Add support for command policies in config file

include/sway/commands.h

@@ -18,7 +18,10 @@ enum cmd_status {
 	CMD_BLOCK_MODE,
 	CMD_BLOCK_BAR,
 	CMD_BLOCK_BAR_COLORS,
-	CMD_BLOCK_INPUT
+	CMD_BLOCK_INPUT,
+	CMD_BLOCK_COMMANDS,
+	CMD_BLOCK_IPC,
+	CMD_BLOCK_IPC_EVENTS,
 };
 
 /**
@@ -58,6 +61,10 @@ struct cmd_results *handle_command(char *command);
  * Do not use this under normal conditions.
  */
 struct cmd_results *config_command(char *command, enum cmd_status block);
+/*
+ * Parses a command policy rule.
+ */
+struct cmd_results *config_commands_command(char *exec);
 
 /**
  * Allocates a cmd_results object.
@@ -93,6 +100,7 @@ sway_cmd cmd_client_unfocused;
 sway_cmd cmd_client_urgent;
 sway_cmd cmd_client_placeholder;
 sway_cmd cmd_client_background;
+sway_cmd cmd_commands;
 sway_cmd cmd_debuglog;
 sway_cmd cmd_exec;
 sway_cmd cmd_exec_always;

include/sway/security.h

@@ -7,5 +7,6 @@ enum secure_feature get_feature_policy(pid_t pid);
 enum command_context get_command_policy(const char *cmd);
 
 struct feature_policy *alloc_feature_policy(const char *program);
+struct command_policy *alloc_command_policy(const char *command);
 
 #endif

sway/commands.c

@@ -26,6 +26,7 @@
 #include "sway/input_state.h"
 #include "sway/criteria.h"
 #include "sway/ipc-server.h"
+#include "sway/security.h"
 #include "sway/input.h"
 #include "sway/border.h"
 #include "stringop.h"
@@ -158,6 +159,7 @@ static struct cmd_handler handlers[] = {
 	{ "client.placeholder", cmd_client_placeholder },
 	{ "client.unfocused", cmd_client_unfocused },
 	{ "client.urgent", cmd_client_urgent },
+	{ "commands", cmd_commands },
 	{ "debuglog", cmd_debuglog },
 	{ "default_orientation", cmd_orientation },
 	{ "exec", cmd_exec },
@@ -460,7 +462,85 @@ struct cmd_results *config_command(char *exec, enum cmd_status block) {
 	} else {
 		results = cmd_results_new(CMD_INVALID, argv[0], "This command is shimmed, but unimplemented");
 	}
-	cleanup:
+
+cleanup:
+	free_argv(argc, argv);
+	return results;
+}
+
+struct cmd_results *config_commands_command(char *exec) {
+	struct cmd_results *results = NULL;
+	int argc;
+	char **argv = split_args(exec, &argc);
+	if (!argc) {
+		results = cmd_results_new(CMD_SUCCESS, NULL, NULL);
+		goto cleanup;
+	}
+
+	// Find handler for the command this is setting a policy for
+	char *cmd = argv[0];
+
+	if (strcmp(cmd, "}") == 0) {
+		results = cmd_results_new(CMD_BLOCK_END, NULL, NULL);
+		goto cleanup;
+	}
+
+	struct cmd_handler *handler = find_handler(cmd, CMD_BLOCK_END);
+	if (!handler) {
+		char *input = cmd ? cmd : "(empty)";
+		results = cmd_results_new(CMD_INVALID, input, "Unknown/invalid command");
+		goto cleanup;
+	}
+
+	enum command_context context = 0;
+
+	struct {
+		char *name;
+		enum command_context context;
+	} context_names[] = {
+		{ "config", CONTEXT_CONFIG },
+		{ "binding", CONTEXT_BINDING },
+		{ "ipc", CONTEXT_IPC },
+		{ "criteria", CONTEXT_CRITERIA },
+		{ "all", CONTEXT_ALL },
+	};
+	size_t names_len = 5;
+
+	for (int i = 1; i < argc; ++i) {
+		size_t j;
+		for (j = 0; j < names_len; ++j) {
+			if (strcmp(context_names[j].name, argv[i]) == 0) {
+				break;
+			}
+		}
+		if (j == names_len) {
+			results = cmd_results_new(CMD_INVALID, cmd,
+					"Invalid command context %s", argv[i]);
+			goto cleanup;
+		}
+		context |= context_names[j].context;
+	}
+
+	struct command_policy *policy = NULL;
+	for (int i = 0; i < config->command_policies->length; ++i) {
+		struct command_policy *p = config->command_policies->items[i];
+		if (strcmp(p->command, cmd) == 0) {
+			policy = p;
+			break;
+		}
+	}
+	if (!policy) {
+		policy = alloc_command_policy(cmd);
+		list_add(config->command_policies, policy);
+	}
+	policy->context = context;
+
+	sway_log(L_INFO, "Set command policy for %s to %d",
+			policy->command, policy->context);
+
+	results = cmd_results_new(CMD_SUCCESS, NULL, NULL);
+
+cleanup:
 	free_argv(argc, argv);
 	return results;
 }

