From 26752932003145c89a0cd8d39c9944d6f5917837 Mon Sep 17 00:00:00 2001 From: Drew DeVault Date: Thu, 1 Dec 2016 19:58:11 -0500 Subject: Implement policy lookups --- include/sway/security.h | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 include/sway/security.h (limited to 'include/sway/security.h') diff --git a/include/sway/security.h b/include/sway/security.h new file mode 100644 index 00000000..efc25ce6 --- /dev/null +++ b/include/sway/security.h @@ -0,0 +1,9 @@ +#ifndef _SWAY_SECURITY_H +#define _SWAY_SECURITY_H +#include +#include "sway/config.h" + +const struct feature_permissions *get_permissions(pid_t pid); +enum command_context get_command_context(const char *cmd); + +#endif -- cgit v1.2.3 From 76cab04b4d7828f3c4f607c49e1e6ad78aa6e3da Mon Sep 17 00:00:00 2001 From: Drew DeVault Date: Thu, 1 Dec 2016 21:36:43 -0500 Subject: Implement permit and reject commands --- config | 204 ------------------------------------------------ config.d/security | 52 ------------ config.d/security.in | 52 ++++++++++++ config.in | 198 ++++++++++++++++++++++++++++++++++++++++++++++ include/security.h | 9 --- include/sway/commands.h | 2 + include/sway/security.h | 6 +- sway/commands.c | 2 + sway/commands/permit.c | 95 ++++++++++++++++++++++ sway/security.c | 7 ++ 10 files changed, 360 insertions(+), 267 deletions(-) delete mode 100644 config delete mode 100644 config.d/security create mode 100644 config.d/security.in create mode 100644 config.in delete mode 100644 include/security.h create mode 100644 sway/commands/permit.c (limited to 'include/sway/security.h') diff --git a/config b/config deleted file mode 100644 index 47bf1e4f..00000000 --- a/config +++ /dev/null @@ -1,204 +0,0 @@ -# Default config for sway -# -# Copy this to ~/.config/sway/config and edit it to your liking. -# -# Read `man 5 sway` for a complete reference. - -### Variables -# -# Logo key. Use Mod1 for Alt. -set $mod Mod4 -# Home row direction keys, like vim -set $left h -set $down j -set $up k -set $right l -# Your preferred terminal emulator -set $term urxvt -# Your preferred application launcher -set $menu dmenu_run - -### Output configuration -# -# Default wallpaper (more resolutions are available in /usr/share/sway/) -output * bg /usr/share/sway/Sway_Wallpaper_Blue_1920x1080.png fill -# -# Example configuration: -# -# output HDMI-A-1 resolution 1920x1080 position 1920,0 -# -# You can get the names of your outputs by running: swaymsg -t get_outputs - -### Input configuration -# -# Example configuration: -# -# input "2:14:SynPS/2_Synaptics_TouchPad" { -# dwt enabled -# tap enabled -# natural_scroll enabled -# middle_emulation enabled -# } -# -# You can get the names of your inputs by running: swaymsg -t get_inputs -# The escape symbol "\" has to be removed. -# Read `man 5 sway-input` for more information about this section. - -### Key bindings -# -# Basics: -# - # start a terminal - bindsym $mod+Return exec $term - - # kill focused window - bindsym $mod+Shift+q kill - - # start your launcher - bindsym $mod+d exec $menu - - # Drag floating windows by holding down $mod and left mouse button. - # Resize them with right mouse button + $mod. - # Despite the name, also works for non-floating windows. - # Change normal to inverse to use left mouse button for resizing and right - # mouse button for dragging. - floating_modifier $mod normal - - # reload the configuration file - bindsym $mod+Shift+c reload - - # exit sway (logs you out of your wayland session) - bindsym $mod+Shift+e exit -# -# Moving around: -# - # Move your focus around - bindsym $mod+$left focus left - bindsym $mod+$down focus down - bindsym $mod+$up focus up - bindsym $mod+$right focus right - # or use $mod+[up|down|left|right] - bindsym $mod+Left focus left - bindsym $mod+Down focus down - bindsym $mod+Up focus up - bindsym $mod+Right focus right - - # _move_ the focused window with the same, but add Shift - bindsym $mod+Shift+$left move left - bindsym $mod+Shift+$down move down - bindsym $mod+Shift+$up move up - bindsym $mod+Shift+$right move right - # ditto, with arrow keys - bindsym $mod+Shift+Left move left - bindsym $mod+Shift+Down move down - bindsym $mod+Shift+Up move up - bindsym $mod+Shift+Right move right -# -# Workspaces: -# - # switch to workspace - bindsym $mod+1 workspace 1 - bindsym $mod+2 workspace 2 - bindsym $mod+3 workspace 3 - bindsym $mod+4 workspace 4 - bindsym $mod+5 workspace 5 - bindsym $mod+6 workspace 6 - bindsym $mod+7 workspace 7 - bindsym $mod+8 workspace 8 - bindsym $mod+9 workspace 9 - bindsym $mod+0 workspace 10 - # move focused container to workspace - bindsym $mod+Shift+1 move container to workspace 1 - bindsym $mod+Shift+2 move container to workspace 2 - bindsym $mod+Shift+3 move container to workspace 3 - bindsym $mod+Shift+4 move container to workspace 4 - bindsym $mod+Shift+5 move container to workspace 5 - bindsym $mod+Shift+6 move container to workspace 6 - bindsym $mod+Shift+7 move container to workspace 7 - bindsym $mod+Shift+8 move container to workspace 8 - bindsym $mod+Shift+9 move container to workspace 9 - bindsym $mod+Shift+0 move container to workspace 10 - # Note: workspaces can have any name you want, not just numbers. - # We just use 1-10 as the default. -# -# Layout stuff: -# - # You can "split" the current object of your focus with - # $mod+b or $mod+v, for horizontal and vertical splits - # respectively. - bindsym $mod+b splith - bindsym $mod+v splitv - - # Switch the current container between different layout styles - bindsym $mod+s layout stacking - bindsym $mod+w layout tabbed - bindsym $mod+e layout toggle split - - # Make the current focus fullscreen - bindsym $mod+f fullscreen - - # Toggle the current focus between tiling and floating mode - bindsym $mod+Shift+space floating toggle - - # Swap focus between the tiling area and the floating area - bindsym $mod+space focus mode_toggle - - # move focus to the parent container - bindsym $mod+a focus parent -# -# Scratchpad: -# - # Sway has a "scratchpad", which is a bag of holding for windows. - # You can send windows there and get them back later. - - # Move the currently focused window to the scratchpad - bindsym $mod+Shift+minus move scratchpad - - # Show the next scratchpad window or hide the focused scratchpad window. - # If there are multiple scratchpad windows, this command cycles through them. - bindsym $mod+minus scratchpad show -# -# Resizing containers: -# -mode "resize" { - # left will shrink the containers width - # right will grow the containers width - # up will shrink the containers height - # down will grow the containers height - bindsym $left resize shrink width 10 px or 10 ppt - bindsym $down resize grow height 10 px or 10 ppt - bindsym $up resize shrink height 10 px or 10 ppt - bindsym $right resize grow width 10 px or 10 ppt - - # ditto, with arrow keys - bindsym Left resize shrink width 10 px or 10 ppt - bindsym Down resize grow height 10 px or 10 ppt - bindsym Up resize shrink height 10 px or 10 ppt - bindsym Right resize grow width 10 px or 10 ppt - - # return to default mode - bindsym Return mode "default" - bindsym Escape mode "default" -} -bindsym $mod+r mode "resize" - -# -# Status Bar: -# -# Read `man 5 sway-bar` for more information about this section. -bar { - position top - colors { - statusline #ffffff - background #323232 - inactive_workspace #32323200 #32323200 #5c5c5c - } -} - -# You may want this: -# -# include ~/.config/sway/conf.d/* -# -# Protip: -# -# include ~/.config/sway/`hostname`/* diff --git a/config.d/security b/config.d/security deleted file mode 100644 index fe75d8ea..00000000 --- a/config.d/security +++ /dev/null @@ -1,52 +0,0 @@ -# sway security rules -# -# Read sway-security(7) for details on how to secure your sway install. -# -# You MUST read this man page if you intend to attempt to secure your sway -# installation. - -# Configures which programs are allowed to use which sway features -permit $PREFIX/swaylock lock -permit $PREFIX/swaybar panel -permit $PREFIX/swaybg background -permit $PREFIX/swaygrab screenshot - -permit * fullscreen keyboard mouse - -# Configures which IPC features are enabled -ipc { - command enabled - outputs enabled - workspaces enabled - tree enabled - marks enabled - bar-config enabled - inputs enabled - - events { - workspace enabled - output enabled - mode enabled - window enabled - bar-config enabled - binding enabled - modifier enabled - input enabled - } -} - -# Limits the contexts from which certain commands are permitted -commands { - fullscreen binding criteria - bindsym config - exit binding - kill binding - - # You should not change these unless you know what you're doing - it could - # cripple your security - reload binding - restart binding - permit config - reject config - ipc config -} diff --git a/config.d/security.in b/config.d/security.in new file mode 100644 index 00000000..f59b2980 --- /dev/null +++ b/config.d/security.in @@ -0,0 +1,52 @@ +# sway security rules +# +# Read sway-security(7) for details on how to secure your sway install. +# +# You MUST read this man page if you intend to attempt to secure your sway +# installation. + +# Configures which programs are allowed to use which sway features +permit __PREFIX__/swaylock lock +permit __PREFIX__/swaybar panel +permit __PREFIX__/swaybg background +permit __PREFIX__/swaygrab screenshot + +permit * fullscreen keyboard mouse + +# Configures which IPC features are enabled +ipc { + command enabled + outputs enabled + workspaces enabled + tree enabled + marks enabled + bar-config enabled + inputs enabled + + events { + workspace enabled + output enabled + mode enabled + window enabled + bar-config enabled + binding enabled + modifier enabled + input enabled + } +} + +# Limits the contexts from which certain commands are permitted +commands { + fullscreen binding criteria + bindsym config + exit binding + kill binding + + # You should not change these unless you know what you're doing - it could + # cripple your security + reload binding + restart binding + permit config + reject config + ipc config +} diff --git a/config.in b/config.in new file mode 100644 index 00000000..ddd0fec5 --- /dev/null +++ b/config.in @@ -0,0 +1,198 @@ +# Default config for sway +# +# Copy this to ~/.config/sway/config and edit it to your liking. +# +# Read `man 5 sway` for a complete reference. + +### Variables +# +# Logo key. Use Mod1 for Alt. +set $mod Mod4 +# Home row direction keys, like vim +set $left h +set $down j +set $up k +set $right l +# Your preferred terminal emulator +set $term urxvt +# Your preferred application launcher +set $menu dmenu_run + +### Output configuration +# +# Default wallpaper (more resolutions are available in /usr/share/sway/) +output * bg /usr/share/sway/Sway_Wallpaper_Blue_1920x1080.png fill +# +# Example configuration: +# +# output HDMI-A-1 resolution 1920x1080 position 1920,0 +# +# You can get the names of your outputs by running: swaymsg -t get_outputs + +### Input configuration +# +# Example configuration: +# +# input "2:14:SynPS/2_Synaptics_TouchPad" { +# dwt enabled +# tap enabled +# natural_scroll enabled +# middle_emulation enabled +# } +# +# You can get the names of your inputs by running: swaymsg -t get_inputs +# The escape symbol "\" has to be removed. +# Read `man 5 sway-input` for more information about this section. + +### Key bindings +# +# Basics: +# + # start a terminal + bindsym $mod+Return exec $term + + # kill focused window + bindsym $mod+Shift+q kill + + # start your launcher + bindsym $mod+d exec $menu + + # Drag floating windows by holding down $mod and left mouse button. + # Resize them with right mouse button + $mod. + # Despite the name, also works for non-floating windows. + # Change normal to inverse to use left mouse button for resizing and right + # mouse button for dragging. + floating_modifier $mod normal + + # reload the configuration file + bindsym $mod+Shift+c reload + + # exit sway (logs you out of your wayland session) + bindsym $mod+Shift+e exit +# +# Moving around: +# + # Move your focus around + bindsym $mod+$left focus left + bindsym $mod+$down focus down + bindsym $mod+$up focus up + bindsym $mod+$right focus right + # or use $mod+[up|down|left|right] + bindsym $mod+Left focus left + bindsym $mod+Down focus down + bindsym $mod+Up focus up + bindsym $mod+Right focus right + + # _move_ the focused window with the same, but add Shift + bindsym $mod+Shift+$left move left + bindsym $mod+Shift+$down move down + bindsym $mod+Shift+$up move up + bindsym $mod+Shift+$right move right + # ditto, with arrow keys + bindsym $mod+Shift+Left move left + bindsym $mod+Shift+Down move down + bindsym $mod+Shift+Up move up + bindsym $mod+Shift+Right move right +# +# Workspaces: +# + # switch to workspace + bindsym $mod+1 workspace 1 + bindsym $mod+2 workspace 2 + bindsym $mod+3 workspace 3 + bindsym $mod+4 workspace 4 + bindsym $mod+5 workspace 5 + bindsym $mod+6 workspace 6 + bindsym $mod+7 workspace 7 + bindsym $mod+8 workspace 