Mark DRM lease protocol privileged

Allowing sandboxed clients to request DRM leases has security implications.
author: Simon Ser <contact@emersion.fr> 2024-01-04 15:01:26 +0100
committer: Simon Zeni <simon@bl4ckb0ne.ca> 2024-01-08 11:17:26 -0500
commit: c5fd8c050f7ddbfe3e5b7abc8f5f6ace3a3c5307 (patch)
tree: d7bc7f4832903cf5bbede58a418f5f2c8bea61f3
parent: Drop wl_drm (diff)
download: sway-c5fd8c050f7ddbfe3e5b7abc8f5f6ace3a3c5307.tar.gz
sway-c5fd8c050f7ddbfe3e5b7abc8f5f6ace3a3c5307.tar.zst
sway-c5fd8c050f7ddbfe3e5b7abc8f5f6ace3a3c5307.zip
1 files changed, 11 insertions, 0 deletions
diff --git a/sway/server.c b/sway/server.c
index e34ea2ff..4bef4588 100644
--- a/sway/server.c
+++ b/sway/server.c
@@ -77,6 +77,17 @@ static void handle_drm_lease_request(struct wl_listener *listener, void *data) {
 #endif
 static bool is_privileged(const struct wl_global *global) {
+#if WLR_HAS_DRM_BACKEND
+        if (server.drm_lease_manager != NULL) {
+                struct wlr_drm_lease_device_v1 *drm_lease_dev;
+                wl_list_for_each(drm_lease_dev, &server.drm_lease_manager->devices, link) {
+                        if (drm_lease_dev->global == global) {
+                                return true;
+                        }
+                }
+        }
+#endif
        return
                global == server.output_manager_v1->global ||
                global == server.output_power_manager_v1->global ||
author	Simon Ser <contact@emersion.fr>	2024-01-04 15:01:26 +0100
committer	Simon Zeni <simon@bl4ckb0ne.ca>	2024-01-08 11:17:26 -0500
commit	c5fd8c050f7ddbfe3e5b7abc8f5f6ace3a3c5307 (patch)
tree	d7bc7f4832903cf5bbede58a418f5f2c8bea61f3
parent	Drop wl_drm (diff)
download	sway-c5fd8c050f7ddbfe3e5b7abc8f5f6ace3a3c5307.tar.gz sway-c5fd8c050f7ddbfe3e5b7abc8f5f6ace3a3c5307.tar.zst sway-c5fd8c050f7ddbfe3e5b7abc8f5f6ace3a3c5307.zip

diff --git a/sway/server.c b/sway/server.c index e34ea2ff..4bef4588 100644 --- a/sway/server.c +++ b/sway/server.c
@@ -77,6 +77,17 @@ static void handle_drm_lease_request(struct wl_listener listener, void data) {
77	#endif	77	#endif
78		78
79	static bool is_privileged(const struct wl_global *global) {	79	static bool is_privileged(const struct wl_global *global) {
		80	#if WLR_HAS_DRM_BACKEND
		81	if (server.drm_lease_manager != NULL) {
		82	struct wlr_drm_lease_device_v1 *drm_lease_dev;
		83	wl_list_for_each(drm_lease_dev, &server.drm_lease_manager->devices, link) {
		84	if (drm_lease_dev->global == global) {
		85	return true;
		86	}
		87	}
		88	}
		89	#endif
		90
80	return	91	return
81	global == server.output_manager_v1->global \|\|	92	global == server.output_manager_v1->global \|\|
82	global == server.output_power_manager_v1->global \|\|	93	global == server.output_power_manager_v1->global \|\|