kossLAN/wry
1
0
Fork 0
forked from wry/wry
Code Pull requests Activity

Merge pull request #143 from mahkoh/jorth/config-run-privileged

Browse source 
config: allow running commands privileged
This commit is contained in:
mahkoh 2024-04-01 13:26:21 +02:00 committed by GitHub
commit 12681f42b0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
11 changed files with 74 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

6
jay-config/src/_private/client.rs
View file

@ -944,6 +944,12 @@ impl Client {
})
}
pub fn get_socket_path(&self) -> Option<String> {
let res = self.send_with_response(&ClientMessage::GetSocketPath);
get_response!(res, None, GetSocketPath { path });
Some(path)
}
pub fn create_pollable(&self, fd: i32) -> Result<PollableId, String> {
let res = self.send_with_response(&ClientMessage::AddPollable { fd });
get_response!(

4
jay-config/src/_private/ipc.rs
View file

@ -431,6 +431,7 @@ pub enum ClientMessage<'a> {
SetExplicitSyncEnabled {
enabled: bool,
},
GetSocketPath,
}
#[derive(Serialize, Deserialize, Debug)]
@ -576,6 +577,9 @@ pub enum Response {
GetInputDeviceDevnode {
devnode: String,
},
GetSocketPath {
path: String,
},
}
#[derive(Serialize, Deserialize, Debug)]

15
jay-config/src/exec.rs
View file

@ -82,6 +82,21 @@ impl Command {
self.fd(2, fd)
}
/// Runs the application with access to privileged wayland protocols.
///
/// The default is `false`.
pub fn privileged(&mut self) -> &mut Self {
match get!(self).get_socket_path() {
Some(path) => {
self.env("WAYLAND_DISPLAY", &format!("{path}.jay"));
}
_ => {
log::error!("Compositor did not send the socket path");
}
}
self
}
/// Executes the command.
///
/// This consumes all attached file descriptors.

14
src/config/handler.rs
View file

@ -804,6 +804,19 @@ impl ConfigProxyHandler {
self.state.explicit_sync_enabled.set(enabled);
}
fn handle_get_socket_path(&self) {
match self.state.acceptor.get() {
Some(a) => {
self.respond(Response::GetSocketPath {
path: a.socket_name().to_string(),
});
}
_ => {
log::warn!("There is no acceptor");
}
}
}
fn handle_connector_connected(&self, connector: Connector) -> Result<(), CphError> {
let connector = self.get_connector(connector)?;
self.respond(Response::ConnectorConnected {
@ -1732,6 +1745,7 @@ impl ConfigProxyHandler {
ClientMessage::SetExplicitSyncEnabled { enabled } => {
self.handle_set_explicit_sync_enabled(enabled)
}
ClientMessage::GetSocketPath => self.handle_get_socket_path(),
}
Ok(())
}

1
toml-config/src/config.rs
View file

@ -245,6 +245,7 @@ pub struct Exec {
pub prog: String,
pub args: Vec<String>,
pub envs: Vec<(String, String)>,
pub privileged: bool,
}
#[derive(Debug, Clone)]

15
toml-config/src/config/parsers/exec.rs
View file

@ -2,7 +2,7 @@ use {
crate::{
config::{
context::Context,
extractor::{arr, opt, str, val, Extractor, ExtractorError},
extractor::{arr, bol, opt, recover, str, val, Extractor, ExtractorError},
parser::{DataType, ParseResult, Parser, UnexpectedDataType},
parsers::{
env::{EnvParser, EnvParserError},
@ -11,7 +11,7 @@ use {
Exec,
},
toml::{
toml_span::{Span, Spanned, SpannedExt},
toml_span::{DespanExt, Span, Spanned, SpannedExt},
toml_value::Value,
},
},
@ -45,6 +45,7 @@ impl Parser for ExecParser<'_> {
prog: string.to_string(),
args: vec![],
envs: vec![],
privileged: false,
})
}
@ -61,6 +62,7 @@ impl Parser for ExecParser<'_> {
prog,
args,
envs: vec![],
privileged: false,
})
}
@ -70,8 +72,12 @@ impl Parser for ExecParser<'_> {
table: &IndexMap<Spanned<String>, Spanned<Value>>,
) -> ParseResult<Self> {
let mut ext = Extractor::new(self.0, span, table);
let (prog, args_val, envs_val) =
ext.extract((str("prog"), opt(arr("args")), opt(val("env"))))?;
let (prog, args_val, envs_val, privileged) = ext.extract((
str("prog"),
opt(arr("args")),
opt(val("env")),
recover(opt(bol("privileged"))),
))?;
let mut args = vec![];
if let Some(args_val) = args_val {
for arg in args_val.value {
@ -86,6 +92,7 @@ impl Parser for ExecParser<'_> {
prog: prog.value.to_string(),
args,
envs,
privileged: privileged.despan().unwrap_or(false),
})
}
}

2
toml-config/src/default-config.toml
View file

@ -7,7 +7,7 @@ keymap = """
};
"""
on-graphics-initialized = { type = "exec", exec = "mako" }
on-graphics-initialized = { type = "exec", exec = { prog = "mako", privileged = true } }
[shortcuts]
alt-h = "focus-left"

3
toml-config/src/lib.rs
View file

@ -823,6 +823,9 @@ fn create_command(exec: &Exec) -> Command {
for (k, v) in &exec.envs {
command.env(k, v);
}
if exec.privileged {
command.privileged();
}
command
}

4
toml-spec/spec/spec.generated.json
View file

@ -677,6 +677,10 @@
"type": "string",
"description": ""
}
},
"privileged": {
"type": "boolean",
"description": "If `true`, the executable gets access to privileged wayland protocols.\n\nThe default is `false`.\n"
}
},
"required": [

8
toml-spec/spec/spec.generated.md
View file

@ -1308,6 +1308,14 @@ The table has the following fields:
The value of this field should be a table whose values are strings.
- `privileged` (optional):
If `true`, the executable gets access to privileged wayland protocols.
The default is `false`.
The value of this field should be a boolean.
<a name="types-GfxApi"></a>
### `GfxApi`

7
toml-spec/spec/spec.yaml
View file

@ -583,6 +583,13 @@ Exec:
values:
kind: string
description: The environment variables to pass to the executable.
privileged:
kind: boolean
required: false
description: |
If `true`, the executable gets access to privileged wayland protocols.
The default is `false`.
SimpleActionName: