From e680a3dc095c16a03c8759eb9c1faac0b67dad6b Mon Sep 17 00:00:00 2001 From: Julian Orth Date: Thu, 18 Sep 2025 21:06:28 +0200 Subject: [PATCH] config: allow configuring client capabilities --- jay-config/src/_private/client.rs | 18 ++- jay-config/src/_private/ipc.rs | 10 +- jay-config/src/client.rs | 80 ++++++++++++ src/acceptor.rs | 20 +-- src/client.rs | 26 ++-- src/config.rs | 14 +++ src/config/handler.rs | 94 +++++++++++++- src/globals.rs | 2 +- src/ifs/wl_registry.rs | 6 +- src/ifs/wp_security_context_v1.rs | 5 +- src/security_context_acceptor.rs | 10 +- src/state.rs | 13 +- src/xwayland.rs | 2 +- toml-config/src/config.rs | 3 + toml-config/src/config/parsers.rs | 1 + .../src/config/parsers/capabilities.rs | 66 ++++++++++ toml-config/src/config/parsers/client_rule.rs | 39 +++++- toml-config/src/rules.rs | 6 + toml-spec/spec/spec.generated.json | 42 +++++++ toml-spec/spec/spec.generated.md | 116 ++++++++++++++++++ toml-spec/spec/spec.yaml | 90 ++++++++++++++ 21 files changed, 624 insertions(+), 39 deletions(-) create mode 100644 toml-config/src/config/parsers/capabilities.rs diff --git a/jay-config/src/_private/client.rs b/jay-config/src/_private/client.rs index 99e28791..ee9afd13 100644 --- a/jay-config/src/_private/client.rs +++ b/jay-config/src/_private/client.rs @@ -12,7 +12,7 @@ use { logging, }, Axis, Direction, ModifiedKeySym, PciId, Workspace, - client::{Client, ClientCriterion, ClientMatcher, MatchedClient}, + client::{Client, ClientCapabilities, ClientCriterion, ClientMatcher, MatchedClient}, exec::Command, input::{ FocusFollowsMouseMode, InputDevice, LayerDirection, Seat, SwitchEvent, Timeline, @@ -1343,6 +1343,22 @@ impl ConfigClient { workspaces } + pub fn set_client_matcher_capabilities( + &self, + matcher: ClientMatcher, + caps: ClientCapabilities, + ) { + self.send(&ClientMessage::SetClientMatcherCapabilities { matcher, caps }); + } + + pub fn set_client_matcher_bounding_capabilities( + &self, + matcher: ClientMatcher, + caps: ClientCapabilities, + ) { + self.send(&ClientMessage::SetClientMatcherBoundingCapabilities { matcher, caps }); + } + pub fn latch(&self, seat: Seat, f: F) { if !self.feat_mod_mask.get() { log::error!("compositor does not support latching"); diff --git a/jay-config/src/_private/ipc.rs b/jay-config/src/_private/ipc.rs index 2a66bd84..87c14008 100644 --- a/jay-config/src/_private/ipc.rs +++ b/jay-config/src/_private/ipc.rs @@ -2,7 +2,7 @@ use { crate::{ _private::{ClientCriterionIpc, PollableId, WindowCriterionIpc, WireMode}, Axis, Direction, PciId, Workspace, - client::{Client, ClientMatcher}, + client::{Client, ClientCapabilities, ClientMatcher}, input::{ FocusFollowsMouseMode, InputDevice, LayerDirection, Seat, SwitchEvent, Timeline, acceleration::AccelProfile, capability::Capability, clickmethod::ClickMethod, @@ -774,6 +774,14 @@ pub enum ClientMessage<'a> { SetTitleFont { font: &'a str, }, + SetClientMatcherCapabilities { + matcher: ClientMatcher, + caps: ClientCapabilities, + }, + SetClientMatcherBoundingCapabilities { + matcher: ClientMatcher, + caps: ClientCapabilities, + }, } #[derive(Serialize, Deserialize, Debug)] diff --git a/jay-config/src/client.rs b/jay-config/src/client.rs index 97b8ff39..1bc84eb0 100644 --- a/jay-config/src/client.rs +++ b/jay-config/src/client.rs @@ -105,6 +105,20 @@ impl ClientCriterion<'_> { pub fn bind(self, cb: F) { self.to_matcher().bind(cb); } + + /// Sets the capabilities granted to clients matching this matcher. + /// + /// This leaks the matcher. + pub fn set_capabilities(self, caps: ClientCapabilities) { + self.to_matcher().set_capabilities(caps); + } + + /// Sets the upper capability bounds for clients in sandboxes created by this client. + /// + /// This leaks the matcher. + pub fn set_sandbox_bounding_capabilities(self, caps: ClientCapabilities) { + self.to_matcher().set_sandbox_bounding_capabilities(caps); + } } impl ClientMatcher { @@ -121,6 +135,36 @@ impl ClientMatcher { pub fn bind(self, cb: F) { get!().set_client_matcher_handler(self, cb); } + + /// Sets the capabilities granted to clients matching this matcher. + /// + /// If multiple matchers match a client, the capabilities are added. + /// + /// If no matcher matches a client, it is granted the default capabilities depending + /// on whether it's sandboxed or not. If it is not sandboxed, it is granted the + /// capabilities [`CC_LAYER_SHELL`] and [`CC_DRM_LEASE`]. Otherwise it is granted the + /// capability [`CC_DRM_LEASE`]. + /// + /// Regardless of any capabilities set through this function, the capabilities of the + /// client can never exceed its bounding capabilities. + pub fn set_capabilities(self, caps: ClientCapabilities) { + get!