From ea8f228af36b2c9ae9918f7760c3af4f1e21cfa2 Mon Sep 17 00:00:00 2001
From: Ophestra <cat@gensokyo.uk>
Date: Fri, 17 Jan 2025 23:43:32 +0900
Subject: [PATCH] proc/priv/shim: merge shim into main program

Signed-off-by: Ophestra <cat@gensokyo.uk>
---
 cmd/fpkg/with.go                                  |  2 +-
 cmd/fsu/main.go                                   | 10 ++--------
 dist/install.sh                                   |  1 -
 dist/release.sh                                   |  3 +--
 internal/app/app.go                               |  4 ++--
 internal/app/start.go                             |  5 ++---
 internal/linux/std.go                             |  2 +-
 {cmd/fshim => internal/proc/priv/shim}/main.go    | 15 +++++++--------
 .../shim.go => internal/proc/priv/shim/manager.go |  9 ++++-----
 .../ipc => internal/proc/priv/shim}/payload.go    |  6 ++----
 main.go                                           |  7 +++++++
 package.nix                                       |  1 -
 12 files changed, 29 insertions(+), 36 deletions(-)
 rename {cmd/fshim => internal/proc/priv/shim}/main.go (89%)
 rename cmd/fshim/ipc/shim/shim.go => internal/proc/priv/shim/manager.go (91%)
 rename {cmd/fshim/ipc => internal/proc/priv/shim}/payload.go (79%)

diff --git a/cmd/fpkg/with.go b/cmd/fpkg/with.go
index e4bb729..5331367 100644
--- a/cmd/fpkg/with.go
+++ b/cmd/fpkg/with.go
@@ -62,7 +62,7 @@ func withCacheDir(action string, command []string, workDir string, app *bundleIn
 			AppID:    app.AppID,
 			Username: "nixos",
 			Inner:    path.Join("/data/data", app.ID, "cache"),
-			Outer:    pathSet.cacheDir, // this also ensures cacheDir via fshim
+			Outer:    pathSet.cacheDir, // this also ensures cacheDir via shim
 			Sandbox: &fst.SandboxConfig{
 				Hostname:     formatHostname(app.Name) + "-" + action,
 				NoNewSession: dropShell,
diff --git a/cmd/fsu/main.go b/cmd/fsu/main.go
index 2412a0e..1f90a39 100644
--- a/cmd/fsu/main.go
+++ b/cmd/fsu/main.go
@@ -24,7 +24,6 @@ const (
 
 var (
 	Fmain = compPoison
-	Fshim = compPoison
 )
 
 func main() {
@@ -41,17 +40,12 @@ func main() {
 		log.Fatal("this program must not be started by root")
 	}
 
-	var fmain, fshim string
+	var fmain string
 	if p, ok := checkPath(Fmain); !ok {
 		log.Fatal("invalid fortify path, this copy of fsu is not compiled correctly")
 	} else {
 		fmain = p
 	}
-	if p, ok := checkPath(Fshim); !ok {
-		log.Fatal("invalid fshim path, this copy of fsu is not compiled correctly")
-	} else {
-		fshim = p
-	}
 
 	pexe := path.Join("/proc", strconv.Itoa(os.Getppid()), "exe")
 	if p, err := os.Readlink(pexe); err != nil {
@@ -142,7 +136,7 @@ func main() {
 	if _, _, errno := syscall.AllThreadsSyscall(syscall.SYS_PRCTL, PR_SET_NO_NEW_PRIVS, 1, 0); errno != 0 {
 		log.Fatalf("cannot set no_new_privs flag: %s", errno.Error())
 	}
-	if err := syscall.Exec(fshim, []string{"fshim"}, []string{envShim + "=" + shimSetupFd}); err != nil {
+	if err := syscall.Exec(fmain, []string{"fortify", "shim"}, []string{envShim + "=" + shimSetupFd}); err != nil {
 		log.Fatalf("cannot start shim: %v", err)
 	}
 
diff --git a/dist/install.sh b/dist/install.sh
index cb0349c..c881507 100755
--- a/dist/install.sh
+++ b/dist/install.sh
@@ -4,7 +4,6 @@ cd "$(dirname -- "$0")" || exit 1
 install -vDm0755 "bin/fortify" "${FORTIFY_INSTALL_PREFIX}/usr/bin/fortify"
 install -vDm0755 "bin/fpkg" "${FORTIFY_INSTALL_PREFIX}/usr/bin/fpkg"
 
-install -vDm0755 "bin/fshim" "${FORTIFY_INSTALL_PREFIX}/usr/libexec/fortify/fshim"
 install -vDm0755 "bin/finit" "${FORTIFY_INSTALL_PREFIX}/usr/libexec/fortify/finit"
 install -vDm0755 "bin/fuserdb" "${FORTIFY_INSTALL_PREFIX}/usr/libexec/fortify/fuserdb"
 
diff --git a/dist/release.sh b/dist/release.sh
index 15d7d9f..1ebf6e3 100755
--- a/dist/release.sh
+++ b/dist/release.sh
@@ -14,8 +14,7 @@ go build -trimpath -v -o "${out}/bin/" -ldflags "-s -w -buildid= -extldflags '-s
   -X git.gensokyo.uk/security/fortify/internal.Fortify=/usr/bin/fortify
   -X git.gensokyo.uk/security/fortify/internal.Fsu=/usr/bin/fsu
   -X git.gensokyo.uk/security/fortify/internal.Finit=/usr/libexec/fortify/finit
-  -X main.Fmain=/usr/bin/fortify
-  -X main.Fshim=/usr/libexec/fortify/fshim" ./...
+  -X main.Fmain=/usr/bin/fortify" ./...
 
