[RFC weston] make client isolation optional

Tue, 03 Dec 2013 16:17:31 -0800 

This patch allows wayland clients to use protocols which give away information 
about other clients without being started by the compositor. The reason to 
denie access on those protocols is to make sure no information about the 
clients is leaked to other clients (=security). I think that we don't need to 
enforce this on the most systems because without complete isolation of all 
processes it's possible to get the information even without using the 
compositor. In all other cases you can simply turn it on again.
---
 man/weston.ini.man  | 3 +++
 src/screenshooter.c | 8 +++++++-
 weston.ini.in       | 1 +
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/man/weston.ini.man b/man/weston.ini.man
index cc88ca8..6d41653 100644
--- a/man/weston.ini.man
+++ b/man/weston.ini.man
@@ -128,6 +128,9 @@ sets the GBM format used for the framebuffer for the GBM 
backend. Can be
 .B xrgb2101010,
 .B rgb565.
 By default, xrgb8888 is used.
+.TP 7
+.BI "client-isolation="false
+completely isolate clients (boolean).
 .RS
 .PP
 
diff --git a/src/screenshooter.c b/src/screenshooter.c
index 0c657bc..fa3dbb8 100644
--- a/src/screenshooter.c
+++ b/src/screenshooter.c
@@ -224,11 +224,17 @@ bind_shooter(struct wl_client *client,
 {
        struct screenshooter *shooter = data;
        struct wl_resource *resource;
+       struct weston_config_section *section;
+       int client_isolation;
 
        resource = wl_resource_create(client,
                                      &screenshooter_interface, 1, id);
 
-       if (client != shooter->client) {
+       section = weston_config_get_section(shooter->ec->config, "core", NULL, 
NULL);
+       weston_config_section_get_bool(section,
+                               "client-isolation", &client_isolation, 0);
+
+       if (client_isolation && client != shooter->client) {
                wl_resource_post_error(resource, 
WL_DISPLAY_ERROR_INVALID_OBJECT,
                                       "screenshooter failed: permission 
denied");
                wl_resource_destroy(resource);
diff --git a/weston.ini.in b/weston.ini.in
index 5181a9e..1261788 100644
--- a/weston.ini.in
+++ b/weston.ini.in
@@ -2,6 +2,7 @@
 #modules=xwayland.so,cms-colord.so
 #shell=desktop-shell.so
 #gbm-format=xrgb2101010
+#client-isolation=true
 
 [shell]
 background-image=/usr/share/backgrounds/gnome/Aqua.jpg
-- 
1.8.4.2

_______________________________________________
wayland-devel mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/wayland-devel

Reply via email to