Authorized clients

Sebastian Wick sebastian at
Mon Dec 30 20:02:30 PST 2013

I'm currently working on a system which allows specific clients to use
restricted interfaces [1]. This is needed for applications like 
desktop recorders outside of the compositor, accessibility tools and 

The current implementation consists of a protocol which can be used to 
start an
application via the compositor to ensure a chain of trust and a 
mechanism for
the compositor to determine if a client is authorized to use the 

A client is authorized for a protocol if...
a) the client's executable path is found in a config file in the 
/etc/xdg/wayland/auth.d and if the config allows access on the protocol
b) polkit authorizes the client

The config files in /etc/xdg/wayland/auth.d have the weston ini format 
and can
contain an arbitrary number of sections. A section must contain an 
config which is the path to the executable and an "allow" config which 
is a
list of allowed protocols separated by a white-space.

If the config doesn't allow the client to use the protocol, the 
queries polkit for authorization. The benefit of having polkit has a 
is that you can even use authorize clients which don't provide a config 
and can be configured easily.

The problem is that checking for authorization is now asynchronous which 
that the current approach, to immediately post an error and delete the 
[2], doesn't work anymore and I don't know how to fix it.

I would appreciate if you can help me with the problem and I'd also 
comments regarding the design of the system and other criticism.


More information about the wayland-devel mailing list