security/hakurei
6
3
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 11 Wiki Activity

internal: relocate packages
All checks were successful
Test / Create distribution (push) Successful in 36s
Details
Test / Sandbox (push) Successful in 2m20s
Details
Test / Hakurei (push) Successful in 3m19s
Details
Test / Hpkg (push) Successful in 4m12s
Details
Test / Sandbox (race detector) (push) Successful in 4m31s
Details
Test / Hakurei (race detector) (push) Successful in 5m12s
Details
Test / Flake checks (push) Successful in 1m32s
Details

Browse Source 
Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra
2025-11-15 13:47:09 +09:00
parent 16e674782a
commit a91920310d
63 changed files with 61 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
internal/system/acl.go
View File

@@ -8,7 +8,7 @@ import (
"hakurei.app/container/check"
"hakurei.app/hst"
"hakurei.app/internal/system/acl"
"hakurei.app/internal/acl"
)
// UpdatePerm calls UpdatePermType with the [Process] criteria.

33
internal/system/acl/acl.go
View File

@@ -1,33 +0,0 @@
// Package acl implements simple ACL manipulation via libacl.
package acl
/*
#cgo linux pkg-config: --static libacl
#include "libacl-helper.h"
*/
import "C"
type Perm C.acl_perm_t
const (
Read Perm = C.ACL_READ
Write Perm = C.ACL_WRITE
Execute Perm = C.ACL_EXECUTE
)
// Update replaces ACL_USER entry with qualifier uid.
func Update(name string, uid int, perms ...Perm) error {
var p *Perm
if len(perms) > 0 {
p = &perms[0]
}
r, err := C.hakurei_acl_update_file_by_uid(
C.CString(name),
C.uid_t(uid),
(*C.acl_perm_t)(p),
C.size_t(len(perms)),
)
return newAclPathError(name, int(r), err)
}

276
internal/system/acl/acl_test.go
View File

@@ -1,276 +0,0 @@
package acl_test
import (
"bufio"
"bytes"
"errors"
"fmt"
"io"
"os"
"os/exec"
"path"
"reflect"
"strconv"
"testing"
"hakurei.app/internal/system/acl"
)
const testFileName = "acl.test"
var (
uid = os.Geteuid()
cred = int32(os.Geteuid())
)
func TestUpdate(t *testing.T) {
if os.Getenv("GO_TEST_SKIP_ACL") == "1" {
t.Log("acl test skipped")
t.SkipNow()
}
testFilePath := path.Join(t.TempDir(), testFileName)
if f, err := os.Create(testFilePath); err != nil {
t.Fatalf("Create: error = %v", err)
} else {
if err = f.Close(); err != nil {
t.Fatalf("Close: error = %v", err)
}
}
defer func() {
if err := os.Remove(testFilePath); err != nil {
t.Fatalf("Remove: error = %v", err)
}
}()
cur := getfacl(t, testFilePath)
t.Run("default entry count", func(t *testing.T) {
if len(cur) != 3 {
t.Fatalf("unexpected test file acl length %d", len(cur))
}
})
t.Run("default clear mask", func(t *testing.T) {
if err := acl.Update(testFilePath, uid); err != nil {
t.Fatalf("Update: error = %v", err)
}
if cur = getfacl(t, testFilePath); len(cur) != 4 {
t.Fatalf("Update: %v", cur)
}
})
t.Run("default clear consistency", func(t *testing.T) {
if err := acl.Update(testFilePath, uid); err != nil {
t.Fatalf("Update: error = %v", err)
}
if val := getfacl(t, testFilePath); !reflect.DeepEqual(val, cur) {
t.Fatalf("Update: %v, want %v", val, cur)
}
})
testUpdate(t, testFilePath, "r--", cur, fAclPermRead, acl.Read)
testUpdate(t, testFilePath, "-w-", cur, fAclPermWrite, acl.Write)
testUpdate(t, testFilePath, "--x", cur, fAclPermExecute, acl.Execute)
testUpdate(t, testFilePath, "-wx", cur, fAclPermWrite|fAclPermExecute, acl.Write, acl.Execute)
testUpdate(t, testFilePath, "r-x", cur, fAclPermRead|fAclPermExecute, acl.Read, acl.Execute)
testUpdate(t, testFilePath, "rw-", cur, fAclPermRead|fAclPermWrite, acl.Read, acl.Write)
testUpdate(t, testFilePath, "rwx", cur, fAclPermRead|fAclPermWrite|fAclPermExecute, acl.Read, acl.Write, acl.Execute)
}
func testUpdate(t *testing.T, testFilePath, name string, cur []*getFAclResp, val fAclPerm, perms ...acl.Perm) {
t.Run(name, func(t *testing.T) {
t.Cleanup(func() {
if err := acl.Update(testFilePath, uid); err != nil {
t.Fatalf("Update: error = %v", err)
}
if v := getfacl(t, testFilePath); !reflect.DeepEqual(v, cur) {
t.Fatalf("Update: %v, want %v", v, cur)
}
})
if err := acl.Update(testFilePath, uid, perms...); err != nil {
t.Fatalf("Update: error = %v", err)
}
r := respByCred(getfacl(t, testFilePath), fAclTypeUser, cred)
if r == nil {
t.Fatalf("Update did not add an ACL entry")
}
if !r.equals(fAclTypeUser, cred, val) {
t.Fatalf("Update(%s) = %s", name, r)
}
})
}
type (
getFAclInvocation struct {
cmd *exec.Cmd
val []*getFAclResp
pe []error
}
getFAclResp struct {
typ fAclType
cred int32
val fAclPerm
raw []byte
}
fAclPerm uintptr
fAclType uint8
)
const fAclBufSize = 16
const (
fAclPermRead fAclPerm = 1 << iota
fAclPermWrite
fAclPermExecute
)
const (
fAclTypeUser fAclType = iota
fAclTypeGroup
fAclTypeMask
fAclTypeOther
)
func (c *getFAclInvocation) run(name string) error {
if c.cmd != nil {
panic("attempted to run twice")
}
c.cmd = exec.Command("getfacl", "--omit-header", "--absolute-names", "--numeric", name)
scanErr := make(chan error, 1)
if p, err := c.cmd.StdoutPipe(); err != nil {
return err
} else {
go c.parse(p, scanErr)
}
if err := c.cmd.Start(); err != nil {
return err
}
return errors.Join(<-scanErr, c.cmd.Wait())
}
func (c *getFAclInvocation) parse(pipe io.Reader, scanErr chan error) {
c.val = make([]*getFAclResp, 0, 4+fAclBufSize)
s := bufio.NewScanner(pipe)
for s.Scan() {
fields := bytes.SplitN(s.Bytes(), []byte{':'}, 3)
if len(fields) != 3 {
continue
}
resp := getFAclResp{}
switch string(fields[0]) {
case "user":
resp.typ = fAclTypeUser
case "group":
resp.typ = fAclTypeGroup
case "mask":
resp.typ = fAclTypeMask
case "other":
resp.typ = fAclTypeOther
default:
c.pe = append(c.pe, fmt.Errorf("unknown type %s", string(fields[0])))
continue
}
if len(fields[1]) == 0 {
resp.cred = -1
} else {
if cred, err := strconv.Atoi(string(fields[1])); err != nil {
c.pe = append(c.pe, err)
continue
} else {
resp.cred = int32(cred)
if resp.cred < 0 {
c.pe = append(c.pe, fmt.Errorf("credential %d out of range", resp.cred))
continue
}
}
}
if len(fields[2]) != 3 {
c.pe = append(c.pe, fmt.Errorf("invalid perm length %d", len(fields[2])))
continue
} else {
switch fields[2][0] {
case 'r':
resp.val |= fAclPermRead
case '-':
default:
c.pe = append(c.pe, fmt.Errorf("invalid perm %v", fields[2][0]))
continue
}
switch fields[2][1] {
case 'w':
resp.val |= fAclPermWrite
case '-':
default:
c.pe = append(c.pe, fmt.Errorf("invalid perm %v", fields[2][1]))
continue
}
switch fields[2][2] {
case 'x':
resp.val |= fAclPermExecute
case '-':
default:
c.pe = append(c.pe, fmt.Errorf("invalid perm %v", fields[2][2]))
continue
}
}
resp.raw = make([]byte, len(s.Bytes()))
copy(resp.raw, s.Bytes())
c.val = append(c.val, &resp)
}
scanErr <- s.Err()
}
func (r *getFAclResp) String() string {
if r.raw != nil && len(r.raw) > 0 {
return string(r.raw)
}
return "(user-initialised resp value)"
}
func (r *getFAclResp) equals(typ fAclType, cred int32, val fAclPerm) bool {
return r.typ == typ && r.cred == cred && r.val == val
}
func getfacl(t *testing.T, name string) []*getFAclResp {
c := new(getFAclInvocation)
if err := c.run(name); err != nil {
t.Fatalf("getfacl: error = %v", err)
}
if len(c.pe) != 0 {
t.Errorf("errors encountered parsing getfacl output\n%s", errors.Join(c.pe...).Error())
}
return c.val
}
func respByCred(v []*getFAclResp, typ fAclType, cred int32) *getFAclResp {
j := -1
for i, r := range v {
if r.typ == typ && r.cred == cred {
if j != -1 {
panic("invalid acl")
}
j = i
}
}
if j == -1 {
return nil
}
return v[j]
}

90
internal/system/acl/libacl-helper.c
View File

@@ -1,90 +0,0 @@
#include "libacl-helper.h"
#include <acl/libacl.h>
#include <stdbool.h>
#include <stdlib.h>
#include <sys/acl.h>
int hakurei_acl_update_file_by_uid(const char *path_p, uid_t uid,
acl_perm_t *perms, size_t plen) {
int ret;
bool v;
int i;
acl_t acl;
acl_entry_t entry;
acl_tag_t tag_type;
void *qualifier_p;
acl_permset_t permset;
ret = -1; /* acl_get_file */
acl = acl_get_file(path_p, ACL_TYPE_ACCESS);
if (acl == NULL)
goto out;
/* prune entries by uid */
for (i = acl_get_entry(acl, ACL_FIRST_ENTRY, &entry); i == 1;
i = acl_get_entry(acl, ACL_NEXT_ENTRY, &entry)) {
ret = -2; /* acl_get_tag_type */
if (acl_get_tag_type(entry, &tag_type) != 0)
goto out;
if (tag_type != ACL_USER)
continue;
ret = -3; /* acl_get_qualifier */
qualifier_p = acl_get_qualifier(entry);
if (qualifier_p == NULL)
goto out;
v = *(uid_t *)qualifier_p == uid;
acl_free(qualifier_p);
if (!v)
continue;
ret = -4; /* acl_delete_entry */
if (acl_delete_entry(acl, entry) != 0)
goto out;
}
if (plen == 0)
goto set;
ret = -5; /* acl_create_entry */
if (acl_create_entry(&acl, &entry) != 0)
goto out;
ret = -6; /* acl_get_permset */
if (acl_get_permset(entry, &permset) != 0)
goto out;
ret = -7; /* acl_add_perm */
for (i = 0; i < plen; i++) {
if (acl_add_perm(permset, perms[i]) != 0)
goto out;
}
ret = -8; /* acl_set_tag_type */
if (acl_set_tag_type(entry, ACL_USER) != 0)
goto out;
ret = -9; /* acl_set_qualifier */
if (acl_set_qualifier(entry, (void *)&uid) != 0)
goto out;
set:
ret = -10; /* acl_calc_mask */
if (acl_calc_mask(&acl) != 0)
goto out;
ret = -11; /* acl_valid */
if (acl_valid(acl) != 0)
goto out;
ret = -12; /* acl_set_file */
if (acl_set_file(path_p, ACL_TYPE_ACCESS, acl) == 0)
ret = 0;
out:
free((void *)path_p);
if (acl != NULL)
acl_free((void *)acl);
return ret;
}

