diff options
| author |  Drew DeVault <sir@cmpwn.com> | 2016-12-03 12:38:42 -0500 |
|---|---|---|
| committer | Drew DeVault <sir@cmpwn.com> | 2016-12-03 12:38:42 -0500 |
| commit | e7a764fdf450a8259ddbc17446dd720fa1157b44 (patch) | |
| tree | e0ec272832e88e6c8d92719efa70c6749452daff /sway/security.c | |
| parent | Fix use-after-free (diff) | |
| download | sway-e7a764fdf450a8259ddbc17446dd720fa1157b44.tar.gz sway-e7a764fdf450a8259ddbc17446dd720fa1157b44.tar.zst sway-e7a764fdf450a8259ddbc17446dd720fa1157b44.zip | |
Disallow everything by default
And update config.d/security to configure sane defaults
Diffstat (limited to 'sway/security.c')
| -rw-r--r-- | sway/security.c | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/sway/security.c b/sway/security.c index 1d236b1d..f16fdd1f 100644 --- a/sway/security.c +++ b/sway/security.c | |||
| @@ -5,16 +5,25 @@ | |||
| 5 | #include "log.h" | 5 | #include "log.h" |
| 6 | 6 | ||
| 7 | struct feature_policy *alloc_feature_policy(const char *program) { | 7 | struct feature_policy *alloc_feature_policy(const char *program) { |
| 8 | uint32_t default_policy = 0; | ||
| 9 | for (int i = 0; i < config->feature_policies->length; ++i) { | ||
| 10 | struct feature_policy *policy = config->feature_policies->items[i]; | ||
| 11 | if (strcmp(policy->program, "*") == 0) { | ||
| 12 | default_policy = policy->features; | ||
| 13 | break; | ||
| 14 | } | ||
| 15 | } | ||
| 16 | |||
| 8 | struct feature_policy *policy = malloc(sizeof(struct feature_policy)); | 17 | struct feature_policy *policy = malloc(sizeof(struct feature_policy)); |
| 9 | policy->program = strdup(program); | 18 | policy->program = strdup(program); |
| 10 | policy->features = FEATURE_FULLSCREEN | FEATURE_KEYBOARD | FEATURE_MOUSE | FEATURE_IPC; | 19 | policy->features = default_policy; |
| 11 | return policy; | 20 | return policy; |
| 12 | } | 21 | } |
| 13 | 22 | ||
| 14 | struct command_policy *alloc_command_policy(const char *command) { | 23 | struct command_policy *alloc_command_policy(const char *command) { |
| 15 | struct command_policy *policy = malloc(sizeof(struct command_policy)); | 24 | struct command_policy *policy = malloc(sizeof(struct command_policy)); |
| 16 | policy->command = strdup(command); | 25 | policy->command = strdup(command); |
| 17 | policy->context = CONTEXT_ALL; | 26 | policy->context = 0; |
| 18 | return policy; | 27 | return policy; |
| 19 | } | 28 | } |
| 20 | 29 | ||
| @@ -25,8 +34,7 @@ enum secure_feature get_feature_policy(pid_t pid) { | |||
| 25 | snprintf(path, pathlen + 1, fmt, pid); | 34 | snprintf(path, pathlen + 1, fmt, pid); |
| 26 | static char link[2048]; | 35 | static char link[2048]; |
| 27 | 36 | ||
| 28 | enum secure_feature default_policy = | 37 | uint32_t default_policy = 0; |
| 29 | FEATURE_FULLSCREEN | FEATURE_KEYBOARD | FEATURE_MOUSE; | ||
| 30 | 38 | ||
| 31 | ssize_t len = readlink(path, link, sizeof(link)); | 39 | ssize_t len = readlink(path, link, sizeof(link)); |
| 32 | if (len < 0) { | 40 | if (len < 0) { |
| @@ -53,10 +61,13 @@ enum secure_feature get_feature_policy(pid_t pid) { | |||
| 53 | } | 61 | } |
| 54 | 62 | ||
| 55 | enum command_context get_command_policy(const char *cmd) { | 63 | enum command_context get_command_policy(const char *cmd) { |
| 56 | enum command_context default_policy = CONTEXT_ALL; | 64 | uint32_t default_policy = 0; |
| 57 | 65 | ||
| 58 | for (int i = 0; i < config->command_policies->length; ++i) { | 66 | for (int i = 0; i < config->command_policies->length; ++i) { |
| 59 | struct command_policy *policy = config->command_policies->items[i]; | 67 | struct command_policy *policy = config->command_policies->items[i]; |
| 68 | if (strcmp(policy->command, "*") == 0) { | ||
| 69 | default_policy = policy->context; | ||
| 70 | } | ||
| 60 | if (strcmp(policy->command, cmd) == 0) { | 71 | if (strcmp(policy->command, cmd) == 0) { |
| 61 | return policy->context; | 72 | return policy->context; |
| 62 | } | 73 | } |