brl/mutter
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
d6b5f89a1c
mutter/src/wayland
History
Sergio Costas f894f5cc13 wayland: Add API to launch trusted clients 
Allowing code from inside mutter to create a child process and
delegate on it some of its tasks is something very useful. This can
be done easily with the g_subprocess and g_subprocess_launcher classes
already available in GLib and GObject.

Unfortunately, although the child process can be a graphical program,
currently it is not possible for the inner code to identify the
windows created by the child in a secure manner (this is: being able
to ensure that a malicious program won't be able to trick the inner
code into thinking it is a child process launched by it).

Under X11 this is not a problem because any program has full control
over their windows, but under Wayland it is a different story: a
program can't neither force their window to be kept at the top (like a
docker program does) or at the bottom (like a program for desktop icons
does), nor hide it from the list of windows. This means that it is not
possible for a "classic", non-priviledged program, to fulfill these
tasks, and it can be done only from code inside mutter (like a
gnome-shell extension).

This is a non desirable situation, because an extension runs in the
same main loop than the whole desktop itself, which means that a
complex extension can need to do too much work inside the main loop,
and freeze the whole desktop for too much time. Also, it is important
to note that javascript doesn't have access to fork(), or threads,
which means that, at most, all the parallel computing that can do is
those available in the _async calls in GLib/GObject.

Also, having to create an extension for any priviledged graphical
element is an stopper for a lot of programmers who already know
GTK+ but doesn't know Clutter.

This patch wants to offer a solution to this problem, by offering a
new class that allows to launch a trusted child process from inside
mutter, and make it to use an specific UNIX socket to communicate
with the compositor. It also allows to check whether an specific
MetaWindow was created by one of this trusted child processes or not.

This allows to create extensions that launch a child process, and
when that process creates a window, the extension can confirm in a
secure way that the window really belongs to that process
launched by it, so it can give to that window "superpowers" like
being kept at the bottom of the desktop, not being listed in the
list of windows or shown in the Activities panel... Also, in future
versions, it could easily implement protocol extensions that only
could be used by these trusted child processes.

Several examples of the usefulness of this are that, with it, it
is possible to write programs that implements:

- desktop icons
- a dock
- a top or bottom bar
...

all in a secure manner, avoiding insecure programs to do the same.
In fact, even if the same code is launched manually, it won't have
those privileges, only the specific process launched from inside
mutter.

Since this is only needed under Wayland, it won't work under X11.

