From 76cab04b4d7828f3c4f607c49e1e6ad78aa6e3da Mon Sep 17 00:00:00 2001 From: Drew DeVault Date: Thu, 1 Dec 2016 21:36:43 -0500 Subject: Implement permit and reject commands --- sway/commands/permit.c | 95 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100644 sway/commands/permit.c (limited to 'sway/commands') diff --git a/sway/commands/permit.c b/sway/commands/permit.c new file mode 100644 index 00000000..8a7bb98c --- /dev/null +++ b/sway/commands/permit.c @@ -0,0 +1,95 @@ +#include +#include "sway/commands.h" +#include "sway/config.h" +#include "sway/security.h" +#include "log.h" + +static enum secure_feature get_features(int argc, char **argv, + struct cmd_results **error) { + enum secure_feature features = 0; + + struct { + char *name; + enum secure_feature feature; + } feature_names[] = { + { "lock", FEATURE_LOCK }, + { "panel", FEATURE_PANEL }, + { "background", FEATURE_BACKGROUND }, + { "screenshot", FEATURE_SCREENSHOT }, + { "fullscreen", FEATURE_FULLSCREEN }, + { "keyboard", FEATURE_KEYBOARD }, + { "mouse", FEATURE_MOUSE }, + }; + size_t names_len = sizeof(feature_names) / + (sizeof(char *) + sizeof(enum secure_feature)); + + for (int i = 1; i < argc; ++i) { + size_t j; + for (j = 0; j < names_len; ++j) { + if (strcmp(feature_names[j].name, argv[i]) == 0) { + break; + } + } + if (j == names_len) { + *error = cmd_results_new(CMD_INVALID, + "permit", "Invalid feature grant %s", argv[i]); + return 0; + } + features |= feature_names[j].feature; + } + return features; +} + +static struct feature_policy *get_policy(const char *name) { + struct feature_policy *policy = NULL; + for (int i = 0; i < config->feature_policies->length; ++i) { + struct feature_policy *p = config->feature_policies->items[i]; + if (strcmp(p->program, name) == 0) { + policy = p; + break; + } + } + if (!policy) { + policy = alloc_feature_policy(name); + list_add(config->feature_policies, policy); + } + return policy; +} + +struct cmd_results *cmd_permit(int argc, char **argv) { + struct cmd_results *error = NULL; + if ((error = checkarg(argc, "permit", EXPECTED_MORE_THAN, 1))) { + return error; + } + + struct feature_policy *policy = get_policy(argv[0]); + policy->features |= get_features(argc, argv, &error); + + if (error) { + return error; + } + + sway_log(L_DEBUG, "Permissions granted to %s for features %d", + policy->program, policy->features); + + return cmd_results_new(CMD_SUCCESS, NULL, NULL); +} + +struct cmd_results *cmd_reject(int argc, char **argv) { + struct cmd_results *error = NULL; + if ((error = checkarg(argc, "reject", EXPECTED_MORE_THAN, 1))) { + return error; + } + + struct feature_policy *policy = get_policy(argv[0]); + policy->features &= ~get_features(argc, argv, &error); + + if (error) { + return error; + } + + sway_log(L_DEBUG, "Permissions granted to %s for features %d", + policy->program, policy->features); + + return cmd_results_new(CMD_SUCCESS, NULL, NULL); +} -- cgit v1.2.3 From f23880b1fdd70a21b04317c18208a1f3ce356839 Mon Sep 17 00:00:00 2001 From: Drew DeVault Date: Fri, 2 Dec 2016 08:10:03 -0500 Subject: Add support for command policies in config file --- include/sway/commands.h | 10 +++++- include/sway/security.h | 1 + sway/commands.c | 82 +++++++++++++++++++++++++++++++++++++++++++++++- sway/commands/commands.c | 23 ++++++++++++++ sway/commands/permit.c | 3 +- sway/config.c | 21 ++++++++++++- sway/security.c | 10 ++++-- 7 files changed, 142 insertions(+), 8 deletions(-) create mode 100644 sway/commands/commands.c (limited to 'sway/commands') diff --git a/include/sway/commands.h b/include/sway/commands.h index 1d5d56ac..ccc3cf58 100644 --- a/include/sway/commands.h +++ b/include/sway/commands.h @@ -18,7 +18,10 @@ enum cmd_status { CMD_BLOCK_MODE, CMD_BLOCK_BAR, CMD_BLOCK_BAR_COLORS, - CMD_BLOCK_INPUT + CMD_BLOCK_INPUT, + CMD_BLOCK_COMMANDS, + CMD_BLOCK_IPC, + CMD_BLOCK_IPC_EVENTS, }; /** @@ -58,6 +61,10 @@ struct cmd_results *handle_command(char *command); * Do