().set_client_matcher_capabilities(self, caps); + } + + /// Sets the upper capability bounds for clients in sandboxes created by this client. + /// + /// If multiple matchers match a client, the capabilities are added. + /// + /// If no matcher matches a client, the bounding capabilities for sandboxes depend on + /// whether the client is itself sandboxed. If it is sandboxed, the bounding + /// capabilities are the effective capabilities of the client. Otherwise the bounding + /// capabilities are all capabilities. + /// + /// Regardless of any capabilities set through this function, the capabilities set + /// through this function can never exceed the client's bounding capabilities. + pub fn set_sandbox_bounding_capabilities(self, caps: ClientCapabilities) { + get!().set_client_matcher_bounding_capabilities(self, caps); + } } impl MatchedClient { @@ -147,3 +191,39 @@ impl Deref for MatchedClient { &self.client } } + +bitflags! { + /// Capabilities granted to a client. + #[derive(Serialize, Deserialize, Copy, Clone, Hash, Eq, PartialEq)] + pub struct ClientCapabilities(pub u64) { + /// Grants access to the `ext_data_control_manager_v1` and + /// `zwlr_data_control_manager_v1` globals. + pub const CC_DATA_CONTROL = 1 << 0, + /// Grants access to the `zwp_virtual_keyboard_manager_v1` global. + pub const CC_VIRTUAL_KEYBOARD = 1 << 1, + /// Grants access to the `ext_foreign_toplevel_list_v1` global. + pub const CC_FOREIGN_TOPLEVEL_LIST = 1 << 2, + /// Grants access to the `ext_idle_notifier_v1` global. + pub const CC_IDLE_NOTIFIER = 1 << 3, + /// Grants access to the `ext_session_lock_manager_v1` global. + pub const CC_SESSION_LOCK = 1 << 4, + /// Grants access to the `zwlr_layer_shell_v1` global. + pub const CC_LAYER_SHELL = 1 << 6, + /// Grants access to the `ext_image_copy_capture_manager_v1` and + /// `zwlr_screencopy_manager_v1` globals. + pub const CC_SCREENCOPY = 1 << 7, + /// Grants access to the `ext_transient_seat_manager_v1` global. + pub const CC_SEAT_MANAGER = 1 << 8, + /// Grants access to the `wp_drm_lease_device_v1` global. + pub const CC_DRM_LEASE = 1 << 9, + /// Grants access to the `zwp_input_method_manager_v2` global. + pub const CC_INPUT_METHOD = 1 << 10, + /// Grants access to the `ext_workspace_manager_v1` global. + pub const CC_WORKSPACE_MANAGER = 1 << 11, + /// Grants access to the `zwlr_foreign_toplevel_manager_v1` global. + pub const CC_FOREIGN_TOPLEVEL_MANAGER = 1 << 12, + /// Grants access to the `jay_head_manager_v1` and `zwlr_output_manager_v1` + /// globals. + pub const CC_HEAD_MANAGER = 1 << 13, + } +} diff --git a/src/acceptor.rs b/src/acceptor.rs index 41d0b468..98232669 100644 --- a/src/acceptor.rs +++ b/src/acceptor.rs @@ -1,7 +1,7 @@ use { crate::{ async_engine::SpawnedFuture, - client::{CAPS_DEFAULT, ClientCaps}, + client::ClientCaps, security_context_acceptor::AcceptorMetadata, state::State, utils::{errorfmt::ErrorFmt, oserror::OsError, xrd::xrd}, @@ -149,11 +149,11 @@ impl Acceptor { let futures = vec![ state.eng.spawn( "secure acceptor", - accept(acc.socket.secure.clone(), state.clone(), ClientCaps::all()), + accept(acc.socket.secure.clone(), state.clone(), true), ), state.eng.spawn( "insecure acceptor", - accept(acc.socket.insecure.clone(), state.clone(), CAPS_DEFAULT), + accept(acc.socket.insecure.clone(), state.clone(), false), ), ]; state.acceptor.set(Some(acc.clone())); @@ -170,8 +170,11 @@ impl Acceptor { } } -async fn accept(fd: Rc, state: Rc, effective_caps: ClientCaps) { - let metadata = Rc::new(AcceptorMetadata::default()); +async fn accept(fd: Rc, state: Rc, secure: bool) { + let metadata = Rc::new(AcceptorMetadata { + secure, + ..Default::default() + }); loop { let fd = match state.ring.accept(&fd, c::SOCK_CLOEXEC).await { Ok(fd) => fd, @@ -181,10 +184,9 @@ async fn accept(fd: Rc, state: Rc, effective_caps: ClientCaps) { } }; let id = state.clients.id(); - if let Err(e) = - state - .clients - .spawn(id, &state, fd, effective_caps, ClientCaps::all(), &metadata) + if let Err(e) = state + .clients + .spawn(id, &state, fd, ClientCaps::all(), false, &metadata) { log::error!