8 + bindsym $mod+9 workspace 9 + bindsym $mod+0 workspace 10 + # move focused container to workspace + bindsym $mod+Shift+1 move container to workspace 1 + bindsym $mod+Shift+2 move container to workspace 2 + bindsym $mod+Shift+3 move container to workspace 3 + bindsym $mod+Shift+4 move container to workspace 4 + bindsym $mod+Shift+5 move container to workspace 5 + bindsym $mod+Shift+6 move container to workspace 6 + bindsym $mod+Shift+7 move container to workspace 7 + bindsym $mod+Shift+8 move container to workspace 8 + bindsym $mod+Shift+9 move container to workspace 9 + bindsym $mod+Shift+0 move container to workspace 10 + # Note: workspaces can have any name you want, not just numbers. + # We just use 1-10 as the default. +# +# Layout stuff: +# + # You can "split" the current object of your focus with + # $mod+b or $mod+v, for horizontal and vertical splits + # respectively. + bindsym $mod+b splith + bindsym $mod+v splitv + + # Switch the current container between different layout styles + bindsym $mod+s layout stacking + bindsym $mod+w layout tabbed + bindsym $mod+e layout toggle split + + # Make the current focus fullscreen + bindsym $mod+f fullscreen + + # Toggle the current focus between tiling and floating mode + bindsym $mod+Shift+space floating toggle + + # Swap focus between the tiling area and the floating area + bindsym $mod+space focus mode_toggle + + # move focus to the parent container + bindsym $mod+a focus parent +# +# Scratchpad: +# + # Sway has a "scratchpad", which is a bag of holding for windows. + # You can send windows there and get them back later. + + # Move the currently focused window to the scratchpad + bindsym $mod+Shift+minus move scratchpad + + # Show the next scratchpad window or hide the focused scratchpad window. + # If there are multiple scratchpad windows, this command cycles through them. + bindsym $mod+minus scratchpad show +# +# Resizing containers: +# +mode "resize" { + # left will shrink the containers width + # right will grow the containers width + # up will shrink the containers height + # down will grow the containers height + bindsym $left resize shrink width 10 px or 10 ppt + bindsym $down resize grow height 10 px or 10 ppt + bindsym $up resize shrink height 10 px or 10 ppt + bindsym $right resize grow width 10 px or 10 ppt + + # ditto, with arrow keys + bindsym Left resize shrink width 10 px or 10 ppt + bindsym Down resize grow height 10 px or 10 ppt + bindsym Up resize shrink height 10 px or 10 ppt + bindsym Right resize grow width 10 px or 10 ppt + + # return to default mode + bindsym Return mode "default" + bindsym Escape mode "default" +} +bindsym $mod+r mode "resize" + +# +# Status Bar: +# +# Read `man 5 sway-bar` for more information about this section. +bar { + position top + colors { + statusline #ffffff + background #323232 + inactive_workspace #32323200 #32323200 #5c5c5c + } +} + +include __SYSCONFDIR__/etc/sway/config.d/* diff --git a/include/security.h b/include/security.h deleted file mode 100644 index 3a5dbca0..00000000 --- a/include/security.h +++ /dev/null @@ -1,9 +0,0 @@ -#ifndef _SWAY_SECURITY_H -#define _SWAY_SECURITY_H -#include -#include "sway/config.h" - -enum secure_features get_feature_policy(pid_t pid); -enum command_context get_command_policy(const char *cmd); - -#endif diff --git a/include/sway/commands.h b/include/sway/commands.h index db5e94d9..1d5d56ac 100644 --- a/include/sway/commands.h +++ b/include/sway/commands.h @@ -122,6 +122,8 @@ sway_cmd cmd_new_float; sway_cmd cmd_new_window; sway_cmd cmd_orientation; sway_cmd cmd_output; +sway_cmd cmd_permit; +sway_cmd cmd_reject; sway_cmd cmd_reload; sway_cmd cmd_resize; sway_cmd cmd_scratchpad; diff --git a/include/sway/security.h b/include/sway/security.h index efc25ce6..ae2de0d8 100644 --- a/include/sway/security.h +++ b/include/sway/security.h @@ -3,7 +3,9 @@ #include #include "sway/config.h" -const struct feature_permissions *get_permissions(pid_t pid); -enum command_context get_command_context(const char *cmd); +enum secure_feature get_feature_policy(pid_t pid); +enum command_context get_command_policy(const char *cmd); + +struct feature_policy *alloc_feature_policy(const char *program); #endif diff --git a/sway/commands.c b/sway/commands.c index de29a7af..e2bafcb2 100644 --- a/sway/commands.c +++ b/sway/commands.c @@ -187,6 +187,8 @@ static struct cmd_handler handlers[] = { { "new_float", cmd_new_float }, { "new_window", cmd_new_window }, { "output", cmd_output }, + { "permit", cmd_permit }, + { "reject", cmd_reject }, { "reload", cmd_reload }, { "resize", cmd_resize }, { "scratchpad", cmd_scratchpad }, diff --git a/sway/commands/permit.c b/sway/commands/permit.c new file mode 100644 index 00000000..8a7bb98c --- /dev/null +++ b/sway/commands/permit.c @@ -0,0 +1,95 @@ +#include +#include "sway/commands.h" +#include "sway/config.h" +#include "sway/security.h" +#include "log.h" + +static enum secure_feature get_features(int argc, char **argv, + struct cmd_results **error) { + enum secure_feature features = 0; + + struct { + char *name; + enum secure_feature feature; + } feature_names[] = { + { "lock", FEATURE_LOCK }, + { "panel", FEATURE_PANEL }, + { "background", FEATURE_BACKGROUND }, + { "screenshot", FEATURE_SCREENSHOT }, + { "fullscreen", FEATURE_FULLSCREEN }, + { "keyboard", FEATURE_KEYBOARD }, + { "mouse", FEATURE_MOUSE }, + }; + size_t names_len = sizeof(feature_names) / + (sizeof(char *) + sizeof(enum secure_feature)); + + for (int i = 1; i < argc; ++i) { + size_t j; + for (j = 0; j < names_len; ++j) { + if (strcmp(feature_names[j].name, argv[i]) == 0) { + break; + } + } + if (j == names_len) { + *error = cmd_results_new(CMD_INVALID, + "permit", "Invalid feature grant %s", argv[i]); + return 0; + } + features |= feature_names[j].feature; + } + return features; +} + +static struct feature_policy *get_policy(const char *name) { + struct feature_policy *policy = NULL; + for (int i = 0; i < config->feature_policies->length; ++i) { + struct feature_policy *p = config->feature_policies->items[i]; + if (strcmp(p->program, name) == 0) { + policy = p; + break; + } + } + if (!policy) { + policy = alloc_feature_policy(name); + list_add(config->feature_policies, policy); + } + return policy; +} + +struct cmd_results *cmd_permit(int argc, char **argv) { + struct cmd_results *error = NULL; + if ((error = checkarg(argc, "permit", EXPECTED_MORE_THAN, 1))) { + return error; + } + + struct feature_policy *policy = get_policy(argv[0]); + policy->features |= get_features(argc, argv, &error); + + if (error) { + return error; + } + + sway_log(L_DEBUG, "Permissions granted to %s for features %d", + policy->program, policy->features); + + return cmd_results_new(CMD_SUCCESS, NULL, NULL); +} + +struct cmd_results *cmd_reject(int argc, char **argv) { + struct cmd_results *error = NULL; + if ((error = checkarg(argc, "reject", EXPECTED_MORE_THAN, 1))) { + return error; + } + + struct feature_policy *policy = get_policy(argv[0]); + policy->features &= ~get_features(argc, argv, &error); + + if (error) { + return error; + } + + sway_log(L_DEBUG, "Permissions granted to %s for features %d", + policy->program, policy->features); + + return cmd_results_new(CMD_SUCCESS, NULL, NULL); +} diff --git a/sway/security.c b/sway/security.c index 00e5e8d7..776bd527 100644 --- a/sway/security.c +++ b/sway/security.c @@ -4,6 +4,13 @@ #include "sway/security.h" #include "log.h" +struct feature_policy *alloc_feature_policy(const char *program) { + struct feature_policy *policy = malloc(sizeof(struct feature_policy)); + policy->program = strdup(program); + policy->features = FEATURE_FULLSCREEN | FEATURE_KEYBOARD | FEATURE_MOUSE; + return policy; +} + enum secure_feature get_feature_policy(pid_t pid) { const char *fmt = "/proc/%d/exe"; int pathlen = snprintf(NULL, 0, fmt, pid); -- cgit v1.2.3 From f23880b1fdd70a21b04317c18208a1f3ce356839 Mon Sep 17 00:00:00 2001 From: Drew DeVault Date: Fri, 2 Dec 2016 08:10:03 -0500 Subject: Add support for command policies in config file --- include/sway/commands.h | 10 +++++- include/sway/security.h | 1 + sway/commands.c | 82 +++++++++++++++++++++++++++++++++++++++++++++++- sway/commands/commands.c | 23 ++++++++++++++ sway/commands/permit.c | 3 +- sway/config.c | 21 ++++++++++++- sway/security.c | 10 ++++-- 7 files changed, 142 insertions(+), 8 deletions(-) create mode 100644 sway/commands/commands.c (limited to 'include/sway/security.h') diff --git a/include/sway/commands.h b/include/sway/commands.h index 1d5d56ac..ccc3cf58 100644 --- a/include/sway/commands.h +++ b/include/sway/commands.h @@ -18,7 +18,10 @@ enum cmd_status { CMD_BLOCK_MODE, CMD_BLOCK_BAR, CMD_BLOCK_BAR_COLORS, - CMD_BLOCK_INPUT + CMD_BLOCK_INPUT, + CMD_BLOCK_COMMANDS, + CMD_BLOCK_IPC, + CMD_BLOCK_IPC_EVENTS, }; /** @@ -58,6 +61,10 @@ struct cmd_results *handle_command(char *command); * Do not use this under normal conditions. */ struct cmd_results *config_command(char *command, enum cmd_status block); +/* + * Parses a command policy rule. + */ +struct cmd_results *config_commands_command(char *exec); /** * Allocates a cmd_results object. @@ -93,6 +100,7 @@ sway_cmd cmd_client_unfocused; sway_cmd cmd_client_urgent; sway_cmd cmd_client_placeholder; sway_cmd cmd_client_background; +sway_cmd cmd_commands; sway_cmd cmd_debuglog; sway_cmd cmd_exec; sway_cmd cmd_exec_always; diff --git a/include/sway/security.h b/include/sway/security.h index ae2de0d8..aa51fd81 100644 --- a/include/sway/security.h +++ b/include/sway/security.h @@ -7,5 +7,6 @@ enum secure_feature get_feature_policy(pid_t pid); enum command_context get_command_policy(const char *cmd); struct feature_policy *alloc_feature_policy(const char *program); +struct command_policy *alloc_command_policy(const char *command); #endif diff --git a/sway/commands.c b/sway/commands.c index e2bafcb2..0bfe9d13 100644 --- a/sway/commands.c +++ b/sway/commands.c @@ -26,6 +26,7 @@ #include "sway/input_state.h" #include "sway/criteria.h" #include "sway/ipc-server.h" +#include "sway/security.h" #include "sway/input.h" #include "sway/border.h" #include "stringop.h" @@ -158,6 +159,7 @@ static struct cmd_handler handlers[] = { { "client.placeholder", cmd_client_placeholder }, { "client.unfocused", cmd_client_unfocused }, { "client.urgent", cmd_client_urgent }, + { "commands", cmd_commands }, { "debuglog", cmd_debuglog }, { "default_orientation", cmd_orientation }, { "exec", cmd_exec }, @@ -460,7 +462,85 @@ struct cmd_results *config_command(char *exec, enum cmd_status block) { } else { results = cmd_results_new(CMD_INVALID, argv[0], "This command is shimmed, but unimplemented"); } - cleanup: + +cleanup: + free_argv(argc, argv); + return results; +} + +struct cmd_results *config_commands_command(char *exec) { + struct cmd_results *results = NULL; + int argc; + char **argv = split_args(exec, &argc); + if (!argc) { + results = cmd_results_new(CMD_SUCCESS, NULL, NULL); + goto cleanup; + } + + // Find handler for the command this is setting a policy for + char *cmd = argv[0]; + + if (strcmp(cmd, "}") == 0) { + results = cmd_results_new(CMD_BLOCK_END, NULL, NULL); + goto cleanup; + } + + struct cmd_handler *handler = find_handler(cmd, CMD_BLOCK_END); + if (!handler) { + char *input = cmd ? cmd : "(empty)"; + results = cmd_results_new(CMD_INVALID, input, "Unknown/invalid command"); + goto cleanup; + } + + enum command_context context = 0; + + struct { + char *name; + enum command_context context; + } context_names[] = { + { "config", CONTEXT_CONFIG }, + { "binding", CONTEXT_BINDING }, + { "ipc", CONTEXT_IPC }, + { "criteria", CONTEXT_CRITERIA }, + { "all", CONTEXT_ALL }, + }; + size_t names_len = 5; + + for (int i = 1; i < argc; ++i) { + size_t j; + for (j = 0; j < names_len; ++j) { + if (strcmp(context_names[j].name, argv[i]) == 0) { + break; + } + } + if (j == names_len) { + results = cmd_results_new(CMD_INVALID, cmd, + "Invalid command context %s", argv[i]); + goto cleanup; + } + context |= context_names[j].context; + } + + struct command_policy *policy = NULL; + for (int i = 0; i < config->command_policies->length; ++i) { + struct command_policy *p = config->command_policies->items[i]; + if (strcmp(p->command, cmd) == 0) { + policy = p; + break; + } + } + if (!policy) { + policy = alloc_command_policy(cmd); + list_add(config->command_policies, policy); + } + policy->context = context; + + sway_log(L_INFO, "Set command policy for %s to %d", + policy->command, policy->context); + + results = cmd_results_new(CMD_SUCCESS, NULL, NULL); + +cleanup: free_argv(argc, argv); return results; } diff --git a/sway/commands/commands.c b/sway/commands/commands.c new file mode 100644 index 00000000..5d248e30 --- /dev/null +++ b/sway/commands/commands.c @@ -0,0 +1,23 @@ +#include +#include +#include "sway/commands.h" +#include "sway/config.h" +#include "list.h" +#include "log.h" + +struct cmd_results *cmd_commands(int argc, char **argv) { + struct cmd_results *error = NULL; + if ((error = checkarg(argc, "commands", EXPECTED_EQUAL_TO, 