Add security checks for background, panel, lock
This commit is contained in:
parent
76cab04b4d
commit
21e1b2bef3
|
@ -7,6 +7,7 @@
|
||||||
#include "sway/layout.h"
|
#include "sway/layout.h"
|
||||||
#include "sway/input_state.h"
|
#include "sway/input_state.h"
|
||||||
#include "sway/extensions.h"
|
#include "sway/extensions.h"
|
||||||
|
#include "sway/security.h"
|
||||||
#include "sway/ipc-server.h"
|
#include "sway/ipc-server.h"
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
|
|
||||||
|
@ -68,6 +69,12 @@ void lock_surface_destructor(struct wl_resource *resource) {
|
||||||
|
|
||||||
static void set_background(struct wl_client *client, struct wl_resource *resource,
|
static void set_background(struct wl_client *client, struct wl_resource *resource,
|
||||||
struct wl_resource *_output, struct wl_resource *surface) {
|
struct wl_resource *_output, struct wl_resource *surface) {
|
||||||
|
pid_t pid;
|
||||||
|
wl_client_get_credentials(client, &pid, NULL, NULL);
|
||||||
|
if (!(get_feature_policy(pid) & FEATURE_BACKGROUND)) {
|
||||||
|
sway_log(L_INFO, "Denying background feature to %d", pid);
|
||||||
|
return;
|
||||||
|
}
|
||||||
wlc_handle output = wlc_handle_from_wl_output_resource(_output);
|
wlc_handle output = wlc_handle_from_wl_output_resource(_output);
|
||||||
if (!output) {
|
if (!output) {
|
||||||
return;
|
return;
|
||||||
|
@ -86,6 +93,12 @@ static void set_background(struct wl_client *client, struct wl_resource *resourc
|
||||||
|
|
||||||
static void set_panel(struct wl_client *client, struct wl_resource *resource,
|
static void set_panel(struct wl_client *client, struct wl_resource *resource,
|
||||||
struct wl_resource *_output, struct wl_resource *surface) {
|
struct wl_resource *_output, struct wl_resource *surface) {
|
||||||
|
pid_t pid;
|
||||||
|
wl_client_get_credentials(client, &pid, NULL, NULL);
|
||||||
|
if (!(get_feature_policy(pid) & FEATURE_PANEL)) {
|
||||||
|
sway_log(L_INFO, "Denying panel feature to %d", pid);
|
||||||
|
return;
|
||||||
|
}
|
||||||
wlc_handle output = wlc_handle_from_wl_output_resource(_output);
|
wlc_handle output = wlc_handle_from_wl_output_resource(_output);
|
||||||
if (!output) {
|
if (!output) {
|
||||||
return;
|
return;
|
||||||
|
@ -111,6 +124,12 @@ static void desktop_unlock(struct wl_client *client, struct wl_resource *resourc
|
||||||
|
|
||||||
static void set_lock_surface(struct wl_client *client, struct wl_resource *resource,
|
static void set_lock_surface(struct wl_client *client, struct wl_resource *resource,
|
||||||
struct wl_resource *_output, struct wl_resource *surface) {
|
struct wl_resource *_output, struct wl_resource *surface) {
|
||||||
|
pid_t pid;
|
||||||
|
wl_client_get_credentials(client, &pid, NULL, NULL);
|
||||||
|
if (!(get_feature_policy(pid) & FEATURE_LOCK)) {
|
||||||
|
sway_log(L_INFO, "Denying lock feature to %d", pid);
|
||||||
|
return;
|
||||||
|
}
|
||||||
swayc_t *output = swayc_by_handle(wlc_handle_from_wl_output_resource(_output));
|
swayc_t *output = swayc_by_handle(wlc_handle_from_wl_output_resource(_output));
|
||||||
swayc_t *view = swayc_by_handle(wlc_handle_from_wl_surface_resource(surface));
|
swayc_t *view = swayc_by_handle(wlc_handle_from_wl_surface_resource(surface));
|
||||||
sway_log(L_DEBUG, "Setting lock surface to %p", view);
|
sway_log(L_DEBUG, "Setting lock surface to %p", view);
|
||||||
|
@ -155,6 +174,12 @@ static void desktop_ready(struct wl_client *client, struct wl_resource *resource
|
||||||
}
|
}
|
||||||
|
|
||||||
static void set_panel_position(struct wl_client *client, struct wl_resource *resource, uint32_t position) {
|
static void set_panel_position(struct wl_client *client, struct wl_resource *resource, uint32_t position) {
|
||||||
|
pid_t pid;
|
||||||
|
wl_client_get_credentials(client, &pid, NULL, NULL);
|
||||||
|
if (!(get_feature_policy(pid) & FEATURE_PANEL)) {
|
||||||
|
sway_log(L_INFO, "Denying panel feature to %d", pid);
|
||||||
|
return;
|
||||||
|
}
|
||||||
struct panel_config *config = find_or_create_panel_config(resource);
|
struct panel_config *config = find_or_create_panel_config(resource);
|
||||||
sway_log(L_DEBUG, "Panel position for wl_resource %p changed %d => %d", resource, config->panel_position, position);
|
sway_log(L_DEBUG, "Panel position for wl_resource %p changed %d => %d", resource, config->panel_position, position);
|
||||||
config->panel_position = position;
|
config->panel_position = position;
|
||||||
|
|
|
@ -34,7 +34,7 @@ enum secure_feature get_feature_policy(pid_t pid) {
|
||||||
|
|
||||||
for (int i = 0; i < config->feature_policies->length; ++i) {
|
for (int i = 0; i < config->feature_policies->length; ++i) {
|
||||||
struct feature_policy *policy = config->feature_policies->items[i];
|
struct feature_policy *policy = config->feature_policies->items[i];
|
||||||
if (strcmp(policy->program, "*")) {
|
if (strcmp(policy->program, "*") == 0) {
|
||||||
default_policy = policy->features;
|
default_policy = policy->features;
|
||||||
}
|
}
|
||||||
if (strcmp(policy->program, link) == 0) {
|
if (strcmp(policy->program, link) == 0) {
|
||||||
|
@ -50,7 +50,7 @@ enum command_context get_command_policy(const char *cmd) {
|
||||||
|
|
||||||
for (int i = 0; i < config->command_policies->length; ++i) {
|
for (int i = 0; i < config->command_policies->length; ++i) {
|
||||||
struct command_policy *policy = config->command_policies->items[i];
|
struct command_policy *policy = config->command_policies->items[i];
|
||||||
if (strcmp(policy->command, "*")) {
|
if (strcmp(policy->command, "*") == 0) {
|
||||||
default_policy = policy->context;
|
default_policy = policy->context;
|
||||||
}
|
}
|
||||||
if (strcmp(policy->command, cmd) == 0) {
|
if (strcmp(policy->command, cmd) == 0) {
|
||||||
|
|
Loading…
Reference in a new issue