From f23880b1fdd70a21b04317c18208a1f3ce356839 Mon Sep 17 00:00:00 2001 From: Drew DeVault Date: Fri, 2 Dec 2016 08:10:03 -0500 Subject: [PATCH] Add support for command policies in config file --- include/sway/commands.h | 10 ++++- include/sway/security.h | 1 + sway/commands.c | 82 +++++++++++++++++++++++++++++++++++++++- sway/commands/commands.c | 23 +++++++++++ sway/commands/permit.c | 3 +- sway/config.c | 21 +++++++++- sway/security.c | 10 +++-- 7 files changed, 142 insertions(+), 8 deletions(-) create mode 100644 sway/commands/commands.c diff --git a/include/sway/commands.h b/include/sway/commands.h index 1d5d56ac0..ccc3cf584 100644 --- a/include/sway/commands.h +++ b/include/sway/commands.h @@ -18,7 +18,10 @@ enum cmd_status { CMD_BLOCK_MODE, CMD_BLOCK_BAR, CMD_BLOCK_BAR_COLORS, - CMD_BLOCK_INPUT + CMD_BLOCK_INPUT, + CMD_BLOCK_COMMANDS, + CMD_BLOCK_IPC, + CMD_BLOCK_IPC_EVENTS, }; /** @@ -58,6 +61,10 @@ struct cmd_results *handle_command(char *command); * Do not use this under normal conditions. */ struct cmd_results *config_command(char *command, enum cmd_status block); +/* + * Parses a command policy rule. + */ +struct cmd_results *config_commands_command(char *exec); /** * Allocates a cmd_results object. @@ -93,6 +100,7 @@ sway_cmd cmd_client_unfocused; sway_cmd cmd_client_urgent; sway_cmd cmd_client_placeholder; sway_cmd cmd_client_background; +sway_cmd cmd_commands; sway_cmd cmd_debuglog; sway_cmd cmd_exec; sway_cmd cmd_exec_always; diff --git a/include/sway/security.h b/include/sway/security.h index ae2de0d80..aa51fd815 100644 --- a/include/sway/security.h +++ b/include/sway/security.h @@ -7,5 +7,6 @@ enum secure_feature get_feature_policy(pid_t pid); enum command_context get_command_policy(const char *cmd); struct feature_policy *alloc_feature_policy(const char *program); +struct command_policy *alloc_command_policy(const char *command); #endif diff --git a/sway/commands.c b/sway/commands.c index e2bafcb2d..0bfe9d13f 100644 --- a/sway/commands.c +++ b/sway/commands.c @@ -26,6 +26,7 @@ #include "sway/input_state.h" #include "sway/criteria.h" #include "sway/ipc-server.h" +#include "sway/security.h" #include "sway/input.h" #include "sway/border.h" #include "stringop.h" @@ -158,6 +159,7 @@ static struct cmd_handler handlers[] = { { "client.placeholder", cmd_client_placeholder }, { "client.unfocused", cmd_client_unfocused }, { "client.urgent", cmd_client_urgent }, + { "commands", cmd_commands }, { "debuglog", cmd_debuglog }, { "default_orientation", cmd_orientation }, { "exec", cmd_exec }, @@ -460,7 +462,85 @@ struct cmd_results *config_command(char *exec, enum cmd_status block) { } else { results = cmd_results_new(CMD_INVALID, argv[0], "This command is shimmed, but unimplemented"); } - cleanup: + +cleanup: + free_argv(argc, argv); + return results; +} + +struct cmd_results *config_commands_command(char *exec) { + struct cmd_results *results = NULL; + int argc; + char **argv = split_args(exec, &argc); + if (!argc) { + results = cmd_results_new(CMD_SUCCESS, NULL, NULL); + goto cleanup; + } + + // Find handler for the command this is setting a policy for + char *cmd = argv[0]; + + if (strcmp(cmd, "}") == 0) { + results = cmd_results_new(CMD_BLOCK_END, NULL, NULL); + goto cleanup; + } + + struct cmd_handler *handler = find_handler(cmd, CMD_BLOCK_END); + if (!handler) { + char *input = cmd ? cmd : "(empty)"; + results = cmd_results_new(CMD_INVALID, input, "Unknown/invalid command"); + goto cleanup; + } + + enum command_context context = 0; + + struct { + char *name; + enum command_context context; + } context_names[] = { + { "config", CONTEXT_CONFIG }, + { "binding", CONTEXT_BINDING }, + { "ipc", CONTEXT_IPC }, + { "criteria", CONTEXT_CRITERIA }, + { "all", CONTEXT_ALL }, + }; + size_t names_len = 5; + + for (int i = 1; i < argc; ++i) { + size_t j; + for (j = 0; j < names_len; ++j) { + if (strcmp(context_names[j].name, argv[i]) == 0) { + break; + } + } + if (j == names_len) { + results = cmd_results_new(CMD_INVALID, cmd, + "Invalid command context %s", argv[i]); + goto cleanup; + } + context |= context_names[j].context; + } + + struct command_policy *policy = NULL; + for (int i = 0; i < config->command_policies->length; ++i) { + struct command_policy *p = config->command_policies->items[i]; + if (strcmp(p->command, cmd) == 0) { + policy = p; + break; + } + } + if (!policy) { + policy = alloc_command_policy(cmd); + list_add(config->command_policies, policy); + } + policy->context = context; + + sway_log(L_INFO, "Set command policy for %s to %d", + policy->command, policy->context); + + results = cmd_results_new(CMD_SUCCESS, NULL, NULL); + +cleanup: free_argv(argc, argv); return results; } diff --git a/sway/commands/commands.c b/sway/commands/commands.c new file mode 100644 index 000000000..5d248e30d --- /dev/null +++ b/sway/commands/commands.c @@ -0,0 +1,23 @@ +#include +#include +#include "sway/commands.h" +#include "sway/config.h" +#include "list.h" +#include "log.h" + +struct cmd_results *cmd_commands(int argc, char **argv) { + struct cmd_results *error = NULL; + if ((error = checkarg(argc, "commands", EXPECTED_EQUAL_TO, 1))) { + return error; + } + + if (strcmp(argv[0], "{") != 0) { + return cmd_results_new(CMD_FAILURE, "commands", "Expected block declaration"); + } + + if (!config->reading) { + return cmd_results_new(CMD_FAILURE, "commands", "Can only be used in config file."); + } + + return cmd_results_new(CMD_BLOCK_COMMANDS, NULL, NULL); +} diff --git a/sway/commands/permit.c b/sway/commands/permit.c index 8a7bb98cc..258ea5b27 100644 --- a/sway/commands/permit.c +++ b/sway/commands/permit.c @@ -20,8 +20,7 @@ static enum secure_feature get_features(int argc, char **argv, { "keyboard", FEATURE_KEYBOARD }, { "mouse", FEATURE_MOUSE }, }; - size_t names_len = sizeof(feature_names) / - (sizeof(char *) + sizeof(enum secure_feature)); + size_t names_len = 7; for (int i = 1; i < argc; ++i) { size_t j; diff --git a/sway/config.c b/sway/config.c index a2f6a7282..e55c6dea2 100644 --- a/sway/config.c +++ b/sway/config.c @@ -580,7 +580,13 @@ bool read_config(FILE *file, struct sway_config *config) { free(line); continue; } - struct cmd_results *res = config_command(line, block); + struct cmd_results *res; + if (block == CMD_BLOCK_COMMANDS) { + // Special case + res = config_commands_command(line); + } else { + res = config_command(line, block); + } switch(res->status) { case CMD_FAILURE: case CMD_INVALID: @@ -626,6 +632,14 @@ bool read_config(FILE *file, struct sway_config *config) { } break; + case CMD_BLOCK_COMMANDS: + if (block == CMD_BLOCK_END) { + block = CMD_BLOCK_COMMANDS; + } else { + sway_log(L_ERROR, "Invalid block '%s'", line); + } + break; + case CMD_BLOCK_END: switch(block) { case CMD_BLOCK_MODE: @@ -651,6 +665,11 @@ bool read_config(FILE *file, struct sway_config *config) { block = CMD_BLOCK_BAR; break; + case CMD_BLOCK_COMMANDS: + sway_log(L_DEBUG, "End of commands block"); + block = CMD_BLOCK_END; + break; + case CMD_BLOCK_END: sway_log(L_ERROR, "Unmatched }"); break; diff --git a/sway/security.c b/sway/security.c index a4cecf16b..670cae56e 100644 --- a/sway/security.c +++ b/sway/security.c @@ -11,6 +11,13 @@ struct feature_policy *alloc_feature_policy(const char *program) { return policy; } +struct command_policy *alloc_command_policy(const char *command) { + struct command_policy *policy = malloc(sizeof(struct command_policy)); + policy->command = strdup(command); + policy->context = CONTEXT_ALL; + return policy; +} + enum secure_feature get_feature_policy(pid_t pid) { const char *fmt = "/proc/%d/exe"; int pathlen = snprintf(NULL, 0, fmt, pid); @@ -50,9 +57,6 @@ enum command_context get_command_policy(const char *cmd) { for (int i = 0; i < config->command_policies->length; ++i) { struct command_policy *policy = config->command_policies->items[i]; - if (strcmp(policy->command, "*") == 0) { - default_policy = policy->context; - } if (strcmp(policy->command, cmd) == 0) { return policy->context; }