Improve The Security Model

INSTALL.md

@@ -10,7 +10,6 @@ We have packaged `swhkd-git`. `swhkd-bin` has been packaged separately by a user
 
 **Runtime:**
 
--   Policy Kit Daemon ( polkit )
 -   Uinput kernel module
 -   Evdev kernel module
 
@@ -34,5 +33,5 @@ We have packaged `swhkd-git`. `swhkd-bin` has been packaged separately by a user
 
 ```
 swhks &
-pkexec swhkd
+swhkd
 ```

Makefile

@@ -4,8 +4,6 @@ DESTDIR ?= "/"
 DAEMON_BINARY := swhkd
 SERVER_BINARY := swhks
 BUILDFLAGS := --release
-POLKIT_DIR := /usr/share/polkit-1/actions
-POLKIT_POLICY_FILE := com.github.swhkd.pkexec.policy
 TARGET_DIR := /usr/bin
 MAN1_DIR := /usr/share/man/man1
 MAN5_DIR := /usr/share/man/man5
@@ -15,19 +13,17 @@ all: build
 
 build:
 	@cargo build $(BUILDFLAGS)
-	@./scripts/build-polkit-policy.sh \
-		--policy-path=$(POLKIT_POLICY_FILE) \
-		--swhkd-path=$(TARGET_DIR)/$(DAEMON_BINARY)
 
 install:
 	@find ./docs -type f -iname "*.1.gz" \
 		-exec install -Dm 644 {} -t $(DESTDIR)/$(MAN1_DIR) \;
 	@find ./docs -type f -iname "*.5.gz" \
 		-exec install -Dm 644 {} -t $(DESTDIR)/$(MAN5_DIR) \;
 	@install -Dm 755 ./target/release/$(DAEMON_BINARY) -t $(DESTDIR)/$(TARGET_DIR)
+	@sudo chown root:root $(DESTDIR)/$(TARGET_DIR)/$(DAEMON_BINARY)
+	@sudo chmod u+s $(DESTDIR)/$(TARGET_DIR)/$(DAEMON_BINARY)
 	@install -Dm 755 ./target/release/$(SERVER_BINARY) -t $(DESTDIR)/$(TARGET_DIR)
-	@install -Dm 644 -o root ./$(POLKIT_POLICY_FILE) -t $(DESTDIR)/$(POLKIT_DIR)
-# Ideally, we would have a default config file instead of an empty one
+	# Ideally, we would have a default config file instead of an empty one
 	@if [ ! -f $(DESTDIR)/etc/$(DAEMON_BINARY)/$(DAEMON_BINARY)rc ]; then \
 		touch ./$(DAEMON_BINARY)rc; \
 		install -Dm 644 ./$(DAEMON_BINARY)rc -t $(DESTDIR)/etc/$(DAEMON_BINARY); \
@@ -38,7 +34,6 @@ uninstall:
 	@$(RM) -f /usr/share/man/**/swhks.*
 	@$(RM) $(TARGET_DIR)/$(SERVER_BINARY)
 	@$(RM) $(TARGET_DIR)/$(DAEMON_BINARY)
-	@$(RM) $(POLKIT_DIR)/$(POLKIT_POLICY_FILE)
 
 check:
 	@cargo fmt
@@ -57,7 +52,6 @@ clean:
 	@cargo clean
 	@$(RM) -f ./docs/*.gz
 	@$(RM) -f $(DAEMON_BINARY)rc
-	@$(RM) -f $(POLKIT_POLICY_FILE)
 
 setup:
 	@rustup install stable

README.md

@@ -34,7 +34,7 @@ Xorg or Wayland desktops, and you can even use `swhkd` in a TTY.
 
 ```bash
 swhks &
-pkexec swhkd
+swhkd
 ```
 
 ## Runtime signals
@@ -50,9 +50,7 @@ After opening `swhkd`, you can control the program through signals:
 `swhkd` closely follows `sxhkd` syntax, so most existing `sxhkd` configs should
 be functional with `swhkd`.
 
