2024-09-22 00:29:36 +09:00
|
|
|
package app
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"errors"
|
2024-10-11 02:01:03 +09:00
|
|
|
"fmt"
|
2024-09-22 00:29:36 +09:00
|
|
|
"os/exec"
|
2024-10-11 02:01:03 +09:00
|
|
|
"path"
|
|
|
|
|
"path/filepath"
|
2024-10-16 01:38:59 +09:00
|
|
|
"strings"
|
2024-09-22 00:29:36 +09:00
|
|
|
|
2024-11-02 03:03:44 +09:00
|
|
|
shim0 "git.ophivana.moe/security/fortify/cmd/fshim/ipc"
|
|
|
|
|
"git.ophivana.moe/security/fortify/cmd/fshim/ipc/shim"
|
2024-10-20 19:50:13 +09:00
|
|
|
"git.ophivana.moe/security/fortify/helper"
|
2024-11-02 03:03:44 +09:00
|
|
|
"git.ophivana.moe/security/fortify/internal"
|
2024-10-20 19:50:13 +09:00
|
|
|
"git.ophivana.moe/security/fortify/internal/fmsg"
|
|
|
|
|
"git.ophivana.moe/security/fortify/internal/state"
|
|
|
|
|
"git.ophivana.moe/security/fortify/internal/system"
|
2024-09-22 00:29:36 +09:00
|
|
|
)
|
|
|
|
|
|
2024-11-02 03:03:44 +09:00
|
|
|
var fshimPath = func() string {
|
|
|
|
|
p, ok := internal.Path(internal.Fshim)
|
|
|
|
|
if !ok {
|
|
|
|
|
fmsg.Fatal("invalid fshim path, this copy of fortify is not compiled correctly")
|
|
|
|
|
}
|
|
|
|
|
return p
|
|
|
|
|
}()
|
|
|
|
|
|
2024-10-27 00:46:15 +09:00
|
|
|
// Start selects a user switcher and starts shim.
|
|
|
|
|
// Note that Wait must be called regardless of error returned by Start.
|
2024-09-22 00:29:36 +09:00
|
|
|
func (a *app) Start() error {
|
|
|
|
|
a.lock.Lock()
|
|
|
|
|
defer a.lock.Unlock()
|
|
|
|
|
|
2024-10-11 02:01:03 +09:00
|
|
|
// resolve exec paths
|
2024-11-02 03:03:44 +09:00
|
|
|
shimExec := [2]string{helper.BubblewrapName}
|
2024-10-11 02:01:03 +09:00
|
|
|
if len(a.seal.command) > 0 {
|
2024-11-02 03:03:44 +09:00
|
|
|
shimExec[1] = a.seal.command[0]
|
2024-10-11 02:01:03 +09:00
|
|
|
}
|
2024-10-14 02:27:02 +09:00
|
|
|
for i, n := range shimExec {
|
2024-10-11 02:01:03 +09:00
|
|
|
if len(n) == 0 {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
if filepath.Base(n) == n {
|
|
|
|
|
if s, err := exec.LookPath(n); err == nil {
|
2024-10-14 02:27:02 +09:00
|
|
|
shimExec[i] = s
|
2024-10-11 02:01:03 +09:00
|
|
|
} else {
|
2024-10-25 16:12:18 +09:00
|
|
|
return fmsg.WrapError(err,
|
|
|
|
|
fmt.Sprintf("executable file %q not found in $PATH", n))
|
2024-10-11 02:01:03 +09:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2024-09-22 00:29:36 +09:00
|
|
|
// select command builder
|
2024-10-27 00:46:15 +09:00
|
|
|
var commandBuilder shim.CommandBuilder
|
2024-09-22 00:29:36 +09:00
|
|
|
switch a.seal.launchOption {
|
|
|
|
|
case LaunchMethodSudo:
|
|
|
|
|
commandBuilder = a.commandBuilderSudo
|
|
|
|
|
case LaunchMethodMachineCtl:
|
|
|
|
|
commandBuilder = a.commandBuilderMachineCtl
|
|
|
|
|
default:
|
|
|
|
|
panic("unreachable")
