Add permit|reject skeletons and wiring

include/sway/commands.h

@@ -262,4 +262,7 @@ sway_cmd cmd_ipc_cmd;
 sway_cmd cmd_ipc_events;
 sway_cmd cmd_ipc_event_cmd;
 
+sway_cmd cmd_permit;
+sway_cmd cmd_reject;
+
 #endif

include/sway/config.h

@@ -330,8 +330,9 @@ struct sway_config {
 	enum focus_wrapping_mode focus_wrapping;
 	bool active;
 	bool failed;
-	bool reloading;
 	bool reading;
+	bool reloading;
+	bool secure;
 	bool validating;
 	bool auto_back_and_forth;
 	bool show_marks;
@@ -370,7 +371,8 @@ struct sway_config {
 	int32_t floating_minimum_height;
 
 	// Security
-	list_t *feature_policies;
+	list_t *feature_policies; // struct feature_policy
+	struct feature_policy default_policy;
 
 	// Context for command handlers
 	struct {

include/sway/debug.h

@@ -3,6 +3,7 @@
 #include <stdbool.h>
 
 struct sway_debug {
+	bool insecure;         // Do not enforce security policies
 	bool noatomic;         // Ignore atomic layout updates
 	bool render_tree;      // Render the tree overlay
 	bool txn_timings;      // Log verbose messages about transactions

include/sway/security.h

@@ -3,14 +3,12 @@
 #include <unistd.h>
 #include "sway/config.h"
 
-/** Returns a mask of all features this pid is permitted to use */
+/** Returns a mask of all features this client is permitted to use */
 uint64_t get_feature_policy_mask(struct wl_client *client);
 
-/**
- * Returns the feature policy for a given program. Creates one if it doesn't
- * exist.
- */
-struct feature_policy *get_feature_policy(const char *program);
+/** Returns the policy for a program, or creates one if it doesn't exist. */
+struct feature_policy *get_feature_policy(
+		struct sway_config *config, const char *program);
 
 /** Creates a wayland client with a feature policy applied. */
 struct wl_client *create_secure_client(struct wl_display *display,