I'm currently working on a system which allows specific clients to use
restricted interfaces [1]. This is needed for applications like
screenhooters,
desktop recorders outside of the compositor, accessibility tools and
others.
The current implementation consists of a protocol which can be used to
start an
application via the compositor to ensure a chain of trust and a
mechanism for
the compositor to determine if a client is authorized to use the
protocol.
A client is authorized for a protocol if...
a) the client's executable path is found in a config file in the
directory
/etc/xdg/wayland/auth.d and if the config allows access on the protocol
b) polkit authorizes the client
The config files in /etc/xdg/wayland/auth.d have the weston ini format
and can
contain an arbitrary number of sections. A section must contain an
"executable"
config which is the path to the executable and an "allow" config which
is a
list of allowed protocols separated by a white-space.
If the config doesn't allow the client to use the protocol, the
compositor
queries polkit for authorization. The benefit of having polkit has a
fallback
is that you can even use authorize clients which don't provide a config
file
and can be configured easily.
The problem is that checking for authorization is now asynchronous which
means
that the current approach, to immediately post an error and delete the
resource
[2], doesn't work anymore and I don't know how to fix it.
I would appreciate if you can help me with the problem and I'd also
appreciate
comments regarding the design of the system and other criticism.
[1] https://github.com/swick/weston/compare/authorizedclient
[2]
https://github.com/swick/weston/blob/master/src/screenshooter.c#L231-L235
_______________________________________________
wayland-devel mailing list
wayland-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/wayland-devel
