ExternalVendorCode/genode
1
0
Fork 0
mirror of https://github.com/genodelabs/genode.git synced 2025-04-24 21:09:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
genode/repos/gems/run/file_vault_gui.run
Norman Feske 2c8beb462f file-system session: root dir via session label 
This patch changes the way of how the client-selected sub directory is
communicated to the server. The former opaque session argument is now
passed as last label element, which allows for the flexible tweaking
of this argument by init's session-routing and label-rewriting
mechansims. In particular, it alleviates the need for creating chroot
component instances.

This change requires the following four adaptations at the
configuration level:

- Each file-system session request must now carry a path starting
  with / as last session arguments. Hence, <vfs> <fs> nodes that
  feature a 'label' attributes must extend the attribute value
  with " -> /". For <fs> nodes with no label attribute, "/" is
  used as last label argument by default.

- For matching session-routing rules at init's configuration,
  the matching of full labels should be replaced by 'label_prefix'
  matches, excluding the last (path) argument.

- Wherever a label of a file-system session is rewritten by using
  init's 'label' attribute of a <parent> or <child> target node,
  the new attribute 'identity' should be used instead. This replaces
  the identity part of the label while preserving the client's
  directory argument.

- Analogously to the matching of session-routing rules, server-side
  policy-selection rules that formerly matched a concrete 'label'
  must be changed to match a 'label_prefix' instead.

As a good practice, 'label_prefix' values should end with " ->" if
possible, which clearly delimits the identity part of the label
used by the matching.