-The default configuration file is in `/etc/swhkd/swhkdrc`. If you don't like
-having to edit the file as root every single time, you can create a symlink from
-`~/.config/swhkd/swhkdrc` to `/etc/swhkd/swhkdrc`.
+The default configuration file is in `~/.config/swhkd/swhkdrc` with a fallback to `etc/swhkd/swhkdrc`.
 
 If you use Vim, you can get `swhkd` config syntax highlighting with the
 [swhkd-vim](https://github.com/waycrate/swhkd-vim) plugin. Install it in
@@ -75,13 +73,13 @@ All supported key and modifier names are listed in `man 5 swhkd-keys`.
 ## Security
 
 We use a server-client model to keep you safe. The daemon (`swhkd` — privileged
-process) communicates to the server (`swhks` — running as non-root user) after
-checking for valid keybindings. Since the daemon is totally separate from the
-server, no other process can read your keystrokes. As for shell commands, you
-might be thinking that any program can send shell commands to the server and
-that's true! But the server runs the commands as the currently logged-in user,
-so no extra permissions are provided (This is essentially the same as any app on
-your desktop calling shell commands).
+process) is responsible for listening to key events and running shell commands.
+The server (`swhks` — non-privileged process) is responsible for keeping a track of the
+environment variables and sending them to the daemon. The daemon
+uses these environment variables while running the shell commands.
+The daemon only runs shell commands that have been parsed from the config file and there is no way to
+run arbitrary shell commands. The server is responsible for only sending the environment variables to the daemon and nothing else.
+This seperation of responsibilities ensures security.
 
 So yes, you're safe!
 

docs/swhkd.1.scd

@@ -6,18 +6,11 @@ swhkd - Hotkey daemon inspired by sxhkd written in Rust
 
 # SYNOPSIS
 
-*pkexec swhkd* [_flags_]
+*swhkd* [_flags_]
 
 # CONFIG FILE
 
-The config file goes in */etc/swhkd/swhkdrc*. Since swhkd is written with a pkexec privilege escalation model in mind, we can't detect
-*$XDG_CONFIG_HOME*.
-
-This can be avoided as such:
-	- Using the *include* statement in your config file.
-	- Using the *-c* flag to mention a custom config file at runtime.
-	- Symlinking the config file from *~/.config/swhkd/swhkdrc* or any other directory of choice to */etc/swhkd/swhkdrc*.
-
+The config file goes in *~/.config/swhkd/swhkdrc* with a fallback to */etc/swhkd/swhkdrc*.
 More about the config file syntax in `swhkd(5)`
 
 # OPTIONS

docs/swhkd.5.scd

@@ -6,7 +6,8 @@ swhkd	- Hotkey daemon inspired by sxhkd written in Rust
 
 # CONFIG FILE
 
-	- A global config can be defined in */etc/swhkd/swhkdrc*. Swhkd attempts to look in your *$XDG_CONFIG_HOME*, failing which it defaults to *~/.config*.
+	- A global config can be defined in *~/.config/swhkd/swhkdrc*, with a
+	fallback to  */etc/swhkd/swhkdrc*. Swhkd attempts to look in your *$XDG_CONFIG_HOME*, failing which it defaults to *~/.config*.
 	- A local config overrides the global one. Local configs should be placed in the root of the project.
 
 # SYNTAX

docs/swhks.1.scd

@@ -16,12 +16,6 @@ swhks - Server for swhkd, used to run user level commands over IPC.
 *-V*, *--version*
 	Print version information.
 
-*-l*, *--log* <LOG_FILE_PATH>
-	Set a log file path.
-	If *XDG_DATA_HOME* exists then we use *swhks/swhks-current_time.log* relative to
-	it, else we use *.local/share/swhks/swhks-current_time.log* relative to the
-	user home directory.
-
 *-d*, *--debug*
 	Enable debug mode.