Fixes https://gitlab.gnome.org/GNOME/mutter/issues/741
2020-08-04 08:42:29 +00:00
..
protocol wayland: Update gtk-shell protocol to v3 2019-01-26 18:07:03 +01:00
meta-cursor-sprite-wayland.c cursor-renderer/native: Fetch instead of pass wl_buffer when realizing 2018-06-15 19:09:53 +00:00
meta-cursor-sprite-wayland.h cursor-renderer/native: Fetch instead of pass wl_buffer when realizing 2018-06-15 19:09:53 +00:00
meta-pointer-confinement-wayland.c wayland: Don't access MetaWaylandSurface::window directly 2020-02-19 22:34:28 +00:00
meta-pointer-confinement-wayland.h Implement support for the wp_pointer_constraints protocol 2016-02-16 19:02:48 +08:00
meta-pointer-lock-wayland.c Add some gtk-doc comments. 2019-01-06 21:57:16 +01:00
meta-pointer-lock-wayland.h Implement support for the wp_pointer_constraints protocol 2016-02-16 19:02:48 +08:00
meta-selection-source-wayland-private.h wayland: Move MetaWaylandDataSourcePrimary to its own file 2020-04-17 00:46:23 +02:00
meta-selection-source-wayland.c wayland: Simplify MetaSelectionSourceWayland 2019-10-11 23:04:01 +02:00
meta-wayland-actor-surface.c wayland: Drive frame callbacks from stage updates 2020-05-26 16:46:57 +02:00
meta-wayland-actor-surface.h wayland: Drive frame callbacks from stage updates 2020-05-26 16:46:57 +02:00
meta-wayland-buffer.c wayland: Add API to acquire a CoglScanout from a surface 2020-04-16 15:05:52 +02:00
meta-wayland-buffer.h wayland: Add API to acquire a CoglScanout from a surface 2020-04-16 15:05:52 +02:00
meta-wayland-client.c wayland: Add API to launch trusted clients 2020-08-04 08:42:29 +00:00
meta-wayland-cursor-surface.c wayland: Drive frame callbacks from stage updates 2020-05-26 16:46:57 +02:00
meta-wayland-cursor-surface.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-data-device-primary-legacy.c wayland: Rename gtk primary protocol files to "legacy" 2020-05-13 18:18:14 +02:00
meta-wayland-data-device-primary-legacy.h wayland: Rename gtk primary protocol files to "legacy" 2020-05-13 18:18:14 +02:00
meta-wayland-data-device-primary.c wayland: Add support for wayland-protocols primary selection protocol 2020-05-13 18:27:46 +02:00
meta-wayland-data-device-primary.h wayland: Add support for wayland-protocols primary selection protocol 2020-05-13 18:27:46 +02:00
meta-wayland-data-device.c wayland/data-device: Don't create and leak unused memory on dnd 2020-06-08 12:11:11 +00:00
meta-wayland-data-device.h wayland: Send clipboard offers to all data devices from the same client 2020-05-13 14:44:55 +00:00
meta-wayland-data-offer-primary-legacy.c wayland: Free selection streams streams after transfer 2020-06-08 12:11:11 +00:00
meta-wayland-data-offer-primary-legacy.h wayland: Rename gtk primary protocol files to "legacy" 2020-05-13 18:18:14 +02:00
meta-wayland-data-offer-primary.c wayland: Free selection streams streams after transfer 2020-06-08 12:11:11 +00:00
meta-wayland-data-offer-primary.h wayland: Add support for wayland-protocols primary selection protocol 2020-05-13 18:27:46 +02:00
meta-wayland-data-offer.c wayland: Free selection streams streams after transfer 2020-06-08 12:11:11 +00:00
meta-wayland-data-offer.h wayland: Move primary data offers to their own file 2020-04-17 00:46:23 +02:00
meta-wayland-data-source-primary-legacy.c wayland: Rename gtk primary protocol files to "legacy" 2020-05-13 18:18:14 +02:00
meta-wayland-data-source-primary-legacy.h wayland: Rename gtk primary protocol files to "legacy" 2020-05-13 18:18:14 +02:00
meta-wayland-data-source-primary.c wayland: Add support for wayland-protocols primary selection protocol 2020-05-13 18:27:46 +02:00
meta-wayland-data-source-primary.h wayland: Add support for wayland-protocols primary selection protocol 2020-05-13 18:27:46 +02:00
meta-wayland-data-source.c wayland: Split MetaWaylandDataSource into a separate file 2020-04-17 00:46:21 +02:00
meta-wayland-data-source.h wayland: Split MetaWaylandDataSource into a separate file 2020-04-17 00:46:21 +02:00
meta-wayland-dma-buf.c wayland/dma-buf: Make gbm_bo import function better named 2020-05-21 23:59:56 +00:00
meta-wayland-dma-buf.h wayland: Add API to acquire a CoglScanout from a surface 2020-04-16 15:05:52 +02:00
meta-wayland-dnd-surface.c wayland: Drive frame callbacks from stage updates 2020-05-26 16:46:57 +02:00
meta-wayland-dnd-surface.h wayland: Move DND surface role into its own file 2019-01-22 18:32:28 +01:00
