Added a theoretical way for services to get started automatically.

This really needs testing...
2018-04-22 15:25:49 +01:00 · 2018-04-22 15:25:49 +01:00 · 3d399dc047
parent 1bb8d16298
commit 3d399dc047
3 changed files with 61 additions and 21 deletions
--- a/code/apps/sys-icecap.lua
+++ b/code/apps/sys-icecap.lua
@ -94,11 +94,13 @@ local function getPfx(xd, pkg)
 end
 end

+local endAcPattern = "/[a-z0-9/%.]*$"
+
 local function matchesSvc(xd, pkg, perm)
 local pfx = getPfx(xd, pkg)
 if pfx then
  local permAct = perm
-  local paP = permAct:match("/[a-z0-9/%.]*$")
+  local paP = permAct:match(endAcPattern)
  if paP then
   permAct = permAct:sub(1, #permAct - #paP)
  end
@ -218,6 +220,31 @@ donkonitDFProvider(function (pkg, pid, sendSig)
 }
 end)

+-- Automatic service start
+local function wrapWASS(perm, req)
+ return function (res)
+  if res then
+   -- Do we need to start it?
+   if perm:sub(1, 6) == "x.svc." then
+    if not neo.usAccessExists(perm) then
+     local appAct = perm:sub(7)
+     local paP = appAct:match(endAcPattern)
+     if paP then
+      permAct = appAct:sub(1, #appAct - #paP)
+     end
+     pcall(neo.executeAsync, appAct)
+     neo.scheduleTimer(0)
+     table.insert(todo, function ()
+      req(res)
+     end)
+     return
+    end
+   end
+  end
+  req(res)
+ end
+end
+
 -- Connect in security policy now
 local rootAccess = neo.requireAccess("k.root", "installing GUI integration")
 local backup = rootAccess.securityPolicyINIT or rootAccess.securityPolicy
@ -226,6 +253,7 @@ rootAccess.securityPolicy = function (pid, proc, perm, req)
 if neo.dead then
  return backup(pid, proc, perm, req)
 end
+ req = wrapWASS(req)
 local def = proc.pkg:sub(1, 4) == "sys-"
 local secpol, err = require("sys-secpolicy")
 if not secpol then
--- a/code/init.lua
+++ b/code/init.lua
@ -329,6 +329,12 @@ baseProcNeo = {
 end,
 listApps = lister("apps/"),
 listLibs = lister("libs/"),
+ usAccessExists = function (accessName)
+  ensureType(accessName, "string")
+  if accesses[accessName] then
+   return true
+  end
+ end,
 totalIdleTime = function () return idleTime end,
 ensurePath = ensurePath,
 ensurePathComponent = ensurePathComponent,
--- a/repository/docs/kn-refer
+++ b/repository/docs/kn-refer
@ -167,7 +167,7 @@ For libraries, it contains:
   not a requirement and is not
   enforced - it's not a security
   matter, just optimization/memory.
- wrapMeta: A function that takes a
+ wrapMeta(v): A function that takes a
  value, and wraps it in such a way
  as to be immutable, returning the
   wrapped value.
@ -175,26 +175,30 @@ For libraries, it contains:
   against memory use - by using this
   to protect a table, the result can
   be shared between untrusted code.
- listProcs: A function that returns a
-  table of processes. Index is ipairs
-  -friendly, values are:
+ listProcs(): A function that returns
+  an ipairs-friendly process list.
+  Values are:
  {pid, pkg, cpuUsageInSeconds}
- listApps: Returns an ipairs-friendly
-  list of applications on the system,
-  such as:
-  {"app-out-of-sight-is-out-of-mind",
-   "svc-i-see-the-ones-that-play"}
- listLibs: Returns an ipairs-friendly
-  list of libraries on the system,
-  such as:
+ listApps(): Returns an
+  ipairs-friendly list of
+  applications on the system, like:
+  {"app-test", "svc-liliput"}
+ listLibs(): Returns an
+  ipairs-friendly list of libraries
+  on the system, such as:
  {"fmttext",
   "braille"}
- totalIdleTime: Returns the current
+ usAccessExists(s):
+  Returns true if the specified
+   access has been registered from
+   userspace using the related "r."
+   access.
+ totalIdleTime(): Returns the current
  kernel idle time total, useful for
  measuring current CPU usage, and in
  turn comparing to application CPU
  time to get various statistics.
- ensurePath: (s, root)
+ ensurePath(s, root):
  Attempts to verify the
  safety of a path, and errors if any
  aspect seems incorrect.
@ -207,7 +211,7 @@ For libraries, it contains:
  Essentially, "//" must not occur,
   and all "[^/]+" matches must be
   valid path components.
- ensurePathComponent: (s)
+ ensurePathComponent(s):
  Ensures that a string is a safe
   filename via a character list and
   some special filename checks.
@ -226,7 +230,7 @@ For libraries, it contains:
   Windows total nonsense (aux, com1)
   because if OC doesn't cover up
   that then you're kinda doomed.
- ensureType: (v, ts)
+ ensureType(v, ts):
  Checks that a value is of a given
   type, and errors otherwise. If the
   type is "table", it also errors if
@ -284,12 +288,14 @@ The additional things available to
  is responded to with a
  k.securityresponse such as:
  "k.securityresponse", perm, obj
- requestAccess: A function with
-  (perm, handler) as the arguments -
-  runs requestAccessAsync, then sends
+ requestAccess(perm[, handler]):
+  Runs requestAccessAsync, then sends
  events to handler (if any) while
  waiting for the response.
- requireAccess: requestAccess, but
+  sys-icecap is responsible for any
+   automatic starting of services
+   that may occur.
+ requireAccess(perm, reason): requestAccess, but
  (perm, reason) - the reason is used
   in an error if the access cannot
   be gained.