database.go

package sbctl

import (
	"encoding/json"
	"fmt"
	"path/filepath"

	"github.com/foxboron/sbctl/config"
	"github.com/foxboron/sbctl/fs"
	"github.com/foxboron/sbctl/lsm"
	"github.com/landlock-lsm/go-landlock/landlock"

	"github.com/spf13/afero"
)

type SigningEntry struct {
	File       string `json:"file"`
	OutputFile string `json:"output_file"`
}

type SigningEntries map[string]*SigningEntry

func ReadFileDatabase(vfs afero.Fs, dbpath string) (SigningEntries, error) {
	f, err := ReadOrCreateFile(vfs, dbpath)
	if err != nil {
		return nil, err
	}

	files := make(SigningEntries)
	if len(f) == 0 {
		return files, nil
	}
	if err = json.Unmarshal(f, &files); err != nil {
		return nil, fmt.Errorf("failed to parse json: %v", err)
	}

	return files, nil
}

func WriteFileDatabase(vfs afero.Fs, dbpath string, files SigningEntries) error {
	data, err := json.MarshalIndent(files, "", "    ")
	if err != nil {
		return err
	}
	err = fs.WriteFile(vfs, dbpath, data, 0644)
	if err != nil {
		return err
	}
	return nil
}

func SigningEntryIter(state *config.State, fn func(s *SigningEntry) error) error {
	files, err := ReadFileDatabase(state.Fs, state.Config.FilesDb)
	if err != nil {
		return fmt.Errorf("couldn't open database %v: %w", state.Config.FilesDb, err)
	}
	for _, s := range files {
		if err := fn(s); err != nil {
			return err
		}
	}
	return nil
}

func LandlockFromFileDatabase(state *config.State) error {
	var llrules []landlock.Rule
	files, err := ReadFileDatabase(state.Fs, state.Config.FilesDb)
	if err != nil {
		return err
	}
	for _, entry := range files {
		if entry.File == entry.OutputFile {
			// If file is the same as output, set RW+Trunc on file
			llrules = append(llrules,
				lsm.TruncFile(entry.File).IgnoreIfMissing(),
			)
		}
		if entry.File != entry.OutputFile {
			// Set input file to RO, ignore if missing so we can bubble a useable
			// error to the user
			llrules = append(llrules, landlock.ROFiles(entry.File).IgnoreIfMissing())

			// Check if output file exists
			// if it does we set RW on the file directly
			// if it doesnt, we set RW on the directory
			if ok, _ := afero.Exists(state.Fs, entry.OutputFile); ok {
				llrules = append(llrules, lsm.TruncFile(entry.OutputFile))
			} else {
				llrules = append(llrules, landlock.RWDirs(filepath.Dir(entry.OutputFile)))
			}
		}
	}
	lsm.RestrictAdditionalPaths(llrules...)
	return nil
}
Init Signed-off-by: Morten Linderud <morten@linderud.pw> 2020-05-03 19:41:09 +02:00			`package sbctl`

			`import (`
			`"encoding/json"`
Added an iter function Signed-off-by: Morten Linderud <morten@linderud.pw> 2021-05-18 01:33:24 +02:00			`"fmt"`
sbctl: implement landlock sandboxing Signed-off-by: Morten Linderud <morten@linderud.pw> 2024-07-28 20:40:43 +02:00			`"path/filepath"`
Implement fs package and remove all direct filesystem calls 2023-02-17 19:19:26 +01:00
Rework sbctl backend Signed-off-by: Morten Linderud <morten@linderud.pw> 2024-07-18 22:57:49 +02:00			`"github.com/foxboron/sbctl/config"`
Implement fs package and remove all direct filesystem calls 2023-02-17 19:19:26 +01:00			`"github.com/foxboron/sbctl/fs"`
sbctl: implement landlock sandboxing Signed-off-by: Morten Linderud <morten@linderud.pw> 2024-07-28 20:40:43 +02:00			`"github.com/foxboron/sbctl/lsm"`
			`"github.com/landlock-lsm/go-landlock/landlock"`
database: ensure we landlock files with O_TRUNC permissions Signed-off-by: Morten Linderud <morten@linderud.pw> 2024-07-30 23:30:43 +02:00
Rework sbctl backend Signed-off-by: Morten Linderud <morten@linderud.pw> 2024-07-18 22:57:49 +02:00			`"github.com/spf13/afero"`
Init Signed-off-by: Morten Linderud <morten@linderud.pw> 2020-05-03 19:41:09 +02:00			`)`

