Miroirs/pinnacle
1
0
Fork 0
mirror of https://github.com/pinnacle-comp/pinnacle.git synced 2024-12-26 21:58:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add security-context-v1

Browse source
This commit is contained in:
Leon Vack 2024-05-02 20:40:55 +02:00 committed by Ottatop
parent a6f98603d5
commit 80a926f719
3 changed files with 59 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
src/handlers.rs
View file

@ -3,14 +3,14 @@
mod xdg_shell;
mod xwayland;
use std::{mem, os::fd::OwnedFd, time::Duration};
use std::{mem, os::fd::OwnedFd, sync::Arc, time::Duration};
use smithay::{
backend::renderer::utils::{self, with_renderer_surface_state},
delegate_compositor, delegate_data_control, delegate_data_device, delegate_fractional_scale,
delegate_layer_shell, delegate_output, delegate_pointer_constraints, delegate_presentation,
delegate_primary_selection, delegate_relative_pointer, delegate_seat, delegate_shm,
delegate_viewporter,
delegate_primary_selection, delegate_relative_pointer, delegate_seat,
delegate_security_context, delegate_shm, delegate_viewporter,
desktop::{
self, find_popup_root_surface, get_popup_toplevel_coords, layer_map_for_output,
utils::surface_primary_scanout_output, PopupKind, WindowSurfaceType,
@ -43,6 +43,9 @@ use smithay::{
output::OutputHandler,
pointer_constraints::{with_pointer_constraint, PointerConstraintsHandler},
seat::WaylandFocus,
security_context::{
SecurityContext, SecurityContextHandler, SecurityContextListenerSource,
},
selection::{
data_device::{
set_data_device_focus, ClientDndGrabHandler, DataDeviceHandler, DataDeviceState,
@ -643,6 +646,31 @@ impl GammaControlHandler for State {
}
delegate_gamma_control!(State);
impl SecurityContextHandler for State {
fn context_created(&mut self, source: SecurityContextListenerSource, context: SecurityContext) {
self.pinnacle
.loop_handle
.insert_source(source, move |client, _, state| {
let client_state = Arc::new(ClientState {
is_restricted: true,
..Default::default()
});
if let Err(err) = state
.pinnacle
.display_handle
.insert_client(client, client_state)
{
warn!("Failed to insert a restricted client: {err}");
} else {
trace!("Inserted a restricted client, context={context:?}");
}
})
.expect("Failed to insert security context listener source into event loop");
}
}
delegate_security_context!(State);
impl PointerConstraintsHandler for State {
fn new_constraint(&mut self, _surface: &WlSurface, pointer: &PointerHandle<Self>) {
self.pinnacle

33
src/state.rs
View file

@ -20,7 +20,7 @@ use smithay::{
wayland_server::{
backend::{ClientData, ClientId, DisconnectReason},
protocol::wl_surface::WlSurface,
Display, DisplayHandle,
Client, Display, DisplayHandle,
},
},
utils::{Clock, Monotonic},
@ -31,6 +31,7 @@ use smithay::{
output::OutputManagerState,
pointer_constraints::PointerConstraintsState,
relative_pointer::RelativePointerManagerState,
security_context::SecurityContextState,
selection::{
data_device::DataDeviceState, primary_selection::PrimarySelectionState,
wlr_data_control::DataControlState,
@ -40,7 +41,7 @@ use smithay::{
socket::ListeningSocketSource,
viewporter::ViewporterState,
},
xwayland::X11Wm,
xwayland::{X11Wm, XWaylandClientData},
};
use std::{cell::RefCell, path::PathBuf, sync::Arc};
use sysinfo::{ProcessRefreshKind, RefreshKind};
@ -81,6 +82,7 @@ pub struct Pinnacle {
pub data_control_state: DataControlState,
pub screencopy_manager_state: ScreencopyManagerState,
pub gamma_control_manager_state: GammaControlManagerState,
pub security_context_state: SecurityContextState,
pub relative_pointer_manager_state: RelativePointerManagerState,
pub pointer_constraints_state: PointerConstraintsState,
@ -189,7 +191,7 @@ impl State {
let data_control_state = DataControlState::new::<Self, _>(
&display_handle,
Some(&primary_selection_state),
|_| true,
Self::is_client_restricted,
);
let state = Self {
@ -215,15 +217,22 @@ impl State {
&display_handle,
),
primary_selection_state,
layer_shell_state: WlrLayerShellState::new::<Self>(&display_handle),
layer_shell_state: WlrLayerShellState::new_with_filter::<Self, _>(
&display_handle,
Self::is_client_restricted,
),
data_control_state,
screencopy_manager_state: ScreencopyManagerState::new::<Self, _>(
&display_handle,
|_| true,
Self::is_client_restricted,
),
gamma_control_manager_state: GammaControlManagerState::new::<Self, _>(
&display_handle,
|_| true,
Self::is_client_restricted,
),
security_context_state: SecurityContextState::new::<Self, _>(
&display_handle,
Self::is_client_restricted,
),
relative_pointer_manager_state: RelativePointerManagerState::new::<Self>(
&display_handle,
@ -266,6 +275,16 @@ impl State {
Ok(state)
}
fn is_client_restricted(client: &Client) -> bool {
if let Some(state) = client.get_data::<ClientState>() {
return state.is_restricted;
}
if client.get_data::<XWaylandClientData>().is_some() {
return false;
}
panic!("Unknown client data type");
}
}
impl Pinnacle {
@ -303,6 +322,8 @@ impl Pinnacle {
#[derive(Default)]
pub struct ClientState {
pub compositor_state: CompositorClientState,
/// True, if the client may NOT access restricted protocols
pub is_restricted: bool,
}
impl ClientData for ClientState {

1
wlcs_pinnacle/src/lib.rs
View file

@ -124,6 +124,7 @@ static SUPPORTED_EXTENSIONS: &[WlcsExtensionDescriptor] = extension_list!(
("xdg_shell", 6),
("linux-dmabuf-v1", 5),
("xdg_shell", 6),
("security-context", 1),
);
static DESCRIPTOR: WlcsIntegrationDescriptor = WlcsIntegrationDescriptor {