dbus: use name resolved by exec.Command

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
Ophestra Umiker 2024-10-07 16:55:27 +09:00
parent 85407dd3c0
commit 55a5b6f242
Signed by: cat
SSH Key Fingerprint: SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
5 changed files with 20 additions and 29 deletions

View File

@ -9,12 +9,16 @@ import (
"git.ophivana.moe/cat/fortify/helper"
)
// ProxyName is the file name or path to the proxy program.
// Overriding ProxyName will only affect Proxy instance created after the change.
var ProxyName = "xdg-dbus-proxy"
// Proxy holds references to a xdg-dbus-proxy process, and should never be copied.
// Once sealed, configuration changes will no longer be possible and attempting to do so will result in a panic.
type Proxy struct {
helper helper.Helper
path string
name string
session [2]string
system [2]string
@ -75,6 +79,6 @@ func (p *Proxy) Seal(session, system *Config) error {
}
// New returns a reference to a new unsealed Proxy.
func New(binPath string, session, system [2]string) *Proxy {
return &Proxy{path: binPath, session: session, system: system}
func New(session, system [2]string) *Proxy {
return &Proxy{name: ProxyName, session: session, system: system}
}

View File

@ -9,10 +9,6 @@ import (
"git.ophivana.moe/cat/fortify/helper"
)
const (
binPath = "/usr/bin/bwrap"
)
func TestNew(t *testing.T) {
for _, tc := range [][2][2]string{
{
@ -33,9 +29,9 @@ func TestNew(t *testing.T) {
},
} {
t.Run("create instance for "+tc[0][0]+" and "+tc[1][0], func(t *testing.T) {
if got := dbus.New(binPath, tc[0], tc[1]); !got.CompareTestNew(binPath, tc[0], tc[1]) {
t.Errorf("New(%q, %q, %q) = %v",
binPath, tc[0], tc[1],
if got := dbus.New(tc[0], tc[1]); !got.CompareTestNew(tc[0], tc[1]) {
t.Errorf("New(%q, %q) = %v",
tc[0], tc[1],
got)
}
})
@ -52,12 +48,12 @@ func TestProxy_Seal(t *testing.T) {
}
}()
p := dbus.New(binPath, [2]string{}, [2]string{})
p := dbus.New([2]string{}, [2]string{})
_ = p.Seal(dbus.NewConfig("", true, false), nil)
_ = p.Seal(dbus.NewConfig("", true, false), nil)
})
ep := dbus.New(binPath, [2]string{}, [2]string{})
ep := dbus.New([2]string{}, [2]string{})
if err := ep.Seal(nil, nil); !errors.Is(err, dbus.ErrConfig) {
t.Errorf("Seal(nil, nil) error = %v, want %v",
err, dbus.ErrConfig)
@ -65,7 +61,7 @@ func TestProxy_Seal(t *testing.T) {
for id, tc := range testCasePairs() {
t.Run("create seal for "+id, func(t *testing.T) {
p := dbus.New(binPath, tc[0].bus, tc[1].bus)
p := dbus.New(tc[0].bus, tc[1].bus)
if err := p.Seal(tc[0].c, tc[1].c); (errors.Is(err, helper.ErrContainsNull)) != tc[0].wantErr {
t.Errorf("Seal(%p, %p) error = %v, wantErr %v",
tc[0].c, tc[1].c,
@ -119,7 +115,7 @@ func TestProxy_Start_Wait_Close_String(t *testing.T) {
t.Run("proxy for "+id, func(t *testing.T) {
helper.InternalReplaceExecCommand(t)
p := dbus.New(binPath, tc[0].bus, tc[1].bus)
p := dbus.New(tc[0].bus, tc[1].bus)
t.Run("unsealed behaviour of "+id, func(t *testing.T) {
t.Run("unsealed string of "+id, func(t *testing.T) {
@ -164,7 +160,7 @@ func TestProxy_Start_Wait_Close_String(t *testing.T) {
}
t.Run("started string of "+id, func(t *testing.T) {
wantSubstr := binPath + " --args=3"
wantSubstr := dbus.ProxyName + " --args=3"
if got := p.String(); !strings.Contains(got, wantSubstr) {
t.Errorf("String() = %v, want %v",
p.String(), wantSubstr)

View File

@ -3,8 +3,8 @@ package dbus
import "io"
// CompareTestNew provides TestNew with comparison access to unexported Proxy fields.
func (p *Proxy) CompareTestNew(path string, session, system [2]string) bool {
return path == p.path && session == p.session && system == p.system
func (p *Proxy) CompareTestNew(session, system [2]string) bool {
return session == p.session && system == p.system
}
// AccessTestProxySeal provides TestProxy_Seal with access to unexported Proxy seal field.

View File

@ -18,7 +18,7 @@ func (p *Proxy) Start(ready chan error, output io.Writer) error {
return errors.New("proxy not sealed")
}
h := helper.New(p.seal, p.path,
h := helper.New(p.seal, p.name,
func(argsFD, statFD int) []string {
if statFD == -1 {
return []string{"--args=" + strconv.Itoa(argsFD)}

View File

@ -4,7 +4,6 @@ import (
"errors"
"fmt"
"os"
"os/exec"
"path"
"git.ophivana.moe/cat/fortify/acl"
@ -16,13 +15,10 @@ import (
const (
dbusSessionBusAddress = "DBUS_SESSION_BUS_ADDRESS"
dbusSystemBusAddress = "DBUS_SYSTEM_BUS_ADDRESS"
xdgDBusProxy = "xdg-dbus-proxy"
)
var (
ErrDBusConfig = errors.New("dbus config not supplied")
ErrDBusProxy = errors.New(xdgDBusProxy + " not found")
)
type (
@ -68,13 +64,8 @@ func (seal *appSeal) shareDBus(config [2]*dbus.Config) error {
systemBus[0] = addr
}
// look up proxy program path for dbus.New
if b, err := exec.LookPath(xdgDBusProxy); err != nil {
return (*LookupDBusError)(wrapError(ErrDBusProxy, xdgDBusProxy, "not found"))
} else {
// create proxy instance
seal.sys.dbus = dbus.New(b, sessionBus, systemBus)
}
seal.sys.dbus = dbus.New(sessionBus, systemBus)
// seal dbus proxy
if err := seal.sys.dbus.Seal(config[0], config[1]); err != nil {