Fix lockPerm and security policy glitchiness regarding it, along with even more licensing fun

2024-11-23 10:58:06 +11:00 · 2018-04-23 22:18:18 +01:00 · 2018-04-23 22:18:18 +01:00 · b75dc370dc
commit b75dc370dc
parent f49a4bf433
6 changed files with 64 additions and 58 deletions
--- a/code/apps/sys-icecap.lua
+++ b/code/apps/sys-icecap.lua
@ -237,55 +237,7 @@ donkonitDFProvider(function (pkg, pid, sendSig)
 }
 end)

-- Automatic service start
-local function wrapWASS(perm, req)
- return function (res)
-  if res then
-   -- Do we need to start it?
-   if perm:sub(1, 6) == "x.svc." then
-    if not neo.usAccessExists(perm) then
-     local appAct = perm:sub(7)
-     local paP = appAct:match(endAcPattern)
-     if paP then
-      permAct = appAct:sub(1, #appAct - #paP)
-     end
-     -- Prepare for success
-     onReg[perm] = onReg[perm] or {}
-     table.insert(onReg[perm], function ()
-      req(res)
-      req = nil
-     end)
-     pcall(neo.executeAsync, "svc-" .. appAct)
-     -- Fallback "quit now"
-     local time = os.uptime() + 30
-     neo.scheduleTimer(time)
-     local f
-     function f()
-      if req then
-       if os.uptime() >= time then
-        req(res)
-       else
-        table.insert(todo, f)
-       end
-      end
-     end
-     table.insert(todo, f)
-     return
-    end
-   end
-  end
-  req(res)
- end
-end
-
-- Connect in security policy now
-local backup = rootAccess.securityPolicyINIT or rootAccess.securityPolicy
-rootAccess.securityPolicyINIT = backup
-rootAccess.securityPolicy = function (pid, proc, perm, req)
- if neo.dead then
-  return backup(pid, proc, perm, req)
- end
- req = wrapWASS(perm, req)
+local function secPolicyStage2(pid, proc, perm, req)
 local def = proc.pkg:sub(1, 4) == "sys-"
 local secpol, err = require("sys-secpolicy")
 if not secpol then
@ -305,6 +257,51 @@ rootAccess.securityPolicy = function (pid, proc, perm, req)
 end)
 end

+-- Connect in security policy now
+local backup = rootAccess.securityPolicyINIT or rootAccess.securityPolicy
+rootAccess.securityPolicyINIT = backup
+rootAccess.securityPolicy = function (pid, proc, perm, req)
+ if neo.dead then
+  return backup(pid, proc, perm, req)
+ end
+ local function finish()
+  secPolicyStage2(pid, proc, perm, req)
+ end
+ -- Do we need to start it?
+ if perm:sub(1, 6) == "x.svc." then
+  if not neo.usAccessExists(perm) then
+   local appAct = perm:sub(7)
+   local paP = appAct:match(endAcPattern)
+   if paP then
+    permAct = appAct:sub(1, #appAct - #paP)
+   end
+   -- Prepare for success
+   onReg[perm] = onReg[perm] or {}
+   table.insert(onReg[perm], function ()
+    finish()
+   end)
+   pcall(neo.executeAsync, "svc-" .. appAct)
+   -- Fallback "quit now"
+   local time = os.uptime() + 30
+   neo.scheduleTimer(time)
+   local f
+   function f()
+    if finish then
+     if os.uptime() >= time then
+      finish()
+     else
+      table.insert(todo, f)
+     end
+    end
+   end
+   table.insert(todo, f)
+   return
+  end
+ else
+  finish()
+ end
+end
+
 function theEventHandler(...)
 local ev = {...}
 if ev[1] == "k.procdie" then
--- a/code/libs/claw.lua
+++ b/code/libs/claw.lua
@ -73,7 +73,11 @@ return function ()
   end
  end
  for _, v in ipairs(sources[srcName][3][pkg].files) do
-   local ok, r = sources[srcName][1](v, sources[dstName][2][1](v .. ".claw-tmp"))
+   local tmpOut, r, ok = sources[dstName][2][1](v .. ".claw-tmp")
+   ok = tmpOut
+   if ok then
+    ok, r = sources[srcName][1](v, tmpOut)
+   end
   if ok then
    yielder()
   else
--- a/code/libs/sys-secpolicy.lua
+++ b/code/libs/sys-secpolicy.lua
@ -45,13 +45,10 @@ local function actualPolicy(pkg, pid, perm, matchesSvc)
 end

 return function (nexus, settings, pkg, pid, perm, rsp, matchesSvc)
- local res = "ask"
+ local res = actualPolicy(pkg, pid, perm, matchesSvc)
 if settings then
  res = settings.getSetting("perm|" .. pkg .. "|" .. perm) or
-        settings.getSetting("perm|*|" .. perm) or "ask"
- end
- if res == "ask" then
-  res = actualPolicy(pkg, pid, perm, matchesSvc)
+        settings.getSetting("perm|*|" .. perm) or res
 end
 if res == "ask" and nexus then
  local totalW = 3 + 6 + 2 + 8
--- a/repository/apps/svc-ghostie.lua
+++ b/repository/apps/svc-ghostie.lua
@ -9,6 +9,9 @@
 -- Specifically, register as soon as possible.
 -- While not required, security dialogs can cause a timeout.

+local ic = neo.requireAccess("x.neo.pub.base", "to lock x.svc.ghostie")
+ic.lockPerm("x.svc.ghostie")
+
 local r = neo.requireAccess("r.svc.ghostie", "ghost registration")

 local waiting = 0
--- a/repository/data/app-claw/local.lua
+++ b/repository/data/app-claw/local.lua
@ -94,14 +94,15 @@ return {
  desc = "license file 'Public Domain'",
  v = 0,
  deps = {
-   "zzz-license",
  },
  dirs = {
   "docs",
-   "docs/licensing"
+   "docs/licensing",
+   "docs/repoauthors"
  },
  files = {
-   "docs/licensing/Public Domain"
+   "docs/licensing/Public Domain",
+   "docs/repoauthors/zzz-license-pd"
  },
 }
 }
--- a/repository/docs/us-perms
+++ b/repository/docs/us-perms
@ -75,6 +75,10 @@ Paths for the IO parts of this API
  function, so that the user must be
  asked before a program can access
  the permission.
+ This function should be called
+  *before* you register your API, not
+  after, in case your service was
+  automatically started.

 NOTE: LIST REQUIRES "/" AT THE END
  AND START, WHILE THE REST CANNOT