Issue #5445
2025-02-24 16:39:20 +01:00

301 lines
9.9 KiB
Plaintext
Raw Blame History

proc jent_avail { } {
if {[have_board pbxa9]} { return 0 }
if {[have_board zynq_qemu]} { return 0 }
return 1
}
proc jent_avail_attr { } {
if {[jent_avail]} { return "yes" }
return "no"
}
build { app/file_vault app/file_vault_gui }
create_boot_directory
append archives "
[depot_user]/src/[base_src]
[depot_user]/src/init
[depot_user]/src/libc
[depot_user]/src/zlib
[depot_user]/src/fs_query
[depot_user]/src/tresor
[depot_user]/src/vfs_block
[depot_user]/src/report_rom
[depot_user]/src/vfs
[depot_user]/src/openssl
[depot_user]/src/fs_tool
[depot_user]/src/fs_utils
[depot_user]/src/posix
[depot_user]/src/vfs_rump
[depot_user]/src/sandbox"
append_if [jent_avail] archives " [depot_user]/src/vfs_jitterentropy "
lappend archives [depot_user]/src/nitpicker
lappend archives [depot_user]/src/menu_view
lappend archives [depot_user]/src/libpng
lappend archives [depot_user]/pkg/fonts_fs
lappend archives [depot_user]/pkg/[drivers_interactive_pkg]
lappend_if [have_board linux] archives [depot_user]/src/lx_fs
import_from_depot $archives
append config {
<config>
<parent-provides>
<service name="ROM"/>
<service name="LOG"/>
<service name="RM"/>
<service name="CPU"/>
<service name="PD"/>
<service name="IRQ"/>
<service name="IO_MEM"/>
<service name="IO_PORT"/>
</parent-provides>
<start name="timer" caps="200" ram="1M">
<resource name="CPU" quantum="5"/>
<provides> <service name="Timer"/> </provides>
<route>
<service name="PD"> <parent/> </service>
<service name="ROM"> <parent/> </service>
<service name="LOG"> <parent/> </service>
<service name="CPU"> <parent/> </service>
<service name="IO_PORT"> <parent/> </service>
<service name="IRQ"> <parent/> </service>
</route>
</start>
<start name="drivers" caps="1500" ram="64M" managing_system="yes">
<binary name="init"/>
<route>
<service name="Timer"> <child name="timer"/> </service>
<service name="Capture"> <child name="nitpicker"/> </service>
<service name="Event"> <child name="nitpicker"/> </service>
<service name="ROM" label="config"> <parent label="drivers.config"/> </service>
<service name="PD"> <parent/> </service>
<service name="ROM"> <parent/> </service>
<service name="LOG"> <parent/> </service>
<service name="CPU"> <parent/> </service>
<service name="RM"> <parent/> </service>
<service name="IO_MEM"> <parent/> </service>
<service name="IO_PORT"> <parent/> </service>
<service name="IRQ"> <parent/> </service>
</route>
</start>
<start name="nitpicker" caps="100" ram="4M">
<provides>
<service name="Gui"/> <service name="Capture"/> <service name="Event"/>
</provides>
<config focus="rom">
<capture/> <event/>
<background color="#123456"/>
<domain name="pointer" layer="1" content="client" label="no" origin="pointer" />
<domain name="default" layer="3" content="client" label="no" hover="always" />
<domain name="second" layer="2" xpos="200" ypos="300" content="client" label="no" hover="always" />
<policy label_prefix="pointer" domain="pointer"/>
<policy label_prefix="file_vault_gui" domain="second"/>
<default-policy domain="default"/>
</config>
<route>
<service name="Timer"> <child name="timer" /> </service>
<service name="PD"> <parent/> </service>
<service name="ROM"> <parent/> </service>
<service name="LOG"> <parent/> </service>
<service name="CPU"> <parent/> </service>
</route>
</start>
<start name="pointer" caps="100" ram="1M">
<route>
<service name="Gui"> <child name="nitpicker" /> </service>
<service name="PD"> <parent/> </service>
<service name="ROM"> <parent/> </service>
<service name="LOG"> <parent/> </service>
<service name="CPU"> <parent/> </service>
</route>
</start>
<start name="fonts_fs" caps="150" ram="4M">
<binary name="vfs"/>
<provides>
<service name="File_system"/>
</provides>
<config>
<vfs>
<rom name="Vera.ttf"/>
<rom name="VeraMono.ttf"/>
<dir name="fonts">
<dir name="title">
<ttf name="regular" path="/Vera.ttf" size_px="18" cache="256K"/>
</dir>
<dir name="text">
<ttf name="regular" path="/Vera.ttf" size_px="14" cache="256K"/>
</dir>
<dir name="annotation">
<ttf name="regular" path="/Vera.ttf" size_px="11" cache="256K"/>
</dir>
<dir name="monospace">
<ttf name="regular" path="/VeraMono.ttf" size_px="14" cache="256K"/>
</dir>
</dir>
</vfs>
<policy label="file_vault_gui -> fonts" root="/fonts" />
</config>
<route>
<service name="ROM" label="config"> <parent label="fonts_fs.config"/> </service>
<service name="PD"> <parent/> </service>
<service name="ROM"> <parent/> </service>
<service name="LOG"> <parent/> </service>
<service name="CPU"> <parent/> </service>
</route>
</start> }
append_if [have_board linux] config {
<start name="data_fs" caps="200" ram="4M" ld="no">
<binary name="lx_fs"/>
<provides>
<service name="File_system"/>
</provides>
<config>
<policy label_prefix="file_vault -> data" root="/file_vault_gui_dir/data" writeable="yes"/>