meta-wayland-egl-stream.c wayland/egl-stream: Cache texture snippet 2020-01-10 16:01:21 +00:00
meta-wayland-egl-stream.h wayland/egl-stream: Cache texture snippet 2020-01-10 16:01:21 +00:00
meta-wayland-gtk-shell.c wayland: Don't access MetaWaylandSurface::window directly 2020-02-19 22:34:28 +00:00
meta-wayland-gtk-shell.h wayland: Add MetaWaylandGtkShell object 2018-11-27 15:34:13 +01:00
meta-wayland-inhibit-shortcuts-dialog.c cleanup: Use g_clear_signal_handler() where possible 2019-11-21 15:02:27 +00:00
meta-wayland-inhibit-shortcuts-dialog.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-inhibit-shortcuts.c cleanup: Use g_clear_signal_handler() where possible 2019-11-21 15:02:27 +00:00
meta-wayland-inhibit-shortcuts.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-input-device.c wayland/input-device: Add next serial helper 2016-10-11 22:51:50 +08:00
meta-wayland-input-device.h wayland/input-device: Add next serial helper 2016-10-11 22:51:50 +08:00
meta-wayland-keyboard.c wayland/keyboard: Fix anonymous file leak on repeated keymap changes 2020-06-11 07:23:18 +00:00
meta-wayland-keyboard.h wayland/keyboard: Use MetaAnonymousFile to share keymap files 2020-04-21 17:52:08 +02:00
meta-wayland-legacy-xdg-shell.c wayland/shell: Apply geometry after subsurface state application 2020-06-26 07:47:40 +00:00
meta-wayland-legacy-xdg-shell.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-outputs.c wayland/surface: Send enter event when a client binds to wl_output late 2020-05-11 18:06:58 +00:00
meta-wayland-outputs.h wayland: Advertise MetaMonitor as wl_output 2020-02-11 18:56:13 +00:00
meta-wayland-pointer-constraints.c wayland/pointer-constraints: Fix typo 2020-03-29 19:48:33 +01:00
meta-wayland-pointer-constraints.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-pointer-gesture-pinch.c Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-pointer-gesture-pinch.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-pointer-gesture-swipe.c Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-pointer-gesture-swipe.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-pointer-gestures.c Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-pointer-gestures.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-pointer.c clutter/input-device: Make clutter_input_device_get_actor() public 2020-06-16 10:09:26 +00:00
meta-wayland-pointer.h cleanup: Use g_clear_signal_handler() where possible 2019-11-21 15:02:27 +00:00
meta-wayland-popup.c wayland: Avoid popup grab focus changes if there's an implicit grab 2020-06-17 13:47:38 +00:00
meta-wayland-popup.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-private.h wayland: Drive frame callbacks from stage updates 2020-05-26 16:46:57 +02:00
meta-wayland-region.c Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-region.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-seat.c wayland: Add support for wayland-protocols primary selection protocol 2020-05-13 18:27:46 +02:00
meta-wayland-seat.h wayland: Add support for wayland-protocols primary selection protocol 2020-05-13 18:27:46 +02:00
meta-wayland-shell-surface.c wayland/surface: Put buffer reference on heap 2020-04-16 10:43:34 +02:00
meta-wayland-shell-surface.h wayland: Rework asynchronous window configuration 2019-12-09 10:09:40 +01:00
meta-wayland-subsurface.c wayland: Drive frame callbacks from stage updates 2020-05-26 16:46:57 +02:00
meta-wayland-subsurface.h wayland: Push actor state instead of itself pulling 2018-02-23 18:57:47 +08:00
meta-wayland-surface.c wayland/shell: Apply geometry after subsurface state application 2020-06-26 07:47:40 +00:00
meta-wayland-surface.h wayland/shell: Apply geometry after subsurface state application 2020-06-26 07:47:40 +00:00
meta-wayland-tablet-cursor-surface.c Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-tablet-cursor-surface.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-tablet-manager.c wayland: Replace ClutterDeviceManager usage in favor of ClutterSeat 2020-01-30 18:02:34 +01:00
meta-wayland-tablet-manager.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-tablet-pad-group.c clutter: Move evdev input to src/backends/native 2019-08-24 08:59:08 +00:00
meta-wayland-tablet-pad-group.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-tablet-pad-ring.c Pass -D_GNU_SOURCE instead of defining it in source 2018-11-06 17:17:36 +01:00