not use this under normal conditions. */ struct cmd_results *config_command(char *command, enum cmd_status block); +/* + * Parses a command policy rule. + */ +struct cmd_results *config_commands_command(char *exec); /** * Allocates a cmd_results object. @@ -93,6 +100,7 @@ sway_cmd cmd_client_unfocused; sway_cmd cmd_client_urgent; sway_cmd cmd_client_placeholder; sway_cmd cmd_client_background; +sway_cmd cmd_commands; sway_cmd cmd_debuglog; sway_cmd cmd_exec; sway_cmd cmd_exec_always; diff --git a/include/sway/security.h b/include/sway/security.h index ae2de0d8..aa51fd81 100644 --- a/include/sway/security.h +++ b/include/sway/security.h @@ -7,5 +7,6 @@ enum secure_feature get_feature_policy(pid_t pid); enum command_context get_command_policy(const char *cmd); struct feature_policy *alloc_feature_policy(const char *program); +struct command_policy *alloc_command_policy(const char *command); #endif diff --git a/sway/commands.c b/sway/commands.c index e2bafcb2..0bfe9d13 100644 --- a/sway/commands.c +++ b/sway/commands.c @@ -26,6 +26,7 @@ #include "sway/input_state.h" #include "sway/criteria.h" #include "sway/ipc-server.h" +#include "sway/security.h" #include "sway/input.h" #include "sway/border.h" #include "stringop.h" @@ -158,6 +159,7 @@ static struct cmd_handler handlers[] = { { "client.placeholder", cmd_client_placeholder }, { "client.unfocused", cmd_client_unfocused }, { "client.urgent", cmd_client_urgent }, + { "commands", cmd_commands }, { "debuglog", cmd_debuglog }, { "default_orientation", cmd_orientation }, { "exec", cmd_exec }, @@ -460,7 +462,85 @@ struct cmd_results *config_command(char *exec, enum cmd_status block) { } else { results = cmd_results_new(CMD_INVALID, argv[0], "This command is shimmed, but unimplemented"); } - cleanup: + +cleanup: + free_argv(argc, argv); + return results; +} + +struct cmd_results *config_commands_command(char *exec) { + struct cmd_results *results = NULL; + int argc; + char **argv = split_args(exec, &argc); + if (!argc) { + results = cmd_results_new(CMD_SUCCESS, NULL, NULL); + goto cleanup; + } + + // Find handler for the command this is setting a policy for + char *cmd = argv[0]; + + if (strcmp(cmd, "}") == 0) { + results = cmd_results_new(CMD_BLOCK_END, NULL, NULL); + goto cleanup; + } + + struct cmd_handler *handler = find_handler(cmd, CMD_BLOCK_END); + if (!handler) { + char *input = cmd ? cmd : "(empty)"; + results = cmd_results_new(CMD_INVALID, input, "Unknown/invalid command"); + goto cleanup; + } + + enum command_context context = 0; + + struct { + char *name; + enum command_context context; + } context_names[] = { + { "config", CONTEXT_CONFIG }, + { "binding", CONTEXT_BINDING }, + { "ipc", CONTEXT_IPC }, + { "criteria", CONTEXT_CRITERIA }, + { "all", CONTEXT_ALL }, + }; + size_t names_len = 5; + + for (int i = 1; i < argc; ++i) { + size_t j; + for (j = 0; j < names_len; ++j) { + if (strcmp(context_names[j].name, argv[i]) == 0) { + break; + } + } + if (j == names_len) { + results = cmd_results_new(CMD_INVALID, cmd, + "Invalid command context %s", argv[i]); + goto cleanup; + } + context |= context_names[j].context; + } + + struct command_policy *policy = NULL; + for (int i = 0; i < config->command_policies->length; ++i) { + struct command_policy *p = config->command_policies->items[i]; + if (strcmp(p->command, cmd) == 0) { + policy = p; + break; + } + } + if (!policy) { + policy = alloc_command_policy(cmd); + list_add(config->command_policies, policy); + } + policy->context = context; + + sway_log(L_INFO, "Set command policy for %s to %d", + policy->command, policy->context); + + results = cmd_results_new(CMD_SUCCESS, NULL, NULL); + +cleanup: free_argv(argc, argv); return results; } diff --git a/sway/commands/commands.c b/sway/commands/commands.c new file mode 100644 index 00000000..5d248e30 --- /dev/null +++ b/sway/commands/commands.c @@ -0,0 +1,23 @@ +#include +#include +#include "sway/commands.h" +#include "sway/config.h" +#include "list.h" +#include "log.h" + +struct cmd_results *cmd_commands(int argc, char **argv) { + struct cmd_results *error = NULL; + if ((error = checkarg(argc, "commands", EXPECTED_EQUAL_TO, 1))) { + return error; + } + + if (strcmp(argv[0], "{") != 0) { + return cmd_results_new(CMD_FAILURE, "commands", "Expected block declaration"); + } + + if (!config->reading) { + return cmd_results_new(CMD_FAILURE, "commands", "Can only be used in config file."); + } + + return cmd_results_new(CMD_BLOCK_COMMANDS, NULL, NULL); +} diff --git a/sway/commands/permit.c b/sway/commands/permit.c index 8a7bb98c..258ea5b2 100644 --- a/sway/commands/permit.c +++ b/sway/commands/permit.c @@ -20,8 +20,7 @@ static enum secure_feature get_features(int argc, char **argv, { "keyboard", FEATURE_KEYBOARD }, { "mouse", FEATURE_MOUSE }, }; - size_t names_len = sizeof(feature_names) / - (sizeof(char *) + sizeof(enum secure_feature)); + size_t names_len = 7; for (int i = 1; i < argc; ++i) { size_t j; diff --git a/sway/config.c b/sway/config.c index a2f6a728..e55c6dea 100644 --- a/sway/config.c +++ b/sway/config.c @@ -580,7 +580,13 @@ bool read_config(FILE *file, struct sway_config *config) { free(line); continue; } - struct cmd_results *res = config_command(line, block); + struct cmd_results *res; + if (block == CMD_BLOCK_COMMANDS) { + // Special case + res = config_commands_command(line); + } else { + res = config_command(line, block); + } switch(res->status) { case CMD_FAILURE: case CMD_INVALID: @@ -626,6 +632,14 @@ bool read_config(FILE *file, struct sway_config *config) { } break; + case CMD_BLOCK_COMMANDS: + if (block == CMD_BLOCK_END) { + block = CMD_BLOCK_COMMANDS; + } else { + sway_log(L_ERROR, "Invalid block '%s'", line); + } + break; + case CMD_BLOCK_END: switch(block) { case CMD_BLOCK_MODE: @@ -651,6 +665,11 @@ bool read_config(FILE *file, struct sway_config *config) { block = CMD_BLOCK_BAR; break; + case CMD_BLOCK_COMMANDS: + sway_log(L_DEBUG, "End of commands block"); + block = CMD_BLOCK_END; + break; + case CMD_BLOCK_END: sway_log(L_ERROR, "Unmatched }"); break; diff --git a/sway/security.c b/sway/security.c index a4cecf16..670cae56 100644 --- a/sway/security.c +++ b/sway/security.c @@ -11,6 +11,13 @@ struct feature_policy *alloc_feature_policy(const char *program) { return policy; } +struct command_policy *alloc_command_policy(const char *command) { + struct command_policy *policy = malloc(sizeof(struct command_policy)); + policy->command = strdup(command); + policy->context = CONTEXT_ALL; + return policy; +} + enum secure_feature get_feature_policy(pid_t pid) { const char *fmt = "/proc/%d/exe"; int pathlen = snprintf(NULL, 0, fmt, pid); @@ -50,9 +57,6 @@ enum command_context get_command_policy(const char *cmd) { for (int i = 0; i < config->command_policies->length; ++i) { struct command_policy *policy = config->command_policies->items[i]; - if (strcmp(policy->command, "*") == 0) { - default_policy = policy->context; - } if (strcmp(policy->command, cmd) == 0) { return policy->context; } -- cgit v1.2.3 From c8dc4925d1e0f5d5086a4c15415ee9fb0b7e6155 Mon Sep 17 00:00:00 2001 From: Drew DeVault Date: Fri, 2 Dec 2016 17:34:26 -0500 Subject: Add IPC security policy command handlers --- include/sway/commands.h | 5 ++ sway/commands.c | 30 ++++++++++- sway/commands/ipc.c | 140 ++++++++++++++++++++++++++++++++++++++++++++++++ sway/config.c | 26 +++++++++ 4 files changed, 200 insertions(+), 1 deletion(-) create mode 100644 sway/commands/ipc.c (limited to 'sway/commands') diff --git a/include/sway/commands.h b/include/sway/commands.h index 9e8d013e..3ab8d5af 100644 --- a/include/sway/commands.h +++ b/include/sway/commands.h @@ -120,6 +120,7 @@ sway_cmd cmd_gaps; sway_cmd cmd_hide_edge_borders; sway_cmd cmd_include; sway_cmd cmd_input; +sway_cmd cmd_ipc; sway_cmd cmd_kill; sway_cmd cmd_layout; sway_cmd cmd_log_colors; @@ -192,4 +193,8 @@ sway_cmd input_cmd_pointer_accel; sway_cmd input_cmd_scroll_method; sway_cmd