|
|
|
|
|
}
|
|
|
|
|
|
2024-10-27 00:46:15 +09:00
|
|
|
// construct shim manager
|
|
|
|
|
a.shim = shim.New(a.seal.toolPath, uint32(a.seal.sys.UID()), path.Join(a.seal.share, "shim"), a.seal.wl,
|
2024-11-02 03:03:44 +09:00
|
|
|
&shim0.Payload{
|
2024-10-27 00:46:15 +09:00
|
|
|
Argv: a.seal.command,
|
|
|
|
|
Exec: shimExec,
|
|
|
|
|
Bwrap: a.seal.sys.bwrap,
|
|
|
|
|
WL: a.seal.wl != nil,
|
2024-09-22 00:29:36 +09:00
|
|
|
|
2024-10-27 00:46:15 +09:00
|
|
|
Verbose: fmsg.Verbose(),
|
|
|
|
|
},
|
2024-10-27 23:49:37 +09:00
|
|
|
// checkPid is impossible at the moment since there is no reliable way to obtain shim's pid
|
|
|
|
|
// this feature is disabled here until sudo is replaced by fortify suid wrapper
|
|
|
|
|
false,
|
2024-10-27 00:46:15 +09:00
|
|
|
)
|
2024-10-11 02:01:03 +09:00
|
|
|
|
2024-10-27 00:46:15 +09:00
|
|
|
// startup will go ahead, commit system setup
|
|
|
|
|
if err := a.seal.sys.Commit(); err != nil {
|
|
|
|
|
return err
|
2024-10-11 02:01:03 +09:00
|
|
|
}
|
2024-10-27 00:46:15 +09:00
|
|
|
a.seal.sys.needRevert = true
|
2024-10-11 02:01:03 +09:00
|
|
|
|
2024-10-27 00:46:15 +09:00
|
|
|
if startTime, err := a.shim.Start(commandBuilder); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
} else {
|
|
|
|
|
// shim start and setup success, create process state
|
|
|
|
|
sd := state.State{
|
|
|
|
|
PID: a.shim.Unwrap().Process.Pid,
|
|
|
|
|
Command: a.seal.command,
|
|
|
|
|
Capability: a.seal.et,
|
|
|
|
|
Method: method[a.seal.launchOption],
|
|
|
|
|
Argv: a.shim.Unwrap().Args,
|
|
|
|
|
Time: *startTime,
|
|
|
|
|
}
|
2024-09-22 00:29:36 +09:00
|
|
|
|
2024-10-27 00:46:15 +09:00
|
|
|
// register process state
|
|
|
|
|
var err0 = new(StateStoreError)
|
|
|
|
|
err0.Inner, err0.DoErr = a.seal.store.Do(func(b state.Backend) {
|
|
|
|
|
err0.InnerErr = b.Save(&sd)
|
|
|
|
|
})
|
|
|
|
|
a.seal.sys.saveState = true
|
|
|
|
|
return err0.equiv("cannot save process state:")
|
2024-09-22 00:29:36 +09:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// StateStoreError is returned for a failed state save
|
|
|
|
|
type StateStoreError struct {
|
|
|
|
|
// whether inner function was called
|
|
|
|
|
Inner bool
|
|
|
|
|
// error returned by state.Store Do method
|
|
|
|
|
DoErr error
|
|
|
|
|
// error returned by state.Backend Save method
|
|
|
|
|
InnerErr error
|
|
|
|
|
// any other errors needing to be tracked
|
|
|
|
|
Err error
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (e *StateStoreError) equiv(a ...any) error {
|
2024-10-27 23:49:37 +09:00
|
|
|
if e.Inner && e.DoErr == nil && e.InnerErr == nil && e.Err == nil {
|
2024-09-22 00:29:36 +09:00
|
|
|
return nil
|
|
|
|
|
} else {
|
2024-10-16 01:38:59 +09:00
|
|
|
return fmsg.WrapErrorSuffix(e, a...)