("Could not spawn a client: {}", ErrorFmt(e)); break; diff --git a/src/client.rs b/src/client.rs index 0eab34b4..75f1ea6e 100644 --- a/src/client.rs +++ b/src/client.rs @@ -126,8 +126,8 @@ impl Clients { id: ClientId, global: &Rc, socket: Rc, - effective_caps: ClientCaps, bounding_caps: ClientCaps, + set_bounding_caps_for_children: bool, acceptor: &Rc, ) -> Result<(), ClientError> { let Some((uid, pid)) = get_socket_creds(&socket) else { @@ -139,8 +139,8 @@ impl Clients { socket, uid, pid, - effective_caps, bounding_caps, + set_bounding_caps_for_children, false, acceptor, )?; @@ -154,11 +154,15 @@ impl Clients { socket: Rc, uid: c::uid_t, pid: c::pid_t, - effective_caps: ClientCaps, bounding_caps: ClientCaps, + set_bounding_caps_for_children: bool, is_xwayland: bool, acceptor: &Rc, ) -> Result, ClientError> { + let effective_caps = match acceptor.sandboxed { + true => CAPS_DEFAULT_SANDBOXED, + false => CAPS_DEFAULT, + }; let data = Rc::new_cyclic(|slf| Client { id, state: global.clone(), @@ -170,8 +174,8 @@ impl Clients { shutdown: Default::default(), tracker: Default::default(), is_xwayland, - effective_caps, - bounding_caps, + effective_caps: Cell::new(effective_caps & bounding_caps), + bounding_caps_for_children: Cell::new(bounding_caps), last_enter_serial: Default::default(), pid_info: get_pid_info(uid, pid), serials: Default::default(), @@ -192,6 +196,10 @@ impl Clients { acceptor: acceptor.clone(), }); track!(data, data); + global.update_capabilities(&data, bounding_caps, set_bounding_caps_for_children); + if acceptor.secure || is_xwayland { + data.effective_caps.set(ClientCaps::all()); + } let display = Rc::new(WlDisplay::new(&data)); track!(data, display); data.objects.display.set(Some(display.clone())); @@ -207,7 +215,7 @@ impl Clients { uid, client.data.socket.raw(), data.pid_info.comm, - effective_caps, + data.effective_caps.get(), ); client.data.property_changed(CL_CHANGED_NEW); self.clients.borrow_mut().insert(client.data.id, client); @@ -236,7 +244,7 @@ impl Clients { { let clients = self.clients.borrow(); for client in clients.values() { - if client.data.effective_caps.contains(required_caps) + if client.data.effective_caps.get().contains(required_caps) && (!xwayland_only || client.data.is_xwayland) { f(&client.data); @@ -298,8 +306,8 @@ pub struct Client { shutdown: AsyncEvent, pub tracker: Tracker, pub is_xwayland: bool, - pub effective_caps: ClientCaps, - pub bounding_caps: ClientCaps, + pub effective_caps: Cell, + pub bounding_caps_for_children: Cell, pub last_enter_serial: Cell>, pub pid_info: PidInfo, pub serials: RefCell>, diff --git a/src/config.rs b/src/config.rs index ce5ada32..0c28577e 100644 --- a/src/config.rs +++ b/src/config.rs @@ -5,6 +5,7 @@ use crate::it::test_config::TEST_CONFIG_ENTRY; use { crate::{ backend::{ConnectorId, DrmDeviceId, InputDeviceId}, + client::{Client, ClientCaps}, config::handler::ConfigProxyHandler, ifs::wl_seat::SeatId, state::State, @@ -180,6 +181,17 @@ impl ConfigProxy { pub fn initial_tile_state(&self, data: &ToplevelData) -> Option { self.handler.get()?.initial_tile_state(data) } + + pub fn update_capabilities( + &self, + data: &Rc, + bounding_caps: ClientCaps, + set_bounding_caps: bool, + ) { + if let Some(handler) = self.handler.get() { + handler.update_capabilities(data, bounding_caps, set_bounding_caps); + } + } } impl Drop for ConfigProxy { @@ -238,6 +250,8 @@ impl ConfigProxy { client_matchers: Default::default(), client_matcher_cache: Default::default(), client_matcher_leafs: Default::default(), + client_matcher_capabilities: Default::default(), + client_matcher_bounding_capabilities: Default::default(), window_matcher_ids: NumCell::new(1), window_matchers: Default::default(), window_matcher_cache: Default::default(), diff --git a/src/config/handler.rs b/src/config/handler.rs index e839723a..36934cae 100644 --- a/src/config/handler.rs +++ b/src/config/handler.rs @@ -6,7 +6,7 @@ use { InputDeviceAccelProfile, InputDeviceCapability, InputDeviceClickMethod, InputDeviceId, transaction::BackendConnectorTransactionError, }, - client::{Client, ClientId}, + client::{CAP_JAY_COMPOSITOR, Client, ClientCaps, ClientId}, cmm::cmm_eotf::Eotf, compositor::MAX_EXTENTS, config::ConfigProxy, @@ -53,7 +53,7 @@ use { ipc::{ClientMessage, Response, ServerMessage, WorkspaceSource}, }, Axis, Direction, Workspace, - client::{Client as ConfigClient, ClientMatcher}, + client::{Client as ConfigClient, ClientCapabilities, ClientMatcher}, input::{ FocusFollowsMouseMode, InputDevice, LayerDirection, Seat, Timeline, acceleration::{ACCEL_PROFILE_ADAPTIVE, ACCEL_PROFILE_FLAT, AccelProfile}, @@ -127,6 +127,20 @@ pub(super) struct ConfigProxyHandler { CopyHashMap>>>, pub client_matcher_cache: CriterionCache>, pub client_matcher_leafs: CopyHashMap>, + pub client_matcher_capabilities: CopyHashMap< + ClientMatcher, + ( + Rc>>, + ClientCaps, + ), + >, + pub client_matcher_bounding_capabilities: CopyHashMap< + ClientMatcher, + ( + Rc>>, + ClientCaps, + ), + >, pub window_matcher_ids: NumCell, pub