From 8df937319996b237ceb35a6671aa32006fbaf260 Mon Sep 17 00:00:00 2001
From: "Enrico Weigelt, metux IT consult" <info@metux.net>
Date: Tue, 25 Mar 2025 13:25:58 +0100
Subject: [PATCH] Xnamespace: whitelist some XI operations

Whitelisting some XI operations in various hooks.

Note that some additional filtering needs to be done in send or
receive hook in order to prevent clients to receive possibly sensible
input data from the root window.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
---
 Xext/namespace/hook-device.c       | 11 +++++++++++
 Xext/namespace/hook-ext-dispatch.c |  5 +++++
 Xext/namespace/hook-resource.c     | 12 ++++++++++++
 3 files changed, 28 insertions(+)

diff --git a/Xext/namespace/hook-device.c b/Xext/namespace/hook-device.c
index fed8f4b72..e3f854c87 100644
--- a/Xext/namespace/hook-device.c
+++ b/Xext/namespace/hook-device.c
@@ -2,6 +2,8 @@
 
 #include <dix-config.h>
 
+#include <X11/extensions/XIproto.h>
+#include <X11/extensions/XI2proto.h>
 #include <X11/extensions/XKB.h>
 
 #include "dix/dix_priv.h"
@@ -41,6 +43,15 @@ void hookDevice(CallbackListPtr *pcbl, void *unused, void *calldata)
                     XNS_HOOK_LOG("BLOCKED unhandled XKEYBOARD %s\n", LookupRequestName(client->majorOp, client->minorOp));
                     goto block;
             }
+        case EXTENSION_MAJOR_XINPUT:
+            switch (client->minorOp) {
+                case X_ListInputDevices:
+                case X_XIQueryDevice:
+                    goto pass;
+                default:
+                    XNS_HOOK_LOG("BLOCKED unhandled Xinput request\n");
+                    goto block;
+            }
     }
 
 block:
diff --git a/Xext/namespace/hook-ext-dispatch.c b/Xext/namespace/hook-ext-dispatch.c
index 085704cf9..1c13dae4e 100644
--- a/Xext/namespace/hook-ext-dispatch.c
+++ b/Xext/namespace/hook-ext-dispatch.c
@@ -6,6 +6,7 @@
 #include <X11/Xdefs.h> // syncproto.h is broken
 #include <X11/Xmd.h>
 #include <X11/extensions/syncproto.h>
+#include <X11/extensions/XIproto.h>
 #include <X11/extensions/XKB.h>
 #include <X11/extensions/xfixeswire.h>
 
@@ -61,6 +62,10 @@ void hookExtDispatch(CallbackListPtr *pcbl, void *unused, void *calldata)
         case EXTENSION_MAJOR_XINPUT:
             if (subj->ns->allowXInput)
                 goto pass;
+            switch (client->minorOp) {
+                case X_ListInputDevices:
+                    goto pass;
+            }
         break;
 
         case EXTENSION_MAJOR_XFIXES:
diff --git a/Xext/namespace/hook-resource.c b/Xext/namespace/hook-resource.c
index 9f229e8b3..d3d3afaf1 100644
--- a/Xext/namespace/hook-resource.c
+++ b/Xext/namespace/hook-resource.c
@@ -2,7 +2,10 @@
 
 #include <dix-config.h>
 
+#include <X11/extensions/XI2proto.h>
+
 #include "dix/dix_priv.h"
+#include "dix/extension_priv.h"
 #include "dix/window_priv.h"
 #include "Xext/xacestr.h"
 
@@ -87,6 +90,15 @@ void hookResourceAccess(CallbackListPtr *pcbl, void *unused, void *calldata)
                 case X_SendEvent:
                     /* send hook needs to take care of this */
                     goto pass;
+
+                case EXTENSION_MAJOR_XINPUT:
+                    switch(client->minorOp) {
+                        // needed by xeyes. we should filter the mask
+                        case X_XISelectEvents:
+                            goto pass;
+                    }
+                    XNS_HOOK_LOG("unhandled XI operation on (real) root window\n");
+                    goto reject;
             }
         }
     }