diff --git a/cmd/hakurei/command.go b/cmd/hakurei/command.go index 5e9d573..8b379c8 100644 --- a/cmd/hakurei/command.go +++ b/cmd/hakurei/command.go @@ -17,11 +17,11 @@ import ( "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app/instance" "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/state" "git.gensokyo.uk/security/hakurei/command" - "git.gensokyo.uk/security/hakurei/dbus" "git.gensokyo.uk/security/hakurei/hst" "git.gensokyo.uk/security/hakurei/internal" "git.gensokyo.uk/security/hakurei/internal/hlog" "git.gensokyo.uk/security/hakurei/system" + "git.gensokyo.uk/security/hakurei/system/dbus" ) func buildCommand(out io.Writer) command.Command { diff --git a/cmd/hakurei/internal/app/instance/common/container.go b/cmd/hakurei/internal/app/instance/common/container.go index 5164d26..b7e2631 100644 --- a/cmd/hakurei/internal/app/instance/common/container.go +++ b/cmd/hakurei/internal/app/instance/common/container.go @@ -9,10 +9,10 @@ import ( "syscall" "git.gensokyo.uk/security/hakurei" - "git.gensokyo.uk/security/hakurei/dbus" "git.gensokyo.uk/security/hakurei/hst" "git.gensokyo.uk/security/hakurei/internal/sys" "git.gensokyo.uk/security/hakurei/seccomp" + "git.gensokyo.uk/security/hakurei/system/dbus" ) // in practice there should be less than 30 entries added by the runtime; diff --git a/cmd/hakurei/internal/app/internal/setuid/app_nixos_test.go b/cmd/hakurei/internal/app/internal/setuid/app_nixos_test.go index 3fe9678..29dfdd8 100644 --- a/cmd/hakurei/internal/app/internal/setuid/app_nixos_test.go +++ b/cmd/hakurei/internal/app/internal/setuid/app_nixos_test.go @@ -2,12 +2,12 @@ package setuid_test import ( "git.gensokyo.uk/security/hakurei" - "git.gensokyo.uk/security/hakurei/acl" "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" - "git.gensokyo.uk/security/hakurei/dbus" "git.gensokyo.uk/security/hakurei/hst" "git.gensokyo.uk/security/hakurei/seccomp" "git.gensokyo.uk/security/hakurei/system" + "git.gensokyo.uk/security/hakurei/system/acl" + "git.gensokyo.uk/security/hakurei/system/dbus" ) var testCasesNixos = []sealTestCase{ diff --git a/cmd/hakurei/internal/app/internal/setuid/app_pd_test.go b/cmd/hakurei/internal/app/internal/setuid/app_pd_test.go index c839d5b..2236510 100644 --- a/cmd/hakurei/internal/app/internal/setuid/app_pd_test.go +++ b/cmd/hakurei/internal/app/internal/setuid/app_pd_test.go @@ -4,12 +4,12 @@ import ( "os" "git.gensokyo.uk/security/hakurei" - "git.gensokyo.uk/security/hakurei/acl" "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" - "git.gensokyo.uk/security/hakurei/dbus" "git.gensokyo.uk/security/hakurei/hst" "git.gensokyo.uk/security/hakurei/seccomp" "git.gensokyo.uk/security/hakurei/system" + "git.gensokyo.uk/security/hakurei/system/acl" + "git.gensokyo.uk/security/hakurei/system/dbus" ) var testCasesPd = []sealTestCase{ diff --git a/cmd/hakurei/internal/app/internal/setuid/seal.go b/cmd/hakurei/internal/app/internal/setuid/seal.go index 3c50d58..de17dcb 100644 --- a/cmd/hakurei/internal/app/internal/setuid/seal.go +++ b/cmd/hakurei/internal/app/internal/setuid/seal.go @@ -17,16 +17,16 @@ import ( "syscall" "git.gensokyo.uk/security/hakurei" - "git.gensokyo.uk/security/hakurei/acl" . "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app/instance/common" - "git.gensokyo.uk/security/hakurei/dbus" "git.gensokyo.uk/security/hakurei/hst" "git.gensokyo.uk/security/hakurei/internal" "git.gensokyo.uk/security/hakurei/internal/hlog" "git.gensokyo.uk/security/hakurei/internal/sys" - "git.gensokyo.uk/security/hakurei/sandbox/wl" "git.gensokyo.uk/security/hakurei/system" + "git.gensokyo.uk/security/hakurei/system/acl" + "git.gensokyo.uk/security/hakurei/system/dbus" + "git.gensokyo.uk/security/hakurei/system/wayland" ) const ( @@ -377,17 +377,17 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co if config.Enablements&system.EWayland != 0 { // outer wayland socket (usually `/run/user/%d/wayland-%d`) var socketPath string - if name, ok := sys.LookupEnv(wl.WaylandDisplay); !ok { - hlog.Verbose(wl.WaylandDisplay + " is not set, assuming " + wl.FallbackName) - socketPath = path.Join(share.sc.RuntimePath, wl.FallbackName) + if name, ok := sys.LookupEnv(wayland.WaylandDisplay); !ok { + hlog.Verbose(wayland.WaylandDisplay + " is not set, assuming " + wayland.FallbackName) + socketPath = path.Join(share.sc.RuntimePath, wayland.FallbackName) } else if !path.IsAbs(name) { socketPath = path.Join(share.sc.RuntimePath, name) } else { socketPath = name } - innerPath := path.Join(innerRuntimeDir, wl.FallbackName) - seal.env[wl.WaylandDisplay] = wl.FallbackName + innerPath := path.Join(innerRuntimeDir, wayland.FallbackName) + seal.env[wayland.WaylandDisplay] = wayland.FallbackName if !config.DirectWayland { // set up security-context-v1 appID := config.ID diff --git a/cmd/hakurei/print.go b/cmd/hakurei/print.go index 5df2e0c..e054492 100644 --- a/cmd/hakurei/print.go +++ b/cmd/hakurei/print.go @@ -13,9 +13,9 @@ import ( "time" "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/state" - "git.gensokyo.uk/security/hakurei/dbus" "git.gensokyo.uk/security/hakurei/hst" "git.gensokyo.uk/security/hakurei/internal/hlog" + "git.gensokyo.uk/security/hakurei/system/dbus" ) func printShowSystem(output io.Writer, short, flagJSON bool) { diff --git a/cmd/hakurei/print_test.go b/cmd/hakurei/print_test.go index d0cf163..1525fdf 100644 --- a/cmd/hakurei/print_test.go +++ b/cmd/hakurei/print_test.go @@ -7,8 +7,8 @@ import ( "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/state" - "git.gensokyo.uk/security/hakurei/dbus" "git.gensokyo.uk/security/hakurei/hst" + "git.gensokyo.uk/security/hakurei/system/dbus" ) var ( diff --git a/cmd/planterette/app.go b/cmd/planterette/app.go index 1bc2337..a8adcc5 100644 --- a/cmd/planterette/app.go +++ b/cmd/planterette/app.go @@ -6,10 +6,10 @@ import ( "os" "path" - "git.gensokyo.uk/security/hakurei/dbus" "git.gensokyo.uk/security/hakurei/hst" "git.gensokyo.uk/security/hakurei/seccomp" "git.gensokyo.uk/security/hakurei/system" + "git.gensokyo.uk/security/hakurei/system/dbus" ) type appInfo struct { diff --git a/hst/config.go b/hst/config.go index 1c3390b..48ce230 100644 --- a/hst/config.go +++ b/hst/config.go @@ -2,8 +2,8 @@ package hst import ( - "git.gensokyo.uk/security/hakurei/dbus" "git.gensokyo.uk/security/hakurei/system" + "git.gensokyo.uk/security/hakurei/system/dbus" ) const Tmp = "/.hakurei" diff --git a/hst/template.go b/hst/template.go index 4c0930e..60cbfa7 100644 --- a/hst/template.go +++ b/hst/template.go @@ -1,9 +1,9 @@ package hst import ( - "git.gensokyo.uk/security/hakurei/dbus" "git.gensokyo.uk/security/hakurei/seccomp" "git.gensokyo.uk/security/hakurei/system" + "git.gensokyo.uk/security/hakurei/system/dbus" ) // Template