input_cmd_tap; +sway_cmd cmd_ipc_cmd; +sway_cmd cmd_ipc_events; +sway_cmd cmd_ipc_event_cmd; + #endif diff --git a/sway/commands.c b/sway/commands.c index 5d5087b1..47f7533c 100644 --- a/sway/commands.c +++ b/sway/commands.c @@ -180,6 +180,7 @@ static struct cmd_handler handlers[] = { { "hide_edge_borders", cmd_hide_edge_borders }, { "include", cmd_include }, { "input", cmd_input }, + { "ipc", cmd_ipc }, { "kill", cmd_kill }, { "layout", cmd_layout }, { "log_colors", cmd_log_colors }, @@ -292,6 +293,26 @@ static struct cmd_handler bar_colors_handlers[] = { { "urgent_workspace", bar_colors_cmd_urgent_workspace }, }; +static struct cmd_handler ipc_handlers[] = { + { "bar-config", cmd_ipc_cmd }, + { "command", cmd_ipc_cmd }, + { "events", cmd_ipc_events }, + { "inputs", cmd_ipc_cmd }, + { "marks", cmd_ipc_cmd }, + { "outputs", cmd_ipc_cmd }, + { "tree", cmd_ipc_cmd }, + { "workspaces", cmd_ipc_cmd }, +}; + +static struct cmd_handler ipc_event_handlers[] = { + { "binding", cmd_ipc_event_cmd }, + { "input", cmd_ipc_event_cmd }, + { "mode", cmd_ipc_event_cmd }, + { "output", cmd_ipc_event_cmd }, + { "window", cmd_ipc_event_cmd }, + { "workspace", cmd_ipc_event_cmd }, +}; + static int handler_compare(const void *_a, const void *_b) { const struct cmd_handler *a = _a; const struct cmd_handler *b = _b; @@ -311,10 +332,17 @@ static struct cmd_handler *find_handler(char *line, enum cmd_status block) { sizeof(bar_colors_handlers) / sizeof(struct cmd_handler), sizeof(struct cmd_handler), handler_compare); } else if (block == CMD_BLOCK_INPUT) { - sway_log(L_DEBUG, "looking at input handlers"); res = bsearch(&d, input_handlers, sizeof(input_handlers) / sizeof(struct cmd_handler), sizeof(struct cmd_handler), handler_compare); + } else if (block == CMD_BLOCK_IPC) { + res = bsearch(&d, ipc_handlers, + sizeof(ipc_handlers) / sizeof(struct cmd_handler), + sizeof(struct cmd_handler), handler_compare); + } else if (block == CMD_BLOCK_IPC_EVENTS) { + res = bsearch(&d, ipc_event_handlers, + sizeof(ipc_event_handlers) / sizeof(struct cmd_handler), + sizeof(struct cmd_handler), handler_compare); } else { res = bsearch(&d, handlers, sizeof(handlers) / sizeof(struct cmd_handler), diff --git a/sway/commands/ipc.c b/sway/commands/ipc.c new file mode 100644 index 00000000..e6ae27a4 --- /dev/null +++ b/sway/commands/ipc.c @@ -0,0 +1,140 @@ +#include +#include +#include "sway/commands.h" +#include "sway/config.h" +#include "ipc.h" +#include "log.h" +#include "util.h" + +struct cmd_results *cmd_ipc(int argc, char **argv) { + struct cmd_results *error = NULL; + if ((error = checkarg(argc, "ipc", EXPECTED_EQUAL_TO, 1))) { + return error; + } + + if (config->reading && strcmp("{", argv[0]) != 0) { + return cmd_results_new(CMD_INVALID, "ipc", + "Expected '{' at start of IPC config definition."); + } + + if (!config->reading) { + return cmd_results_new(CMD_FAILURE, "ipc", "Can only be used in config file."); + } + + return cmd_results_new(CMD_BLOCK_IPC, NULL, NULL); +} + +struct cmd_results *cmd_ipc_events(int argc, char **argv) { + struct cmd_results *error = NULL; + if ((error = checkarg(argc, "events", EXPECTED_EQUAL_TO, 1))) { + return error; + } + + if (config->reading && strcmp("{", argv[0]) != 0) { + return cmd_results_new(CMD_INVALID, "events", + "Expected '{' at start of IPC event config definition."); + } + + if (!config->reading) { + return cmd_results_new(CMD_FAILURE, "events", "Can only be used in config file."); + } + + return cmd_results_new(CMD_BLOCK_IPC_EVENTS, NULL, NULL); +} + +struct cmd_results *cmd_ipc_cmd(int argc, char **argv) { + struct cmd_results *error = NULL; + if ((error = checkarg(argc, "ipc", EXPECTED_EQUAL_TO, 1))) { + return error; + } + + bool enabled; + if (strcmp(argv[0], "enabled") == 0) { + enabled = true; + } else if (strcmp(argv[0], "disabled") == 0) { + enabled = false; + } else { + return cmd_results_new(CMD_INVALID, argv[-1], + "Argument must be one of 