 rm -f "./${out}.tar.gz" && tar -C dist -czf "${out}.tar.gz" "${pname}"
 rm -rf "./${out}"
diff --git a/internal/app/app.go b/internal/app/app.go
index 175c315..0da8148 100644
--- a/internal/app/app.go
+++ b/internal/app/app.go
@@ -5,9 +5,9 @@ import (
 	"sync"
 	"sync/atomic"
 
-	"git.gensokyo.uk/security/fortify/cmd/fshim/ipc/shim"
 	"git.gensokyo.uk/security/fortify/fst"
 	"git.gensokyo.uk/security/fortify/internal/linux"
+	"git.gensokyo.uk/security/fortify/internal/proc/priv/shim"
 )
 
 type App interface {
@@ -23,7 +23,7 @@ type App interface {
 type RunState struct {
 	// Start is true if fsu is successfully started.
 	Start bool
-	// ExitCode is the value returned by fshim.
+	// ExitCode is the value returned by shim.
 	ExitCode int
 	// WaitErr is error returned by the underlying wait syscall.
 	WaitErr error
diff --git a/internal/app/start.go b/internal/app/start.go
index 6fffda5..630f519 100644
--- a/internal/app/start.go
+++ b/internal/app/start.go
@@ -9,10 +9,9 @@ import (
 	"strings"
 	"time"
 
-	shim0 "git.gensokyo.uk/security/fortify/cmd/fshim/ipc"
-	"git.gensokyo.uk/security/fortify/cmd/fshim/ipc/shim"
 	"git.gensokyo.uk/security/fortify/helper"
 	"git.gensokyo.uk/security/fortify/internal/fmsg"
+	"git.gensokyo.uk/security/fortify/internal/proc/priv/shim"
 	"git.gensokyo.uk/security/fortify/internal/state"
 	"git.gensokyo.uk/security/fortify/internal/system"
 )
@@ -51,7 +50,7 @@ func (a *app) Run(ctx context.Context, rs *RunState) error {
 		uint32(a.seal.sys.UID()),
 		a.seal.sys.user.as,
 		a.seal.sys.user.supp,
-		&shim0.Payload{
+		&shim.Payload{
 			Argv:  a.seal.command,
 			Exec:  shimExec,
 			Bwrap: a.seal.sys.bwrap,
diff --git a/internal/linux/std.go b/internal/linux/std.go
index 7c6b927..08f031e 100644
--- a/internal/linux/std.go
+++ b/internal/linux/std.go
@@ -73,7 +73,7 @@ func (s *Std) Uid(aid int) (int, error) {
 
 	u.uid = -1
 	if fsu, ok := internal.Check(internal.Fsu); !ok {
-		fmsg.Fatal("invalid fsu path, this copy of fshim is not compiled correctly")
+		fmsg.Fatal("invalid fsu path, this copy of fortify is not compiled correctly")
 		panic("unreachable")
 	} else {
 		cmd := exec.Command(fsu)
diff --git a/cmd/fshim/main.go b/internal/proc/priv/shim/main.go
similarity index 89%
rename from cmd/fshim/main.go
rename to internal/proc/priv/shim/main.go
index 5aece38..e3a819d 100644
--- a/cmd/fshim/main.go
+++ b/internal/proc/priv/shim/main.go
@@ -1,4 +1,4 @@
-package main
+package shim
 
 import (
 	"errors"
@@ -8,7 +8,6 @@ import (
 	"syscall"
 
 	init0 "git.gensokyo.uk/security/fortify/cmd/finit/ipc"
-	shim "git.gensokyo.uk/security/fortify/cmd/fshim/ipc"
 	"git.gensokyo.uk/security/fortify/fst"
 	"git.gensokyo.uk/security/fortify/helper"
 	"git.gensokyo.uk/security/fortify/internal"
@@ -19,7 +18,7 @@ import (
 // everything beyond this point runs as unconstrained target user
 // proceed with caution!
 
