Miroirs/pinnacle
1
0
Fork 0
mirror of https://github.com/pinnacle-comp/pinnacle.git synced 2024-12-27 21:58:18 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add security-context-v1

Browse source
This commit is contained in:
Leon Vack 2024-05-02 20:40:55 +02:00 committed by Ottatop
parent a6f98603d5
commit 80a926f719
3 changed files with 59 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
src/handlers.rs
View file

@ -3,14 +3,14 @@
mod xdg_shell; mod xdg_shell;
mod xwayland; mod xwayland;
use std::{mem, os::fd::OwnedFd, time::Duration}; use std::{mem, os::fd::OwnedFd, sync::Arc, time::Duration};
use smithay::{ use smithay::{
backend::renderer::utils::{self, with_renderer_surface_state}, backend::renderer::utils::{self, with_renderer_surface_state},
delegate_compositor, delegate_data_control, delegate_data_device, delegate_fractional_scale, delegate_compositor, delegate_data_control, delegate_data_device, delegate_fractional_scale,
delegate_layer_shell, delegate_output, delegate_pointer_constraints, delegate_presentation, delegate_layer_shell, delegate_output, delegate_pointer_constraints, delegate_presentation,
delegate_primary_selection, delegate_relative_pointer, delegate_seat, delegate_shm, delegate_primary_selection, delegate_relative_pointer, delegate_seat,
delegate_viewporter, delegate_security_context, delegate_shm, delegate_viewporter,
desktop::{ desktop::{
self, find_popup_root_surface, get_popup_toplevel_coords, layer_map_for_output, self, find_popup_root_surface, get_popup_toplevel_coords, layer_map_for_output,
utils::surface_primary_scanout_output, PopupKind, WindowSurfaceType, utils::surface_primary_scanout_output, PopupKind, WindowSurfaceType,
@ -43,6 +43,9 @@ use smithay::{
output::OutputHandler, output::OutputHandler,
pointer_constraints::{with_pointer_constraint, PointerConstraintsHandler}, pointer_constraints::{with_pointer_constraint, PointerConstraintsHandler},
seat::WaylandFocus, seat::WaylandFocus,
security_context::{
SecurityContext, SecurityContextHandler, SecurityContextListenerSource,
},
selection::{ selection::{
data_device::{ data_device::{
set_data_device_focus, ClientDndGrabHandler, DataDeviceHandler, DataDeviceState, set_data_device_focus, ClientDndGrabHandler, DataDeviceHandler, DataDeviceState,
@ -643,6 +646,31 @@ impl GammaControlHandler for State {
} }
delegate_gamma_control!(State); delegate_gamma_control!(State);
impl SecurityContextHandler for State {
fn context_created(&mut self, source: SecurityContextListenerSource, context: SecurityContext) {
self.pinnacle
.loop_handle
.insert_source(source, move |client, _, state| {
let client_state = Arc::new(ClientState {
is_restricted: true,
..Default::default()
});
if let Err(err) = state
.pinnacle
.display_handle
.insert_client(client, client_state)
{
warn!("Failed to insert a restricted client: {err}");
} else {
trace!("Inserted a restricted client, context={context:?}");
}
})
.expect("Failed to insert security context listener source into event loop");
}
}
delegate_security_context!(State);
impl PointerConstraintsHandler for State { impl PointerConstraintsHandler for State {
fn new_constraint(&mut self, _surface: &WlSurface, pointer: &PointerHandle<Self>) { fn new_constraint(&mut self, _surface: &WlSurface, pointer: &PointerHandle<Self>) {
self.pinnacle self.pinnacle