40
internal/system/acl/libacl-helper.go
View File

@@ -1,40 +0,0 @@
package acl
import "os"
func newAclPathError(name string, r int, err error) error {
pathError := &os.PathError{Path: name, Err: err}
switch r {
case 0:
return nil
case -1:
pathError.Op = "acl_get_file"
case -2:
pathError.Op = "acl_get_tag_type"
case -3:
pathError.Op = "acl_get_qualifier"
case -4:
pathError.Op = "acl_delete_entry"
case -5:
pathError.Op = "acl_create_entry"
case -6:
pathError.Op = "acl_get_permset"
case -7:
pathError.Op = "acl_add_perm"
case -8:
pathError.Op = "acl_set_tag_type"
case -9:
pathError.Op = "acl_set_qualifier"
case -10:
pathError.Op = "acl_calc_mask"
case -11:
pathError.Op = "acl_valid"
case -12:
pathError.Op = "acl_set_file"
default: // unreachable
pathError.Op = "setfacl"
}
return pathError
}

4
internal/system/acl/libacl-helper.h
View File

@@ -1,4 +0,0 @@
#include <sys/acl.h>
int hakurei_acl_update_file_by_uid(const char *path_p, uid_t uid,
acl_perm_t *perms, size_t plen);

60
internal/system/acl/libacl-helper_test.go
View File

@@ -1,60 +0,0 @@
package acl
import (
"os"
"reflect"
"syscall"
"testing"
"hakurei.app/container"
)
func TestNewAclPathError(t *testing.T) {
testCases := []struct {
name string
path string
r int
err error
want error
}{
{"nil", container.Nonexistent, 0, syscall.ENOTRECOVERABLE, nil},
{"acl_get_file", container.Nonexistent, -1, syscall.ENOTRECOVERABLE,
&os.PathError{Op: "acl_get_file", Path: container.Nonexistent, Err: syscall.ENOTRECOVERABLE}},
{"acl_get_tag_type", container.Nonexistent, -2, syscall.ENOTRECOVERABLE,
&os.PathError{Op: "acl_get_tag_type", Path: container.Nonexistent, Err: syscall.ENOTRECOVERABLE}},
{"acl_get_qualifier", container.Nonexistent, -3, syscall.ENOTRECOVERABLE,
&os.PathError{Op: "acl_get_qualifier", Path: container.Nonexistent, Err: syscall.ENOTRECOVERABLE}},
{"acl_delete_entry", container.Nonexistent, -4, syscall.ENOTRECOVERABLE,
&os.PathError{Op: "acl_delete_entry", Path: container.Nonexistent, Err: syscall.ENOTRECOVERABLE}},
{"acl_create_entry", container.Nonexistent, -5, syscall.ENOTRECOVERABLE,
&os.PathError{Op: "acl_create_entry", Path: container.Nonexistent, Err: syscall.ENOTRECOVERABLE}},
{"acl_get_permset", container.Nonexistent, -6, syscall.ENOTRECOVERABLE,
&os.PathError{Op: "acl_get_permset", Path: container.Nonexistent, Err: syscall.ENOTRECOVERABLE}},
{"acl_add_perm", container.Nonexistent, -7, syscall.ENOTRECOVERABLE,
&os.PathError{Op: "acl_add_perm", Path: container.Nonexistent, Err: syscall.ENOTRECOVERABLE}},
{"acl_set_tag_type", container.Nonexistent, -8, syscall.ENOTRECOVERABLE,
&os.PathError{Op: "acl_set_tag_type", Path: container.Nonexistent, Err: syscall.ENOTRECOVERABLE}},
{"acl_set_qualifier", container.Nonexistent, -9, syscall.ENOTRECOVERABLE,
&os.PathError{Op: "acl_set_qualifier", Path: container.Nonexistent, Err: syscall.ENOTRECOVERABLE}},
{"acl_calc_mask", container.Nonexistent, -10, syscall.ENOTRECOVERABLE,
&os.PathError{Op: "acl_calc_mask", Path: container.Nonexistent, Err: syscall.ENOTRECOVERABLE}},
{"acl_valid", container.Nonexistent, -11, syscall.ENOTRECOVERABLE,
&os.PathError{Op: "acl_valid", Path: container.Nonexistent, Err: syscall.ENOTRECOVERABLE}},
{"acl_set_file", container.Nonexistent, -12, syscall.ENOTRECOVERABLE,
&os.PathError{Op: "acl_set_file", Path: container.Nonexistent, Err: syscall.ENOTRECOVERABLE}},
{"acl", container.Nonexistent, -13, syscall.ENOTRECOVERABLE,
&os.PathError{Op: "setfacl", Path: container.Nonexistent, Err: syscall.ENOTRECOVERABLE}},
{"invalid", container.Nonexistent, -0xdead, nil,
&os.PathError{Op: "setfacl", Path: container.Nonexistent}},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
err := newAclPathError(tc.path, tc.r, tc.err)
if !reflect.DeepEqual(err, tc.want) {
t.Errorf("newAclPathError: %v, want %v", err, tc.want)
}
})
}
}

18
internal/system/acl/perms.go
View File

@@ -1,18 +0,0 @@
package acl
type Perms []Perm
func (ps Perms) String() string {
var s = []byte("---")
for _, p := range ps {
switch p {
case Read:
s[0] = 'r'
case Write:
s[1] = 'w'
case Execute:
s[2] = 'x'
}
}
return string(s)
}

30
internal/system/acl/perms_test.go
View File

@@ -1,30 +0,0 @@
package acl_test
import (
"testing"
"hakurei.app/internal/system/acl"
)
func TestPerms(t *testing.T) {
testCases := []struct {
name string
perms acl.Perms
}{
{"---", acl.Perms{}},
{"r--", acl.Perms{acl.Read}},
{"-w-", acl.Perms{acl.Write}},
{"--x", acl.Perms{acl.Execute}},
{"rw-", acl.Perms{acl.Read, acl.Read, acl.Write}},
{"r-x", acl.Perms{acl.Read, acl.Execute, acl.Execute}},
{"-wx", acl.Perms{acl.Write, acl.Write, acl.Execute, acl.Execute}},
{"rwx", acl.Perms{acl.Read, acl.Write, acl.Execute}},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
if got := tc.perms.String(); got != tc.name {
t.Errorf("String: %q, want %q", got, tc.name)
}
})
}
}

2
internal/system/acl_test.go
View File

@@ -7,7 +7,7 @@ import (
"hakurei.app/container/stub"
"hakurei.app/hst"
"hakurei.app/internal/system/acl"
"hakurei.app/internal/acl"
)
func TestACLUpdateOp(t *testing.T) {

2
internal/system/dbus.go
View File

@@ -13,7 +13,7 @@ import (
"hakurei.app/container"
"hakurei.app/hst"
"hakurei.app/internal/system/dbus"
"hakurei.app/internal/dbus"
)
// ErrDBusConfig is returned when a required [hst.BusConfig] argument is nil.

193
internal/system/dbus/address.go
View File

@@ -1,193 +0,0 @@
package dbus
import (
"bytes"
"encoding/hex"
"errors"
"fmt"
"slices"
)
type AddrEntry struct {
Method string `json:"method"`
Values [][2]string `json:"values"`
}
// EqualAddrEntries returns whether two slices of [AddrEntry] are equal.
func EqualAddrEntries(entries, target []AddrEntry) bool {
return slices.EqualFunc(entries, target, func(a AddrEntry, b AddrEntry) bool {
return a.Method == b.Method && slices.Equal(a.Values, b.Values)
})
}
// Parse parses D-Bus address according to
// https://dbus.freedesktop.org/doc/dbus-specification.html#addresses
func Parse(addr []byte) ([]AddrEntry, error) {
// Look for a semicolon
address := bytes.Split(bytes.TrimSuffix(addr, []byte{';'}), []byte{';'})
// Allocate for entries
v := make([]AddrEntry, len(address))
for i, s := range address {
var pairs [][]byte
// Look for the colon :
if method, list, ok := bytes.Cut(s, []byte{':'}); !ok {
return v, &BadAddressError{ErrNoColon, i, s, -1, nil}
} else {
pairs = bytes.Split(list, []byte{','})
v[i].Method = string(method)
v[i].Values = make([][2]string, len(pairs))
}
for j, pair := range pairs {
key, value, ok := bytes.Cut(pair, []byte{'='})
if !ok {
return v, &BadAddressError{ErrBadPairSep, i, s, j, pair}
}
if len(key) == 0 {
return v, &BadAddressError{ErrBadPairKey, i, s, j, pair}
}
if len(value) == 0 {
return v, &BadAddressError{ErrBadPairVal, i, s, j, pair}
}
v[i].Values[j][0] = string(key)
if val, errno := unescapeValue(value); errno != errSuccess {
return v, &BadAddressError{errno, i, s, j, pair}
} else {
v[i].Values[j][1] = string(val)
}
}
}
return v, nil
}
func unescapeValue(v []byte) (val []byte, errno ParseError) {
if l := len(v) - (bytes.Count(v, []byte{'%'}) * 2); l < 0 {
errno = ErrBadValLength
return
} else {
val = make([]byte, l)
}
var i, skip int
for iu, b := range v {
if skip > 0 {
skip--
continue
}
if ib := bytes.IndexByte([]byte("-_/.\\*"), b); ib != -1 { // - // _/.\*
goto opt
} else if b >= '0' && b <= '9' { // 0-9
goto opt
} else if b >= 'A' && b <= 'Z' { // A-Z
goto opt
} else if b >= 'a' && b <= 'z' { // a-z
goto opt
}
if b != '%' {
errno = ErrBadValByte
break
}
skip += 2
if iu+2 >= len(v) {
errno = ErrBadValHexLength
break
}
if c, err := hex.Decode(val[i:i+1], v[iu+1:iu+3]); err != nil {
if errors.As(err, new(hex.InvalidByteError)) {
errno = ErrBadValHexByte
break
}
// unreachable
panic(err.Error())
} else if c != 1 {
// unreachable
panic(fmt.Sprintf("invalid decode length %d", c))
}
i++
continue
opt:
val[i] = b
i++
}
return
}
type ParseError uint8
func (e ParseError) Error() string {
switch e {
case errSuccess:
panic("attempted to return success as error")
case ErrNoColon:
return "address does not contain a colon"
case ErrBadPairSep:
return "'=' character not found"
case ErrBadPairKey:
return "'=' character has no key preceding it"
case ErrBadPairVal:
return "'=' character has no value following it"
case ErrBadValLength:
return "unescaped value has impossible length"
case ErrBadValByte:
return "in D-Bus address, characters other than [-0-9A-Za-z_/.\\*] should have been escaped"
case ErrBadValHexLength:
return "in D-Bus address, percent character was not followed by two hex digits"
case ErrBadValHexByte:
return "in D-Bus address, percent character was followed by characters other than hex digits"
default:
return fmt.Sprintf("parse error %d", e)
}
}
const (
errSuccess ParseError = iota
ErrNoColon
ErrBadPairSep
ErrBadPairKey
ErrBadPairVal
ErrBadValLength
ErrBadValByte
ErrBadValHexLength
ErrBadValHexByte
)
type BadAddressError struct {
// error type
Type ParseError
// bad entry position
EntryPos int
// bad entry value
EntryVal []byte
// bad pair position
PairPos int
// bad pair value
PairVal []byte
}
func (a *BadAddressError) Is(err error) bool {
var b *BadAddressError
return errors.As(err, &b) && a.Type == b.Type &&
a.EntryPos == b.EntryPos && slices.Equal(a.EntryVal, b.EntryVal) &&
a.PairPos == b.PairPos && slices.Equal(a.PairVal, b.PairVal)
}
func (a *BadAddressError) Error() string {
return a.Type.Error()
}
func (a *BadAddressError) Unwrap() error {
return a.Type
}