sway/commands/commands.c

@@ -0,0 +1,23 @@
+#include <stdbool.h>
+#include <string.h>
+#include "sway/commands.h"
+#include "sway/config.h"
+#include "list.h"
+#include "log.h"
+
+struct cmd_results *cmd_commands(int argc, char **argv) {
+	struct cmd_results *error = NULL;
+	if ((error = checkarg(argc, "commands", EXPECTED_EQUAL_TO, 1))) {
+		return error;
+	}
+
+	if (strcmp(argv[0], "{") != 0) {
+		return cmd_results_new(CMD_FAILURE, "commands", "Expected block declaration");
+	}
+
+	if (!config->reading) {
+		return cmd_results_new(CMD_FAILURE, "commands", "Can only be used in config file.");
+	}
+
+	return cmd_results_new(CMD_BLOCK_COMMANDS, NULL, NULL);
+}

sway/commands/permit.c

@@ -20,8 +20,7 @@ static enum secure_feature get_features(int argc, char **argv,
 		{ "keyboard", FEATURE_KEYBOARD },
 		{ "mouse", FEATURE_MOUSE },
 	};
-	size_t names_len = sizeof(feature_names) /
+	size_t names_len = 7;
-		(sizeof(char *) + sizeof(enum secure_feature));
 
 	for (int i = 1; i < argc; ++i) {
 		size_t j;

sway/config.c

@@ -580,7 +580,13 @@ bool read_config(FILE *file, struct sway_config *config) {
 			free(line);
 			continue;
 		}
-		struct cmd_results *res = config_command(line, block);
+		struct cmd_results *res;
+		if (block == CMD_BLOCK_COMMANDS) {
+			// Special case
+			res = config_commands_command(line);
+		} else {
+			res = config_command(line, block);
+		}
 		switch(res->status) {
 		case CMD_FAILURE:
 		case CMD_INVALID:
@@ -626,6 +632,14 @@ bool read_config(FILE *file, struct sway_config *config) {
 			}
 			break;
 
+		case CMD_BLOCK_COMMANDS:
+			if (block == CMD_BLOCK_END) {
+				block = CMD_BLOCK_COMMANDS;
+			} else {
+				sway_log(L_ERROR, "Invalid block '%s'", line);
+			}
+			break;
+
 		case CMD_BLOCK_END:
 			switch(block) {
 			case CMD_BLOCK_MODE:
@@ -651,6 +665,11 @@ bool read_config(FILE *file, struct sway_config *config) {
 				block = CMD_BLOCK_BAR;
 				break;
 
+			case CMD_BLOCK_COMMANDS:
+				sway_log(L_DEBUG, "End of commands block");
+				block = CMD_BLOCK_END;
+				break;
+
 			case CMD_BLOCK_END:
 				sway_log(L_ERROR, "Unmatched }");
 				break;

sway/security.c

@@ -11,6 +11,13 @@ struct feature_policy *alloc_feature_policy(const char *program) {
 	return policy;
 }
 
+struct command_policy *alloc_command_policy(const char *command) {
+	struct command_policy *policy = malloc(sizeof(struct command_policy));
+	policy->command = strdup(command);
+	policy->context = CONTEXT_ALL;
+	return policy;
+}
+
 enum secure_feature get_feature_policy(pid_t pid) {
 	const char *fmt = "/proc/%d/exe";
 	int pathlen = snprintf(NULL, 0, fmt, pid);
@@ -50,9 +57,6 @@ enum command_context get_command_policy(const char *cmd) {
 
 	for (int i = 0; i < config->command_policies->length; ++i) {
 		struct command_policy *policy = config->command_policies->items[i];
-		if (strcmp(policy->command, "*") == 0) {
-			default_policy = policy->context;
-		}
 		if (strcmp(policy->command, cmd) == 0) {
 			return policy->context;
 		}