[PATCH weston] introduces a setting to give permission to any client to do screenshots

[Bill Spitzak]

Could an api be added so that one client can "give" access to an object 
to another client? This would allow a single secure client to implement 
all the rules for what is allowed to be a screen saver, rather than 
having the rules be in the compositor.

What I thought was something like this:

- "secure" client gets the object id for the screen shooter api

- It can ask the compositor for a "key" to this id. This is a big 
random-looking number

- It then sends this key (using any method it wants, such as argv to 
exec) to a client that does not have any more privledges other than 
being able to connect to the wayland compositor.

- This client sends the key in a new request to the compositor

- If the key is one it recently generated, the compositor responds with 
something much like the global registry events, giving the type and id 
of the same object. Otherwise it responds with an error.

- Client can now use the screen shooter object.

This does not really solve the screen shooter problem, but perhaps moves 
it somewhere more convenient.

I also think this api would be useful so that a parent client can create 
a subsurface and then pass it to a child executable to draw into. This 
appears a lot simpler than the proposed mechanism where the child 
creates the subsurface.

Speaking from a user pov:

If the user wants to run a screen saver app they downloaded, then when 
they run it the first time it should pop up a dialog saying "this app 
wants to be able to take images of the screen" and if the user hits ok 
it runs. Anything more complicated than that, including anything 
requiring the screen shooter to be "installed" or giving it setuid, is 
unacceptable.