<div dir="ltr">Hi,<div> It's missing README, but otherwise it looks good to me:</div><div><br></div><div>Reviewed-by: Mariusz Ceier <<a href="mailto:mceier%2Bwayland@gmail.com">mceier+wayland@gmail.com</a>></div><div><br></div><div>Mariusz Ceier<br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 25 November 2015 at 15:10, Giulio Camuffo <span dir="ltr"><<a href="mailto:giuliocamuffo@gmail.com" target="_blank">giuliocamuffo@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">This new extension is used by clients wanting to execute priviledged<br>
actions such as taking a screenshot.<br>
The usual way of granting special priviledged to apps is to fork and<br>
exec them in the compositor, and then checking if the client is the<br>
known one when it binds the restricted global interface. This works<br>
but is quite limited, as it doesn't allow the compositor to ask the<br>
user if the app is trusted, because it can't wait for the answer in<br>
the bind function as that would block the compositor.<br>
This new protocol instead allows the answer to come after some time<br>
without blocking the compositor or the client.<br>
---<br>
<br>
v2: renamed to restricted_registry.<br>
It now replaces wl_registry entirely for the restricted interfaces<br>
and hence it makes it lets clients know for sure that the globals<br>
in wl_registry are not restricted, and which are the restricted<br>
ones.<br>
<br>
<br>
Makefile.am | 1 +<br>
.../restricted-registry/restricted-registry-v1.xml | 148 +++++++++++++++++++++<br>
2 files changed, 149 insertions(+)<br>
create mode 100644 unstable/restricted-registry/restricted-registry-v1.xml<br>
<br>
diff --git a/Makefile.am b/Makefile.am<br>
index a32e977..bfe9a6a 100644<br>
--- a/Makefile.am<br>
+++ b/Makefile.am<br>
@@ -5,6 +5,7 @@ unstable_protocols = \<br>
unstable/text-input/text-input-unstable-v1.xml \<br>
unstable/input-method/input-method-unstable-v1.xml \<br>
unstable/xdg-shell/xdg-shell-unstable-v5.xml \<br>
+ unstable/authorizer/authorizer-unstable-v1.xml<br>
$(NULL)<br>
<br>
nobase_dist_pkgdata_DATA = \<br>
diff --git a/unstable/restricted-registry/restricted-registry-v1.xml b/unstable/restricted-registry/restricted-registry-v1.xml<br>
new file mode 100644<br>
index 0000000..8c9224f<br>
--- /dev/null<br>
+++ b/unstable/restricted-registry/restricted-registry-v1.xml<br>
@@ -0,0 +1,148 @@<br>
+<?xml version="1.0" encoding="UTF-8"?><br>
+<protocol name="restricted_registry_v1"><br>
+<br>
+ <copyright><br>
+ Copyright © 2015 Giulio Camuffo.<br>
+<br>
+ Permission to use, copy, modify, distribute, and sell this<br>
+ software and its documentation for any purpose is hereby granted<br>
+ without fee, provided that the above copyright notice appear in<br>
+ all copies and that both that copyright notice and this permission<br>
+ notice appear in supporting documentation, and that the name of<br>
+ the copyright holders not be used in advertising or publicity<br>
+ pertaining to distribution of the software without specific,<br>
+ written prior permission. The copyright holders make no<br>
+ representations about the suitability of this software for any<br>
+ purpose. It is provided "as is" without express or implied<br>
+ warranty.<br>
+<br>
+ THE COPYRIGHT HOLDERS DISCLAIM ALL WARRANTIES WITH REGARD TO THIS<br>
+ SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND<br>
+ FITNESS, IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE FOR ANY<br>
+ SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES<br>
+ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN<br>
+ AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,<br>
+ ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF<br>
+ THIS SOFTWARE.<br>
+ </copyright><br>
+<br>
+ <interface name="zwp_restricted_registry_v1" version="1"><br>
+ <description summary="authorize clients to use certain interfaces"><br>
+ This global interface acts as a wl_registry for restricted interfaces.<br>
+<br>
+ The globals advertized through this extension are not available<br>
+ through the normal wl_registry, and are not bindable by all the<br>
+ clients.<br>
+ When the clients creates a new zwp_restricted_registry_v1 object,<br>
+ it will advertize the existing restricted globals through the global<br>
+ event. These globals are not immediately bindable, but the client<br>
+ needs to be authorized first. To do so, the clients should send<br>
+ the authorize request for each global it whishes to bind, and then<br>
+ notify the compositor it whishes to be authorized by using the<br>
+ commit_authorization request. The compositor will then process the<br>
+ request and then send the list of authorized globals with the<br>