			`type SigningEntry struct {`
			File string `json:"file"`
			OutputFile string `json:"output_file"`
			`}`

			`type SigningEntries map[string]*SigningEntry`

Rework sbctl backend Signed-off-by: Morten Linderud <morten@linderud.pw> 2024-07-18 22:57:49 +02:00			`func ReadFileDatabase(vfs afero.Fs, dbpath string) (SigningEntries, error) {`
			`f, err := ReadOrCreateFile(vfs, dbpath)`
Init Signed-off-by: Morten Linderud <morten@linderud.pw> 2020-05-03 19:41:09 +02:00			`if err != nil {`
Add ReadOrCreateFile utility function. This function will try to read a file into a byte buffer, and, if the file doesn't exist, create its containing directory and the file itself. If any of those actions fail due to permissions, the function will print a warning about running the tool as root. Reading from the file and bundle databases works like this, so the error checking should be implemented in a single place. Also, use the new function in ReadFileDatabase(). Signed-off-by: Érico Rolim <erico.erc@gmail.com> 2021-01-11 00:41:42 -03:00			`return nil, err`
Init Signed-off-by: Morten Linderud <morten@linderud.pw> 2020-05-03 19:41:09 +02:00			`}`
Improve error propagation and permission checking. - Introduces dependency on sys/unix for unix.Access. This is necessary only in keys.go, since we run 'sbsign' as a command and can't check if it failed due to permissions. - Allows removing special casing in main.go for commands that don't require root permissions. - ReadFileDatabase() can now return errors due to the multiple ways in which it can fail; it also warns the user about possibly requiring root. - ReadFileDatabase() was using the global DBPath instead of its dbpath parameter in multiple places. This has been fixed. - VerifyESP() can now run without root. - SignFile() checks if it can read the DB key before running sbsign. Signed-off-by: Érico Rolim <erico.erc@gmail.com> 2020-10-28 20:00:50 -03:00
			`files := make(SigningEntries)`
Read*Database: don't fail on empty file If we have a newly created and empty file then the json parsing fails. We should allow this and return an empty map/slice instead. Signed-off-by: Morten Linderud <morten@linderud.pw> 2022-10-31 22:31:22 +01:00			`if len(f) == 0 {`
			`return files, nil`
			`}`
Check returned errors Check a few errors that were not being handled properly. Co-authored-by: Morten Linderud <morten@linderud.pw> 2022-07-03 23:28:42 +02:00			`if err = json.Unmarshal(f, &files); err != nil {`
			`return nil, fmt.Errorf("failed to parse json: %v", err)`
			`}`
Improve error propagation and permission checking. - Introduces dependency on sys/unix for unix.Access. This is necessary only in keys.go, since we run 'sbsign' as a command and can't check if it failed due to permissions. - Allows removing special casing in main.go for commands that don't require root permissions. - ReadFileDatabase() can now return errors due to the multiple ways in which it can fail; it also warns the user about possibly requiring root. - ReadFileDatabase() was using the global DBPath instead of its dbpath parameter in multiple places. This has been fixed. - VerifyESP() can now run without root. - SignFile() checks if it can read the DB key before running sbsign. Signed-off-by: Érico Rolim <erico.erc@gmail.com> 2020-10-28 20:00:50 -03:00
			`return files, nil`
Init Signed-off-by: Morten Linderud <morten@linderud.pw> 2020-05-03 19:41:09 +02:00			`}`

