From 80a926f7190c145b083c0cb0d98c53ab4b1f2277 Mon Sep 17 00:00:00 2001
From: Leon Vack <dev@lgcl.de>
Date: Thu, 2 May 2024 20:40:55 +0200
Subject: [PATCH] Add security-context-v1

---
 src/handlers.rs          | 34 +++++++++++++++++++++++++++++++---
 src/state.rs             | 33 +++++++++++++++++++++++++++------
 wlcs_pinnacle/src/lib.rs |  1 +
 3 files changed, 59 insertions(+), 9 deletions(-)

diff --git a/src/handlers.rs b/src/handlers.rs
index 60453a1..55e7ea9 100644
--- a/src/handlers.rs
+++ b/src/handlers.rs
@@ -3,14 +3,14 @@
 mod xdg_shell;
 mod xwayland;
 
-use std::{mem, os::fd::OwnedFd, time::Duration};
+use std::{mem, os::fd::OwnedFd, sync::Arc, time::Duration};
 
 use smithay::{
     backend::renderer::utils::{self, with_renderer_surface_state},
     delegate_compositor, delegate_data_control, delegate_data_device, delegate_fractional_scale,
     delegate_layer_shell, delegate_output, delegate_pointer_constraints, delegate_presentation,
-    delegate_primary_selection, delegate_relative_pointer, delegate_seat, delegate_shm,
-    delegate_viewporter,
+    delegate_primary_selection, delegate_relative_pointer, delegate_seat,
+    delegate_security_context, delegate_shm, delegate_viewporter,
     desktop::{
         self, find_popup_root_surface, get_popup_toplevel_coords, layer_map_for_output,
         utils::surface_primary_scanout_output, PopupKind, WindowSurfaceType,
@@ -43,6 +43,9 @@ use smithay::{
         output::OutputHandler,
         pointer_constraints::{with_pointer_constraint, PointerConstraintsHandler},
         seat::WaylandFocus,
+        security_context::{
+            SecurityContext, SecurityContextHandler, SecurityContextListenerSource,
+        },
         selection::{
             data_device::{
                 set_data_device_focus, ClientDndGrabHandler, DataDeviceHandler, DataDeviceState,
@@ -643,6 +646,31 @@ impl GammaControlHandler for State {
 }
 delegate_gamma_control!(State);
 
+impl SecurityContextHandler for State {
+    fn context_created(&mut self, source: SecurityContextListenerSource, context: SecurityContext) {
+        self.pinnacle
+            .loop_handle
+            .insert_source(source, move |client, _, state| {
+                let client_state = Arc::new(ClientState {
+                    is_restricted: true,
+                    ..Default::default()
+                });
+
+                if let Err(err) = state
+                    .pinnacle
+                    .display_handle
+                    .insert_client(client, client_state)
+                {
+                    warn!("Failed to insert a restricted client: {err}");
+                } else {
+                    trace!("Inserted a restricted client, context={context:?}");
+                }
+            })
+            .expect("Failed to insert security context listener source into event loop");
+    }
+}
+delegate_security_context!(State);
+
 impl PointerConstraintsHandler for State {
     fn new_constraint(&mut self, _surface: &WlSurface, pointer: &PointerHandle<Self>) {
         self.pinnacle
diff --git a/src/state.rs b/src/state.rs
index 1ff8a4b..7f5a65f 100644
--- a/src/state.rs
+++ b/src/state.rs
@@ -20,7 +20,7 @@ use smithay::{
         wayland_server::{
             backend::{ClientData, ClientId, DisconnectReason},
             protocol::wl_surface::WlSurface,
-            Display, DisplayHandle,
+            Client, Display, DisplayHandle,
         },
     },
     utils::{Clock, Monotonic},
@@ -31,6 +31,7 @@ use smithay::{
         output::OutputManagerState,
         pointer_constraints::PointerConstraintsState,
         relative_pointer::RelativePointerManagerState,
+        security_context::SecurityContextState,
         selection::{
             data_device::DataDeviceState, primary_selection::PrimarySelectionState,
             wlr_data_control::DataControlState,
@@ -40,7 +41,7 @@ use smithay::{
         socket::ListeningSocketSource,
         viewporter::ViewporterState,
     },
-    xwayland::X11Wm,
+    xwayland::{X11Wm, XWaylandClientData},
 };
 use std::{cell::RefCell, path::PathBuf, sync::Arc};
 use sysinfo::{ProcessRefreshKind, RefreshKind};
@@ -81,6 +82,7 @@ pub struct Pinnacle {
     pub data_control_state: DataControlState,
     pub screencopy_manager_state: ScreencopyManagerState,
     pub gamma_control_manager_state: GammaControlManagerState,
+    pub security_context_state: SecurityContextState,
     pub relative_pointer_manager_state: RelativePointerManagerState,
     pub pointer_constraints_state: PointerConstraintsState,
 
@@ -189,7 +191,7 @@ impl State {
         let data_control_state = DataControlState::new::<Self, _>(
             &display_handle,
             Some(&primary_selection_state),
-            |_| true,
+            Self::is_client_restricted,
         );
 
         let state = Self {
@@ -215,15 +217,22 @@ impl State {
                     &display_handle,
                 ),
                 primary_selection_state,
-                layer_shell_state: WlrLayerShellState::new::<Self>(&display_handle),
+                layer_shell_state: WlrLayerShellState::new_with_filter::<Self, _>(
+                    &display_handle,
+                    Self::is_client_restricted,
+                ),
                 data_control_state,
                 screencopy_manager_state: ScreencopyManagerState::new::<Self, _>(
                     &display_handle,
-                    |_| true,
+                    Self::is_client_restricted,
                 ),
                 gamma_control_manager_state: GammaControlManagerState::new::<Self, _>(
                     &display_handle,
-                    |_| true,
+                    Self::is_client_restricted,
+                ),
+                security_context_state: SecurityContextState::new::<Self, _>(
+                    &display_handle,
+                    Self::is_client_restricted,
                 ),
                 relative_pointer_manager_state: RelativePointerManagerState::new::<Self>(
                     &display_handle,
@@ -266,6 +275,16 @@ impl State {
 
         Ok(state)
     }
+
+    fn is_client_restricted(client: &Client) -> bool {
+        if let Some(state) = client.get_data::<ClientState>() {
+            return state.is_restricted;
+        }
+        if client.get_data::<XWaylandClientData>().is_some() {
+            return false;
+        }
+        panic!("Unknown client data type");
+    }
 }
 
 impl Pinnacle {
@@ -303,6 +322,8 @@ impl Pinnacle {
 #[derive(Default)]
 pub struct ClientState {
     pub compositor_state: CompositorClientState,
+    /// True, if the client may NOT access restricted protocols
+    pub is_restricted: bool,
 }
 
 impl ClientData for ClientState {
diff --git a/wlcs_pinnacle/src/lib.rs b/wlcs_pinnacle/src/lib.rs
index e509238..a983fbb 100644
--- a/wlcs_pinnacle/src/lib.rs
+++ b/wlcs_pinnacle/src/lib.rs
@@ -124,6 +124,7 @@ static SUPPORTED_EXTENSIONS: &[WlcsExtensionDescriptor] = extension_list!(
     ("xdg_shell", 6),
     ("linux-dmabuf-v1", 5),
     ("xdg_shell", 6),
+    ("security-context", 1),
 );
 
 static DESCRIPTOR: WlcsIntegrationDescriptor = WlcsIntegrationDescriptor {