window_matchers: @@ -2009,6 +2023,8 @@ impl ConfigProxyHandler { fn handle_destroy_client_matcher(&self, matcher: ClientMatcher) { self.client_matchers.remove(&matcher); self.client_matcher_leafs.remove(&matcher); + self.client_matcher_capabilities.remove(&matcher); + self.client_matcher_bounding_capabilities.remove(&matcher); } fn handle_enable_client_matcher_events( @@ -2579,6 +2595,28 @@ impl ConfigProxyHandler { Ok(()) } + fn handle_set_client_matcher_capabilities( + &self, + matcher: ClientMatcher, + caps: ClientCapabilities, + ) -> Result<(), CphError> { + let m = self.get_client_matcher(matcher)?; + self.client_matcher_capabilities + .set(matcher, (m, caps.to_client_caps())); + Ok(()) + } + + fn handle_set_client_matcher_bounding_capabilities( + &self, + matcher: ClientMatcher, + caps: ClientCapabilities, + ) -> Result<(), CphError> { + let m = self.get_client_matcher(matcher)?; + self.client_matcher_bounding_capabilities + .set(matcher, (m, caps.to_client_caps())); + Ok(()) + } + pub fn handle_request(self: &Rc, msg: &[u8]) { if let Err(e) = self.handle_request_(msg) { log::error!("Could not handle client request: {}", ErrorFmt(e)); @@ -3159,6 +3197,12 @@ impl ConfigProxyHandler { .wrn("connector_set_blend_space")?, ClientMessage::SetBarFont { font } => self.handle_set_bar_font(font), ClientMessage::SetTitleFont { font } => self.handle_set_title_font(font), + ClientMessage::SetClientMatcherCapabilities { matcher, caps } => self + .handle_set_client_matcher_capabilities(matcher, caps) + .wrn("set_client_matcher_capabilities")?, + ClientMessage::SetClientMatcherBoundingCapabilities { matcher, caps } => self + .handle_set_client_matcher_bounding_capabilities(matcher, caps) + .wrn("set_client_matcher_bounding_capabilities")?, } Ok(()) } @@ -3180,6 +3224,42 @@ impl ConfigProxyHandler { } None } + + pub fn update_capabilities( + &self, + data: &Rc, + bounding_caps: ClientCaps, + set_bounding_caps: bool, + ) { + let mut have_caps = false; + let mut have_bounding_caps = false; + let mut caps = ClientCaps::none(); + let mut new_bounding_caps = ClientCaps::none(); + for (matcher, state) in self.client_matcher_capabilities.lock().values() { + if matcher.node.pull(data) { + have_caps = true; + caps |= *state; + } + } + for (matcher, state) in self.client_matcher_bounding_capabilities.lock().values() { + if matcher.node.pull(data) { + have_bounding_caps = true; + new_bounding_caps |= *state; + } + } + if have_caps { + caps &= bounding_caps; + data.effective_caps.set(caps); + } + if !have_bounding_caps && set_bounding_caps { + have_bounding_caps = true; + new_bounding_caps = data.effective_caps.get(); + } + if have_bounding_caps { + new_bounding_caps &= bounding_caps; + data.bounding_caps_for_children.set(new_bounding_caps); + } + } } #[derive(Debug, Error)] @@ -3281,3 +3361,13 @@ impl WithRequestName for Result<(), CphError> { self.map_err(move |e| CphError::FailedRequest(request, Box::new(e))) } } + +trait ClientCapabilitiesExt { + fn to_client_caps(self) -> ClientCaps; +} + +impl ClientCapabilitiesExt for ClientCapabilities { + fn to_client_caps(self) -> ClientCaps { + ClientCaps(self.0 as u32) & !CAP_JAY_COMPOSITOR & ClientCaps::all() + } +} diff --git a/src/globals.rs b/src/globals.rs index 43f4848d..59ca1a3c 100644 --- a/src/globals.rs +++ b/src/globals.rs @@ -304,7 +304,7 @@ impl Globals { } pub fn notify_all(&self, registry: &Rc) { - let caps = registry.client.effective_caps; + let caps = registry.client.effective_caps.get(); let xwayland = registry.client.is_xwayland; let globals = self.registry.lock(); macro_rules! emit { diff --git a/src/ifs/wl_registry.rs b/src/ifs/wl_registry.rs index ef98d0de..66d4628b 100644 --- a/src/ifs/wl_registry.rs +++ b/src/ifs/wl_registry.rs @@ -48,7 +48,11 @@ impl WlRegistryRequestHandler for WlRegistry { fn bind(&self, bind: Bind, _slf: &Rc) -> Result<(), Self::Error> { let name = GlobalName::from_raw(bind.name); let globals = &self.client.state.globals; - let global = globals.get(name, self.client.effective_caps, self.client.is_xwayland)?; + let global = globals.get( + name, + self.client.effective_caps.get(), + self.client.is_xwayland, + )?; if global.interface().name() != bind.interface { return Err(WlRegistryError::InvalidInterface(InterfaceError { name: global.name(), diff --git a/src/ifs/wp_security_context_v1.rs b/src/ifs/wp_security_context_v1.rs index f0b9ab8d..26e6525f 100644 --- a/src/ifs/wp_security_context_v1.rs +++ b/src/ifs/wp_security_context_v1.rs @@ -1,6 +1,6 @@ use { crate::{ - client::{CAPS_DEFAULT_SANDBOXED, Client, ClientError}, + client::{Client, ClientError}, leaks::Tracker, object::{Object, Version}, wire::{WpSecurityContextV1Id, wp_security_context_v1::*}, @@ -80,7 +80,6 @@ impl WpSecurityContextV1RequestHandler for WpSecurityContextV1 { fn commit(&self, _req: Commit, _slf: &Rc) -> Result<(), Self::Error> { self.check_committed()?; self.committed.set(true); - let caps = CAPS_DEFAULT_SANDBOXED & self.client.bounding_caps; self.client.state.security_context_acceptors.spawn( &self.client.state, self.sandbox_engine.take(), @@ -88,7 +87,7 @@ impl WpSecurityContextV1RequestHandler for WpSecurityContextV1 { self.instance_id.take(), &self.listen_fd, &self.close_fd, - caps, + self.client.bounding_caps_for_children.get(), ); Ok(()) } diff --git a/src/security_context_acceptor.rs b/src/security_context_acceptor.rs index dabdea37..74e941b6 100644 --- a/src/security_context_acceptor.rs +++ b/src/security_context_acceptor.rs @@ -27,13 +27,14 @@ struct Acceptor { metadata: Rc, listen_fd: Rc, close_fd: Rc, - caps: ClientCaps, + bounding_caps: ClientCaps, listen_future: Cell>>, close_future: Cell>>, } #[derive(Default)] pub struct AcceptorMetadata { + pub secure: bool, pub sandboxed: bool, pub sandbox_engine: Option, pub app_id: Option, @@ -55,12 +56,13 @@ impl SecurityContextAcceptors { instance_id: Option, listen_fd: &Rc, close_fd: &Rc, - caps: ClientCaps, + bounding_caps: ClientCaps, ) { let acceptor = Rc::new(Acceptor { id: self.ids.next(), state: state.clone(), metadata: Rc::new(AcceptorMetadata { + secure: false, sandboxed: true, sandbox_engine, app_id, @@ -68,7 +70,7 @@ impl SecurityContextAcceptors { }), listen_fd: listen_fd.clone(), close_fd: close_fd.clone(), - caps, + bounding_caps, listen_future: Cell::new(None), close_future: Cell::new(None), }); @@ -111,7 +113,7 @@ impl Acceptor { let id = s.clients.id(); if let Err(e) = s .clients - .spawn(id, s, fd, self.caps, self.caps, &self.metadata) + .spawn(id, s, fd, self.bounding_caps, true, &self.metadata) { log::error!("Could not spawn a client: {}", ErrorFmt(e)); break; diff --git a/src/state.rs b/src/state.rs index 1c1d30ee..3f3d2fef 100644 --- a/src/state.rs +++ b/src/state.rs @@ -10,7 +10,7 @@ use { }, backends::dummy::DummyBackend, cli::RunArgs, - client::{Client, ClientId, Clients, NUM_CACHED_SERIAL_RANGES, SerialRange}, + client::{Client, ClientCaps, ClientId, Clients, NUM_CACHED_SERIAL_RANGES, SerialRange}, clientmem::ClientMemOffset, cmm::{cmm_description::ColorDescription, cmm_manager::ColorManager}, compositor::LIBEI_SOCKET, @@ -1541,6 +1541,17 @@ impl State { self.config.get()?.initial_tile_state(data) } + pub fn update_capabilities( + &self, + data: &Rc, + bounding_caps: ClientCaps, + set_bounding_caps: bool, + ) { + if let Some(config) = self.config.get() { + config.update_capabilities(data, bounding_caps, set_bounding_caps); + } + } + pub fn node_at(&self, x: i32, y: i32) -> FoundNode { let mut found_tree = self.node_at_tree.borrow_mut(); found_tree.push(FoundNode { diff --git a/src/xwayland.rs b/src/xwayland.rs index b5a65f48..84b4ea54 100644 --- a/src/xwayland.rs +++ b/src/xwayland.rs @@ -178,7 +178,7 @@ async fn run( uapi::getuid(), pid, ClientCaps::all(), - ClientCaps::all(), + false, true, &Rc::new(AcceptorMetadata::default()), ); diff --git a/toml-config/src/config.rs b/toml-config/src/config.rs index d8692dbf..7bb7a9e7 100644 --- a/toml-config/src/config.rs +++ b/toml-config/src/config.rs @@ -25,6 +25,7 @@ use { ahash::AHashMap, jay_config::{ Axis, Direction, Workspace, + client::ClientCapabilities, input::{ LayerDirection, SwitchEvent, Timeline, acceleration::AccelProfile, clickmethod::ClickMethod, @@ -247,6 +248,8 @@ pub struct ClientRule { pub match_: ClientMatch, pub action: Option, pub latch: Option, + pub capabilities: Option, + pub bounding_capabilities: Option, } #[derive(Default, Debug, Clone)] diff --git a/toml-config/src/config/parsers.rs b/toml-config/src/config/parsers.rs index 466e4652..46ec09f2 100644 --- a/toml-config/src/config/parsers.rs +++ b/toml-config/src/config/parsers.rs @@ -8,6 +8,7 @@ use { pub mod action; mod actions; +mod capabilities; mod client_match; mod client_rule; mod color; diff --git a/toml-config/src/config/parsers/capabilities.rs b/toml-config/src/config/parsers/capabilities.rs new file mode 100644 index 00000000..cb690844 --- /dev/null +++ b/toml-config/src/config/parsers/capabilities.rs @@ -0,0 +1,66 @@ +use { + crate::{ + config::parser::{DataType, ParseResult, Parser, UnexpectedDataType}, + toml::{ + toml_span::{Span, Spanned, SpannedExt}, + toml_value::Value, + }, + }, + jay_config::client::{ + CC_DATA_CONTROL, CC_DRM_LEASE, CC_FOREIGN_TOPLEVEL_LIST, CC_FOREIGN_TOPLEVEL_MANAGER, + CC_HEAD_MANAGER, CC_IDLE_NOTIFIER, CC_INPUT_METHOD, CC_LAYER_SHELL, CC_SCREENCOPY, + CC_SEAT_MANAGER, CC_SESSION_LOCK, CC_VIRTUAL_KEYBOARD, CC_WORKSPACE_MANAGER, + ClientCapabilities, + }, + thiserror::Error, +}; + +#[derive(Debug, Error)] +pub enum CapabilitiesParserError { + #[error(transparent)] + Expected(#[from] UnexpectedDataType), + #[error("Unknown capability `{}`", .0)] + UnknownCapability(String), +} + +pub struct CapabilitiesParser; + +impl Parser for CapabilitiesParser { + type Value = ClientCapabilities; + type Error = CapabilitiesParserError; + const EXPECTED: &'static [DataType] = &[DataType::Array, DataType::String]; + + fn parse_string(&mut self, span: Span, string: &str) -> ParseResult { + let ty = match string { + "none" => ClientCapabilities(0), + "all" => ClientCapabilities(!0), + "data-control" => CC_DATA_CONTROL, + "virtual-keyboard" => CC_VIRTUAL_KEYBOARD, + "foreign-toplevel-list" => CC_FOREIGN_TOPLEVEL_LIST, + "idle-notifier" => CC_IDLE_NOTIFIER, + "session-lock" => CC_SESSION_LOCK, + "layer-shell" => CC_LAYER_SHELL, + "screencopy" => CC_SCREENCOPY, + "seat-manager" => CC_SEAT_MANAGER, + "drm-lease" => CC_DRM_LEASE, + "input-method" => CC_INPUT_METHOD, + "workspace-manager" => CC_WORKSPACE_MANAGER, + "foreign-toplevel-manager" => CC_FOREIGN_TOPLEVEL_MANAGER, + "head-manager" => CC_HEAD_MANAGER, + _ => { + return Err( + CapabilitiesParserError::UnknownCapability(string.to_owned()).spanned(span), + ); + } + }; + Ok(ty) + } + + fn parse_array(&mut self, _span: Span, array: &[Spanned]) -> ParseResult { + let mut ty = ClientCapabilities(0); + for el in array { + ty |= el.parse(&mut CapabilitiesParser)?; + } + Ok(ty) + } +} diff --git a/toml-config/src/config/parsers/client_rule.rs b/toml-config/src/config/parsers/client_rule.rs index 50bf7f0d..978c63c3 100644 --- a/toml-config/src/config/parsers/client_rule.rs +++ b/toml-config/src/config/parsers/client_rule.rs @@ -7,6 +7,7 @@ use { parser::{DataType, ParseResult, Parser, UnexpectedDataType}, parsers::{ action::{ActionParser, ActionParserError}, + capabilities::CapabilitiesParser, client_match::{ClientMatchParser, ClientMatchParserError}, }, spanned::SpannedErrorExt, @@ -47,12 +48,15 @@ impl Parser for ClientRuleParser<'_> { table: &IndexMap, Spanned>, ) -> ParseResult { let mut ext = Extractor::new(self.0, span, table); - let (name, match_val, action_val, latch_val) = ext.extract(( - opt(str("name")), - opt(val("match")), - opt(val("action")), - opt(val("latch")), - ))?; + let (name, match_val, action_val, latch_val, capabilities_val, bounding_capabilities_val) = + ext.extract(( + opt(str("name")), + opt(val("match")), + opt(val("action")), + opt(val("latch")), + opt(val("capabilities")), + opt(val("sandbox-bounding-capabilities")), + ))?; let mut action = None; if let Some(value) = action_val { action = Some( @@ -73,11 +77,34 @@ impl Parser for ClientRuleParser<'_> { None => ClientMatch::default(), Some(m) => m.parse_map(&mut ClientMatchParser(self.0))?, }; + let mut capabilities = None; + if let Some(value) = capabilities_val { + match value.parse(&mut CapabilitiesParser) { + Ok(v) => capabilities = Some(v), + Err(e) => { + log::warn!("Could not parse the capabilities: {}", self.0.error(e)); + } + } + } + let mut bounding_capabilities = None; + if let Some(value) = bounding_capabilities_val { + match value.parse(&mut CapabilitiesParser) { + Ok(v) => bounding_capabilities = Some(v), + Err(e) => { + log::warn!( + "Could not parse the bounding capabilities: {}", + self.0.error(e) + ); + } + } + } Ok(ClientRule { name: name.despan_into(), match_, action, latch, + capabilities, + bounding_capabilities, }) } } diff --git a/toml-config/src/rules.rs b/toml-config/src/rules.rs index 48029314..ef8da965 100644 --- a/toml-config/src/rules.rs +++ b/toml-config/src/rules.rs @@ -175,6 +175,12 @@ impl Rule for ClientRule { }); } } + if let Some(caps) = self.capabilities { + matcher.set_capabilities(caps); + } + if let Some(caps) = self.bounding_capabilities { + matcher.set_sandbox_bounding_capabilities(caps); + } } fn gen_matcher(m: Self::Matcher) -> Self::Criterion<'static> { diff --git a/toml-spec/spec/spec.generated.json b/toml-spec/spec/spec.generated.json index 7c5a04e2..4716895b 100644 --- a/toml-spec/spec/spec.generated.json +++ b/toml-spec/spec/spec.generated.json @@ -605,6 +605,40 @@ "clickfinger" ] }, + "ClientCapabilities": { + "description": "A mask of client capabilities.