diff options
| author | Drew DeVault <[email protected]> | 2016-12-04 08:30:40 -0500 |
|---|---|---|
| committer | GitHub <[email protected]> | 2016-12-04 08:30:40 -0500 |
| commit | 5778c59a2f302071fd781683db57a97b51396c87 (patch) | |
| tree | e0ec272832e88e6c8d92719efa70c6749452daff /sway/commands/permit.c | |
| parent | cd5694fdb5bc9beb575902ea57d037833ad8e85c (diff) | |
| parent | e7a764fdf450a8259ddbc17446dd720fa1157b44 (diff) | |
Merge pull request #981 from SirCmpwn/security
Security features
Diffstat (limited to 'sway/commands/permit.c')
| -rw-r--r-- | sway/commands/permit.c | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/sway/commands/permit.c b/sway/commands/permit.c new file mode 100644 index 00000000..7a25e4ce --- /dev/null +++ b/sway/commands/permit.c @@ -0,0 +1,94 @@ +#include <string.h> +#include "sway/commands.h" +#include "sway/config.h" +#include "sway/security.h" +#include "log.h" + +static enum secure_feature get_features(int argc, char **argv, + struct cmd_results **error) { + enum secure_feature features = 0; + + struct { + char *name; + enum secure_feature feature; + } feature_names[] = { + { "lock", FEATURE_LOCK }, + { "panel", FEATURE_PANEL }, + { "background", FEATURE_BACKGROUND }, + { "screenshot", FEATURE_SCREENSHOT }, + { "fullscreen", FEATURE_FULLSCREEN }, + { "keyboard", FEATURE_KEYBOARD }, + { "mouse", FEATURE_MOUSE }, + { "ipc", FEATURE_IPC }, + }; + + for (int i = 1; i < argc; ++i) { + size_t j; + for (j = 0; j < sizeof(feature_names) / sizeof(feature_names[0]); ++j) { + if (strcmp(feature_names[j].name, argv[i]) == 0) { + break; + } + } + if (j == sizeof(feature_names) / sizeof(feature_names[0])) { + *error = cmd_results_new(CMD_INVALID, + "permit", "Invalid feature grant %s", argv[i]); + return 0; + } + features |= feature_names[j].feature; + } + return features; +} + +static struct feature_policy *get_policy(const char *name) { + struct feature_policy *policy = NULL; + for (int i = 0; i < config->feature_policies->length; ++i) { + struct feature_policy *p = config->feature_policies->items[i]; + if (strcmp(p->program, name) == 0) { + policy = p; + break; + } + } + if (!policy) { + policy = alloc_feature_policy(name); + list_add(config->feature_policies, policy); + } + return policy; +} + +struct cmd_results *cmd_permit(int argc, char **argv) { + struct cmd_results *error = NULL; + if ((error = checkarg(argc, "permit", EXPECTED_MORE_THAN, 1))) { + return error; + } + + struct feature_policy *policy = get_policy(argv[0]); + policy->features |= get_features(argc, argv, &error); + + if (error) { + return error; + } + + sway_log(L_DEBUG, "Permissions granted to %s for features %d", + policy->program, policy->features); + + return cmd_results_new(CMD_SUCCESS, NULL, NULL); +} + +struct cmd_results *cmd_reject(int argc, char **argv) { + struct cmd_results *error = NULL; + if ((error = checkarg(argc, "reject", EXPECTED_MORE_THAN, 1))) { + return error; + } + + struct feature_policy *policy = get_policy(argv[0]); + policy->features &= ~get_features(argc, argv, &error); + + if (error) { + return error; + } + + sway_log(L_DEBUG, "Permissions granted to %s for features %d", + policy->program, policy->features); + + return cmd_results_new(CMD_SUCCESS, NULL, NULL); +} |