mirror of
https://github.com/20kdc/OC-KittenOS.git
synced 2024-12-26 02:48:06 +11:00
Fix lockPerm and security policy glitchiness regarding it, along with even more licensing fun
This commit is contained in:
parent
f49a4bf433
commit
b75dc370dc
@ -237,55 +237,7 @@ donkonitDFProvider(function (pkg, pid, sendSig)
|
||||
}
|
||||
end)
|
||||
|
||||
-- Automatic service start
|
||||
local function wrapWASS(perm, req)
|
||||
return function (res)
|
||||
if res then
|
||||
-- Do we need to start it?
|
||||
if perm:sub(1, 6) == "x.svc." then
|
||||
if not neo.usAccessExists(perm) then
|
||||
local appAct = perm:sub(7)
|
||||
local paP = appAct:match(endAcPattern)
|
||||
if paP then
|
||||
permAct = appAct:sub(1, #appAct - #paP)
|
||||
end
|
||||
-- Prepare for success
|
||||
onReg[perm] = onReg[perm] or {}
|
||||
table.insert(onReg[perm], function ()
|
||||
req(res)
|
||||
req = nil
|
||||
end)
|
||||
pcall(neo.executeAsync, "svc-" .. appAct)
|
||||
-- Fallback "quit now"
|
||||
local time = os.uptime() + 30
|
||||
neo.scheduleTimer(time)
|
||||
local f
|
||||
function f()
|
||||
if req then
|
||||
if os.uptime() >= time then
|
||||
req(res)
|
||||
else
|
||||
table.insert(todo, f)
|
||||
end
|
||||
end
|
||||
end
|
||||
table.insert(todo, f)
|
||||
return
|
||||
end
|
||||
end
|
||||
end
|
||||
req(res)
|
||||
end
|
||||
end
|
||||
|
||||
-- Connect in security policy now
|
||||
local backup = rootAccess.securityPolicyINIT or rootAccess.securityPolicy
|
||||
rootAccess.securityPolicyINIT = backup
|
||||
rootAccess.securityPolicy = function (pid, proc, perm, req)
|
||||
if neo.dead then
|
||||
return backup(pid, proc, perm, req)
|
||||
end
|
||||
req = wrapWASS(perm, req)
|
||||
local function secPolicyStage2(pid, proc, perm, req)
|
||||
local def = proc.pkg:sub(1, 4) == "sys-"
|
||||
local secpol, err = require("sys-secpolicy")
|
||||
if not secpol then
|
||||
@ -305,6 +257,51 @@ rootAccess.securityPolicy = function (pid, proc, perm, req)
|
||||
end)
|
||||
end
|
||||
|
||||
-- Connect in security policy now
|
||||
local backup = rootAccess.securityPolicyINIT or rootAccess.securityPolicy
|
||||
rootAccess.securityPolicyINIT = backup
|
||||
rootAccess.securityPolicy = function (pid, proc, perm, req)
|
||||
if neo.dead then
|
||||
return backup(pid, proc, perm, req)
|
||||
end
|
||||
local function finish()
|
||||
secPolicyStage2(pid, proc, perm, req)
|
||||
end
|
||||
-- Do we need to start it?
|
||||
if perm:sub(1, 6) == "x.svc." then
|
||||
if not neo.usAccessExists(perm) then
|
||||
local appAct = perm:sub(7)
|
||||
local paP = appAct:match(endAcPattern)
|
||||
if paP then
|
||||
permAct = appAct:sub(1, #appAct - #paP)
|
||||
end
|
||||
-- Prepare for success
|
||||
onReg[perm] = onReg[perm] or {}
|
||||
table.insert(onReg[perm], function ()
|
||||
finish()
|
||||
end)
|
||||
pcall(neo.executeAsync, "svc-" .. appAct)
|
||||
-- Fallback "quit now"
|
||||
local time = os.uptime() + 30
|
||||
neo.scheduleTimer(time)
|
||||
local f
|
||||
function f()
|
||||
if finish then
|
||||
if os.uptime() >= time then
|
||||
finish()
|
||||
else
|
||||
table.insert(todo, f)
|
||||
end
|
||||
end
|
||||
end
|
||||
table.insert(todo, f)
|
||||
return
|
||||
end
|
||||
else
|
||||
finish()
|
||||
end
|
||||
end
|
||||
|
||||
function theEventHandler(...)
|
||||
local ev = {...}
|
||||
if ev[1] == "k.procdie" then
|
||||
|
@ -73,7 +73,11 @@ return function ()
|
||||
end
|
||||
end
|
||||
for _, v in ipairs(sources[srcName][3][pkg].files) do
|
||||
local ok, r = sources[srcName][1](v, sources[dstName][2][1](v .. ".claw-tmp"))
|
||||
local tmpOut, r, ok = sources[dstName][2][1](v .. ".claw-tmp")
|
||||
ok = tmpOut
|
||||
if ok then
|
||||
ok, r = sources[srcName][1](v, tmpOut)
|
||||
end
|
||||
if ok then
|
||||
yielder()
|
||||
else
|
||||
|
@ -45,13 +45,10 @@ local function actualPolicy(pkg, pid, perm, matchesSvc)
|
||||
end
|
||||
|
||||
return function (nexus, settings, pkg, pid, perm, rsp, matchesSvc)
|
||||
local res = "ask"
|
||||
local res = actualPolicy(pkg, pid, perm, matchesSvc)
|
||||
if settings then
|
||||
res = settings.getSetting("perm|" .. pkg .. "|" .. perm) or
|
||||
settings.getSetting("perm|*|" .. perm) or "ask"
|
||||
end
|
||||
if res == "ask" then
|
||||
res = actualPolicy(pkg, pid, perm, matchesSvc)
|
||||
settings.getSetting("perm|*|" .. perm) or res
|
||||
end
|
||||
if res == "ask" and nexus then
|
||||
local totalW = 3 + 6 + 2 + 8
|
||||
|
@ -9,6 +9,9 @@
|
||||
-- Specifically, register as soon as possible.
|
||||
-- While not required, security dialogs can cause a timeout.
|
||||
|
||||
local ic = neo.requireAccess("x.neo.pub.base", "to lock x.svc.ghostie")
|
||||
ic.lockPerm("x.svc.ghostie")
|
||||
|
||||
local r = neo.requireAccess("r.svc.ghostie", "ghost registration")
|
||||
|
||||
local waiting = 0
|
||||
|
@ -94,14 +94,15 @@ return {
|
||||
desc = "license file 'Public Domain'",
|
||||
v = 0,
|
||||
deps = {
|
||||
"zzz-license",
|
||||
},
|
||||
dirs = {
|
||||
"docs",
|
||||
"docs/licensing"
|
||||
"docs/licensing",
|
||||
"docs/repoauthors"
|
||||
},
|
||||
files = {
|
||||
"docs/licensing/Public Domain"
|
||||
"docs/licensing/Public Domain",
|
||||
"docs/repoauthors/zzz-license-pd"
|
||||
},
|
||||
}
|
||||
}
|
||||
|
@ -75,6 +75,10 @@ Paths for the IO parts of this API
|
||||
function, so that the user must be
|
||||
asked before a program can access
|
||||
the permission.
|
||||
This function should be called
|
||||
*before* you register your API, not
|
||||
after, in case your service was
|
||||
automatically started.
|
||||
|
||||
NOTE: LIST REQUIRES "/" AT THE END
|
||||
AND START, WHILE THE REST CANNOT
|
||||
|
Loading…
Reference in New Issue
Block a user