|
2024-09-22 00:29:36 +09:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (e *StateStoreError) Error() string {
|
|
|
|
|
if e.Inner && e.InnerErr != nil {
|
|
|
|
|
return e.InnerErr.Error()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if e.DoErr != nil {
|
|
|
|
|
return e.DoErr.Error()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if e.Err != nil {
|
|
|
|
|
return e.Err.Error()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return "(nil)"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (e *StateStoreError) Unwrap() (errs []error) {
|
|
|
|
|
errs = make([]error, 0, 3)
|
|
|
|
|
if e.DoErr != nil {
|
|
|
|
|
errs = append(errs, e.DoErr)
|
|
|
|
|
}
|
|
|
|
|
if e.InnerErr != nil {
|
|
|
|
|
errs = append(errs, e.InnerErr)
|
|
|
|
|
}
|
|
|
|
|
if e.Err != nil {
|
|
|
|
|
errs = append(errs, e.Err)
|
|
|
|
|
}
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type RevertCompoundError interface {
|
|
|
|
|
Error() string
|
|
|
|
|
Unwrap() []error
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (a *app) Wait() (int, error) {
|
|
|
|
|
a.lock.Lock()
|
|
|
|
|
defer a.lock.Unlock()
|
|
|
|
|
|
2024-10-28 14:21:15 +09:00
|
|
|
if a.shim == nil {
|
|
|
|
|
fmsg.VPrintln("shim not initialised, skipping cleanup")
|
|
|
|
|
return 1, nil
|
|
|
|
|
}
|
|
|
|
|
|
2024-09-22 00:29:36 +09:00
|
|
|
var r int
|
|
|
|
|
|
2024-10-27 00:46:15 +09:00
|
|
|
if cmd := a.shim.Unwrap(); cmd == nil {
|
|
|
|
|
// failure prior to process start
|
|
|
|
|
r = 255
|
2024-09-22 00:29:36 +09:00
|
|
|
} else {
|
2024-10-27 00:46:15 +09:00
|
|
|
// wait for process and resolve exit code
|
|
|
|
|
if err := cmd.Wait(); err != nil {
|
|
|
|
|
var exitError *exec.ExitError
|
|
|
|
|
if !errors.As(err, &exitError) {
|
|
|
|
|
// should be unreachable
|
|
|
|
|
a.waitErr = err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// store non-zero return code
|
|
|
|
|
r = exitError.ExitCode()
|
|
|
|
|
} else {
|
|
|
|
|
r = cmd.ProcessState.ExitCode()
|
|
|
|
|
}
|
|
|
|
|
fmsg.VPrintf("process %d exited with exit code %d", cmd.Process.Pid, r)
|
2024-09-22 00:29:36 +09:00
|
|
|
}
|
|
|
|
|
|
2024-10-27 00:46:15 +09:00
|
|
|
// child process exited, resume output
|
|
|
|
|
fmsg.Resume()
|
2024-09-22 00:29:36 +09:00
|
|
|
|
2024-10-11 02:01:03 +09:00
|
|
|
// close wayland connection
|
2024-10-20 22:54:47 +09:00
|
|
|
if a.seal.wl != nil {
|
|
|
|
|
if err := a.seal.wl.Close(); err != nil {
|
2024-10-21 20:47:02 +09:00
|
|
|
fmsg.Println("cannot close wayland connection:", err)
|
2024-10-11 02:01:03 +09:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2024-09-22 00:29:36 +09:00
|
|
|
// update store and revert app setup transaction
|
|
|
|
|
e := new(StateStoreError)
|
|
|
|
|
e.Inner, e.DoErr = a.seal.store.Do(func(b state.Backend) {
|
|
|
