Skip to content

Commit

Permalink
populate native apps' jailer on install
Browse files Browse the repository at this point in the history
  • Loading branch information
@mariotaku
mariotaku committed Nov 18, 2024
1 parent 878df90 commit 5369c66
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 3 deletions.
6 changes: 6 additions & 0 deletions services/better-jail.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
import { asyncExecFile } from './adapter';

export async function buildBetterJail(id: string, appDir: string) {
// Populate the jail with `native` instead of `native_devmode`, to gain higher privileges
await asyncExecFile('jailer', ['-t', 'native', '-p', appDir, '-i', id, '/bin/true']);
}
18 changes: 15 additions & 3 deletions services/service.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import Service, { Message } from 'webos-service';

import { asyncStat, asyncExecFile, asyncPipeline, asyncUnlink, asyncWriteFile, asyncReadFile, asyncChmod, asyncMkdir } from './adapter';
import { fetchWrapper } from './fetch-wrapper';
import { buildBetterJail } from './better-jail';

import rootAppInfo from '../appinfo.json';
import serviceInfo from './services.json';
Expand Down Expand Up @@ -406,8 +407,14 @@ function runService(): void {
return serviceRemote as Service;
}

async function getAppInfo(appId: string): Promise<Record<string, any>> {
const appList = await asyncCall<{ apps: { id: string }[] }>(
interface AppInfo {
id: string;
title: string;
type: string;
folderPath: string;
}
async function getAppInfo(appId: string): Promise<AppInfo> {
const appList = await asyncCall<{ apps: AppInfo[] }>(

Check failure on line 417 in services/service.ts

View workflow job for this annotation

GitHub Actions / build / build 

Replace `⏎······getInstallerService(),⏎······'luna://com.webos.applicationManager/dev/listApps',⏎······{},⏎····` with `getInstallerService(),·'luna://com.webos.applicationManager/dev/listApps',·{}`
getInstallerService(),
'luna://com.webos.applicationManager/dev/listApps',
{},
Expand Down Expand Up @@ -491,7 +498,12 @@ function runService(): void {

try {
const appInfo = await getAppInfo(installedPackageId);
await createToast(`Application installed: ${appInfo['title']}`, service);
if (appInfo.type === 'native') {
await createToast(`Updating jailer config for ${appInfo.title}…`, service);
await buildBetterJail(appInfo.id, appInfo.folderPath)

Check failure on line 503 in services/service.ts

View workflow job for this annotation

GitHub Actions / build / build 

Delete `⏎············`
.catch((err) => console.warn('jailer execution failed:', err));

Check failure on line 504 in services/service.ts

View workflow job for this annotation

GitHub Actions / build / build 

Returning a void expression from an arrow function shorthand is forbidden. Please add braces to the arrow function
}
await createToast(`Application installed: ${appInfo.title}`, service);
} catch (err: unknown) {
console.warn('appinfo fetch failed:', err);
await createToast(`Application installed: ${installedPackageId}`, service);
Expand Down

0 comments on commit 5369c66

Please sign in to comment.