Rework sbctl backend Signed-off-by: Morten Linderud <morten@linderud.pw> 2024-07-18 22:57:49 +02:00			`func WriteFileDatabase(vfs afero.Fs, dbpath string, files SigningEntries) error {`
Init Signed-off-by: Morten Linderud <morten@linderud.pw> 2020-05-03 19:41:09 +02:00			`data, err := json.MarshalIndent(files, "", " ")`
			`if err != nil {`
Added errors to WriteFileDatabase Signed-off-by: Morten Linderud <morten@linderud.pw> 2021-05-20 00:26:59 +02:00			`return err`
Init Signed-off-by: Morten Linderud <morten@linderud.pw> 2020-05-03 19:41:09 +02:00			`}`
Rework sbctl backend Signed-off-by: Morten Linderud <morten@linderud.pw> 2024-07-18 22:57:49 +02:00			`err = fs.WriteFile(vfs, dbpath, data, 0644)`
Init Signed-off-by: Morten Linderud <morten@linderud.pw> 2020-05-03 19:41:09 +02:00			`if err != nil {`
Added errors to WriteFileDatabase Signed-off-by: Morten Linderud <morten@linderud.pw> 2021-05-20 00:26:59 +02:00			`return err`
Init Signed-off-by: Morten Linderud <morten@linderud.pw> 2020-05-03 19:41:09 +02:00			`}`
Added errors to WriteFileDatabase Signed-off-by: Morten Linderud <morten@linderud.pw> 2021-05-20 00:26:59 +02:00			`return nil`
Init Signed-off-by: Morten Linderud <morten@linderud.pw> 2020-05-03 19:41:09 +02:00			`}`
Added an iter function Signed-off-by: Morten Linderud <morten@linderud.pw> 2021-05-18 01:33:24 +02:00
Rework sbctl backend Signed-off-by: Morten Linderud <morten@linderud.pw> 2024-07-18 22:57:49 +02:00			`func SigningEntryIter(state config.State, fn func(s SigningEntry) error) error {`
			`files, err := ReadFileDatabase(state.Fs, state.Config.FilesDb)`
Added an iter function Signed-off-by: Morten Linderud <morten@linderud.pw> 2021-05-18 01:33:24 +02:00			`if err != nil {`
Rework sbctl backend Signed-off-by: Morten Linderud <morten@linderud.pw> 2024-07-18 22:57:49 +02:00			`return fmt.Errorf("couldn't open database %v: %w", state.Config.FilesDb, err)`
Added an iter function Signed-off-by: Morten Linderud <morten@linderud.pw> 2021-05-18 01:33:24 +02:00			`}`
			`for _, s := range files {`
			`if err := fn(s); err != nil {`
			`return err`
			`}`
			`}`
			`return nil`
			`}`
sbctl: implement landlock sandboxing Signed-off-by: Morten Linderud <morten@linderud.pw> 2024-07-28 20:40:43 +02:00
			`func LandlockFromFileDatabase(state *config.State) error {`
			`var llrules []landlock.Rule`
			`files, err := ReadFileDatabase(state.Fs, state.Config.FilesDb)`
			`if err != nil {`
			`return err`
			`}`
			`for _, entry := range files {`
sign: ensure we are getting RW/RO access for the files Signed-off-by: Morten Linderud <morten@linderud.pw> 2024-08-01 12:06:26 +02:00			`if entry.File == entry.OutputFile {`
			`// If file is the same as output, set RW+Trunc on file`
			`llrules = append(llrules,`
			`lsm.TruncFile(entry.File).IgnoreIfMissing(),`
			`)`
			`}`
sbctl: implement landlock sandboxing Signed-off-by: Morten Linderud <morten@linderud.pw> 2024-07-28 20:40:43 +02:00			`if entry.File != entry.OutputFile {`
sign: ensure we are getting RW/RO access for the files Signed-off-by: Morten Linderud <morten@linderud.pw> 2024-08-01 12:06:26 +02:00			`// Set input file to RO, ignore if missing so we can bubble a useable`
			`// error to the user`
			`llrules = append(llrules, landlock.ROFiles(entry.File).IgnoreIfMissing())`

			`// Check if output file exists`
			`// if it does we set RW on the file directly`
			`// if it doesnt, we set RW on the directory`
			`if ok, _ := afero.Exists(state.Fs, entry.OutputFile); ok {`
			`llrules = append(llrules, lsm.TruncFile(entry.OutputFile))`
			`} else {`
			`llrules = append(llrules, landlock.RWDirs(filepath.Dir(entry.OutputFile)))`
			`}`
sbctl: implement landlock sandboxing Signed-off-by: Morten Linderud <morten@linderud.pw> 2024-07-28 20:40:43 +02:00			`}`
			`}`
			`lsm.RestrictAdditionalPaths(llrules...)`
			`return nil`
			`}`