From 3d399dc04739c4413490916d4f3f38b5e07025db Mon Sep 17 00:00:00 2001 From: 20kdc Date: Sun, 22 Apr 2018 15:25:49 +0100 Subject: [PATCH] Added a theoretical way for services to get started automatically. This really needs testing... --- code/apps/sys-icecap.lua | 30 +++++++++++++++++++++++++- code/init.lua | 6 ++++++ repository/docs/kn-refer | 46 +++++++++++++++++++++++----------------- 3 files changed, 61 insertions(+), 21 deletions(-) diff --git a/code/apps/sys-icecap.lua b/code/apps/sys-icecap.lua index 7a6c5ac..bcb9edd 100644 --- a/code/apps/sys-icecap.lua +++ b/code/apps/sys-icecap.lua @@ -94,11 +94,13 @@ local function getPfx(xd, pkg) end end +local endAcPattern = "/[a-z0-9/%.]*$" + local function matchesSvc(xd, pkg, perm) local pfx = getPfx(xd, pkg) if pfx then local permAct = perm - local paP = permAct:match("/[a-z0-9/%.]*$") + local paP = permAct:match(endAcPattern) if paP then permAct = permAct:sub(1, #permAct - #paP) end @@ -218,6 +220,31 @@ donkonitDFProvider(function (pkg, pid, sendSig) } end) +-- Automatic service start +local function wrapWASS(perm, req) + return function (res) + if res then + -- Do we need to start it? + if perm:sub(1, 6) == "x.svc." then + if not neo.usAccessExists(perm) then + local appAct = perm:sub(7) + local paP = appAct:match(endAcPattern) + if paP then + permAct = appAct:sub(1, #appAct - #paP) + end + pcall(neo.executeAsync, appAct) + neo.scheduleTimer(0) + table.insert(todo, function () + req(res) + end) + return + end + end + end + req(res) + end +end + -- Connect in security policy now local rootAccess = neo.requireAccess("k.root", "installing GUI integration") local backup = rootAccess.securityPolicyINIT or rootAccess.securityPolicy @@ -226,6 +253,7 @@ rootAccess.securityPolicy = function (pid, proc, perm, req) if neo.dead then return backup(pid, proc, perm, req) end + req = wrapWASS(req) local def = proc.pkg:sub(1, 4) == "sys-" local secpol, err = require("sys-secpolicy") if not secpol then diff --git a/code/init.lua b/code/init.lua index 8b75cf4..46d840e 100644 --- a/code/init.lua +++ b/code/init.lua @@ -329,6 +329,12 @@ baseProcNeo = { end, listApps = lister("apps/"), listLibs = lister("libs/"), + usAccessExists = function (accessName) + ensureType(accessName, "string") + if accesses[accessName] then + return true + end + end, totalIdleTime = function () return idleTime end, ensurePath = ensurePath, ensurePathComponent = ensurePathComponent, diff --git a/repository/docs/kn-refer b/repository/docs/kn-refer index 7421e8d..0162a9f 100644 --- a/repository/docs/kn-refer +++ b/repository/docs/kn-refer @@ -167,7 +167,7 @@ For libraries, it contains: not a requirement and is not enforced - it's not a security matter, just optimization/memory. - wrapMeta: A function that takes a + wrapMeta(v): A function that takes a value, and wraps it in such a way as to be immutable, returning the wrapped value. @@ -175,26 +175,30 @@ For libraries, it contains: against memory use - by using this to protect a table, the result can be shared between untrusted code. - listProcs: A function that returns a - table of processes. Index is ipairs - -friendly, values are: + listProcs(): A function that returns + an ipairs-friendly process list. + Values are: {pid, pkg, cpuUsageInSeconds} - listApps: Returns an ipairs-friendly - list of applications on the system, - such as: - {"app-out-of-sight-is-out-of-mind", - "svc-i-see-the-ones-that-play"} - listLibs: Returns an ipairs-friendly - list of libraries on the system, - such as: + listApps(): Returns an + ipairs-friendly list of + applications on the system, like: + {"app-test", "svc-liliput"} + listLibs(): Returns an + ipairs-friendly list of libraries + on the system, such as: {"fmttext", "braille"} - totalIdleTime: Returns the current + usAccessExists(s): + Returns true if the specified + access has been registered from + userspace using the related "r." + access. + totalIdleTime(): Returns the current kernel idle time total, useful for measuring current CPU usage, and in turn comparing to application CPU time to get various statistics. - ensurePath: (s, root) + ensurePath(s, root): Attempts to verify the safety of a path, and errors if any aspect seems incorrect. @@ -207,7 +211,7 @@ For libraries, it contains: Essentially, "//" must not occur, and all "[^/]+" matches must be valid path components. - ensurePathComponent: (s) + ensurePathComponent(s): Ensures that a string is a safe filename via a character list and some special filename checks. @@ -226,7 +230,7 @@ For libraries, it contains: Windows total nonsense (aux, com1) because if OC doesn't cover up that then you're kinda doomed. - ensureType: (v, ts) + ensureType(v, ts): Checks that a value is of a given type, and errors otherwise. If the type is "table", it also errors if @@ -284,12 +288,14 @@ The additional things available to is responded to with a k.securityresponse such as: "k.securityresponse", perm, obj - requestAccess: A function with - (perm, handler) as the arguments - - runs requestAccessAsync, then sends + requestAccess(perm[, handler]): + Runs requestAccessAsync, then sends events to handler (if any) while waiting for the response. - requireAccess: requestAccess, but + sys-icecap is responsible for any + automatic starting of services + that may occur. + requireAccess(perm, reason): requestAccess, but (perm, reason) - the reason is used in an error if the access cannot be gained.