'enabled' or 'disabled'"); + } + + struct { + char *name; + enum ipc_command_type type; + } types[] = { + { "command", IPC_COMMAND }, + { "workspaces", IPC_GET_WORKSPACES }, + { "outputs", IPC_GET_OUTPUTS }, + { "tree", IPC_GET_TREE }, + { "marks", IPC_GET_MARKS }, + { "bar-config", IPC_GET_BAR_CONFIG }, + { "inputs", IPC_GET_INPUTS }, + }; + + uint32_t type = 0; + + for (size_t i = 0; i < sizeof(types) / sizeof(types[0]); ++i) { + if (strcmp(types[i].name, argv[-1]) == 0) { + type = types[i].type; + break; + } + } + + if (enabled) { + config->ipc_policy |= type; + sway_log(L_DEBUG, "Enabled IPC %s feature", argv[-1]); + } else { + config->ipc_policy &= ~type; + sway_log(L_DEBUG, "Disabled IPC %s feature", argv[-1]); + } + + return cmd_results_new(CMD_SUCCESS, NULL, NULL); +} + +struct cmd_results *cmd_ipc_event_cmd(int argc, char **argv) { + struct cmd_results *error = NULL; + if ((error = checkarg(argc, "ipc", EXPECTED_EQUAL_TO, 1))) { + return error; + } + + bool enabled; + if (strcmp(argv[0], "enabled") == 0) { + enabled = true; + } else if (strcmp(argv[0], "disabled") == 0) { + enabled = false; + } else { + return cmd_results_new(CMD_INVALID, argv[-1], + "Argument must be one of 'enabled' or 'disabled'"); + } + + struct { + char *name; + enum ipc_command_type type; + } types[] = { + { "workspace", event_mask(IPC_EVENT_WORKSPACE) }, + { "output", event_mask(IPC_EVENT_OUTPUT) }, + { "mode", event_mask(IPC_EVENT_MODE) }, + { "window", event_mask(IPC_EVENT_WINDOW) }, + { "binding", event_mask(IPC_EVENT_BINDING) }, + { "input", event_mask(IPC_EVENT_INPUT) }, + }; + + uint32_t type = 0; + + for (size_t i = 0; i < sizeof(types) / sizeof(types[0]); ++i) { + if (strcmp(types[i].name, argv[-1]) == 0) { + type = types[i].type; + break; + } + } + + if (enabled) { + config->ipc_policy |= type; + sway_log(L_DEBUG, "Enabled IPC %s event", argv[-1]); + } else { + config->ipc_policy &= ~type; + sway_log(L_DEBUG, "Disabled IPC %s event", argv[-1]); + } + + return cmd_results_new(CMD_SUCCESS, NULL, NULL); +} diff --git a/sway/config.c b/sway/config.c index b1b0aac9..e737f83c 100644 --- a/sway/config.c +++ b/sway/config.c @@ -641,6 +641,22 @@ bool read_config(FILE *file, struct sway_config *config) { } break; + case CMD_BLOCK_IPC: + if (block == CMD_BLOCK_END) { + block = CMD_BLOCK_IPC; + } else { + sway_log(L_ERROR, "Invalid block '%s'", line); + } + break; + + case CMD_BLOCK_IPC_EVENTS: + if (block == CMD_BLOCK_IPC) { + block = CMD_BLOCK_IPC_EVENTS; + } else { + sway_log(L_ERROR, "Invalid block '%s'", line); + } + break; + case CMD_BLOCK_END: switch(block) { case CMD_BLOCK_MODE: @@ -671,6 +687,16 @@ bool read_config(FILE *file, struct sway_config *config) { block = CMD_BLOCK_END; break; + case CMD_BLOCK_IPC: + sway_log(L_DEBUG, "End of IPC block"); + block = CMD_BLOCK_END; + break; + + case CMD_BLOCK_IPC_EVENTS: + sway_log(L_DEBUG, "End of IPC events block"); + block = CMD_BLOCK_IPC; + break; + case CMD_BLOCK_END: sway_log(L_ERROR, "Unmatched }"); break; -- cgit v1.2.3 From 62dad7148f7b7b314f0297e191861ae3f03e9e1f Mon Sep 17 00:00:00 2001 From: Drew DeVault Date: Fri, 2 Dec 2016 17:55:03 -0500 Subject: Enforce IPC security policy --- include/sway/config.h | 17 +++++++++++++++++ sway/commands/ipc.c | 26 +++++++++++++------------- sway/ipc-server.c | 35 +++++++++++++++++++++++++++++++++++ 3 files changed, 65 insertions(+), 13 deletions(-) (limited to 'sway/commands') diff --git a/include/sway/config.h b/include/sway/config.h index 1154b871..192e697c 100644 --- a/include/sway/config.h +++ b/include/sway/config.h @@ -209,6 +209,23 @@ struct feature_policy { uint32_t features; }; +enum ipc_feature { + IPC_FEATURE_COMMAND = 1, + IPC_FEATURE_GET_WORKSPACES = 2, + IPC_FEATURE_GET_OUTPUTS = 4, + IPC_FEATURE_GET_TREE = 8, + IPC_FEATURE_GET_MARKS = 16, + IPC_FEATURE_GET_BAR_CONFIG = 32, + IPC_FEATURE_GET_VERSION = 64, + IPC_FEATURE_GET_INPUTS = 128, + IPC_FEATURE_EVENT_WORKSPACE = 256, + IPC_FEATURE_EVENT_OUTPUT = 512, + IPC_FEATURE_EVENT_MODE = 1024, + IPC_FEATURE_EVENT_WINDOW = 2048, + IPC_FEATURE_EVENT_BINDING = 4096, + IPC_FEATURE_EVENT_INPUT = 8192 +}; + /** * The configuration struct. The result of loading a config file. */ diff --git a/sway/commands/ipc.c b/sway/commands/ipc.c index e6ae27a4..f96e9980 100644 --- a/sway/commands/ipc.c +++ b/sway/commands/ipc.c @@ -62,13 +62,13 @@ struct cmd_results *cmd_ipc_cmd(int argc, char **argv) { char *name; enum ipc_command_type type; } types[] = { - { "command", IPC_COMMAND }, - { "workspaces", IPC_GET_WORKSPACES }, - { "outputs", IPC_GET_OUTPUTS }, - { "tree", IPC_GET_TREE }, - { "marks", IPC_GET_MARKS }, - { "bar-config", IPC_GET_BAR_CONFIG }, - { "inputs", IPC_GET_INPUTS }, + { "command", IPC_FEATURE_COMMAND }, + { "workspaces", IPC_FEATURE_GET_WORKSPACES }, + { "outputs", IPC_FEATURE_GET_OUTPUTS }, + { "tree", IPC_FEATURE_GET_TREE }, + { "marks", IPC_FEATURE_GET_MARKS }, + { "bar-config", IPC_FEATURE_GET_BAR_CONFIG }, + { "inputs", IPC_FEATURE_GET_INPUTS }, }; uint32_t type = 0; @@ -111,12 +111,12 @@ struct cmd_results *cmd_ipc_event_cmd(int argc, char **argv) { char *name; enum ipc_command_type type; } types[] = { - { "workspace", event_mask(IPC_EVENT_WORKSPACE) }, - { "output", event_mask(IPC_EVENT_OUTPUT) }, - { "mode", event_mask(IPC_EVENT_MODE) }, - { "window", event_mask(IPC_EVENT_WINDOW) }, - { "binding", event_mask(IPC_EVENT_BINDING) }, - { "input", event_mask(IPC_EVENT_INPUT) }, + { "workspace", IPC_FEATURE_EVENT_WORKSPACE }, + { "output", IPC_FEATURE_EVENT_OUTPUT }, + { "mode", IPC_FEATURE_EVENT_MODE }, + { "window", IPC_FEATURE_EVENT_WINDOW }, + { "binding", IPC_FEATURE_EVENT_BINDING }, + { "input", IPC_FEATURE_EVENT_INPUT }, }; uint32_t type = 0; diff --git a/sway/ipc-server.c b/sway/ipc-server.c index ef741e3b..15791c5e 100644 --- a/sway/ipc-server.c +++ b/sway/ipc-server.c @@ -307,9 +307,14 @@ void ipc_client_handle_command(struct ipc_client *client) { } buf[client->payload_length] = '\0'; + const char *error_denied = "{ \"success\": false, \"error\": \"Permission denied\" }"; + switch (client->current_command) { case IPC_COMMAND: { + if (!(config->ipc_policy & IPC_FEATURE_COMMAND)) { + goto exit_denied; + } struct cmd_results *results = handle_command(buf, CONTEXT_IPC); const char *json = cmd_results_to_json(results); char reply[256]; @@ -359,6 +364,9 @@ void ipc_client_handle_command(struct ipc_client *client) { case IPC_GET_WORKSPACES: { + if (!(config->ipc_policy & IPC_FEATURE_GET_WORKSPACES)) { + goto exit_denied; + } json_object *workspaces = json_object_new_array(); container_map(&root_container, ipc_get_workspaces_callback, workspaces); const char *json_string = json_object_to_json_string(workspaces); @@ -369,6 +377,9 @@ void ipc_client_handle_command(struct ipc_client *client) { case IPC_GET_INPUTS: { + if (!(config->ipc_policy & IPC_FEATURE_GET_INPUTS)) { + goto exit_denied; + } json_object *inputs = json_object_new_array(); if (input_devices) { for(int i=0; ilength; i++) { @@ -388,6 +399,9 @@ void ipc_client_handle_command(struct ipc_client *client) { case IPC_GET_OUTPUTS: { + if (!(config->ipc_policy & IPC_FEATURE_GET_OUTPUTS)) { + goto exit_denied; + } json_object *outputs = json_object_new_array(); container_map(&root_container, ipc_get_outputs_callback, outputs); const char *json_string = json_object_to_json_string(outputs); @@ -398,6 +412,9 @@ void ipc_client_handle_command(struct ipc_client *client) { case IPC_GET_TREE: { + if (!(config->ipc_policy & IPC_FEATURE_GET_TREE)) { + goto exit_denied; + } json_object *tree = ipc_json_describe_container_recursive(&root_container); const char *json_string = json_object_to_json_string(tree); ipc_send_reply(client, json_string, (uint32_t) strlen(json_string)); @@ -458,6 +475,9 @@ void ipc_client_handle_command(struct ipc_client *client) { case IPC_GET_BAR_CONFIG: { + if (!