From b10721b89e3f3992b2476c55237a25dbeb0bce46 Mon Sep 17 00:00:00 2001 From: Drew DeVault Date: Mon, 20 Feb 2017 06:11:43 -0500 Subject: Add initial support code for new IPC security --- include/sway/config.h | 8 ++++++-- include/sway/security.h | 6 ++++-- 2 files changed, 10 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/include/sway/config.h b/include/sway/config.h index febde63d..c3a916b1 100644 --- a/include/sway/config.h +++ b/include/sway/config.h @@ -203,7 +203,6 @@ enum secure_feature { FEATURE_FULLSCREEN = 16, FEATURE_KEYBOARD = 32, FEATURE_MOUSE = 64, - FEATURE_IPC = 128, }; struct feature_policy { @@ -228,6 +227,11 @@ enum ipc_feature { IPC_FEATURE_EVENT_INPUT = 8192 }; +struct ipc_policy { + char *program; + uint32_t features; +}; + /** * The configuration struct. The result of loading a config file. */ @@ -300,7 +304,7 @@ struct sway_config { // Security list_t *command_policies; list_t *feature_policies; - uint32_t ipc_policy; + list_t *ipc_policies; }; void pid_workspace_add(struct pid_workspace *pw); diff --git a/include/sway/security.h b/include/sway/security.h index 1cc85bee..c3a5cfd4 100644 --- a/include/sway/security.h +++ b/include/sway/security.h @@ -3,12 +3,14 @@ #include #include "sway/config.h" -enum secure_feature get_feature_policy(pid_t pid); -enum command_context get_command_policy(const char *cmd); +uint32_t get_feature_policy(pid_t pid); +uint32_t get_ipc_policy(pid_t pid); +uint32_t get_command_policy(const char *cmd); const char *command_policy_str(enum command_context context); struct feature_policy *alloc_feature_policy(const char *program); +struct ipc_policy *alloc_ipc_policy(const char *program); struct command_policy *alloc_command_policy(const char *command); #endif -- cgit v1.2.3 From eabfb6c5598d5b655b40d8677d97b58cce757ef5 Mon Sep 17 00:00:00 2001 From: Drew DeVault Date: Mon, 20 Feb 2017 06:48:33 -0500 Subject: Add * policies and fix bug --- include/sway/config.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/sway/config.h b/include/sway/config.h index c3a916b1..ba49b9a0 100644 --- a/include/sway/config.h +++ b/include/sway/config.h @@ -224,7 +224,12 @@ enum ipc_feature { IPC_FEATURE_EVENT_MODE = 1024, IPC_FEATURE_EVENT_WINDOW = 2048, IPC_FEATURE_EVENT_BINDING = 4096, - IPC_FEATURE_EVENT_INPUT = 8192 + IPC_FEATURE_EVENT_INPUT = 8192, + + IPC_FEATURE_ALL_COMMANDS = 1 | 2 | 4 | 8 | 16 | 32 | 64 | 128, + IPC_FEATURE_ALL_EVENTS = 256 | 512 | 1024 | 2048 | 4096 | 8192, + + IPC_FEATURE_ALL = IPC_FEATURE_ALL_COMMANDS | IPC_FEATURE_ALL_EVENTS, }; struct ipc_policy { -- cgit v1.2.3 From 126ce571dab09d84d8ee1b760981dbba7cbc1000 Mon Sep 17 00:00:00 2001 From: Drew DeVault Date: Mon, 20 Feb 2017 07:42:08 -0500 Subject: Read configs from /etc/sway/security.d/* --- include/sway/config.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'include') diff --git a/include/sway/config.h b/include/sway/config.h index ba49b9a0..d77fbd51 100644 --- a/include/sway/config.h +++ b/include/sway/config.h @@ -340,6 +340,8 @@ void free_config(struct sway_config *config); */ char *do_var_replacement(char *str); +struct cmd_results *check_security_config(); + int input_identifier_cmp(const void *item, const void *data); void merge_input_config(struct input_config *dst, struct input_config *src); void apply_input_config(struct input_config *ic, struct libinput_device *dev); -- cgit v1.2.3