59
internal/system/dbus/address_escape_test.go
View File

@@ -1,59 +0,0 @@
package dbus
import (
"testing"
)
func TestUnescapeValue(t *testing.T) {
t.Parallel()
testCases := []struct {
value string
want string
wantErr ParseError
}{
// upstream test cases
{value: "abcde", want: "abcde"},
{value: "", want: ""},
{value: "%20%20", want: " "},
{value: "%24", want: "$"},
{value: "%25", want: "%"},
{value: "abc%24", want: "abc$"},
{value: "%24abc", want: "$abc"},
{value: "abc%24abc", want: "abc$abc"},
{value: "/", want: "/"},
{value: "-", want: "-"},
{value: "_", want: "_"},
{value: "A", want: "A"},
{value: "I", want: "I"},
{value: "Z", want: "Z"},
{value: "a", want: "a"},
{value: "i", want: "i"},
{value: "z", want: "z"},
/* Bug: https://bugs.freedesktop.org/show_bug.cgi?id=53499 */
{value: "%c3%b6", want: "\xc3\xb6"},
{value: "%a", wantErr: ErrBadValHexLength},
{value: "%q", wantErr: ErrBadValHexLength},
{value: "%az", wantErr: ErrBadValHexByte},
{value: "%%", wantErr: ErrBadValLength},
{value: "%$$", wantErr: ErrBadValHexByte},
{value: "abc%a", wantErr: ErrBadValHexLength},
{value: "%axyz", wantErr: ErrBadValHexByte},
{value: "%", wantErr: ErrBadValLength},
{value: "$", wantErr: ErrBadValByte},
{value: " ", wantErr: ErrBadValByte},
}
for _, tc := range testCases {
t.Run("unescape "+tc.value, func(t *testing.T) {
t.Parallel()
if got, errno := unescapeValue([]byte(tc.value)); errno != tc.wantErr {
t.Errorf("unescapeValue() errno = %v, wantErr %v", errno, tc.wantErr)
} else if tc.wantErr == errSuccess && string(got) != tc.want {
t.Errorf("unescapeValue() = %q, want %q", got, tc.want)
}
})
}
}

123
internal/system/dbus/address_test.go
View File

@@ -1,123 +0,0 @@
package dbus_test
import (
"errors"
"reflect"
"testing"
"hakurei.app/internal/system/dbus"
)
func TestParse(t *testing.T) {
t.Parallel()
testCases := []struct {
name string
addr string
want []dbus.AddrEntry
wantErr error
}{
{
name: "simple session unix",
addr: "unix:path=/run/user/1971/bus",
want: []dbus.AddrEntry{{
Method: "unix",
Values: [][2]string{{"path", "/run/user/1971/bus"}},
}},
},
{
name: "simple upper escape",
addr: "debug:name=Test,cat=cute,escaped=%c3%b6",
want: []dbus.AddrEntry{{
Method: "debug",
Values: [][2]string{
{"name", "Test"},
{"cat", "cute"},
{"escaped", "\xc3\xb6"},
},
}},
},
{
name: "simple bad escape",
addr: "debug:name=%",
wantErr: &dbus.BadAddressError{Type: dbus.ErrBadValLength,
EntryPos: 0, EntryVal: []byte("debug:name=%"), PairPos: 0, PairVal: []byte("name=%")},
},
// upstream test cases
{
name: "full address success",
addr: "unix:path=/tmp/foo;debug:name=test,sliff=sloff;",
want: []dbus.AddrEntry{
{Method: "unix", Values: [][2]string{{"path", "/tmp/foo"}}},
{Method: "debug", Values: [][2]string{{"name", "test"}, {"sliff", "sloff"}}},
},
},
{
name: "empty address",
addr: "",
wantErr: &dbus.BadAddressError{Type: dbus.ErrNoColon,
EntryVal: []byte{}, PairPos: -1},
},
{
name: "no body",
addr: "foo",
wantErr: &dbus.BadAddressError{Type: dbus.ErrNoColon,
EntryPos: 0, EntryVal: []byte("foo"), PairPos: -1},
},
{
name: "no pair separator",
addr: "foo:bar",
wantErr: &dbus.BadAddressError{Type: dbus.ErrBadPairSep,
EntryPos: 0, EntryVal: []byte("foo:bar"), PairPos: 0, PairVal: []byte("bar")},
},
{
name: "no pair separator multi pair",
addr: "foo:bar,baz",
wantErr: &dbus.BadAddressError{Type: dbus.ErrBadPairSep,
EntryPos: 0, EntryVal: []byte("foo:bar,baz"), PairPos: 0, PairVal: []byte("bar")},
},
{
name: "no pair separator single valid pair",
addr: "foo:bar=foo,baz",
wantErr: &dbus.BadAddressError{Type: dbus.ErrBadPairSep,
EntryPos: 0, EntryVal: []byte("foo:bar=foo,baz"), PairPos: 1, PairVal: []byte("baz")},
},
{
name: "no body single valid address",
addr: "foo:bar=foo;baz",
wantErr: &dbus.BadAddressError{Type: dbus.ErrNoColon,
EntryPos: 1, EntryVal: []byte("baz"), PairPos: -1},
},
{
name: "no key",
addr: "foo:=foo",
wantErr: &dbus.BadAddressError{Type: dbus.ErrBadPairKey,
EntryPos: 0, EntryVal: []byte("foo:=foo"), PairPos: 0, PairVal: []byte("=foo")},
},
{
name: "no value",
addr: "foo:foo=",
wantErr: &dbus.BadAddressError{Type: dbus.ErrBadPairVal,
EntryPos: 0, EntryVal: []byte("foo:foo="), PairPos: 0, PairVal: []byte("foo=")},
},
{
name: "no pair separator single valid pair trailing",
addr: "foo:foo,bar=baz",
wantErr: &dbus.BadAddressError{Type: dbus.ErrBadPairSep,
EntryPos: 0, EntryVal: []byte("foo:foo,bar=baz"), PairPos: 0, PairVal: []byte("foo")},
},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
t.Parallel()
if got, err := dbus.Parse([]byte(tc.addr)); !errors.Is(err, tc.wantErr) {
t.Errorf("Parse() error = %v, wantErr %v", err, tc.wantErr)
} else if tc.wantErr == nil && !reflect.DeepEqual(got, tc.want) {
t.Errorf("Parse() = %#v, want %#v", got, tc.want)
}
})
}
}

71
internal/system/dbus/config.go
View File

@@ -1,71 +0,0 @@
package dbus
import (
"hakurei.app/hst"
)
// ProxyPair is an upstream dbus address and a downstream socket path.
type ProxyPair [2]string
// Args returns the xdg-dbus-proxy arguments equivalent of [hst.BusConfig].
func Args(c *hst.BusConfig, bus ProxyPair) (args []string) {
argc := 2 + len(c.See) + len(c.Talk) + len(c.Own) + len(c.Call) + len(c.Broadcast)
if c.Log {
argc++
}
if c.Filter {
argc++
}
args = make([]string, 0, argc)
args = append(args, bus[0], bus[1])
if c.Filter {
args = append(args, "--filter")
}
for _, name := range c.See {
args = append(args, "--see="+name)
}
for _, name := range c.Talk {
args = append(args, "--talk="+name)
}
for _, name := range c.Own {
args = append(args, "--own="+name)
}
for name, rule := range c.Call {
args = append(args, "--call="+name+"="+rule)
}
for name, rule := range c.Broadcast {
args = append(args, "--broadcast="+name+"="+rule)
}
if c.Log {
args = append(args, "--log")
}
return
}
// NewConfig returns the address of a new [hst.BusConfig] with optional defaults.
func NewConfig(id string, defaults, mpris bool) *hst.BusConfig {
c := hst.BusConfig{
Call: make(map[string]string),
Broadcast: make(map[string]string),
Filter: true,
}
if defaults {
c.Talk = []string{"org.freedesktop.DBus", "org.freedesktop.Notifications"}
c.Call["org.freedesktop.portal.*"] = "*"
c.Broadcast["org.freedesktop.portal.*"] = "@/org/freedesktop/portal/*"
if id != "" {
c.Own = []string{id + ".*"}
if mpris {
c.Own = append(c.Own, "org.mpris.MediaPlayer2."+id+".*")
}
}
}
return &c
}

124
internal/system/dbus/config_test.go
View File

@@ -1,124 +0,0 @@
package dbus_test
import (
"reflect"
"slices"
"strings"
"testing"
"hakurei.app/hst"
"hakurei.app/internal/system/dbus"
)
func TestConfigArgs(t *testing.T) {
t.Parallel()
for _, tc := range testCasesExt {
if tc.wantErr {
// args does not check for nulls
continue
}
t.Run("build arguments for "+tc.id, func(t *testing.T) {
t.Parallel()
if got := dbus.Args(tc.c, tc.bus); !slices.Equal(got, tc.want) {
t.Errorf("Args: %v, want %v", got, tc.want)
}
})
}
}
func TestNewConfig(t *testing.T) {
t.Parallel()
ids := [...]string{"org.chromium.Chromium", "dev.vencord.Vesktop"}
type newTestCase struct {
id string
args [2]bool
want *hst.BusConfig
}
// populate tests from IDs in generic tests
tcs := make([]newTestCase, 0, (len(ids)+1)*4)
// tests for defaults without id
tcs = append(tcs,
newTestCase{"", [2]bool{false, false}, &hst.BusConfig{
Call: make(map[string]string),
Broadcast: make(map[string]string),
Filter: true,
}},
newTestCase{"", [2]bool{false, true}, &hst.BusConfig{
Call: make(map[string]string),
Broadcast: make(map[string]string),
Filter: true,
}},
newTestCase{"", [2]bool{true, false}, &hst.BusConfig{
Talk: []string{"org.freedesktop.DBus", "org.freedesktop.Notifications"},
Call: map[string]string{"org.freedesktop.portal.*": "*"},
Broadcast: map[string]string{"org.freedesktop.portal.*": "@/org/freedesktop/portal/*"},
Filter: true,
}},
newTestCase{"", [2]bool{true, true}, &hst.BusConfig{
Talk: []string{"org.freedesktop.DBus", "org.freedesktop.Notifications"},
Call: map[string]string{"org.freedesktop.portal.*": "*"},
Broadcast: map[string]string{"org.freedesktop.portal.*": "@/org/freedesktop/portal/*"},
Filter: true,
}},
)
for _, id := range ids {
tcs = append(tcs,
newTestCase{id, [2]bool{false, false}, &hst.BusConfig{
Call: make(map[string]string),
Broadcast: make(map[string]string),
Filter: true,
}},
newTestCase{id, [2]bool{false, true}, &hst.BusConfig{
Call: make(map[string]string),
Broadcast: make(map[string]string),
Filter: true,
}},
newTestCase{id, [2]bool{true, false}, &hst.BusConfig{
Talk: []string{"org.freedesktop.DBus", "org.freedesktop.Notifications"},
Own: []string{id + ".*"},
Call: map[string]string{"org.freedesktop.portal.*": "*"},
Broadcast: map[string]string{"org.freedesktop.portal.*": "@/org/freedesktop/portal/*"},
Filter: true,
}},
newTestCase{id, [2]bool{true, true}, &hst.BusConfig{
Talk: []string{"org.freedesktop.DBus", "org.freedesktop.Notifications"},
Own: []string{id + ".*", "org.mpris.MediaPlayer2." + id + ".*"},
Call: map[string]string{"org.freedesktop.portal.*": "*"},
Broadcast: map[string]string{"org.freedesktop.portal.*": "@/org/freedesktop/portal/*"},
Filter: true,
}},
)
}
for _, tc := range tcs {
name := new(strings.Builder)
name.WriteString("create new configuration struct")
if tc.args[0] {
name.WriteString(" with builtin defaults")
if tc.args[1] {
name.WriteString(" (mpris)")
}
}
if tc.id != "" {
name.WriteString(" for application ID ")
name.WriteString(tc.id)
}
t.Run(name.String(), func(t *testing.T) {
t.Parallel()
if gotC := dbus.NewConfig(tc.id, tc.args[0], tc.args[1]); !reflect.DeepEqual(gotC, tc.want) {
t.Errorf("NewConfig(%q, %t, %t) = %v, want %v",
tc.id, tc.args[0], tc.args[1],
gotC, tc.want)
}
})
}
}

