mirrors/sway
1
0
Fork 0
mirror of https://github.com/swaywm/sway.git synced 2025-11-10 13:29:51 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Read configs from /etc/sway/security.d/*

Browse source
This commit is contained in:
Drew DeVault 2017-02-20 07:42:08 -05:00
parent eabfb6c559
commit 126ce571da
9 changed files with 77 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

8
sway/commands/commands.c
View file

@ -10,6 +10,9 @@ struct cmd_results *cmd_commands(int argc, char **argv) {
if ((error = checkarg(argc, "commands", EXPECTED_EQUAL_TO, 1))) {
return error;
}
if ((error = check_security_config())) {
return error;
}
if (strcmp(argv[0], "{") != 0) {
return cmd_results_new(CMD_FAILURE, "commands", "Expected block declaration");
@ -19,10 +22,5 @@ struct cmd_results *cmd_commands(int argc, char **argv) {
return cmd_results_new(CMD_FAILURE, "commands", "Can only be used in config file.");
}
if (!current_config_path || strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) {
return cmd_results_new(CMD_INVALID, "permit",
"This command is only permitted to run from " SYSCONFDIR "/sway/security");
}
return cmd_results_new(CMD_BLOCK_COMMANDS, NULL, NULL);
}

8
sway/commands/ipc.c
View file

@ -14,6 +14,9 @@ struct cmd_results *cmd_ipc(int argc, char **argv) {
if ((error = checkarg(argc, "ipc", EXPECTED_EQUAL_TO, 2))) {
return error;
}
if ((error = check_security_config())) {
return error;
}
const char *program = argv[0];
@ -26,11 +29,6 @@ struct cmd_results *cmd_ipc(int argc, char **argv) {
return cmd_results_new(CMD_FAILURE, "ipc", "Can only be used in config file.");
}
if (!current_config_path || strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) {
return cmd_results_new(CMD_INVALID, "permit",
"This command is only permitted to run from " SYSCONFDIR "/sway/security");
}
current_policy = alloc_ipc_policy(program);
list_add(config->ipc_policies, current_policy);

20
sway/commands/permit.c
View file

@ -62,19 +62,13 @@ struct cmd_results *cmd_permit(int argc, char **argv) {
if ((error = checkarg(argc, "permit", EXPECTED_MORE_THAN, 1))) {
return error;
}
if (!current_config_path || strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) {
return cmd_results_new(CMD_INVALID, "permit",
"This command is only permitted to run from " SYSCONFDIR "/sway/security");
if ((error = check_security_config())) {
return error;
}
struct feature_policy *policy = get_policy(argv[0]);
policy->features |= get_features(argc, argv, &error);
if (error) {
return error;
}
sway_log(L_DEBUG, "Permissions granted to %s for features %d",
policy->program, policy->features);
@ -86,19 +80,13 @@ struct cmd_results *cmd_reject(int argc, char **argv) {
if ((error = checkarg(argc, "reject", EXPECTED_MORE_THAN, 1))) {
return error;
}
if (!current_config_path || strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) {
return cmd_results_new(CMD_INVALID, "permit",
"This command is only permitted to run from " SYSCONFDIR "/sway/security");
if ((error = check_security_config())) {
return error;
}
struct feature_policy *policy = get_policy(argv[0]);
policy->features &= ~get_features(argc, argv, &error);
if (error) {
return error;
}
sway_log(L_DEBUG, "Permissions granted to %s for features %d",
policy->program, policy->features);