This patchset adds functionality to allow system-level control over handing out file descriptors for sockets, to allow tighter security when running a Wayland compositor under a Wayland session server.
A Wayland session service is run with system daemon permission levels, and individual Wayland sessions are launched from within it. These sub-sessions can then be run with a tightened set of permissions such being restricted to the actual user home directory and restricted from accessing another application's resources, and thus otherwise handled as just another Wayland client application. These 'home applications' (as they're referred to in Tizen) could then be provided by third party to users (e.g. downloaded from an app store) without having to be granted undue levels of trust. In Tizen, this system is implemented using Enlightenment as the Wayland session service. Simplified Mandatory Access Control Kernel (Smack) is used to enforce security policy. Cynara is used as the security daemon. (See https://wiki.tizen.org/wiki/Security/Tizen_3.X_Overview for more detail.) One implication of this security policy is that applications (including the home application) cannot share sockets, and can only connect to system-level sockets. This means that Enlightenment needs to create and own the sockets used by the untrusted Wayland home applications, and to do that, we require the ability to pass socket file descriptors through the Wayland API when adding a socket for a Wayland display. --- v2: + Drop tab corrections + Add patch to move if statement into assert v3: + Removed wl_os_socket_check_cloexec + Removed wl_display_add_socket_fd_auto + Replaced _wl_display_add_socket + Rewrote wl_display_add_socket_fd Bryce Harrington (7): socket-test: Fix some comment typos socket-test: Refactor if check into the assert os: Expose set_cloexec_or_close with a namespaced name tests: Add test case for wl_os_set_cloexec_or_close server: Restructure _wl_display_add_socket() to take an explicit fd argument server: Add new API for adding a socket with an existing fd socket-test: Add cases for sockets using existing fd's src/wayland-os.c | 24 +++++++++++----- src/wayland-os.h | 3 ++ src/wayland-server-core.h | 3 ++ src/wayland-server.c | 70 +++++++++++++++++++++++++++++++++++++++++------ tests/os-wrappers-test.c | 45 ++++++++++++++++++++++++++++++ tests/socket-test.c | 39 +++++++++++++++++++++----- 6 files changed, 162 insertions(+), 22 deletions(-) -- 1.9.1 _______________________________________________ wayland-devel mailing list wayland-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/wayland-devel