-func main() {
+func Main() {
 	// sharing stdout with fortify
 	// USE WITH CAUTION
 	fmsg.SetPrefix("shim")
@@ -31,8 +30,8 @@ func main() {
 	}
 
 	// re-exec
-	if len(os.Args) > 0 && (os.Args[0] != "fshim" || len(os.Args) != 1) && path.IsAbs(os.Args[0]) {
-		if err := syscall.Exec(os.Args[0], []string{"fshim"}, os.Environ()); err != nil {
+	if len(os.Args) > 0 && (os.Args[0] != "fortify" || os.Args[1] != "shim" || len(os.Args) != 2) && path.IsAbs(os.Args[0]) {
+		if err := syscall.Exec(os.Args[0], []string{"fortify", "shim"}, os.Environ()); err != nil {
 			fmsg.Println("cannot re-exec self:", err)
 			// continue anyway
 		}
@@ -41,17 +40,17 @@ func main() {
 	// check path to finit
 	var finitPath string
 	if p, ok := internal.Path(internal.Finit); !ok {
-		fmsg.Fatal("invalid finit path, this copy of fshim is not compiled correctly")
+		fmsg.Fatal("invalid finit path, this copy of fortify is not compiled correctly")
 	} else {
 		finitPath = p
 	}
 
 	// receive setup payload
 	var (
-		payload    shim.Payload
+		payload    Payload
 		closeSetup func() error
 	)
-	if f, err := proc.Receive(shim.Env, &payload); err != nil {
+	if f, err := proc.Receive(Env, &payload); err != nil {
 		if errors.Is(err, proc.ErrInvalid) {
 			fmsg.Fatal("invalid config descriptor")
 		}
diff --git a/cmd/fshim/ipc/shim/shim.go b/internal/proc/priv/shim/manager.go
similarity index 91%
rename from cmd/fshim/ipc/shim/shim.go
rename to internal/proc/priv/shim/manager.go
index 4f60531..26b5492 100644
--- a/cmd/fshim/ipc/shim/shim.go
+++ b/internal/proc/priv/shim/manager.go
@@ -10,7 +10,6 @@ import (
 	"strings"
 	"time"
 
-	shim0 "git.gensokyo.uk/security/fortify/cmd/fshim/ipc"
 	"git.gensokyo.uk/security/fortify/internal"
 	"git.gensokyo.uk/security/fortify/internal/fmsg"
 	"git.gensokyo.uk/security/fortify/internal/proc"
@@ -30,12 +29,12 @@ type Shim struct {
 	// fallback exit notifier with error returned killing the process
 	killFallback chan error
 	// shim setup payload
-	payload *shim0.Payload
+	payload *Payload
 	// monitor to shim encoder
 	encoder *gob.Encoder
 }
 
-func New(uid uint32, aid string, supp []string, payload *shim0.Payload) *Shim {
+func New(uid uint32, aid string, supp []string, payload *Payload) *Shim {
 	return &Shim{uid: uid, aid: aid, supp: supp, payload: payload}
 }
 
@@ -58,7 +57,7 @@ func (s *Shim) Start() (*time.Time, error) {
 	// prepare user switcher invocation
 	var fsu string
 	if p, ok := internal.Check(internal.Fsu); !ok {
-		fmsg.Fatal("invalid fsu path, this copy of fshim is not compiled correctly")
+		fmsg.Fatal("invalid fsu path, this copy of fortify is not compiled correctly")
 		panic("unreachable")
 	} else {
 		fsu = p
@@ -72,7 +71,7 @@ func (s *Shim) Start() (*time.Time, error) {
 	} else {
 		s.encoder = e
 		s.cmd.Env = []string{
-			shim0.Env + "=" + strconv.Itoa(fd),
+			Env + "=" + strconv.Itoa(fd),
 			"FORTIFY_APP_ID=" + s.aid,
 		}
 	}
diff --git a/cmd/fshim/ipc/payload.go b/internal/proc/priv/shim/payload.go
similarity index 79%
rename from cmd/fshim/ipc/payload.go
rename to internal/proc/priv/shim/payload.go
index 92e51e8..e942503 100644
--- a/cmd/fshim/ipc/payload.go
+++ b/internal/proc/priv/shim/payload.go
@@ -1,8 +1,6 @@
-package shim0
+package shim
 
-import (
-	"git.gensokyo.uk/security/fortify/helper/bwrap"
-)
+import "git.gensokyo.uk/security/fortify/helper/bwrap"
 
 const Env = "FORTIFY_SHIM"
 
diff --git a/main.go b/main.go
index 197dd1e..21043ea 100644
--- a/main.go
+++ b/main.go
@@ -20,6 +20,7 @@ import (
 	"git.gensokyo.uk/security/fortify/internal/app"
 	"git.gensokyo.uk/security/fortify/internal/fmsg"
 	"git.gensokyo.uk/security/fortify/internal/linux"
+	"git.gensokyo.uk/security/fortify/internal/proc/priv/shim"
 	"git.gensokyo.uk/security/fortify/internal/system"
 )
 
@@ -283,6 +284,12 @@ func main() {
 
 		// invoke app
 		runApp(config)
+
+	// internal commands
+	case "shim":
+		shim.Main()
+		fmsg.Exit(0)
+
 	default:
 		fmsg.Fatalf("%q is not a valid command", args[0])
 	}
diff --git a/package.nix b/package.nix
index 0141dda..0da2e6e 100644
--- a/package.nix
+++ b/package.nix
@@ -33,7 +33,6 @@ buildGoModule rec {
       [
         "-s -w"
         "-X main.Fmain=${placeholder "out"}/libexec/fortify"
-        "-X main.Fshim=${placeholder "out"}/libexec/fshim"
       ]
       {
         Version = "v${version}";