From 1bea97d42a87125d04a94781a203f0704f9dd958 Mon Sep 17 00:00:00 2001
From: Ian Douglas Scott <idscott@system76.com>
Date: Mon, 27 Oct 2025 15:20:11 -0700
Subject: [PATCH] Don't check for `privileged` for creator of security context

This is redundant since unprivileged clients can't create security
contexts.

If we expose this protocol, trust `sandbox_engine`, etc. to be correct.
---
 src/wayland/handlers/security_context.rs | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/src/wayland/handlers/security_context.rs b/src/wayland/handlers/security_context.rs
index 550bd457..19eb3f2e 100644
--- a/src/wayland/handlers/security_context.rs
+++ b/src/wayland/handlers/security_context.rs
@@ -26,12 +26,6 @@ impl SecurityContextHandler for State {
                     .get_client_data(security_context.creator_client_id.clone())
                     .ok();
 
-                let privileged = client_data
-                    .as_ref()
-                    .and_then(|data| data.downcast_ref::<ClientState>())
-                    .map(|data| data.privileged)
-                    .unwrap_or(false);
-
                 let new_state = state.new_client_state();
 
                 let drm_node = client_data
@@ -50,9 +44,8 @@ impl SecurityContextHandler for State {
                     client_stream,
                     Arc::new(ClientState {
                         security_context: Some(security_context.clone()),
-                        privileged: privileged
-                            && security_context.sandbox_engine.as_deref()
-                                == Some("com.system76.CosmicPanel"),
+                        privileged: security_context.sandbox_engine.as_deref()
+                            == Some("com.system76.CosmicPanel"),
                         advertised_drm_node: drm_node,
                         ..new_state
                     }),