diff options
| author | Drew DeVault <sir@cmpwn.com> | 2017-02-20 06:11:43 -0500 |
|---|---|---|
| committer | Drew DeVault <sir@cmpwn.com> | 2017-02-20 06:11:56 -0500 |
| commit | b10721b89e3f3992b2476c55237a25dbeb0bce46 (patch) | |
| tree | 8898271a6b93b848bd5e75c6f037a6140d119d1b /sway/security.c | |
| parent | 7dbecdde95d1f309d8fdd02fe480dc3fbef7c7c1 (diff) | |
Add initial support code for new IPC security
Diffstat (limited to 'sway/security.c')
| -rw-r--r-- | sway/security.c | 54 |
1 files changed, 50 insertions, 4 deletions
diff --git a/sway/security.c b/sway/security.c index 41a3b94b..9dfc7d2d 100644 --- a/sway/security.c +++ b/sway/security.c @@ -27,6 +27,29 @@ struct feature_policy *alloc_feature_policy(const char *program) { return policy; } +struct ipc_policy *alloc_ipc_policy(const char *program) { + uint32_t default_policy = 0; + for (int i = 0; i < config->ipc_policies->length; ++i) { + struct ipc_policy *policy = config->ipc_policies->items[i]; + if (strcmp(policy->program, "*") == 0) { + default_policy = policy->features; + break; + } + } + + struct ipc_policy *policy = malloc(sizeof(struct ipc_policy)); + if (!policy) { + return NULL; + } + policy->program = strdup(program); + if (!policy->program) { + free(policy); + return NULL; + } + policy->features = default_policy; + return policy; +} + struct command_policy *alloc_command_policy(const char *command) { struct command_policy *policy = malloc(sizeof(struct command_policy)); if (!policy) { @@ -41,7 +64,7 @@ struct command_policy *alloc_command_policy(const char *command) { return policy; } -enum secure_feature get_feature_policy(pid_t pid) { +static const char *get_pid_exe(pid_t pid) { #ifdef __FreeBSD__ const char *fmt = "/proc/%d/file"; #else @@ -52,9 +75,8 @@ enum secure_feature get_feature_policy(pid_t pid) { if (path) { snprintf(path, pathlen + 1, fmt, pid); } - static char link[2048]; - uint32_t default_policy = 0; + static char link[2048]; ssize_t len = !path ? -1 : readlink(path, link, sizeof(link)); if (len < 0) { @@ -67,6 +89,13 @@ enum secure_feature get_feature_policy(pid_t pid) { } free(path); + return link; +} + +uint32_t get_feature_policy(pid_t pid) { + uint32_t default_policy = 0; + const char *link = get_pid_exe(pid); + for (int i = 0; i < config->feature_policies->length; ++i) { struct feature_policy *policy = config->feature_policies->items[i]; if (strcmp(policy->program, "*") == 0) { @@ -80,7 +109,24 @@ enum secure_feature get_feature_policy(pid_t pid) { return default_policy; } -enum command_context get_command_policy(const char *cmd) { +uint32_t get_ipc_policy(pid_t pid) { + uint32_t default_policy = 0; + const char *link = get_pid_exe(pid); + + for (int i = 0; i < config->ipc_policies->length; ++i) { + struct ipc_policy *policy = config->ipc_policies->items[i]; + if (strcmp(policy->program, "*") == 0) { + default_policy = policy->features; + } + if (strcmp(policy->program, link) == 0) { + return policy->features; + } + } + + return default_policy; +} + +uint32_t get_command_policy(const char *cmd) { uint32_t default_policy = 0; for (int i = 0; i < config->command_policies->length; ++i) { |