Add config related code and initial headers

config.d/security

@@ -37,15 +37,15 @@ ipc {
 
 # Limits the contexts from which certain commands are permitted
 commands {
-    fullscreen bindsym criteria
+    fullscreen binding criteria
     bindsym config
-    exit bindsym
-    kill bindsym
+    exit binding
+    kill binding
 
     # You should not change these unless you know what you're doing - it could
     # cripple your security
-    reload bindsym
-    restart bindsym
+    reload binding
+    restart binding
     permit config
     reject config
     ipc config

include/security.h

@@ -0,0 +1,9 @@
+#ifndef _SWAY_SECURITY_H
+#define _SWAY_SECURITY_H
+#include <unistd.h>
+#include "sway/config.h"
+
+const struct feature_permissions *get_permissions(pid_t pid);
+enum command_context get_command_context(const char *cmd);
+
+#endif

include/sway/config.h

@@ -103,9 +103,6 @@ struct pid_workspace {
 	time_t *time_added;
 };
 
-void pid_workspace_add(struct pid_workspace *pw);
-void free_pid_workspace(struct pid_workspace *pw);
-
 struct bar_config {
 	/**
 	 * One of "dock", "hide", "invisible"
@@ -184,6 +181,35 @@ enum edge_border_types {
 	E_BOTH		/**< hide vertical and horizontal edge borders */
 };
 
+enum command_context {
+	CONTEXT_CONFIG = 1,
+	CONTEXT_BINDING = 2,
+	CONTEXT_IPC = 4,
+	CONTEXT_CRITERIA = 8,
+	CONTEXT_ALL = 0xFFFFFFFF,
+};
+
+struct command_policy {
+	char *command;
+	enum command_context context;
+};
+
+enum secure_feature {
+	FEATURE_LOCK = 1,
+	FEATURE_PANEL = 2,
+	FEATURE_BACKGROUND = 4,
+	FEATURE_SCREENSHOT = 8,
+	FEATURE_FULLSCREEN = 16,
+	FEATURE_KEYBOARD = 32,
+	FEATURE_MOUSE = 64,
+};
+
+struct feature_policy {
+	char *program;
+	bool permit;
+	enum secure_feature features;
+};
+
 /**
  * The configuration struct. The result of loading a config file.
  */
@@ -252,8 +278,15 @@ struct sway_config {
 	int32_t floating_maximum_height;
 	int32_t floating_minimum_width;
 	int32_t floating_minimum_height;
+
+	// Security
+	list_t *command_policies;
+	list_t *feature_policies;
 };
 
+void pid_workspace_add(struct pid_workspace *pw);
+void free_pid_workspace(struct pid_workspace *pw);
+
 /**
  * Loads the main config from the given path. is_active should be true when
  * reloading the config.

sway/config.c

@@ -167,6 +167,16 @@ void free_pid_workspace(struct pid_workspace *pw) {
 	free(pw);
 }
 
+void free_command_policy(struct command_policy *policy) {
+	free(policy->command);
+	free(policy);
+}
+
+void free_feature_policy(struct feature_policy *policy) {
+	free(policy->program);
+	free(policy);
+}
+
 void free_config(struct sway_config *config) {
 	int i;
 	for (i = 0; i < config->symbols->length; ++i) {
@@ -211,6 +221,16 @@ void free_config(struct sway_config *config) {
 	}
 	list_free(config->output_configs);
 
+	for (i = 0; i < config->command_policies->length; ++i) {
+		free_command_policy(config->command_policies->items[i]);
+	}
+	list_free(config->command_policies);
+
+	for (i = 0; i < config->feature_policies->length; ++i) {
+		free_feature_policy(config->feature_policies->items[i]);
+	}
+	list_free(config->feature_policies);
+
 	list_free(config->active_bar_modifiers);
 	free_flat_list(config->config_chain);
 	free(config->font);
@@ -321,6 +341,10 @@ static void config_defaults(struct sway_config *config) {
 	config->border_colors.placeholder.child_border = 0x0C0C0CFF;
 
 	config->border_colors.background = 0xFFFFFFFF;
+
+	// Security
+	config->command_policies = create_list();
+	config->feature_policies = create_list();
 }
 
 static int compare_modifiers(const void *left, const void *right) {