33
src/state.rs
View file

@ -20,7 +20,7 @@ use smithay::{
wayland_server::{ wayland_server::{
backend::{ClientData, ClientId, DisconnectReason}, backend::{ClientData, ClientId, DisconnectReason},
protocol::wl_surface::WlSurface, protocol::wl_surface::WlSurface,
Display, DisplayHandle, Client, Display, DisplayHandle,
}, },
}, },
utils::{Clock, Monotonic}, utils::{Clock, Monotonic},
@ -31,6 +31,7 @@ use smithay::{
output::OutputManagerState, output::OutputManagerState,
pointer_constraints::PointerConstraintsState, pointer_constraints::PointerConstraintsState,
relative_pointer::RelativePointerManagerState, relative_pointer::RelativePointerManagerState,
security_context::SecurityContextState,
selection::{ selection::{
data_device::DataDeviceState, primary_selection::PrimarySelectionState, data_device::DataDeviceState, primary_selection::PrimarySelectionState,
wlr_data_control::DataControlState, wlr_data_control::DataControlState,
@ -40,7 +41,7 @@ use smithay::{
socket::ListeningSocketSource, socket::ListeningSocketSource,
viewporter::ViewporterState, viewporter::ViewporterState,
}, },
xwayland::X11Wm, xwayland::{X11Wm, XWaylandClientData},
}; };
use std::{cell::RefCell, path::PathBuf, sync::Arc}; use std::{cell::RefCell, path::PathBuf, sync::Arc};
use sysinfo::{ProcessRefreshKind, RefreshKind}; use sysinfo::{ProcessRefreshKind, RefreshKind};
@ -81,6 +82,7 @@ pub struct Pinnacle {
pub data_control_state: DataControlState, pub data_control_state: DataControlState,
pub screencopy_manager_state: ScreencopyManagerState, pub screencopy_manager_state: ScreencopyManagerState,
pub gamma_control_manager_state: GammaControlManagerState, pub gamma_control_manager_state: GammaControlManagerState,
pub security_context_state: SecurityContextState,
pub relative_pointer_manager_state: RelativePointerManagerState, pub relative_pointer_manager_state: RelativePointerManagerState,
pub pointer_constraints_state: PointerConstraintsState, pub pointer_constraints_state: PointerConstraintsState,
@ -189,7 +191,7 @@ impl State {
let data_control_state = DataControlState::new::<Self, _>( let data_control_state = DataControlState::new::<Self, _>(
&display_handle, &display_handle,
Some(&primary_selection_state), Some(&primary_selection_state),
|_| true, Self::is_client_restricted,
); );
let state = Self { let state = Self {
@ -215,15 +217,22 @@ impl State {
&display_handle, &display_handle,
), ),
primary_selection_state, primary_selection_state,
layer_shell_state: WlrLayerShellState::new::<Self>(&display_handle), layer_shell_state: WlrLayerShellState::new_with_filter::<Self, _>(
&display_handle,
Self::is_client_restricted,
),
data_control_state, data_control_state,
screencopy_manager_state: ScreencopyManagerState::new::<Self, _>( screencopy_manager_state: ScreencopyManagerState::new::<Self, _>(
&display_handle, &display_handle,
|_| true, Self::is_client_restricted,
), ),
gamma_control_manager_state: GammaControlManagerState::new::<Self, _>( gamma_control_manager_state: GammaControlManagerState::new::<Self, _>(
&display_handle, &display_handle,
|_| true, Self::is_client_restricted,
),
security_context_state: SecurityContextState::new::<Self, _>(
&display_handle,
Self::is_client_restricted,
), ),
relative_pointer_manager_state: RelativePointerManagerState::new::<Self>( relative_pointer_manager_state: RelativePointerManagerState::new::<Self>(
&display_handle, &display_handle,
@ -266,6 +275,16 @@ impl State {
Ok(state) Ok(state)
} }
fn is_client_restricted(client: &Client) -> bool {
if let Some(state) = client.get_data::<ClientState>() {
return state.is_restricted;
}
if client.get_data::<XWaylandClientData>().is_some() {
return false;
}
panic!("Unknown client data type");
}
} }
impl Pinnacle { impl Pinnacle {
@ -303,6 +322,8 @@ impl Pinnacle {
#[derive(Default)] #[derive(Default)]
pub struct ClientState { pub struct ClientState {
pub compositor_state: CompositorClientState, pub compositor_state: CompositorClientState,
/// True, if the client may NOT access restricted protocols
pub is_restricted: bool,
} }
impl ClientData for ClientState { impl ClientData for ClientState {

1
wlcs_pinnacle/src/lib.rs
View file

@ -124,6 +124,7 @@ static SUPPORTED_EXTENSIONS: &[WlcsExtensionDescriptor] = extension_list!(
("xdg_shell", 6), ("xdg_shell", 6),
("linux-dmabuf-v1", 5), ("linux-dmabuf-v1", 5),
("xdg_shell", 6), ("xdg_shell", 6),
("security-context", 1),
); );
static DESCRIPTOR: WlcsIntegrationDescriptor = WlcsIntegrationDescriptor { static DESCRIPTOR: WlcsIntegrationDescriptor = WlcsIntegrationDescriptor {