package app

import (
	"path"

	"git.ophivana.moe/security/fortify/acl"
	"git.ophivana.moe/security/fortify/dbus"
	"git.ophivana.moe/security/fortify/internal/system"
)

const (
	dbusSessionBusAddress = "DBUS_SESSION_BUS_ADDRESS"
	dbusSystemBusAddress  = "DBUS_SYSTEM_BUS_ADDRESS"
)

func (seal *appSeal) shareDBus(config [2]*dbus.Config) error {
	if !seal.et.Has(system.EDBus) {
		return nil
	}

	// downstream socket paths
	sessionPath, systemPath := path.Join(seal.share, "bus"), path.Join(seal.share, "system_bus_socket")

	// configure dbus proxy
	if err := seal.sys.ProxyDBus(config[0], config[1], sessionPath, systemPath); err != nil {
		return err
	}

	// share proxy sockets
	sessionInner := path.Join(seal.sys.runtime, "bus")
	seal.sys.bwrap.SetEnv[dbusSessionBusAddress] = "unix:path=" + sessionInner
	seal.sys.bwrap.Bind(sessionPath, sessionInner)
	seal.sys.UpdatePerm(sessionPath, acl.Read, acl.Write)
	if config[1] != nil {
		systemInner := "/run/dbus/system_bus_socket"
		seal.sys.bwrap.SetEnv[dbusSystemBusAddress] = "unix:path=" + systemInner
		seal.sys.bwrap.Bind(systemPath, systemInner)
		seal.sys.UpdatePerm(systemPath, acl.Read, acl.Write)
	}

	return nil
}