dbus: clean up wrapper implementation

The dbus proxy wrapper haven't been updated much ever since the helper interface was introduced. Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-04-16 23:10:04 +09:00
parent e587112e63
commit 5979d8b1e0
6 changed files with 249 additions and 272 deletions
--- a/dbus/dbus_test.go
+++ b/dbus/dbus_test.go
@@ -5,6 +5,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"io"
 	"os"
 	"os/exec"
 	"strings"
@@ -19,64 +20,21 @@ import (
 	"git.gensokyo.uk/security/fortify/sandbox"
 )

-func TestNew(t *testing.T) {
-	for _, tc := range [][2][2]string{
-		{
-			{"unix:path=/run/user/1971/bus", "/tmp/fortify.1971/1ca5d183ef4c99e74c3e544715f32702/bus"},
-			{"unix:path=/run/dbus/system_bus_socket", "/tmp/fortify.1971/1ca5d183ef4c99e74c3e544715f32702/system_bus_socket"},
-		},
-		{
-			{"unix:path=/run/user/1971/bus", "/tmp/fortify.1971/881ac3796ff3f3bf0a773824383187a0/bus"},
-			{"unix:path=/run/dbus/system_bus_socket", "/tmp/fortify.1971/881ac3796ff3f3bf0a773824383187a0/system_bus_socket"},
-		},
-		{
-			{"unix:path=/run/user/1971/bus", "/tmp/fortify.1971/3d1a5084520ef79c0c6a49a675bac701/bus"},
-			{"unix:path=/run/dbus/system_bus_socket", "/tmp/fortify.1971/3d1a5084520ef79c0c6a49a675bac701/system_bus_socket"},
-		},
-		{
-			{"unix:path=/run/user/1971/bus", "/tmp/fortify.1971/2a1639bab712799788ea0ff7aa280c35/bus"},
-			{"unix:path=/run/dbus/system_bus_socket", "/tmp/fortify.1971/2a1639bab712799788ea0ff7aa280c35/system_bus_socket"},
-		},
-	} {
-		t.Run("create instance for "+tc[0][0]+" and "+tc[1][0], func(t *testing.T) {
-			if got := dbus.New(tc[0], tc[1]); !got.CompareTestNew(tc[0], tc[1]) {
-				t.Errorf("New(%q, %q) = %v",
-					tc[0], tc[1],
-					got)
-			}
-		})
-	}
-}
-
-func TestProxy_Seal(t *testing.T) {
-	t.Run("double seal panic", func(t *testing.T) {
-		defer func() {
-			want := "dbus proxy sealed twice"
-			if r := recover(); r != want {
-				t.Errorf("Seal: panic = %q, want %q",
-					r, want)
-			}
-		}()
-
-		p := dbus.New([2]string{}, [2]string{})
-		_ = p.Seal(dbus.NewConfig("", true, false), nil)
-		_ = p.Seal(dbus.NewConfig("", true, false), nil)
-	})
-
-	ep := dbus.New([2]string{}, [2]string{})
-	if err := ep.Seal(nil, nil); !errors.Is(err, dbus.ErrConfig) {
-		t.Errorf("Seal(nil, nil) error = %v, want %v",
-			err, dbus.ErrConfig)
+func TestFinalise(t *testing.T) {
+	if _, err := dbus.Finalise(dbus.ProxyPair{}, dbus.ProxyPair{}, nil, nil); !errors.Is(err, syscall.EBADE) {
+		t.Errorf("Finalise: error = %v, want %v",
+			err, syscall.EBADE)
 	}

 	for id, tc := range testCasePairs() {
-		t.Run("create seal for "+id, func(t *testing.T) {
-			p := dbus.New(tc[0].bus, tc[1].bus)
-			if err := p.Seal(tc[0].c, tc[1].c); (errors.Is(err, syscall.EINVAL)) != tc[0].wantErr {
-				t.Errorf("Seal(%p, %p) error = %v, wantErr %v",
-					tc[0].c, tc[1].c,
+		t.Run("create final for "+id, func(t *testing.T) {
+			var wt io.WriterTo
+			if v, err := dbus.Finalise(tc[0].bus, tc[1].bus, tc[0].c, tc[1].c); (errors.Is(err, syscall.EINVAL)) != tc[0].wantErr {
+				t.Errorf("Finalise: error = %v, wantErr %v",
 					err, tc[0].wantErr)
 				return
+			} else {
+				wt = v
 			}

