I'm currently working on a system which allows specific clients to use
restricted interfaces [1]. This is needed for applications like screenhooters, desktop recorders outside of the compositor, accessibility tools and others.

The current implementation consists of a protocol which can be used to start an application via the compositor to ensure a chain of trust and a mechanism for the compositor to determine if a client is authorized to use the protocol.

A client is authorized for a protocol if...
a) the client's executable path is found in a config file in the directory
/etc/xdg/wayland/auth.d and if the config allows access on the protocol
b) polkit authorizes the client

The config files in /etc/xdg/wayland/auth.d have the weston ini format and can contain an arbitrary number of sections. A section must contain an "executable" config which is the path to the executable and an "allow" config which is a
list of allowed protocols separated by a white-space.

If the config doesn't allow the client to use the protocol, the compositor queries polkit for authorization. The benefit of having polkit has a fallback is that you can even use authorize clients which don't provide a config file
and can be configured easily.

The problem is that checking for authorization is now asynchronous which means that the current approach, to immediately post an error and delete the resource
[2], doesn't work anymore and I don't know how to fix it.

I would appreciate if you can help me with the problem and I'd also appreciate
comments regarding the design of the system and other criticism.

[1] https://github.com/swick/weston/compare/authorizedclient
[2] https://github.com/swick/weston/blob/master/src/screenshooter.c#L231-L235

wayland-devel mailing list

Reply via email to