returns a fully populated instance of Config. diff --git a/system/acl.go b/system/acl.go index fe44ea5..2efd725 100644 --- a/system/acl.go +++ b/system/acl.go @@ -6,7 +6,7 @@ import ( "os" "slices" - "git.gensokyo.uk/security/hakurei/acl" + "git.gensokyo.uk/security/hakurei/system/acl" ) // UpdatePerm appends an ephemeral acl update Op. diff --git a/acl/acl.go b/system/acl/acl.go similarity index 95% rename from acl/acl.go rename to system/acl/acl.go index 30abc16..bc590db 100644 --- a/acl/acl.go +++ b/system/acl/acl.go @@ -4,7 +4,7 @@ package acl /* #cgo linux pkg-config: --static libacl -#include "acl-update.h" +#include "libacl-helper.h" */ import "C" diff --git a/acl/acl_getfacl_test.go b/system/acl/acl_getfacl_test.go similarity index 100% rename from acl/acl_getfacl_test.go rename to system/acl/acl_getfacl_test.go diff --git a/acl/acl_test.go b/system/acl/acl_test.go similarity index 98% rename from acl/acl_test.go rename to system/acl/acl_test.go index cb5945d..bfb355e 100644 --- a/acl/acl_test.go +++ b/system/acl/acl_test.go @@ -7,7 +7,7 @@ import ( "reflect" "testing" - "git.gensokyo.uk/security/hakurei/acl" + "git.gensokyo.uk/security/hakurei/system/acl" ) const testFileName = "acl.test" diff --git a/acl/acl-update.c b/system/acl/libacl-helper.c similarity index 98% rename from acl/acl-update.c rename to system/acl/libacl-helper.c index c6816f6..905cfa5 100644 --- a/acl/acl-update.c +++ b/system/acl/libacl-helper.c @@ -1,4 +1,4 @@ -#include "acl-update.h" +#include "libacl-helper.h" #include #include #include diff --git a/acl/acl-update.h b/system/acl/libacl-helper.h similarity index 100% rename from acl/acl-update.h rename to system/acl/libacl-helper.h diff --git a/acl/perms.go b/system/acl/perms.go similarity index 100% rename from acl/perms.go rename to system/acl/perms.go diff --git a/system/acl_test.go b/system/acl_test.go index 5dcccd1..f8f2832 100644 --- a/system/acl_test.go +++ b/system/acl_test.go @@ -3,7 +3,7 @@ package system import ( "testing" - "git.gensokyo.uk/security/hakurei/acl" + "git.gensokyo.uk/security/hakurei/system/acl" ) func TestUpdatePerm(t *testing.T) { diff --git a/system/dbus.go b/system/dbus.go index f0532c4..8ca20e7 100644 --- a/system/dbus.go +++ b/system/dbus.go @@ -9,7 +9,7 @@ import ( "sync" "syscall" - "git.gensokyo.uk/security/hakurei/dbus" + "git.gensokyo.uk/security/hakurei/system/dbus" ) var ( diff --git a/dbus/address.go b/system/dbus/address.go similarity index 100% rename from dbus/address.go rename to system/dbus/address.go diff --git a/dbus/address_escape_test.go b/system/dbus/address_escape_test.go similarity index 100% rename from dbus/address_escape_test.go rename to system/dbus/address_escape_test.go diff --git a/dbus/address_test.go b/system/dbus/address_test.go similarity index 98% rename from dbus/address_test.go rename to system/dbus/address_test.go index 8b66d14..148bb09 100644 --- a/dbus/address_test.go +++ b/system/dbus/address_test.go @@ -5,7 +5,7 @@ import ( "reflect" "testing" - "git.gensokyo.uk/security/hakurei/dbus" + "git.gensokyo.uk/security/hakurei/system/dbus" ) func TestParse(t *testing.T) { diff --git a/dbus/config.go b/system/dbus/config.go similarity index 100% rename from dbus/config.go rename to system/dbus/config.go