#include #include "sway/commands.h" #include "sway/config.h" #include "sway/security.h" #include "log.h" static enum secure_feature get_features(int argc, char **argv, struct cmd_results **error) { enum secure_feature features = 0; struct { char *name; enum secure_feature feature; } feature_names[] = { { "lock", FEATURE_LOCK }, { "panel", FEATURE_PANEL }, { "background", FEATURE_BACKGROUND }, { "screenshot", FEATURE_SCREENSHOT }, { "fullscreen", FEATURE_FULLSCREEN }, { "keyboard", FEATURE_KEYBOARD }, { "mouse", FEATURE_MOUSE }, }; for (int i = 1; i < argc; ++i) { size_t j; for (j = 0; j < sizeof(feature_names) / sizeof(feature_names[0]); ++j) { if (strcmp(feature_names[j].name, argv[i]) == 0) { break; } } if (j == sizeof(feature_names) / sizeof(feature_names[0])) { *error = cmd_results_new(CMD_INVALID, "permit", "Invalid feature grant %s", argv[i]); return 0; } features |= feature_names[j].feature; } return features; } static struct feature_policy *get_policy(const char *name) { struct feature_policy *policy = NULL; for (int i = 0; i < config->feature_policies->length; ++i) { struct feature_policy *p = config->feature_policies->items[i]; if (strcmp(p->program, name) == 0) { policy = p; break; } } if (!policy) { policy = alloc_feature_policy(name); if (!policy) { sway_abort("Unable to allocate security policy"); } list_add(config->feature_policies, policy); } return policy; } struct cmd_results *cmd_permit(int argc, char **argv) { struct cmd_results *error = NULL; if ((error = checkarg(argc, "permit", EXPECTED_MORE_THAN, 1))) { return error; } if (!current_config_path || strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) { return cmd_results_new(CMD_INVALID, "permit", "This command is only permitted to run from " SYSCONFDIR "/sway/security"); } struct feature_policy *policy = get_policy(argv[0]); policy->features |= get_features(argc, argv, &error); if (error) { return error; } sway_log(L_DEBUG, "Permissions granted to %s for features %d", policy->program, policy->features); return cmd_results_new(CMD_SUCCESS, NULL, NULL); } struct cmd_results *cmd_reject(int argc, char **argv) { struct cmd_results *error = NULL; if ((error = checkarg(argc, "reject", EXPECTED_MORE_THAN, 1))) { return error; } if (!current_config_path || strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) { return cmd_results_new(CMD_INVALID, "permit", "This command is only permitted to run from " SYSCONFDIR "/sway/security"); } struct feature_policy *policy = get_policy(argv[0]); policy->features &= ~get_features(argc, argv, &error); if (error) { return error; } sway_log(L_DEBUG, "Permissions granted to %s for features %d", policy->program, policy->features); return cmd_results_new(CMD_SUCCESS, NULL, NULL); }