+ global_authorized event, followed by the authorization_done event.<br>
+ The client can bind the authorized globals when they are advertized<br>
+ but trying to bind any other will trigger a protocol error killing<br>
+ the client.<br>
+<br>
+ The list of restricted interfaces is compositor dependant, but must<br>
+ not include the core interfaces defined in wayland.xml.<br>
+ </description><br>
+<br>
+ <enum name="error"><br>
+ <description summary="zwp_restricted_registry_v1 error codes"><br>
+ These errors can be emitted in response of zwp_restricted_registry_v1<br>
+ requests.<br>
+ </description><br>
+ <entry name="unauthorized" value="0"<br>
+ summary="the client is not authorized to bind the specified global"/><br>
+ </enum><br>
+<br>
+ <request name="destroy" type="destructor"><br>
+ <description summary="destroy this zwp_restricted_registry_v1 object"><br>
+ Destroy this object. Any bound object will continue to live.<br>
+ </description><br>
+ </request><br>
+<br>
+ <request name="bind"><br>
+ <description summary="bind an object to the display"><br>
+ Binds a new, client-created object to the server using the<br>
+ specified name as the identifier.<br>
+ The global must have been authorized prior to binding it<br>
+ by using the authorize request, otherwise the server will<br>
+ send a protocol error.<br>
+ </description><br>
+ <arg name="name" type="uint" summary="unique name for the object"/><br>
+ <arg name="id" type="new_id"/><br>
+ </request><br>
+<br>
+ <request name="authorize"><br>
+ <description summary="authorize a global interface"><br>
+ The authorize request allows the client to ask the compositor for<br>
+ authorization to bind a restricted global interface.<br>
+ </description><br>
+ <arg name="name" type="uint"/><br>
+ </request><br>
+<br>
+ <request name="commit_authorization"><br>
+ <description summary="issue the authorization requests"><br>
+ This request notifies the compositor that the client has requested<br>
+ all the authorizations for the globals it wants to bind. No other<br>
+ authorize request can be sent after this.<br>
+ The compositor will decide which globals the client is authorized<br>
+ to bind and send them out using the global_authorized event, followed<br>
+ by the authorization_done event.<br>
+ </description><br>
+ </request><br>
+<br>
+ <event name="global"><br>
+ <description summary="announce global object"><br>
+ Notify the client of global objects.<br>
+<br>
+ The event notifies the client that a global object with<br>
+ the given name is now available, and it implements the<br>
+ given version of the given interface.<br>
+ </description><br>
+ <arg name="name" type="uint"/><br>
+ <arg name="interface" type="string"/><br>
+ <arg name="version" type="uint"/><br>
+ </event><br>
+<br>
+ <event name="global_remove"><br>
+ <description summary="announce removal of global object"><br>
+ Notify the client of removed global objects.<br>
+<br>
+ This event notifies the client that the global identified<br>
+ by name is no longer available. If the client bound to<br>
+ the global using the bind request, the client should now<br>
+ destroy that object.<br>
+<br>
+ The object remains valid and requests to the object will be<br>
+ ignored until the client destroys it, to avoid races between<br>
+ the global going away and a client sending a request to it.<br>
+ </description><br>
+ <arg name="name" type="uint"/><br>
+ </event><br>
+<br>
+ <event name="global_authorized"><br>
+ <description summary="the client can bind this global object"><br>
+ Notify the client that it was authorized to bind this global.<br>
+ Only now can the client bind it succesfully.<br>
+ </description><br>
+ <arg name="name" type="uint"/><br>
+ <arg name="interface" type="string"/><br>
+ <arg name="version" type="uint"/><br>
+ </event><br>
+<br>
+ <event name="authorization_done"><br>
+ <description summary="the authorization process is completed"><br>
+ This event notifies the client that the authorization process<br>
+ is done. Any authorized global was advertized through the<br>
+ global_authorized event, and any other global the client binds<br>
+ will trigger a protocol error.<br>
+ </description><br>
+ </event><br>
+<br>
+ </interface><br>
+</protocol><br>
<span class="HOEnZb"><font color="#888888">--<br>
2.6.2<br>
<br>
_______________________________________________<br>
wayland-devel mailing list<br>
<a href="mailto:wayland-devel@lists.freedesktop.org">wayland-devel@lists.freedesktop.org</a><br>
<a href="http://lists.freedesktop.org/mailman/listinfo/wayland-devel" rel="noreferrer" target="_blank">http://lists.freedesktop.org/mailman/listinfo/wayland-devel</a><br>
</font></span></blockquote></div><br></div>