tauri-plugin-background-service 0.6.0

Background service lifecycle plugin for Tauri v2 — run long-lived tasks on Android, iOS, and desktop
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192

//! Desktop environment checks for OS-service mode prerequisites.
//!
//! Provides helpers for detecting whether the desktop environment meets
//! the requirements for running as an OS-level service:
//!
//! - **Linux**: systemd lingering must be enabled for user services to
//!   survive logout.
//! - **macOS**: The app must not be sandboxed, as sandboxed apps cannot
//!   write to `~/Library/LaunchAgents/` or use `launchctl`.

use crate::error::ServiceError;

/// Parse the output of `loginctl show-user <user> -p Linger`.
///
/// Returns `Ok(true)` for `Linger=yes`, `Ok(false)` for `Linger=no`.
pub fn parse_linger_output(output: &str) -> Result<bool, ServiceError> {
    let trimmed = output.trim();
    if let Some(value) = trimmed.strip_prefix("Linger=") {
        match value.trim() {
            "yes" => Ok(true),
            "no" => Ok(false),
            other => Err(ServiceError::Platform(format!(
                "Unexpected Linger value: {other}"
            ))),
        }
    } else {
        Err(ServiceError::Platform(format!(
            "Unexpected loginctl output format: {trimmed}"
        )))
    }
}

/// Parse codesign entitlements XML for the `com.apple.security.app-sandbox` key.
///
/// Returns `true` if the entitlements contain `com.apple.security.app-sandbox`
/// set to `<true/>`.
pub fn parse_entitlements_for_sandbox(xml: &str) -> bool {
    let key = "com.apple.security.app-sandbox";
    let Some(pos) = xml.find(key) else {
        return false;
    };
    let after = &xml[pos + key.len()..];
    let Some(key_end) = after.find("</key>") else {
        return false;
    };
    let value_section = &after[key_end + "</key>".len()..];
    value_section.trim_start().starts_with("<true/>")
}

/// Check whether systemd lingering is enabled for the current user.
///
/// Runs `loginctl show-user <username> -p Linger` and parses the output.
/// Lingering must be enabled for systemd user services to survive logout.
#[cfg(target_os = "linux")]
pub fn check_systemd_lingering() -> Result<bool, ServiceError> {
    let username = std::env::var("USER")
        .map_err(|_| ServiceError::Platform("USER environment variable not set".into()))?;
    let output = std::process::Command::new("loginctl")
        .args(["show-user", &username, "-p", "Linger"])
        .output()
        .map_err(|e| ServiceError::Platform(format!("Failed to run loginctl: {e}")))?;
    if !output.status.success() {
        return Err(ServiceError::Platform(format!(
            "loginctl exited with status {}: {}",
            output.status,
            String::from_utf8_lossy(&output.stderr).trim()
        )));
    }
    parse_linger_output(&String::from_utf8_lossy(&output.stdout))
}

/// Check whether the current app is sandboxed on macOS.
///
/// Runs `codesign -d --entitlements :- <exe_path>` and checks for the
/// `com.apple.security.app-sandbox` entitlement set to `true`.
#[cfg(target_os = "macos")]
pub fn check_macos_sandbox() -> Result<bool, ServiceError> {
    let exe_path = std::env::current_exe()
        .map_err(|e| ServiceError::Platform(format!("Cannot determine executable path: {e}")))?;
    let output = std::process::Command::new("codesign")
        .args(["-d", "--entitlements", ":-", &exe_path.to_string_lossy()])
        .output()
        .map_err(|e| ServiceError::Platform(format!("Failed to run codesign: {e}")))?;
    // codesign returns non-zero if no entitlements are embedded — not sandboxed.
    if !output.status.success() {
        return Ok(false);
    }
    Ok(parse_entitlements_for_sandbox(&String::from_utf8_lossy(
        &output.stdout,
    )))
}

#[cfg(test)]
mod tests {
    use super::*;

    // --- parse_linger_output tests ---

    #[test]
    fn linger_yes() {
        assert_eq!(parse_linger_output("Linger=yes").unwrap(), true);
    }

    #[test]
    fn linger_no() {
        assert_eq!(parse_linger_output("Linger=no").unwrap(), false);
    }

    #[test]
    fn linger_with_trailing_newline() {
        assert_eq!(parse_linger_output("Linger=yes\n").unwrap(), true);
    }

    #[test]
    fn linger_unexpected_value() {
        let result = parse_linger_output("Linger=maybe");
        assert!(result.is_err());
        let msg = result.unwrap_err().to_string();
        assert!(msg.contains("Unexpected Linger value"), "got: {msg}");
    }

    #[test]
    fn linger_unexpected_format() {
        let result = parse_linger_output("something else");
        assert!(result.is_err());
        let msg = result.unwrap_err().to_string();
        assert!(
            msg.contains("Unexpected loginctl output format"),
            "got: {msg}"
        );
    }

    // --- parse_entitlements_for_sandbox tests ---

    #[test]
    fn sandbox_entitlement_present_and_true() {
        let xml = r#"<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
</dict>
</plist>"#;
        assert!(parse_entitlements_for_sandbox(xml));
    }

    #[test]
    fn sandbox_entitlement_present_but_false() {
        let xml = r#"<?xml version="1.0" encoding="UTF-8"?>
<plist version="1.0">
<dict>
    <key>com.apple.security.app-sandbox</key>
    <false/>
</dict>
</plist>"#;
        assert!(!parse_entitlements_for_sandbox(xml));
    }

    #[test]
    fn no_sandbox_entitlement() {
        let xml = r#"<?xml version="1.0" encoding="UTF-8"?>
<plist version="1.0">
<dict>
    <key>com.apple.security.network.client</key>
    <true/>
</dict>
</plist>"#;
        assert!(!parse_entitlements_for_sandbox(xml));
    }

    #[test]
    fn empty_entitlements() {
        assert!(!parse_entitlements_for_sandbox(""));
    }

    #[test]
    fn sandbox_with_other_entitlements() {
        let xml = r#"<?xml version="1.0" encoding="UTF-8"?>
<plist version="1.0">
<dict>
    <key>com.apple.security.network.client</key>
    <true/>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.files.user-selected.read-only</key>
    <true/>
</dict>
</plist>"#;
        assert!(parse_entitlements_for_sandbox(xml));
    }
}