mirror of
https://github.com/20kdc/OC-KittenOS.git
synced 2024-11-23 19:08:05 +11:00
Added a theoretical way for services to get started automatically.
This really needs testing...
This commit is contained in:
parent
1bb8d16298
commit
3d399dc047
@ -94,11 +94,13 @@ local function getPfx(xd, pkg)
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
local endAcPattern = "/[a-z0-9/%.]*$"
|
||||||
|
|
||||||
local function matchesSvc(xd, pkg, perm)
|
local function matchesSvc(xd, pkg, perm)
|
||||||
local pfx = getPfx(xd, pkg)
|
local pfx = getPfx(xd, pkg)
|
||||||
if pfx then
|
if pfx then
|
||||||
local permAct = perm
|
local permAct = perm
|
||||||
local paP = permAct:match("/[a-z0-9/%.]*$")
|
local paP = permAct:match(endAcPattern)
|
||||||
if paP then
|
if paP then
|
||||||
permAct = permAct:sub(1, #permAct - #paP)
|
permAct = permAct:sub(1, #permAct - #paP)
|
||||||
end
|
end
|
||||||
@ -218,6 +220,31 @@ donkonitDFProvider(function (pkg, pid, sendSig)
|
|||||||
}
|
}
|
||||||
end)
|
end)
|
||||||
|
|
||||||
|
-- Automatic service start
|
||||||
|
local function wrapWASS(perm, req)
|
||||||
|
return function (res)
|
||||||
|
if res then
|
||||||
|
-- Do we need to start it?
|
||||||
|
if perm:sub(1, 6) == "x.svc." then
|
||||||
|
if not neo.usAccessExists(perm) then
|
||||||
|
local appAct = perm:sub(7)
|
||||||
|
local paP = appAct:match(endAcPattern)
|
||||||
|
if paP then
|
||||||
|
permAct = appAct:sub(1, #appAct - #paP)
|
||||||
|
end
|
||||||
|
pcall(neo.executeAsync, appAct)
|
||||||
|
neo.scheduleTimer(0)
|
||||||
|
table.insert(todo, function ()
|
||||||
|
req(res)
|
||||||
|
end)
|
||||||
|
return
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
req(res)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
-- Connect in security policy now
|
-- Connect in security policy now
|
||||||
local rootAccess = neo.requireAccess("k.root", "installing GUI integration")
|
local rootAccess = neo.requireAccess("k.root", "installing GUI integration")
|
||||||
local backup = rootAccess.securityPolicyINIT or rootAccess.securityPolicy
|
local backup = rootAccess.securityPolicyINIT or rootAccess.securityPolicy
|
||||||
@ -226,6 +253,7 @@ rootAccess.securityPolicy = function (pid, proc, perm, req)
|
|||||||
if neo.dead then
|
if neo.dead then
|
||||||
return backup(pid, proc, perm, req)
|
return backup(pid, proc, perm, req)
|
||||||
end
|
end
|
||||||
|
req = wrapWASS(req)
|
||||||
local def = proc.pkg:sub(1, 4) == "sys-"
|
local def = proc.pkg:sub(1, 4) == "sys-"
|
||||||
local secpol, err = require("sys-secpolicy")
|
local secpol, err = require("sys-secpolicy")
|
||||||
if not secpol then
|
if not secpol then
|
||||||
|
@ -329,6 +329,12 @@ baseProcNeo = {
|
|||||||
end,
|
end,
|
||||||
listApps = lister("apps/"),
|
listApps = lister("apps/"),
|
||||||
listLibs = lister("libs/"),
|
listLibs = lister("libs/"),
|
||||||
|
usAccessExists = function (accessName)
|
||||||
|
ensureType(accessName, "string")
|
||||||
|
if accesses[accessName] then
|
||||||
|
return true
|
||||||
|
end
|
||||||
|
end,
|
||||||
totalIdleTime = function () return idleTime end,
|
totalIdleTime = function () return idleTime end,
|
||||||
ensurePath = ensurePath,
|
ensurePath = ensurePath,
|
||||||
ensurePathComponent = ensurePathComponent,
|
ensurePathComponent = ensurePathComponent,
|
||||||
|
@ -167,7 +167,7 @@ For libraries, it contains:
|
|||||||
not a requirement and is not
|
not a requirement and is not
|
||||||
enforced - it's not a security
|
enforced - it's not a security
|
||||||
matter, just optimization/memory.
|
matter, just optimization/memory.
|
||||||
wrapMeta: A function that takes a
|
wrapMeta(v): A function that takes a
|
||||||
value, and wraps it in such a way
|
value, and wraps it in such a way
|
||||||
as to be immutable, returning the
|
as to be immutable, returning the
|
||||||
wrapped value.