1))) { + return error; + } + + if (strcmp(argv[0], "{") != 0) { + return cmd_results_new(CMD_FAILURE, "commands", "Expected block declaration"); + } + + if (!config->reading) { + return cmd_results_new(CMD_FAILURE, "commands", "Can only be used in config file."); + } + + return cmd_results_new(CMD_BLOCK_COMMANDS, NULL, NULL); +} diff --git a/sway/commands/permit.c b/sway/commands/permit.c index 8a7bb98c..258ea5b2 100644 --- a/sway/commands/permit.c +++ b/sway/commands/permit.c @@ -20,8 +20,7 @@ static enum secure_feature get_features(int argc, char **argv, { "keyboard", FEATURE_KEYBOARD }, { "mouse", FEATURE_MOUSE }, }; - size_t names_len = sizeof(feature_names) / - (sizeof(char *) + sizeof(enum secure_feature)); + size_t names_len = 7; for (int i = 1; i < argc; ++i) { size_t j; diff --git a/sway/config.c b/sway/config.c index a2f6a728..e55c6dea 100644 --- a/sway/config.c +++ b/sway/config.c @@ -580,7 +580,13 @@ bool read_config(FILE *file, struct sway_config *config) { free(line); continue; } - struct cmd_results *res = config_command(line, block); + struct cmd_results *res; + if (block == CMD_BLOCK_COMMANDS) { + // Special case + res = config_commands_command(line); + } else { + res = config_command(line, block); + } switch(res->status) { case CMD_FAILURE: case CMD_INVALID: @@ -626,6 +632,14 @@ bool read_config(FILE *file, struct sway_config *config) { } break; + case CMD_BLOCK_COMMANDS: + if (block == CMD_BLOCK_END) { + block = CMD_BLOCK_COMMANDS; + } else { + sway_log(L_ERROR, "Invalid block '%s'", line); + } + break; + case CMD_BLOCK_END: switch(block) { case CMD_BLOCK_MODE: @@ -651,6 +665,11 @@ bool read_config(FILE *file, struct sway_config *config) { block = CMD_BLOCK_BAR; break; + case CMD_BLOCK_COMMANDS: + sway_log(L_DEBUG, "End of commands block"); + block = CMD_BLOCK_END; + break; + case CMD_BLOCK_END: sway_log(L_ERROR, "Unmatched }"); break; diff --git a/sway/security.c b/sway/security.c index a4cecf16..670cae56 100644 --- a/sway/security.c +++ b/sway/security.c @@ -11,6 +11,13 @@ struct feature_policy *alloc_feature_policy(const char *program) { return policy; } +struct command_policy *alloc_command_policy(const char *command) { + struct command_policy *policy = malloc(sizeof(struct command_policy)); + policy->command = strdup(command); + policy->context = CONTEXT_ALL; + return policy; +} + enum secure_feature get_feature_policy(pid_t pid) { const char *fmt = "/proc/%d/exe"; int pathlen = snprintf(NULL, 0, fmt, pid); @@ -50,9 +57,6 @@ enum command_context get_command_policy(const char *cmd) { for (int i = 0; i < config->command_policies->length; ++i) { struct command_policy *policy = config->command_policies->items[i]; - if (strcmp(policy->command, "*") == 0) { - default_policy = policy->context; - } if (strcmp(policy->command, cmd) == 0) { return policy->context; } -- cgit v1.2.3 From 39cf9a82f7c1f7e5d7b4952cabf215c8459a99e2 Mon Sep 17 00:00:00 2001 From: Drew DeVault Date: Fri, 2 Dec 2016 08:17:45 -0500 Subject: Enforce command policies --- include/sway/commands.h | 2 +- include/sway/security.h | 2 ++ sway/commands.c | 12 +++++++++++- sway/handlers.c | 14 +++++++------- sway/ipc-server.c | 2 +- sway/security.c | 17 +++++++++++++++++ 6 files changed, 39 insertions(+), 10 deletions(-) (limited to 'include/sway/security.h') diff --git a/include/sway/commands.h b/include/sway/commands.h index ccc3cf58..9e8d013e 100644 --- a/include/sway/commands.h +++ b/include/sway/commands.h @@ -54,7 +54,7 @@ int sp_index; /** * Parse and handles a command. */ -struct cmd_results *handle_command(char *command); +struct cmd_results *handle_command(char *command, enum command_context context); /** * Parse and handles a command during config file loading. * diff --git a/include/sway/security.h b/include/sway/security.h index aa51fd81..1cc85bee 100644 --- a/include/sway/security.h +++ b/include/sway/security.h @@ -6,6 +6,8 @@ enum secure_feature get_feature_policy(pid_t pid); enum command_context get_command_policy(const char *cmd); +const char *command_policy_str(enum command_context context); + struct feature_policy *alloc_feature_policy(const char *program); struct command_policy *alloc_command_policy(const char *command); diff --git a/sway/commands.c b/sway/commands.c index 0bfe9d13..5d5087b1 100644 --- a/sway/commands.c +++ b/sway/commands.c @@ -323,7 +323,7 @@ static struct cmd_handler *find_handler(char *line, enum cmd_status block) { return res; } -struct cmd_results *handle_command(char *_exec) { +struct cmd_results *handle_command(char *_exec, enum command_context context) { // Even though this function will process multiple commands we will only // return the last error, if any (for now). (Since we have access to an // error string we could e.g. concatonate all errors there.) @@ -397,6 +397,16 @@ struct cmd_results *handle_command(char *_exec) { free_argv(argc, argv); goto cleanup; } + if (!