ConfigServer+LibConfig: Add pledge_domains() API

This API lets applications specify which configuration domains they will be accessing throughout their lifetime. It works similarly in spirit to the kernel's pledge(). You cannot pledge_domains() more than once, and once you have used it, it's no longer possible to access any other configuration domain. This is obviously just a first cut of this mechanism, and we may need to tweak it further as we go.
Author: https://github.com/awesomekling Commit: https://github.com/SerenityOS/serenity/commit/eeddaa988a2
2024-09-20 01:37:39 +03:00 · 2021-08-25 20:02:10 +02:00 · 2021-08-25 20:02:10 +02:00 · eeddaa988a · 2024-07-18 05:17:07 +09:00
commit eeddaa988a
parent 870ecd5190
5 changed files with 64 additions and 0 deletions
--- a/Userland/Libraries/LibConfig/Client.cpp
+++ b/Userland/Libraries/LibConfig/Client.cpp
@ -19,6 +19,11 @@ Client& Client::the()
    return *s_the;
 }

+void Client::pledge_domains(Vector<String> const& domains)
+{
+    async_pledge_domains(domains);
+}
+
 String Client::read_string(StringView domain, StringView group, StringView key, StringView fallback)
 {
    return read_string_value(domain, group, key).value_or(fallback);
--- a/Userland/Libraries/LibConfig/Client.h
+++ b/Userland/Libraries/LibConfig/Client.h
@ -21,6 +21,8 @@ class Client final
    C_OBJECT(Client);

 public:
+    void pledge_domains(Vector<String> const&);
+
    String read_string(StringView domain, StringView group, StringView key, StringView fallback);
    i32 read_i32(StringView domain, StringView group, StringView key, i32 fallback);
    bool read_bool(StringView domain, StringView group, StringView key, bool fallback);
@ -68,4 +70,14 @@ inline void write_bool(StringView domain, StringView group, StringView key, bool
    Client::the().write_bool(domain, group, key, value);
 }

+inline void pledge_domains(Vector<String> const& domains)
+{
+    Client::the().pledge_domains(domains);
+}
+
+inline void pledge_domains(String const& domains)
+{
+    Client::the().pledge_domains({ domains });
+}
+
 }
--- a/Userland/Services/ConfigServer/ClientConnection.cpp
+++ b/Userland/Services/ConfigServer/ClientConnection.cpp
@ -27,8 +27,32 @@ void ClientConnection::die()
    s_connections.remove(client_id());
 }

+void ClientConnection::pledge_domains(Vector<String> const& domains)
+{
+    if (m_has_pledged) {
+        did_misbehave("Tried to pledge domains twice.");
+        return;
+    }
+    m_has_pledged = true;
+    for (auto& domain : domains)
+        m_pledged_domains.set(domain);
+}
+
+bool ClientConnection::validate_access(String const& domain, String const& group, String const& key)
+{
+    if (!m_has_pledged)
+        return true;
+    if (m_pledged_domains.contains(domain))
+        return true;
+    did_misbehave(String::formatted("Blocked attempt to access domain '{}', group={}, key={}", domain, group, key).characters());
+    return false;
+}
+
 Messages::ConfigServer::ReadStringValueResponse ClientConnection::read_string_value(String const& domain, String const& group, String const& key)
 {
+    if (!validate_access(domain, group, key))
+        return nullptr;
+
    auto config = Core::ConfigFile::open_for_app(domain);
    if (!config->has_key(group, key))
        return Optional<String> {};
@ -37,6 +61,9 @@ Messages::ConfigServer::ReadStringValueResponse ClientConnection::read_string_va

 Messages::ConfigServer::ReadI32ValueResponse ClientConnection::read_i32_value(String const& domain, String const& group, String const& key)
 {
+    if (!validate_access(domain, group, key))
+        return nullptr;
+
    auto config = Core::ConfigFile::open_for_app(domain);
    if (!config->has_key(group, key))
        return Optional<i32> {};
@ -45,6 +72,9 @@ Messages::ConfigServer::ReadI32ValueResponse ClientConnection::read_i32_value(St