diff --git a/dbus/config_test.go b/system/dbus/config_test.go similarity index 98% rename from dbus/config_test.go rename to system/dbus/config_test.go index 2d5b24e..f79c4c5 100644 --- a/dbus/config_test.go +++ b/system/dbus/config_test.go @@ -9,7 +9,7 @@ import ( "strings" "testing" - "git.gensokyo.uk/security/hakurei/dbus" + "git.gensokyo.uk/security/hakurei/system/dbus" ) func TestConfig_Args(t *testing.T) { diff --git a/dbus/dbus.go b/system/dbus/dbus.go similarity index 100% rename from dbus/dbus.go rename to system/dbus/dbus.go diff --git a/dbus/dbus_test.go b/system/dbus/dbus_test.go similarity index 99% rename from dbus/dbus_test.go rename to system/dbus/dbus_test.go index caf7098..7b1e185 100644 --- a/dbus/dbus_test.go +++ b/system/dbus/dbus_test.go @@ -14,10 +14,10 @@ import ( "time" "git.gensokyo.uk/security/hakurei" - "git.gensokyo.uk/security/hakurei/dbus" "git.gensokyo.uk/security/hakurei/helper" "git.gensokyo.uk/security/hakurei/internal" "git.gensokyo.uk/security/hakurei/internal/hlog" + "git.gensokyo.uk/security/hakurei/system/dbus" ) func TestFinalise(t *testing.T) { diff --git a/dbus/export_test.go b/system/dbus/export_test.go similarity index 100% rename from dbus/export_test.go rename to system/dbus/export_test.go diff --git a/dbus/proc.go b/system/dbus/proc.go similarity index 100% rename from dbus/proc.go rename to system/dbus/proc.go diff --git a/dbus/proxy.go b/system/dbus/proxy.go similarity index 100% rename from dbus/proxy.go rename to system/dbus/proxy.go diff --git a/dbus/samples_test.go b/system/dbus/samples_test.go similarity index 99% rename from dbus/samples_test.go rename to system/dbus/samples_test.go index b2284c5..a5c6f27 100644 --- a/dbus/samples_test.go +++ b/system/dbus/samples_test.go @@ -3,7 +3,7 @@ package dbus_test import ( "sync" - "git.gensokyo.uk/security/hakurei/dbus" + "git.gensokyo.uk/security/hakurei/system/dbus" ) const ( diff --git a/dbus/stub_test.go b/system/dbus/stub_test.go similarity index 100% rename from dbus/stub_test.go rename to system/dbus/stub_test.go diff --git a/dbus/testdata/dev.vencord.Vesktop.json b/system/dbus/testdata/dev.vencord.Vesktop.json similarity index 100% rename from dbus/testdata/dev.vencord.Vesktop.json rename to system/dbus/testdata/dev.vencord.Vesktop.json diff --git a/dbus/testdata/org.chromium.Chromium+.json b/system/dbus/testdata/org.chromium.Chromium+.json similarity index 100% rename from dbus/testdata/org.chromium.Chromium+.json rename to system/dbus/testdata/org.chromium.Chromium+.json diff --git a/dbus/testdata/org.chromium.Chromium.json b/system/dbus/testdata/org.chromium.Chromium.json similarity index 100% rename from dbus/testdata/org.chromium.Chromium.json rename to system/dbus/testdata/org.chromium.Chromium.json diff --git a/dbus/testdata/uk.gensokyo.CrashTestDummy.json b/system/dbus/testdata/uk.gensokyo.CrashTestDummy.json similarity index 100% rename from dbus/testdata/uk.gensokyo.CrashTestDummy.json rename to system/dbus/testdata/uk.gensokyo.CrashTestDummy.json diff --git a/system/wayland.go b/system/wayland.go index cb54740..a485b3f 100644 --- a/system/wayland.go +++ b/system/wayland.go @@ -5,8 +5,8 @@ import ( "fmt" "os" - "git.gensokyo.uk/security/hakurei/acl" - "git.gensokyo.uk/security/hakurei/sandbox/wl" + "git.gensokyo.uk/security/hakurei/system/acl" + "git.gensokyo.uk/security/hakurei/system/wayland" ) // Wayland sets up a wayland socket with a security context attached. @@ -14,7 +14,7 @@ func (sys *I) Wayland(syncFd **os.File, dst, src, appID, instanceID string) *I { sys.lock.Lock() defer sys.lock.Unlock() - sys.ops = append(sys.ops, &Wayland{syncFd, dst, src, appID, instanceID, wl.Conn{}}) + sys.ops = append(sys.ops, &Wayland{syncFd, dst, src, appID, instanceID, wayland.Conn{}}) return sys } @@ -24,7 +24,7 @@ type Wayland struct { dst, src string appID, instanceID string - conn wl.Conn + conn wayland.Conn } func (w *Wayland) Type() Enablement { return Process } diff --git a/sandbox/wl/conn.go b/system/wayland/conn.go similarity index 96% rename from sandbox/wl/conn.go rename to system/wayland/conn.go index 9baa5ab..a930fc0 100644 --- a/sandbox/wl/conn.go +++ b/system/wayland/conn.go @@ -1,5 +1,5 @@ -// Package wl implements Wayland security_context_v1 protocol. -package wl +// Package wayland implements Wayland security_context_v1 protocol. +package wayland import ( "errors" diff --git a/sandbox/wl/consts.go b/system/wayland/consts.go similarity index 97% rename from sandbox/wl/consts.go rename to system/wayland/consts.go index 2ad4028..672e639 100644 --- a/sandbox/wl/consts.go +++ b/system/wayland/consts.go @@ -1,4 +1,4 @@ -package wl +package wayland const ( // WaylandDisplay contains the name of the server socket diff --git a/sandbox/wl/security-context-v1-protocol.c b/system/wayland/security-context-v1-protocol.c similarity index 100% rename from sandbox/wl/security-context-v1-protocol.c rename to system/wayland/security-context-v1-protocol.c diff --git a/sandbox/wl/security-context-v1-protocol.h b/system/wayland/security-context-v1-protocol.h similarity index 100% rename from sandbox/wl/security-context-v1-protocol.h rename to system/wayland/security-context-v1-protocol.h diff --git a/sandbox/wl/wayland-bind.c b/system/wayland/wayland-client-helper.c similarity index 98% rename from sandbox/wl/wayland-bind.c rename to system/wayland/wayland-client-helper.c index 989ab74..5a2c9a0 100644 --- a/sandbox/wl/wayland-bind.c +++ b/system/wayland/wayland-client-helper.c @@ -1,4 +1,4 @@ -#include "wayland-bind.h" +#include "wayland-client-helper.h" #include #include #include diff --git a/sandbox/wl/wayland-bind.h b/system/wayland/wayland-client-helper.h similarity index 100% rename from sandbox/wl/wayland-bind.h rename to system/wayland/wayland-client-helper.h diff --git a/sandbox/wl/wl.go b/system/wayland/wayland.go similarity index 95% rename from sandbox/wl/wl.go rename to system/wayland/wayland.go index 7bb6645..2aa1fe1 100644 --- a/sandbox/wl/wl.go +++ b/system/wayland/wayland.go @@ -1,4 +1,4 @@ -package wl +package wayland //go:generate sh -c "wayland-scanner client-header `pkg-config --variable=datarootdir wayland-protocols`/wayland-protocols/staging/security-context/security-context-v1.xml security-context-v1-protocol.h" //go:generate sh -c "wayland-scanner private-code `pkg-config --variable=datarootdir wayland-protocols`/wayland-protocols/staging/security-context/security-context-v1.xml security-context-v1-protocol.c" @@ -7,7 +7,7 @@ package wl #cgo linux pkg-config: --static wayland-client #cgo freebsd openbsd LDFLAGS: -lwayland-client -#include "wayland-bind.h" +#include "wayland-client-helper.h" */ import "C" import (