Ophestra Umiker
6bc5be7e5a
All checks were successful
test / test (push) Successful in 19s
This change helps tests stub out and simulate OS behaviour during the sealing process. This also removes dependency on XDG_RUNTIME_DIR as the internal.System implementation provided to App provides a compat directory inside the tmpdir-based share when XDG_RUNTIME_DIR is unavailable. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
74 lines
1.3 KiB
Go
74 lines
1.3 KiB
Go
package app
|
|
|
|
import (
|
|
"os/exec"
|
|
"sync"
|
|
|
|
"git.ophivana.moe/security/fortify/internal"
|
|
)
|
|
|
|
type App interface {
|
|
// ID returns a copy of App's unique ID.
|
|
ID() ID
|
|
// Start sets up the system and starts the App.
|
|
Start() error
|
|
// Wait waits for App's process to exit and reverts system setup.
|
|
Wait() (int, error)
|
|
// WaitErr returns error returned by the underlying wait syscall.
|
|
WaitErr() error
|
|
|
|
Seal(config *Config) error
|
|
String() string
|
|
}
|
|
|
|
type app struct {
|
|
// application unique identifier
|
|
id *ID
|
|
// operating system interface
|
|
os internal.System
|
|
// underlying user switcher process
|
|
cmd *exec.Cmd
|
|
// shim setup abort reason and completion
|
|
abort chan error
|
|
// child process related information
|
|
seal *appSeal
|
|
// error returned waiting for process
|
|
waitErr error
|
|
|
|
lock sync.RWMutex
|
|
}
|
|
|
|
func (a *app) ID() ID {
|
|
return *a.id
|
|
}
|
|
|
|
func (a *app) String() string {
|
|
if a == nil {
|
|
return "(invalid fortified app)"
|
|
}
|
|
|
|
a.lock.RLock()
|
|
defer a.lock.RUnlock()
|
|
|
|
if a.cmd != nil {
|
|
return a.cmd.String()
|
|
}
|
|
|
|
if a.seal != nil {
|
|
return "(sealed fortified app as uid " + a.seal.sys.user.Uid + ")"
|
|
}
|
|
|
|
return "(unsealed fortified app)"
|
|
}
|
|
|
|
func (a *app) WaitErr() error {
|
|
return a.waitErr
|
|
}
|
|
|
|
func New(os internal.System) (App, error) {
|
|
a := new(app)
|
|
a.id = new(ID)
|
|
a.os = os
|
|
return a, newAppID(a.id)
|
|
}
|