From b73a789dfe2b7361d9fce7d6755d14e44f6d9d57 Mon Sep 17 00:00:00 2001 From: Ophestra Date: Sun, 16 Nov 2025 20:57:29 +0900 Subject: [PATCH] .clang-format: increase indent width This significantly increases readability. This patch is pretty big so it is being done after mostly everything has settled. Signed-off-by: Ophestra --- .clang-format | 1 + container/seccomp/libseccomp-helper.c | 214 +++++++++++------------ container/seccomp/libseccomp-helper.h | 12 +- internal/acl/libacl-helper.c | 128 +++++++------- internal/outcome/shim-signal.c | 72 ++++---- internal/outcome/shim-signal.h | 8 +- internal/wayland/wayland-client-helper.c | 140 +++++++-------- internal/wayland/wayland-client-helper.h | 46 ++--- 8 files changed, 311 insertions(+), 310 deletions(-) diff --git a/.clang-format b/.clang-format index 594a340..ea649c2 100644 --- a/.clang-format +++ b/.clang-format @@ -1 +1,2 @@ ColumnLimit: 0 +IndentWidth: 4 diff --git a/container/seccomp/libseccomp-helper.c b/container/seccomp/libseccomp-helper.c index 539ed68..de8abc8 100644 --- a/container/seccomp/libseccomp-helper.c +++ b/container/seccomp/libseccomp-helper.c @@ -14,125 +14,125 @@ int32_t hakurei_scmp_make_filter( uint32_t arch, uint32_t multiarch, struct hakurei_syscall_rule *rules, size_t rules_sz, hakurei_export_flag flags) { - int i; - int last_allowed_family; - int disallowed; - struct hakurei_syscall_rule *rule; - void *buf; - size_t len = 0; + int i; + int last_allowed_family; + int disallowed; + struct hakurei_syscall_rule *rule; + void *buf; + size_t len = 0; - int32_t res = 0; /* refer to resPrefix for message */ + int32_t res = 0; /* refer to resPrefix for message */ - /* Blocklist all but unix, inet, inet6 and netlink */ - struct { - int family; - hakurei_export_flag flags_mask; - } socket_family_allowlist[] = { - /* NOTE: Keep in numerical order */ - {AF_UNSPEC, 0}, - {AF_LOCAL, 0}, - {AF_INET, 0}, - {AF_INET6, 0}, - {AF_NETLINK, 0}, - {AF_CAN, HAKUREI_EXPORT_CAN}, - {AF_BLUETOOTH, HAKUREI_EXPORT_BLUETOOTH}, - }; + /* Blocklist all but unix, inet, inet6 and netlink */ + struct { + int family; + hakurei_export_flag flags_mask; + } socket_family_allowlist[] = { + /* NOTE: Keep in numerical order */ + {AF_UNSPEC, 0}, + {AF_LOCAL, 0}, + {AF_INET, 0}, + {AF_INET6, 0}, + {AF_NETLINK, 0}, + {AF_CAN, HAKUREI_EXPORT_CAN}, + {AF_BLUETOOTH, HAKUREI_EXPORT_BLUETOOTH}, + }; - scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_ALLOW); - if (ctx == NULL) { - res = 1; - goto out; - } else - errno = 0; - - /* We only really need to handle arches on multiarch systems. - * If only one arch is supported the default is fine */ - if (arch != 0) { - /* This *adds* the target arch, instead of replacing the - * native one. This is not ideal, because we'd like to only - * allow the target arch, but we can't really disallow the - * native arch at this point, because then bubblewrap - * couldn't continue running. */ - *ret_p = seccomp_arch_add(ctx, arch); - if (*ret_p < 0 && *ret_p != -EEXIST) { - res = 2; - goto out; - } - - if (flags & HAKUREI_EXPORT_MULTIARCH && multiarch != 0) { - *ret_p = seccomp_arch_add(ctx, multiarch); - if (*ret_p < 0 && *ret_p != -EEXIST) { - res = 3; + scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_ALLOW); + if (ctx == NULL) { + res = 1; goto out; - } - } - } + } else + errno = 0; - for (i = 0; i < rules_sz; i++) { - rule = &rules[i]; - assert(rule->m_errno == EPERM || rule->m_errno == ENOSYS); + /* We only really need to handle arches on multiarch systems. + * If only one arch is supported the default is fine */ + if (arch != 0) { + /* This *adds* the target arch, instead of replacing the + * native one. This is not ideal, because we'd like to only + * allow the target arch, but we can't really disallow the + * native arch at this point, because then bubblewrap + * couldn't continue running. */ + *ret_p = seccomp_arch_add(ctx, arch); + if (*ret_p < 0 && *ret_p != -EEXIST) { + res = 2; + goto out; + } - if (rule->arg) - *ret_p = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(rule->m_errno), rule->syscall, 1, *rule->arg); - else - *ret_p = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(rule->m_errno), rule->syscall, 0); - - if (*ret_p == -EFAULT) { - res = 4; - goto out; - } else if (*ret_p < 0) { - res = 5; - goto out; - } - } - - /* Socket filtering doesn't work on e.g. i386, so ignore failures here - * However, we need to user seccomp_rule_add_exact to avoid libseccomp doing - * something else: https://github.com/seccomp/libseccomp/issues/8 */ - last_allowed_family = -1; - for (i = 0; i < LEN(socket_family_allowlist); i++) { - if (socket_family_allowlist[i].flags_mask != 0 && - (socket_family_allowlist[i].flags_mask & flags) != socket_family_allowlist[i].flags_mask) - continue; - - for (disallowed = last_allowed_family + 1; disallowed < socket_family_allowlist[i].family; disallowed++) { - /* Blocklist the in-between valid families */ - seccomp_rule_add_exact(ctx, SCMP_ACT_ERRNO(EAFNOSUPPORT), SCMP_SYS(socket), 1, SCMP_A0(SCMP_CMP_EQ, disallowed)); - } - last_allowed_family = socket_family_allowlist[i].family; - } - /* Blocklist the rest */ - seccomp_rule_add_exact(ctx, SCMP_ACT_ERRNO(EAFNOSUPPORT), SCMP_SYS(socket), 1, SCMP_A0(SCMP_CMP_GE, last_allowed_family + 1)); - - if (allocate_p == 0) { - *ret_p = seccomp_load(ctx); - if (*ret_p != 0) { - res = 7; - goto out; - } - } else { - *ret_p = seccomp_export_bpf_mem(ctx, NULL, &len); - if (*ret_p != 0) { - res = 6; - goto out; + if (flags & HAKUREI_EXPORT_MULTIARCH && multiarch != 0) { + *ret_p = seccomp_arch_add(ctx, multiarch); + if (*ret_p < 0 && *ret_p != -EEXIST) { + res = 3; + goto out; + } + } } - buf = hakurei_scmp_allocate(allocate_p, len); - if (buf == NULL) { - res = 4; - goto out; + for (i = 0; i < rules_sz; i++) { + rule = &rules[i]; + assert(rule->m_errno == EPERM || rule->m_errno == ENOSYS); + + if (rule->arg) + *ret_p = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(rule->m_errno), rule->syscall, 1, *rule->arg); + else + *ret_p = seccomp_rule_add(ctx, SCMP_ACT_ERRNO(rule->m_errno), rule->syscall, 0); + + if (*ret_p == -EFAULT) { + res = 4; + goto out; + } else if (*ret_p < 0) { + res = 5; + goto out; + } } - *ret_p = seccomp_export_bpf_mem(ctx, buf, &len); - if (*ret_p != 0) { - res = 6; - goto out; + /* Socket filtering doesn't work on e.g. i386, so ignore failures here + * However, we need to user seccomp_rule_add_exact to avoid libseccomp doing + * something else: https://github.com/seccomp/libseccomp/issues/8 */ + last_allowed_family = -1; + for (i = 0; i < LEN(socket_family_allowlist); i++) { + if (socket_family_allowlist[i].flags_mask != 0 && + (socket_family_allowlist[i].flags_mask & flags) != socket_family_allowlist[i].flags_mask) + continue; + + for (disallowed = last_allowed_family + 1; disallowed < socket_family_allowlist[i].family; disallowed++) { + /* Blocklist the in-between valid families */ + seccomp_rule_add_exact(ctx, SCMP_ACT_ERRNO(EAFNOSUPPORT), SCMP_SYS(socket), 1, SCMP_A0(SCMP_CMP_EQ, disallowed)); + } + last_allowed_family = socket_family_allowlist[i].family; + } + /* Blocklist the rest */ + seccomp_rule_add_exact(ctx, SCMP_ACT_ERRNO(EAFNOSUPPORT), SCMP_SYS(socket), 1, SCMP_A0(SCMP_CMP_GE, last_allowed_family + 1)); + + if (allocate_p == 0) { + *ret_p = seccomp_load(ctx); + if (*ret_p != 0) { + res = 7; + goto out; + } + } else { + *ret_p = seccomp_export_bpf_mem(ctx, NULL, &len); + if (*ret_p != 0) { + res = 6; + goto out; + } + + buf = hakurei_scmp_allocate(allocate_p, len); + if (buf == NULL) { + res = 4; + goto out; + } + + *ret_p = seccomp_export_bpf_mem(ctx, buf, &len); + if (*ret_p != 0) { + res = 6; + goto out; + } } - } out: - if (ctx) - seccomp_release(ctx); + if (ctx) + seccomp_release(ctx); - return res; + return res; } diff --git a/container/seccomp/libseccomp-helper.h b/container/seccomp/libseccomp-helper.h index 72e2977..655110e 100644 --- a/container/seccomp/libseccomp-helper.h +++ b/container/seccomp/libseccomp-helper.h @@ -7,15 +7,15 @@ #endif typedef enum { - HAKUREI_EXPORT_MULTIARCH = 1 << 0, - HAKUREI_EXPORT_CAN = 1 << 1, - HAKUREI_EXPORT_BLUETOOTH = 1 << 2, + HAKUREI_EXPORT_MULTIARCH = 1 << 0, + HAKUREI_EXPORT_CAN = 1 << 1, + HAKUREI_EXPORT_BLUETOOTH = 1 << 2, } hakurei_export_flag; struct hakurei_syscall_rule { - int syscall; - int m_errno; - struct scmp_arg_cmp *arg; + int syscall; + int m_errno; + struct scmp_arg_cmp *arg; }; extern void *hakurei_scmp_allocate(uintptr_t f, size_t len); diff --git a/internal/acl/libacl-helper.c b/internal/acl/libacl-helper.c index d1df816..259dfb2 100644 --- a/internal/acl/libacl-helper.c +++ b/internal/acl/libacl-helper.c @@ -6,85 +6,85 @@ int hakurei_acl_update_file_by_uid(const char *path_p, uid_t uid, acl_perm_t *perms, size_t plen) { - int ret; - bool v; - int i; - acl_t acl; - acl_entry_t entry; - acl_tag_t tag_type; - void *qualifier_p; - acl_permset_t permset; + int ret; + bool v; + int i; + acl_t acl; + acl_entry_t entry; + acl_tag_t tag_type; + void *qualifier_p; + acl_permset_t permset; - ret = -1; /* acl_get_file */ - acl = acl_get_file(path_p, ACL_TYPE_ACCESS); - if (acl == NULL) - goto out; + ret = -1; /* acl_get_file */ + acl = acl_get_file(path_p, ACL_TYPE_ACCESS); + if (acl == NULL) + goto out; - /* prune entries by uid */ - for (i = acl_get_entry(acl, ACL_FIRST_ENTRY, &entry); i == 1; - i = acl_get_entry(acl, ACL_NEXT_ENTRY, &entry)) { - ret = -2; /* acl_get_tag_type */ - if (acl_get_tag_type(entry, &tag_type) != 0) - goto out; - if (tag_type != ACL_USER) - continue; + /* prune entries by uid */ + for (i = acl_get_entry(acl, ACL_FIRST_ENTRY, &entry); i == 1; + i = acl_get_entry(acl, ACL_NEXT_ENTRY, &entry)) { + ret = -2; /* acl_get_tag_type */ + if (acl_get_tag_type(entry, &tag_type) != 0) + goto out; + if (tag_type != ACL_USER) + continue; - ret = -3; /* acl_get_qualifier */ - qualifier_p = acl_get_qualifier(entry); - if (qualifier_p == NULL) - goto out; - v = *(uid_t *)qualifier_p == uid; - acl_free(qualifier_p); + ret = -3; /* acl_get_qualifier */ + qualifier_p = acl_get_qualifier(entry); + if (qualifier_p == NULL) + goto out; + v = *(uid_t *)qualifier_p == uid; + acl_free(qualifier_p); - if (!v) - continue; + if (!v) + continue; - ret = -4; /* acl_delete_entry */ - if (acl_delete_entry(acl, entry) != 0) - goto out; - } + ret = -4; /* acl_delete_entry */ + if (acl_delete_entry(acl, entry) != 0) + goto out; + } - if (plen == 0) - goto set; + if (plen == 0) + goto set; - ret = -5; /* acl_create_entry */ - if (acl_create_entry(&acl, &entry) != 0) - goto out; + ret = -5; /* acl_create_entry */ + if (acl_create_entry(&acl, &entry) != 0) + goto out; - ret = -6; /* acl_get_permset */ - if (acl_get_permset(entry, &permset) != 0) - goto out; + ret = -6; /* acl_get_permset */ + if (acl_get_permset(entry, &permset) != 0) + goto out; - ret = -7; /* acl_add_perm */ - for (i = 0; i < plen; i++) { - if (acl_add_perm(permset, perms[i]) != 0) - goto out; - } + ret = -7; /* acl_add_perm */ + for (i = 0; i < plen; i++) { + if (acl_add_perm(permset, perms[i]) != 0) + goto out; + } - ret = -8; /* acl_set_tag_type */ - if (acl_set_tag_type(entry, ACL_USER) != 0) - goto out; + ret = -8; /* acl_set_tag_type */ + if (acl_set_tag_type(entry, ACL_USER) != 0) + goto out; - ret = -9; /* acl_set_qualifier */ - if (acl_set_qualifier(entry, (void *)&uid) != 0) - goto out; + ret = -9; /* acl_set_qualifier */ + if (acl_set_qualifier(entry, (void *)&uid) != 0) + goto out; set: - ret = -10; /* acl_calc_mask */ - if (acl_calc_mask(&acl) != 0) - goto out; + ret = -10; /* acl_calc_mask */ + if (acl_calc_mask(&acl) != 0) + goto out; - ret = -11; /* acl_valid */ - if (acl_valid(acl) != 0) - goto out; + ret = -11; /* acl_valid */ + if (acl_valid(acl) != 0) + goto out; - ret = -12; /* acl_set_file */ - if (acl_set_file(path_p, ACL_TYPE_ACCESS, acl) == 0) - ret = 0; + ret = -12; /* acl_set_file */ + if (acl_set_file(path_p, ACL_TYPE_ACCESS, acl) == 0) + ret = 0; out: - free((void *)path_p); - if (acl != NULL) - acl_free((void *)acl); - return ret; + free((void *)path_p); + if (acl != NULL) + acl_free((void *)acl); + return ret; } diff --git a/internal/outcome/shim-signal.c b/internal/outcome/shim-signal.c index 0e04abb..f02c0df 100644 --- a/internal/outcome/shim-signal.c +++ b/internal/outcome/shim-signal.c @@ -10,53 +10,53 @@ static int hakurei_shim_fd = -1; /* see shim.go for handling of the message */ static inline ssize_t hakurei_shim_write(hakurei_shim_msg msg) { - int savedErrno = errno; - unsigned char buf = (unsigned char)msg; - ssize_t ret = write(hakurei_shim_fd, &buf, 1); - if (ret == -1 && errno != EAGAIN) - exit(EXIT_FAILURE); - errno = savedErrno; - return ret; + int savedErrno = errno; + unsigned char buf = (unsigned char)msg; + ssize_t ret = write(hakurei_shim_fd, &buf, 1); + if (ret == -1 && errno != EAGAIN) + exit(EXIT_FAILURE); + errno = savedErrno; + return ret; } static void hakurei_shim_sigaction(int sig, siginfo_t *si, void *ucontext) { - if (sig != SIGCONT || si == NULL) { - hakurei_shim_write(HAKUREI_SHIM_INVALID); - return; - } + if (sig != SIGCONT || si == NULL) { + hakurei_shim_write(HAKUREI_SHIM_INVALID); + return; + } - if (si->si_pid == hakurei_shim_param_ppid) { - hakurei_shim_write(HAKUREI_SHIM_EXIT_REQUESTED); - return; - } + if (si->si_pid == hakurei_shim_param_ppid) { + hakurei_shim_write(HAKUREI_SHIM_EXIT_REQUESTED); + return; + } - hakurei_shim_write(HAKUREI_SHIM_BAD_PID); + hakurei_shim_write(HAKUREI_SHIM_BAD_PID); - if (getppid() != hakurei_shim_param_ppid) - hakurei_shim_write(HAKUREI_SHIM_ORPHAN); + if (getppid() != hakurei_shim_param_ppid) + hakurei_shim_write(HAKUREI_SHIM_ORPHAN); } void hakurei_shim_setup_cont_signal(pid_t ppid, int fd) { - if (hakurei_shim_param_ppid != -1 || hakurei_shim_fd != -1) - *(volatile int *)NULL = 0; /* unreachable */ + if (hakurei_shim_param_ppid != -1 || hakurei_shim_fd != -1) + *(volatile int *)NULL = 0; /* unreachable */ - struct sigaction new_action = {0}, old_action = {0}; - if (sigaction(SIGCONT, NULL, &old_action) != 0) - return; - if (old_action.sa_handler != SIG_DFL) { - errno = ENOTRECOVERABLE; - return; - } + struct sigaction new_action = {0}, old_action = {0}; + if (sigaction(SIGCONT, NULL, &old_action) != 0) + return; + if (old_action.sa_handler != SIG_DFL) { + errno = ENOTRECOVERABLE; + return; + } - new_action.sa_sigaction = hakurei_shim_sigaction; - if (sigemptyset(&new_action.sa_mask) != 0) - return; - new_action.sa_flags = SA_ONSTACK | SA_SIGINFO; + new_action.sa_sigaction = hakurei_shim_sigaction; + if (sigemptyset(&new_action.sa_mask) != 0) + return; + new_action.sa_flags = SA_ONSTACK | SA_SIGINFO; - if (sigaction(SIGCONT, &new_action, NULL) != 0) - return; + if (sigaction(SIGCONT, &new_action, NULL) != 0) + return; - errno = 0; - hakurei_shim_param_ppid = ppid; - hakurei_shim_fd = fd; + errno = 0; + hakurei_shim_param_ppid = ppid; + hakurei_shim_fd = fd; } diff --git a/internal/outcome/shim-signal.h b/internal/outcome/shim-signal.h index b0229a9..f396a91 100644 --- a/internal/outcome/shim-signal.h +++ b/internal/outcome/shim-signal.h @@ -2,10 +2,10 @@ /* see shim.go for documentation */ typedef enum { - HAKUREI_SHIM_EXIT_REQUESTED, - HAKUREI_SHIM_ORPHAN, - HAKUREI_SHIM_INVALID, - HAKUREI_SHIM_BAD_PID, + HAKUREI_SHIM_EXIT_REQUESTED, + HAKUREI_SHIM_ORPHAN, + HAKUREI_SHIM_INVALID, + HAKUREI_SHIM_BAD_PID, } hakurei_shim_msg; void hakurei_shim_setup_cont_signal(pid_t ppid, int fd); diff --git a/internal/wayland/wayland-client-helper.c b/internal/wayland/wayland-client-helper.c index 0fa0372..25af847 100644 --- a/internal/wayland/wayland-client-helper.c +++ b/internal/wayland/wayland-client-helper.c @@ -14,10 +14,10 @@ static void registry_handle_global( uint32_t name, const char *interface, uint32_t version) { - struct wp_security_context_manager_v1 **out = data; + struct wp_security_context_manager_v1 **out = data; - if (strcmp(interface, wp_security_context_manager_v1_interface.name) == 0) - *out = wl_registry_bind(registry, name, &wp_security_context_manager_v1_interface, 1); + if (strcmp(interface, wp_security_context_manager_v1_interface.name) == 0) + *out = wl_registry_bind(registry, name, &wp_security_context_manager_v1_interface, 1); } static void registry_handle_global_remove( @@ -36,82 +36,82 @@ hakurei_wayland_res hakurei_security_context_bind( const char *app_id, const char *instance_id, int close_fd) { - hakurei_wayland_res res = HAKUREI_WAYLAND_SUCCESS; /* see wayland.go for handling */ + hakurei_wayland_res res = HAKUREI_WAYLAND_SUCCESS; /* see wayland.go for handling */ - struct wl_display *display = NULL; - struct wl_registry *registry; - struct wp_security_context_manager_v1 *security_context_manager = NULL; - int event_cnt; - int listen_fd = -1; - struct sockaddr_un sockaddr = {0}; - struct wp_security_context_v1 *security_context; + struct wl_display *display = NULL; + struct wl_registry *registry; + struct wp_security_context_manager_v1 *security_context_manager = NULL; + int event_cnt; + int listen_fd = -1; + struct sockaddr_un sockaddr = {0}; + struct wp_security_context_v1 *security_context; - display = wl_display_connect_to_fd(server_fd); - if (display == NULL) { - res = HAKUREI_WAYLAND_CONNECT; - goto out; - }; + display = wl_display_connect_to_fd(server_fd); + if (display == NULL) { + res = HAKUREI_WAYLAND_CONNECT; + goto out; + }; - registry = wl_display_get_registry(display); - if (wl_registry_add_listener(registry, ®istry_listener, &security_context_manager) < 0) { - res = HAKUREI_WAYLAND_LISTENER; - goto out; - } - event_cnt = wl_display_roundtrip(display); - wl_registry_destroy(registry); - if (event_cnt < 0) { - res = HAKUREI_WAYLAND_ROUNDTRIP; - goto out; - } + registry = wl_display_get_registry(display); + if (wl_registry_add_listener(registry, ®istry_listener, &security_context_manager) < 0) { + res = HAKUREI_WAYLAND_LISTENER; + goto out; + } + event_cnt = wl_display_roundtrip(display); + wl_registry_destroy(registry); + if (event_cnt < 0) { + res = HAKUREI_WAYLAND_ROUNDTRIP; + goto out; + } - if (security_context_manager == NULL) { - res = HAKUREI_WAYLAND_NOT_AVAIL; - goto out; - } + if (security_context_manager == NULL) { + res = HAKUREI_WAYLAND_NOT_AVAIL; + goto out; + } - listen_fd = socket(AF_UNIX, SOCK_STREAM, 0); - if (listen_fd < 0) { - res = HAKUREI_WAYLAND_SOCKET; - goto out; - } + listen_fd = socket(AF_UNIX, SOCK_STREAM, 0); + if (listen_fd < 0) { + res = HAKUREI_WAYLAND_SOCKET; + goto out; + } - sockaddr.sun_family = AF_UNIX; - snprintf(sockaddr.sun_path, sizeof(sockaddr.sun_path), "%s", socket_path); - if (bind(listen_fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr)) != 0) { - res = HAKUREI_WAYLAND_BIND; - goto out; - } + sockaddr.sun_family = AF_UNIX; + snprintf(sockaddr.sun_path, sizeof(sockaddr.sun_path), "%s", socket_path); + if (bind(listen_fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr)) != 0) { + res = HAKUREI_WAYLAND_BIND; + goto out; + } - if (listen(listen_fd, 0) != 0) { - res = HAKUREI_WAYLAND_LISTEN; - goto out; - } + if (listen(listen_fd, 0) != 0) { + res = HAKUREI_WAYLAND_LISTEN; + goto out; + } - security_context = wp_security_context_manager_v1_create_listener(security_context_manager, listen_fd, close_fd); - if (security_context == NULL) { /* not reached */ - res = HAKUREI_WAYLAND_NOT_AVAIL; - goto out; - } - wp_security_context_v1_set_sandbox_engine(security_context, "app.hakurei"); - wp_security_context_v1_set_app_id(security_context, app_id); - wp_security_context_v1_set_instance_id(security_context, instance_id); - wp_security_context_v1_commit(security_context); - wp_security_context_v1_destroy(security_context); - if (wl_display_roundtrip(display) < 0) { - res = HAKUREI_WAYLAND_ROUNDTRIP; - goto out; - } + security_context = wp_security_context_manager_v1_create_listener(security_context_manager, listen_fd, close_fd); + if (security_context == NULL) { /* not reached */ + res = HAKUREI_WAYLAND_NOT_AVAIL; + goto out; + } + wp_security_context_v1_set_sandbox_engine(security_context, "app.hakurei"); + wp_security_context_v1_set_app_id(security_context, app_id); + wp_security_context_v1_set_instance_id(security_context, instance_id); + wp_security_context_v1_commit(security_context); + wp_security_context_v1_destroy(security_context); + if (wl_display_roundtrip(display) < 0) { + res = HAKUREI_WAYLAND_ROUNDTRIP; + goto out; + } out: - if (listen_fd >= 0) - close(listen_fd); - if (security_context_manager != NULL) - wp_security_context_manager_v1_destroy(security_context_manager); - if (display != NULL) - wl_display_disconnect(display); + if (listen_fd >= 0) + close(listen_fd); + if (security_context_manager != NULL) + wp_security_context_manager_v1_destroy(security_context_manager); + if (display != NULL) + wl_display_disconnect(display); - free((void *)socket_path); - free((void *)app_id); - free((void *)instance_id); - return res; + free((void *)socket_path); + free((void *)app_id); + free((void *)instance_id); + return res; } diff --git a/internal/wayland/wayland-client-helper.h b/internal/wayland/wayland-client-helper.h index 0a2cffb..5f89ea7 100644 --- a/internal/wayland/wayland-client-helper.h +++ b/internal/wayland/wayland-client-helper.h @@ -2,28 +2,28 @@ #include typedef enum { - HAKUREI_WAYLAND_SUCCESS, - /* wl_display_connect_to_fd failed, errno */ - HAKUREI_WAYLAND_CONNECT, - /* wl_registry_add_listener failed, errno */ - HAKUREI_WAYLAND_LISTENER, - /* wl_display_roundtrip failed, errno */ - HAKUREI_WAYLAND_ROUNDTRIP, - /* compositor does not implement wp_security_context_v1 */ - HAKUREI_WAYLAND_NOT_AVAIL, - /* socket failed, errno */ - HAKUREI_WAYLAND_SOCKET, - /* bind failed, errno */ - HAKUREI_WAYLAND_BIND, - /* listen failed, errno */ - HAKUREI_WAYLAND_LISTEN, + HAKUREI_WAYLAND_SUCCESS, + /* wl_display_connect_to_fd failed, errno */ + HAKUREI_WAYLAND_CONNECT, + /* wl_registry_add_listener failed, errno */ + HAKUREI_WAYLAND_LISTENER, + /* wl_display_roundtrip failed, errno */ + HAKUREI_WAYLAND_ROUNDTRIP, + /* compositor does not implement wp_security_context_v1 */ + HAKUREI_WAYLAND_NOT_AVAIL, + /* socket failed, errno */ + HAKUREI_WAYLAND_SOCKET, + /* bind failed, errno */ + HAKUREI_WAYLAND_BIND, + /* listen failed, errno */ + HAKUREI_WAYLAND_LISTEN, - /* ensure pathname failed, implemented in conn.go */ - HAKUREI_WAYLAND_CREAT, - /* socket for host server failed, implemented in conn.go */ - HAKUREI_WAYLAND_HOST_SOCKET, - /* connect for host server failed, implemented in conn.go */ - HAKUREI_WAYLAND_HOST_CONNECT, + /* ensure pathname failed, implemented in conn.go */ + HAKUREI_WAYLAND_CREAT, + /* socket for host server failed, implemented in conn.go */ + HAKUREI_WAYLAND_HOST_SOCKET, + /* connect for host server failed, implemented in conn.go */ + HAKUREI_WAYLAND_HOST_CONNECT, } hakurei_wayland_res; hakurei_wayland_res hakurei_security_context_bind( @@ -35,6 +35,6 @@ hakurei_wayland_res hakurei_security_context_bind( /* returns whether the specified size fits in the sun_path field of sockaddr_un */ static inline bool hakurei_is_valid_size_sun_path(size_t sz) { - struct sockaddr_un sockaddr; - return sz <= sizeof(sockaddr.sun_path); + struct sockaddr_un sockaddr; + return sz <= sizeof(sockaddr.sun_path); };