package system import ( "fmt" "slices" "git.ophivana.moe/security/fortify/acl" "git.ophivana.moe/security/fortify/internal/fmsg" ) // UpdatePerm appends an ephemeral acl update Op. func (sys *I) UpdatePerm(path string, perms ...acl.Perm) { sys.UpdatePermType(Process, path, perms...) } // UpdatePermType appends an acl update Op. func (sys *I) UpdatePermType(et Enablement, path string, perms ...acl.Perm) { sys.lock.Lock() defer sys.lock.Unlock() sys.ops = append(sys.ops, &ACL{et, path, perms}) } type ACL struct { et Enablement path string perms []acl.Perm } func (a *ACL) Type() Enablement { return a.et } func (a *ACL) apply(sys *I) error { fmsg.VPrintf("applying ACL %s uid: %d type: %s path: %q", a, sys.uid, TypeString(a.et), a.path) return fmsg.WrapErrorSuffix(acl.UpdatePerm(a.path, sys.uid, a.perms...), fmt.Sprintf("cannot apply ACL entry to %q:", a.path)) } func (a *ACL) revert(sys *I, ec *Criteria) error { if ec.hasType(a) { fmsg.VPrintf("stripping ACL %s uid: %d type: %s path: %q", a, sys.uid, TypeString(a.et), a.path) return fmsg.WrapErrorSuffix(acl.UpdatePerm(a.path, sys.uid), fmt.Sprintf("cannot strip ACL entry from %q:", a.path)) } else { fmsg.VPrintln("skipping ACL", a, "uid:", sys.uid, "tag:", TypeString(a.et), "path:", a.path) return nil } } func (a *ACL) Is(o Op) bool { a0, ok := o.(*ACL) return ok && a0 != nil && a.et == a0.et && a.path == a0.path && slices.Equal(a.perms, a0.perms) } func (a *ACL) Path() string { return a.path } func (a *ACL) String() string { var s = []byte("---") for _, p := range a.perms { switch p { case acl.Read: s[0] = 'r' case acl.Write: s[1] = 'w' case acl.Execute: s[2] = 'x' } } return string(s) }