Added a theoretical way for services to get started automatically.

This really needs testing...

code/apps/sys-icecap.lua

@@ -94,11 +94,13 @@ local function getPfx(xd, pkg)
  end
 end
 
+local endAcPattern = "/[a-z0-9/%.]*$"
+
 local function matchesSvc(xd, pkg, perm)
  local pfx = getPfx(xd, pkg)
  if pfx then
   local permAct = perm
-  local paP = permAct:match("/[a-z0-9/%.]*$")
+  local paP = permAct:match(endAcPattern)
   if paP then
    permAct = permAct:sub(1, #permAct - #paP)
   end
@@ -218,6 +220,31 @@ donkonitDFProvider(function (pkg, pid, sendSig)
  }
 end)
 
+-- Automatic service start
+local function wrapWASS(perm, req)
+ return function (res)
+  if res then
+   -- Do we need to start it?
+   if perm:sub(1, 6) == "x.svc." then
+    if not neo.usAccessExists(perm) then
+     local appAct = perm:sub(7)
+     local paP = appAct:match(endAcPattern)
+     if paP then
+      permAct = appAct:sub(1, #appAct - #paP)
+     end
+     pcall(neo.executeAsync, appAct)
+     neo.scheduleTimer(0)
+     table.insert(todo, function ()
+      req(res)
+     end)
+     return
+    end
+   end
+  end
+  req(res)
+ end
+end
+
 -- Connect in security policy now
 local rootAccess = neo.requireAccess("k.root", "installing GUI integration")
 local backup = rootAccess.securityPolicyINIT or rootAccess.securityPolicy
@@ -226,6 +253,7 @@ rootAccess.securityPolicy = function (pid, proc, perm, req)
  if neo.dead then
   return backup(pid, proc, perm, req)
  end
+ req = wrapWASS(req)
  local def = proc.pkg:sub(1, 4) == "sys-"
  local secpol, err = require("sys-secpolicy")
  if not secpol then

code/init.lua

@@ -329,6 +329,12 @@ baseProcNeo = {
  end,
  listApps = lister("apps/"),
  listLibs = lister("libs/"),
+ usAccessExists = function (accessName)
+  ensureType(accessName, "string")
+  if accesses[accessName] then
+   return true
+  end
+ end,
  totalIdleTime = function () return idleTime end,
  ensurePath = ensurePath,
  ensurePathComponent = ensurePathComponent,

repository/docs/kn-refer

@@ -167,7 +167,7 @@ For libraries, it contains:
    not a requirement and is not
    enforced - it's not a security
    matter, just optimization/memory.
- wrapMeta: A function that takes a
+ wrapMeta(v): A function that takes a
   value, and wraps it in such a way
   as to be immutable, returning the
    wrapped value.
@@ -175,26 +175,30 @@ For libraries, it contains:
    against memory use - by using this
    to protect a table, the result can
    be shared between untrusted code.
- listProcs: A function that returns a
-  table of processes. Index is ipairs
-  -friendly, values are:
+ listProcs(): A function that returns
+  an ipairs-friendly process list.
+  Values are:
   {pid, pkg, cpuUsageInSeconds}
- listApps: Returns an ipairs-friendly
-  list of applications on the system,
-  such as:
-  {"app-out-of-sight-is-out-of-mind",
-   "svc-i-see-the-ones-that-play"}
- listLibs: Returns an ipairs-friendly
-  list of libraries on the system,
-  such as:
+ listApps(): Returns an
+  ipairs-friendly list of
+  applications on the system, like:
+  {"app-test", "svc-liliput"}
+ listLibs(): Returns an
+  ipairs-friendly list of libraries
+  on the system, such as:
   {"fmttext",
    "braille"}
- totalIdleTime: Returns the current
+ usAccessExists(s):
+  Returns true if the specified
+   access has been registered from
+   userspace using the related "r."
+   access.
+ totalIdleTime(): Returns the current
   kernel idle time total, useful for
   measuring current CPU usage, and in
   turn comparing to application CPU
   time to get various statistics.
- ensurePath: (s, root)
+ ensurePath(s, root):
   Attempts to verify the
   safety of a path, and errors if any
   aspect seems incorrect.
@@ -207,7 +211,7 @@ For libraries, it contains:
   Essentially, "//" must not occur,
    and all "[^/]+" matches must be
    valid path components.
- ensurePathComponent: (s)
+ ensurePathComponent(s):
   Ensures that a string is a safe
    filename via a character list and
    some special filename checks.
@@ -226,7 +230,7 @@ For libraries, it contains:
    Windows total nonsense (aux, com1)
    because if OC doesn't cover up
    that then you're kinda doomed.
- ensureType: (v, ts)
+ ensureType(v, ts):
   Checks that a value is of a given
    type, and errors otherwise. If the
    type is "table", it also errors if
@@ -284,12 +288,14 @@ The additional things available to
   is responded to with a
   k.securityresponse such as:
   "k.securityresponse", perm, obj
- requestAccess: A function with
-  (perm, handler) as the arguments -
-  runs requestAccessAsync, then sends
+ requestAccess(perm[, handler]):
+  Runs requestAccessAsync, then sends
   events to handler (if any) while
   waiting for the response.
- requireAccess: requestAccess, but
+  sys-icecap is responsible for any
+   automatic starting of services
+   that may occur.
+ requireAccess(perm, reason): requestAccess, but
   (perm, reason) - the reason is used
    in an error if the access cannot
    be gained.