69
internal/system/dbus/dbus.go
View File

@@ -1,69 +0,0 @@
// Package dbus wraps xdg-dbus-proxy and implements configuration and sandboxing of the underlying helper process.
package dbus
import (
"fmt"
"os"
"sync"
)
const (
/*
SessionBusAddress is the name of the environment variable where the address of the login session message bus is given in.
If that variable is not set, applications may also try to read the address from the X Window System root window property _DBUS_SESSION_BUS_ADDRESS.
The root window property must have type STRING. The environment variable should have precedence over the root window property.
The address of the login session message bus is given in the DBUS_SESSION_BUS_ADDRESS environment variable.
If DBUS_SESSION_BUS_ADDRESS is not set, or if it's set to the string "autolaunch:",
the system should use platform-specific methods of locating a running D-Bus session server,
or starting one if a running instance cannot be found.
Note that this mechanism is not recommended for attempting to determine if a daemon is running.
It is inherently racy to attempt to make this determination, since the bus daemon may be started just before or just after the determination is made.
Therefore, it is recommended that applications do not try to make this determination for their functionality purposes, and instead they should attempt to start the server.
This package diverges from the specification, as the caller is unlikely to be an X client, or be in a position to autolaunch a dbus server.
So a fallback address with a socket located in the well-known default XDG_RUNTIME_DIR formatting is used.
*/
SessionBusAddress = "DBUS_SESSION_BUS_ADDRESS"
/*
SystemBusAddress is the name of the environment variable where the address of the system message bus is given in.
If that variable is not set, applications should try to connect to the well-known address unix:path=/var/run/dbus/system_bus_socket.
Implementations of the well-known system bus should listen on an address that will result in that connection being successful.
*/
SystemBusAddress = "DBUS_SYSTEM_BUS_ADDRESS"
// FallbackSystemBusAddress is used when [SystemBusAddress] is not set.
FallbackSystemBusAddress = "unix:path=/var/run/dbus/system_bus_socket"
)
var (
address [2]string
addressOnce sync.Once
)
// Address returns the session and system bus addresses copied from environment,
// or appropriate fallback values if they are not set.
func Address() (session, system string) {
addressOnce.Do(func() {
// resolve upstream session bus address
if addr, ok := os.LookupEnv(SessionBusAddress); !ok {
// fall back to default format
address[0] = fmt.Sprintf("unix:path=/run/user/%d/bus", os.Getuid())
} else {
address[0] = addr
}
// resolve upstream system bus address
if addr, ok := os.LookupEnv(SystemBusAddress); !ok {
// fall back to default hardcoded value
address[1] = FallbackSystemBusAddress
} else {
address[1] = addr
}
})
return address[0], address[1]
}

170
internal/system/dbus/dbus_test.go
View File

@@ -1,170 +0,0 @@
package dbus_test
import (
"context"
"errors"
"fmt"
"io"
"os"
"strings"
"syscall"
"testing"
"time"
"hakurei.app/internal/helper"
"hakurei.app/internal/system/dbus"
"hakurei.app/message"
)
func TestFinalise(t *testing.T) {
if _, err := dbus.Finalise(dbus.ProxyPair{}, dbus.ProxyPair{}, nil, nil); !errors.Is(err, syscall.EBADE) {
t.Errorf("Finalise: error = %v, want %v",
err, syscall.EBADE)
}
for id, tc := range testCasePairs {
t.Run("create final for "+id, func(t *testing.T) {
var wt io.WriterTo
if v, err := dbus.Finalise(tc[0].bus, tc[1].bus, tc[0].c, tc[1].c); (errors.Is(err, syscall.EINVAL)) != tc[0].wantErr {
t.Errorf("Finalise: error = %v, wantErr %v",
err, tc[0].wantErr)
return
} else {
wt = v
}
// rest of the tests happen for sealed instances
if tc[0].wantErr {
return
}
// build null-terminated string from wanted args
want := new(strings.Builder)
args := append(tc[0].want, tc[1].want...)
for _, arg := range args {
want.WriteString(arg)
want.WriteByte(0)
}
got := new(strings.Builder)
if _, err := wt.WriteTo(got); err != nil {
t.Errorf("WriteTo: error = %v", err)
}
if want.String() != got.String() {
t.Errorf("Seal: %q, want %q",
got.String(), want.String())
}
})
}
}
func TestProxyStartWaitCloseString(t *testing.T) {
t.Run("sandbox", func(t *testing.T) { testProxyFinaliseStartWaitCloseString(t, true) })
t.Run("direct", func(t *testing.T) { testProxyFinaliseStartWaitCloseString(t, false) })
}
const (
stubProxyTimeout = 5 * time.Second
)
func testProxyFinaliseStartWaitCloseString(t *testing.T, useSandbox bool) {
{
oldWaitDelay := helper.WaitDelay
helper.WaitDelay = 16 * time.Second
t.Cleanup(func() { helper.WaitDelay = oldWaitDelay })
}
{
proxyName := dbus.ProxyName
dbus.ProxyName = os.Args[0]
t.Cleanup(func() { dbus.ProxyName = proxyName })
}
var p *dbus.Proxy
t.Run("string for nil proxy", func(t *testing.T) {
want := "(invalid dbus proxy)"
if got := p.String(); got != want {
t.Errorf("String: %q, want %q",
got, want)
}
})
t.Run("invalid start", func(t *testing.T) {
if !useSandbox {
p = dbus.NewDirect(t.Context(), message.New(nil), nil, nil)
} else {
p = dbus.New(t.Context(), message.New(nil), nil, nil)
}
if err := p.Start(); !errors.Is(err, syscall.ENOTRECOVERABLE) {
t.Errorf("Start: error = %q, wantErr %q", err, syscall.ENOTRECOVERABLE)
return
}
})
for id, tc := range testCasePairs {
// this test does not test errors
if tc[0].wantErr {
continue
}
t.Run("proxy for "+id, func(t *testing.T) {
var final *dbus.Final
t.Run("finalise", func(t *testing.T) {
if v, err := dbus.Finalise(tc[0].bus, tc[1].bus, tc[0].c, tc[1].c); err != nil {
t.Errorf("Finalise: error = %v, wantErr %v", err, tc[0].wantErr)
return
} else {
final = v
}
})
ctx, cancel := context.WithTimeout(t.Context(), stubProxyTimeout)
defer cancel()
output := new(strings.Builder)
if !useSandbox {
p = dbus.NewDirect(ctx, message.New(nil), final, output)
} else {
p = dbus.New(ctx, message.New(nil), final, output)
}
{ // check invalid wait behaviour
wantErr := "dbus: not started"
if err := p.Wait(); err == nil || err.Error() != wantErr {
t.Errorf("Wait: error = %v, wantErr %v", err, wantErr)
}
}
{ // check string behaviour
want := "(unused dbus proxy)"
if got := p.String(); got != want {
t.Errorf("String: %q, want %q", got, want)
return
}
}
if err := p.Start(); err != nil {
t.Fatalf("Start: error = %v", err)
}
{ // check running string behaviour
wantSubstr := fmt.Sprintf("%s --args=3 --fd=4", os.Args[0])
if useSandbox {
wantSubstr = `argv: ["xdg-dbus-proxy" "--args=3" "--fd=4"], filter: true, rules: 0, flags: 0x1, presets: 0xf`
}
if got := p.String(); !strings.Contains(got, wantSubstr) {
t.Errorf("String: %q, want %q",
got, wantSubstr)
return
}
}
p.Close()
if err := p.Wait(); err != nil {
t.Errorf("Wait: error = %v\noutput: %s", err, output.String())
}
})
}
}

15
internal/system/dbus/export_test.go
View File

@@ -1,15 +0,0 @@
package dbus
import (
"context"
"io"
"hakurei.app/message"
)
// NewDirect returns a new instance of [Proxy] with its sandbox disabled.
func NewDirect(ctx context.Context, msg message.Msg, final *Final, output io.Writer) *Proxy {
p := New(ctx, msg, final, output)
p.useSandbox = false
return p
}

188
internal/system/dbus/proc.go
View File

@@ -1,188 +0,0 @@
package dbus
import (
"context"
"errors"
"os"
"os/exec"
"strconv"
"syscall"
"hakurei.app/container"
"hakurei.app/container/check"
"hakurei.app/container/seccomp"
"hakurei.app/container/std"
"hakurei.app/internal/helper"
"hakurei.app/ldd"
)
// Start starts and configures a D-Bus proxy process.
func (p *Proxy) Start() error {
if p.final == nil || p.final.WriterTo == nil {
return syscall.ENOTRECOVERABLE
}
p.mu.Lock()
defer p.mu.Unlock()
p.pmu.Lock()
defer p.pmu.Unlock()
if p.cancel != nil || p.cause != nil {
return errors.New("dbus: already started")
}
ctx, cancel := context.WithCancelCause(p.ctx)
if !p.useSandbox {
p.helper = helper.NewDirect(ctx, p.name, p.final, true, argF, func(cmd *exec.Cmd) {
if p.output != nil {
cmd.Stdout, cmd.Stderr = p.output, p.output
}
cmd.SysProcAttr = &syscall.SysProcAttr{Setpgid: true}
cmd.Env = make([]string, 0)
}, nil)
} else {
var toolPath *check.Absolute
if a, err := check.NewAbs(p.name); err != nil {
if p.name, err = exec.LookPath(p.name); err != nil {
return err
} else if toolPath, err = check.NewAbs(p.name); err != nil {
return err
}
} else {
toolPath = a
}
var libPaths []*check.Absolute
if entries, err := ldd.Resolve(ctx, p.msg, toolPath); err != nil {
return err
} else {
libPaths = ldd.Path(entries)
}
p.helper = helper.New(
ctx, p.msg, toolPath, "xdg-dbus-proxy",
p.final, true,
argF, func(z *container.Container) {
z.SeccompFlags |= seccomp.AllowMultiarch
z.SeccompPresets |= std.PresetStrict
z.Hostname = "hakurei-dbus"
if p.output != nil {
z.Stdout, z.Stderr = p.output, p.output
}
// these lib paths are unpredictable, so mount them first so they cannot cover anything
for _, name := range libPaths {
z.Bind(name, name, 0)
}
// upstream bus directories
upstreamPaths := make([]*check.Absolute, 0, 2)
for _, addr := range [][]AddrEntry{p.final.SessionUpstream, p.final.SystemUpstream} {
for _, ent := range addr {
if ent.Method != "unix" {
continue
}
for _, pair := range ent.Values {
if pair[0] != "path" {
continue
}
if a, err := check.NewAbs(pair[1]); err != nil {
continue
} else {
upstreamPaths = append(upstreamPaths, a.Dir())
}
}
}
}
check.SortAbs(upstreamPaths)
upstreamPaths = check.CompactAbs(upstreamPaths)
for _, name := range upstreamPaths {
z.Bind(name, name, 0)
}
z.HostNet = len(upstreamPaths) == 0
z.HostAbstract = z.HostNet
// parent directories of bind paths
sockDirPaths := make([]*check.Absolute, 0, 2)
if a, err := check.NewAbs(p.final.Session[1]); err == nil {
sockDirPaths = append(sockDirPaths, a.Dir())
}
if a, err := check.NewAbs(p.final.System[1]); err == nil {
sockDirPaths = append(sockDirPaths, a.Dir())
}
check.SortAbs(sockDirPaths)
sockDirPaths = check.CompactAbs(sockDirPaths)
for _, name := range sockDirPaths {
z.Bind(name, name, std.BindWritable)
}
// xdg-dbus-proxy bin path
binPath := toolPath.Dir()
z.Bind(binPath, binPath, 0)
}, nil)
}
if err := p.helper.Start(); err != nil {
cancel(err)
p.helper = nil
return err
}
p.cancel, p.cause = cancel, func() error { return context.Cause(ctx) }
return nil
}
var proxyClosed = errors.New("proxy closed")
// Wait blocks until xdg-dbus-proxy exits and releases resources.
func (p *Proxy) Wait() error {
p.mu.RLock()
defer p.mu.RUnlock()
p.pmu.RLock()
if p.helper == nil || p.cancel == nil || p.cause == nil {
p.pmu.RUnlock()
return errors.New("dbus: not started")
}
var errs [3]error
errs[0] = p.helper.Wait()
if errors.Is(errs[0], context.Canceled) &&
errors.Is(p.cause(), proxyClosed) {
errs[0] = nil
}
p.pmu.RUnlock()
// ensure socket removal so ephemeral directory is empty at revert
if err := os.Remove(p.final.Session[1]); err != nil && !errors.Is(err, os.ErrNotExist) {
errs[1] = err
}
if p.final.System[1] != "" {
if err := os.Remove(p.final.System[1]); err != nil && !errors.Is(err, os.ErrNotExist) {
errs[2] = err
}
}
return errors.Join(errs[:]...)
}
// Close cancels the context passed to the helper instance attached to xdg-dbus-proxy.
func (p *Proxy) Close() {
p.pmu.Lock()
defer p.pmu.Unlock()
if p.cancel == nil {
panic("dbus: not started")
}
p.cancel(proxyClosed)
}
func argF(argsFd, statFd int) []string {
if statFd == -1 {
return []string{"--args=" + strconv.Itoa(argsFd)}
} else {
return []string{"--args=" + strconv.Itoa(argsFd), "--fd=" + strconv.Itoa(statFd)}
}
}