\n", + "anyOf": [ + { + "type": "string", + "description": "A named mask.", + "enum": [ + "none", + "all", + "data-control", + "virtual-keyboard", + "foreign-toplevel-list", + "idle-notifier", + "session-lock", + "layer-shell", + "screencopy", + "seat-manager", + "drm-lease", + "input-method", + "workspace-manager", + "foreign-toplevel-manager", + "head-manager" + ] + }, + { + "type": "array", + "description": "An array of masks that are OR'd.", + "items": { + "description": "", + "$ref": "#/$defs/ClientCapabilities" + } + } + ] + }, "ClientMatch": { "description": "Criteria for matching clients.\n\nIf no fields are set, all clients are matched. If multiple fields are set, all fields\nmust match the client.\n", "type": "object", @@ -737,6 +771,14 @@ "latch": { "description": "An action to execute when a client no longer matches the criteria.", "$ref": "#/$defs/Action" + }, + "capabilities": { + "description": "Sets the capabilities granted to clients matching this matcher.\n\nIf multiple matchers match a client, the capabilities are added.\n\nIf no matcher matches a client, it is granted the default capabilities depending\non whether it's sandboxed or not. If it is not sandboxed, it is granted the\ncapabilities `layer-shell` and `drm-lease`. Otherwise it is granted the\ncapability `drm-lease`.\n\nRegardless of any capabilities set through this function, the capabilities of the\nclient can never exceed its bounding capabilities.\n", + "$ref": "#/$defs/ClientCapabilities" + }, + "sandbox-bounding-capabilities": { + "description": "Sets the upper capability bounds for clients in sandboxes created by this client.\n\nIf multiple matchers match a client, the capabilities are added.\n\nIf no matcher matches a client, the bounding capabilities for sandboxes depend on\nwhether the client is itself sandboxed. If it is sandboxed, the bounding\ncapabilities are the effective capabilities of the client. Otherwise the bounding\ncapabilities are all capabilities.\n\nRegardless of any capabilities set through this function, the capabilities set\nthrough this function can never exceed the client's bounding capabilities.\n", + "$ref": "#/$defs/ClientCapabilities" } }, "required": [] diff --git a/toml-spec/spec/spec.generated.md b/toml-spec/spec/spec.generated.md index 3b265480..023341ac 100644 --- a/toml-spec/spec/spec.generated.md +++ b/toml-spec/spec/spec.generated.md @@ -870,6 +870,90 @@ The string should have one of the following values: + +### `ClientCapabilities` + +A mask of client capabilities. + +Values of this type should have one of the following forms: + +#### A string + +A named mask. + +The string should have one of the following values: + +- `none`: + + No capabilities. + +- `all`: + + The mask containing all capabilities. + +- `data-control`: + + Grants access to the `ext_data_control_manager_v1` and + `zwlr_data_control_manager_v1` globals. + +- `virtual-keyboard`: + + Grants access to the `zwp_virtual_keyboard_manager_v1` global. + +- `foreign-toplevel-list`: + + Grants access to the `ext_foreign_toplevel_list_v1` global. + +- `idle-notifier`: + + Grants access to the `ext_idle_notifier_v1` global. + +- `session-lock`: + + Grants access to the `ext_session_lock_manager_v1` global. + +- `layer-shell`: + + Grants access to the `zwlr_layer_shell_v1` global. + +- `screencopy`: + + Grants access to the `ext_image_copy_capture_manager_v1` and + `zwlr_screencopy_manager_v1` globals. + +- `seat-manager`: + + Grants access to the `ext_transient_seat_manager_v1` global. + +- `drm-lease`: + + Grants access to the `wp_drm_lease_device_v1` global. + +- `input-method`: + + Grants access to the `zwp_input_method_manager_v2` global. + +- `workspace-manager`: + + Grants access to the `ext_workspace_manager_v1` global. + +- `foreign-toplevel-manager`: + + Grants access to the `zwlr_foreign_toplevel_manager_v1` global. + +- `head-manager`: + + Grants access to the `jay_head_manager_v1` and `zwlr_output_manager_v1` + globals. + + +#### An array + +An array of masks that are OR'd. + +Each element of this array should be a [ClientCapabilities](#types-ClientCapabilities). + + ### `ClientMatch` @@ -1157,6 +1241,38 @@ The table has the following fields: The value of this field should be a [Action](#types-Action). +- `capabilities` (optional): + + Sets the capabilities granted to clients matching this matcher. + + If multiple matchers match a client, the capabilities are added. + + If no matcher matches a client, it is granted the default capabilities depending + on whether it's sandboxed or not. If it is not sandboxed, it is granted the + capabilities `layer-shell` and `drm-lease`. Otherwise it is granted the + capability `drm-lease`. + + Regardless of any