Commit eb52bb8e authored by Sung-Jin Park's avatar Sung-Jin Park Committed by Bryce Harrington

server: Add an API to get the file descriptor for a client

This adds an API to get the file descriptor for a client.
The client file descriptor can be used for a wayland compositor to validate
a request from a client if there are any additional information provided from
the client's file descriptor.

For instance, this will be helpful in some linux distributions, in which SELinux
or SMACK is enabled. In those environments, each file (including socket) will have
each security contexts in its inode as xattr member variable. A wayland compositor
can validate a client request by getting the file descriptor of the client and
by checking the security contexts associated with the file descriptor.
Signed-off-by: default avatarSung-Jin Park <input.hacker@gmail.com>
parent 7ed00c1d
......@@ -405,6 +405,12 @@ wl_message_count_arrays(const struct wl_message *message)
return arrays;
}
int
wl_connection_get_fd(struct wl_connection *connection)
{
return connection->fd;
}
static int
wl_connection_put_fd(struct wl_connection *connection, int32_t fd)
{
......
......@@ -136,6 +136,9 @@ int
wl_connection_queue(struct wl_connection *connection,
const void *data, size_t count);
int
wl_connection_get_fd(struct wl_connection *connection);
struct wl_closure {
int count;
const struct wl_message *message;
......
......@@ -182,6 +182,9 @@ void
wl_client_get_credentials(struct wl_client *client,
pid_t *pid, uid_t *uid, gid_t *gid);
int
wl_client_get_fd(struct wl_client *client);
void
wl_client_add_destroy_listener(struct wl_client *client,
struct wl_listener *listener);
......
......@@ -491,6 +491,41 @@ wl_client_get_credentials(struct wl_client *client,
*gid = client->ucred.gid;
}
/** Get the file descriptor for the client
*
* \param client The display object
* \return The file descriptor to use for the connection
*
* This function returns the file descriptor for the given client.
*
* Be sure to use the file descriptor from the client for inspection only.
* If the caller does anything to the file descriptor that changes its state,
* it will likely cause problems.
*
* See also wl_client_get_credentials().
* It is recommended that you evaluate whether wl_client_get_credentials()
* can be applied to your use case instead of this function.
*
* If you would like to distinguish just between the client and the compositor
* itself from the client's request, it can be done by getting the client
* credentials and by checking the PID of the client and the compositor's PID.
* Regarding the case in which the socketpair() is being used, you need to be
* careful. Please note the documentation for wl_client_get_credentials().
*
* This function can be used for a compositor to validate a request from
* a client if there are additional information provided from the client's
* file descriptor. For instance, suppose you can get the security contexts
* from the client's file descriptor. The compositor can validate the client's
* request with the contexts and make a decision whether it permits or deny it.
*
* \memberof wl_client
*/
WL_EXPORT int
wl_client_get_fd(struct wl_client *client)
{
return wl_connection_get_fd(client->connection);
}
/** Look up an object in the client name space
*
* \param client The client object
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment