harden ipc path permissions

[fufesou]

IPC hardening helper functions. The following logic is moved to the caller (non-Android only).

        fs::create_dir(&path).ok();
        fs::set_permissions(&path, fs::Permissions::from_mode(0o0777)).ok();

Summary by CodeRabbit

• New Features

  • Enhanced multi-user IPC socket support on Linux/macOS with improved path selection for service-shared versus per-user configurations.

• Improvements

  • Refined IPC socket organization to better distinguish between shared service sockets and user-specific sockets.

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 35d24cf4-3291-4616-b9c8-eacbe27e30d7

📥 Commits

Reviewing files that changed from the base of the PR and between f08ce5d and 40368d4.

📒 Files selected for processing (1)

• src/config.rs

---

📝 Walkthrough

Walkthrough

The PR refactors IPC path resolution on Linux/macOS to support per-UID directories while maintaining shared directories for service and uinput sockets. This enables proper multi-user IPC socket isolation while preserving shared access where required.

Changes

Cohort / File(s)	Summary
IPC Service Classification & Path Resolution src/config.rs	Added is_service_ipc_postfix() to identify shared IPC postfixes (_service, _uinput_*). Introduced ipc_parent_dir_for_uid() helper (Linux/macOS) to select IPC parent directories based on postfix type. Updated Config::ipc_path() to use UID-based directories for per-user sockets while keeping service/uinput sockets in shared locations. Added Linux-only public API Config::ipc_path_for_uid() for constructing paths for specific UIDs. Adjusted mkdir/chmod logic to apply only to Android.
Testing src/config.rs	Added test_uinput_ipc_path_is_shared_across_uids unit test verifying that uinput IPC paths remain consistent across different UIDs while non-service postfixes differ by UID.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• harden IPC path layout & permissions (per-UID dirs + service-scoped sockets) #502: Implements identical code-level changes to src/config.rs, including is_service_ipc_postfix(), ipc_parent_dir_for_uid(), ipc_path_for_uid(), and the refactored ipc_path() logic for multi-user IPC path management.

Poem

🐰✨ A rabbit hops through /tmp with glee,
UID paths branching like a willow tree—
Service sockets shared, per-user ones freed,
Multi-user magic fulfills each need! 🌿

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'harden ipc path permissions' is directly related to the main change: refactoring IPC path handling with improved security considerations, including UID-based directory selection and selective permission application.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[fufesou]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.