11
internal/system/dbus/proc_test.go
View File

@@ -1,11 +0,0 @@
package dbus_test
import (
"os"
"testing"
"hakurei.app/container"
"hakurei.app/internal/helper"
)
func TestMain(m *testing.M) { container.TryArgv0(nil); helper.InternalHelperStub(); os.Exit(m.Run()) }

105
internal/system/dbus/proxy.go
View File

@@ -1,105 +0,0 @@
package dbus
import (
"context"
"io"
"sync"
"syscall"
"hakurei.app/hst"
"hakurei.app/internal/helper"
"hakurei.app/message"
)
// ProxyName is the file name or path to the proxy program.
// Overriding ProxyName will only affect Proxy instance created after the change.
var ProxyName = "xdg-dbus-proxy"
// Proxy holds the state of a xdg-dbus-proxy process, and should never be copied.
type Proxy struct {
helper helper.Helper
ctx context.Context
msg message.Msg
cancel context.CancelCauseFunc
cause func() error
final *Final
output io.Writer
useSandbox bool
name string
mu, pmu sync.RWMutex
}
func (p *Proxy) String() string {
if p == nil {
return "(invalid dbus proxy)"
}
p.mu.RLock()
defer p.mu.RUnlock()
if p.helper != nil {
return p.helper.String()
}
return "(unused dbus proxy)"
}
// Final describes the outcome of a proxy configuration.
type Final struct {
Session, System ProxyPair
// parsed upstream address
SessionUpstream, SystemUpstream []AddrEntry
io.WriterTo
}
// Finalise creates a checked argument writer for [Proxy].
func Finalise(sessionBus, systemBus ProxyPair, session, system *hst.BusConfig) (final *Final, err error) {
if session == nil && system == nil {
return nil, syscall.EBADE
}
var args []string
if session != nil {
if err = session.CheckInterfaces("session"); err != nil {
return
}
args = append(args, Args(session, sessionBus)...)
}
if system != nil {
if err = system.CheckInterfaces("system"); err != nil {
return
}
args = append(args, Args(system, systemBus)...)
}
final = &Final{Session: sessionBus, System: systemBus}
final.WriterTo, err = helper.NewCheckedArgs(args...)
if err != nil {
return
}
if session != nil {
final.SessionUpstream, err = Parse([]byte(final.Session[0]))
if err != nil {
return
}
}
if system != nil {
final.SystemUpstream, err = Parse([]byte(final.System[0]))
if err != nil {
return
}
}
return
}
// New returns a new instance of [Proxy].
func New(ctx context.Context, msg message.Msg, final *Final, output io.Writer) *Proxy {
return &Proxy{name: ProxyName, ctx: ctx, msg: msg, final: final, output: output, useSandbox: true}
}

214
internal/system/dbus/samples_test.go
View File

@@ -1,214 +0,0 @@
package dbus_test
import (
"hakurei.app/hst"
)
const (
sampleHostPath = "/tmp/bus"
sampleHostAddr = "unix:path=" + sampleHostPath
sampleBindPath = "/tmp/proxied_bus"
)
var samples = []dbusTestCase{
{
"org.chromium.Chromium", &hst.BusConfig{
See: nil,
Talk: []string{"org.freedesktop.Notifications", "org.freedesktop.FileManager1", "org.freedesktop.ScreenSaver",
"org.freedesktop.secrets", "org.kde.kwalletd5", "org.kde.kwalletd6", "org.gnome.SessionManager"},
Own: []string{"org.chromium.Chromium.*", "org.mpris.MediaPlayer2.org.chromium.Chromium.*",
"org.mpris.MediaPlayer2.chromium.*"},
Call: map[string]string{"org.freedesktop.portal.*": "*"},
Broadcast: map[string]string{"org.freedesktop.portal.*": "@/org/freedesktop/portal/*"},
Log: false,
Filter: true,
}, false, false,
[2]string{sampleHostAddr, sampleBindPath},
[]string{
sampleHostAddr,
sampleBindPath,
"--filter",
"--talk=org.freedesktop.Notifications",
"--talk=org.freedesktop.FileManager1",
"--talk=org.freedesktop.ScreenSaver",
"--talk=org.freedesktop.secrets",
"--talk=org.kde.kwalletd5",
"--talk=org.kde.kwalletd6",
"--talk=org.gnome.SessionManager",
"--own=org.chromium.Chromium.*",
"--own=org.mpris.MediaPlayer2.org.chromium.Chromium.*",
"--own=org.mpris.MediaPlayer2.chromium.*",
"--call=org.freedesktop.portal.*=*",
"--broadcast=org.freedesktop.portal.*=@/org/freedesktop/portal/*",
},
},
{
"org.chromium.Chromium+", &hst.BusConfig{
See: nil,
Talk: []string{"org.bluez", "org.freedesktop.Avahi", "org.freedesktop.UPower"},
Own: nil,
Call: nil,
Broadcast: nil,
Log: false,
Filter: true,
}, false, false,
[2]string{sampleHostAddr, sampleBindPath},
[]string{
sampleHostAddr,
sampleBindPath,
"--filter",
"--talk=org.bluez",
"--talk=org.freedesktop.Avahi",
"--talk=org.freedesktop.UPower",
},
},
{
"dev.vencord.Vesktop", &hst.BusConfig{
See: nil,
Talk: []string{"org.freedesktop.Notifications", "org.kde.StatusNotifierWatcher"},
Own: []string{"dev.vencord.Vesktop.*", "org.mpris.MediaPlayer2.dev.vencord.Vesktop.*"},
Call: map[string]string{"org.freedesktop.portal.*": "*"},
Broadcast: map[string]string{"org.freedesktop.portal.*": "@/org/freedesktop/portal/*"},
Log: false,
Filter: true,
}, false, false,
[2]string{sampleHostAddr, sampleBindPath},
[]string{
sampleHostAddr,
sampleBindPath,
"--filter",
"--talk=org.freedesktop.Notifications",
"--talk=org.kde.StatusNotifierWatcher",
"--own=dev.vencord.Vesktop.*",
"--own=org.mpris.MediaPlayer2.dev.vencord.Vesktop.*",
"--call=org.freedesktop.portal.*=*",
"--broadcast=org.freedesktop.portal.*=@/org/freedesktop/portal/*"},
},
{
"uk.gensokyo.CrashTestDummy", &hst.BusConfig{
See: []string{"uk.gensokyo.CrashTestDummy1"},
Talk: []string{"org.freedesktop.Notifications"},
Own: []string{"uk.gensokyo.CrashTestDummy.*", "org.mpris.MediaPlayer2.uk.gensokyo.CrashTestDummy.*"},
Call: map[string]string{"org.freedesktop.portal.*": "*"},
Broadcast: map[string]string{"org.freedesktop.portal.*": "@/org/freedesktop/portal/*"},
Log: true,
Filter: true,
}, false, false,
[2]string{sampleHostAddr, sampleBindPath},
[]string{
sampleHostAddr,
sampleBindPath,
"--filter",
"--see=uk.gensokyo.CrashTestDummy1",
"--talk=org.freedesktop.Notifications",
"--own=uk.gensokyo.CrashTestDummy.*",
"--own=org.mpris.MediaPlayer2.uk.gensokyo.CrashTestDummy.*",
"--call=org.freedesktop.portal.*=*",
"--broadcast=org.freedesktop.portal.*=@/org/freedesktop/portal/*",
"--log"},
},
{
"uk.gensokyo.CrashTestDummy1", &hst.BusConfig{
See: []string{"uk.gensokyo.CrashTestDummy"},
Talk: []string{"org.freedesktop.Notifications"},
Own: []string{"uk.gensokyo.CrashTestDummy1.*", "org.mpris.MediaPlayer2.uk.gensokyo.CrashTestDummy1.*"},
Call: map[string]string{"org.freedesktop.portal.*": "*"},
Broadcast: map[string]string{"org.freedesktop.portal.*": "@/org/freedesktop/portal/*"},
Log: true,
Filter: true,
}, false, true,
[2]string{sampleHostAddr, sampleBindPath},
[]string{
sampleHostAddr,
sampleBindPath,
"--filter",
"--see=uk.gensokyo.CrashTestDummy",
"--talk=org.freedesktop.Notifications",
"--own=uk.gensokyo.CrashTestDummy1.*",
"--own=org.mpris.MediaPlayer2.uk.gensokyo.CrashTestDummy1.*",
"--call=org.freedesktop.portal.*=*",
"--broadcast=org.freedesktop.portal.*=@/org/freedesktop/portal/*",
"--log"},
},
}
type dbusTestCase struct {
id string
c *hst.BusConfig
wantErr bool
wantErrF bool
bus [2]string
want []string
}
var (
testCasesExt = func() []dbusTestCase {
testCases := make([]dbusTestCase, len(samples)*2)
for i := range samples {
testCases[i] = samples[i]
fi := &testCases[len(samples)+i]
*fi = samples[i]
// create null-injected test cases
fi.wantErr = true
injectNulls := func(t *[]string) {
f := make([]string, len(*t))
for i := range f {
f[i] = "\x00" + (*t)[i] + "\x00"
}
*t = f
}
fi.c = new(hst.BusConfig)
*fi.c = *samples[i].c
injectNulls(&fi.c.See)
injectNulls(&fi.c.Talk)
injectNulls(&fi.c.Own)
}
return testCases
}()
testCasePairs = func() map[string][2]dbusTestCase {
// enumerate test case pairs
var pc int
for _, tc := range samples {
if tc.id != "" {
pc++
}
}
pairs := make(map[string][2]dbusTestCase, pc)
for i, tc := range testCasesExt {
if tc.id == "" {
continue
}
// skip already enumerated system bus test
if tc.id[len(tc.id)-1] == '+' {
continue
}
ftp := [2]dbusTestCase{tc}
// system proxy tests always place directly after its user counterpart with id ending in +
if i+1 < len(testCasesExt) && testCasesExt[i+1].id[len(testCasesExt[i+1].id)-1] == '+' {
// attach system bus config
ftp[1] = testCasesExt[i+1]
// check for misplaced/mismatching tests
if ftp[0].wantErr != ftp[1].wantErr || ftp[0].id+"+" != ftp[1].id {
panic("mismatching session/system pairing")
}
}
k := tc.id
if tc.wantErr {
k = "malformed_" + k
}
pairs[k] = ftp
}
return pairs
}()
)

