system: move system access packages

These packages loosely belong in the "system" package and "system" provides high level wrappers for all of them.

Signed-off-by: Ophestra <cat@gensokyo.uk>

cmd/hakurei/command.go

@@ -17,11 +17,11 @@ import (
 	"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app/instance"
 	"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/state"
 	"git.gensokyo.uk/security/hakurei/command"
-	"git.gensokyo.uk/security/hakurei/dbus"
 	"git.gensokyo.uk/security/hakurei/hst"
 	"git.gensokyo.uk/security/hakurei/internal"
 	"git.gensokyo.uk/security/hakurei/internal/hlog"
 	"git.gensokyo.uk/security/hakurei/system"
+	"git.gensokyo.uk/security/hakurei/system/dbus"
 )
 
 func buildCommand(out io.Writer) command.Command {

cmd/hakurei/internal/app/instance/common/container.go

@@ -9,10 +9,10 @@ import (
 	"syscall"
 
 	"git.gensokyo.uk/security/hakurei"
-	"git.gensokyo.uk/security/hakurei/dbus"
 	"git.gensokyo.uk/security/hakurei/hst"
 	"git.gensokyo.uk/security/hakurei/internal/sys"
 	"git.gensokyo.uk/security/hakurei/seccomp"
+	"git.gensokyo.uk/security/hakurei/system/dbus"
 )
 
 // in practice there should be less than 30 entries added by the runtime;

cmd/hakurei/internal/app/internal/setuid/app_nixos_test.go

@@ -2,12 +2,12 @@ package setuid_test
 
 import (
 	"git.gensokyo.uk/security/hakurei"
-	"git.gensokyo.uk/security/hakurei/acl"
 	"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app"
-	"git.gensokyo.uk/security/hakurei/dbus"
 	"git.gensokyo.uk/security/hakurei/hst"
 	"git.gensokyo.uk/security/hakurei/seccomp"
 	"git.gensokyo.uk/security/hakurei/system"
+	"git.gensokyo.uk/security/hakurei/system/acl"
+	"git.gensokyo.uk/security/hakurei/system/dbus"
 )
 
 var testCasesNixos = []sealTestCase{

cmd/hakurei/internal/app/internal/setuid/app_pd_test.go

@@ -4,12 +4,12 @@ import (
 	"os"
 
 	"git.gensokyo.uk/security/hakurei"
-	"git.gensokyo.uk/security/hakurei/acl"
 	"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app"
-	"git.gensokyo.uk/security/hakurei/dbus"
 	"git.gensokyo.uk/security/hakurei/hst"
 	"git.gensokyo.uk/security/hakurei/seccomp"
 	"git.gensokyo.uk/security/hakurei/system"
+	"git.gensokyo.uk/security/hakurei/system/acl"
+	"git.gensokyo.uk/security/hakurei/system/dbus"
 )
 
 var testCasesPd = []sealTestCase{

cmd/hakurei/internal/app/internal/setuid/seal.go

@@ -17,16 +17,16 @@ import (
 	"syscall"
 
 	"git.gensokyo.uk/security/hakurei"
-	"git.gensokyo.uk/security/hakurei/acl"
 	. "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app"
 	"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app/instance/common"
-	"git.gensokyo.uk/security/hakurei/dbus"
 	"git.gensokyo.uk/security/hakurei/hst"
 	"git.gensokyo.uk/security/hakurei/internal"
 	"git.gensokyo.uk/security/hakurei/internal/hlog"
 	"git.gensokyo.uk/security/hakurei/internal/sys"
-	"git.gensokyo.uk/security/hakurei/sandbox/wl"
 	"git.gensokyo.uk/security/hakurei/system"
+	"git.gensokyo.uk/security/hakurei/system/acl"
+	"git.gensokyo.uk/security/hakurei/system/dbus"
+	"git.gensokyo.uk/security/hakurei/system/wayland"
 )
 
 const (
@@ -377,17 +377,17 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co
 	if config.Enablements&system.EWayland != 0 {
 		// outer wayland socket (usually `/run/user/%d/wayland-%d`)
 		var socketPath string
-		if name, ok := sys.LookupEnv(wl.WaylandDisplay); !ok {
-			hlog.Verbose(wl.WaylandDisplay + " is not set, assuming " + wl.FallbackName)
-			socketPath = path.Join(share.sc.RuntimePath, wl.FallbackName)
+		if name, ok := sys.LookupEnv(wayland.WaylandDisplay); !ok {
+			hlog.Verbose(wayland.WaylandDisplay + " is not set, assuming " + wayland.FallbackName)
+			socketPath = path.Join(share.sc.RuntimePath, wayland.FallbackName)
 		} else if !path.IsAbs(name) {
 			socketPath = path.Join(share.sc.RuntimePath, name)
 		} else {
 			socketPath = name
 		}
 