|
wrapped value.
|
||||||
@ -175,26 +175,30 @@ For libraries, it contains:
|
|||||||
against memory use - by using this
|
against memory use - by using this
|
||||||
to protect a table, the result can
|
to protect a table, the result can
|
||||||
be shared between untrusted code.
|
be shared between untrusted code.
|
||||||
listProcs: A function that returns a
|
listProcs(): A function that returns
|
||||||
table of processes. Index is ipairs
|
an ipairs-friendly process list.
|
||||||
-friendly, values are:
|
Values are:
|
||||||
{pid, pkg, cpuUsageInSeconds}
|
{pid, pkg, cpuUsageInSeconds}
|
||||||
listApps: Returns an ipairs-friendly
|
listApps(): Returns an
|
||||||
list of applications on the system,
|
ipairs-friendly list of
|
||||||
such as:
|
applications on the system, like:
|
||||||
{"app-out-of-sight-is-out-of-mind",
|
{"app-test", "svc-liliput"}
|
||||||
"svc-i-see-the-ones-that-play"}
|
listLibs(): Returns an
|
||||||
listLibs: Returns an ipairs-friendly
|
ipairs-friendly list of libraries
|
||||||
list of libraries on the system,
|
on the system, such as:
|
||||||
such as:
|
|
||||||
{"fmttext",
|
{"fmttext",
|
||||||
"braille"}
|
"braille"}
|
||||||
totalIdleTime: Returns the current
|
usAccessExists(s):
|
||||||
|
Returns true if the specified
|
||||||
|
access has been registered from
|
||||||
|
userspace using the related "r."
|
||||||
|
access.
|
||||||
|
totalIdleTime(): Returns the current
|
||||||
kernel idle time total, useful for
|
kernel idle time total, useful for
|
||||||
measuring current CPU usage, and in
|
measuring current CPU usage, and in
|
||||||
turn comparing to application CPU
|
turn comparing to application CPU
|
||||||
time to get various statistics.
|
time to get various statistics.
|
||||||
ensurePath: (s, root)
|
ensurePath(s, root):
|
||||||
Attempts to verify the
|
Attempts to verify the
|
||||||
safety of a path, and errors if any
|
safety of a path, and errors if any
|
||||||
aspect seems incorrect.
|
aspect seems incorrect.
|
||||||
@ -207,7 +211,7 @@ For libraries, it contains:
|
|||||||
Essentially, "//" must not occur,
|
Essentially, "//" must not occur,
|
||||||
and all "[^/]+" matches must be
|
and all "[^/]+" matches must be
|
||||||
valid path components.
|
valid path components.
|
||||||
ensurePathComponent: (s)
|
ensurePathComponent(s):
|
||||||
Ensures that a string is a safe
|
Ensures that a string is a safe
|
||||||
filename via a character list and
|
filename via a character list and
|
||||||
some special filename checks.
|
some special filename checks.
|
||||||
@ -226,7 +230,7 @@ For libraries, it contains:
|
|||||||
Windows total nonsense (aux, com1)
|
Windows total nonsense (aux, com1)
|
||||||
because if OC doesn't cover up
|
because if OC doesn't cover up
|
||||||
that then you're kinda doomed.
|
that then you're kinda doomed.
|
||||||
ensureType: (v, ts)
|
ensureType(v, ts):
|
||||||
Checks that a value is of a given
|
Checks that a value is of a given
|
||||||
type, and errors otherwise. If the
|
type, and errors otherwise. If the
|
||||||
type is "table", it also errors if
|
type is "table", it also errors if
|
||||||
@ -284,12 +288,14 @@ The additional things available to
|
|||||||
is responded to with a
|
is responded to with a
|
||||||
k.securityresponse such as:
|
k.securityresponse such as:
|
||||||
"k.securityresponse", perm, obj
|
"k.securityresponse", perm, obj
|
||||||
requestAccess: A function with
|
requestAccess(perm[, handler]):
|
||||||
(perm, handler) as the arguments -
|
Runs requestAccessAsync, then sends
|
||||||
runs requestAccessAsync, then sends
|
|
||||||
events to handler (if any) while
|
events to handler (if any) while
|
||||||
waiting for the response.
|
waiting for the response.
|
||||||
requireAccess: requestAccess, but
|
sys-icecap is responsible for any
|
||||||
|
automatic starting of services
|
||||||
|
that may occur.
|
||||||
|
requireAccess(perm, reason): requestAccess, but
|
||||||
(perm, reason) - the reason is used
|
(perm, reason) - the reason is used
|
||||||
in an error if the access cannot
|
in an error if the access cannot
|
||||||
be gained.
|
be gained.
|
||||||
|
Loading…
Reference in New Issue
Block a user