diff options
author | Drew DeVault <sir@cmpwn.com> | 2016-12-01 19:58:11 -0500 |
---|---|---|
committer | Drew DeVault <sir@cmpwn.com> | 2016-12-01 19:58:11 -0500 |
commit | 26752932003145c89a0cd8d39c9944d6f5917837 (patch) | |
tree | bebfa80dc8a2d01c140a3f128ab37fcf2f5710d7 | |
parent | Add config related code and initial headers (diff) | |
download | sway-26752932003145c89a0cd8d39c9944d6f5917837.tar.gz sway-26752932003145c89a0cd8d39c9944d6f5917837.tar.zst sway-26752932003145c89a0cd8d39c9944d6f5917837.zip |
Implement policy lookups
-rw-r--r-- | include/security.h | 4 | ||||
-rw-r--r-- | include/sway/config.h | 1 | ||||
-rw-r--r-- | include/sway/security.h | 9 | ||||
-rw-r--r-- | sway/CMakeLists.txt | 1 | ||||
-rw-r--r-- | sway/security.c | 54 |
5 files changed, 66 insertions, 3 deletions
diff --git a/include/security.h b/include/security.h index efc25ce6..3a5dbca0 100644 --- a/include/security.h +++ b/include/security.h | |||
@@ -3,7 +3,7 @@ | |||
3 | #include <unistd.h> | 3 | #include <unistd.h> |
4 | #include "sway/config.h" | 4 | #include "sway/config.h" |
5 | 5 | ||
6 | const struct feature_permissions *get_permissions(pid_t pid); | 6 | enum secure_features get_feature_policy(pid_t pid); |
7 | enum command_context get_command_context(const char *cmd); | 7 | enum command_context get_command_policy(const char *cmd); |
8 | 8 | ||
9 | #endif | 9 | #endif |
diff --git a/include/sway/config.h b/include/sway/config.h index 3744386c..14a86e49 100644 --- a/include/sway/config.h +++ b/include/sway/config.h | |||
@@ -206,7 +206,6 @@ enum secure_feature { | |||
206 | 206 | ||
207 | struct feature_policy { | 207 | struct feature_policy { |
208 | char *program; | 208 | char *program; |
209 | bool permit; | ||
210 | enum secure_feature features; | 209 | enum secure_feature features; |
211 | }; | 210 | }; |
212 | 211 | ||
diff --git a/include/sway/security.h b/include/sway/security.h new file mode 100644 index 00000000..efc25ce6 --- /dev/null +++ b/include/sway/security.h | |||
@@ -0,0 +1,9 @@ | |||
1 | #ifndef _SWAY_SECURITY_H | ||
2 | #define _SWAY_SECURITY_H | ||
3 | #include <unistd.h> | ||
4 | #include "sway/config.h" | ||
5 | |||
6 | const struct feature_permissions *get_permissions(pid_t pid); | ||
7 | enum command_context get_command_context(const char *cmd); | ||
8 | |||
9 | #endif | ||
diff --git a/sway/CMakeLists.txt b/sway/CMakeLists.txt index bb9ea81f..9349c30d 100644 --- a/sway/CMakeLists.txt +++ b/sway/CMakeLists.txt | |||
@@ -35,6 +35,7 @@ add_executable(sway | |||
35 | output.c | 35 | output.c |
36 | workspace.c | 36 | workspace.c |
37 | border.c | 37 | border.c |
38 | security.c | ||
38 | ) | 39 | ) |
39 | 40 | ||
40 | add_definitions( | 41 | add_definitions( |
diff --git a/sway/security.c b/sway/security.c new file mode 100644 index 00000000..c72d54f6 --- /dev/null +++ b/sway/security.c | |||
@@ -0,0 +1,54 @@ | |||
1 | #include <unistd.h> | ||
2 | #include <stdio.h> | ||
3 | #include "sway/config.h" | ||
4 | #include "sway/security.h" | ||
5 | #include "log.h" | ||
6 | |||
7 | enum secure_feature get_feature_policy(pid_t pid) { | ||
8 | const char *fmt = "/proc/%d/exe"; | ||
9 | int pathlen = snprintf(NULL, 0, fmt, pid); | ||
10 | char *path = malloc(pathlen + 1); | ||
11 | snprintf(path, pathlen + 1, fmt, pid); | ||
12 | static char link[2048]; | ||
13 | |||
14 | enum secure_feature default_policy = | ||
15 | FEATURE_FULLSCREEN | FEATURE_KEYBOARD | FEATURE_MOUSE; | ||
16 | |||
17 | ssize_t len = readlink(path, link, sizeof(link)); | ||
18 | if (len < 0) { | ||
19 | sway_log(L_INFO, | ||
20 | "WARNING: unable to read %s for security check. Using default policy.", | ||
21 | path); | ||
22 | strcpy(link, "*"); | ||
23 | } else { | ||
24 | link[len] = '\0'; | ||
25 | } | ||
26 | |||
27 | for (int i = 0; i < config->feature_policies->length; ++i) { | ||
28 | struct feature_policy *policy = config->feature_policies->items[i]; | ||
29 | if (strcmp(policy->program, "*")) { | ||
30 | default_policy = policy->features; | ||
31 | } | ||
32 | if (strcmp(policy->program, link) == 0) { | ||
33 | return policy->features; | ||
34 | } | ||
35 | } | ||
36 | |||
37 | return default_policy; | ||
38 | } | ||
39 | |||
40 | enum command_context get_command_policy(const char *cmd) { | ||
41 | enum command_context default_policy = CONTEXT_ALL; | ||
42 | |||
43 | for (int i = 0; i < config->command_policies->length; ++i) { | ||
44 | struct command_policy *policy = config->command_policies->items[i]; | ||
45 | if (strcmp(policy->command, "*")) { | ||
46 | default_policy = policy->context; | ||
47 | } | ||
48 | if (strcmp(policy->command, cmd) == 0) { | ||
49 | return policy->context; | ||
50 | } | ||
51 | } | ||
52 | |||
53 | return default_policy; | ||
54 | } | ||