From f31bd957d537974b3599a3a1b02b70a3ebded55c Mon Sep 17 00:00:00 2001
From: Puck Meerburg <puck@puckipedia.com>
Date: Sun, 7 Aug 2022 10:12:51 +0000
Subject: [PATCH] Keep track of security context per view

These use the more generic "sandbox_engine" and "sandbox_app_id", as a
slight generalisation to the concept, instead of the exact protocol
used to implement it right now.
---
 include/sway/server.h    |  3 +++
 include/sway/tree/view.h |  6 ++++++
 sway/desktop/xdg_shell.c | 19 +++++++++++++++++++
 sway/server.c            |  2 +-
 sway/tree/view.c         | 14 ++++++++++++++
 5 files changed, 43 insertions(+), 1 deletion(-)

diff --git a/include/sway/server.h b/include/sway/server.h
index 4cce17cc4..bb3b99637 100644
--- a/include/sway/server.h
+++ b/include/sway/server.h
@@ -16,6 +16,7 @@
 #include <wlr/types/wlr_output_power_management_v1.h>
 #include <wlr/types/wlr_presentation_time.h>
 #include <wlr/types/wlr_relative_pointer_v1.h>
+#include <wlr/types/wlr_security_context_v1.h>
 #include <wlr/types/wlr_session_lock_v1.h>
 #include <wlr/types/wlr_server_decoration.h>
 #include <wlr/types/wlr_text_input_v3.h>
@@ -78,6 +79,8 @@ struct sway_server {
 	struct wl_listener xdg_decoration;
 	struct wl_list xdg_decorations; // sway_xdg_decoration::link
 
+	struct wlr_security_context_manager_v1 *security_context_manager;
+
 	struct wlr_drm_lease_v1_manager *drm_lease_manager;
 	struct wl_listener drm_lease_request;
 
diff --git a/include/sway/tree/view.h b/include/sway/tree/view.h
index 0dcbf1aa6..2f586768e 100644
--- a/include/sway/tree/view.h
+++ b/include/sway/tree/view.h
@@ -30,6 +30,8 @@ enum sway_view_prop {
 	VIEW_PROP_X11_WINDOW_ID,
 	VIEW_PROP_X11_PARENT_ID,
 #endif
+	VIEW_PROP_SANDBOX_APP_ID,
+	VIEW_PROP_SANDBOX_ENGINE,
 };
 
 struct sway_view_impl {
@@ -232,6 +234,10 @@ const char *view_get_class(struct sway_view *view);
 
 const char *view_get_instance(struct sway_view *view);
 
+const char *view_get_sandbox_app_id(struct sway_view *view);
+
+const char *view_get_sandbox_engine(struct sway_view *view);
+
 uint32_t view_get_x11_window_id(struct sway_view *view);
 
 uint32_t view_get_x11_parent_id(struct sway_view *view);
diff --git a/sway/desktop/xdg_shell.c b/sway/desktop/xdg_shell.c
index 8da922d50..b8bdf90f8 100644
--- a/sway/desktop/xdg_shell.c
+++ b/sway/desktop/xdg_shell.c
@@ -4,6 +4,7 @@
 #include <stdlib.h>
 #include <wayland-server-core.h>
 #include <wlr/types/wlr_xdg_shell.h>
+#include <wlr/types/wlr_security_context_v1.h>
 #include <wlr/util/edges.h>
 #include "log.h"
 #include "sway/decoration.h"
@@ -136,6 +137,24 @@ static const char *get_string_prop(struct sway_view *view,
 		return view->wlr_xdg_toplevel->title;
 	case VIEW_PROP_APP_ID:
 		return view->wlr_xdg_toplevel->app_id;
+	case VIEW_PROP_SANDBOX_APP_ID: {
+		struct wl_client *client = wl_resource_get_client(view->surface->resource);
+		const struct wlr_security_context_v1_state *state = wlr_security_context_manager_v1_lookup_client(server.security_context_manager, client);
+		if (state == NULL) {
+			return NULL;
+		}
+
+		return state->app_id;
+	}
+	case VIEW_PROP_SANDBOX_ENGINE: {
+		struct wl_client *client = wl_resource_get_client(view->surface->resource);
+		const struct wlr_security_context_v1_state *state = wlr_security_context_manager_v1_lookup_client(server.security_context_manager, client);
+		if (state == NULL) {
+			return NULL;
+		}
+
+		return state->sandbox_engine;
+	}
 	default:
 		return NULL;
 	}
diff --git a/sway/server.c b/sway/server.c
index 0ffbd2728..c41f772a2 100644
--- a/sway/server.c
+++ b/sway/server.c
@@ -202,7 +202,7 @@ bool server_init(struct sway_server *server) {
 	wlr_primary_selection_v1_device_manager_create(server->wl_display);
 	wlr_viewporter_create(server->wl_display);
 	wlr_single_pixel_buffer_manager_v1_create(server->wl_display);
-	wlr_security_context_manager_v1_create(server->wl_display);
+	server->security_context_manager = wlr_security_context_manager_v1_create(server->wl_display);
 
 	struct wlr_xdg_foreign_registry *foreign_registry =
 		wlr_xdg_foreign_registry_create(server->wl_display);
diff --git a/sway/tree/view.c b/sway/tree/view.c
index 7d9e038d2..ea81f0c5e 100644
--- a/sway/tree/view.c
+++ b/sway/tree/view.c
@@ -97,6 +97,20 @@ const char *view_get_app_id(struct sway_view *view) {
 	return NULL;
 }
 
+const char *view_get_sandbox_app_id(struct sway_view *view) {
+	if (view->impl->get_string_prop) {
+		return view->impl->get_string_prop(view, VIEW_PROP_SANDBOX_APP_ID);
+	}
+	return NULL;
+}
+
+const char *view_get_sandbox_engine(struct sway_view *view) {
+	if (view->impl->get_string_prop) {
+		return view->impl->get_string_prop(view, VIEW_PROP_SANDBOX_ENGINE);
+	}
+	return NULL;
+}
+
 const char *view_get_class(struct sway_view *view) {
 	if (view->impl->get_string_prop) {
 		return view->impl->get_string_prop(view, VIEW_PROP_CLASS);