diff options
author | Drew DeVault <sir@cmpwn.com> | 2017-02-20 06:11:43 -0500 |
---|---|---|
committer | Drew DeVault <sir@cmpwn.com> | 2017-02-20 06:11:56 -0500 |
commit | b10721b89e3f3992b2476c55237a25dbeb0bce46 (patch) | |
tree | 8898271a6b93b848bd5e75c6f037a6140d119d1b /sway/security.c | |
parent | Revise IPC security configuration (diff) | |
download | sway-b10721b89e3f3992b2476c55237a25dbeb0bce46.tar.gz sway-b10721b89e3f3992b2476c55237a25dbeb0bce46.tar.zst sway-b10721b89e3f3992b2476c55237a25dbeb0bce46.zip |
Add initial support code for new IPC security
Diffstat (limited to 'sway/security.c')
-rw-r--r-- | sway/security.c | 54 |
1 files changed, 50 insertions, 4 deletions
diff --git a/sway/security.c b/sway/security.c index 41a3b94b..9dfc7d2d 100644 --- a/sway/security.c +++ b/sway/security.c | |||
@@ -27,6 +27,29 @@ struct feature_policy *alloc_feature_policy(const char *program) { | |||
27 | return policy; | 27 | return policy; |
28 | } | 28 | } |
29 | 29 | ||
30 | struct ipc_policy *alloc_ipc_policy(const char *program) { | ||
31 | uint32_t default_policy = 0; | ||
32 | for (int i = 0; i < config->ipc_policies->length; ++i) { | ||
33 | struct ipc_policy *policy = config->ipc_policies->items[i]; | ||
34 | if (strcmp(policy->program, "*") == 0) { | ||
35 | default_policy = policy->features; | ||
36 | break; | ||
37 | } | ||
38 | } | ||
39 | |||
40 | struct ipc_policy *policy = malloc(sizeof(struct ipc_policy)); | ||
41 | if (!policy) { | ||
42 | return NULL; | ||
43 | } | ||
44 | policy->program = strdup(program); | ||
45 | if (!policy->program) { | ||
46 | free(policy); | ||
47 | return NULL; | ||
48 | } | ||
49 | policy->features = default_policy; | ||
50 | return policy; | ||
51 | } | ||
52 | |||
30 | struct command_policy *alloc_command_policy(const char *command) { | 53 | struct command_policy *alloc_command_policy(const char *command) { |
31 | struct command_policy *policy = malloc(sizeof(struct command_policy)); | 54 | struct command_policy *policy = malloc(sizeof(struct command_policy)); |
32 | if (!policy) { | 55 | if (!policy) { |
@@ -41,7 +64,7 @@ struct command_policy *alloc_command_policy(const char *command) { | |||
41 | return policy; | 64 | return policy; |
42 | } | 65 | } |
43 | 66 | ||
44 | enum secure_feature get_feature_policy(pid_t pid) { | 67 | static const char *get_pid_exe(pid_t pid) { |
45 | #ifdef __FreeBSD__ | 68 | #ifdef __FreeBSD__ |
46 | const char *fmt = "/proc/%d/file"; | 69 | const char *fmt = "/proc/%d/file"; |
47 | #else | 70 | #else |
@@ -52,9 +75,8 @@ enum secure_feature get_feature_policy(pid_t pid) { | |||
52 | if (path) { | 75 | if (path) { |
53 | snprintf(path, pathlen + 1, fmt, pid); | 76 | snprintf(path, pathlen + 1, fmt, pid); |
54 | } | 77 | } |
55 | static char link[2048]; | ||
56 | 78 | ||
57 | uint32_t default_policy = 0; | 79 | static char link[2048]; |
58 | 80 | ||
59 | ssize_t len = !path ? -1 : readlink(path, link, sizeof(link)); | 81 | ssize_t len = !path ? -1 : readlink(path, link, sizeof(link)); |
60 | if (len < 0) { | 82 | if (len < 0) { |
@@ -67,6 +89,13 @@ enum secure_feature get_feature_policy(pid_t pid) { | |||
67 | } | 89 | } |
68 | free(path); | 90 | free(path); |
69 | 91 | ||
92 | return link; | ||
93 | } | ||
94 | |||
95 | uint32_t get_feature_policy(pid_t pid) { | ||
96 | uint32_t default_policy = 0; | ||
97 | const char *link = get_pid_exe(pid); | ||
98 | |||
70 | for (int i = 0; i < config->feature_policies->length; ++i) { | 99 | for (int i = 0; i < config->feature_policies->length; ++i) { |
71 | struct feature_policy *policy = config->feature_policies->items[i]; | 100 | struct feature_policy *policy = config->feature_policies->items[i]; |
72 | if (strcmp(policy->program, "*") == 0) { | 101 | if (strcmp(policy->program, "*") == 0) { |
@@ -80,7 +109,24 @@ enum secure_feature get_feature_policy(pid_t pid) { | |||
80 | return default_policy; | 109 | return default_policy; |
81 | } | 110 | } |
82 | 111 | ||
83 | enum command_context get_command_policy(const char *cmd) { | 112 | uint32_t get_ipc_policy(pid_t pid) { |
113 | uint32_t default_policy = 0; | ||
114 | const char *link = get_pid_exe(pid); | ||
115 | |||
116 | for (int i = 0; i < config->ipc_policies->length; ++i) { | ||
117 | struct ipc_policy *policy = config->ipc_policies->items[i]; | ||
118 | if (strcmp(policy->program, "*") == 0) { | ||
119 | default_policy = policy->features; | ||
120 | } | ||
121 | if (strcmp(policy->program, link) == 0) { | ||
122 | return policy->features; | ||
123 | } | ||
124 | } | ||
125 | |||
126 | return default_policy; | ||
127 | } | ||
128 | |||
129 | uint32_t get_command_policy(const char *cmd) { | ||
84 | uint32_t default_policy = 0; | 130 | uint32_t default_policy = 0; |
85 | 131 | ||
86 | for (int i = 0; i < config->command_policies->length; ++i) { | 132 | for (int i = 0; i < config->command_policies->length; ++i) { |