</config>
<route>
<service name="Timer"> <child name="timer"/> </service>
<service name="PD"> <parent/> </service>
<service name="ROM"> <parent/> </service>
<service name="LOG"> <parent/> </service>
<service name="CPU"> <parent/> </service>
</route>
</start>
<start name="trust_anchor_fs" caps="200" ram="4M" ld="no">
<binary name="lx_fs"/>
<provides>
<service name="File_system"/>
</provides>
<config>
<policy label_prefix="file_vault -> trust_anchor" root="/file_vault_gui_dir/trust_anchor" writeable="yes"/>
</config>
<route>
<service name="Timer"> <child name="timer"/> </service>
<service name="PD"> <parent/> </service>
<service name="ROM"> <parent/> </service>
<service name="LOG"> <parent/> </service>
<service name="CPU"> <parent/> </service>
</route>
</start> }
append_if [expr ![have_board linux]] config {
<start name="data_fs" caps="2000" ram="200M">
<binary name="vfs"/>
<provides><service name="File_system"/></provides>
<config>
<vfs> <dir name="data"> <ram/> </dir> </vfs>
<policy label_prefix="file_vault -> data" root="/data" writeable="yes"/>
</config>
<route>
<service name="PD"> <parent/> </service>
<service name="ROM"> <parent/> </service>
<service name="LOG"> <parent/> </service>
<service name="CPU"> <parent/> </service>
</route>
</start>
<start name="trust_anchor_fs" caps="100" ram="5M">
<binary name="vfs"/>
<provides><service name="File_system"/></provides>
<config>
<vfs> <dir name="trust_anchor"> <ram/> </dir> </vfs>
<policy label_prefix="file_vault -> trust_anchor" root="/trust_anchor" writeable="yes"/>
</config>
<route>
<service name="PD"> <parent/> </service>
<service name="ROM"> <parent/> </service>
<service name="LOG"> <parent/> </service>
<service name="CPU"> <parent/> </service>
</route>
</start> }
append config {
<start name="report_rom" caps="100" ram="1M">
<provides> <service name="Report"/> <service name="ROM"/> </provides>
<config verbose="yes">
<policy label="file_vault_gui -> ui_report" report="file_vault -> ui_report"/>
<policy label="file_vault -> ui_config" report="file_vault_gui -> ui_config"/>
</config>
<route>
<service name="PD"> <parent/> </service>
<service name="ROM"> <parent/> </service>
<service name="LOG"> <parent/> </service>
<service name="CPU"> <parent/> </service>
</route>
</start>
<start name="file_vault" caps="1200" ram="100M">
<config jitterentropy_available="} [jent_avail_attr] {">
<vfs> <dir name="tresor"> <fs label="tresor -> /"/> </dir> </vfs>
</config>
<route>
<service name="ROM" label="ui_config"> <child name="report_rom"/> </service>
<service name="Report" label="ui_report"> <child name="report_rom"/> </service>
<service name="File_system" label_prefix="tresor_trust_anchor_vfs -> storage_dir">
<child name="trust_anchor_fs" identity="file_vault -> trust_anchor"/> </service>
<service name="File_system" label_prefix="tresor_init ->"> <child name="data_fs" identity="file_vault -> data"/> </service>
<service name="File_system" label_prefix="tresor ->"> <child name="data_fs" identity="file_vault -> data"/> </service>
<service name="File_system" label_prefix="image_fs_query ->"> <child name="data_fs" identity="file_vault -> data"/> </service>
<service name="File_system" label_prefix="tresor_vfs -> tresor_fs"> <child name="data_fs" identity="file_vault -> data"/> </service>
<service name="File_system" label_prefix="truncate_file -> tresor"> <child name="data_fs" identity="file_vault -> data"/> </service>
<service name="Timer"> <child name="timer"/> </service>
<service name="PD"> <parent/> </service>
<service name="ROM"> <parent/> </service>
<service name="CPU"> <parent/> </service>
<service name="LOG"> <parent/> </service>
<service name="RM"> <parent/> </service>
</route>
</start>
<start name="file_vault_gui" caps="400" ram="8M">
<route>
<service name="File_system"> <child name="fonts_fs"/> </service>
<service name="Gui"> <child name="nitpicker"/> </service>
<service name="ROM" label="ui_report"> <child name="report_rom"/> </service>
<service name="Report" label="ui_config"> <child name="report_rom"/> </service>
<service name="Timer"> <child name="timer"/> </service>
<service name="PD"> <parent/> </service>
<service name="ROM"> <parent/> </service>
<service name="CPU"> <parent/> </service>
<service name="LOG"> <parent/> </service>
<service name="RM"> <parent/> </service>
</route>
</start>
</config> }
install_config $config
if {[have_board linux]} {
exec mkdir -p bin/file_vault_gui_dir/data
exec mkdir -p bin/file_vault_gui_dir/trust_anchor
}
append boot_modules [build_artifacts]
lappend_if [have_board linux] boot_modules file_vault_gui_dir
set fd [open [run_dir]/genode/focus w]
puts $fd "<focus label=\"file_vault_gui -> \"/>"
close $fd
append qemu_args " -display gtk "
build_boot_image $boot_modules
run_genode_until forever
Reference in New Issue View Git Blame Copy Permalink