diff options
author | Drew DeVault <sir@cmpwn.com> | 2016-12-03 12:38:42 -0500 |
---|---|---|
committer | Drew DeVault <sir@cmpwn.com> | 2016-12-03 12:38:42 -0500 |
commit | e7a764fdf450a8259ddbc17446dd720fa1157b44 (patch) | |
tree | e0ec272832e88e6c8d92719efa70c6749452daff /sway/security.c | |
parent | Fix use-after-free (diff) | |
download | sway-e7a764fdf450a8259ddbc17446dd720fa1157b44.tar.gz sway-e7a764fdf450a8259ddbc17446dd720fa1157b44.tar.zst sway-e7a764fdf450a8259ddbc17446dd720fa1157b44.zip |
Disallow everything by default
And update config.d/security to configure sane defaults
Diffstat (limited to 'sway/security.c')
-rw-r--r-- | sway/security.c | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/sway/security.c b/sway/security.c index 1d236b1d..f16fdd1f 100644 --- a/sway/security.c +++ b/sway/security.c | |||
@@ -5,16 +5,25 @@ | |||
5 | #include "log.h" | 5 | #include "log.h" |
6 | 6 | ||
7 | struct feature_policy *alloc_feature_policy(const char *program) { | 7 | struct feature_policy *alloc_feature_policy(const char *program) { |
8 | uint32_t default_policy = 0; | ||
9 | for (int i = 0; i < config->feature_policies->length; ++i) { | ||
10 | struct feature_policy *policy = config->feature_policies->items[i]; | ||
11 | if (strcmp(policy->program, "*") == 0) { | ||
12 | default_policy = policy->features; | ||
13 | break; | ||
14 | } | ||
15 | } | ||
16 | |||
8 | struct feature_policy *policy = malloc(sizeof(struct feature_policy)); | 17 | struct feature_policy *policy = malloc(sizeof(struct feature_policy)); |
9 | policy->program = strdup(program); | 18 | policy->program = strdup(program); |
10 | policy->features = FEATURE_FULLSCREEN | FEATURE_KEYBOARD | FEATURE_MOUSE | FEATURE_IPC; | 19 | policy->features = default_policy; |
11 | return policy; | 20 | return policy; |
12 | } | 21 | } |
13 | 22 | ||
14 | struct command_policy *alloc_command_policy(const char *command) { | 23 | struct command_policy *alloc_command_policy(const char *command) { |
15 | struct command_policy *policy = malloc(sizeof(struct command_policy)); | 24 | struct command_policy *policy = malloc(sizeof(struct command_policy)); |
16 | policy->command = strdup(command); | 25 | policy->command = strdup(command); |
17 | policy->context = CONTEXT_ALL; | 26 | policy->context = 0; |
18 | return policy; | 27 | return policy; |
19 | } | 28 | } |
20 | 29 | ||
@@ -25,8 +34,7 @@ enum secure_feature get_feature_policy(pid_t pid) { | |||
25 | snprintf(path, pathlen + 1, fmt, pid); | 34 | snprintf(path, pathlen + 1, fmt, pid); |
26 | static char link[2048]; | 35 | static char link[2048]; |
27 | 36 | ||
28 | enum secure_feature default_policy = | 37 | uint32_t default_policy = 0; |
29 | FEATURE_FULLSCREEN | FEATURE_KEYBOARD | FEATURE_MOUSE; | ||
30 | 38 | ||
31 | ssize_t len = readlink(path, link, sizeof(link)); | 39 | ssize_t len = readlink(path, link, sizeof(link)); |
32 | if (len < 0) { | 40 | if (len < 0) { |
@@ -53,10 +61,13 @@ enum secure_feature get_feature_policy(pid_t pid) { | |||
53 | } | 61 | } |
54 | 62 | ||
55 | enum command_context get_command_policy(const char *cmd) { | 63 | enum command_context get_command_policy(const char *cmd) { |
56 | enum command_context default_policy = CONTEXT_ALL; | 64 | uint32_t default_policy = 0; |
57 | 65 | ||
58 | for (int i = 0; i < config->command_policies->length; ++i) { | 66 | for (int i = 0; i < config->command_policies->length; ++i) { |
59 | struct command_policy *policy = config->command_policies->items[i]; | 67 | struct command_policy *policy = config->command_policies->items[i]; |
68 | if (strcmp(policy->command, "*") == 0) { | ||
69 | default_policy = policy->context; | ||
70 | } | ||
60 | if (strcmp(policy->command, cmd) == 0) { | 71 | if (strcmp(policy->command, cmd) == 0) { |
61 | return policy->context; | 72 | return policy->context; |
62 | } | 73 | } |