Skip to content

Commit

Permalink
Merge pull request webosbrew#202 from webosbrew/feature/jailer-update
Browse files Browse the repository at this point in the history
Populate Native Apps' Jailer on Install
  • Loading branch information
throwaway96 authored Dec 25, 2024
2 parents 1bdefc3 + 934a138 commit e8514bb
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 7 deletions.
6 changes: 6 additions & 0 deletions services/better-jail.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
import { asyncExecFile } from './adapter';

export async function buildBetterJail(id: string, appDir: string) {
// Populate the jail with `native` instead of `native_devmode`, to gain higher privileges
await asyncExecFile('jailer', ['-t', 'native', '-p', appDir, '-i', id, '/bin/true']);
}
26 changes: 19 additions & 7 deletions services/service.ts
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import Service, { Message } from 'webos-service';

import { asyncStat, asyncExecFile, asyncPipeline, asyncUnlink, asyncWriteFile, asyncReadFile, asyncChmod, asyncMkdir } from './adapter';
import { fetchWrapper } from './fetch-wrapper';
import { buildBetterJail } from './better-jail';

import rootAppInfo from '../appinfo.json';
import serviceInfo from './services.json';
Expand Down Expand Up @@ -406,12 +407,17 @@ function runService(): void {
return serviceRemote as Service;
}

async function getAppInfo(appId: string): Promise<Record<string, any>> {
const appList = await asyncCall<{ apps: { id: string }[] }>(
getInstallerService(),
'luna://com.webos.applicationManager/dev/listApps',
{},
);
interface AppInfo {
id: string;
title: string;
type: string;
folderPath: string;
}
interface AppsList {
apps: AppInfo[];
}
async function getAppInfo(appId: string): Promise<AppInfo> {
const appList = await asyncCall<AppsList>(getInstallerService(), 'luna://com.webos.applicationManager/dev/listApps', {});
const appInfo = appList.apps.find((app) => app.id === appId);
if (!appInfo) throw new Error(`Invalid appId, or unsupported application type: ${appId}`);
return appInfo;
Expand Down Expand Up @@ -491,7 +497,13 @@ function runService(): void {

try {
const appInfo = await getAppInfo(installedPackageId);
await createToast(`Application installed: ${appInfo['title']}`, service);
if (appInfo.type === 'native' && runningAsRoot) {
await createToast(`Updating jailer config for ${appInfo.title}…`, service);
await buildBetterJail(appInfo.id, appInfo.folderPath).catch((err) => {
console.warn('jailer execution failed:', err);
});
}
await createToast(`Application installed: ${appInfo.title}`, service);
} catch (err: unknown) {
console.warn('appinfo fetch failed:', err);
await createToast(`Application installed: ${installedPackageId}`, service);
Expand Down

0 comments on commit e8514bb

Please sign in to comment.