1
0
mirror of https://github.com/20kdc/OC-KittenOS.git synced 2024-12-26 19:08:06 +11:00
OC-KittenOS/code/libs/sys-secpolicy.lua
20kdc 7bde8fee55 Finish lowering memory use, R1
Since this is after the technical "release", version numbers have been bumped to 1.

Changes before this commit for R1:
 Kernel memory usage reduction schemes, with some security fixes.
 Still need to deal w/ proxies (see later)
Changes in this commit:
 Some various little things in apps
 CLAW inet actually works now on 192K
 sys-icecap no longer uses the event/neoux combination,
  and now handles Everest disappearance as a mass-close,
  but still handles Everest not being around on window create.
 So it still handles every situation that matters.
 neoux no longer handles everest crash protection.
 Security policy and filedialog obviously don't use neoux anymore.
 Kernel now only guarantees parsing, not event-loop, by executeAsync
 This is safer and allows app-launcher to get rid of NeoUX by
  any means necessary.
 wrapMeta cache now exists, and proxies get wrapMeta'd to deal with
  various low-priority security shenanigans.
 This is a *stopgap* until I work out how to force OCEmu to give me
  totally accurate boot-time memory figures, so I can create the
  ultimate lowmem proxy. I'm calling it "puppet". FG knows why.
2018-03-30 13:37:02 +01:00

145 lines
4.2 KiB
Lua

-- This is released into the public domain.
-- No warranty is provided, implied or otherwise.
-- CRITICAL FILE!
-- This file defines how your KittenOS NEO system responds to access requests.
-- Modification, renaming or deletion can disable security features.
-- Usually, a change that breaks the ability for the file to do it's job will cause the "failsafe" to activate,
-- and for the system to become unable to run user applications.
-- However - I would not like to test this in a situation where said user applications were in any way untrusted,
-- for example, if you downloaded them from the Internet, or in particular if someone forwarded them over Discord.
-- IRC is usually pretty safe, but no guarantees.
-- Returns "allow", "deny", or "ask".
local actualPolicy = function (pkg, pid, perm)
-- System stuff is allowed.
if pkg:sub(1, 4) == "sys-" then
return "allow"
end
-- <The following is for apps & services>
-- x.neo.pub (aka Icecap) is open to all
if perm:sub(1, 10) == "x.neo.pub." then
return "allow"
end
-- This is to ensure the prefix naming scheme is FOLLOWED!
-- sys- : System, part of KittenOS NEO and thus tries to present a "unified fragmented interface" in 'neo'
-- app- : Application - these can have ad-hoc relationships. It is EXPECTED these have a GUI
-- svc- : Service - Same as Application but with no expectation of desktop usability
-- Libraries "have no rights" as they are essentially loadable blobs of Lua code.
-- They have access via the calling program, and have a subset of the NEO Kernel API
local pfx = nil
if pkg:sub(1, 4) == "app-" then pfx = "app" end
if pkg:sub(1, 4) == "svc-" then pfx = "svc" end
if pfx then
-- Apps can register with their own name
if perm == "r." .. pfx .. "." .. pkg:sub(5) then
return "allow"
end
end
-- Userlevel has no other registration rights
if perm:sub(1, 2) == "r." then
return "deny"
end
-- app/svc stuff is world-accessible
if perm:sub(1, 6) == "x.app." then
return "allow"
end
if perm:sub(1, 6) == "x.svc." then
return "allow"
end
-- For hardware access, ASK!
return "ask"
end
return function (nexus, settings, pkg, pid, perm, rsp)
local res = actualPolicy(pkg, pid, perm)
if res == "ask" and settings then
res = settings.getSetting("perm|" .. pkg .. "|" .. perm) or "ask"
end
if res == "ask" and nexus then
local totalW = 3 + 6 + 2 + 8
local fmt = require("fmttext").fmtText(unicode.safeTextFormat(string.format("%s/%i wants:\n%s\nAllow this?\n\n", pkg, pid, perm)), totalW)
local buttons = {
{"<No>", function (w)
rsp(false)
nexus.close(w)
end},
{"<Always>", function (w)
if settings then
settings.setSetting("perm|" .. pkg .. "|" .. perm, "allow")
end
rsp(true)
nexus.close(w)
end},
{"<Yes>", function (w)
rsp(true)
nexus.close(w)
end}
}
nexus.createNexusThread(function ()
local window = nexus.create(totalW, #fmt, "security")
local cButton = 0
local ev, a, b, c
while true do
if not ev then
ev, a, b, c = coroutine.yield()
end
if ev == "line" or ev == "touch" then
local cor = b
if ev == "line" then
cor = a
if fmt[a] then
window.span(1, a, fmt[a], 0xFFFFFF, 0)
end
end
if cor == #fmt then
local x = 1
for k, v in ipairs(buttons) do
if ev == "line" then
if k ~= cButton + 1 then
window.span(x, a, v[1], 0xFFFFFF, 0)
else
window.span(x, a, v[1], 0, 0xFFFFFF)
end
elseif a >= x and a < (x + #v[1]) then
cButton = k - 1
ev = "key"
a = 32
b = 0
c = true
break
end
x = x + #v[1] + 1
end
end
elseif ev == "close" then
rsp(false)
nexus.close(window)
return
end
if ev == "key" then
if c and (a == 9 or b == 205) then
cButton = (cButton + 1) % #buttons
ev = "line"
a = #fmt
elseif c and b == 203 then
cButton = (cButton - 1) % #buttons
ev = "line"
a = #fmt
elseif c and (a == 13 or a == 32) then
buttons[cButton + 1][2](window)
ev = nil
else
ev = nil
end
else
ev = nil
end
end
end)
else
rsp(res == "allow")
end
end