 			// rest of the tests happen for sealed instances
@@ -89,25 +47,23 @@ func TestProxy_Seal(t *testing.T) {
 			args := append(tc[0].want, tc[1].want...)
 			for _, arg := range args {
 				want.WriteString(arg)
-				want.WriteByte('\x00')
+				want.WriteByte(0)
 			}

-			wt := p.AccessTestProxySeal()
 			got := new(strings.Builder)
 			if _, err := wt.WriteTo(got); err != nil {
-				t.Errorf("p.seal.WriteTo(): %v", err)
+				t.Errorf("WriteTo: error = %v", err)
 			}

 			if want.String() != got.String() {
-				t.Errorf("Seal(%p, %p) seal = %v, want %v",
-					tc[0].c, tc[1].c,
+				t.Errorf("Seal: %q, want %q",
 					got.String(), want.String())
 			}
 		})
 	}
 }

-func TestProxy_Start_Wait_Close_String(t *testing.T) {
+func TestProxyStartWaitCloseString(t *testing.T) {
 	oldWaitDelay := helper.WaitDelay
 	helper.WaitDelay = 16 * time.Second
 	t.Cleanup(func() { helper.WaitDelay = oldWaitDelay })
@@ -116,29 +72,62 @@ func TestProxy_Start_Wait_Close_String(t *testing.T) {
 		proxyName := dbus.ProxyName
 		dbus.ProxyName = os.Args[0]
 		t.Cleanup(func() { dbus.ProxyName = proxyName })
-		testProxyStartWaitCloseString(t, true)
+		testProxyFinaliseStartWaitCloseString(t, true)
 	})
-	t.Run("direct", func(t *testing.T) { testProxyStartWaitCloseString(t, false) })
+	t.Run("direct", func(t *testing.T) { testProxyFinaliseStartWaitCloseString(t, false) })
 }

-func testProxyStartWaitCloseString(t *testing.T, useSandbox bool) {
+func testProxyFinaliseStartWaitCloseString(t *testing.T, useSandbox bool) {
+	var p *dbus.Proxy
+
+	t.Run("string for nil proxy", func(t *testing.T) {
+		want := "(invalid dbus proxy)"
+		if got := p.String(); got != want {
+			t.Errorf("String: %q, want %q",
+				got, want)
+		}
+	})
+
+	t.Run("invalid start", func(t *testing.T) {
+		if !useSandbox {
+			p = dbus.NewDirect(context.TODO(), nil, nil)
+		} else {
+			p = dbus.New(context.TODO(), nil, nil)
+		}
+
+		if err := p.Start(); !errors.Is(err, syscall.ENOTRECOVERABLE) {
+			t.Errorf("Start: error = %q, wantErr %q",
+				err, syscall.ENOTRECOVERABLE)
+			return
+		}
+	})
+
 	for id, tc := range testCasePairs() {
 		// this test does not test errors
 		if tc[0].wantErr {
 			continue
 		}

-		t.Run("string for nil proxy", func(t *testing.T) {
-			var p *dbus.Proxy
-			want := "(invalid dbus proxy)"
-			if got := p.String(); got != want {
-				t.Errorf("String() = %v, want %v",
-					got, want)
-			}
-		})
-
 		t.Run("proxy for "+id, func(t *testing.T) {
-			p := dbus.New(tc[0].bus, tc[1].bus)
+			var final *dbus.Final
+			t.Run("finalise", func(t *testing.T) {
+				if v, err := dbus.Finalise(tc[0].bus, tc[1].bus, tc[0].c, tc[1].c); err != nil {
+					t.Errorf("Finalise: error = %v, wantErr %v",
+						err, tc[0].wantErr)
+					return
+				} else {
+					final = v
+				}
+			})
+
+			ctx, cancel := context.WithTimeout(context.TODO(), 5*time.Second)
+			defer cancel()
+			if !useSandbox {
+				p = dbus.NewDirect(ctx, final, nil)
+			} else {
+				p = dbus.New(ctx, final, nil)
+			}
+
 			p.CommandContext = func(ctx context.Context) (cmd *exec.Cmd) {
 				return exec.CommandContext(ctx, os.Args[0], "-test.v",
 					"-test.run=TestHelperInit", "--", "init")
@@ -163,79 +152,52 @@ func testProxyStartWaitCloseString(t *testing.T, useSandbox bool) {
 			p.FilterF = func(v []byte) []byte { return bytes.SplitN(v, []byte("TestHelperInit\n"), 2)[1] }
 			output := new(strings.Builder)

