diff options
| author | Drew DeVault <sir@cmpwn.com> | 2018-09-06 21:45:53 -0400 |
|---|---|---|
| committer | Drew DeVault <sir@cmpwn.com> | 2018-10-08 18:34:05 -0400 |
| commit | 0b9f327f1a4053b96f181713b9c154ad6624f452 (patch) | |
| tree | 297248f125945ebc3164193b852db07ce02a5581 | |
| parent | 633cafb0d5ccba2746eed1454e40a2d5ca017816 (diff) | |
| download | sway-0b9f327f1a4053b96f181713b9c154ad6624f452.zip sway-0b9f327f1a4053b96f181713b9c154ad6624f452.tar.gz sway-0b9f327f1a4053b96f181713b9c154ad6624f452.tar.bz2 | |
Add permit|reject skeletons and wiring
| -rw-r--r-- | include/sway/commands.h | 3 | ||||
| -rw-r--r-- | include/sway/config.h | 6 | ||||
| -rw-r--r-- | include/sway/debug.h | 1 | ||||
| -rw-r--r-- | include/sway/security.h | 10 | ||||
| -rw-r--r-- | sway/commands.c | 13 | ||||
| -rw-r--r-- | sway/commands/permit.c | 12 | ||||
| -rw-r--r-- | sway/commands/reject.c | 12 | ||||
| -rw-r--r-- | sway/config.c | 1 | ||||
| -rw-r--r-- | sway/main.c | 3 | ||||
| -rw-r--r-- | sway/meson.build | 3 | ||||
| -rw-r--r-- | sway/security.c | 20 |
11 files changed, 74 insertions, 10 deletions
diff --git a/include/sway/commands.h b/include/sway/commands.h index 48228a9..b656c60 100644 --- a/include/sway/commands.h +++ b/include/sway/commands.h @@ -262,4 +262,7 @@ sway_cmd cmd_ipc_cmd; sway_cmd cmd_ipc_events; sway_cmd cmd_ipc_event_cmd; +sway_cmd cmd_permit; +sway_cmd cmd_reject; + #endif diff --git a/include/sway/config.h b/include/sway/config.h index a33018e..0f2e2aa 100644 --- a/include/sway/config.h +++ b/include/sway/config.h @@ -330,8 +330,9 @@ struct sway_config { enum focus_wrapping_mode focus_wrapping; bool active; bool failed; - bool reloading; bool reading; + bool reloading; + bool secure; bool validating; bool auto_back_and_forth; bool show_marks; @@ -370,7 +371,8 @@ struct sway_config { int32_t floating_minimum_height; // Security - list_t *feature_policies; + list_t *feature_policies; // struct feature_policy + struct feature_policy default_policy; // Context for command handlers struct { diff --git a/include/sway/debug.h b/include/sway/debug.h index 0e9bb05..46010bf 100644 --- a/include/sway/debug.h +++ b/include/sway/debug.h @@ -3,6 +3,7 @@ #include <stdbool.h> struct sway_debug { + bool insecure; // Do not enforce security policies bool noatomic; // Ignore atomic layout updates bool render_tree; // Render the tree overlay bool txn_timings; // Log verbose messages about transactions diff --git a/include/sway/security.h b/include/sway/security.h index de96398..c3dfe2b 100644 --- a/include/sway/security.h +++ b/include/sway/security.h @@ -3,14 +3,12 @@ #include <unistd.h> #include "sway/config.h" -/** Returns a mask of all features this pid is permitted to use */ +/** Returns a mask of all features this client is permitted to use */ uint64_t get_feature_policy_mask(struct wl_client *client); -/** - * Returns the feature policy for a given program. Creates one if it doesn't - * exist. - */ -struct feature_policy *get_feature_policy(const char *program); +/** Returns the policy for a program, or creates one if it doesn't exist. */ +struct feature_policy *get_feature_policy( + struct sway_config *config, const char *program); /** Creates a wayland client with a feature policy applied. */ struct wl_client *create_secure_client(struct wl_display *display, diff --git a/sway/commands.c b/sway/commands.c index 89fe5ea..9016f3e 100644 --- a/sway/commands.c +++ b/sway/commands.c @@ -157,6 +157,12 @@ static struct cmd_handler command_handlers[] = { { "urgent", cmd_urgent }, }; +/* Security config commands. Keep alphabetized */ +static struct cmd_handler security_handlers[] = { + { "permit", cmd_permit }, + { "reject", cmd_reject }, +}; + static int handler_compare(const void *_a, const void *_b) { const struct cmd_handler *a = _a; const struct cmd_handler *b = _b; @@ -169,6 +175,13 @@ struct cmd_handler *find_handler(char *line, struct cmd_handler *cmd_handlers, struct cmd_handler *res = NULL; wlr_log(WLR_DEBUG, "find_handler(%s)", line); + if (config->secure) { + res = bsearch(&d, security_handlers, + sizeof(security_handlers) / sizeof(struct cmd_handler), + sizeof(struct cmd_handler), handler_compare); + return res; + } + bool config_loading = config->reading || !config->active; if (!config_loading) { diff --git a/sway/commands/permit.c b/sway/commands/permit.c new file mode 100644 index 0000000..0508c9c --- /dev/null +++ b/sway/commands/permit.c @@ -0,0 +1,12 @@ +#include "sway/commands.h" + +struct cmd_results *cmd_permit(int argc, char **argv) { + struct cmd_results *error = NULL; + if ((error = checkarg(argc, "permit", EXPECTED_AT_LEAST, 2))) { + return error; + } + + // TODO + + return cmd_results_new(CMD_SUCCESS, NULL, NULL); +} diff --git a/sway/commands/reject.c b/sway/commands/reject.c new file mode 100644 index 0000000..55a9b3a --- /dev/null +++ b/sway/commands/reject.c @@ -0,0 +1,12 @@ +#include "sway/commands.h" + +struct cmd_results *cmd_reject(int argc, char **argv) { + struct cmd_results *error = NULL; + if ((error = checkarg(argc, "reject", EXPECTED_AT_LEAST, 2))) { + return error; + } + + // TODO + + return cmd_results_new(CMD_SUCCESS, NULL, NULL); +} diff --git a/sway/config.c b/sway/config.c index 8a44c26..55933e6 100644 --- a/sway/config.c +++ b/sway/config.c @@ -439,6 +439,7 @@ bool load_main_config(const char *file, bool is_active, bool validating) { closedir(dir); list_qsort(secconfigs, qstrcmp); + for (int i = 0; i < secconfigs->length; ++i) { char *_path = secconfigs->items[i]; if (stat(_path, &s) || s.st_uid != 0 || s.st_gid != 0 || diff --git a/sway/main.c b/sway/main.c index dea4a31..a257fe3 100644 --- a/sway/main.c +++ b/sway/main.c @@ -200,6 +200,9 @@ void enable_debug_flag(const char *flag) { debug.damage = DAMAGE_HIGHLIGHT; } else if (strcmp(flag, "damage=rerender") == 0) { debug.damage = DAMAGE_RERENDER; + } else if (strcmp(flag, "insecure") == 0) { + debug.insecure = true; + wlr_log(WLR_ERROR, "!!! DANGER !!! Sway is running in insecure mode."); } else if (strcmp(flag, "noatomic") == 0) { debug.noatomic = true; } else if (strcmp(flag, "render-tree") == 0) { diff --git a/sway/meson.build b/sway/meson.build index c7fc969..68cb190 100644 --- a/sway/meson.build +++ b/sway/meson.build @@ -156,6 +156,9 @@ sway_sources = files( 'commands/output/scale.c', 'commands/output/transform.c', + 'commands/permit.c', + 'commands/reject.c', + 'tree/arrange.c', 'tree/container.c', 'tree/node.c', diff --git a/sway/security.c b/sway/security.c index 8f72cfb..5bca2f2 100644 --- a/sway/security.c +++ b/sway/security.c @@ -1,6 +1,22 @@ -#define _XOPEN_SOURCE 700 +#define _POSIX_C_SOURCE 200809L #include <stdlib.h> #include <string.h> #include "sway/security.h" -// TODO +struct feature_policy *get_feature_policy( + struct sway_config *config, const char *program) { + if (!program) { + return &config->default_policy; + } + + struct feature_policy *policy; + for (int i = 0; i < config->feature_policies->length; ++i) { + policy = config->feature_policies->items[i]; + if (strcmp(policy->program, program) == 0) { + return policy; + } + } + policy = calloc(1, sizeof(struct feature_policy)); + policy->program = strdup(program); + return policy; +} |