18
internal/system/dbus/testdata/dev.vencord.Vesktop.json vendored
View File

@@ -1,18 +0,0 @@
{
"talk":[
"org.freedesktop.Notifications",
"org.kde.StatusNotifierWatcher"
],
"own":[
"dev.vencord.Vesktop.*",
"org.mpris.MediaPlayer2.dev.vencord.Vesktop.*"
],
"call":{
"org.freedesktop.portal.*":"*"
},
"broadcast":{
"org.freedesktop.portal.*":"@/org/freedesktop/portal/*"
},
"filter":true
}

9
internal/system/dbus/testdata/org.chromium.Chromium+.json vendored
View File

@@ -1,9 +0,0 @@
{
"talk":[
"org.bluez",
"org.freedesktop.Avahi",
"org.freedesktop.UPower"
],
"filter":true
}

24
internal/system/dbus/testdata/org.chromium.Chromium.json vendored
View File

@@ -1,24 +0,0 @@
{
"talk":[
"org.freedesktop.Notifications",
"org.freedesktop.FileManager1",
"org.freedesktop.ScreenSaver",
"org.freedesktop.secrets",
"org.kde.kwalletd5",
"org.kde.kwalletd6",
"org.gnome.SessionManager"
],
"own":[
"org.chromium.Chromium.*",
"org.mpris.MediaPlayer2.org.chromium.Chromium.*",
"org.mpris.MediaPlayer2.chromium.*"
],
"call":{
"org.freedesktop.portal.*":"*"
},
"broadcast":{
"org.freedesktop.portal.*":"@/org/freedesktop/portal/*"
},
"filter":true
}

21
internal/system/dbus/testdata/uk.gensokyo.CrashTestDummy.json vendored
View File

@@ -1,21 +0,0 @@
{
"see": [
"uk.gensokyo.CrashTestDummy1"
],
"talk":[
"org.freedesktop.Notifications"
],
"own":[
"uk.gensokyo.CrashTestDummy.*",
"org.mpris.MediaPlayer2.uk.gensokyo.CrashTestDummy.*"
],
"call":{
"org.freedesktop.portal.*":"*"
},
"broadcast":{
"org.freedesktop.portal.*":"@/org/freedesktop/portal/*"
},
"log": true,
"filter":true
}

2
internal/system/dbus_test.go
View File

@@ -11,8 +11,8 @@ import (
"hakurei.app/container/stub"
"hakurei.app/hst"
"hakurei.app/internal/dbus"
"hakurei.app/internal/helper"
"hakurei.app/internal/system/dbus"
)
func TestDBusProxyOp(t *testing.T) {

6
internal/system/dispatcher.go
View File

@@ -7,9 +7,9 @@ import (
"os"
"hakurei.app/hst"
"hakurei.app/internal/system/acl"
"hakurei.app/internal/system/dbus"
"hakurei.app/internal/system/xcb"
"hakurei.app/internal/acl"
"hakurei.app/internal/dbus"
"hakurei.app/internal/xcb"
)
type osFile interface {

6
internal/system/dispatcher_test.go
View File

@@ -10,9 +10,9 @@ import (
"hakurei.app/container/stub"
"hakurei.app/hst"
"hakurei.app/internal/system/acl"
"hakurei.app/internal/system/dbus"
"hakurei.app/internal/system/xcb"
"hakurei.app/internal/acl"
"hakurei.app/internal/dbus"
"hakurei.app/internal/xcb"
)
// call initialises a [stub.Call].

2
internal/system/system_test.go
View File

@@ -11,7 +11,7 @@ import (
"hakurei.app/container/check"
"hakurei.app/container/stub"
"hakurei.app/hst"
"hakurei.app/internal/system/xcb"
"hakurei.app/internal/xcb"
"hakurei.app/message"
)

4
internal/system/wayland.go
View File

@@ -7,8 +7,8 @@ import (
"hakurei.app/container/check"
"hakurei.app/hst"
"hakurei.app/internal/system/acl"
"hakurei.app/internal/system/wayland"
"hakurei.app/internal/acl"
"hakurei.app/internal/wayland"
)
type waylandConn interface {

122
internal/system/wayland/conn.go
View File

@@ -1,122 +0,0 @@
package wayland
import (
"errors"
"net"
"os"
"runtime"
"sync"
"syscall"
)
// Conn represents a connection to the wayland display server.
type Conn struct {
conn *net.UnixConn
done chan struct{}
doneOnce sync.Once
mu sync.Mutex
}
// Attach connects Conn to a wayland socket.
func (c *Conn) Attach(p string) (err error) {
c.mu.Lock()
defer c.mu.Unlock()
if c.conn != nil {
return errors.New("socket already attached")
}
c.conn, err = net.DialUnix("unix", nil, &net.UnixAddr{Name: p, Net: "unix"})
return
}
// Close releases resources and closes the connection to the wayland compositor.
func (c *Conn) Close() error {
c.mu.Lock()
defer c.mu.Unlock()
if c.done == nil {
return errors.New("no socket bound")
}
c.doneOnce.Do(func() {
c.done <- struct{}{}
<-c.done
})
// closed by wayland
runtime.SetFinalizer(c.conn, nil)
return nil
}
// Bind binds the new socket to pathname.
func (c *Conn) Bind(pathname, appID, instanceID string) (*os.File, error) {
c.mu.Lock()
defer c.mu.Unlock()
if c.conn == nil {
return nil, errors.New("socket not attached")
}
if c.done != nil {
return nil, errors.New("socket already bound")
}
if rc, err := c.conn.SyscallConn(); err != nil {
// unreachable
return nil, err
} else {
c.done = make(chan struct{})
return bindRawConn(c.done, rc, pathname, appID, instanceID)
}
}
func bindRawConn(done chan struct{}, rc syscall.RawConn, p, appID, instanceID string) (*os.File, error) {
var syncPipe [2]*os.File
if r, w, err := os.Pipe(); err != nil {
return nil, err
} else {
syncPipe[0] = r
syncPipe[1] = w
}
setupDone := make(chan error, 1) // does not block with c.done
go func() {
if err := rc.Control(func(fd uintptr) {
// prevent runtime from closing the read end of sync fd
runtime.SetFinalizer(syncPipe[0], nil)
// allow the Bind method to return after setup
setupDone <- bind(fd, p, appID, instanceID, syncPipe[0].Fd())
close(setupDone)
// keep socket alive until done is requested
<-done
runtime.KeepAlive(syncPipe[1])
}); err != nil {
setupDone <- err
}
// notify Close that rc.Control has returned
close(done)
}()
// return write end of the pipe
return syncPipe[1], <-setupDone
}
func bind(fd uintptr, p, appID, instanceID string, syncFd uintptr) error {
// ensure p is available
if f, err := os.Create(p); err != nil {
return err
} else if err = f.Close(); err != nil {
return err
} else if err = os.Remove(p); err != nil {
return err
}
return bindWaylandFd(p, fd, appID, instanceID, syncFd)
}

74
internal/system/wayland/security-context-v1-protocol.c
View File

@@ -1,74 +0,0 @@
/* Generated by wayland-scanner 1.23.1 */
/*
* Copyright © 2021 Simon Ser
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice (including the next
* paragraph) shall be included in all copies or substantial portions of the
* Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
*/
#include <stdbool.h>
#include <stdlib.h>
#include <stdint.h>
#include "wayland-util.h"
#ifndef __has_attribute
# define __has_attribute(x) 0 /* Compatibility with non-clang compilers. */
#endif
#if (__has_attribute(visibility) || defined(__GNUC__) && __GNUC__ >= 4)
#define WL_PRIVATE __attribute__ ((visibility("hidden")))
#else
#define WL_PRIVATE
#endif
extern const struct wl_interface wp_security_context_v1_interface;
static const struct wl_interface *security_context_v1_types[] = {
NULL,
&wp_security_context_v1_interface,
NULL,
NULL,
};
static const struct wl_message wp_security_context_manager_v1_requests[] = {
{ "destroy", "", security_context_v1_types + 0 },
{ "create_listener", "nhh", security_context_v1_types + 1 },
};
WL_PRIVATE const struct wl_interface wp_security_context_manager_v1_interface = {
"wp_security_context_manager_v1", 1,
2, wp_security_context_manager_v1_requests,
0, NULL,
};
static const struct wl_message wp_security_context_v1_requests[] = {
{ "destroy", "", security_context_v1_types + 0 },
{ "set_sandbox_engine", "s", security_context_v1_types + 0 },
{ "set_app_id", "s", security_context_v1_types + 0 },
{ "set_instance_id", "s", security_context_v1_types + 0 },
{ "commit", "", security_context_v1_types + 0 },
};
WL_PRIVATE const struct wl_interface wp_security_context_v1_interface = {
"wp_security_context_v1", 1,
5, wp_security_context_v1_requests,
0, NULL,
};

