From 639fade49a15f4b18ffab929805d2d009fca2f98 Mon Sep 17 00:00:00 2001
From: Tobias Bengfort <tobias.bengfort@posteo.de>
Date: Fri, 3 Apr 2026 20:38:21 +0200
Subject: [PATCH] rcxml: allow to disable privileged interfaces

---
 docs/labwc-config.5.scd | 35 ++++++++++++++++++++++++++++
 docs/rc.xml.all         |  4 ++++
 include/config/rcxml.h  |  3 +++
 include/config/types.h  | 21 +++++++++++++++++
 src/config/rcxml.c      | 51 +++++++++++++++++++++++++++++++++++++++++
 src/server.c            |  7 ++++++
 6 files changed, 121 insertions(+)

diff --git a/docs/labwc-config.5.scd b/docs/labwc-config.5.scd
index 09f7b3eb..fe6fc3a6 100644
--- a/docs/labwc-config.5.scd
+++ b/docs/labwc-config.5.scd
@@ -1445,6 +1445,41 @@ situation.
 	Whether to apply a bilinear filter to the magnified image, or
 	just to use nearest-neighbour. Default is true - bilinear filtered.
 
+## PRIVILEGED INTERFACES
+
+Labwc supports a small set of privileged wayland interfaces. All of these
+interfaces are enabled by default. Security conscious users may override this by
+defining a `<privilegedInterfaces>` block:
+
+```
+<privilegedInterfaces>
+  <allow>zwlr_layer_shell_v1</allow>
+  <allow>zwlr_virtual_pointer_manager_v1</allow>
+</privilegedInterfaces>
+```
+
+*<privilegedInterfaces><allow>*
+	Name of the interface that should be allowed.
+
+This is the full list of interfaces that can be controlled with this mechanism:
+
+- `wp_drm_lease_device_v1`
+- `zwlr_gamma_control_manager_v1`
+- `zwlr_output_manager_v1`
+- `zwlr_output_power_manager_v1`
+- `zwp_input_method_manager_v2`
+- `zwlr_virtual_pointer_manager_v1`
+- `zwp_virtual_keyboard_manager_v1`
+- `zwlr_export_dmabuf_manager_v1`
+- `zwlr_screencopy_manager_v1`
+- `zwlr_data_control_manager_v1`
+- `ext_idle_notifier_v1`
+- `ext_workspace_manager_v1`
+- `zwlr_foreign_toplevel_manager_v1`
+- `ext_foreign_toplevel_list_v1`
+- `ext_session_lock_manager_v1`
+- `zwlr_layer_shell_v1`
+
 ## ENVIRONMENT VARIABLES
 
 *XCURSOR_PATH*
diff --git a/docs/rc.xml.all b/docs/rc.xml.all
index bbec9d0b..a1080c68 100644
--- a/docs/rc.xml.all
+++ b/docs/rc.xml.all
@@ -691,4 +691,8 @@
     <useFilter>yes</useFilter>
   </magnifier>
 
+  <privilegedInterfaces>
+    <allow>zwlr_layer_shell_v1</allow>
+  </privilegedInterfaces>
+
 </labwc_config>
diff --git a/include/config/rcxml.h b/include/config/rcxml.h
index 517cd907..2d1159d1 100644
--- a/include/config/rcxml.h
+++ b/include/config/rcxml.h
@@ -76,6 +76,7 @@ struct rcxml {
 	enum tearing_mode allow_tearing;
 	bool auto_enable_outputs;
 	bool reuse_output_mode;
+	uint32_t allowed_interfaces;
 	bool xwayland_persistence;
 	bool primary_selection;
 	char *prompt_command;
@@ -225,4 +226,6 @@ void rcxml_finish(void);
  */
 void append_parsed_actions(xmlNode *node, struct wl_list *list);
 
+enum lab_interface parse_privileged_interface(const char *name);
+
 #endif /* LABWC_RCXML_H */
diff --git a/include/config/types.h b/include/config/types.h
index 3b1fa5e8..260036aa 100644
--- a/include/config/types.h
+++ b/include/config/types.h
@@ -130,4 +130,25 @@ enum cycle_app_id_filter {
 	CYCLE_APP_ID_CURRENT,
 };
 
+enum lab_interface {
+	LAB_IFACE_INVALID          = 0,
+	LAB_IFACE_NOT_SET          = 1,
+	LAB_IFACE_DRM_LEASE        = 1 << 1,
+	LAB_IFACE_GAMMA            = 1 << 2,
+	LAB_IFACE_OUTPUT           = 1 << 3,
+	LAB_IFACE_OUTPUT_POWER     = 1 << 4,
+	LAB_IFACE_INPUT_METHOD     = 1 << 5,
+	LAB_IFACE_VIRTUAL_POINTER  = 1 << 6,
+	LAB_IFACE_VIRTUAL_KEYBOARD = 1 << 7,
+	LAB_IFACE_DMABUF           = 1 << 8,
+	LAB_IFACE_SCREENCOPY       = 1 << 9,
+	LAB_IFACE_DATA_CONTROL     = 1 << 10,
+	LAB_IFACE_IDLE_NOTIFIER    = 1 << 11,
+	LAB_IFACE_WORKSPACE        = 1 << 12,
+	LAB_IFACE_TOPLEVEL_MANAGER = 1 << 13,
+	LAB_IFACE_TOPLEVEL_LIST    = 1 << 14,
+	LAB_IFACE_SESSION_LOCK     = 1 << 15,
+	LAB_IFACE_LAYER_SHELL      = 1 << 16,
+};
+
 #endif /* LABWC_CONFIG_TYPES_H */
diff --git a/src/config/rcxml.c b/src/config/rcxml.c
index a3eeed63..9a9b2a51 100644
--- a/src/config/rcxml.c
+++ b/src/config/rcxml.c
@@ -94,6 +94,46 @@ parse_window_type(const char *type)
 	}
 }
 