meta-wayland-tablet-pad-ring.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-tablet-pad-strip.c Pass -D_GNU_SOURCE instead of defining it in source 2018-11-06 17:17:36 +01:00
meta-wayland-tablet-pad-strip.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-tablet-pad.c wayland: use correct enum type for tablet pad 2019-11-05 13:07:47 +00:00
meta-wayland-tablet-pad.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-tablet-seat.c wayland: Replace ClutterDeviceManager usage in favor of ClutterSeat 2020-01-30 18:02:34 +01:00
meta-wayland-tablet-seat.h wayland: Replace ClutterDeviceManager usage in favor of ClutterSeat 2020-01-30 18:02:34 +01:00
meta-wayland-tablet-tool.c cursor-renderer: Pass backend to constructor 2020-06-05 21:39:27 +00:00
meta-wayland-tablet-tool.h cleanup: Use g_clear_signal_handler() where possible 2019-11-21 15:02:27 +00:00
meta-wayland-tablet.c Pass -D_GNU_SOURCE instead of defining it in source 2018-11-06 17:17:36 +01:00
meta-wayland-tablet.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-text-input-legacy.c wayland: Translate delete-surrounding properly to protocols 2020-03-29 11:37:27 +00:00
meta-wayland-text-input-legacy.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-text-input.c wayland: Translate delete-surrounding properly to protocols 2020-03-29 11:37:27 +00:00
meta-wayland-text-input.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-touch.c wayland: Replace ClutterDeviceManager usage in favor of ClutterSeat 2020-01-30 18:02:34 +01:00
meta-wayland-touch.h wayland: Replace ClutterDeviceManager usage in favor of ClutterSeat 2020-01-30 18:02:34 +01:00
meta-wayland-types.h wayland: Add support for wayland-protocols primary selection protocol 2020-05-13 18:27:46 +02:00
meta-wayland-versions.h wayland/xdg-shell: Add support for explicit popup repositioning 2020-02-29 21:01:50 +00:00
meta-wayland-viewporter.c wayland/surface: Rename MetaWaylandPendingState to MetaWaylandSurfaceState 2019-12-09 10:09:40 +01:00
meta-wayland-viewporter.h wayland/surface: Add support for wp_viewporter 2019-02-06 12:24:03 +00:00
meta-wayland-window-configuration.c wayland/window-configuration: Track resize flags and gravity too 2020-02-29 21:01:50 +00:00
meta-wayland-window-configuration.h wayland/window-configuration: Track resize flags and gravity too 2020-02-29 21:01:50 +00:00
meta-wayland-wl-shell.c wayland: Drive frame callbacks from stage updates 2020-05-26 16:46:57 +02:00
meta-wayland-wl-shell.h wayland: Restructure surface role building blocks code 2018-02-23 18:57:40 +08:00
meta-wayland-xdg-foreign.c wayland: Don't access MetaWaylandSurface::window directly 2020-02-19 22:34:28 +00:00
meta-wayland-xdg-foreign.h wayland: Add support for the xdg-foreign protocol 2016-08-22 21:03:41 +08:00
meta-wayland-xdg-shell.c wayland/xdg-shell: Don't use xdg_surface private to get window geometry 2020-06-26 07:47:41 +00:00
meta-wayland-xdg-shell.h wayland: Add support for stable xdg-shell 2018-02-23 18:57:53 +08:00
meta-wayland.c wayland: Respond to frame callbacks also if a clone was painted 2020-07-02 19:36:51 +02:00
meta-wayland.h wayland: Drive frame callbacks from stage updates 2020-05-26 16:46:57 +02:00
meta-window-wayland.c window: Use pid_t for get_client_pid() vfunc 2020-05-21 23:10:23 +00:00
meta-window-wayland.h wayland/xdg-shell: Add support for explicit popup repositioning 2020-02-29 21:01:50 +00:00
meta-window-xwayland.c window/x11: Add always_update_shape() vfunc 2020-01-16 09:22:25 +01:00
meta-window-xwayland.h xwayland: Add MetaWindowXwayland 2017-12-18 13:15:09 +01:00
meta-xwayland-dnd-private.h wayland: Reduce MetaXWaylandSelection to just DnD 2019-05-02 16:31:45 +02:00
meta-xwayland-dnd.c wayland: Free selection streams streams after transfer 2020-06-08 12:11:11 +00:00
meta-xwayland-grab-keyboard.c cleanup: remove controversial naming 2020-08-04 10:04:16 +02:00
meta-xwayland-grab-keyboard.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-xwayland-private.h xwayland: Do not block on Xwayland initialization 2020-02-28 20:20:35 +00:00
meta-xwayland-surface.c wayland/surface: Put buffer reference on heap 2020-04-16 10:43:34 +02:00
meta-xwayland-surface.h xwayland: Move out surface role related logic 2020-02-19 22:34:28 +00:00
meta-xwayland.c window: Use client PID for meta_window_get_pid() 2020-05-21 23:10:23 +00:00
meta-xwayland.h meta: Hide libmutter symbols by default and selectively export them 2019-01-23 14:18:13 +01:00