From 71eb05c09a8ce677042b1a1bd597dc2b6277d1be Mon Sep 17 00:00:00 2001
From: mawalu <web@mawalabs.de>
Date: Thu, 12 May 2022 17:51:55 +0200
Subject: [PATCH] Try to rely less on hardcoded paths

---
 .gitignore              |  1 +
 bwbox.nimble            |  2 +-
 flake.lock              |  6 +++---
 flake.nix               |  4 +---
 lib/args.nim            | 15 ++++++++++-----
 lib/bwrap.nim           |  3 ++-
 lib/sandbox.nim         | 10 +++++++++-
 scripts/applications.sh | 11 +++++++----
 8 files changed, 34 insertions(+), 18 deletions(-)

diff --git a/.gitignore b/.gitignore
index 7016614..cfca292 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
 .idea
 bwbox
 result
+scripts/applications
diff --git a/bwbox.nimble b/bwbox.nimble
index 622251f..5868e27 100644
--- a/bwbox.nimble
+++ b/bwbox.nimble
@@ -2,7 +2,7 @@
 
 version       = "1.0.0"
 author        = "mawalu"
-description   = "A DNS server for the ACME DNS-01 challenge"
+description   = "An experimental sandbox tool for linux apps"
 license       = "MIT"
 srcDir        = "."
 bin           = @["bwbox"]
diff --git a/flake.lock b/flake.lock
index 78629d1..9c3108d 100644
--- a/flake.lock
+++ b/flake.lock
@@ -2,11 +2,11 @@
   "nodes": {
     "nixpkgs": {
       "locked": {
-        "lastModified": 1649321570,
-        "narHash": "sha256-j0SM2JzxKA3aGdH1QJUWqKW7lkHG1fuGLnPye4pBTBY=",
+        "lastModified": 1652368125,
+        "narHash": "sha256-AaNNYTSxN+f85oBN2tnz8SNWiTmFo35jddTHXQjNDgM=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "2c6bdafd36837e6422d18837ca1c77159be28a5a",
+        "rev": "f73cc9cbd82a7a8ce626bbaf02a55c1cfb34d6e5",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index bf80e0a..2ae5ead 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,16 +1,14 @@
 {
-  description = "An experimental sandbox tool for linux apps";
+  description = "An experimental sandboxing tool for linux apps";
 
   inputs.nixpkgs.url = github:NixOS/nixpkgs;
 
   outputs = { self, nixpkgs }: {
-
     packages.x86_64-linux.default =
       with import nixpkgs { system = "x86_64-linux"; };
       nimPackages.buildNimPackage {
         name = "bwbox";
         src = self;
       };
-
   };
 }
diff --git a/lib/args.nim b/lib/args.nim
index 3e5df25..6edfd79 100644
--- a/lib/args.nim
+++ b/lib/args.nim
@@ -5,9 +5,10 @@ type Args* = object
   name*: Option[string]
   cmd*: Option[seq[string]]
   profile*: Option[string]
+  debug*: bool
 
 proc getCmd*(args: Args): seq[string] =
-  return args.cmd.get(@[getEnv("SHELL", "/bin/bash")])
+  return args.cmd.get(@[getEnv("SHELL", "/bin/sh")])
 
 proc getProfile*(args: Args): string =
   if args.profile.isSome:
@@ -16,22 +17,26 @@ proc getProfile*(args: Args): string =
   return "default"
 
 proc parseArgs*(): Option[Args] =
-  var args = Args()
+  var args = Args(debug: false)
 
   var command = newSeq[string]()
+  var parsingSandboxArgs = true
   var i = 1
 
   while i <= paramCount():
     var arg = paramStr(i)
 
-    if arg == "--name":
+    if arg == "--name" and parsingSandboxArgs:
       args.name = some(paramStr(i + 1))
       i += 2
-    elif arg == "--profile":
+    elif arg == "--profile" and parsingSandboxArgs:
       args.profile = some(paramStr(i + 1))
       i += 2
+    elif arg == "--debug" and parsingSandboxArgs:
+      args.debug = true
+      i += 1
     else:
-      echo arg
+      parsingSandboxArgs = false
       command.add(arg)
       i += 1
 
diff --git a/lib/bwrap.nim b/lib/bwrap.nim
index 8918ad6..c836dd5 100644
--- a/lib/bwrap.nim
+++ b/lib/bwrap.nim
@@ -1,3 +1,4 @@
+import os
 import posix
 import sequtils
 
@@ -14,4 +15,4 @@ proc addMount*(call: var BwrapCall, mType: string, path: string): var BwrapCall
   call
 
 proc exec*(call: var BwrapCall) =
-  discard execv("/usr/bin/bwrap", allocCStringArray(@["bwrap"].concat(call.args)))
+  discard execv("/usr/bin/env", allocCStringArray(@["/usr/bin/env", "bwrap"].concat(call.args)))
diff --git a/lib/sandbox.nim b/lib/sandbox.nim
index 8f73d73..adf7775 100644
--- a/lib/sandbox.nim
+++ b/lib/sandbox.nim
@@ -69,4 +69,12 @@ proc sandboxExec*(args: Args) =
   if config.allowdri.get(false):
     enableDri(call)
 
-  call.addArg(args.getCmd).exec()
\ No newline at end of file
+  # resolve binary path outside of the sandbox
+  var cmd = args.getCmd
+
+  echo cmd
+  cmd[0] = findExe(cmd[0])
+
+  echo cmd
+
+  call.addArg(cmd).exec()
diff --git a/scripts/applications.sh b/scripts/applications.sh
index cb5a65d..d56f526 100755
--- a/scripts/applications.sh
+++ b/scripts/applications.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/run/current-system/sw/bin/bash
 
 if [ $# -ne 1 ]; then
   echo "Usage: $0 <target_dir>"
@@ -12,15 +12,18 @@ check_dir() {
   for application in "$dir/"*; do
     file="$(basename "$application")"
 
-    sed "s/^Exec=/Exec=bwshell --name '$file' --profile gui /gi" "$application" > "$target/$file"
+    sed "s/^Exec=/Exec=bwbox --name '$file' --profile wayland /gi" "$application" > "$target/$file"
   done
 }
 
-dirs=("/usr/share/applications" "$HOME/.local/share/applications")
+dirs=($(echo "$XDG_DATA_DIRS" | tr ':' '\n'))
+dirs+=("$HOME/.local/share")
 target="$1"
 
 mkdir -p "$target"
 
 for dir in "${dirs[@]}"; do
-  check_dir "$dir"
+  if [ -d "$dir/applications" ]; then
+    check_dir "$dir/applications"
+  fi
 done