diff --git a/internal/system/tmpfiles.go b/internal/system/tmpfiles.go index e51eaae..6dd9790 100644 --- a/internal/system/tmpfiles.go +++ b/internal/system/tmpfiles.go @@ -42,26 +42,9 @@ func (sys *I) LinkFileType(et Enablement, oldname, newname string) *I { return sys } -// Write registers an Op that writes dst with the contents of src. -func (sys *I) Write(dst, src string) *I { - return sys.WriteType(Process, dst, src) -} - -// WriteType registers a file writing Op labelled with type et. -func (sys *I) WriteType(et Enablement, dst, src string) *I { - sys.lock.Lock() - sys.ops = append(sys.ops, &Tmpfile{et, tmpfileWrite, dst, src}) - sys.lock.Unlock() - - sys.UpdatePermType(et, dst, acl.Read) - - return sys -} - const ( tmpfileCopy uint8 = iota tmpfileLink - tmpfileWrite ) type Tmpfile struct { @@ -84,10 +67,6 @@ func (t *Tmpfile) apply(_ *I) error { fmsg.VPrintln("linking tmpfile", t) return fmsg.WrapErrorSuffix(os.Link(t.src, t.dst), fmt.Sprintf("cannot link tmpfile %q:", t.dst)) - case tmpfileWrite: - fmsg.VPrintln("writing", t) - return fmsg.WrapErrorSuffix(os.WriteFile(t.dst, []byte(t.src), 0600), - fmt.Sprintf("cannot write tmpfile %q:", t.dst)) default: panic("invalid tmpfile method " + strconv.Itoa(int(t.method))) } @@ -109,12 +88,7 @@ func (t *Tmpfile) Is(o Op) bool { return ok && t0 != nil && *t == *t0 } -func (t *Tmpfile) Path() string { - if t.method == tmpfileWrite { - return fmt.Sprintf("(%d bytes of data)", len(t.src)) - } - return t.src -} +func (t *Tmpfile) Path() string { return t.src } func (t *Tmpfile) String() string { switch t.method { @@ -122,8 +96,6 @@ func (t *Tmpfile) String() string { return fmt.Sprintf("%q from %q", t.dst, t.src) case tmpfileLink: return fmt.Sprintf("%q from %q", t.dst, t.src) - case tmpfileWrite: - return fmt.Sprintf("%d bytes of data to %q", len(t.src), t.dst) default: panic("invalid tmpfile method " + strconv.Itoa(int(t.method))) } diff --git a/internal/system/tmpfiles_test.go b/internal/system/tmpfiles_test.go index eb0a295..babb67d 100644 --- a/internal/system/tmpfiles_test.go +++ b/internal/system/tmpfiles_test.go @@ -1,7 +1,6 @@ package system import ( - "strconv" "testing" "git.gensokyo.uk/security/fortify/acl" @@ -83,47 +82,6 @@ func TestLinkFileType(t *testing.T) { } } -func TestWrite(t *testing.T) { - testCases := []struct { - dst, src string - }{ - {"/etc/passwd", "chronos:x:65534:65534:Fortify:/home/chronos:/run/current-system/sw/bin/zsh\n"}, - {"/etc/group", "fortify:x:65534:\n"}, - } - for _, tc := range testCases { - t.Run("write "+strconv.Itoa(len(tc.src))+" bytes to "+tc.dst, func(t *testing.T) { - sys := New(150) - sys.Write(tc.dst, tc.src) - (&tcOp{Process, "(" + strconv.Itoa(len(tc.src)) + " bytes of data)"}).test(t, sys.ops, []Op{ - &Tmpfile{Process, tmpfileWrite, tc.dst, tc.src}, - &ACL{Process, tc.dst, []acl.Perm{acl.Read}}, - }, "Write") - }) - } -} - -func TestWriteType(t *testing.T) { - testCases := []struct { - et Enablement - dst, src string - }{ - {Process, "/etc/passwd", "chronos:x:65534:65534:Fortify:/home/chronos:/run/current-system/sw/bin/zsh\n"}, - {Process, "/etc/group", "fortify:x:65534:\n"}, - {User, "/etc/passwd", "chronos:x:65534:65534:Fortify:/home/chronos:/run/current-system/sw/bin/zsh\n"}, - {User, "/etc/group", "fortify:x:65534:\n"}, - } - for _, tc := range testCases { - t.Run("write "+strconv.Itoa(len(tc.src))+" bytes to "+tc.dst+" with type "+TypeString(tc.et), func(t *testing.T) { - sys := New(150) - sys.WriteType(tc.et, tc.dst, tc.src) - (&tcOp{tc.et, "(" + strconv.Itoa(len(tc.src)) + " bytes of data)"}).test(t, sys.ops, []Op{ - &Tmpfile{tc.et, tmpfileWrite, tc.dst, tc.src}, - &ACL{tc.et, tc.dst, []acl.Perm{acl.Read}}, - }, "WriteType") - }) - } -} - func TestTmpfile_String(t *testing.T) { t.Run("invalid method panic", func(t *testing.T) { defer func() { @@ -147,10 +105,6 @@ func TestTmpfile_String(t *testing.T) { `"/run/user/1971/fortify/4b6bdc9182fb2f1d3a965c5fa8b9b66e/wayland" from "/run/user/1971/wayland-0"`}, {tmpfileLink, "/run/user/1971/fortify/4b6bdc9182fb2f1d3a965c5fa8b9b66e/pulse", "/run/user/1971/pulse/native", `"/run/user/1971/fortify/4b6bdc9182fb2f1d3a965c5fa8b9b66e/pulse" from "/run/user/1971/pulse/native"`}, - {tmpfileWrite, "/tmp/fortify.1971/4b6bdc9182fb2f1d3a965c5fa8b9b66e/passwd", "chronos:x:65534:65534:Fortify:/home/chronos:/run/current-system/sw/bin/zsh\n", - `75 bytes of data to "/tmp/fortify.1971/4b6bdc9182fb2f1d3a965c5fa8b9b66e/passwd"`}, - {tmpfileWrite, "/tmp/fortify.1971/4b6bdc9182fb2f1d3a965c5fa8b9b66e/group", "fortify:x:65534:\n", - `17 bytes of data to "/tmp/fortify.1971/4b6bdc9182fb2f1d3a965c5fa8b9b66e/group"`}, } for _, tc := range testCases {