-		innerPath := path.Join(innerRuntimeDir, wl.FallbackName)
-		seal.env[wl.WaylandDisplay] = wl.FallbackName
+		innerPath := path.Join(innerRuntimeDir, wayland.FallbackName)
+		seal.env[wayland.WaylandDisplay] = wayland.FallbackName
 
 		if !config.DirectWayland { // set up security-context-v1
 			appID := config.ID

cmd/hakurei/print.go

@@ -13,9 +13,9 @@ import (
 	"time"
 
 	"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/state"
-	"git.gensokyo.uk/security/hakurei/dbus"
 	"git.gensokyo.uk/security/hakurei/hst"
 	"git.gensokyo.uk/security/hakurei/internal/hlog"
+	"git.gensokyo.uk/security/hakurei/system/dbus"
 )
 
 func printShowSystem(output io.Writer, short, flagJSON bool) {

cmd/hakurei/print_test.go

@@ -7,8 +7,8 @@ import (
 
 	"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app"
 	"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/state"
-	"git.gensokyo.uk/security/hakurei/dbus"
 	"git.gensokyo.uk/security/hakurei/hst"
+	"git.gensokyo.uk/security/hakurei/system/dbus"
 )
 
 var (

cmd/planterette/app.go

@@ -6,10 +6,10 @@ import (
 	"os"
 	"path"
 
-	"git.gensokyo.uk/security/hakurei/dbus"
 	"git.gensokyo.uk/security/hakurei/hst"
 	"git.gensokyo.uk/security/hakurei/seccomp"
 	"git.gensokyo.uk/security/hakurei/system"
+	"git.gensokyo.uk/security/hakurei/system/dbus"
 )
 
 type appInfo struct {

hst/config.go

@@ -2,8 +2,8 @@
 package hst
 
 import (
-	"git.gensokyo.uk/security/hakurei/dbus"
 	"git.gensokyo.uk/security/hakurei/system"
+	"git.gensokyo.uk/security/hakurei/system/dbus"
 )
 
 const Tmp = "/.hakurei"

hst/template.go

@@ -1,9 +1,9 @@
 package hst
 
 import (
-	"git.gensokyo.uk/security/hakurei/dbus"
 	"git.gensokyo.uk/security/hakurei/seccomp"
 	"git.gensokyo.uk/security/hakurei/system"
+	"git.gensokyo.uk/security/hakurei/system/dbus"
 )
 
 // Template returns a fully populated instance of Config.

system/acl.go

@@ -6,7 +6,7 @@ import (
 	"os"
 	"slices"
 
-	"git.gensokyo.uk/security/hakurei/acl"
+	"git.gensokyo.uk/security/hakurei/system/acl"
 )
 
 // UpdatePerm appends an ephemeral acl update Op.

system/acl/acl.go

@@ -4,7 +4,7 @@ package acl
 /*
 #cgo linux pkg-config: --static libacl
 
-#include "acl-update.h"
+#include "libacl-helper.h"
 */
 import "C"
 

system/acl/acl_test.go

@@ -7,7 +7,7 @@ import (
 	"reflect"
 	"testing"
 
-	"git.gensokyo.uk/security/hakurei/acl"
+	"git.gensokyo.uk/security/hakurei/system/acl"
 )
 
 const testFileName = "acl.test"

system/acl/libacl-helper.c

@@ -1,4 +1,4 @@
-#include "acl-update.h"
+#include "libacl-helper.h"
 #include <acl/libacl.h>
 #include <stdbool.h>
 #include <stdlib.h>

system/acl_test.go

@@ -3,7 +3,7 @@ package system
 import (
 	"testing"
 
-	"git.gensokyo.uk/security/hakurei/acl"
+	"git.gensokyo.uk/security/hakurei/system/acl"
 )
 
 func TestUpdatePerm(t *testing.T) {

system/dbus.go

@@ -9,7 +9,7 @@ import (
 	"sync"
 	"syscall"
 
