Add config related code and initial headers

author: Drew DeVault <sir@cmpwn.com> 2016-12-01 19:38:36 -0500
committer: Drew DeVault <sir@cmpwn.com> 2016-12-01 19:38:36 -0500
commit: 44cc0ef125332f1fe3dad7d16ed0a78a25cd1974 (patch)
tree: 834a20ac4bc2982dda46f144932dd16177b04224
parent: Write example security config, start on code (diff)
download: sway-44cc0ef125332f1fe3dad7d16ed0a78a25cd1974.tar.gz
sway-44cc0ef125332f1fe3dad7d16ed0a78a25cd1974.tar.zst
sway-44cc0ef125332f1fe3dad7d16ed0a78a25cd1974.zip
4 files changed, 74 insertions, 8 deletions
diff --git a/config.d/security b/config.d/security
index bff55f0f..fe75d8ea 100644
--- a/config.d/security
+++ b/config.d/security
@@ -37,15 +37,15 @@ ipc {
 # Limits the contexts from which certain commands are permitted
 commands {
-    fullscreen bindsym criteria
+    fullscreen binding criteria
    bindsym config
-    exit bindsym
+    exit binding
-    kill bindsym
+    kill binding
    # You should not change these unless you know what you're doing - it could
    # cripple your security
-    reload bindsym
+    reload binding
-    restart bindsym
+    restart binding
    permit config
    reject config
    ipc config
diff --git a/include/security.h b/include/security.h
new file mode 100644
index 00000000..efc25ce6
--- /dev/null
+++ b/include/security.h
@@ -0,0 +1,9 @@
+#ifndef _SWAY_SECURITY_H
+#define _SWAY_SECURITY_H
+#include <unistd.h>
+#include "sway/config.h"
+const struct feature_permissions *get_permissions(pid_t pid);
+enum command_context get_command_context(const char *cmd);
+#endif
diff --git a/include/sway/config.h b/include/sway/config.h
index 8d077ee7..3744386c 100644
--- a/include/sway/config.h
+++ b/include/sway/config.h
@@ -103,9 +103,6 @@ struct pid_workspace {
        time_t *time_added;
 };
-void pid_workspace_add(struct pid_workspace *pw);
-void free_pid_workspace(struct pid_workspace *pw);
 struct bar_config {
        /**
         * One of "dock", "hide", "invisible"
@@ -184,6 +181,35 @@ enum edge_border_types {
        E_BOTH          /**< hide vertical and horizontal edge borders */
 };
+enum command_context {
+        CONTEXT_CONFIG = 1,
+        CONTEXT_BINDING = 2,
+        CONTEXT_IPC = 4,
+        CONTEXT_CRITERIA = 8,
+        CONTEXT_ALL = 0xFFFFFFFF,
+};
+struct command_policy {
+        char *command;
+        enum command_context context;
+};
+enum secure_feature {
+        FEATURE_LOCK = 1,
+        FEATURE_PANEL = 2,
+        FEATURE_BACKGROUND = 4,
+        FEATURE_SCREENSHOT = 8,
+        FEATURE_FULLSCREEN = 16,
+        FEATURE_KEYBOARD = 32,
+        FEATURE_MOUSE = 64,
+};
+struct feature_policy {
+        char *program;
+        bool permit;
+        enum secure_feature features;
+};
 /**
 * The configuration struct. The result of loading a config file.
 */
@@ -252,8 +278,15 @@ struct sway_config {
        int32_t floating_maximum_height;
        int32_t floating_minimum_width;
        int32_t floating_minimum_height;
+        // Security
+        list_t *command_policies;
+        list_t *feature_policies;
 };
+void pid_workspace_add(struct pid_workspace *pw);
+void free_pid_workspace(struct pid_workspace *pw);
 /**
 * Loads the main config from the given path. is_active should be true when
 * reloading the config.
diff --git a/sway/config.c b/sway/config.c
index 7d5999d8..a2f6a728 100644
--- a/sway/config.c
+++ b/sway/config.c
@@ -167,6 +167,16 @@ void free_pid_workspace(struct pid_workspace *pw) {
        free(pw);
 }
+void free_command_policy(struct command_policy *policy) {
+        free(policy->command);
+        free(policy);
+}
+void free_feature_policy(struct feature_policy *policy) {
+        free(policy->program);
+        free(policy);
+}
 void free_config(struct sway_config *config) {
        int i;
        for (i = 0; i < config->symbols->length; ++i) {
@@ -211,6 +221,16 @@ void free_config(struct sway_config *config) {
        }
        list_free(config->output_configs);
+        for (i = 0; i < config->command_policies->length; ++i) {
+                free_command_policy(config->command_policies->items[i]);
+        }
+        list_free(config->command_policies);
+        for (i = 0; i < config->feature_policies->length; ++i) {
+                free_feature_policy(config->feature_policies->items[i]);
+        }
+        list_free(config->feature_policies);
        list_free(config->active_bar_modifiers);
        free_flat_list(config->config_chain);
        free(config->font);
@@ -321,6 +341,10 @@ static void config_defaults(struct sway_config *config) {
        config->border_colors.placeholder.child_border = 0x0C0C0CFF;
        config->border_colors.background = 0xFFFFFFFF;
+        // Security
+        config->command_policies = create_list();
+        config->feature_policies = create_list();
 }
 static int compare_modifiers(const void *left, const void *right) {
author	Drew DeVault <sir@cmpwn.com>	2016-12-01 19:38:36 -0500
committer	Drew DeVault <sir@cmpwn.com>	2016-12-01 19:38:36 -0500
commit	44cc0ef125332f1fe3dad7d16ed0a78a25cd1974 (patch)
tree	834a20ac4bc2982dda46f144932dd16177b04224
parent	Write example security config, start on code (diff)
download	sway-44cc0ef125332f1fe3dad7d16ed0a78a25cd1974.tar.gz sway-44cc0ef125332f1fe3dad7d16ed0a78a25cd1974.tar.zst sway-44cc0ef125332f1fe3dad7d16ed0a78a25cd1974.zip

