<div dir="ltr"><div><div><div><div><div>Hi fellow developers,<br><br></div>Some time ago, there has been some discussion on this mailing list about "libwsm" (alias lib "Wayland Security Module").<br><br></div>Here is the previous thread : <a href="http://lists.freedesktop.org/archives/wayland-devel/2014-February/013359.html">http://lists.freedesktop.org/archives/wayland-devel/2014-February/013359.html</a><br><br></div>Libwsm has been developed by Martin Peres and Steve Dodier-Lazaro ; it tries to address the issues about unprivilegied clients wanting access to privilegies interfaces. For instance,<br><br></div>- a legitimate third-party app wanting to take screenshots and record the screen at the user's request ;<br></div><div>- a rogue app trying to take screenshots of the users' bank account number ;<br></div><div>- a legitimate app installed as an alternate virtual keyboard (instead of, say, weston-keyboard)<br></div>- a rogue app (virus) trying to permanently switch fullscreen to display ads and threats.<br><div><div><br>We know all this was possible with X11 due to protocol flaws. Wayland is a lot more secure, but there are still legitimate third-party clients wanting access to these privliegied features (such as the "Pick a color from the screen" tool of GIMP) !<br> Unfortunately, Wayland Compositors have no generic way to validate them. So, how do we allow GIMP, for instance, to work ? libwsm lives in the compositor (eventually in a plugin) and is able to takes decisions based on various configurable policies. Policies can be shared among compositors.<br><br></div><div>Here's a demo with fullscreen limitation policies :<br><br></div><div>The current code :<br></div><div><a href="https://github.com/Tarnyko/weston-wayland_security_module/commits/master">https://github.com/Tarnyko/weston-wayland_security_module/commits/master</a><br><br>and the video :<br><a href="https://www.youtube.com/watch?v=pDg-eUARW5c">https://www.youtube.com/watch?v=pDg-eUARW5c</a><br><br></div><div>(here we try to make "weston-terminal" fullscreen ; first with "allow" policy -it works-, then with "deny" -it fails with an explanative notification- and finally with "soft allow" -it works when the user interacts with the notification to explicitly authorize the app)<br></div><div><div><div><div><div><div><br></div><div>Any comments on this ?<br clear="all"></div><div><div><div><br>-- <br><div class="gmail_signature"><div dir="ltr"><font>Regards,<br>
<br>
<i><b>Manuel BACHMANN</b><br>
Tizen Project<br>
VANNES-FR</i><br>
</font></div></div>
</div></div></div></div></div></div></div></div></div></div>