392
internal/system/wayland/security-context-v1-protocol.h
View File

@@ -1,392 +0,0 @@
/* Generated by wayland-scanner 1.23.1 */
#ifndef SECURITY_CONTEXT_V1_CLIENT_PROTOCOL_H
#define SECURITY_CONTEXT_V1_CLIENT_PROTOCOL_H
#include <stdint.h>
#include <stddef.h>
#include "wayland-client.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* @page page_security_context_v1 The security_context_v1 protocol
* @section page_ifaces_security_context_v1 Interfaces
* - @subpage page_iface_wp_security_context_manager_v1 - client security context manager
* - @subpage page_iface_wp_security_context_v1 - client security context
* @section page_copyright_security_context_v1 Copyright
* <pre>
*
* Copyright © 2021 Simon Ser
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice (including the next
* paragraph) shall be included in all copies or substantial portions of the
* Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
* </pre>
*/
struct wp_security_context_manager_v1;
struct wp_security_context_v1;
#ifndef WP_SECURITY_CONTEXT_MANAGER_V1_INTERFACE
#define WP_SECURITY_CONTEXT_MANAGER_V1_INTERFACE
/**
* @page page_iface_wp_security_context_manager_v1 wp_security_context_manager_v1
* @section page_iface_wp_security_context_manager_v1_desc Description
*
* This interface allows a client to register a new Wayland connection to
* the compositor and attach a security context to it.
*
* This is intended to be used by sandboxes. Sandbox engines attach a
* security context to all connections coming from inside the sandbox. The
* compositor can then restrict the features that the sandboxed connections
* can use.
*
* Compositors should forbid nesting multiple security contexts by not
* exposing wp_security_context_manager_v1 global to clients with a security
* context attached, or by sending the nested protocol error. Nested
* security contexts are dangerous because they can potentially allow
* privilege escalation of a sandboxed client.
*
* Warning! The protocol described in this file is currently in the testing
* phase. Backward compatible changes may be added together with the
* corresponding interface version bump. Backward incompatible changes can
* only be done by creating a new major version of the extension.
* @section page_iface_wp_security_context_manager_v1_api API
* See @ref iface_wp_security_context_manager_v1.
*/
/**
* @defgroup iface_wp_security_context_manager_v1 The wp_security_context_manager_v1 interface
*
* This interface allows a client to register a new Wayland connection to
* the compositor and attach a security context to it.
*
* This is intended to be used by sandboxes. Sandbox engines attach a
* security context to all connections coming from inside the sandbox. The
* compositor can then restrict the features that the sandboxed connections
* can use.
*
* Compositors should forbid nesting multiple security contexts by not
* exposing wp_security_context_manager_v1 global to clients with a security
* context attached, or by sending the nested protocol error. Nested
* security contexts are dangerous because they can potentially allow
* privilege escalation of a sandboxed client.
*
* Warning! The protocol described in this file is currently in the testing
* phase. Backward compatible changes may be added together with the
* corresponding interface version bump. Backward incompatible changes can
* only be done by creating a new major version of the extension.
*/
extern const struct wl_interface wp_security_context_manager_v1_interface;
#endif
#ifndef WP_SECURITY_CONTEXT_V1_INTERFACE
#define WP_SECURITY_CONTEXT_V1_INTERFACE
/**
* @page page_iface_wp_security_context_v1 wp_security_context_v1
* @section page_iface_wp_security_context_v1_desc Description
*
* The security context allows a client to register a new client and attach
* security context metadata to the connections.
*
* When both are set, the combination of the application ID and the sandbox
* engine must uniquely identify an application. The same application ID
* will be used across instances (e.g. if the application is restarted, or
* if the application is started multiple times).
*
* When both are set, the combination of the instance ID and the sandbox
* engine must uniquely identify a running instance of an application.
* @section page_iface_wp_security_context_v1_api API
* See @ref iface_wp_security_context_v1.
*/
/**
* @defgroup iface_wp_security_context_v1 The wp_security_context_v1 interface
*
* The security context allows a client to register a new client and attach
* security context metadata to the connections.
*
* When both are set, the combination of the application ID and the sandbox
* engine must uniquely identify an application. The same application ID
* will be used across instances (e.g. if the application is restarted, or
* if the application is started multiple times).
*
* When both are set, the combination of the instance ID and the sandbox
* engine must uniquely identify a running instance of an application.
*/
extern const struct wl_interface wp_security_context_v1_interface;
#endif
#ifndef WP_SECURITY_CONTEXT_MANAGER_V1_ERROR_ENUM
#define WP_SECURITY_CONTEXT_MANAGER_V1_ERROR_ENUM
enum wp_security_context_manager_v1_error {
/**
* listening socket FD is invalid
*/
WP_SECURITY_CONTEXT_MANAGER_V1_ERROR_INVALID_LISTEN_FD = 1,
/**
* nested security contexts are forbidden
*/
WP_SECURITY_CONTEXT_MANAGER_V1_ERROR_NESTED = 2,
};
#endif /* WP_SECURITY_CONTEXT_MANAGER_V1_ERROR_ENUM */
#define WP_SECURITY_CONTEXT_MANAGER_V1_DESTROY 0
#define WP_SECURITY_CONTEXT_MANAGER_V1_CREATE_LISTENER 1
/**
* @ingroup iface_wp_security_context_manager_v1
*/
#define WP_SECURITY_CONTEXT_MANAGER_V1_DESTROY_SINCE_VERSION 1
/**
* @ingroup iface_wp_security_context_manager_v1
*/
#define WP_SECURITY_CONTEXT_MANAGER_V1_CREATE_LISTENER_SINCE_VERSION 1
/** @ingroup iface_wp_security_context_manager_v1 */
static inline void
wp_security_context_manager_v1_set_user_data(struct wp_security_context_manager_v1 *wp_security_context_manager_v1, void *user_data)
{
wl_proxy_set_user_data((struct wl_proxy *) wp_security_context_manager_v1, user_data);
}
/** @ingroup iface_wp_security_context_manager_v1 */
static inline void *
wp_security_context_manager_v1_get_user_data(struct wp_security_context_manager_v1 *wp_security_context_manager_v1)
{
return wl_proxy_get_user_data((struct wl_proxy *) wp_security_context_manager_v1);
}
static inline uint32_t
wp_security_context_manager_v1_get_version(struct wp_security_context_manager_v1 *wp_security_context_manager_v1)
{
return wl_proxy_get_version((struct wl_proxy *) wp_security_context_manager_v1);
}
/**
* @ingroup iface_wp_security_context_manager_v1
*
* Destroy the manager. This doesn't destroy objects created with the
* manager.
*/
static inline void
wp_security_context_manager_v1_destroy(struct wp_security_context_manager_v1 *wp_security_context_manager_v1)
{
wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_manager_v1,
WP_SECURITY_CONTEXT_MANAGER_V1_DESTROY, NULL, wl_proxy_get_version((struct wl_proxy *) wp_security_context_manager_v1), WL_MARSHAL_FLAG_DESTROY);
}
/**
* @ingroup iface_wp_security_context_manager_v1
*
* Creates a new security context with a socket listening FD.
*
* The compositor will accept new client connections on listen_fd.
* listen_fd must be ready to accept new connections when this request is
* sent by the client. In other words, the client must call bind(2) and
* listen(2) before sending the FD.
*
* close_fd is a FD that will signal hangup when the compositor should stop
* accepting new connections on listen_fd.
*
* The compositor must continue to accept connections on listen_fd when
* the Wayland client which created the security context disconnects.
*
* After sending this request, closing listen_fd and close_fd remains the
* only valid operation on them.
*/
static inline struct wp_security_context_v1 *
wp_security_context_manager_v1_create_listener(struct wp_security_context_manager_v1 *wp_security_context_manager_v1, int32_t listen_fd, int32_t close_fd)
{
struct wl_proxy *id;
id = wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_manager_v1,
WP_SECURITY_CONTEXT_MANAGER_V1_CREATE_LISTENER, &wp_security_context_v1_interface, wl_proxy_get_version((struct wl_proxy *) wp_security_context_manager_v1), 0, NULL, listen_fd, close_fd);
return (struct wp_security_context_v1 *) id;
}
#ifndef WP_SECURITY_CONTEXT_V1_ERROR_ENUM
#define WP_SECURITY_CONTEXT_V1_ERROR_ENUM
enum wp_security_context_v1_error {
/**
* security context has already been committed
*/
WP_SECURITY_CONTEXT_V1_ERROR_ALREADY_USED = 1,
/**
* metadata has already been set
*/
WP_SECURITY_CONTEXT_V1_ERROR_ALREADY_SET = 2,
/**
* metadata is invalid
*/
WP_SECURITY_CONTEXT_V1_ERROR_INVALID_METADATA = 3,
};
#endif /* WP_SECURITY_CONTEXT_V1_ERROR_ENUM */
#define WP_SECURITY_CONTEXT_V1_DESTROY 0
#define WP_SECURITY_CONTEXT_V1_SET_SANDBOX_ENGINE 1
#define WP_SECURITY_CONTEXT_V1_SET_APP_ID 2
#define WP_SECURITY_CONTEXT_V1_SET_INSTANCE_ID 3
#define WP_SECURITY_CONTEXT_V1_COMMIT 4
/**
* @ingroup iface_wp_security_context_v1
*/
#define WP_SECURITY_CONTEXT_V1_DESTROY_SINCE_VERSION 1
/**
* @ingroup iface_wp_security_context_v1
*/
#define WP_SECURITY_CONTEXT_V1_SET_SANDBOX_ENGINE_SINCE_VERSION 1
/**
* @ingroup iface_wp_security_context_v1
*/
#define WP_SECURITY_CONTEXT_V1_SET_APP_ID_SINCE_VERSION 1
/**
* @ingroup iface_wp_security_context_v1
*/
#define WP_SECURITY_CONTEXT_V1_SET_INSTANCE_ID_SINCE_VERSION 1
/**
* @ingroup iface_wp_security_context_v1
*/
#define WP_SECURITY_CONTEXT_V1_COMMIT_SINCE_VERSION 1
/** @ingroup iface_wp_security_context_v1 */
static inline void
wp_security_context_v1_set_user_data(struct wp_security_context_v1 *wp_security_context_v1, void *user_data)
{
wl_proxy_set_user_data((struct wl_proxy *) wp_security_context_v1, user_data);
}
/** @ingroup iface_wp_security_context_v1 */
static inline void *
wp_security_context_v1_get_user_data(struct wp_security_context_v1 *wp_security_context_v1)
{
return wl_proxy_get_user_data((struct wl_proxy *) wp_security_context_v1);
}
static inline uint32_t
wp_security_context_v1_get_version(struct wp_security_context_v1 *wp_security_context_v1)
{
return wl_proxy_get_version((struct wl_proxy *) wp_security_context_v1);
}
/**
* @ingroup iface_wp_security_context_v1
*
* Destroy the security context object.
*/
static inline void
wp_security_context_v1_destroy(struct wp_security_context_v1 *wp_security_context_v1)
{
wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_v1,
WP_SECURITY_CONTEXT_V1_DESTROY, NULL, wl_proxy_get_version((struct wl_proxy *) wp_security_context_v1), WL_MARSHAL_FLAG_DESTROY);
}
/**
* @ingroup iface_wp_security_context_v1
*
* Attach a unique sandbox engine name to the security context. The name
* should follow the reverse-DNS style (e.g. "org.flatpak").
*
* A list of well-known engines is maintained at:
* https://gitlab.freedesktop.org/wayland/wayland-protocols/-/blob/main/staging/security-context/engines.md
*
* It is a protocol error to call this request twice. The already_set
* error is sent in this case.
*/
static inline void
wp_security_context_v1_set_sandbox_engine(struct wp_security_context_v1 *wp_security_context_v1, const char *name)
{
wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_v1,
WP_SECURITY_CONTEXT_V1_SET_SANDBOX_ENGINE, NULL, wl_proxy_get_version((struct wl_proxy *) wp_security_context_v1), 0, name);
}
/**
* @ingroup iface_wp_security_context_v1
*
* Attach an application ID to the security context.
*
* The application ID is an opaque, sandbox-specific identifier for an
* application. See the well-known engines document for more details:
* https://gitlab.freedesktop.org/wayland/wayland-protocols/-/blob/main/staging/security-context/engines.md
*
* The compositor may use the application ID to group clients belonging to
* the same security context application.
*
* Whether this request is optional or not depends on the sandbox engine used.
*
* It is a protocol error to call this request twice. The already_set
* error is sent in this case.
*/
static inline void
wp_security_context_v1_set_app_id(struct wp_security_context_v1 *wp_security_context_v1, const char *app_id)
{
wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_v1,
WP_SECURITY_CONTEXT_V1_SET_APP_ID, NULL, wl_proxy_get_version((struct wl_proxy *) wp_security_context_v1), 0, app_id);
}
/**
* @ingroup iface_wp_security_context_v1
*
* Attach an instance ID to the security context.
*
* The instance ID is an opaque, sandbox-specific identifier for a running
* instance of an application. See the well-known engines document for
* more details:
* https://gitlab.freedesktop.org/wayland/wayland-protocols/-/blob/main/staging/security-context/engines.md
*
* Whether this request is optional or not depends on the sandbox engine used.
*
* It is a protocol error to call this request twice. The already_set
* error is sent in this case.
*/
static inline void
wp_security_context_v1_set_instance_id(struct wp_security_context_v1 *wp_security_context_v1, const char *instance_id)
{
wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_v1,
WP_SECURITY_CONTEXT_V1_SET_INSTANCE_ID, NULL, wl_proxy_get_version((struct wl_proxy *) wp_security_context_v1), 0, instance_id);
}
/**
* @ingroup iface_wp_security_context_v1
*
* Atomically register the new client and attach the security context
* metadata.
*
* If the provided metadata is inconsistent or does not match with out of
* band metadata (see
* https://gitlab.freedesktop.org/wayland/wayland-protocols/-/blob/main/staging/security-context/engines.md),
* the invalid_metadata error may be sent eventually.
*
* It's a protocol error to send any request other than "destroy" after
* this request. In this case, the already_used error is sent.
*/
static inline void
wp_security_context_v1_commit(struct wp_security_context_v1 *wp_security_context_v1)
{
wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_v1,
WP_SECURITY_CONTEXT_V1_COMMIT, NULL, wl_proxy_get_version((struct wl_proxy *) wp_security_context_v1), 0);
}
#ifdef __cplusplus
}
#endif
#endif

