diff options
Diffstat (limited to 'sway/security.c')
-rw-r--r-- | sway/security.c | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/sway/security.c b/sway/security.c new file mode 100644 index 00000000..f16fdd1f --- /dev/null +++ b/sway/security.c | |||
@@ -0,0 +1,94 @@ | |||
1 | #include <unistd.h> | ||
2 | #include <stdio.h> | ||
3 | #include "sway/config.h" | ||
4 | #include "sway/security.h" | ||
5 | #include "log.h" | ||
6 | |||
7 | struct feature_policy *alloc_feature_policy(const char *program) { | ||
8 | uint32_t default_policy = 0; | ||
9 | for (int i = 0; i < config->feature_policies->length; ++i) { | ||
10 | struct feature_policy *policy = config->feature_policies->items[i]; | ||
11 | if (strcmp(policy->program, "*") == 0) { | ||
12 | default_policy = policy->features; | ||
13 | break; | ||
14 | } | ||
15 | } | ||
16 | |||
17 | struct feature_policy *policy = malloc(sizeof(struct feature_policy)); | ||
18 | policy->program = strdup(program); | ||
19 | policy->features = default_policy; | ||
20 | return policy; | ||
21 | } | ||
22 | |||
23 | struct command_policy *alloc_command_policy(const char *command) { | ||
24 | struct command_policy *policy = malloc(sizeof(struct command_policy)); | ||
25 | policy->command = strdup(command); | ||
26 | policy->context = 0; | ||
27 | return policy; | ||
28 | } | ||
29 | |||
30 | enum secure_feature get_feature_policy(pid_t pid) { | ||
31 | const char *fmt = "/proc/%d/exe"; | ||
32 | int pathlen = snprintf(NULL, 0, fmt, pid); | ||
33 | char *path = malloc(pathlen + 1); | ||
34 | snprintf(path, pathlen + 1, fmt, pid); | ||
35 | static char link[2048]; | ||
36 | |||
37 | uint32_t default_policy = 0; | ||
38 | |||
39 | ssize_t len = readlink(path, link, sizeof(link)); | ||
40 | if (len < 0) { | ||
41 | sway_log(L_INFO, | ||
42 | "WARNING: unable to read %s for security check. Using default policy.", | ||
43 | path); | ||
44 | strcpy(link, "*"); | ||
45 | } else { | ||
46 | link[len] = '\0'; | ||
47 | } | ||
48 | free(path); | ||
49 | |||
50 | for (int i = 0; i < config->feature_policies->length; ++i) { | ||
51 | struct feature_policy *policy = config->feature_policies->items[i]; | ||
52 | if (strcmp(policy->program, "*") == 0) { | ||
53 | default_policy = policy->features; | ||
54 | } | ||
55 | if (strcmp(policy->program, link) == 0) { | ||
56 | return policy->features; | ||
57 | } | ||
58 | } | ||
59 | |||
60 | return default_policy; | ||
61 | } | ||
62 | |||
63 | enum command_context get_command_policy(const char *cmd) { | ||
64 | uint32_t default_policy = 0; | ||
65 | |||
66 | for (int i = 0; i < config->command_policies->length; ++i) { | ||
67 | struct command_policy *policy = config->command_policies->items[i]; | ||
68 | if (strcmp(policy->command, "*") == 0) { | ||
69 | default_policy = policy->context; | ||
70 | } | ||
71 | if (strcmp(policy->command, cmd) == 0) { | ||
72 | return policy->context; | ||
73 | } | ||
74 | } | ||
75 | |||
76 | return default_policy; | ||
77 | } | ||
78 | |||
79 | const char *command_policy_str(enum command_context context) { | ||
80 | switch (context) { | ||
81 | case CONTEXT_ALL: | ||
82 | return "all"; | ||
83 | case CONTEXT_CONFIG: | ||
84 | return "config"; | ||
85 | case CONTEXT_BINDING: | ||
86 | return "binding"; | ||
87 | case CONTEXT_IPC: | ||
88 | return "IPC"; | ||
89 | case CONTEXT_CRITERIA: | ||
90 | return "criteria"; | ||
91 | default: | ||
92 | return "unknown"; | ||
93 | } | ||
94 | } | ||