Xnamespace: isolate root window property access

Redirecting access to root window properties to the per-namespace
virtual root windows. This isolates a lot of communication via root
window, e.g. the cut buffers.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>

Xext/namespace/hook-windowproperty.c

@@ -0,0 +1,47 @@
+#define HOOK_NAME "windowproperty"
+
+#include <dix-config.h>
+
+#include <X11/Xmd.h>
+
+#include "dix/dix_priv.h"
+#include "dix/property_priv.h"
+#include "dix/window_priv.h"
+
+#include "namespace.h"
+#include "hooks.h"
+
+static inline Bool winIsRoot(WindowPtr pWin) {
+    if (!pWin)
+        return FALSE;
+    if (pWin->drawable.pScreen->root == pWin)
+        return TRUE;
+    return FALSE;
+}
+
+void hookWindowProperty(CallbackListPtr *pcbl, void *unused, void *calldata)
+{
+    XNS_HOOK_HEAD(PropertyFilterParam);
+
+    // no redirect on super power
+    if (subj->ns->superPower)
+        return;
+
+    const ClientPtr owner = dixLookupXIDOwner(param->window);
+    if (!owner) {
+        param->status = BadWindow;
+        param->skip = TRUE;
+        XNS_HOOK_LOG("owner of window 0x%0x doesn't exist\n", param->window);
+        return;
+    }
+
+    // whitelist anything that goes to caller's own namespace
+    struct XnamespaceClientPriv *obj = XnsClientPriv(owner);
+    if (XnsClientSameNS(subj, obj))
+        return;
+
+    // redirect root window access to namespace's virtual root
+    if (dixWindowIsRoot(param->window)) {
+        param->window = subj->ns->rootWindow->drawable.id;
+    }
+}

Xext/namespace/hooks.h

@@ -27,5 +27,6 @@
 void hookClientState(CallbackListPtr *pcbl, void *unused, void *calldata);
 void hookInitRootWindow(CallbackListPtr *pcbl, void *unused, void *calldata);
 void hookSelectionFilter(CallbackListPtr *pcbl, void *unused, void *calldata);
+void hookWindowProperty(CallbackListPtr *pcbl, void *unused, void *calldata);
 
 #endif /* __XSERVER_NAMESPACE_HOOKS_H */

Xext/namespace/meson.build

@@ -5,6 +5,7 @@ libxserver_namespace = static_library(
 		'hook-clientstate.c',
 		'hook-init-rootwindow.c',
 		'hook-selection.c',
+		'hook-windowproperty.c',
 		'namespace.c',
 	],
 	include_directories: inc,

Xext/namespace/namespace.c

@@ -4,6 +4,7 @@
 #include <X11/Xmd.h>
 
 #include "dix/dix_priv.h"
+#include "dix/property_priv.h"
 #include "dix/selection_priv.h"
 #include "include/os.h"
 #include "miext/extinit_priv.h"
@@ -30,6 +31,7 @@ NamespaceExtensionInit(void)
             sizeof(struct XnamespaceClientPriv)) &&
           AddCallback(&ClientStateCallback, hookClientState, NULL) &&
           AddCallback(&PostInitRootWindowCallback, hookInitRootWindow, NULL) &&
+          AddCallback(&PropertyFilterCallback, hookWindowProperty, NULL) &&
           AddCallback(&SelectionFilterCallback, hookSelectionFilter, NULL)))
         FatalError("NamespaceExtensionInit: allocation failure\n");