Change how security config is loaded

sway/commands/commands.c

@@ -19,5 +19,10 @@ struct cmd_results *cmd_commands(int argc, char **argv) {
 		return cmd_results_new(CMD_FAILURE, "commands", "Can only be used in config file.");
 	}
 
+	if (!current_config_path || strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) {
+		return cmd_results_new(CMD_INVALID, "permit",
+				"This command is only permitted to run from " SYSCONFDIR "/sway/security");
+	}
+
 	return cmd_results_new(CMD_BLOCK_COMMANDS, NULL, NULL);
 }

sway/commands/ipc.c

@@ -21,6 +21,11 @@ struct cmd_results *cmd_ipc(int argc, char **argv) {
 		return cmd_results_new(CMD_FAILURE, "ipc", "Can only be used in config file.");
 	}
 
+	if (!current_config_path || strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) {
+		return cmd_results_new(CMD_INVALID, "permit",
+				"This command is only permitted to run from " SYSCONFDIR "/sway/security");
+	}
+
 	return cmd_results_new(CMD_BLOCK_IPC, NULL, NULL);
 }
 

sway/commands/permit.c

@@ -64,6 +64,11 @@ struct cmd_results *cmd_permit(int argc, char **argv) {
 		return error;
 	}
 
+	if (!current_config_path || strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) {
+		return cmd_results_new(CMD_INVALID, "permit",
+				"This command is only permitted to run from " SYSCONFDIR "/sway/security");
+	}
+
 	struct feature_policy *policy = get_policy(argv[0]);
 	policy->features |= get_features(argc, argv, &error);
 
@@ -83,6 +88,11 @@ struct cmd_results *cmd_reject(int argc, char **argv) {
 		return error;
 	}
 
+	if (!current_config_path || strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) {
+		return cmd_results_new(CMD_INVALID, "permit",
+				"This command is only permitted to run from " SYSCONFDIR "/sway/security");
+	}
+
 	struct feature_policy *policy = get_policy(argv[0]);
 	policy->features &= ~get_features(argc, argv, &error);