2024-10-11 01:55:33 +09:00
|
|
|
package shim
|
|
|
|
|
2024-10-27 00:46:15 +09:00
|
|
|
import (
|
|
|
|
"encoding/gob"
|
|
|
|
"errors"
|
|
|
|
"net"
|
|
|
|
|
|
|
|
"git.ophivana.moe/security/fortify/helper/bwrap"
|
|
|
|
"git.ophivana.moe/security/fortify/internal/fmsg"
|
|
|
|
)
|
2024-10-11 01:55:33 +09:00
|
|
|
|
|
|
|
const EnvShim = "FORTIFY_SHIM"
|
|
|
|
|
|
|
|
type Payload struct {
|
|
|
|
// child full argv
|
|
|
|
Argv []string
|
2024-10-14 02:27:02 +09:00
|
|
|
// fortify, bwrap, target full exec path
|
|
|
|
Exec [3]string
|
2024-10-13 17:19:50 +09:00
|
|
|
// bwrap config
|
2024-10-11 01:55:33 +09:00
|
|
|
Bwrap *bwrap.Config
|
2024-10-13 02:43:00 +09:00
|
|
|
// whether to pass wayland fd
|
2024-10-11 01:55:33 +09:00
|
|
|
WL bool
|
|
|
|
|
|
|
|
// verbosity pass through
|
|
|
|
Verbose bool
|
|
|
|
}
|
2024-10-27 00:46:15 +09:00
|
|
|
|
|
|
|
func (p *Payload) serve(conn *net.UnixConn, wl *Wayland) error {
|
|
|
|
if err := gob.NewEncoder(conn).Encode(*p); err != nil {
|
|
|
|
return fmsg.WrapErrorSuffix(err,
|
|
|
|
"cannot stream shim payload:")
|
|
|
|
}
|
|
|
|
|
|
|
|
if wl != nil {
|
|
|
|
if err := wl.WriteUnix(conn); err != nil {
|
|
|
|
return errors.Join(err, conn.Close())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return fmsg.WrapErrorSuffix(conn.Close(),
|
|
|
|
"cannot close setup connection:")
|
|
|
|
}
|