Add permit|reject skeletons and wiring

include/sway/commands.h

@@ -262,4 +262,7 @@ sway_cmd cmd_ipc_cmd;
 sway_cmd cmd_ipc_events;
 sway_cmd cmd_ipc_event_cmd;
 
+sway_cmd cmd_permit;
+sway_cmd cmd_reject;
+
 #endif

include/sway/config.h

@@ -330,8 +330,9 @@ struct sway_config {
 	enum focus_wrapping_mode focus_wrapping;
 	bool active;
 	bool failed;
-	bool reloading;
 	bool reading;
+	bool reloading;
+	bool secure;
 	bool validating;
 	bool auto_back_and_forth;
 	bool show_marks;
@@ -370,7 +371,8 @@ struct sway_config {
 	int32_t floating_minimum_height;
 
 	// Security
-	list_t *feature_policies;
+	list_t *feature_policies; // struct feature_policy
+	struct feature_policy default_policy;
 
 	// Context for command handlers
 	struct {

include/sway/debug.h

@@ -3,6 +3,7 @@
 #include <stdbool.h>
 
 struct sway_debug {
+	bool insecure;         // Do not enforce security policies
 	bool noatomic;         // Ignore atomic layout updates
 	bool render_tree;      // Render the tree overlay
 	bool txn_timings;      // Log verbose messages about transactions

include/sway/security.h

@@ -3,14 +3,12 @@
 #include <unistd.h>
 #include "sway/config.h"
 
-/** Returns a mask of all features this pid is permitted to use */
+/** Returns a mask of all features this client is permitted to use */
 uint64_t get_feature_policy_mask(struct wl_client *client);
 
-/**
+/** Returns the policy for a program, or creates one if it doesn't exist. */
- * Returns the feature policy for a given program. Creates one if it doesn't
+struct feature_policy *get_feature_policy(
- * exist.
+		struct sway_config *config, const char *program);
- */
-struct feature_policy *get_feature_policy(const char *program);
 
 /** Creates a wayland client with a feature policy applied. */
 struct wl_client *create_secure_client(struct wl_display *display,

sway/commands.c

@@ -157,6 +157,12 @@ static struct cmd_handler command_handlers[] = {
 	{ "urgent", cmd_urgent },
 };
 
+/* Security config commands. Keep alphabetized */
+static struct cmd_handler security_handlers[] = {
+	{ "permit", cmd_permit },
+	{ "reject", cmd_reject },
+};
+
 static int handler_compare(const void *_a, const void *_b) {
 	const struct cmd_handler *a = _a;
 	const struct cmd_handler *b = _b;
@@ -169,6 +175,13 @@ struct cmd_handler *find_handler(char *line, struct cmd_handler *cmd_handlers,
 	struct cmd_handler *res = NULL;
 	wlr_log(WLR_DEBUG, "find_handler(%s)", line);
 
+	if (config->secure) {
+		res = bsearch(&d, security_handlers,
+				sizeof(security_handlers) / sizeof(struct cmd_handler),
+				sizeof(struct cmd_handler), handler_compare);
+		return res;
+	}
+
 	bool config_loading = config->reading || !config->active;
 
 	if (!config_loading) {

sway/commands/permit.c

@@ -0,0 +1,12 @@
+#include "sway/commands.h"
+
+struct cmd_results *cmd_permit(int argc, char **argv) {
+	struct cmd_results *error = NULL;
+	if ((error = checkarg(argc, "permit", EXPECTED_AT_LEAST, 2))) {
+		return error;
+	}
+
+	// TODO
+
+	return cmd_results_new(CMD_SUCCESS, NULL, NULL);
+}

sway/commands/reject.c

@@ -0,0 +1,12 @@
+#include "sway/commands.h"
+
+struct cmd_results *cmd_reject(int argc, char **argv) {
+	struct cmd_results *error = NULL;
+	if ((error = checkarg(argc, "reject", EXPECTED_AT_LEAST, 2))) {
+		return error;
+	}
+
+	// TODO
+
+	return cmd_results_new(CMD_SUCCESS, NULL, NULL);
+}

sway/config.c

@@ -439,6 +439,7 @@ bool load_main_config(const char *file, bool is_active, bool validating) {
 		closedir(dir);
 
 		list_qsort(secconfigs, qstrcmp);
+
 		for (int i = 0; i < secconfigs->length; ++i) {
 			char *_path = secconfigs->items[i];
 			if (stat(_path, &s) || s.st_uid != 0 || s.st_gid != 0 ||

sway/main.c

@@ -200,6 +200,9 @@ void enable_debug_flag(const char *flag) {
 		debug.damage = DAMAGE_HIGHLIGHT;
 	} else if (strcmp(flag, "damage=rerender") == 0) {
 		debug.damage = DAMAGE_RERENDER;
+	} else if (strcmp(flag, "insecure") == 0) {
+		debug.insecure = true;
+		wlr_log(WLR_ERROR, "!!! DANGER !!! Sway is running in insecure mode.");
 	} else if (strcmp(flag, "noatomic") == 0) {
 		debug.noatomic = true;
 	} else if (strcmp(flag, "render-tree") == 0) {

sway/meson.build

@@ -156,6 +156,9 @@ sway_sources = files(
 	'commands/output/scale.c',
 	'commands/output/transform.c',
 
+	'commands/permit.c',
+	'commands/reject.c',
+
 	'tree/arrange.c',
 	'tree/container.c',
 	'tree/node.c',

sway/security.c

@@ -1,6 +1,22 @@
-#define _XOPEN_SOURCE 700
+#define _POSIX_C_SOURCE 200809L
 #include <stdlib.h>
 #include <string.h>
 #include "sway/security.h"
 
-// TODO
+struct feature_policy *get_feature_policy(
+		struct sway_config *config, const char *program) {
+	if (!program) {
+		return &config->default_policy;
+	}
+
+	struct feature_policy *policy;
+	for (int i = 0; i < config->feature_policies->length; ++i) {
+		policy = config->feature_policies->items[i];
+		if (strcmp(policy->program, program) == 0) {
+			return policy;
+		}
+	}
+	policy = calloc(1, sizeof(struct feature_policy));
+	policy->program = strdup(program);
+	return policy;
+}