1 files changed, 95 insertions, 0 deletions
diff --git a/sway/commands/permit.c b/sway/commands/permit.c
new file mode 100644
index 00000000..8a7bb98c
--- /dev/null
+++ b/sway/commands/permit.c
@@ -0,0 +1,95 @@
+#include <string.h>
+#include "sway/commands.h"
+#include "sway/config.h"
+#include "sway/security.h"
+#include "log.h"
+static enum secure_feature get_features(int argc, char **argv,
+                struct cmd_results **error) {
+        enum secure_feature features = 0;
+        struct {
+                char *name;
+                enum secure_feature feature;
+        } feature_names[] = {
+                { "lock", FEATURE_LOCK },
+                { "panel", FEATURE_PANEL },
+                { "background", FEATURE_BACKGROUND },
+                { "screenshot", FEATURE_SCREENSHOT },
+                { "fullscreen", FEATURE_FULLSCREEN },
+                { "keyboard", FEATURE_KEYBOARD },
+                { "mouse", FEATURE_MOUSE },
+        };
+        size_t names_len = sizeof(feature_names) /
+                (sizeof(char *) + sizeof(enum secure_feature));
+        for (int i = 1; i < argc; ++i) {
+                size_t j;
+                for (j = 0; j < names_len; ++j) {
+                        if (strcmp(feature_names[j].name, argv[i]) == 0) {
+                                break;
+                        }
+                }
+                if (j == names_len) {
+                        *error = cmd_results_new(CMD_INVALID,
+                                        "permit", "Invalid feature grant %s", argv[i]);
+                        return 0;
+                }
+                features |= feature_names[j].feature;
+        }
+        return features;
+}
+static struct feature_policy *get_policy(const char *name) {
+        struct feature_policy *policy = NULL;
+        for (int i = 0; i < config->feature_policies->length; ++i) {
+                struct feature_policy *p = config->feature_policies->items[i];
+                if (strcmp(p->program, name) == 0) {
+                        policy = p;
+                        break;
+                }
+        }
+        if (!policy) {
+                policy = alloc_feature_policy(name);
+                list_add(config->feature_policies, policy);
+        }
+        return policy;
+}
+struct cmd_results *cmd_permit(int argc, char **argv) {
+        struct cmd_results *error = NULL;
+        if ((error = checkarg(argc, "permit", EXPECTED_MORE_THAN, 1))) {
+                return error;
+        }
+        struct feature_policy *policy = get_policy(argv[0]);
+        policy->features |= get_features(argc, argv, &error);
+        if (error) {
+                return error;
+        }
+        sway_log(L_DEBUG, "Permissions granted to %s for features %d",
+                        policy->program, policy->features);
+        return cmd_results_new(CMD_SUCCESS, NULL, NULL);
+}
+struct cmd_results *cmd_reject(int argc, char **argv) {
+        struct cmd_results *error = NULL;
+        if ((error = checkarg(argc, "reject", EXPECTED_MORE_THAN, 1))) {
+                return error;
+        }
+        struct feature_policy *policy = get_policy(argv[0]);
+        policy->features &= ~get_features(argc, argv, &error);
+        if (error) {
+                return error;
+        }
+        sway_log(L_DEBUG, "Permissions granted to %s for features %d",
+                        policy->program, policy->features);
+        return cmd_results_new(CMD_SUCCESS, NULL, NULL);
+}

diff --git a/sway/commands/permit.c b/sway/commands/permit.c new file mode 100644 index 00000000..8a7bb98c --- /dev/null +++ b/sway/commands/permit.c
@@ -0,0 +1,95 @@
	1	#include <string.h>
	2	#include "sway/commands.h"
	3	#include "sway/config.h"
	4	#include "sway/security.h"
	5	#include "log.h"
	6
	7	static enum secure_feature get_features(int argc, char **argv,
	8	struct cmd_results **error) {
	9	enum secure_feature features = 0;
	10
	11	struct {
	12	char *name;
	13	enum secure_feature feature;
	14	} feature_names[] = {
	15	{ "lock", FEATURE_LOCK },
	16	{ "panel", FEATURE_PANEL },
	17	{ "background", FEATURE_BACKGROUND },
	18	{ "screenshot", FEATURE_SCREENSHOT },
	19	{ "fullscreen", FEATURE_FULLSCREEN },
	20	{ "keyboard", FEATURE_KEYBOARD },
	21	{ "mouse", FEATURE_MOUSE },
	22	};
	23	size_t names_len = sizeof(feature_names) /
	24	(sizeof(char *) + sizeof(enum secure_feature));
	25
	26	for (int i = 1; i < argc; ++i) {
	27	size_t j;
	28	for (j = 0; j < names_len; ++j) {
	29	if (strcmp(feature_names[j].name, argv[i]) == 0) {
	30	break;
	31	}
	32	}
	33	if (j == names_len) {
	34	*error = cmd_results_new(CMD_INVALID,
	35	"permit", "Invalid feature grant %s", argv[i]);
	36	return 0;
	37	}
	38	features \|= feature_names[j].feature;
	39	}
	40	return features;
	41	}
	42
	43	static struct feature_policy get_policy(const char name) {
	44	struct feature_policy *policy = NULL;
	45	for (int i = 0; i < config->feature_policies->length; ++i) {
	46	struct feature_policy *p = config->feature_policies->items[i];
	47	if (strcmp(p->program, name) == 0) {
	48	policy = p;
	49	break;
	50	}
	51	}
	52	if (!policy) {
	53	policy = alloc_feature_policy(name);
	54	list_add(config->feature_policies, policy);
	55	}
	56	return policy;
	57	}
	58
	59	struct cmd_results cmd_permit(int argc, char *argv) {
	60	struct cmd_results *error = NULL;
	61	if ((error = checkarg(argc, "permit", EXPECTED_MORE_THAN, 1))) {
	62	return error;
	63	}
	64
	65	struct feature_policy *policy = get_policy(argv[0]);
	66	policy->features \|= get_features(argc, argv, &error);
	67
	68	if (error) {
	69	return error;
	70	}
	71
	72	sway_log(L_DEBUG, "Permissions granted to %s for features %d",
	73	policy->program, policy->features);
	74
	75	return cmd_results_new(CMD_SUCCESS, NULL, NULL);
	76	}
	77
	78	struct cmd_results cmd_reject(int argc, char *argv) {
	79	struct cmd_results *error = NULL;
	80	if ((error = checkarg(argc, "reject", EXPECTED_MORE_THAN, 1))) {
	81	return error;
	82	}
	83
	84	struct feature_policy *policy = get_policy(argv[0]);
	85	policy->features &= ~get_features(argc, argv, &error);
	86
	87	if (error) {
	88	return error;
	89	}
	90
	91	sway_log(L_DEBUG, "Permissions granted to %s for features %d",
	92	policy->program, policy->features);
	93
	94	return cmd_results_new(CMD_SUCCESS, NULL, NULL);
	95	}