Xnamespace: filter access on other clients

Restrict access to other clients within same namespace. Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
2026-03-24 08:04:30 +00:00 · 2025-03-20 17:22:25 +01:00
parent e92d6ad8e4
commit 0a90e70a01
4 changed files with 37 additions and 0 deletions
--- a/Xext/namespace/hook-client.c
+++ b/Xext/namespace/hook-client.c
@@ -0,0 +1,34 @@
+#define HOOK_NAME "client"
+
+#include <dix-config.h>
+
+#include "dix/dix_priv.h"
+#include "dix/extension_priv.h"
+#include "dix/registry_priv.h"
+
+#include "mi/miinitext.h"
+
+#include "include/extinit.h"
+#include "include/extnsionst.h"
+#include "include/propertyst.h"
+#include "include/protocol-versions.h"
+#include "include/windowstr.h"
+#include "Xext/xacestr.h"
+
+#include "namespace.h"
+#include "hooks.h"
+
+void hookClient(CallbackListPtr *pcbl, void *unused, void *calldata)
+{
+    XNS_HOOK_HEAD(XaceClientAccessRec);
+    struct XnamespaceClientPriv *obj = XnsClientPriv(param->target);
+
+    if (subj->ns->superPower || XnsClientSameNS(subj, obj))
+        return;
+
+    XNS_HOOK_LOG("BLOCKED access on client %d\n", param->target->index);
+
+    /* returning BadValue instead of BadAccess, because we're pretending
+       the requested client doens't even exist at all. */
+    param->status = BadValue;
+}
--- a/Xext/namespace/hooks.h
+++ b/Xext/namespace/hooks.h
@@ -24,6 +24,7 @@
    } \
    struct XnamespaceClientPriv *subj = XnsClientPriv(client);

+void hookClient(CallbackListPtr *pcbl, void *unused, void *calldata);
 void hookClientState(CallbackListPtr *pcbl, void *unused, void *calldata);
 void hookDevice(CallbackListPtr *pcbl, void *unused, void *calldata);
 void hookExtAccess(CallbackListPtr *pcbl, void *unused, void *calldata);
--- a/Xext/namespace/meson.build
+++ b/Xext/namespace/meson.build
@@ -2,6 +2,7 @@ libxserver_namespace = static_library(
 	'libxserver_namespace',
 	[
 		'config.c',
+		'hook-client.c',
 		'hook-clientstate.c',
 		'hook-device.c',
 		'hook-ext-access.c',
--- a/Xext/namespace/namespace.c
+++ b/Xext/namespace/namespace.c
@@ -34,6 +34,7 @@ NamespaceExtensionInit(void)
          AddCallback(&PostInitRootWindowCallback, hookInitRootWindow, NULL) &&
          AddCallback(&PropertyFilterCallback, hookWindowProperty, NULL) &&
          AddCallback(&SelectionFilterCallback, hookSelectionFilter, NULL) &&
+          XaceRegisterCallback(XACE_CLIENT_ACCESS, hookClient, NULL) &&
          XaceRegisterCallback(XACE_DEVICE_ACCESS, hookDevice, NULL) &&
          XaceRegisterCallback(XACE_EXT_DISPATCH, hookExtDispatch, NULL) &&
          XaceRegisterCallback(XACE_EXT_ACCESS, hookExtAccess, NULL) &&