From b75dc370dceb20ff9ddd858b8295fe46f6c87f1d Mon Sep 17 00:00:00 2001 From: 20kdc Date: Mon, 23 Apr 2018 22:18:18 +0100 Subject: [PATCH] Fix lockPerm and security policy glitchiness regarding it, along with even more licensing fun --- code/apps/sys-icecap.lua | 95 +++++++++++++++--------------- code/libs/claw.lua | 6 +- code/libs/sys-secpolicy.lua | 7 +-- repository/apps/svc-ghostie.lua | 3 + repository/data/app-claw/local.lua | 7 ++- repository/docs/us-perms | 4 ++ 6 files changed, 64 insertions(+), 58 deletions(-) diff --git a/code/apps/sys-icecap.lua b/code/apps/sys-icecap.lua index f6a409b..8dfe437 100644 --- a/code/apps/sys-icecap.lua +++ b/code/apps/sys-icecap.lua @@ -237,55 +237,7 @@ donkonitDFProvider(function (pkg, pid, sendSig) } end) --- Automatic service start -local function wrapWASS(perm, req) - return function (res) - if res then - -- Do we need to start it? - if perm:sub(1, 6) == "x.svc." then - if not neo.usAccessExists(perm) then - local appAct = perm:sub(7) - local paP = appAct:match(endAcPattern) - if paP then - permAct = appAct:sub(1, #appAct - #paP) - end - -- Prepare for success - onReg[perm] = onReg[perm] or {} - table.insert(onReg[perm], function () - req(res) - req = nil - end) - pcall(neo.executeAsync, "svc-" .. appAct) - -- Fallback "quit now" - local time = os.uptime() + 30 - neo.scheduleTimer(time) - local f - function f() - if req then - if os.uptime() >= time then - req(res) - else - table.insert(todo, f) - end - end - end - table.insert(todo, f) - return - end - end - end - req(res) - end -end - --- Connect in security policy now -local backup = rootAccess.securityPolicyINIT or rootAccess.securityPolicy -rootAccess.securityPolicyINIT = backup -rootAccess.securityPolicy = function (pid, proc, perm, req) - if neo.dead then - return backup(pid, proc, perm, req) - end - req = wrapWASS(perm, req) +local function secPolicyStage2(pid, proc, perm, req) local def = proc.pkg:sub(1, 4) == "sys-" local secpol, err = require("sys-secpolicy") if not secpol then @@ -305,6 +257,51 @@ rootAccess.securityPolicy = function (pid, proc, perm, req) end) end +-- Connect in security policy now +local backup = rootAccess.securityPolicyINIT or rootAccess.securityPolicy +rootAccess.securityPolicyINIT = backup +rootAccess.securityPolicy = function (pid, proc, perm, req) + if neo.dead then + return backup(pid, proc, perm, req) + end + local function finish() + secPolicyStage2(pid, proc, perm, req) + end + -- Do we need to start it? + if perm:sub(1, 6) == "x.svc." then + if not neo.usAccessExists(perm) then + local appAct = perm:sub(7) + local paP = appAct:match(endAcPattern) + if paP then + permAct = appAct:sub(1, #appAct - #paP) + end + -- Prepare for success + onReg[perm] = onReg[perm] or {} + table.insert(onReg[perm], function () + finish() + end) + pcall(neo.executeAsync, "svc-" .. appAct) + -- Fallback "quit now" + local time = os.uptime() + 30 + neo.scheduleTimer(time) + local f + function f() + if finish then + if os.uptime() >= time then + finish() + else + table.insert(todo, f) + end + end + end + table.insert(todo, f) + return + end + else + finish() + end +end + function theEventHandler(...) local ev = {...} if ev[1] == "k.procdie" then diff --git a/code/libs/claw.lua b/code/libs/claw.lua index c1656a0..186e925 100644 --- a/code/libs/claw.lua +++ b/code/libs/claw.lua @@ -73,7 +73,11 @@ return function () end end for _, v in ipairs(sources[srcName][3][pkg].files) do - local ok, r = sources[srcName][1](v, sources[dstName][2][1](v .. ".claw-tmp")) + local tmpOut, r, ok = sources[dstName][2][1](v .. ".claw-tmp") + ok = tmpOut + if ok then + ok, r = sources[srcName][1](v, tmpOut) + end if ok then yielder() else diff --git a/code/libs/sys-secpolicy.lua b/code/libs/sys-secpolicy.lua index df9abfa..d362334 100644 --- a/code/libs/sys-secpolicy.lua +++ b/code/libs/sys-secpolicy.lua @@ -45,13 +45,10 @@ local function actualPolicy(pkg, pid, perm, matchesSvc) end return function (nexus, settings, pkg, pid, perm, rsp, matchesSvc) - local res = "ask" + local res = actualPolicy(pkg, pid, perm, matchesSvc) if settings then res = settings.getSetting("perm|" .. pkg .. "|" .. perm) or - settings.getSetting("perm|*|" .. perm) or "ask" - end - if res == "ask" then - res = actualPolicy(pkg, pid, perm, matchesSvc) + settings.getSetting("perm|*|" .. perm) or res end if res == "ask" and nexus then local totalW = 3 + 6 + 2 + 8 diff --git a/repository/apps/svc-ghostie.lua b/repository/apps/svc-ghostie.lua index e86f8c7..dd5882c 100644 --- a/repository/apps/svc-ghostie.lua +++ b/repository/apps/svc-ghostie.lua @@ -9,6 +9,9 @@ -- Specifically, register as soon as possible. -- While not required, security dialogs can cause a timeout. +local ic = neo.requireAccess("x.neo.pub.base", "to lock x.svc.ghostie") +ic.lockPerm("x.svc.ghostie") + local r = neo.requireAccess("r.svc.ghostie", "ghost registration") local waiting = 0 diff --git a/repository/data/app-claw/local.lua b/repository/data/app-claw/local.lua index 07cab29..238fd57 100644 --- a/repository/data/app-claw/local.lua +++ b/repository/data/app-claw/local.lua @@ -94,14 +94,15 @@ return { desc = "license file 'Public Domain'", v = 0, deps = { - "zzz-license", }, dirs = { "docs", - "docs/licensing" + "docs/licensing", + "docs/repoauthors" }, files = { - "docs/licensing/Public Domain" + "docs/licensing/Public Domain", + "docs/repoauthors/zzz-license-pd" }, } } diff --git a/repository/docs/us-perms b/repository/docs/us-perms index 7eda5a6..ad01930 100644 --- a/repository/docs/us-perms +++ b/repository/docs/us-perms @@ -75,6 +75,10 @@ Paths for the IO parts of this API function, so that the user must be asked before a program can access the permission. + This function should be called + *before* you register your API, not + after, in case your service was + automatically started. NOTE: LIST REQUIRES "/" AT THE END AND START, WHILE THE REST CANNOT