mirror of
https://github.com/20kdc/OC-KittenOS.git
synced 2024-12-26 02:48:06 +11:00
Added a theoretical way for services to get started automatically.
This really needs testing...
This commit is contained in:
parent
1bb8d16298
commit
3d399dc047
@ -94,11 +94,13 @@ local function getPfx(xd, pkg)
|
||||
end
|
||||
end
|
||||
|
||||
local endAcPattern = "/[a-z0-9/%.]*$"
|
||||
|
||||
local function matchesSvc(xd, pkg, perm)
|
||||
local pfx = getPfx(xd, pkg)
|
||||
if pfx then
|
||||
local permAct = perm
|
||||
local paP = permAct:match("/[a-z0-9/%.]*$")
|
||||
local paP = permAct:match(endAcPattern)
|
||||
if paP then
|
||||
permAct = permAct:sub(1, #permAct - #paP)
|
||||
end
|
||||
@ -218,6 +220,31 @@ donkonitDFProvider(function (pkg, pid, sendSig)
|
||||
}
|
||||
end)
|
||||
|
||||
-- Automatic service start
|
||||
local function wrapWASS(perm, req)
|
||||
return function (res)
|
||||
if res then
|
||||
-- Do we need to start it?
|
||||
if perm:sub(1, 6) == "x.svc." then
|
||||
if not neo.usAccessExists(perm) then
|
||||
local appAct = perm:sub(7)
|
||||
local paP = appAct:match(endAcPattern)
|
||||
if paP then
|
||||
permAct = appAct:sub(1, #appAct - #paP)
|
||||
end
|
||||
pcall(neo.executeAsync, appAct)
|
||||
neo.scheduleTimer(0)
|
||||
table.insert(todo, function ()
|
||||
req(res)
|
||||
end)
|
||||
return
|
||||
end
|
||||
end
|
||||
end
|
||||
req(res)
|
||||
end
|
||||
end
|
||||
|
||||
-- Connect in security policy now
|
||||
local rootAccess = neo.requireAccess("k.root", "installing GUI integration")
|
||||
local backup = rootAccess.securityPolicyINIT or rootAccess.securityPolicy
|
||||
@ -226,6 +253,7 @@ rootAccess.securityPolicy = function (pid, proc, perm, req)
|
||||
if neo.dead then
|
||||
return backup(pid, proc, perm, req)
|
||||
end
|
||||
req = wrapWASS(req)
|
||||
local def = proc.pkg:sub(1, 4) == "sys-"
|
||||
local secpol, err = require("sys-secpolicy")
|
||||
if not secpol then
|
||||
|
@ -329,6 +329,12 @@ baseProcNeo = {
|
||||
end,
|
||||
listApps = lister("apps/"),
|
||||
listLibs = lister("libs/"),
|
||||
usAccessExists = function (accessName)
|
||||
ensureType(accessName, "string")
|
||||
if accesses[accessName] then
|
||||
return true
|
||||
end
|
||||
end,
|
||||
totalIdleTime = function () return idleTime end,
|
||||
ensurePath = ensurePath,
|
||||
ensurePathComponent = ensurePathComponent,
|
||||
|
@ -167,7 +167,7 @@ For libraries, it contains:
|
||||
not a requirement and is not
|
||||
enforced - it's not a security
|
||||
matter, just optimization/memory.
|
||||
wrapMeta: A function that takes a
|
||||
wrapMeta(v): A function that takes a
|
||||
value, and wraps it in such a way
|
||||
as to be immutable, returning the
|
||||
wrapped value.
|
||||
@ -175,26 +175,30 @@ For libraries, it contains:
|
||||
against memory use - by using this
|
||||
to protect a table, the result can
|
||||
be shared between untrusted code.
|
||||
listProcs: A function that returns a
|
||||
table of processes. Index is ipairs
|
||||
-friendly, values are:
|
||||
listProcs(): A function that returns
|
||||
an ipairs-friendly process list.
|
||||
Values are:
|
||||
{pid, pkg, cpuUsageInSeconds}
|
||||
listApps: Returns an ipairs-friendly
|
||||
list of applications on the system,
|
||||
such as:
|
||||
{"app-out-of-sight-is-out-of-mind",
|
||||
"svc-i-see-the-ones-that-play"}
|
||||
listLibs: Returns an ipairs-friendly
|
||||
list of libraries on the system,
|
||||
such as:
|
||||
listApps(): Returns an
|
||||
ipairs-friendly list of
|
||||
applications on the system, like:
|
||||
{"app-test", "svc-liliput"}
|
||||
listLibs(): Returns an
|
||||
ipairs-friendly list of libraries
|
||||
on the system, such as:
|
||||
{"fmttext",
|
||||
"braille"}
|
||||
totalIdleTime: Returns the current
|
||||
usAccessExists(s):
|
||||
Returns true if the specified
|
||||
access has been registered from
|
||||
userspace using the related "r."
|
||||
access.
|
||||
totalIdleTime(): Returns the current
|
||||
kernel idle time total, useful for
|
||||
measuring current CPU usage, and in
|
||||
turn comparing to application CPU
|
||||
time to get various statistics.
|
||||
ensurePath: (s, root)
|
||||
ensurePath(s, root):
|
||||
Attempts to verify the
|
||||
safety of a path, and errors if any
|
||||
aspect seems incorrect.
|
||||
@ -207,7 +211,7 @@ For libraries, it contains:
|
||||
Essentially, "//" must not occur,
|
||||
and all "[^/]+" matches must be
|
||||
valid path components.
|
||||
ensurePathComponent: (s)
|
||||
ensurePathComponent(s):
|
||||
Ensures that a string is a safe
|
||||
filename via a character list and
|
||||
some special filename checks.
|
||||
@ -226,7 +230,7 @@ For libraries, it contains:
|
||||
Windows total nonsense (aux, com1)
|
||||
because if OC doesn't cover up
|
||||
that then you're kinda doomed.
|
||||
ensureType: (v, ts)
|
||||
ensureType(v, ts):
|
||||
Checks that a value is of a given
|
||||
type, and errors otherwise. If the
|
||||
type is "table", it also errors if
|
||||
@ -284,12 +288,14 @@ The additional things available to
|
||||
is responded to with a
|
||||
k.securityresponse such as:
|
||||
"k.securityresponse", perm, obj
|
||||
requestAccess: A function with
|
||||
(perm, handler) as the arguments -
|
||||
runs requestAccessAsync, then sends
|
||||
requestAccess(perm[, handler]):
|
||||
Runs requestAccessAsync, then sends
|
||||
events to handler (if any) while
|
||||
waiting for the response.
|
||||
requireAccess: requestAccess, but
|
||||
sys-icecap is responsible for any
|
||||
automatic starting of services
|
||||
that may occur.
|
||||
requireAccess(perm, reason): requestAccess, but
|
||||
(perm, reason) - the reason is used
|
||||
in an error if the access cannot
|
||||
be gained.
|
||||
|
Loading…
Reference in New Issue
Block a user