85 lines
2.3 KiB
Go
85 lines
2.3 KiB
Go
package shim
|
|
|
|
import (
|
|
"encoding/gob"
|
|
"errors"
|
|
"fmt"
|
|
"net"
|
|
"os"
|
|
"syscall"
|
|
|
|
"git.ophivana.moe/security/fortify/acl"
|
|
"git.ophivana.moe/security/fortify/internal/verbose"
|
|
)
|
|
|
|
// called in the parent process
|
|
|
|
func ServeConfig(socket string, uid int, payload *Payload, wl string, done chan struct{}) (*net.UnixConn, error) {
|
|
var ws *net.UnixConn
|
|
if payload.WL {
|
|
if f, err := net.DialUnix("unix", nil, &net.UnixAddr{Name: wl, Net: "unix"}); err != nil {
|
|
return nil, err
|
|
} else {
|
|
verbose.Println("connected to wayland at", wl)
|
|
ws = f
|
|
}
|
|
}
|
|
|
|
if c, err := net.ListenUnix("unix", &net.UnixAddr{Name: socket, Net: "unix"}); err != nil {
|
|
return nil, err
|
|
} else {
|
|
verbose.Println("configuring shim on socket", socket)
|
|
if err = acl.UpdatePerm(socket, uid, acl.Read, acl.Write, acl.Execute); err != nil {
|
|
fmt.Println("fortify: cannot change permissions of shim setup socket:", err)
|
|
}
|
|
|
|
go func() {
|
|
var conn *net.UnixConn
|
|
if conn, err = c.AcceptUnix(); err != nil {
|
|
fmt.Println("fortify: cannot accept connection from shim:", err)
|
|
} else {
|
|
if err = gob.NewEncoder(conn).Encode(*payload); err != nil {
|
|
fmt.Println("fortify: cannot stream shim payload:", err)
|
|
_ = os.Remove(socket)
|
|
return
|
|
}
|
|
|
|
if payload.WL {
|
|
// get raw connection
|
|
var rc syscall.RawConn
|
|
if rc, err = ws.SyscallConn(); err != nil {
|
|
fmt.Println("fortify: cannot obtain raw wayland connection:", err)
|
|
return
|
|
} else {
|
|
go func() {
|
|
// pass wayland socket fd
|
|
if err = rc.Control(func(fd uintptr) {
|
|
if _, _, err = conn.WriteMsgUnix(nil, syscall.UnixRights(int(fd)), nil); err != nil {
|
|
fmt.Println("fortify: cannot pass wayland connection to shim:", err)
|
|
return
|
|
}
|
|
_ = conn.Close()
|
|
|
|
// block until shim exits
|
|
<-done
|
|
verbose.Println("releasing wayland connection")
|
|
}); err != nil {
|
|
fmt.Println("fortify: cannot obtain wayland connection fd:", err)
|
|
}
|
|
}()
|
|
}
|
|
} else {
|
|
_ = conn.Close()
|
|
}
|
|
}
|
|
if err = c.Close(); err != nil {
|
|
fmt.Println("fortify: cannot close shim socket:", err)
|
|
}
|
|
if err = os.Remove(socket); err != nil && !errors.Is(err, os.ErrNotExist) {
|
|
fmt.Println("fortify: cannot remove dangling shim socket:", err)
|
|
}
|
|
}()
|
|
return ws, nil
|
|
}
|
|
}
|