diff options
author | Simon Ser <contact@emersion.fr> | 2023-06-22 17:06:10 +0200 |
---|---|---|
committer | Simon Ser <contact@emersion.fr> | 2023-07-04 17:22:47 +0200 |
commit | fd90e6180b1f56698d96fe2bcab1954af6766db7 (patch) | |
tree | 75e329e03c94d5e556b062cda58ad096b520739c | |
parent | Hide xwayland_shell_v1 from regular clients (diff) | |
download | sway-fd90e6180b1f56698d96fe2bcab1954af6766db7.tar.gz sway-fd90e6180b1f56698d96fe2bcab1954af6766db7.tar.zst sway-fd90e6180b1f56698d96fe2bcab1954af6766db7.zip |
Add support for security-context-v1security-context
As a first step, deny access to privileged protocols to sandboxed
apps.
References: https://gitlab.freedesktop.org/wlroots/wlroots/-/merge_requests/3589
-rw-r--r-- | include/sway/server.h | 4 | ||||
-rw-r--r-- | sway/server.c | 38 |
2 files changed, 38 insertions, 4 deletions
diff --git a/include/sway/server.h b/include/sway/server.h index 0e4ec2be..5d3a14a8 100644 --- a/include/sway/server.h +++ b/include/sway/server.h | |||
@@ -115,6 +115,10 @@ struct sway_server { | |||
115 | struct wlr_text_input_manager_v3 *text_input; | 115 | struct wlr_text_input_manager_v3 *text_input; |
116 | struct wlr_foreign_toplevel_manager_v1 *foreign_toplevel_manager; | 116 | struct wlr_foreign_toplevel_manager_v1 *foreign_toplevel_manager; |
117 | struct wlr_content_type_manager_v1 *content_type_manager_v1; | 117 | struct wlr_content_type_manager_v1 *content_type_manager_v1; |
118 | struct wlr_data_control_manager_v1 *data_control_manager_v1; | ||
119 | struct wlr_screencopy_manager_v1 *screencopy_manager_v1; | ||
120 | struct wlr_export_dmabuf_manager_v1 *export_dmabuf_manager_v1; | ||
121 | struct wlr_security_context_manager_v1 *security_context_manager_v1; | ||
118 | 122 | ||
119 | struct wlr_xdg_activation_v1 *xdg_activation_v1; | 123 | struct wlr_xdg_activation_v1 *xdg_activation_v1; |
120 | struct wl_listener xdg_activation_v1_request_activate; | 124 | struct wl_listener xdg_activation_v1_request_activate; |
diff --git a/sway/server.c b/sway/server.c index 1fa16fd1..bb693e93 100644 --- a/sway/server.c +++ b/sway/server.c | |||
@@ -24,8 +24,9 @@ | |||
24 | #include <wlr/types/wlr_primary_selection_v1.h> | 24 | #include <wlr/types/wlr_primary_selection_v1.h> |
25 | #include <wlr/types/wlr_relative_pointer_v1.h> | 25 | #include <wlr/types/wlr_relative_pointer_v1.h> |
26 | #include <wlr/types/wlr_screencopy_v1.h> | 26 | #include <wlr/types/wlr_screencopy_v1.h> |
27 | #include <wlr/types/wlr_single_pixel_buffer_v1.h> | 27 | #include <wlr/types/wlr_security_context_v1.h> |
28 | #include <wlr/types/wlr_server_decoration.h> | 28 | #include <wlr/types/wlr_server_decoration.h> |
29 | #include <wlr/types/wlr_single_pixel_buffer_v1.h> | ||
29 | #include <wlr/types/wlr_subcompositor.h> | 30 | #include <wlr/types/wlr_subcompositor.h> |
30 | #include <wlr/types/wlr_tablet_v2.h> | 31 | #include <wlr/types/wlr_tablet_v2.h> |
31 | #include <wlr/types/wlr_viewporter.h> | 32 | #include <wlr/types/wlr_viewporter.h> |
@@ -72,6 +73,25 @@ static void handle_drm_lease_request(struct wl_listener *listener, void *data) { | |||
72 | } | 73 | } |
73 | #endif | 74 | #endif |
74 | 75 | ||
76 | static bool is_privileged(const struct wl_global *global) { | ||
77 | return | ||
78 | global == server.output_manager_v1->global || | ||
79 | global == server.output_power_manager_v1->global || | ||
80 | global == server.input_method->global || | ||
81 | global == server.foreign_toplevel_manager->global || | ||
82 | global == server.data_control_manager_v1->global || | ||
83 | global == server.screencopy_manager_v1->global || | ||
84 | global == server.export_dmabuf_manager_v1->global || | ||
85 | global == server.security_context_manager_v1->global || | ||
86 | global == server.gamma_control_manager_v1->global || | ||
87 | global == server.layer_shell->global || | ||
88 | global == server.session_lock.manager->global || | ||
89 | global == server.input->inhibit->global || | ||
90 | global == server.input->keyboard_shortcuts_inhibit->global || | ||
91 | global == server.input->virtual_keyboard->global || | ||
92 | global == server.input->virtual_pointer->global; | ||
93 | } | ||
94 | |||
75 | static bool filter_global(const struct wl_client *client, | 95 | static bool filter_global(const struct wl_client *client, |
76 | const struct wl_global *global, void *data) { | 96 | const struct wl_global *global, void *data) { |
77 | #if HAVE_XWAYLAND | 97 | #if HAVE_XWAYLAND |
@@ -81,6 +101,15 @@ static bool filter_global(const struct wl_client *client, | |||
81 | } | 101 | } |
82 | #endif | 102 | #endif |
83 | 103 | ||
104 | // Restrict usage of privileged protocols to unsandboxed clients | ||
105 | // TODO: add a way for users to configure an allow-list | ||
106 | const struct wlr_security_context_v1_state *security_context = | ||
107 | wlr_security_context_manager_v1_lookup_client( | ||
108 | server.security_context_manager_v1, (struct wl_client *)client); | ||
109 | if (is_privileged(global)) { | ||
110 | return security_context == NULL; | ||
111 | } | ||
112 | |||
84 | return true; | 113 | return true; |
85 | } | 114 | } |
86 | 115 | ||
@@ -226,9 +255,10 @@ bool server_init(struct sway_server *server) { | |||
226 | } | 255 | } |
227 | #endif | 256 | #endif |
228 | 257 | ||
229 | wlr_export_dmabuf_manager_v1_create(server->wl_display); | 258 | server->export_dmabuf_manager_v1 = wlr_export_dmabuf_manager_v1_create(server->wl_display); |
230 | wlr_screencopy_manager_v1_create(server->wl_display); | 259 | server->screencopy_manager_v1 = wlr_screencopy_manager_v1_create(server->wl_display); |
231 | wlr_data_control_manager_v1_create(server->wl_display); | 260 | server->data_control_manager_v1 = wlr_data_control_manager_v1_create(server->wl_display); |
261 | server->security_context_manager_v1 = wlr_security_context_manager_v1_create(server->wl_display); | ||
232 | wlr_viewporter_create(server->wl_display); | 262 | wlr_viewporter_create(server->wl_display); |
233 | wlr_single_pixel_buffer_manager_v1_create(server->wl_display); | 263 | wlr_single_pixel_buffer_manager_v1_create(server->wl_display); |
234 | server->content_type_manager_v1 = | 264 | server->content_type_manager_v1 = |