capabilities set through this function, the capabilities of the + client can never exceed its bounding capabilities. + + The value of this field should be a [ClientCapabilities](#types-ClientCapabilities). + +- `sandbox-bounding-capabilities` (optional): + + Sets the upper capability bounds for clients in sandboxes created by this client. + + If multiple matchers match a client, the capabilities are added. + + If no matcher matches a client, the bounding capabilities for sandboxes depend on + whether the client is itself sandboxed. If it is sandboxed, the bounding + capabilities are the effective capabilities of the client. Otherwise the bounding + capabilities are all capabilities. + + Regardless of any capabilities set through this function, the capabilities set + through this function can never exceed the client's bounding capabilities. + + The value of this field should be a [ClientCapabilities](#types-ClientCapabilities). + ### `Color` diff --git a/toml-spec/spec/spec.yaml b/toml-spec/spec/spec.yaml index 7f56000a..cbba0148 100644 --- a/toml-spec/spec/spec.yaml +++ b/toml-spec/spec/spec.yaml @@ -3404,6 +3404,36 @@ ClientRule: ref: Action required: false description: An action to execute when a client no longer matches the criteria. + capabilities: + ref: ClientCapabilities + required: false + description: | + Sets the capabilities granted to clients matching this matcher. + + If multiple matchers match a client, the capabilities are added. + + If no matcher matches a client, it is granted the default capabilities depending + on whether it's sandboxed or not. If it is not sandboxed, it is granted the + capabilities `layer-shell` and `drm-lease`. Otherwise it is granted the + capability `drm-lease`. + + Regardless of any capabilities set through this function, the capabilities of the + client can never exceed its bounding capabilities. + sandbox-bounding-capabilities: + ref: ClientCapabilities + required: false + description: | + Sets the upper capability bounds for clients in sandboxes created by this client. + + If multiple matchers match a client, the capabilities are added. + + If no matcher matches a client, the bounding capabilities for sandboxes depend on + whether the client is itself sandboxed. If it is sandboxed, the bounding + capabilities are the effective capabilities of the client. Otherwise the bounding + capabilities are all capabilities. + + Regardless of any capabilities set through this function, the capabilities set + through this function can never exceed the client's bounding capabilities. ClientMatch: @@ -4061,3 +4091,63 @@ BlendSpace: description: The sRGB blend space. This is the classic desktop blend space. - value: linear description: Linear color space. This is the physically correct blend space. + + +ClientCapabilities: + description: | + A mask of client capabilities. + kind: variable + variants: + - kind: string + description: A named mask. + values: + - value: none + description: No capabilities. + - value: all + description: The mask containing all capabilities. + - value: data-control + description: | + Grants access to the `ext_data_control_manager_v1` and + `zwlr_data_control_manager_v1` globals. + - value: virtual-keyboard + description: | + Grants access to the `zwp_virtual_keyboard_manager_v1` global. + - value: foreign-toplevel-list + description: | + Grants access to the `ext_foreign_toplevel_list_v1` global. + - value: idle-notifier + description: | + Grants access to the `ext_idle_notifier_v1` global. + - value: session-lock + description: | + Grants access to the `ext_session_lock_manager_v1` global. + - value: layer-shell + description: | + Grants access to the `zwlr_layer_shell_v1` global. + - value: screencopy + description: | + Grants access to the `ext_image_copy_capture_manager_v1` and + `zwlr_screencopy_manager_v1` globals. + - value: seat-manager + description: | + Grants access to the `ext_transient_seat_manager_v1` global. + - value: drm-lease + description: | + Grants access to the `wp_drm_lease_device_v1` global. + - value: input-method + description: | + Grants access to the `zwp_input_method_manager_v2` global. + - value: workspace-manager + description: | + Grants access to the `ext_workspace_manager_v1` global. + - value: foreign-toplevel-manager + description: | + Grants access to the `zwlr_foreign_toplevel_manager_v1` global. + - value: head-manager + description: | + Grants access to the `jay_head_manager_v1` and `zwlr_output_manager_v1` + globals. + - kind: array + description: An array of masks that are OR'd. + items: + ref: ClientCapabilities