96
internal/system/wayland/wayland-client-helper.c
View File

@@ -1,96 +0,0 @@
#include "wayland-client-helper.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <unistd.h>
#include "security-context-v1-protocol.h"
#include <wayland-client.h>
static void registry_handle_global(void *data, struct wl_registry *registry,
uint32_t name, const char *interface,
uint32_t version) {
struct wp_security_context_manager_v1 **out = data;
if (strcmp(interface, wp_security_context_manager_v1_interface.name) == 0)
*out = wl_registry_bind(registry, name,
&wp_security_context_manager_v1_interface, 1);
}
static void registry_handle_global_remove(void *data,
struct wl_registry *registry,
uint32_t name) {} /* no-op */
static const struct wl_registry_listener registry_listener = {
.global = registry_handle_global,
.global_remove = registry_handle_global_remove,
};
int32_t hakurei_bind_wayland_fd(char *socket_path, int fd, const char *app_id,
const char *instance_id, int sync_fd) {
int32_t res = 0; /* refer to resErr for corresponding Go error */
struct wl_display *display;
display = wl_display_connect_to_fd(fd);
if (!display) {
res = 1;
goto out;
};
struct wl_registry *registry;
registry = wl_display_get_registry(display);
struct wp_security_context_manager_v1 *security_context_manager = NULL;
wl_registry_add_listener(registry, &registry_listener,
&security_context_manager);
int ret;
ret = wl_display_roundtrip(display);
wl_registry_destroy(registry);
if (ret < 0)
goto out;
if (!security_context_manager) {
res = 2;
goto out;
}
int listen_fd = -1;
listen_fd = socket(AF_UNIX, SOCK_STREAM, 0);
if (listen_fd < 0)
goto out;
struct sockaddr_un sockaddr = {0};
sockaddr.sun_family = AF_UNIX;
snprintf(sockaddr.sun_path, sizeof(sockaddr.sun_path), "%s", socket_path);
if (bind(listen_fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr)) != 0)
goto out;
if (listen(listen_fd, 0) != 0)
goto out;
struct wp_security_context_v1 *security_context;
security_context = wp_security_context_manager_v1_create_listener(
security_context_manager, listen_fd, sync_fd);
wp_security_context_v1_set_sandbox_engine(security_context, "app.hakurei");
wp_security_context_v1_set_app_id(security_context, app_id);
wp_security_context_v1_set_instance_id(security_context, instance_id);
wp_security_context_v1_commit(security_context);
wp_security_context_v1_destroy(security_context);
if (wl_display_roundtrip(display) < 0)
goto out;
out:
if (listen_fd >= 0)
close(listen_fd);
if (security_context_manager)
wp_security_context_manager_v1_destroy(security_context_manager);
if (display)
wl_display_disconnect(display);
free((void *)socket_path);
free((void *)app_id);
free((void *)instance_id);
return res;
}

4
internal/system/wayland/wayland-client-helper.h
View File

@@ -1,4 +0,0 @@
#include <stdint.h>
int32_t hakurei_bind_wayland_fd(char *socket_path, int fd, const char *app_id,
const char *instance_id, int sync_fd);

48
internal/system/wayland/wayland.go
View File

@@ -1,48 +0,0 @@
// Package wayland implements Wayland security_context_v1 protocol.
package wayland
//go:generate sh -c "wayland-scanner client-header `pkg-config --variable=datarootdir wayland-protocols`/wayland-protocols/staging/security-context/security-context-v1.xml security-context-v1-protocol.h"
//go:generate sh -c "wayland-scanner private-code `pkg-config --variable=datarootdir wayland-protocols`/wayland-protocols/staging/security-context/security-context-v1.xml security-context-v1-protocol.c"
/*
#cgo linux pkg-config: --static wayland-client
#cgo freebsd openbsd LDFLAGS: -lwayland-client
#include "wayland-client-helper.h"
*/
import "C"
import (
"errors"
"strings"
"syscall"
)
const (
// Display contains the name of the server socket
// (https://gitlab.freedesktop.org/wayland/wayland/-/blob/1.23.1/src/wayland-client.c#L1147)
// which is concatenated with XDG_RUNTIME_DIR
// (https://gitlab.freedesktop.org/wayland/wayland/-/blob/1.23.1/src/wayland-client.c#L1171)
// or used as-is if absolute
// (https://gitlab.freedesktop.org/wayland/wayland/-/blob/1.23.1/src/wayland-client.c#L1176).
Display = "WAYLAND_DISPLAY"
// FallbackName is used as the wayland socket name if WAYLAND_DISPLAY is unset
// (https://gitlab.freedesktop.org/wayland/wayland/-/blob/1.23.1/src/wayland-client.c#L1149).
FallbackName = "wayland-0"
)
var resErr = [...]error{
0: nil,
1: errors.New("wl_display_connect_to_fd() failed"),
2: errors.New("wp_security_context_v1 not available"),
}
func bindWaylandFd(socketPath string, fd uintptr, appID, instanceID string, syncFd uintptr) error {
if hasNull(appID) || hasNull(instanceID) {
return syscall.EINVAL
}
res := C.hakurei_bind_wayland_fd(C.CString(socketPath), C.int(fd), C.CString(appID), C.CString(instanceID), C.int(syncFd))
return resErr[int32(res)]
}
func hasNull(s string) bool { return strings.IndexByte(s, 0) > -1 }

4
internal/system/wayland_test.go
View File

@@ -6,8 +6,8 @@ import (
"testing"
"hakurei.app/container/stub"
"hakurei.app/internal/system/acl"
"hakurei.app/internal/system/wayland"
"hakurei.app/internal/acl"
"hakurei.app/internal/wayland"
)
type stubWaylandConn struct {

17
internal/system/xcb/changehosts.go
View File

@@ -1,17 +0,0 @@
package xcb
import "errors"
var ErrChangeHosts = errors.New("xcb_change_hosts() failed")
func ChangeHosts(mode HostMode, family Family, address string) error {
conn := new(connection)
if err := conn.connect(); err != nil {
conn.disconnect()
return err
} else {
defer conn.disconnect()
}
return conn.changeHostsChecked(mode, family, address)
}

127
internal/system/xcb/xcb.go
View File

@@ -1,127 +0,0 @@
// Package xcb implements X11 ChangeHosts via libxcb.
package xcb
import (
"runtime"
"unsafe"
)
/*
#cgo linux pkg-config: --static xcb
#include <stdlib.h>
#include <xcb/xcb.h>
static int hakurei_xcb_change_hosts_checked(xcb_connection_t *c,
uint8_t mode, uint8_t family,
uint16_t address_len, const uint8_t *address) {
int ret;
xcb_generic_error_t *e;
xcb_void_cookie_t cookie;
cookie = xcb_change_hosts_checked(c, mode, family, address_len, address);
free((void *)address);
ret = xcb_connection_has_error(c);
if (ret != 0)
return ret;
e = xcb_request_check(c, cookie);
if (e != NULL) {
// don't want to deal with xcb errors
free((void *)e);
ret = -1;
}
return ret;
}
*/
import "C"
const (
HostModeInsert = C.XCB_HOST_MODE_INSERT
HostModeDelete = C.XCB_HOST_MODE_DELETE
FamilyInternet = C.XCB_FAMILY_INTERNET
FamilyDecnet = C.XCB_FAMILY_DECNET
FamilyChaos = C.XCB_FAMILY_CHAOS
FamilyServerInterpreted = C.XCB_FAMILY_SERVER_INTERPRETED
FamilyInternet6 = C.XCB_FAMILY_INTERNET_6
)
type (
HostMode = C.xcb_host_mode_t
Family = C.xcb_family_t
)
func (conn *connection) changeHostsChecked(mode HostMode, family Family, address string) error {
ret := C.hakurei_xcb_change_hosts_checked(
conn.c,
C.uint8_t(mode),
C.uint8_t(family),
C.uint16_t(len(address)),
(*C.uint8_t)(unsafe.Pointer(C.CString(address))),
)
switch ret {
case 0:
return nil
case -1:
return ErrChangeHosts
default:
return ConnectionError(ret)
}
}
type connection struct{ c *C.xcb_connection_t }
func (conn *connection) connect() error {
conn.c = C.xcb_connect(nil, nil)
runtime.SetFinalizer(conn, (*connection).disconnect)
return conn.hasError()
}
func (conn *connection) hasError() error {
ret := C.xcb_connection_has_error(conn.c)
if ret == 0 {
return nil
}
return ConnectionError(ret)
}
func (conn *connection) disconnect() {
C.xcb_disconnect(conn.c)
// no need for a finalizer anymore
runtime.SetFinalizer(conn, nil)
}
const (
ConnError ConnectionError = C.XCB_CONN_ERROR
ConnClosedExtNotSupported ConnectionError = C.XCB_CONN_CLOSED_EXT_NOTSUPPORTED
ConnClosedMemInsufficient ConnectionError = C.XCB_CONN_CLOSED_MEM_INSUFFICIENT
ConnClosedReqLenExceed ConnectionError = C.XCB_CONN_CLOSED_REQ_LEN_EXCEED
ConnClosedParseErr ConnectionError = C.XCB_CONN_CLOSED_PARSE_ERR
ConnClosedInvalidScreen ConnectionError = C.XCB_CONN_CLOSED_INVALID_SCREEN
)
// ConnectionError represents an error returned by xcb_connection_has_error.
type ConnectionError int
func (ce ConnectionError) Error() string {
switch ce {
case ConnError:
return "connection error"
case ConnClosedExtNotSupported:
return "extension not supported"
case ConnClosedMemInsufficient:
return "memory not available"
case ConnClosedReqLenExceed:
return "request length exceeded"
case ConnClosedParseErr:
return "invalid display string"
case ConnClosedInvalidScreen:
return "server has no screen matching display"
default:
return "generic X11 failure"
}
}

2
internal/system/xhost.go
View File

@@ -2,7 +2,7 @@ package system
import (
"hakurei.app/hst"
"hakurei.app/internal/system/xcb"
"hakurei.app/internal/xcb"
)
// ChangeHosts inserts the target user into X11 hosts and deletes it once its [Enablement] is no longer satisfied.

2
internal/system/xhost_test.go
View File

@@ -5,7 +5,7 @@ import (
"hakurei.app/container/stub"
"hakurei.app/hst"
"hakurei.app/internal/system/xcb"
"hakurei.app/internal/xcb"
)
func TestXHostOp(t *testing.T) {