(get_command_policy(argv[0]) & context)) { + if (results) { + free_cmd_results(results); + } + results = cmd_results_new(CMD_INVALID, cmd, + "Permission denied for %s via %s", cmd, + command_policy_str(context)); + free_argv(argc, argv); + goto cleanup; + } struct cmd_results *res = handler->handle(argc-1, argv+1); if (res->status != CMD_SUCCESS) { free_argv(argc, argv); diff --git a/sway/handlers.c b/sway/handlers.c index a329329d..ee52ba38 100644 --- a/sway/handlers.c +++ b/sway/handlers.c @@ -386,7 +386,7 @@ static bool handle_view_created(wlc_handle handle) { struct criteria *crit = criteria->items[i]; sway_log(L_DEBUG, "for_window '%s' matches new view %p, cmd: '%s'", crit->crit_raw, newview, crit->cmdlist); - struct cmd_results *res = handle_command(crit->cmdlist); + struct cmd_results *res = handle_command(crit->cmdlist, CONTEXT_CRITERIA); if (res->status != CMD_SUCCESS) { sway_log(L_ERROR, "Command '%s' failed: %s", res->input, res->error); } @@ -585,7 +585,7 @@ static void handle_binding_command(struct sway_binding *binding) { reload = true; } - struct cmd_results *res = handle_command(binding->command); + struct cmd_results *res = handle_command(binding->command, CONTEXT_BINDING); if (res->status != CMD_SUCCESS) { sway_log(L_ERROR, "Command '%s' failed: %s", res->input, res->error); } @@ -936,18 +936,18 @@ bool handle_pointer_scroll(wlc_handle view, uint32_t time, const struct wlc_modi int y_amount = (int)_amount[1]; if (x_amount > 0 && strcmp(config->floating_scroll_up_cmd, "")) { - handle_command(config->floating_scroll_up_cmd); + handle_command(config->floating_scroll_up_cmd, CONTEXT_BINDING); return EVENT_HANDLED; } else if (x_amount < 0 && strcmp(config->floating_scroll_down_cmd, "")) { - handle_command(config->floating_scroll_down_cmd); + handle_command(config->floating_scroll_down_cmd, CONTEXT_BINDING); return EVENT_HANDLED; } if (y_amount > 0 && strcmp(config->floating_scroll_right_cmd, "")) { - handle_command(config->floating_scroll_right_cmd); + handle_command(config->floating_scroll_right_cmd, CONTEXT_BINDING); return EVENT_HANDLED; } else if (y_amount < 0 && strcmp(config->floating_scroll_left_cmd, "")) { - handle_command(config->floating_scroll_left_cmd); + handle_command(config->floating_scroll_left_cmd, CONTEXT_BINDING); return EVENT_HANDLED; } } @@ -960,7 +960,7 @@ static void handle_wlc_ready(void) { config->active = true; while (config->cmd_queue->length) { char *line = config->cmd_queue->items[0]; - struct cmd_results *res = handle_command(line); + struct cmd_results *res = handle_command(line, CONTEXT_CONFIG); if (res->status != CMD_SUCCESS) { sway_log(L_ERROR, "Error on line '%s': %s", line, res->error); } diff --git a/sway/ipc-server.c b/sway/ipc-server.c index ebb5ce58..e575081b 100644 --- a/sway/ipc-server.c +++ b/sway/ipc-server.c @@ -312,7 +312,7 @@ void ipc_client_handle_command(struct ipc_client *client) { switch (client->current_command) { case IPC_COMMAND: { - struct cmd_results *results = handle_command(buf); + struct cmd_results *results = handle_command(buf, CONTEXT_IPC); const char *json = cmd_results_to_json(results); char reply[256]; int length = snprintf(reply, sizeof(reply), "%s", json); diff --git a/sway/security.c b/sway/security.c index 670cae56..2ccc30fd 100644 --- a/sway/security.c +++ b/sway/security.c @@ -64,3 +64,20 @@ enum command_context get_command_policy(const char *cmd) { return default_policy; } + +const char *command_policy_str(enum command_context context) { + switch (context) { + case CONTEXT_ALL: + return "all"; + case CONTEXT_CONFIG: + return "config"; + case CONTEXT_BINDING: + return "binding"; + case CONTEXT_IPC: + return "IPC"; + case CONTEXT_CRITERIA: + return "criteria"; + default: + return "unknown"; + } +} -- cgit v1.2.3