diff --git a/config.d/security b/config.d/security index bff55f0f..fe75d8ea 100644 --- a/config.d/security +++ b/config.d/security
@@ -37,15 +37,15 @@ ipc {
37		37
38	# Limits the contexts from which certain commands are permitted	38	# Limits the contexts from which certain commands are permitted
39	commands {	39	commands {
40	fullscreen bindsym criteria	40	fullscreen binding criteria
41	bindsym config	41	bindsym config
42	exit bindsym	42	exit binding
43	kill bindsym	43	kill binding
44		44
45	# You should not change these unless you know what you're doing - it could	45	# You should not change these unless you know what you're doing - it could
46	# cripple your security	46	# cripple your security
47	reload bindsym	47	reload binding
48	restart bindsym	48	restart binding
49	permit config	49	permit config
50	reject config	50	reject config
51	ipc config	51	ipc config


diff --git a/include/security.h b/include/security.h new file mode 100644 index 00000000..efc25ce6 --- /dev/null +++ b/include/security.h
@@ -0,0 +1,9 @@
		1	#ifndef _SWAY_SECURITY_H
		2	#define _SWAY_SECURITY_H
		3	#include <unistd.h>
		4	#include "sway/config.h"
		5
		6	const struct feature_permissions *get_permissions(pid_t pid);
		7	enum command_context get_command_context(const char *cmd);
		8
		9	#endif


