1 files changed, 50 insertions, 4 deletions
diff --git a/sway/security.c b/sway/security.c
index 41a3b94b..9dfc7d2d 100644
--- a/sway/security.c
+++ b/sway/security.c
@@ -27,6 +27,29 @@ struct feature_policy *alloc_feature_policy(const char *program) {
        return policy;
 }
+struct ipc_policy *alloc_ipc_policy(const char *program) {
+        uint32_t default_policy = 0;
+        for (int i = 0; i < config->ipc_policies->length; ++i) {
+                struct ipc_policy *policy = config->ipc_policies->items[i];
+                if (strcmp(policy->program, "*") == 0) {
+                        default_policy = policy->features;
+                        break;
+                }
+        }
+        struct ipc_policy *policy = malloc(sizeof(struct ipc_policy));
+        if (!policy) {
+                return NULL;
+        }
+        policy->program = strdup(program);
+        if (!policy->program) {
+                free(policy);
+                return NULL;
+        }
+        policy->features = default_policy;
+        return policy;
+}
 struct command_policy *alloc_command_policy(const char *command) {
        struct command_policy *policy = malloc(sizeof(struct command_policy));
        if (!policy) {
@@ -41,7 +64,7 @@ struct command_policy *alloc_command_policy(const char *command) {
        return policy;
 }
-enum secure_feature get_feature_policy(pid_t pid) {
+static const char *get_pid_exe(pid_t pid) {
 #ifdef __FreeBSD__
        const char *fmt = "/proc/%d/file";
 #else
@@ -52,9 +75,8 @@ enum secure_feature get_feature_policy(pid_t pid) {
        if (path) {
                snprintf(path, pathlen + 1, fmt, pid);
        }
-        static char link[2048];
-        uint32_t default_policy = 0;
+        static char link[2048];
        ssize_t len = !path ? -1 : readlink(path, link, sizeof(link));
        if (len < 0) {
@@ -67,6 +89,13 @@ enum secure_feature get_feature_policy(pid_t pid) {
        }
        free(path);
+        return link;
+}
+uint32_t get_feature_policy(pid_t pid) {
+        uint32_t default_policy = 0;
+        const char *link = get_pid_exe(pid);
        for (int i = 0; i < config->feature_policies->length; ++i) {
                struct feature_policy *policy = config->feature_policies->items[i];
                if (strcmp(policy->program, "*") == 0) {
@@ -80,7 +109,24 @@ enum secure_feature get_feature_policy(pid_t pid) {
        return default_policy;
 }
-enum command_context get_command_policy(const char *cmd) {
+uint32_t get_ipc_policy(pid_t pid) {
+        uint32_t default_policy = 0;
+        const char *link = get_pid_exe(pid);
+        for (int i = 0; i < config->ipc_policies->length; ++i) {
+                struct ipc_policy *policy = config->ipc_policies->items[i];
+                if (strcmp(policy->program, "*") == 0) {
+                        default_policy = policy->features;
+                }
+                if (strcmp(policy->program, link) == 0) {
+                        return policy->features;
+                }
+        }
+        return default_policy;
+}
+uint32_t get_command_policy(const char *cmd) {
        uint32_t default_policy = 0;
        for (int i = 0; i < config->command_policies->length; ++i) {

diff --git a/sway/security.c b/sway/security.c index 41a3b94b..9dfc7d2d 100644 --- a/sway/security.c +++ b/sway/security.c
@@ -27,6 +27,29 @@ struct feature_policy alloc_feature_policy(const char program) {
27	return policy;	27	return policy;
28	}	28	}
29		29
		30	struct ipc_policy alloc_ipc_policy(const char program) {
		31	uint32_t default_policy = 0;
		32	for (int i = 0; i < config->ipc_policies->length; ++i) {
		33	struct ipc_policy *policy = config->ipc_policies->items[i];
		34	if (strcmp(policy->program, "*") == 0) {
		35	default_policy = policy->features;
		36	break;
		37	}
		38	}
		39
		40	struct ipc_policy *policy = malloc(sizeof(struct ipc_policy));
		41	if (!policy) {
		42	return NULL;
		43	}
		44	policy->program = strdup(program);
		45	if (!policy->program) {
		46	free(policy);
		47	return NULL;
		48	}
		49	policy->features = default_policy;
		50	return policy;
		51	}
		52
30	struct command_policy alloc_command_policy(const char command) {	53	struct command_policy alloc_command_policy(const char command) {
31	struct command_policy *policy = malloc(sizeof(struct command_policy));	54	struct command_policy *policy = malloc(sizeof(struct command_policy));
32	if (!policy) {	55	if (!policy) {
@@ -41,7 +64,7 @@ struct command_policy alloc_command_policy(const char command) {
41	return policy;	64	return policy;
42	}	65	}
43		66
44	enum secure_feature get_feature_policy(pid_t pid) {	67	static const char *get_pid_exe(pid_t pid) {
45	#ifdef __FreeBSD__	68	#ifdef __FreeBSD__
46	const char *fmt = "/proc/%d/file";	69	const char *fmt = "/proc/%d/file";
47	#else	70	#else
@@ -52,9 +75,8 @@ enum secure_feature get_feature_policy(pid_t pid) {
52	if (path) {	75	if (path) {
53	snprintf(path, pathlen + 1, fmt, pid);	76	snprintf(path, pathlen + 1, fmt, pid);
54	}	77	}
55	static char link[2048];
56		78
57	uint32_t default_policy = 0;	79	static char link[2048];
58		80
59	ssize_t len = !path ? -1 : readlink(path, link, sizeof(link));	81	ssize_t len = !path ? -1 : readlink(path, link, sizeof(link));
60	if (len < 0) {	82	if (len < 0) {
@@ -67,6 +89,13 @@ enum secure_feature get_feature_policy(pid_t pid) {
67	}	89	}
68	free(path);	90	free(path);
69		91
		92	return link;
		93	}
		94
		95	uint32_t get_feature_policy(pid_t pid) {
		96	uint32_t default_policy = 0;
		97	const char *link = get_pid_exe(pid);
		98
70	for (int i = 0; i < config->feature_policies->length; ++i) {	99	for (int i = 0; i < config->feature_policies->length; ++i) {
71	struct feature_policy *policy = config->feature_policies->items[i];	100	struct feature_policy *policy = config->feature_policies->items[i];
72	if (strcmp(policy->program, "*") == 0) {	101	if (strcmp(policy->program, "*") == 0) {
@@ -80,7 +109,24 @@ enum secure_feature get_feature_policy(pid_t pid) {
80	return default_policy;	109	return default_policy;
81	}	110	}
82		111
83	enum command_context get_command_policy(const char *cmd) {	112	uint32_t get_ipc_policy(pid_t pid) {
		113	uint32_t default_policy = 0;
		114	const char *link = get_pid_exe(pid);
		115
		116	for (int i = 0; i < config->ipc_policies->length; ++i) {
		117	struct ipc_policy *policy = config->ipc_policies->items[i];
		118	if (strcmp(policy->program, "*") == 0) {
		119	default_policy = policy->features;
		120	}
		121	if (strcmp(policy->program, link) == 0) {
		122	return policy->features;
		123	}
		124	}
		125
		126	return default_policy;
		127	}
		128
		129	uint32_t get_command_policy(const char *cmd) {
84	uint32_t default_policy = 0;	130	uint32_t default_policy = 0;
85		131
86	for (int i = 0; i < config->command_policies->length; ++i) {	132	for (int i = 0; i < config->command_policies->length; ++i) {