(config->ipc_policy & IPC_FEATURE_GET_BAR_CONFIG)) { + goto exit_denied; + } if (!buf[0]) { // Send list of configured bar IDs json_object *bars = json_object_new_array(); @@ -498,6 +518,9 @@ void ipc_client_handle_command(struct ipc_client *client) { goto exit_cleanup; } +exit_denied: + ipc_send_reply(client, error_denied, (uint32_t)strlen(error_denied)); + exit_cleanup: client->payload_length = 0; free(buf); @@ -562,6 +585,9 @@ void ipc_send_event(const char *json_string, enum ipc_command_type event) { } void ipc_event_workspace(swayc_t *old, swayc_t *new, const char *change) { + if (!(config->ipc_policy & IPC_FEATURE_EVENT_WORKSPACE)) { + return; + } sway_log(L_DEBUG, "Sending workspace::%s event", change); json_object *obj = json_object_new_object(); json_object_object_add(obj, "change", json_object_new_string(change)); @@ -586,6 +612,9 @@ void ipc_event_workspace(swayc_t *old, swayc_t *new, const char *change) { } void ipc_event_window(swayc_t *window, const char *change) { + if (!(config->ipc_policy & IPC_FEATURE_EVENT_WINDOW)) { + return; + } sway_log(L_DEBUG, "Sending window::%s event", change); json_object *obj = json_object_new_object(); json_object_object_add(obj, "change", json_object_new_string(change)); @@ -611,6 +640,9 @@ void ipc_event_barconfig_update(struct bar_config *bar) { } void ipc_event_mode(const char *mode) { + if (!(config->ipc_policy & IPC_FEATURE_EVENT_MODE)) { + return; + } sway_log(L_DEBUG, "Sending mode::%s event", mode); json_object *obj = json_object_new_object(); json_object_object_add(obj, "change", json_object_new_string(mode)); @@ -636,6 +668,9 @@ void ipc_event_modifier(uint32_t modifier, const char *state) { } static void ipc_event_binding(json_object *sb_obj) { + if (!(config->ipc_policy & IPC_FEATURE_EVENT_BINDING)) { + return; + } sway_log(L_DEBUG, "Sending binding::run event"); json_object *obj = json_object_new_object(); json_object_object_add(obj, "change", json_object_new_string("run")); -- cgit v1.2.3 From d353da248b4653d7bc027ff0dceca946cdd0b22f Mon Sep 17 00:00:00 2001 From: Drew DeVault Date: Fri, 2 Dec 2016 18:08:15 -0500 Subject: Add ipc connection feature policy controls --- include/sway/config.h | 1 + sway/commands.c | 5 ++--- sway/commands/permit.c | 6 +++--- sway/ipc-server.c | 21 +++++++++++++++++++++ sway/security.c | 2 +- sway/sway-security.7.txt | 9 ++++++--- 6 files changed, 34 insertions(+), 10 deletions(-) (limited to 'sway/commands') diff --git a/include/sway/config.h b/include/sway/config.h index 192e697c..2c6b83e7 100644 --- a/include/sway/config.h +++ b/include/sway/config.h @@ -202,6 +202,7 @@ enum secure_feature { FEATURE_FULLSCREEN = 16, FEATURE_KEYBOARD = 32, FEATURE_MOUSE = 64, + FEATURE_IPC = 128, }; struct feature_policy { diff --git a/sway/commands.c b/sway/commands.c index 47f7533c..3d8f8c5b 100644 --- a/sway/commands.c +++ b/sway/commands.c @@ -542,16 +542,15 @@ struct cmd_results *config_commands_command(char *exec) { { "criteria", CONTEXT_CRITERIA }, { "all", CONTEXT_ALL }, }; - size_t names_len = 5; for (int i = 1; i < argc; ++i) { size_t j; - for (j = 0; j < names_len; ++j) { + for (j = 0; j < sizeof(context_names) / sizeof(context_names[0]); ++j) { if (strcmp(context_names[j].name, argv[i]) == 0) { break; } } - if (j == names_len) { + if (j == sizeof(context_names) / sizeof(context_names[0])) { results = cmd_results_new(CMD_INVALID, cmd, "Invalid command context %s", argv[i]); goto cleanup; diff --git a/sway/commands/permit.c b/sway/commands/permit.c index 258ea5b2..7a25e4ce 100644 --- a/sway/commands/permit.c +++ b/sway/commands/permit.c @@ -19,17 +19,17 @@ static enum secure_feature get_features(int argc, char **argv, { "fullscreen", FEATURE_FULLSCREEN }, { "keyboard", FEATURE_KEYBOARD }, { "mouse", FEATURE_MOUSE }, + { "ipc", FEATURE_IPC }, }; - size_t names_len = 7; for (int i = 1; i < argc; ++i) { size_t j; - for (j = 0; j < names_len; ++j) { + for (j = 0; j < sizeof(feature_names) / sizeof(feature_names[0]); ++j) { if (strcmp(feature_names[j].name, argv[i]) == 