Commit Graph

10 Commits

Author SHA1 Message Date
Florian Müllner
f481cbfa16 plugin: Drop version information
Mutter itself is versioned now, so passing the version information
to the plugin is redunant now: The version is already determined by
linking to a particular API version (gnome-shell) or by installing
to a versioned plugin path (external plugins).

https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/1473
2020-10-06 15:14:34 +02:00
Sergio Costas
f894f5cc13 wayland: Add API to launch trusted clients
Allowing code from inside mutter to create a child process and
delegate on it some of its tasks is something very useful. This can
be done easily with the g_subprocess and g_subprocess_launcher classes
already available in GLib and GObject.

Unfortunately, although the child process can be a graphical program,
currently it is not possible for the inner code to identify the
windows created by the child in a secure manner (this is: being able
to ensure that a malicious program won't be able to trick the inner
code into thinking it is a child process launched by it).

Under X11 this is not a problem because any program has full control
over their windows, but under Wayland it is a different story: a
program can't neither force their window to be kept at the top (like a
docker program does) or at the bottom (like a program for desktop icons
does), nor hide it from the list of windows. This means that it is not
possible for a "classic", non-priviledged program, to fulfill these
tasks, and it can be done only from code inside mutter (like a
gnome-shell extension).

This is a non desirable situation, because an extension runs in the
same main loop than the whole desktop itself, which means that a
complex extension can need to do too much work inside the main loop,
and freeze the whole desktop for too much time. Also, it is important
to note that javascript doesn't have access to fork(), or threads,
which means that, at most, all the parallel computing that can do is
those available in the _async calls in GLib/GObject.

Also, having to create an extension for any priviledged graphical
element is an stopper for a lot of programmers who already know
GTK+ but doesn't know Clutter.

This patch wants to offer a solution to this problem, by offering a
new class that allows to launch a trusted child process from inside
mutter, and make it to use an specific UNIX socket to communicate
with the compositor. It also allows to check whether an specific
MetaWindow was created by one of this trusted child processes or not.

This allows to create extensions that launch a child process, and
when that process creates a window, the extension can confirm in a
secure way that the window really belongs to that process
launched by it, so it can give to that window "superpowers" like
being kept at the bottom of the desktop, not being listed in the
list of windows or shown in the Activities panel... Also, in future
versions, it could easily implement protocol extensions that only
could be used by these trusted child processes.

Several examples of the usefulness of this are that, with it, it
is possible to write programs that implements:

- desktop icons
- a dock
- a top or bottom bar
...

all in a secure manner, avoiding insecure programs to do the same.
In fact, even if the same code is launched manually, it won't have
those privileges, only the specific process launched from inside
mutter.

Since this is only needed under Wayland, it won't work under X11.

Fixes https://gitlab.gnome.org/GNOME/mutter/issues/741
2020-08-04 08:42:29 +00:00
Georges Basile Stavracas Neto
a1b3d1a2a7 Introduce MetaBackgroundContent
MetaBackgroundContent is a ClutterContent implementation
that can render a background to any attached actor. Right
now, it preserves all the properties and the rendering
model of MetaBackgroundActor.

https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/1302
2020-06-09 17:07:02 -03:00
Jonas Ådahl
2e7d02f1ce later: Make MetaCompositor the owner of the MetaLaters state
Since the order of destruction during MetaDisplay tear down is a bit
unordered, there are pieces that try to destruct its compositing
dependent pieces (i.e. queued MetaLater callbacks) after MetaCompositor
has been cleaned up, meaning we need to put some slightly awkward NULL
checks to avoid crashing.

https://gitlab.gnome.org/GNOME/mutter/merge_requests/798
2020-04-16 15:05:52 +02:00
Carlos Garnacho
02c99524bf Make MetaSelection, MetaSelectionSource and MetaMemorySelectionSource public
This exposes the base so that we can reimplement StClipboard on top. Some
gtk-docs have been added for documentation and introspection purposes.

https://gitlab.gnome.org/GNOME/mutter/merge_requests/320
2019-05-02 16:31:45 +02:00
Florian Müllner
a1e325f749 build: Don't use absolute paths with subdir keyword
Meson 0.50.0 made passing an absolute path to install_headers()'
subdir keyword a fatal error. This means we have to track both
relative (to includedir) paths for header subdirs and absolute
paths for generated headers now :-(

https://gitlab.gnome.org/GNOME/mutter/merge_requests/492
2019-03-18 12:37:14 +00:00
Carlos Garnacho
f033d0e846 core: Add MetaLaunchContext
This is a GAppLaunchContext subclass meant to replace usage of
GdkAppLaunchContext in gnome-shell.

Launch contexts get created from the MetaStartupNotification as
they are closely related. The messaging underneath depends on
the availability of a X11 display, if there is one we go through
it (and libsn). If there is none, we still create startup sequences
manually for wayland clients.
2019-01-18 17:03:57 +00:00
Carlos Garnacho
12f8325cbc core: Add MetaSoundPlayer abstraction
This is a simple libcanberra abstraction object, so we are able
to play file/theme sounds without poking into GTK+/X11. Play
requests are delegated to a separate thread, so we don't block
UI on cards that are slow to wake up from power saving.
2019-01-08 16:14:17 +01:00
Carlos Garnacho
4d92979b43 core: Make MetaStartupSequence/Notification public
This will be preferred over SnStartupNotification, as exposed
through MetaDisplay.
2018-11-23 12:27:13 +00:00
Jonas Ådahl
ef85d1a643 Add meson build support
This commit adds meson build support to mutter. It takes a step away
from the three separate code bases with three different autotools setups
into a single meson build system. There are still places that can be
unified better, for example by removing various "config.h" style files
from cogl and clutter, centralizing debug C flags and other configurable
macros, and similar artifacts that are there only because they were once
separate code bases.

There are some differences between the autotools setup and the new
meson. Here are a few:

The meson setup doesn't generate wrapper scripts for various cogl and
clutter test cases. What these tests did was more or less generate a
tiny script that called an executable with a test name as the argument.
To run particular tests, just run the test executable with the name of
the test as the argument.

The meson setup doesn't install test files anymore. The autotools test
suite was designed towards working with installed tests, but it didn't
really still, and now with meson, it doesn't install anything at all,
but instead makes sure that everything runs with the uninstalled input
files, binaries and libraries when running the test suite. Installable
tests may come later.

Tests from cogl, clutter and mutter are run on 'meson test'. In
autotools, only cogl and clutter tests were run on 'make check'.
2018-11-06 18:51:44 +01:00