1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
#define _XOPEN_SOURCE 500
#include <string.h>
#include "sway/commands.h"
#include "sway/config.h"
#include "sway/security.h"
#include "util.h"
#include "log.h"
static enum secure_feature get_features(int argc, char **argv,
struct cmd_results **error) {
enum secure_feature features = 0;
struct {
char *name;
enum secure_feature feature;
} feature_names[] = {
{ "lock", FEATURE_LOCK },
{ "panel", FEATURE_PANEL },
{ "background", FEATURE_BACKGROUND },
{ "screenshot", FEATURE_SCREENSHOT },
{ "fullscreen", FEATURE_FULLSCREEN },
{ "keyboard", FEATURE_KEYBOARD },
{ "mouse", FEATURE_MOUSE },
};
for (int i = 1; i < argc; ++i) {
size_t j;
for (j = 0; j < sizeof(feature_names) / sizeof(feature_names[0]); ++j) {
if (strcmp(feature_names[j].name, argv[i]) == 0) {
break;
}
}
if (j == sizeof(feature_names) / sizeof(feature_names[0])) {
*error = cmd_results_new(CMD_INVALID,
"permit", "Invalid feature grant %s", argv[i]);
return 0;
}
features |= feature_names[j].feature;
}
return features;
}
struct cmd_results *cmd_permit(int argc, char **argv) {
struct cmd_results *error = NULL;
if ((error = checkarg(argc, "permit", EXPECTED_MORE_THAN, 1))) {
return error;
}
if ((error = check_security_config())) {
return error;
}
bool assign_perms = true;
char *program = NULL;
if (!strcmp(argv[0], "*")) {
program = strdup(argv[0]);
} else {
program = resolve_path(argv[0]);
}
if (!program) {
sway_assert(program, "Unable to resolve IPC permit target '%s'."
" will issue empty policy", argv[0]);
assign_perms = false;
program = strdup(argv[0]);
}
struct feature_policy *policy = get_feature_policy(program);
if (policy && assign_perms) {
policy->features |= get_features(argc, argv, &error);
sway_log(L_DEBUG, "Permissions granted to %s for features %d",
policy->program, policy->features);
}
free(program);
return cmd_results_new(CMD_SUCCESS, NULL, NULL);
}
struct cmd_results *cmd_reject(int argc, char **argv) {
struct cmd_results *error = NULL;
if ((error = checkarg(argc, "reject", EXPECTED_MORE_THAN, 1))) {
return error;
}
if ((error = check_security_config())) {
return error;
}
char *program = NULL;
if (!strcmp(argv[0], "*")) {
program = strdup(argv[0]);
} else {
program = resolve_path(argv[0]);
}
if (!program) {
// Punt
sway_log(L_INFO, "Unable to resolve IPC reject target '%s'."
" Will use provided path", argv[0]);
program = strdup(argv[0]);
}
struct feature_policy *policy = get_feature_policy(program);
policy->features &= ~get_features(argc, argv, &error);
sway_log(L_DEBUG, "Permissions granted to %s for features %d",
policy->program, policy->features);
free(program);
return cmd_results_new(CMD_SUCCESS, NULL, NULL);
}
|