Xnamespace: filter device access

Filter device access, whitelist several commonly used operations that should be safe (eg. query keyboard layout). Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
2025-03-19 10:50:56 +01:00 · 2025-03-19 10:50:56 +01:00 · e293308ef7
parent 7afdba1952
commit e293308ef7
4 changed files with 56 additions and 0 deletions
--- a/Xext/namespace/hook-device.c
+++ b/Xext/namespace/hook-device.c
@ -0,0 +1,53 @@
+#define HOOK_NAME "device"
+
+#include <dix-config.h>
+
+#include <X11/extensions/XKB.h>
+
+#include "dix/dix_priv.h"
+#include "dix/extension_priv.h"
+#include "dix/registry_priv.h"
+#include "Xext/xacestr.h"
+
+#include "namespace.h"
+#include "hooks.h"
+
+void hookDevice(CallbackListPtr *pcbl, void *unused, void *calldata)
+{
+    XNS_HOOK_HEAD(XaceDeviceAccessRec);
+
+    if (subj->ns->superPower)
+        goto pass;
+
+    // should be safe to pass for anybody
+    switch (client->majorOp) {
+        case X_QueryPointer:
+        case X_GetInputFocus:
+        case X_GetKeyboardMapping:
+        case X_GetModifierMapping:
+        case X_GrabButton: // needed by xterm -- should be safe
+            goto pass;
+        case EXTENSION_MAJOR_XKEYBOARD:
+            switch(client->minorOp) {
+                case X_kbSelectEvents:      // needed by xterm
+                case X_kbGetMap:            // needed by xterm
+                case X_kbBell:              // needed by GIMP
+                case X_kbPerClientFlags:    // needed by firefox
+                case X_kbGetState:          // needed by firefox
+                case X_kbGetNames:          // needed by firefox
+                case X_kbGetControls:       // needed by firefox
+                    goto pass;
+                default:
+                    XNS_HOOK_LOG("BLOCKED unhandled XKEYBOARD %s\n", LookupRequestName(client->majorOp, client->minorOp));
+                    goto block;
+            }
+    }
+
+block:
+    param->status = BadAccess;
+    return;
+
+pass:
+    param->status = Success;
+    return;
+}
--- a/Xext/namespace/hooks.h
+++ b/Xext/namespace/hooks.h
@ -25,6 +25,7 @@
    struct XnamespaceClientPriv *subj = XnsClientPriv(client);

 void hookClientState(CallbackListPtr *pcbl, void *unused, void *calldata);
+void hookDevice(CallbackListPtr *pcbl, void *unused, void *calldata);
 void hookExtAccess(CallbackListPtr *pcbl, void *unused, void *calldata);
 void hookExtDispatch(CallbackListPtr *pcbl, void *unused, void *calldata);
 void hookInitRootWindow(CallbackListPtr *pcbl, void *unused, void *calldata);
--- a/Xext/namespace/meson.build
+++ b/Xext/namespace/meson.build
@ -3,6 +3,7 @@ libxserver_namespace = static_library(
 	[
 		'config.c',
 		'hook-clientstate.c',
+		'hook-device.c',
 		'hook-ext-access.c',
 		'hook-ext-dispatch.c',
 		'hook-init-rootwindow.c',
--- a/Xext/namespace/namespace.c
+++ b/Xext/namespace/namespace.c
@ -34,6 +34,7 @@ NamespaceExtensionInit(void)
          AddCallback(&PostInitRootWindowCallback, hookInitRootWindow, NULL) &&
          AddCallback(&PropertyFilterCallback, hookWindowProperty, NULL) &&
          AddCallback(&SelectionFilterCallback, hookSelectionFilter, NULL) &&
+          XaceRegisterCallback(XACE_DEVICE_ACCESS, hookDevice, NULL) &&
          XaceRegisterCallback(XACE_EXT_DISPATCH, hookExtDispatch, NULL) &&
          XaceRegisterCallback(XACE_EXT_ACCESS, hookExtAccess, NULL) &&
          XaceRegisterCallback(XACE_RECEIVE_ACCESS, hookReceive, NULL) &&