leyoda/cosmic-comp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

wayland: Add (currently optional) privileged filtering

Browse source
This commit is contained in:
Victoria Brekenfeld 2023-11-06 18:40:52 +01:00
parent f0d5ac1c8d
commit 957615442b
2 changed files with 36 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

22
src/shell/mod.rs
View file

@ -36,7 +36,7 @@ use smithay::{
use crate::{ use crate::{
config::{Config, KeyModifiers, KeyPattern}, config::{Config, KeyModifiers, KeyPattern},
state::client_has_security_context, state::client_should_see_privileged_protocols,
utils::prelude::*, utils::prelude::*,
wayland::protocols::{ wayland::protocols::{
toplevel_info::ToplevelInfoState, toplevel_info::ToplevelInfoState,
@ -849,28 +849,22 @@ pub struct InvalidWorkspaceIndex;
impl Shell { impl Shell {
pub fn new(config: &Config, dh: &DisplayHandle) -> Self { pub fn new(config: &Config, dh: &DisplayHandle) -> Self {
// TODO: Privileged protocols let layer_shell_state = WlrLayerShellState::new_with_filter::<State, _>(
let layer_shell_state = WlrLayerShellState::new::<State>(dh);
let xdg_shell_state = XdgShellState::new::<State>(dh);
let toplevel_info_state = ToplevelInfoState::new(
dh, dh,
//|client| client.get_data::<ClientState>().map_or(false, |s| s.privileged), client_should_see_privileged_protocols,
client_has_security_context,
); );
let xdg_shell_state = XdgShellState::new::<State>(dh);
let toplevel_info_state =
ToplevelInfoState::new(dh, client_should_see_privileged_protocols);
let toplevel_management_state = ToplevelManagementState::new::<State, _>( let toplevel_management_state = ToplevelManagementState::new::<State, _>(
dh, dh,
vec![ vec![
ManagementCapabilities::Close, ManagementCapabilities::Close,
ManagementCapabilities::Activate, ManagementCapabilities::Activate,
], ],
//|client| client.get_data::<ClientState>().map_or(false, |s| s.privileged), client_should_see_privileged_protocols,
client_has_security_context,
);
let workspace_state = WorkspaceState::new(
dh,
//|client| client.get_data::<ClientState>().map_or(false, |s| s.privileged),
client_has_security_context,
); );
let workspace_state = WorkspaceState::new(dh, client_should_see_privileged_protocols);
let theme = cosmic::theme::system_preference(); let theme = cosmic::theme::system_preference();
Shell { Shell {

34
src/state.rs
View file

@ -279,12 +279,34 @@ impl BackendData {
} }
} }
pub fn client_has_security_context(client: &Client) -> bool { pub fn client_has_no_security_context(client: &Client) -> bool {
client client
.get_data::<ClientState>() .get_data::<ClientState>()
.map_or(true, |client_state| client_state.security_context.is_none()) .map_or(true, |client_state| client_state.security_context.is_none())
} }
pub fn client_is_privileged(client: &Client) -> bool {
client
.get_data::<ClientState>()
.map_or(false, |client_state| client_state.privileged)
}
pub fn client_should_see_privileged_protocols(client: &Client) -> bool {
if std::env::var("COSMIC_ENABLE_WAYLAND_SECURITY")
.map(|x| {
x == "1"
|| x.to_lowercase() == "true"
|| x.to_lowercase() == "yes"
|| x.to_lowercase() == "y"
})
.unwrap_or(false)
{
client_is_privileged(client)
} else {
client_has_no_security_context(client)
}
}
impl State { impl State {
pub fn new( pub fn new(
dh: &DisplayHandle, dh: &DisplayHandle,
@ -306,14 +328,14 @@ impl State {
let keyboard_shortcuts_inhibit_state = KeyboardShortcutsInhibitState::new::<Self>(dh); let keyboard_shortcuts_inhibit_state = KeyboardShortcutsInhibitState::new::<Self>(dh);
let output_state = OutputManagerState::new_with_xdg_output::<Self>(dh); let output_state = OutputManagerState::new_with_xdg_output::<Self>(dh);
let output_configuration_state = let output_configuration_state =
OutputConfigurationState::new(dh, client_has_security_context); OutputConfigurationState::new(dh, client_should_see_privileged_protocols);
let presentation_state = PresentationState::new::<Self>(dh, clock.id() as u32); let presentation_state = PresentationState::new::<Self>(dh, clock.id() as u32);
let primary_selection_state = PrimarySelectionState::new::<Self>(dh); let primary_selection_state = PrimarySelectionState::new::<Self>(dh);
let screencopy_state = ScreencopyState::new::<Self, _, _>( let screencopy_state = ScreencopyState::new::<Self, _, _>(
dh, dh,
vec![CursorMode::Embedded, CursorMode::Hidden], vec![CursorMode::Embedded, CursorMode::Hidden],
client_has_security_context, client_should_see_privileged_protocols,
); // TODO: privileged );
let shm_state = let shm_state =
ShmState::new::<Self>(dh, vec![wl_shm::Format::Xbgr8888, wl_shm::Format::Abgr8888]); ShmState::new::<Self>(dh, vec![wl_shm::Format::Xbgr8888, wl_shm::Format::Abgr8888]);
let seat_state = SeatState::<Self>::new(); let seat_state = SeatState::<Self>::new();
@ -322,11 +344,11 @@ impl State {
let kde_decoration_state = KdeDecorationState::new::<Self>(&dh, Mode::Client); let kde_decoration_state = KdeDecorationState::new::<Self>(&dh, Mode::Client);
let xdg_decoration_state = XdgDecorationState::new::<Self>(&dh); let xdg_decoration_state = XdgDecorationState::new::<Self>(&dh);
let session_lock_manager_state = let session_lock_manager_state =
SessionLockManagerState::new::<Self, _>(&dh, client_has_security_context); SessionLockManagerState::new::<Self, _>(&dh, client_should_see_privileged_protocols);
XWaylandKeyboardGrabState::new::<Self>(&dh); XWaylandKeyboardGrabState::new::<Self>(&dh);
PointerConstraintsState::new::<Self>(&dh); PointerConstraintsState::new::<Self>(&dh);
PointerGesturesState::new::<Self>(&dh); PointerGesturesState::new::<Self>(&dh);
SecurityContextState::new::<Self, _>(&dh, client_has_security_context); SecurityContextState::new::<Self, _>(&dh, client_has_no_security_context);
let shell = Shell::new(&config, dh); let shell = Shell::new(&config, dh);