Implement permit and reject commands

3 files changed, 104 insertions, 0 deletions

diff --git a/sway/commands.c b/sway/commands.c
index de29a7af..e2bafcb2 100644
--- a/sway/commands.c
+++ b/sway/commands.c
@@ -187,6 +187,8 @@ static struct cmd_handler handlers[] = {
 	{ "new_float", cmd_new_float },
 	{ "new_window", cmd_new_window },
 	{ "output", cmd_output },
+	{ "permit", cmd_permit },
+	{ "reject", cmd_reject },
 	{ "reload", cmd_reload },
 	{ "resize", cmd_resize },
 	{ "scratchpad", cmd_scratchpad },
diff --git a/sway/commands/permit.c b/sway/commands/permit.c
new file mode 100644
index 00000000..8a7bb98c
--- /dev/null
+++ b/sway/commands/permit.c
@@ -0,0 +1,95 @@
+#include <string.h>
+#include "sway/commands.h"
+#include "sway/config.h"
+#include "sway/security.h"
+#include "log.h"
+
+static enum secure_feature get_features(int argc, char **argv,
+		struct cmd_results **error) {
+	enum secure_feature features = 0;
+
+	struct {
+		char *name;
+		enum secure_feature feature;
+	} feature_names[] = {
+		{ "lock", FEATURE_LOCK },
+		{ "panel", FEATURE_PANEL },
+		{ "background", FEATURE_BACKGROUND },
+		{ "screenshot", FEATURE_SCREENSHOT },
+		{ "fullscreen", FEATURE_FULLSCREEN },
+		{ "keyboard", FEATURE_KEYBOARD },
+		{ "mouse", FEATURE_MOUSE },
+	};
+	size_t names_len = sizeof(feature_names) /
+		(sizeof(char *) + sizeof(enum secure_feature));
+
+	for (int i = 1; i < argc; ++i) {
+		size_t j;
+		for (j = 0; j < names_len; ++j) {
+			if (strcmp(feature_names[j].name, argv[i]) == 0) {
+				break;
+			}
+		}
+		if (j == names_len) {
+			*error = cmd_results_new(CMD_INVALID,
+					"permit", "Invalid feature grant %s", argv[i]);
+			return 0;
+		}
+		features |= feature_names[j].feature;
+	}
+	return features;
+}
+
+static struct feature_policy *get_policy(const char *name) {
+	struct feature_policy *policy = NULL;
+	for (int i = 0; i < config->feature_policies->length; ++i) {
+		struct feature_policy *p = config->feature_policies->items[i];
+		if (strcmp(p->program, name) == 0) {
+			policy = p;
+			break;
+		}
+	}
+	if (!policy) {
+		policy = alloc_feature_policy(name);
+		list_add(config->feature_policies, policy);
+	}
+	return policy;
+}
+
+struct cmd_results *cmd_permit(int argc, char **argv) {
+	struct cmd_results *error = NULL;
+	if ((error = checkarg(argc, "permit", EXPECTED_MORE_THAN, 1))) {
+		return error;
+	}
+
+	struct feature_policy *policy = get_policy(argv[0]);
+	policy->features |= get_features(argc, argv, &error);
+
+	if (error) {
+		return error;
+	}
+
+	sway_log(L_DEBUG, "Permissions granted to %s for features %d",
+			policy->program, policy->features);
+
+	return cmd_results_new(CMD_SUCCESS, NULL, NULL);
+}
+
+struct cmd_results *cmd_reject(int argc, char **argv) {
+	struct cmd_results *error = NULL;
+	if ((error = checkarg(argc, "reject", EXPECTED_MORE_THAN, 1))) {
+		return error;
+	}
+
+	struct feature_policy *policy = get_policy(argv[0]);
+	policy->features &= ~get_features(argc, argv, &error);
+
+	if (error) {
+		return error;
+	}
+
+	sway_log(L_DEBUG, "Permissions granted to %s for features %d",
+			policy->program, policy->features);
+
+	return cmd_results_new(CMD_SUCCESS, NULL, NULL);
+}
diff --git a/sway/security.c b/sway/security.c
index 00e5e8d7..776bd527 100644
--- a/sway/security.c
+++ b/sway/security.c
@@ -4,6 +4,13 @@
 #include "sway/security.h"
 #include "log.h"
 
+struct feature_policy *alloc_feature_policy(const char *program) {
+	struct feature_policy *policy = malloc(sizeof(struct feature_policy));
+	policy->program = strdup(program);
+	policy->features = FEATURE_FULLSCREEN | FEATURE_KEYBOARD | FEATURE_MOUSE;
+	return policy;
+}
+
 enum secure_feature get_feature_policy(pid_t pid) {
 	const char *fmt = "/proc/%d/exe";
 	int pathlen = snprintf(NULL, 0, fmt, pid);