 Messages::ConfigServer::ReadBoolValueResponse ClientConnection::read_bool_value(String const& domain, String const& group, String const& key)
 {
+    if (!validate_access(domain, group, key))
+        return nullptr;
+
    auto config = Core::ConfigFile::open_for_app(domain);
    if (!config->has_key(group, key))
        return Optional<bool> {};
@ -53,18 +83,27 @@ Messages::ConfigServer::ReadBoolValueResponse ClientConnection::read_bool_value(

 void ClientConnection::write_string_value(String const& domain, String const& group, String const& key, String const& value)
 {
+    if (!validate_access(domain, group, key))
+        return;
+
    auto config = Core::ConfigFile::open_for_app(domain, Core::ConfigFile::AllowWriting::Yes);
    config->write_entry(group, key, value);
 }

 void ClientConnection::write_i32_value(String const& domain, String const& group, String const& key, i32 value)
 {
+    if (!validate_access(domain, group, key))
+        return;
+
    auto config = Core::ConfigFile::open_for_app(domain, Core::ConfigFile::AllowWriting::Yes);
    config->write_num_entry(group, key, value);
 }

 void ClientConnection::write_bool_value(String const& domain, String const& group, String const& key, bool value)
 {
+    if (!validate_access(domain, group, key))
+        return;
+
    auto config = Core::ConfigFile::open_for_app(domain, Core::ConfigFile::AllowWriting::Yes);
    config->write_bool_entry(group, key, value);
 }
--- a/Userland/Services/ConfigServer/ClientConnection.h
+++ b/Userland/Services/ConfigServer/ClientConnection.h
@ -23,12 +23,18 @@ public:
 private:
    explicit ClientConnection(NonnullRefPtr<Core::LocalSocket>, int client_id);

+    virtual void pledge_domains(Vector<String> const&) override;
    virtual Messages::ConfigServer::ReadStringValueResponse read_string_value([[maybe_unused]] String const& domain, [[maybe_unused]] String const& group, [[maybe_unused]] String const& key) override;
    virtual Messages::ConfigServer::ReadI32ValueResponse read_i32_value([[maybe_unused]] String const& domain, [[maybe_unused]] String const& group, [[maybe_unused]] String const& key) override;
    virtual Messages::ConfigServer::ReadBoolValueResponse read_bool_value([[maybe_unused]] String const& domain, [[maybe_unused]] String const& group, [[maybe_unused]] String const& key) override;
    virtual void write_string_value([[maybe_unused]] String const& domain, [[maybe_unused]] String const& group, [[maybe_unused]] String const& key, [[maybe_unused]] String const& value) override;
    virtual void write_i32_value([[maybe_unused]] String const& domain, [[maybe_unused]] String const& group, [[maybe_unused]] String const& key, [[maybe_unused]] i32 value) override;
    virtual void write_bool_value([[maybe_unused]] String const& domain, [[maybe_unused]] String const& group, [[maybe_unused]] String const& key, [[maybe_unused]] bool value) override;
+
+    bool validate_access(String const& domain, String const& group, String const& key);
+
+    bool m_has_pledged { false };
+    HashTable<String> m_pledged_domains;
 };

 }
--- a/Userland/Services/ConfigServer/ConfigServer.ipc
+++ b/Userland/Services/ConfigServer/ConfigServer.ipc
@ -1,5 +1,7 @@
 endpoint ConfigServer
 {
+    pledge_domains(Vector<String> domains) =|
+
    read_string_value(String domain, String group, String key) => (Optional<String> value)
    read_i32_value(String domain, String group, String key) => (Optional<i32> value)
    read_bool_value(String domain, String group, String key) => (Optional<bool> value)