Merge pull request #3 from jannau/service-autostart

Add systemd service file and udev rules to start it, drop priviledges

Author: WhatAmISupposedToPutHere

Cargo.lock

@@ -6,11 +6,12 @@ edition = "2021"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-cairo-rs = "0.17"
+cairo-rs = { version = "0.17", default-features = false }
 drm = "0.9"
 anyhow = "1"
 input = "0.8"
 libc = "0.2"
 input-linux = "0.6"
 input-linux-sys = "0.8"
 nix = "0.26"
+privdrop = "0.5.3"

Cargo.toml

@@ -0,0 +1,11 @@
+[Unit]
+Description=Tiny Apple silicon touch bar daemon
+After=systemd-user-sessions.service [email protected] plymouth-quit.service systemd-logind.service
+StartLimitIntervalSec=30
+StartLimitBurst=2
+ConditionFirmware=|device-tree-compatible(apple,j293)
+ConditionFirmware=|device-tree-compatible(apple,j493)
+
+[Service]
+ExecStart=/usr/bin/tiny-dfr
+Restart=always

etc/systemd/system/tiny-dfr.service

@@ -0,0 +1,2 @@
+SUBSYSTEM=="input", ATTR{name}=="MacBookPro17,1 Touch Bar", TAG+="systemd", ENV{SYSTEMD_WANTS}="tiny-dfr.service"
+SUBSYSTEM=="input", ATTR{name}=="Mac14,7 Touch Bar", TAG+="systemd", ENV{SYSTEMD_WANTS}="tiny-dfr.service"

etc/udev/rules.d/99-touchbar-tiny-dfr.rules

@@ -33,6 +33,7 @@ use libc::{O_RDONLY, O_RDWR, O_WRONLY};
 use input_linux::{uinput::UInputHandle, EventKind, Key, SynchronizeKind};
 use input_linux_sys::{uinput_setup, input_id, timeval, input_event};
 use nix::poll::{poll, PollFd, PollFlags};
+use privdrop;
 
 const DFR_WIDTH: i32 = 2008;
 const DFR_HEIGHT: i32 = 64;
@@ -298,8 +299,7 @@ fn find_backlight() -> Result<PathBuf> {
     Err(anyhow!("No backlight device found"))
 }
 
-fn set_backlight(path: &Path, value: u32) {
-    let mut file = OpenOptions::new().write(true).open(path).unwrap();
+fn set_backlight(mut file: &File, value: u32) {
     file.write(format!("{}\n", value).as_bytes()).unwrap();
 }
 
@@ -395,6 +395,16 @@ fn main() {
         ]
     }).unwrap();
     uinput.dev_create().unwrap();
+
+    let bl_file = OpenOptions::new().write(true).open(bl_path).unwrap();
+
+    privdrop::PrivDrop::default()
+    .chroot("/var/empty")
+    .user("nobody")
+    .group("nobody")
+    .apply()
+    .unwrap_or_else(|e| { panic!("Failed to drop privileges: {}", e) });
+
     let mut digitizer: Option<InputDevice> = None;
     let mut touches = HashMap::new();
     let mut last_active = Instant::now();
@@ -499,7 +509,7 @@ fn main() {
         };
         if current_bl != new_bl {
             current_bl = new_bl;
-            set_backlight(&bl_path, current_bl);
+            set_backlight(&bl_file, current_bl);
         }
     }
 }