diff options
Diffstat (limited to 'sway/commands')
| -rw-r--r-- | sway/commands/commands.c | 8 | ||||
| -rw-r--r-- | sway/commands/ipc.c | 28 | ||||
| -rw-r--r-- | sway/commands/permit.c | 21 |
3 files changed, 25 insertions, 32 deletions
diff --git a/sway/commands/commands.c b/sway/commands/commands.c index 8c7ed487..0c64970c 100644 --- a/sway/commands/commands.c +++ b/sway/commands/commands.c @@ -10,6 +10,9 @@ struct cmd_results *cmd_commands(int argc, char **argv) { if ((error = checkarg(argc, "commands", EXPECTED_EQUAL_TO, 1))) { return error; } + if ((error = check_security_config())) { + return error; + } if (strcmp(argv[0], "{") != 0) { return cmd_results_new(CMD_FAILURE, "commands", "Expected block declaration"); @@ -19,10 +22,5 @@ struct cmd_results *cmd_commands(int argc, char **argv) { return cmd_results_new(CMD_FAILURE, "commands", "Can only be used in config file."); } - if (!current_config_path || strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) { - return cmd_results_new(CMD_INVALID, "permit", - "This command is only permitted to run from " SYSCONFDIR "/sway/security"); - } - return cmd_results_new(CMD_BLOCK_COMMANDS, NULL, NULL); } diff --git a/sway/commands/ipc.c b/sway/commands/ipc.c index 113a975b..8a7b849f 100644 --- a/sway/commands/ipc.c +++ b/sway/commands/ipc.c @@ -1,18 +1,26 @@ #include <stdio.h> #include <string.h> +#include "sway/security.h" #include "sway/commands.h" #include "sway/config.h" #include "ipc.h" #include "log.h" #include "util.h" +static struct ipc_policy *current_policy = NULL; + struct cmd_results *cmd_ipc(int argc, char **argv) { struct cmd_results *error = NULL; - if ((error = checkarg(argc, "ipc", EXPECTED_EQUAL_TO, 1))) { + if ((error = checkarg(argc, "ipc", EXPECTED_EQUAL_TO, 2))) { + return error; + } + if ((error = check_security_config())) { return error; } - if (config->reading && strcmp("{", argv[0]) != 0) { + const char *program = argv[0]; + + if (config->reading && strcmp("{", argv[1]) != 0) { return cmd_results_new(CMD_INVALID, "ipc", "Expected '{' at start of IPC config definition."); } @@ -21,10 +29,8 @@ struct cmd_results *cmd_ipc(int argc, char **argv) { return cmd_results_new(CMD_FAILURE, "ipc", "Can only be used in config file."); } - if (!current_config_path || strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) { - return cmd_results_new(CMD_INVALID, "permit", - "This command is only permitted to run from " SYSCONFDIR "/sway/security"); - } + current_policy = alloc_ipc_policy(program); + list_add(config->ipc_policies, current_policy); return cmd_results_new(CMD_BLOCK_IPC, NULL, NULL); } @@ -67,6 +73,7 @@ struct cmd_results *cmd_ipc_cmd(int argc, char **argv) { char *name; enum ipc_feature type; } types[] = { + { "*", IPC_FEATURE_ALL_COMMANDS }, { "command", IPC_FEATURE_COMMAND }, { "workspaces", IPC_FEATURE_GET_WORKSPACES }, { "outputs", IPC_FEATURE_GET_OUTPUTS }, @@ -86,10 +93,10 @@ struct cmd_results *cmd_ipc_cmd(int argc, char **argv) { } if (enabled) { - config->ipc_policy |= type; + current_policy->features |= type; sway_log(L_DEBUG, "Enabled IPC %s feature", argv[-1]); } else { - config->ipc_policy &= ~type; + current_policy->features &= ~type; sway_log(L_DEBUG, "Disabled IPC %s feature", argv[-1]); } @@ -116,6 +123,7 @@ struct cmd_results *cmd_ipc_event_cmd(int argc, char **argv) { char *name; enum ipc_feature type; } types[] = { + { "*", IPC_FEATURE_ALL_EVENTS }, { "workspace", IPC_FEATURE_EVENT_WORKSPACE }, { "output", IPC_FEATURE_EVENT_OUTPUT }, { "mode", IPC_FEATURE_EVENT_MODE }, @@ -134,10 +142,10 @@ struct cmd_results *cmd_ipc_event_cmd(int argc, char **argv) { } if (enabled) { - config->ipc_policy |= type; + current_policy->features |= type; sway_log(L_DEBUG, "Enabled IPC %s event", argv[-1]); } else { - config->ipc_policy &= ~type; + current_policy->features &= ~type; sway_log(L_DEBUG, "Disabled IPC %s event", argv[-1]); } diff --git a/sway/commands/permit.c b/sway/commands/permit.c index 1b2a30bf..e2bec2e2 100644 --- a/sway/commands/permit.c +++ b/sway/commands/permit.c @@ -19,7 +19,6 @@ static enum secure_feature get_features(int argc, char **argv, { "fullscreen", FEATURE_FULLSCREEN }, { "keyboard", FEATURE_KEYBOARD }, { "mouse", FEATURE_MOUSE }, - { "ipc", FEATURE_IPC }, }; for (int i = 1; i < argc; ++i) { @@ -63,19 +62,13 @@ struct cmd_results *cmd_permit(int argc, char **argv) { if ((error = checkarg(argc, "permit", EXPECTED_MORE_THAN, 1))) { return error; } - - if (!current_config_path || strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) { - return cmd_results_new(CMD_INVALID, "permit", - "This command is only permitted to run from " SYSCONFDIR "/sway/security"); + if ((error = check_security_config())) { + return error; } struct feature_policy *policy = get_policy(argv[0]); policy->features |= get_features(argc, argv, &error); - if (error) { - return error; - } - sway_log(L_DEBUG, "Permissions granted to %s for features %d", policy->program, policy->features); @@ -87,19 +80,13 @@ struct cmd_results *cmd_reject(int argc, char **argv) { if ((error = checkarg(argc, "reject", EXPECTED_MORE_THAN, 1))) { return error; } - - if (!current_config_path || strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) { - return cmd_results_new(CMD_INVALID, "permit", - "This command is only permitted to run from " SYSCONFDIR "/sway/security"); + if ((error = check_security_config())) { + return error; } struct feature_policy *policy = get_policy(argv[0]); policy->features &= ~get_features(argc, argv, &error); - if (error) { - return error; - } - sway_log(L_DEBUG, "Permissions granted to %s for features %d", policy->program, policy->features); |