Xnamespace: filter raw mouse motion and keyboard access

Only namespaces with allowMouseOption flag enabled can receive raw mouse motion events. Raw key press events are always blocked. Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
2025-03-19 10:50:56 +01:00 · 2025-03-19 10:50:56 +01:00 · 81faed9c8c
parent cb1baec84a
commit 81faed9c8c
6 changed files with 82 additions and 1 deletions
--- a/Xext/namespace/config.c
+++ b/Xext/namespace/config.c
@ -6,6 +6,7 @@
 #include "namespace.h"

 struct Xnamespace ns_root = {
+    .allowMouseMotion = TRUE,
    .builtin = TRUE,
    .name = NS_NAME_ROOT,
    .refcnt = 1,
--- a/Xext/namespace/hook-receive.c
+++ b/Xext/namespace/hook-receive.c
@ -0,0 +1,75 @@
+#define HOOK_NAME "recieve"
+
+#include <dix-config.h>
+
+#include <X11/Xmd.h>
+
+#include "dix/extension_priv.h"
+#include "dix/registry_priv.h"
+#include "dix/resource_priv.h"
+#include "Xext/xacestr.h"
+#include "Xi/exglobals.h"
+
+#include "namespace.h"
+#include "hooks.h"
+
+static inline Bool isRootWin(WindowPtr pWin) {
+    return (pWin->parent == NullWindow && dixClientForWindow(pWin) == serverClient);
+}
+
+void
+hookReceive(CallbackListPtr *pcbl, void *unused, void *calldata)
+{
+    XNS_HOOK_HEAD(XaceReceiveAccessRec);
+    struct XnamespaceClientPriv *obj = XnsClientPriv(dixClientForWindow(param->pWin));
+
+    // send and receive within same namespace permitted without restrictions
+    if (XnsClientSameNS(subj, obj))
+        goto pass;
+
+    for (int i=0; i<param->count; i++) {
+        const int type = param->events[i].u.u.type;
+        switch (type) {
+            case GenericEvent: {
+                xGenericEvent *gev = (xGenericEvent*)&param->events[i].u;
+                if (gev->extension == EXTENSION_MAJOR_XINPUT) {
+                    switch (gev->evtype) {
+                        case XI_RawMotion:
+                            if ((!subj->ns->allowMouseMotion) || !isRootWin(param->pWin))
+                                goto reject;
+                            continue;
+                        case XI_RawKeyPress:
+                        case XI_RawKeyRelease:
+                            goto reject;
+                        default:
+                            XNS_HOOK_LOG("XI unknown %d\n", gev->evtype);
+                            goto reject;
+                    }
+                }
+                XNS_HOOK_LOG("BLOCKED #%d generic event extension=%d\n", i, gev->extension);
+                goto reject;
+            }
+            break;
+
+            default:
+                XNS_HOOK_LOG("BLOCKED event type #%d 0%0x 0%0x %s %s%s\n", i, type, param->events[i].u.u.detail,
+                    LookupEventName(type), (type & 128) ? "fake" : "",
+                    isRootWin(param->pWin) ? " (root window)" : "");
+                goto reject;
+            break;
+        }
+    }
+
+pass:
+    return;
+
+reject:
+    param->status = BadAccess;
+    XNS_HOOK_LOG("BLOCKED client %d [NS %s] receiving event sent to window 0x%lx of client %d [NS %s]\n",
+        client->index,
+        subj->ns->name,
+        (unsigned long)param->pWin->drawable.id,
+        dixClientForWindow(param->pWin)->index,
+        obj->ns->name);
+    return;
+}
--- a/Xext/namespace/hooks.h
+++ b/Xext/namespace/hooks.h
@ -26,6 +26,7 @@

 void hookClientState(CallbackListPtr *pcbl, void *unused, void *calldata);
 void hookInitRootWindow(CallbackListPtr *pcbl, void *unused, void *calldata);
+void hookReceive(CallbackListPtr *pcbl, void *unused, void *calldata);
 void hookSelectionFilter(CallbackListPtr *pcbl, void *unused, void *calldata);
 void hookWindowProperty(CallbackListPtr *pcbl, void *unused, void *calldata);

--- a/Xext/namespace/meson.build
+++ b/Xext/namespace/meson.build
@ -4,6 +4,7 @@ libxserver_namespace = static_library(
 		'config.c',
 		'hook-clientstate.c',
 		'hook-init-rootwindow.c',
+		'hook-receive.c',
 		'hook-selection.c',
 		'hook-windowproperty.c',
 		'namespace.c',
--- a/Xext/namespace/namespace.c
+++ b/Xext/namespace/namespace.c
@ -8,6 +8,7 @@
 #include "dix/selection_priv.h"
 #include "include/os.h"
 #include "miext/extinit_priv.h"
+#include "Xext/xacestr.h"

 #include "namespace.h"
 #include "hooks.h"
@ -32,7 +33,8 @@ NamespaceExtensionInit(void)
          AddCallback(&ClientStateCallback, hookClientState, NULL) &&
          AddCallback(&PostInitRootWindowCallback, hookInitRootWindow, NULL) &&
          AddCallback(&PropertyFilterCallback, hookWindowProperty, NULL) &&
-          AddCallback(&SelectionFilterCallback, hookSelectionFilter, NULL)))
+          AddCallback(&SelectionFilterCallback, hookSelectionFilter, NULL) &&
+          XaceRegisterCallback(XACE_RECEIVE_ACCESS, hookReceive, NULL)))
        FatalError("NamespaceExtensionInit: allocation failure\n");

    /* Do the serverClient */
--- a/Xext/namespace/namespace.h
+++ b/Xext/namespace/namespace.h
@ -14,6 +14,7 @@ struct Xnamespace {
    struct xorg_list entry;
    const char *name;
    Bool builtin;
+    Bool allowMouseMotion;
    Bool superPower;
    const char *authProto;
    char *authTokenData;