fortify/internal/app/app.go

package app

import (
	"sync"
	"sync/atomic"

	"git.gensokyo.uk/security/fortify/cmd/fshim/ipc/shim"
	"git.gensokyo.uk/security/fortify/fst"
	"git.gensokyo.uk/security/fortify/internal/linux"
)

type App interface {
	// ID returns a copy of App's unique ID.
	ID() fst.ID
	// Start sets up the system and starts the App.
	Start() error
	// Wait waits for App's process to exit and reverts system setup.
	Wait() (int, error)
	// WaitErr returns error returned by the underlying wait syscall.
	WaitErr() error

	Seal(config *fst.Config) error
	String() string
}

type app struct {
	// single-use config reference
	ct *appCt

	// application unique identifier
	id *fst.ID
	// operating system interface
	os linux.System
	// shim process manager
	shim *shim.Shim
	// child process related information
	seal *appSeal
	// error returned waiting for process
	waitErr error

	lock sync.RWMutex
}

func (a *app) ID() fst.ID {
	return *a.id
}

func (a *app) String() string {
	if a == nil {
		return "(invalid fortified app)"
	}

	a.lock.RLock()
	defer a.lock.RUnlock()

	if a.shim != nil {
		return a.shim.String()
	}

	if a.seal != nil {
		return "(sealed fortified app as uid " + a.seal.sys.user.us + ")"
	}

	return "(unsealed fortified app)"
}

func (a *app) WaitErr() error {
	return a.waitErr
}

func New(os linux.System) (App, error) {
	a := new(app)
	a.id = new(fst.ID)
	a.os = os
	return a, fst.NewAppID(a.id)
}

// appCt ensures its wrapped val is only accessed once
type appCt struct {
	val  *fst.Config
	done *atomic.Bool
}

func (a *appCt) Unwrap() *fst.Config {
	if !a.done.Load() {
		defer a.done.Store(true)
		return a.val
	}
	panic("attempted to access config reference twice")
}

func newAppCt(config *fst.Config) (ct *appCt) {
	ct = new(appCt)
	ct.done = new(atomic.Bool)
	ct.val = config
	return ct
}