-			t.Run("unsealed", func(t *testing.T) {
-				t.Run("string", func(t *testing.T) {
-					want := "(unsealed dbus proxy)"
-					if got := p.String(); got != want {
-						t.Errorf("String() = %v, want %v",
-							got, want)
-						return
-					}
-				})
+			t.Run("invalid wait", func(t *testing.T) {
+				wantErr := "dbus: not started"
+				if err := p.Wait(); err == nil || err.Error() != wantErr {
+					t.Errorf("Wait: error = %v, wantErr %v",
+						err, wantErr)
+				}
+			})

-				t.Run("start", func(t *testing.T) {
-					want := "proxy not sealed"
-					if err := p.Start(context.Background(), nil, useSandbox); err == nil || err.Error() != want {
-						t.Errorf("Start() error = %v, wantErr %q",
-							err, errors.New(want))
+			t.Run("string", func(t *testing.T) {
+				want := "(unused dbus proxy)"
+				if got := p.String(); got != want {
+					t.Errorf("String: %q, want %q",
+						got, want)
+					return
+				}
+			})
+
+			t.Run("start", func(t *testing.T) {
+				if err := p.Start(); err != nil {
+					t.Fatalf("Start: error = %v",
+						err)
+				}
+
+				t.Run("string", func(t *testing.T) {
+					wantSubstr := fmt.Sprintf("%s -test.run=TestHelperStub -- --args=3 --fd=4", os.Args[0])
+					if useSandbox {
+						wantSubstr = fmt.Sprintf(`argv: ["%s" "-test.run=TestHelperStub" "--" "--args=3" "--fd=4"], flags: 0x0, seccomp: 0x3e`, os.Args[0])
+					}
+					if got := p.String(); !strings.Contains(got, wantSubstr) {
+						t.Errorf("String: %q, want %q",
+							got, wantSubstr)
 						return
 					}
 				})

 				t.Run("wait", func(t *testing.T) {
-					wantErr := "dbus: not started"
-					if err := p.Wait(); err == nil || err.Error() != wantErr {
-						t.Errorf("Wait() error = %v, wantErr %v",
-							err, wantErr)
-					}
-				})
-			})
-
-			t.Run("seal with "+id, func(t *testing.T) {
-				if err := p.Seal(tc[0].c, tc[1].c); err != nil {
-					t.Errorf("Seal(%p, %p) error = %v, wantErr %v",
-						tc[0].c, tc[1].c,
-						err, tc[0].wantErr)
-					return
-				}
-			})
-
-			t.Run("sealed", func(t *testing.T) {
-				want := strings.Join(append(tc[0].want, tc[1].want...), " ")
-				if got := p.String(); got != want {
-					t.Errorf("String() = %v, want %v",
-						got, want)
-					return
-				}
-
-				t.Run("start", func(t *testing.T) {
-					ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
-					defer cancel()
-
-					if err := p.Start(ctx, output, useSandbox); err != nil {
-						t.Fatalf("Start(nil, nil) error = %v",
-							err)
-					}
-
-					t.Run("string", func(t *testing.T) {
-						wantSubstr := fmt.Sprintf("%s -test.run=TestHelperStub -- --args=3 --fd=4", os.Args[0])
-						if useSandbox {
-							wantSubstr = fmt.Sprintf(`argv: ["%s" "-test.run=TestHelperStub" "--" "--args=3" "--fd=4"], flags: 0x0, seccomp: 0x3e`, os.Args[0])
-						}
-						if got := p.String(); !strings.Contains(got, wantSubstr) {
-							t.Errorf("String() = %v, want %v",
-								p.String(), wantSubstr)
-							return
-						}
-					})
-
-					t.Run("wait", func(t *testing.T) {
-						p.Close()
+					done := make(chan struct{})
+					go func() {
 						if err := p.Wait(); err != nil {
-							t.Errorf("Wait() error = %v\noutput: %s",
+							t.Errorf("Wait: error = %v\noutput: %s",
 								err, output.String())
 						}
-					})
+						close(done)
+					}()
+					p.Close()
+					<-done
 				})
 			})
 		})