From cb1baec84aa234206ddb4dc5f7dbd3215b52bf1a Mon Sep 17 00:00:00 2001 From: "Enrico Weigelt, metux IT consult" Date: Wed, 19 Mar 2025 13:53:26 +0100 Subject: [PATCH] Xnamespace: isolate root window property access Redirecting access to root window properties to the per-namespace virtual root windows. This isolates a lot of communication via root window, e.g. the cut buffers. Signed-off-by: Enrico Weigelt, metux IT consult --- Xext/namespace/hook-windowproperty.c | 47 ++++++++++++++++++++++++++++ Xext/namespace/hooks.h | 1 + Xext/namespace/meson.build | 1 + Xext/namespace/namespace.c | 2 ++ 4 files changed, 51 insertions(+) create mode 100644 Xext/namespace/hook-windowproperty.c diff --git a/Xext/namespace/hook-windowproperty.c b/Xext/namespace/hook-windowproperty.c new file mode 100644 index 000000000..cc041410b --- /dev/null +++ b/Xext/namespace/hook-windowproperty.c @@ -0,0 +1,47 @@ +#define HOOK_NAME "windowproperty" + +#include + +#include + +#include "dix/dix_priv.h" +#include "dix/property_priv.h" +#include "dix/window_priv.h" + +#include "namespace.h" +#include "hooks.h" + +static inline Bool winIsRoot(WindowPtr pWin) { + if (!pWin) + return FALSE; + if (pWin->drawable.pScreen->root == pWin) + return TRUE; + return FALSE; +} + +void hookWindowProperty(CallbackListPtr *pcbl, void *unused, void *calldata) +{ + XNS_HOOK_HEAD(PropertyFilterParam); + + // no redirect on super power + if (subj->ns->superPower) + return; + + const ClientPtr owner = dixLookupXIDOwner(param->window); + if (!owner) { + param->status = BadWindow; + param->skip = TRUE; + XNS_HOOK_LOG("owner of window 0x%0x doesn't exist\n", param->window); + return; + } + + // whitelist anything that goes to caller's own namespace + struct XnamespaceClientPriv *obj = XnsClientPriv(owner); + if (XnsClientSameNS(subj, obj)) + return; + + // redirect root window access to namespace's virtual root + if (dixWindowIsRoot(param->window)) { + param->window = subj->ns->rootWindow->drawable.id; + } +} diff --git a/Xext/namespace/hooks.h b/Xext/namespace/hooks.h index 9f08f6199..a2327156f 100644 --- a/Xext/namespace/hooks.h +++ b/Xext/namespace/hooks.h @@ -27,5 +27,6 @@ void hookClientState(CallbackListPtr *pcbl, void *unused, void *calldata); void hookInitRootWindow(CallbackListPtr *pcbl, void *unused, void *calldata); void hookSelectionFilter(CallbackListPtr *pcbl, void *unused, void *calldata); +void hookWindowProperty(CallbackListPtr *pcbl, void *unused, void *calldata); #endif /* __XSERVER_NAMESPACE_HOOKS_H */ diff --git a/Xext/namespace/meson.build b/Xext/namespace/meson.build index 75a8a12ab..4b6365003 100644 --- a/Xext/namespace/meson.build +++ b/Xext/namespace/meson.build @@ -5,6 +5,7 @@ libxserver_namespace = static_library( 'hook-clientstate.c', 'hook-init-rootwindow.c', 'hook-selection.c', + 'hook-windowproperty.c', 'namespace.c', ], include_directories: inc, diff --git a/Xext/namespace/namespace.c b/Xext/namespace/namespace.c index 496e0a87d..27b5f69b0 100644 --- a/Xext/namespace/namespace.c +++ b/Xext/namespace/namespace.c @@ -4,6 +4,7 @@ #include #include "dix/dix_priv.h" +#include "dix/property_priv.h" #include "dix/selection_priv.h" #include "include/os.h" #include "miext/extinit_priv.h" @@ -30,6 +31,7 @@ NamespaceExtensionInit(void) sizeof(struct XnamespaceClientPriv)) && AddCallback(&ClientStateCallback, hookClientState, NULL) && AddCallback(&PostInitRootWindowCallback, hookInitRootWindow, NULL) && + AddCallback(&PropertyFilterCallback, hookWindowProperty, NULL) && AddCallback(&SelectionFilterCallback, hookSelectionFilter, NULL))) FatalError("NamespaceExtensionInit: allocation failure\n");