frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Xnamespace: filter raw mouse motion and keyboard access 

Only namespaces with allowMouseOption flag enabled can receive
raw mouse motion events. Raw key press events are always blocked.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
This commit is contained in:
Enrico Weigelt, metux IT consult 2025-03-19 10:50:56 +01:00
parent d158f18a31
commit 42f7918a23
6 changed files with 82 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Xext/namespace/config.c
View File

@ -6,6 +6,7 @@
#include "namespace.h" #include "namespace.h"
struct Xnamespace ns_root = { struct Xnamespace ns_root = {
.allowMouseMotion = TRUE,
.builtin = TRUE, .builtin = TRUE,
.name = NS_NAME_ROOT, .name = NS_NAME_ROOT,
.refcnt = 1, .refcnt = 1,

75
Xext/namespace/hook-receive.c Normal file
View File

@ -0,0 +1,75 @@
#define HOOK_NAME "recieve"
#include <dix-config.h>
#include <X11/Xmd.h>
#include "dix/extension_priv.h"
#include "dix/registry_priv.h"
#include "dix/resource_priv.h"
#include "Xext/xacestr.h"
#include "Xi/exglobals.h"
#include "namespace.h"
#include "hooks.h"
static inline Bool isRootWin(WindowPtr pWin) {
return (pWin->parent == NullWindow && dixClientForWindow(pWin) == serverClient);
}
void
hookReceive(CallbackListPtr *pcbl, void *unused, void *calldata)
{
XNS_HOOK_HEAD(XaceReceiveAccessRec);
struct XnamespaceClientPriv *obj = XnsClientPriv(dixClientForWindow(param->pWin));
// send and receive within same namespace permitted without restrictions
if (XnsClientSameNS(subj, obj))
goto pass;
for (int i=0; i<param->count; i++) {
const int type = param->events[i].u.u.type;
switch (type) {
case GenericEvent: {
xGenericEvent *gev = (xGenericEvent*)&param->events[i].u;
if (gev->extension == EXTENSION_MAJOR_XINPUT) {
switch (gev->evtype) {
case XI_RawMotion:
if ((!subj->ns->allowMouseMotion) || !isRootWin(param->pWin))
goto reject;
continue;
case XI_RawKeyPress:
case XI_RawKeyRelease:
goto reject;
default:
XNS_HOOK_LOG("XI unknown %d\n", gev->evtype);
goto reject;
}
}
XNS_HOOK_LOG("BLOCKED #%d generic event extension=%d\n", i, gev->extension);
goto reject;
}
break;
default:
XNS_HOOK_LOG("BLOCKED event type #%d 0%0x 0%0x %s %s%s\n", i, type, param->events[i].u.u.detail,
LookupEventName(type), (type & 128) ? "fake" : "",
isRootWin(param->pWin) ? " (root window)" : "");
goto reject;
break;
}
}
pass:
return;
reject:
param->status = BadAccess;
XNS_HOOK_LOG("BLOCKED client %d [NS %s] receiving event sent to window 0x%lx of client %d [NS %s]\n",
client->index,
subj->ns->name,
(unsigned long)param->pWin->drawable.id,
dixClientForWindow(param->pWin)->index,
obj->ns->name);
return;
}

1
Xext/namespace/hooks.h
View File

@ -26,6 +26,7 @@
void hookClientState(CallbackListPtr *pcbl, void *unused, void *calldata); void hookClientState(CallbackListPtr *pcbl, void *unused, void *calldata);
void hookInitRootWindow(CallbackListPtr *pcbl, void *unused, void *calldata); void hookInitRootWindow(CallbackListPtr *pcbl, void *unused, void *calldata);
void hookReceive(CallbackListPtr *pcbl, void *unused, void *calldata);
void hookSelectionFilter(CallbackListPtr *pcbl, void *unused, void *calldata); void hookSelectionFilter(CallbackListPtr *pcbl, void *unused, void *calldata);
void hookWindowProperty(CallbackListPtr *pcbl, void *unused, void *calldata); void hookWindowProperty(CallbackListPtr *pcbl, void *unused, void *calldata);

1
Xext/namespace/meson.build
View File

@ -4,6 +4,7 @@ libxserver_namespace = static_library(
'config.c', 'config.c',
'hook-clientstate.c', 'hook-clientstate.c',
'hook-init-rootwindow.c', 'hook-init-rootwindow.c',
'hook-receive.c',
'hook-selection.c', 'hook-selection.c',
'hook-windowproperty.c', 'hook-windowproperty.c',
'namespace.c', 'namespace.c',

4
Xext/namespace/namespace.c
View File

@ -8,6 +8,7 @@
#include "dix/selection_priv.h" #include "dix/selection_priv.h"
#include "include/os.h" #include "include/os.h"
#include "miext/extinit_priv.h" #include "miext/extinit_priv.h"
#include "Xext/xacestr.h"
#include "namespace.h" #include "namespace.h"
#include "hooks.h" #include "hooks.h"
@ -32,7 +33,8 @@ NamespaceExtensionInit(void)
AddCallback(&ClientStateCallback, hookClientState, NULL) && AddCallback(&ClientStateCallback, hookClientState, NULL) &&
AddCallback(&PostInitRootWindowCallback, hookInitRootWindow, NULL) && AddCallback(&PostInitRootWindowCallback, hookInitRootWindow, NULL) &&
AddCallback(&PropertyFilterCallback, hookWindowProperty, NULL) && AddCallback(&PropertyFilterCallback, hookWindowProperty, NULL) &&
AddCallback(&SelectionFilterCallback, hookSelectionFilter, NULL))) AddCallback(&SelectionFilterCallback, hookSelectionFilter, NULL) &&
XaceRegisterCallback(XACE_RECEIVE_ACCESS, hookReceive, NULL)))
FatalError("NamespaceExtensionInit: allocation failure\n"); FatalError("NamespaceExtensionInit: allocation failure\n");
/* Do the serverClient */ /* Do the serverClient */

1
Xext/namespace/namespace.h
View File

@ -14,6 +14,7 @@ struct Xnamespace {
struct xorg_list entry; struct xorg_list entry;
const char *name; const char *name;
Bool builtin; Bool builtin;
Bool allowMouseMotion;
Bool superPower; Bool superPower;
const char *authProto; const char *authProto;
char *authTokenData; char *authTokenData;