Op) bool { @@ -31,7 +29,7 @@ func (ec *Criteria) hasType(o Op) bool { // Op is a reversible system operation. type Op interface { // Type returns Op's enablement type. - Type() state.Enablement + Type() Enablement // apply the Op apply(sys *I) error @@ -43,7 +41,7 @@ type Op interface { String() string } -func TypeString(e state.Enablement) string { +func TypeString(e Enablement) string { switch e { case User: return "User" diff --git a/internal/system/tmpfiles.go b/internal/system/tmpfiles.go index 2a9f724..ba25e07 100644 --- a/internal/system/tmpfiles.go +++ b/internal/system/tmpfiles.go @@ -9,7 +9,6 @@ import ( "git.ophivana.moe/cat/fortify/acl" "git.ophivana.moe/cat/fortify/internal/fmsg" - "git.ophivana.moe/cat/fortify/internal/state" "git.ophivana.moe/cat/fortify/internal/verbose" ) @@ -19,7 +18,7 @@ func (sys *I) CopyFile(dst, src string) { } // CopyFileType registers a file copying Op labelled with type et. -func (sys *I) CopyFileType(et state.Enablement, dst, src string) { +func (sys *I) CopyFileType(et Enablement, dst, src string) { sys.lock.Lock() sys.ops = append(sys.ops, &Tmpfile{et, tmpfileCopy, dst, src}) sys.lock.Unlock() @@ -33,7 +32,7 @@ func (sys *I) Link(oldname, newname string) { } // LinkFileType registers a file linking Op labelled with type et. -func (sys *I) LinkFileType(et state.Enablement, oldname, newname string) { +func (sys *I) LinkFileType(et Enablement, oldname, newname string) { sys.lock.Lock() defer sys.lock.Unlock() @@ -46,7 +45,7 @@ func (sys *I) Write(dst, src string) { } // WriteType registers a file writing Op labelled with type et. -func (sys *I) WriteType(et state.Enablement, dst, src string) { +func (sys *I) WriteType(et Enablement, dst, src string) { sys.lock.Lock() sys.ops = append(sys.ops, &Tmpfile{et, tmpfileWrite, dst, src}) sys.lock.Unlock() @@ -61,12 +60,12 @@ const ( ) type Tmpfile struct { - et state.Enablement + et Enablement method uint8 dst, src string } -func (t *Tmpfile) Type() state.Enablement { +func (t *Tmpfile) Type() Enablement { return t.et } diff --git a/internal/system/xhost.go b/internal/system/xhost.go index 2cdddd5..4091475 100644 --- a/internal/system/xhost.go +++ b/internal/system/xhost.go @@ -4,7 +4,6 @@ import ( "fmt" "git.ophivana.moe/cat/fortify/internal/fmsg" - "git.ophivana.moe/cat/fortify/internal/state" "git.ophivana.moe/cat/fortify/internal/verbose" "git.ophivana.moe/cat/fortify/xcb" ) @@ -19,8 +18,8 @@ func (sys *I) ChangeHosts(username string) { type XHost string -func (x XHost) Type() state.Enablement { - return state.EnableX +func (x XHost) Type() Enablement { + return EX11 } func (x XHost) apply(_ *I) error {