Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for security-context-v1 #7648

Merged
merged 1 commit into from Nov 21, 2023
Merged

Add support for security-context-v1 #7648

merged 1 commit into from Nov 21, 2023

Conversation

emersion
Copy link
Member

As a first step, deny access to privileged protocols to sandboxed
apps.

References: https://gitlab.freedesktop.org/wlroots/wlroots/-/merge_requests/3589
Depends on #7647

@danieldg
Copy link
Contributor

danieldg commented Jul 1, 2023

Additional privileged protocols to consider: input inhibit, shortcut inhibit, virtual keyboard and pointer.

server.input->inhibit->global
server.input->keyboard_shortcuts_inhibit->global
server.input->virtual_keyboard->global
server.input->virtual_pointer->global

WhyNotHugo
WhyNotHugo approved these changes Jul 4, 2023
View reviewed changes
Copy link
Contributor

@WhyNotHugo WhyNotHugo left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've created a little helper to create secure contexts via the command line and used it to test this branch along with wlroot's secure-context branch (to be honest, this procedure tested both the sway/wlroots changes as well as my own helper).

I created a secure context with way-secure --socket-path /tmp/test-socket and the exported WAYLAND_DISPLAY=/tmp/test-socket. The following steps all happened with this environment variable exported.

  • Running wayland-info does not list the zwlr_screencopy_manager_v1 privileged procotol (as expected).
  • Running foot on this environment also worked (again, as expected).
  • After closing the close_fd, clients could not longer connect to the socket: failed to create display: Connection refused (yet again, as expected).

@emersion
Copy link
Member Author

emersion commented Jul 4, 2023

Thanks!

@WhyNotHugo WhyNotHugo mentioned this pull request Jul 11, 2023
Open
@WhyNotHugo
Copy link
Contributor

Building with wlroots 2ef51ad5d50f8f258c96cba712918acc58554d88 and this branch (fd90e61) is currently failing:

[306/633] Compiling C object sway/sway.p/meson-generated_.._.._protocols_tablet-unstable-v2-protocol.c.o
ninja: job failed: cc -Isway/sway.p -Isway -I../sway -Iinclude -I../include -Isubprojects/wlroots/include -I../subprojects/wlroots/include -Iprotocols -I/usr/include/cairo -I/usr/include/freetype2 -I/usr/include/pixman-1 -I/usr/include/libpng16 -I/usr/include/libdrm -I/usr/include/json-c -I/usr/include/libevdev-1.0 -I/usr/include/pango-1.0 -I/usr/include/harfbuzz -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/blkid -I/usr/include/fribidi -I/usr/include/libmount -I/usr/include/elogind -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Wextra -Werror -std=c11 -O0 -g -DWLR_USE_UNSTABLE -Wno-unused-parameter -Wno-unused-result -Wno-missing-braces -Wno-format-zero-length -Wundef -Wvla '-DSYSCONFDIR="//usr/local/etc"' '-DSWAY_VERSION="1.9-dev-fd90e6180 (" __DATE__ ", branch '"'"'HEAD'"'"')"' -fmacro-prefix-map=../= -pthread -MD -MQ sway/sway.p/xdg_decoration.c.o -MF sway/sway.p/xdg_decoration.c.o.d -o sway/sway.p/xdg_decoration.c.o -c ../sway/xdg_decoration.c
../sway/xdg_decoration.c: In function 'handle_xdg_decoration':
../sway/xdg_decoration.c:56:62: error: 'struct wlr_xdg_toplevel_decoration_v1' has no member named 'surface'
   56 |         struct sway_xdg_shell_view *xdg_shell_view = wlr_deco->surface->data;
      |                                                              ^~
../sway/xdg_decoration.c: In function 'xdg_decoration_from_surface':
../sway/xdg_decoration.c:82:45: error: 'struct wlr_xdg_toplevel_decoration_v1' has no member named 'surface'
   82 |                 if (deco->wlr_xdg_decoration->surface->surface == surface) {
      |                                             ^~
ninja: job failed: cc -Isway/sway.p -Isway -I../sway -Iinclude -I../include -Isubprojects/wlroots/include -I../subprojects/wlroots/include -Iprotocols -I/usr/include/cairo -I/usr/include/freetype2 -I/usr/include/pixman-1 -I/usr/include/libpng16 -I/usr/include/libdrm -I/usr/include/json-c -I/usr/include/libevdev-1.0 -I/usr/include/pango-1.0 -I/usr/include/harfbuzz -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/blkid -I/usr/include/fribidi -I/usr/include/libmount -I/usr/include/elogind -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Wextra -Werror -std=c11 -O0 -g -DWLR_USE_UNSTABLE -Wno-unused-parameter -Wno-unused-result -Wno-missing-braces -Wno-format-zero-length -Wundef -Wvla '-DSYSCONFDIR="//usr/local/etc"' '-DSWAY_VERSION="1.9-dev-fd90e6180 (" __DATE__ ", branch '"'"'HEAD'"'"')"' -fmacro-prefix-map=../= -pthread -MD -MQ sway/sway.p/desktop_render.c.o -MF sway/sway.p/desktop_render.c.o.d -o sway/sway.p/desktop_render.c.o -c ../sway/desktop/render.c
../sway/desktop/render.c: In function 'render_surface_iterator':
../sway/desktop/render.c:153:9: error: implicit declaration of function 'wlr_presentation_surface_sampled_on_output'; did you mean 'wlr_presentation_surface_textured_on_output'? [-Werror=implicit-function-declaration]
  153 |         wlr_presentation_surface_sampled_on_output(server.presentation, surface,
      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |         wlr_presentation_surface_textured_on_output
cc1: all warnings being treated as errors
ninja: job failed: cc -Isway/sway.p -Isway -I../sway -Iinclude -I../include -Isubprojects/wlroots/include -I../subprojects/wlroots/include -Iprotocols -I/usr/include/cairo -I/usr/include/freetype2 -I/usr/include/pixman-1 -I/usr/include/libpng16 -I/usr/include/libdrm -I/usr/include/json-c -I/usr/include/libevdev-1.0 -I/usr/include/pango-1.0 -I/usr/include/harfbuzz -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/blkid -I/usr/include/fribidi -I/usr/include/libmount -I/usr/include/elogind -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Wextra -Werror -std=c11 -O0 -g -DWLR_USE_UNSTABLE -Wno-unused-parameter -Wno-unused-result -Wno-missing-braces -Wno-format-zero-length -Wundef -Wvla '-DSYSCONFDIR="//usr/local/etc"' '-DSWAY_VERSION="1.9-dev-fd90e6180 (" __DATE__ ", branch '"'"'HEAD'"'"')"' -fmacro-prefix-map=../= -pthread -MD -MQ sway/sway.p/desktop_output.c.o -MF sway/sway.p/desktop_output.c.o.d -o sway/sway.p/desktop_output.c.o -c ../sway/desktop/output.c
../sway/desktop/output.c: In function 'scan_out_fullscreen_view':
../sway/desktop/output.c:533:9: error: implicit declaration of function 'wlr_presentation_surface_sampled_on_output'; did you mean 'wlr_presentation_surface_textured_on_output'? [-Werror=implicit-function-declaration]
  533 |         wlr_presentation_surface_sampled_on_output(server.presentation, surface,
      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |         wlr_presentation_surface_textured_on_output
cc1: all warnings being treated as errors
ninja: subcommands failed

