add permissions to actions

include/action.h

@@ -18,6 +18,7 @@ struct action {
 			      */
 
 	uint32_t type;        /* enum action_type */
+	uint32_t permissions; /* enum lab_permission */
 	struct wl_list args;  /* struct action_arg.link */
 };
 

include/common/spawn.h

@@ -21,7 +21,7 @@ pid_t spawn_primary_client(const char *command);
  * spawn_async_no_shell - execute asynchronously
  * @command: command to be executed
  */
-void spawn_async_no_shell(char const *command);
+void spawn_async_no_shell(char const *command, int socket_fd);
 
 /**
  * spawn_piped - execute asynchronously

src/action.c

@@ -26,6 +26,7 @@
 #include "osd.h"
 #include "output.h"
 #include "output-virtual.h"
+#include "permissions.h"
 #include "regions.h"
 #include "ssd.h"
 #include "theme.h"
@@ -335,6 +336,9 @@ action_arg_from_xml_node(struct action *action, const char *nodename, const char
 		if (!strcmp(argument, "command") || !strcmp(argument, "execute")) {
 			action_arg_add_str(action, "command", content);
 			goto cleanup;
+		} else if (!strcmp(argument, "permissions")) {
+			action->permissions |= permissions_from_interface_name(content);
+			goto cleanup;
 		}
 		break;
 	case ACTION_TYPE_MOVE_TO_EDGE:
@@ -551,6 +555,7 @@ action_create(const char *action_name)
 
 	struct action *action = znew(*action);
 	action->type = action_type;
+	action->permissions = 0;
 	wl_list_init(&action->args);
 	return action;
 }
@@ -1063,7 +1068,8 @@ run_action(struct view *view, struct server *server, struct action *action,
 		struct buf cmd = BUF_INIT;
 		buf_add(&cmd, action_get_str(action, "command", NULL));
 		buf_expand_tilde(&cmd);
-		spawn_async_no_shell(cmd.data);
+		int socket_fd = permissions_context_create(server->wl_display, action->permissions);
+		spawn_async_no_shell(cmd.data, socket_fd);
 		buf_reset(&cmd);
 		break;
 	}

src/common/spawn.c

@@ -43,10 +43,11 @@ set_cloexec(int fd)
 }
 
 void
-spawn_async_no_shell(char const *command)
+spawn_async_no_shell(char const *command, int socket_fd)
 {
 	GError *err = NULL;
 	gchar **argv = NULL;
+	char socket_str[32];
 
 	assert(command);
 
@@ -73,6 +74,12 @@ spawn_async_no_shell(char const *command)
 		reset_signals_and_limits();
 
 		setsid();
+		if (socket_fd != -1) {
+			snprintf(socket_str, sizeof(socket_str), "%d", socket_fd);
+			if (setenv("WAYLAND_SOCKET", socket_str, 1) != 0) {
+				wlr_log(WLR_ERROR, "unable to setenv() WAYLAND_SOCKET");
+			}
+		}
 		grandchild = fork();
 		if (grandchild == 0) {
 			execvp(argv[0], argv);
@@ -84,6 +91,9 @@ spawn_async_no_shell(char const *command)
 	default:
 		break;
 	}
+	if (socket_fd != -1) {
+		close(socket_fd);
+	}
 	waitpid(child, NULL, 0);
 out:
 	g_strfreev(argv);

src/config/session.c

@@ -232,12 +232,12 @@ update_activation_env(struct server *server, bool initialize)
 	char *cmd =
 		strdup_printf("dbus-update-activation-environment %s",
 			initialize ? env_keys : env_unset_keys);
-	spawn_async_no_shell(cmd);
+	spawn_async_no_shell(cmd, -1);
 	free(cmd);
 
 	cmd = strdup_printf("systemctl --user %s %s",
 		initialize ? "import-environment" : "unset-environment", env_keys);
-	spawn_async_no_shell(cmd);
+	spawn_async_no_shell(cmd, -1);
 	free(cmd);
 
 	free(env_keys);
@@ -303,7 +303,7 @@ session_run_script(const char *script)
 		}
 		wlr_log(WLR_INFO, "run session script %s", path->string);
 		char *cmd = strdup_printf("sh %s", path->string);
-		spawn_async_no_shell(cmd);
+		spawn_async_no_shell(cmd, -1);
 		free(cmd);
 
 		if (!should_merge_config) {

src/main.c

@@ -145,7 +145,7 @@ idle_callback(void *data)
 
 	session_autostart_init(ctx->server);
 	if (ctx->startup_cmd) {
-		spawn_async_no_shell(ctx->startup_cmd);
+		spawn_async_no_shell(ctx->startup_cmd, -1);
 	}
 }