|
|
e.InnerErr = func() error {
|
|
|
|
|
// destroy defunct state entry
|
2024-10-27 00:46:15 +09:00
|
|
|
if cmd := a.shim.Unwrap(); cmd != nil && a.seal.sys.saveState {
|
|
|
|
|
if err := b.Destroy(cmd.Process.Pid); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2024-09-22 00:29:36 +09:00
|
|
|
}
|
|
|
|
|
|
2024-10-10 14:33:58 +09:00
|
|
|
// enablements of remaining launchers
|
2024-10-16 14:38:57 +09:00
|
|
|
rt, ec := new(system.Enablements), new(system.Criteria)
|
|
|
|
|
ec.Enablements = new(system.Enablements)
|
2024-10-16 01:38:59 +09:00
|
|
|
ec.Set(system.Process)
|
2024-10-10 14:33:58 +09:00
|
|
|
if states, err := b.Load(); err != nil {
|
2024-09-22 00:29:36 +09:00
|
|
|
return err
|
|
|
|
|
} else {
|
2024-10-10 14:33:58 +09:00
|
|
|
if l := len(states); l == 0 {
|
|
|
|
|
// cleanup globals as the final launcher
|
2024-10-21 20:47:02 +09:00
|
|
|
fmsg.VPrintln("no other launchers active, will clean up globals")
|
2024-10-16 01:38:59 +09:00
|
|
|
ec.Set(system.User)
|
2024-10-10 14:33:58 +09:00
|
|
|
} else {
|
2024-10-21 20:47:02 +09:00
|
|
|
fmsg.VPrintf("found %d active launchers, cleaning up without globals", l)
|
2024-10-10 14:33:58 +09:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// accumulate capabilities of other launchers
|
|
|
|
|
for _, s := range states {
|
|
|
|
|
*rt |= s.Capability
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
// invert accumulated enablements for cleanup
|
2024-10-16 14:38:57 +09:00
|
|
|
for i := system.Enablement(0); i < system.Enablement(system.ELen); i++ {
|
2024-10-10 14:33:58 +09:00
|
|
|
if !rt.Has(i) {
|
2024-10-16 01:38:59 +09:00
|
|
|
ec.Set(i)
|
2024-10-10 14:33:58 +09:00
|
|
|
}
|
|
|
|
|
}
|
2024-10-21 20:47:02 +09:00
|
|
|
if fmsg.Verbose() {
|
2024-10-16 14:38:57 +09:00
|
|
|
labels := make([]string, 0, system.ELen+1)
|
|
|
|
|
for i := system.Enablement(0); i < system.Enablement(system.ELen+2); i++ {
|
2024-10-16 01:38:59 +09:00
|
|
|
if ec.Has(i) {
|
|
|
|
|
labels = append(labels, system.TypeString(i))
|
2024-10-10 14:33:58 +09:00
|
|
|
}
|
2024-09-22 00:29:36 +09:00
|
|
|
}
|
2024-10-16 01:38:59 +09:00
|
|
|
if len(labels) > 0 {
|
2024-10-21 20:47:02 +09:00
|
|
|
fmsg.VPrintln("reverting operations labelled", strings.Join(labels, ", "))
|
2024-10-11 02:01:03 +09:00
|
|
|
}
|
2024-09-22 00:29:36 +09:00
|
|
|
}
|
|
|
|
|
|
2024-10-27 00:46:15 +09:00
|
|
|
a.shim.AbortWait(errors.New("shim exited"))
|
2024-10-16 01:38:59 +09:00
|
|
|
if err := a.seal.sys.Revert(ec); err != nil {
|
2024-09-22 00:29:36 +09:00
|
|
|
return err.(RevertCompoundError)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}()
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
e.Err = a.seal.store.Close()
|
|
|
|
|
return r, e.equiv("error returned during cleanup:", e)
|
|
|
|
|
}
|
