Authorized clients

Sebastian Wick sebastian at sebastianwick.net
Mon Dec 30 20:02:30 PST 2013


I'm currently working on a system which allows specific clients to use
restricted interfaces [1]. This is needed for applications like 
screenhooters,
desktop recorders outside of the compositor, accessibility tools and 
others.

The current implementation consists of a protocol which can be used to 
start an
application via the compositor to ensure a chain of trust and a 
mechanism for
the compositor to determine if a client is authorized to use the 
protocol.

A client is authorized for a protocol if...
a) the client's executable path is found in a config file in the 
directory
/etc/xdg/wayland/auth.d and if the config allows access on the protocol
b) polkit authorizes the client

The config files in /etc/xdg/wayland/auth.d have the weston ini format 
and can
contain an arbitrary number of sections. A section must contain an 
"executable"
config which is the path to the executable and an "allow" config which 
is a
list of allowed protocols separated by a white-space.

If the config doesn't allow the client to use the protocol, the 
compositor
queries polkit for authorization. The benefit of having polkit has a 
fallback
is that you can even use authorize clients which don't provide a config 
file
and can be configured easily.

The problem is that checking for authorization is now asynchronous which 
means
that the current approach, to immediately post an error and delete the 
resource
[2], doesn't work anymore and I don't know how to fix it.

I would appreciate if you can help me with the problem and I'd also 
appreciate
comments regarding the design of the system and other criticism.

[1] https://github.com/swick/weston/compare/authorizedclient
[2] 
https://github.com/swick/weston/blob/master/src/screenshooter.c#L231-L235




More information about the wayland-devel mailing list