-	"git.gensokyo.uk/security/hakurei/dbus"
+	"git.gensokyo.uk/security/hakurei/system/dbus"
 )
 
 var (

system/dbus/address_test.go

@@ -5,7 +5,7 @@ import (
 	"reflect"
 	"testing"
 
-	"git.gensokyo.uk/security/hakurei/dbus"
+	"git.gensokyo.uk/security/hakurei/system/dbus"
 )
 
 func TestParse(t *testing.T) {

system/dbus/config_test.go

@@ -9,7 +9,7 @@ import (
 	"strings"
 	"testing"
 
-	"git.gensokyo.uk/security/hakurei/dbus"
+	"git.gensokyo.uk/security/hakurei/system/dbus"
 )
 
 func TestConfig_Args(t *testing.T) {

system/dbus/dbus_test.go

@@ -14,10 +14,10 @@ import (
 	"time"
 
 	"git.gensokyo.uk/security/hakurei"
-	"git.gensokyo.uk/security/hakurei/dbus"
 	"git.gensokyo.uk/security/hakurei/helper"
 	"git.gensokyo.uk/security/hakurei/internal"
 	"git.gensokyo.uk/security/hakurei/internal/hlog"
+	"git.gensokyo.uk/security/hakurei/system/dbus"
 )
 
 func TestFinalise(t *testing.T) {

system/dbus/samples_test.go

@@ -3,7 +3,7 @@ package dbus_test
 import (
 	"sync"
 
-	"git.gensokyo.uk/security/hakurei/dbus"
+	"git.gensokyo.uk/security/hakurei/system/dbus"
 )
 
 const (

system/wayland.go

@@ -5,8 +5,8 @@ import (
 	"fmt"
 	"os"
 
-	"git.gensokyo.uk/security/hakurei/acl"
-	"git.gensokyo.uk/security/hakurei/sandbox/wl"
+	"git.gensokyo.uk/security/hakurei/system/acl"
+	"git.gensokyo.uk/security/hakurei/system/wayland"
 )
 
 // Wayland sets up a wayland socket with a security context attached.
@@ -14,7 +14,7 @@ func (sys *I) Wayland(syncFd **os.File, dst, src, appID, instanceID string) *I {
 	sys.lock.Lock()
 	defer sys.lock.Unlock()
 
-	sys.ops = append(sys.ops, &Wayland{syncFd, dst, src, appID, instanceID, wl.Conn{}})
+	sys.ops = append(sys.ops, &Wayland{syncFd, dst, src, appID, instanceID, wayland.Conn{}})
 
 	return sys
 }
@@ -24,7 +24,7 @@ type Wayland struct {
 	dst, src          string
 	appID, instanceID string
 
-	conn wl.Conn
+	conn wayland.Conn
 }
 
 func (w *Wayland) Type() Enablement { return Process }

system/wayland/conn.go

@@ -1,5 +1,5 @@
-// Package wl implements Wayland security_context_v1 protocol.
-package wl
+// Package wayland implements Wayland security_context_v1 protocol.
+package wayland
 
 import (
 	"errors"

system/wayland/consts.go

@@ -1,4 +1,4 @@
-package wl
+package wayland
 
 const (
 	// WaylandDisplay contains the name of the server socket

system/wayland/wayland-client-helper.c

@@ -1,4 +1,4 @@
-#include "wayland-bind.h"
+#include "wayland-client-helper.h"
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>

system/wayland/wayland.go

@@ -1,4 +1,4 @@
-package wl
+package wayland
 
 //go:generate sh -c "wayland-scanner client-header `pkg-config --variable=datarootdir wayland-protocols`/wayland-protocols/staging/security-context/security-context-v1.xml security-context-v1-protocol.h"
 //go:generate sh -c "wayland-scanner private-code `pkg-config --variable=datarootdir wayland-protocols`/wayland-protocols/staging/security-context/security-context-v1.xml security-context-v1-protocol.c"
@@ -7,7 +7,7 @@ package wl
 #cgo linux pkg-config: --static wayland-client
 #cgo freebsd openbsd LDFLAGS: -lwayland-client
 
-#include "wayland-bind.h"
+#include "wayland-client-helper.h"
 */
 import "C"
 import (