wayland: prevent unprivileged clients from binding secure globals

2022-05-07 19:59:51 +02:00 · 2022-05-07 19:59:51 +02:00 · 1e9cc60693
commit 1e9cc60693
parent 6c9e058c3f
2 changed files with 13 additions and 7 deletions
--- a/src/globals.rs
+++ b/src/globals.rs
@ -174,8 +174,16 @@ impl Globals {
        self.broadcast(state, global.secure(), |r| r.send_global(&global));
    }

-    pub fn get(&self, name: GlobalName) -> Result<Rc<dyn Global>, GlobalsError> {
-        self.take(name, false)
+    pub fn get(
+        &self,
+        name: GlobalName,
+        allow_secure: bool,
+    ) -> Result<Rc<dyn Global>, GlobalsError> {
+        let global = self.take(name, false)?;
+        if global.secure() && !allow_secure {
+            return Err(GlobalsError::GlobalDoesNotExist(name));
+        }
+        Ok(global)
    }

    pub fn remove<T: WaylandGlobal>(&self, state: &State, global: &T) -> Result<(), GlobalsError> {