+enum lab_interface
+parse_privileged_interface(const char *name)
+{
+	if (!strcasecmp(name, "wp_drm_lease_device_v1")) {
+		return LAB_IFACE_DRM_LEASE;
+	} else if (!strcasecmp(name, "zwlr_gamma_control_manager_v1")) {
+		return LAB_IFACE_GAMMA;
+	} else if (!strcasecmp(name, "zwlr_output_manager_v1")) {
+		return LAB_IFACE_OUTPUT;
+	} else if (!strcasecmp(name, "zwlr_output_power_manager_v1")) {
+		return LAB_IFACE_OUTPUT_POWER;
+	} else if (!strcasecmp(name, "zwp_input_method_manager_v2")) {
+		return LAB_IFACE_INPUT_METHOD;
+	} else if (!strcasecmp(name, "zwlr_virtual_pointer_manager_v1")) {
+		return LAB_IFACE_VIRTUAL_POINTER;
+	} else if (!strcasecmp(name, "zwp_virtual_keyboard_manager_v1")) {
+		return LAB_IFACE_VIRTUAL_KEYBOARD;
+	} else if (!strcasecmp(name, "zwlr_export_dmabuf_manager_v1")) {
+		return LAB_IFACE_DMABUF;
+	} else if (!strcasecmp(name, "zwlr_screencopy_manager_v1")) {
+		return LAB_IFACE_SCREENCOPY;
+	} else if (!strcasecmp(name, "zwlr_data_control_manager_v1")) {
+		return LAB_IFACE_DATA_CONTROL;
+	} else if (!strcasecmp(name, "ext_idle_notifier_v1")) {
+		return LAB_IFACE_IDLE_NOTIFIER;
+	} else if (!strcasecmp(name, "ext_workspace_manager_v1")) {
+		return LAB_IFACE_WORKSPACE;
+	} else if (!strcasecmp(name, "zwlr_foreign_toplevel_manager_v1")) {
+		return LAB_IFACE_TOPLEVEL_MANAGER;
+	} else if (!strcasecmp(name, "ext_foreign_toplevel_list_v1")) {
+		return LAB_IFACE_TOPLEVEL_LIST;
+	} else if (!strcasecmp(name, "ext_session_lock_manager_v1")) {
+		return LAB_IFACE_SESSION_LOCK;
+	} else if (!strcasecmp(name, "zwlr_layer_shell_v1")) {
+		return LAB_IFACE_LAYER_SHELL;
+	} else {
+		return LAB_IFACE_INVALID;
+	}
+}
+
 /*
  * Openbox/labwc comparison
  *
@@ -1377,6 +1417,16 @@ entry(xmlNode *node, char *nodename, char *content)
 		rc.mag_increment = MAX(0, rc.mag_increment);
 	} else if (!strcasecmp(nodename, "useFilter.magnifier")) {
 		set_bool(content, &rc.mag_filter);
+	} else if (!strcasecmp(nodename, "privilegedInterfaces")) {
+		rc.allowed_interfaces = 0;
+	} else if (!strcasecmp(nodename, "allow.privilegedInterfaces")) {
+		enum lab_interface iface = parse_privileged_interface(content);
+		if (iface == LAB_IFACE_INVALID) {
+			wlr_log(WLR_ERROR, "invalid value for "
+				"<privilegedInterfaces><allow>");
+		} else {
+			rc.allowed_interfaces |= iface;
+		}
 	}
 
 	return false;
@@ -1459,6 +1509,7 @@ rcxml_init(void)
 	rc.allow_tearing = LAB_TEARING_DISABLED;
 	rc.auto_enable_outputs = true;
 	rc.reuse_output_mode = false;
+	rc.allowed_interfaces = LAB_IFACE_NOT_SET;
 	rc.xwayland_persistence = false;
 	rc.primary_selection = true;
 
diff --git a/src/server.c b/src/server.c
index fd48efed..7aae6386 100644
--- a/src/server.c
+++ b/src/server.c
@@ -323,6 +323,13 @@ server_global_filter(const struct wl_client *client, const struct wl_global *glo
 	}
 #endif
 
+	if (rc.allowed_interfaces != LAB_IFACE_NOT_SET) {
+		enum lab_interface i = parse_privileged_interface(iface->name);
+		if (i != LAB_IFACE_INVALID && (i & rc.allowed_interfaces) == 0) {
+			return false;
+		}
+	}
+
 	/* Do not allow security_context_manager_v1 to clients with a security context attached */
 	const struct wlr_security_context_v1_state *security_context =
 		wlr_security_context_manager_v1_lookup_client(