1
0
mirror of https://github.com/20kdc/OC-KittenOS.git synced 2024-11-23 19:08:05 +11:00
OC-KittenOS/code/libs/sys-secpolicy.lua
20kdc dcd7154ec2 License 'change' (Please see #5)
This license change should only increase the amount of stuff people can do in countries where the public domain is not a valid concept.
If this license somehow restricts you as opposed to the previous one, please file an issue.
2021-01-12 12:16:50 +00:00

150 lines
4.6 KiB
Lua

-- Copyright (C) 2018-2021 by KittenOS NEO contributors
--
-- Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted.
--
-- THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF
-- THIS SOFTWARE.
-- CRITICAL FILE!
-- This file defines how your KittenOS NEO system responds to access requests.
-- Modification, renaming or deletion can disable security features.
-- Usually, a change that breaks the ability for the file to do it's job will cause the "failsafe" to activate,
-- and for the system to become unable to run user applications.
-- However - I would not like to test this in a situation where said user applications were in any way untrusted,
-- for example, if you downloaded them from the Internet, or in particular if someone forwarded them over Discord.
-- IRC is usually pretty safe, but no guarantees.
-- Returns "allow", "deny", or "ask".
local function actualPolicy(pkg, pid, perm, pkgSvcPfx)
-- System stuff is allowed.
if pkg:sub(1, 4) == "sys-" then
return "allow"
end
-- svc-t's job is solely to emulate terminals
-- TO INSTALL YOUR OWN TERMINAL EMULATOR:
-- perm|app-yourterm|r.neo.t
if pkg == "svc-t" and perm == "r.neo.pub.t" then
return "allow"
end
-- <The following is for apps & services>
-- x.neo.pub.* is open to all
if perm:sub(1, 10) == "x.neo.pub." then
return "allow"
end
-- These signals are harmless, though they identify HW (as does everything in OC...)
if perm == "s.h.component_added" or perm == "s.h.component_removed" or perm == "s.h.tablet_use" or perm == "c.tablet" then
return "allow"
end
-- Userlevel can register for itself
if perm == "r." .. pkgSvcPfx then
return "allow"
end
-- Userlevel has no other registration rights
if perm:sub(1, 2) == "r." then
return "deny"
end
-- app/svc stuff is world-accessible,
-- but note perm|*| overrides this
if perm:sub(1, 6) == "x.app." then
return "allow"
end
if perm:sub(1, 6) == "x.svc." then
return "allow"
end
-- For hardware access, ASK!
return "ask"
end
return function (nexus, settings, pkg, pid, perm, rsp, pkgSvcPfx)
local res = actualPolicy(pkg, pid, perm, pkgSvcPfx)
if settings then
res = settings.getSetting("perm|" .. pkg .. "|" .. perm) or
settings.getSetting("perm|*|" .. perm) or res
end
if res == "ask" and nexus then
local totalW = 3 + 6 + 2 + 8
local fmt = require("fmttext").fmtText(unicode.safeTextFormat(string.format("%s/%i wants:\n%s\nAllow this?\n\n", pkg, pid, perm)), totalW)
local buttons = {
{"<No>", function (w)
rsp(false)
nexus.windows[w.id] = nil
w.close()
end},
{"<Always>", function (w)
if settings then
settings.setSetting("perm|" .. pkg .. "|" .. perm, "allow")
end
rsp(true)
nexus.windows[w.id] = nil
w.close()
end},
{"<Yes>", function (w)
rsp(true)
nexus.windows[w.id] = nil
w.close()
end}
}
local cButton = 0
nexus.create(totalW, #fmt, "security", function (window, ev, a, b, c)
while ev do
if ev == "line" or ev == "touch" then
local cor = b
local iev = ev
ev = nil
if iev == "line" then
cor = a
if fmt[a] then
window.span(1, a, fmt[a], 0xFFFFFF, 0)
end
end
if cor == #fmt then
local x = 1
for k, v in ipairs(buttons) do
if iev == "line" then
if k ~= cButton + 1 then
window.span(x, a, v[1], 0xFFFFFF, 0)
else
window.span(x, a, v[1], 0, 0xFFFFFF)
end
elseif a >= x and a < (x + #v[1]) then
cButton = k - 1
ev = "key"
a = 32
b = 0
c = true
break
end
x = x + #v[1] + 1
end
end
elseif ev == "close" then
rsp(false)
nexus.windows[window.id] = nil
window.close()
ev = nil
elseif ev == "key" then
if c and (a == 9 or b == 205) then
cButton = (cButton + 1) % #buttons
ev = "line"
a = #fmt
elseif c and b == 203 then
cButton = (cButton - 1) % #buttons
ev = "line"
a = #fmt
elseif c and (a == 13 or a == 32) then
buttons[cButton + 1][2](window)
ev = nil
else
ev = nil
end
else
ev = nil
end
end
end)
else
rsp(res == "allow")
end
end