You need to apply this patch:

diff --git a/sway/desktop/output.c b/sway/desktop/output.c
index 476bfd252..11404ae1e 100644
--- a/sway/desktop/output.c
+++ b/sway/desktop/output.c
@@ -530,7 +530,7 @@ static bool scan_out_fullscreen_view(struct sway_output *output,
 		return false;
 	}
 
-	wlr_presentation_surface_sampled_on_output(server.presentation, surface,
+	wlr_presentation_surface_textured_on_output(server.presentation, surface,
 		wlr_output);
 
 	return wlr_output_commit_state(wlr_output, pending);
diff --git a/sway/desktop/render.c b/sway/desktop/render.c
index f08e2c6c4..c4c0004e7 100644
--- a/sway/desktop/render.c
+++ b/sway/desktop/render.c
@@ -150,7 +150,7 @@ static void render_surface_iterator(struct sway_output *output,
 	render_texture(data->ctx, texture,
 		&src_box, &dst_box, &clip_box, surface->current.transform, alpha);
 
-	wlr_presentation_surface_sampled_on_output(server.presentation, surface,
+	wlr_presentation_surface_textured_on_output(server.presentation, surface,
 		wlr_output);
 }

And cherry pick 363c579 (or just rebase onto master).

@WhyNotHugo
Copy link
Contributor

Actually, just rebasing onto master is enough.

@emersion
Add support for security-context-v1
550eb07 
As a first step, deny access to privileged protocols to sandboxed
apps.

References: https://gitlab.freedesktop.org/wlroots/wlroots/-/merge_requests/3589
@emersion emersion marked this pull request as ready for review November 21, 2023 14:07
@emersion emersion merged commit 072fa60 into master Nov 21, 2023
3 checks passed
@emersion emersion deleted the security-context branch November 21, 2023 14:12
agx added a commit to agx/phoc that referenced this pull request Jan 19, 2024
@agx
server: Don't expose globals of privileged protocols to untrusted cli…
bd6fb30 
…ents

Clients that have a security-context-v1 attached shouldn't see those
globals so filter them out.

This is inspired by sway's MR swaywm/sway#7648

Signed-off-by: Guido Günther <agx@sigxcpu.org>
Part-of: <https://gitlab.gnome.org/World/Phosh/phoc/-/merge_requests/463>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@WhyNotHugo WhyNotHugo WhyNotHugo approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@emersion @danieldg @WhyNotHugo