diff options
author | Drew DeVault <sir@cmpwn.com> | 2016-12-01 19:58:11 -0500 |
---|---|---|
committer | Drew DeVault <sir@cmpwn.com> | 2016-12-01 19:58:11 -0500 |
commit | 26752932003145c89a0cd8d39c9944d6f5917837 (patch) | |
tree | bebfa80dc8a2d01c140a3f128ab37fcf2f5710d7 /sway/security.c | |
parent | Add config related code and initial headers (diff) | |
download | sway-26752932003145c89a0cd8d39c9944d6f5917837.tar.gz sway-26752932003145c89a0cd8d39c9944d6f5917837.tar.zst sway-26752932003145c89a0cd8d39c9944d6f5917837.zip |
Implement policy lookups
Diffstat (limited to 'sway/security.c')
-rw-r--r-- | sway/security.c | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/sway/security.c b/sway/security.c new file mode 100644 index 00000000..c72d54f6 --- /dev/null +++ b/sway/security.c | |||
@@ -0,0 +1,54 @@ | |||
1 | #include <unistd.h> | ||
2 | #include <stdio.h> | ||
3 | #include "sway/config.h" | ||
4 | #include "sway/security.h" | ||
5 | #include "log.h" | ||
6 | |||
7 | enum secure_feature get_feature_policy(pid_t pid) { | ||
8 | const char *fmt = "/proc/%d/exe"; | ||
9 | int pathlen = snprintf(NULL, 0, fmt, pid); | ||
10 | char *path = malloc(pathlen + 1); | ||
11 | snprintf(path, pathlen + 1, fmt, pid); | ||
12 | static char link[2048]; | ||
13 | |||
14 | enum secure_feature default_policy = | ||
15 | FEATURE_FULLSCREEN | FEATURE_KEYBOARD | FEATURE_MOUSE; | ||
16 | |||
17 | ssize_t len = readlink(path, link, sizeof(link)); | ||
18 | if (len < 0) { | ||
19 | sway_log(L_INFO, | ||
20 | "WARNING: unable to read %s for security check. Using default policy.", | ||
21 | path); | ||
22 | strcpy(link, "*"); | ||
23 | } else { | ||
24 | link[len] = '\0'; | ||
25 | } | ||
26 | |||
27 | for (int i = 0; i < config->feature_policies->length; ++i) { | ||
28 | struct feature_policy *policy = config->feature_policies->items[i]; | ||
29 | if (strcmp(policy->program, "*")) { | ||
30 | default_policy = policy->features; | ||
31 | } | ||
32 | if (strcmp(policy->program, link) == 0) { | ||
33 | return policy->features; | ||
34 | } | ||
35 | } | ||
36 | |||
37 | return default_policy; | ||
38 | } | ||
39 | |||
40 | enum command_context get_command_policy(const char *cmd) { | ||
41 | enum command_context default_policy = CONTEXT_ALL; | ||
42 | |||
43 | for (int i = 0; i < config->command_policies->length; ++i) { | ||
44 | struct command_policy *policy = config->command_policies->items[i]; | ||
45 | if (strcmp(policy->command, "*")) { | ||
46 | default_policy = policy->context; | ||
47 | } | ||
48 | if (strcmp(policy->command, cmd) == 0) { | ||
49 | return policy->context; | ||
50 | } | ||
51 | } | ||
52 | |||
53 | return default_policy; | ||
54 | } | ||