aboutsummaryrefslogtreecommitdiff
path: root/sway
diff options
context:
space:
mode:
authorDrew DeVault <sir@cmpwn.com>2016-12-03 12:38:42 -0500
committerDrew DeVault <sir@cmpwn.com>2016-12-03 12:38:42 -0500
commite7a764fdf450a8259ddbc17446dd720fa1157b44 (patch)
treee0ec272832e88e6c8d92719efa70c6749452daff /sway
parent93d99f37126b93176677fb22cf7500d10f3db6e4 (diff)
Disallow everything by default
And update config.d/security to configure sane defaults
Diffstat (limited to 'sway')
-rw-r--r--sway/commands.c2
-rw-r--r--sway/security.c21
-rw-r--r--sway/sway-security.7.txt19
3 files changed, 31 insertions, 11 deletions
diff --git a/sway/commands.c b/sway/commands.c
index 3d8f8c5b..d87d0084 100644
--- a/sway/commands.c
+++ b/sway/commands.c
@@ -524,7 +524,7 @@ struct cmd_results *config_commands_command(char *exec) {
}
struct cmd_handler *handler = find_handler(cmd, CMD_BLOCK_END);
- if (!handler) {
+ if (!handler && strcmp(cmd, "*") != 0) {
char *input = cmd ? cmd : "(empty)";
results = cmd_results_new(CMD_INVALID, input, "Unknown/invalid command");
goto cleanup;
diff --git a/sway/security.c b/sway/security.c
index 1d236b1d..f16fdd1f 100644
--- a/sway/security.c
+++ b/sway/security.c
@@ -5,16 +5,25 @@
#include "log.h"
struct feature_policy *alloc_feature_policy(const char *program) {
+ uint32_t default_policy = 0;
+ for (int i = 0; i < config->feature_policies->length; ++i) {
+ struct feature_policy *policy = config->feature_policies->items[i];
+ if (strcmp(policy->program, "*") == 0) {
+ default_policy = policy->features;
+ break;
+ }
+ }
+
struct feature_policy *policy = malloc(sizeof(struct feature_policy));
policy->program = strdup(program);
- policy->features = FEATURE_FULLSCREEN | FEATURE_KEYBOARD | FEATURE_MOUSE | FEATURE_IPC;
+ policy->features = default_policy;
return policy;
}
struct command_policy *alloc_command_policy(const char *command) {
struct command_policy *policy = malloc(sizeof(struct command_policy));
policy->command = strdup(command);
- policy->context = CONTEXT_ALL;
+ policy->context = 0;
return policy;
}
@@ -25,8 +34,7 @@ enum secure_feature get_feature_policy(pid_t pid) {
snprintf(path, pathlen + 1, fmt, pid);
static char link[2048];
- enum secure_feature default_policy =
- FEATURE_FULLSCREEN | FEATURE_KEYBOARD | FEATURE_MOUSE;
+ uint32_t default_policy = 0;
ssize_t len = readlink(path, link, sizeof(link));
if (len < 0) {
@@ -53,10 +61,13 @@ enum secure_feature get_feature_policy(pid_t pid) {
}
enum command_context get_command_policy(const char *cmd) {
- enum command_context default_policy = CONTEXT_ALL;
+ uint32_t default_policy = 0;
for (int i = 0; i < config->command_policies->length; ++i) {
struct command_policy *policy = config->command_policies->items[i];
+ if (strcmp(policy->command, "*") == 0) {
+ default_policy = policy->context;
+ }
if (strcmp(policy->command, cmd) == 0) {
return policy->context;
}
diff --git a/sway/sway-security.7.txt b/sway/sway-security.7.txt
index 53c7b876..9a2581b1 100644
--- a/sway/sway-security.7.txt
+++ b/sway/sway-security.7.txt
@@ -124,8 +124,14 @@ To work correctly, sway's own programs require the following permissions:
- swaybg: background
- swaylock: lock, keyboard
-- swaybar: panel, mouse
-- swaygrab: screenshot
+- swaybar: panel, mouse, ipc
+- swaygrab: screenshot, ipc
+
+When you first declare a policy for an executable, it will inherit the default
+policy. Further changes to the default policy will not retroactively affect which
+permissions an earlier policy inherits. You must explicitly reject any features
+from the default policy that you do not want an executable to receive permission
+for.
Command policies
----------------
@@ -145,6 +151,9 @@ contexts you can control are:
**criteria**::
Can be run when evaluating window criteria.
+**all**::
+ Shorthand for granting permission in all contexts.
+
By default a command is allowed to execute in any context. To configure this, open
a commands block and fill it with policies:
@@ -160,13 +169,13 @@ binding and critiera:
focus binding criteria
}
+Setting a command policy overwrites any previous policy that was in place.
+
IPC policies
------------
-By default all programs can connect to IPC for backwards compatability with i3.
-However, you can whitelist IPC access like so:
+You may whitelist IPC access like so:
- reject * ipc
permit /usr/bin/swaybar ipc
permit /usr/bin/swaygrab ipc
# etc