ipn: include full tailfs shares in ipn notifications

This allows the Mac application to regain access to restricted folders after restarts. Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>
2025-08-11 13:18:53 +00:00 · 2024-02-27 21:22:45 -06:00
parent 80f1cb6227
commit e324a5660f
5 changed files with 20 additions and 24 deletions
--- a/ipn/backend.go
+++ b/ipn/backend.go
@@ -10,6 +10,7 @@ import (

 	"tailscale.com/ipn/ipnstate"
 	"tailscale.com/tailcfg"
+	"tailscale.com/tailfs"
 	"tailscale.com/types/empty"
 	"tailscale.com/types/key"
 	"tailscale.com/types/netmap"
@@ -123,11 +124,12 @@ type Notify struct {
 	ClientVersion *tailcfg.ClientVersion `json:",omitempty"`

 	// TailFSShares tracks the full set of current TailFSShares that we're
-	// publishing as name->path. Some client applications, like the MacOS and
+	// publishing as name->share. Some client applications, like the MacOS and
 	// Windows clients, will listen for updates to this and handle serving
 	// these shares under the identity of the unprivileged user that is running
-	// the application.
-	TailFSShares map[string]string `json:",omitempty"`
+	// the application. A nil value here means that we're not broadcasting
+	// shares information, an empty value means that there are no shares.
+	TailFSShares map[string]*tailfs.Share

 	// type is mirrored in xcode/Shared/IPN.swift
 }
--- a/ipn/ipnlocal/local.go
+++ b/ipn/ipnlocal/local.go
@@ -68,6 +68,7 @@ import (
 	"tailscale.com/syncs"
 	"tailscale.com/tailcfg"
 	"tailscale.com/taildrop"
+	"tailscale.com/tailfs"
 	"tailscale.com/tka"
 	"tailscale.com/tsd"
 	"tailscale.com/tstime"
@@ -2286,9 +2287,9 @@ func (b *LocalBackend) WatchNotifications(ctx context.Context, mask ipn.NotifyWa
 			if err != nil {
 				b.logf("unable to notify initial tailfs shares: %v", err)
 			} else {
-				ini.TailFSShares = make(map[string]string, len(shares))
+				ini.TailFSShares = make(map[string]*tailfs.Share, len(shares))
 				for _, share := range shares {
-					ini.TailFSShares[share.Name] = share.Path
+					ini.TailFSShares[share.Name] = share
 				}
 			}
 		}
--- a/ipn/ipnlocal/tailfs.go
+++ b/ipn/ipnlocal/tailfs.go
@@ -7,6 +7,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"maps"
 	"os"
 	"regexp"
 	"strings"
@@ -108,7 +109,7 @@ func normalizeShareName(name string) (string, error) {
 	return name, nil
 }

-func (b *LocalBackend) tailfsAddShareLocked(share *tailfs.Share) (map[string]string, error) {
+func (b *LocalBackend) tailfsAddShareLocked(share *tailfs.Share) (map[string]*tailfs.Share, error) {
 	fs, ok := b.sys.TailFSForRemote.GetOK()
 	if !ok {
 		return nil, errors.New("tailfs not enabled")
@@ -129,7 +130,7 @@ func (b *LocalBackend) tailfsAddShareLocked(share *tailfs.Share) (map[string]str
 	}
 	fs.SetShares(shares)

-	return shareNameMap(shares), nil
+	return maps.Clone(shares), nil
 }

 // TailFSRemoveShare removes the named share. Share names are forced to
@@ -154,7 +155,7 @@ func (b *LocalBackend) TailFSRemoveShare(name string) error {
 	return nil
 }

-func (b *LocalBackend) tailfsRemoveShareLocked(name string) (map[string]string, error) {
+func (b *LocalBackend) tailfsRemoveShareLocked(name string) (map[string]*tailfs.Share, error) {
 	fs, ok := b.sys.TailFSForRemote.GetOK()
 	if !ok {
 		return nil, errors.New("tailfs not enabled")
@@ -179,20 +180,12 @@ func (b *LocalBackend) tailfsRemoveShareLocked(name string) (map[string]string,
 	}
 	fs.SetShares(shares)

-	return shareNameMap(shares), nil
-}
-
-func shareNameMap(sharesByName map[string]*tailfs.Share) map[string]string {
-	sharesMap := make(map[string]string, len(sharesByName))
-	for _, share := range sharesByName {
-		sharesMap[share.Name] = share.Path
-	}
-	return sharesMap
+	return maps.Clone(shares), nil
 }

 // tailfsNotifyShares notifies IPN bus listeners (e.g. Mac Application process)
 // about the latest set of shares, supplied as a map of name -> directory.
-func (b *LocalBackend) tailfsNotifyShares(shares map[string]string) {
+func (b *LocalBackend) tailfsNotifyShares(shares map[string]*tailfs.Share) {
 	b.send(ipn.Notify{TailFSShares: shares})
 }

@@ -205,7 +198,7 @@ func (b *LocalBackend) tailFSNotifyCurrentSharesLocked() {
 		return
 	}
 	// Do the below on a goroutine to avoid deadlocking on b.mu in b.send().
-	go b.tailfsNotifyShares(shareNameMap(shares))
+	go b.tailfsNotifyShares(maps.Clone(shares))
 }

 // TailFSGetShares returns the current set of shares from the state store,