diff --git a/include/sway/config.h b/include/sway/config.h index 8d077ee7..3744386c 100644 --- a/include/sway/config.h +++ b/include/sway/config.h
@@ -103,9 +103,6 @@ struct pid_workspace {
103	time_t *time_added;	103	time_t *time_added;
104	};	104	};
105		105
106	void pid_workspace_add(struct pid_workspace *pw);
107	void free_pid_workspace(struct pid_workspace *pw);
108
109	struct bar_config {	106	struct bar_config {
110	/**	107	/**
111	* One of "dock", "hide", "invisible"	108	* One of "dock", "hide", "invisible"
@@ -184,6 +181,35 @@ enum edge_border_types {
184	E_BOTH /*< hide vertical and horizontal edge borders /	181	E_BOTH /*< hide vertical and horizontal edge borders /
185	};	182	};
186		183
		184	enum command_context {
		185	CONTEXT_CONFIG = 1,
		186	CONTEXT_BINDING = 2,
		187	CONTEXT_IPC = 4,
		188	CONTEXT_CRITERIA = 8,
		189	CONTEXT_ALL = 0xFFFFFFFF,
		190	};
		191
		192	struct command_policy {
		193	char *command;
		194	enum command_context context;
		195	};
		196
		197	enum secure_feature {
		198	FEATURE_LOCK = 1,
		199	FEATURE_PANEL = 2,
		200	FEATURE_BACKGROUND = 4,
		201	FEATURE_SCREENSHOT = 8,
		202	FEATURE_FULLSCREEN = 16,
		203	FEATURE_KEYBOARD = 32,
		204	FEATURE_MOUSE = 64,
		205	};
		206
		207	struct feature_policy {
		208	char *program;
		209	bool permit;
		210	enum secure_feature features;
		211	};
		212
187	/**	213	/**
188	* The configuration struct. The result of loading a config file.	214	* The configuration struct. The result of loading a config file.
189	*/	215	*/
@@ -252,8 +278,15 @@ struct sway_config {
252	int32_t floating_maximum_height;	278	int32_t floating_maximum_height;
253	int32_t floating_minimum_width;	279	int32_t floating_minimum_width;
254	int32_t floating_minimum_height;	280	int32_t floating_minimum_height;
		281
		282	// Security
		283	list_t *command_policies;
		284	list_t *feature_policies;
255	};	285	};
256		286
		287	void pid_workspace_add(struct pid_workspace *pw);
		288	void free_pid_workspace(struct pid_workspace *pw);
		289
257	/**	290	/**
258	* Loads the main config from the given path. is_active should be true when	291	* Loads the main config from the given path. is_active should be true when
259	* reloading the config.	292	* reloading the config.


diff --git a/sway/config.c b/sway/config.c index 7d5999d8..a2f6a728 100644 --- a/sway/config.c +++ b/sway/config.c
@@ -167,6 +167,16 @@ void free_pid_workspace(struct pid_workspace *pw) {
167	free(pw);	167	free(pw);
168	}	168	}
169		169
		170	void free_command_policy(struct command_policy *policy) {
		171	free(policy->command);
		172	free(policy);
		173	}
		174
		175	void free_feature_policy(struct feature_policy *policy) {
		176	free(policy->program);
		177	free(policy);
		178	}
		179
170	void free_config(struct sway_config *config) {	180	void free_config(struct sway_config *config) {
171	int i;	181	int i;
172	for (i = 0; i < config->symbols->length; ++i) {	182	for (i = 0; i < config->symbols->length; ++i) {
@@ -211,6 +221,16 @@ void free_config(struct sway_config *config) {
211	}	221	}
212	list_free(config->output_configs);	222	list_free(config->output_configs);
213		223
		224	for (i = 0; i < config->command_policies->length; ++i) {
		225	free_command_policy(config->command_policies->items[i]);
		226	}
		227	list_free(config->command_policies);
		228
		229	for (i = 0; i < config->feature_policies->length; ++i) {
		230	free_feature_policy(config->feature_policies->items[i]);
		231	}
		232	list_free(config->feature_policies);
		233
214	list_free(config->active_bar_modifiers);	234	list_free(config->active_bar_modifiers);
215	free_flat_list(config->config_chain);	235	free_flat_list(config->config_chain);
216	free(config->font);	236	free(config->font);
@@ -321,6 +341,10 @@ static void config_defaults(struct sway_config *config) {
321	config->border_colors.placeholder.child_border = 0x0C0C0CFF;	341	config->border_colors.placeholder.child_border = 0x0C0C0CFF;
322		342
323	config->border_colors.background = 0xFFFFFFFF;	343	config->border_colors.background = 0xFFFFFFFF;
		344
		345	// Security
		346	config->command_policies = create_list();
		347	config->feature_policies = create_list();
324	}	348	}
325		349
326	static int compare_modifiers(const void left, const void right) {	350	static int compare_modifiers(const void left, const void right) {