0) { break; } } - if (j == names_len) { + if (j == sizeof(feature_names) / sizeof(feature_names[0])) { *error = cmd_results_new(CMD_INVALID, "permit", "Invalid feature grant %s", argv[i]); return 0; diff --git a/sway/ipc-server.c b/sway/ipc-server.c index 15791c5e..c04c465a 100644 --- a/sway/ipc-server.c +++ b/sway/ipc-server.c @@ -15,6 +15,7 @@ #include #include "sway/ipc-json.h" #include "sway/ipc-server.h" +#include "sway/security.h" #include "sway/config.h" #include "sway/commands.h" #include "sway/input.h" @@ -124,6 +125,17 @@ struct sockaddr_un *ipc_user_sockaddr(void) { return ipc_sockaddr; } +static pid_t get_client_pid(int client_fd) { + struct ucred ucred; + socklen_t len = sizeof(struct ucred); + + if (getsockopt(client_fd, SOL_SOCKET, SO_PEERCRED, &ucred, &len) == -1) { + return -1; + } + + return ucred.pid; +} + int ipc_handle_connection(int fd, uint32_t mask, void *data) { (void) fd; (void) data; sway_log(L_DEBUG, "Event on IPC listening socket"); @@ -142,6 +154,15 @@ int ipc_handle_connection(int fd, uint32_t mask, void *data) { return 0; } + pid_t pid = get_client_pid(client_fd); + if (!(get_feature_policy(pid) & FEATURE_IPC)) { + sway_log(L_INFO, "Permission to connect to IPC socket denied to %d", pid); + const char *error = "{\"success\": false, \"message\": \"Permission denied\"}"; + write(client_fd, &error, sizeof(error)); + close(client_fd); + return 0; + } + struct ipc_client* client = malloc(sizeof(struct ipc_client)); client->payload_length = 0; client->fd = client_fd; diff --git a/sway/security.c b/sway/security.c index 2ccc30fd..0d510253 100644 --- a/sway/security.c +++ b/sway/security.c @@ -7,7 +7,7 @@ struct feature_policy *alloc_feature_policy(const char *program) { struct feature_policy *policy = malloc(sizeof(struct feature_policy)); policy->program = strdup(program); - policy->features = FEATURE_FULLSCREEN | FEATURE_KEYBOARD | FEATURE_MOUSE; + policy->features = FEATURE_FULLSCREEN | FEATURE_KEYBOARD | FEATURE_MOUSE | FEATURE_IPC; return policy; } diff --git a/sway/sway-security.7.txt b/sway/sway-security.7.txt index a4122c5c..53c7b876 100644 --- a/sway/sway-security.7.txt +++ b/sway/sway-security.7.txt @@ -81,6 +81,9 @@ policies. These features are: Permission to become fullscreen. Note that users can always make a window fullscreen themselves with the fullscreen command. +**ipc**:: + Permission to connect to sway's IPC socket. + **keyboard**:: Permission to receive keyboard events (only while they are focused). @@ -98,9 +101,9 @@ policies. These features are: **screenshot**:: Permission to take screenshots or record the screen. -By default, all programs are granted **fullscreen**, **keyboard**, and **mouse** -permissions. You can use the following config commands to control a program's -access: +By default, all programs are granted **fullscreen**, **keyboard**, **mouse**, and +**ipc** permissions. You can use the following config commands to control a +program's access: **permit** :: Permits to use (each feature seperated by a space). -- cgit v1.2.3 From d2d6fcd1ffb496fbd3dfb448865351447474580d Mon Sep 17 00:00:00 2001 From: Drew DeVault Date: Fri, 2 Dec 2016 18:38:31 -0500 Subject: Fix clang issues --- sway/commands/ipc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'sway/commands') diff --git a/sway/commands/ipc.c b/sway/commands/ipc.c index f96e9980..222be0dd 100644 --- a/sway/commands/ipc.c +++ b/sway/commands/ipc.c @@ -60,7 +60,7 @@ struct cmd_results *cmd_ipc_cmd(int argc, char **argv) { struct { char *name; - enum ipc_command_type type; + enum ipc_feature type; } types[] = { { "command", IPC_FEATURE_COMMAND }, { "workspaces", IPC_FEATURE_GET_WORKSPACES }, @@ -109,7 +109,7 @@ struct cmd_results *cmd_ipc_event_cmd(int argc, char **argv) { struct { char *name; - enum ipc_command_type type; + enum ipc_feature type; } types[] = { { "workspace", IPC_FEATURE_EVENT_WORKSPACE }, { "output", IPC_FEATURE_EVENT_OUTPUT }, -- cgit v1.2.3