Keep track of security context per view

These use the more generic "sandbox_engine" and "sandbox_app_id", as a
slight generalisation to the concept, instead of the exact protocol
used to implement it right now.

include/sway/server.h

@@ -16,6 +16,7 @@
 #include <wlr/types/wlr_output_power_management_v1.h>
 #include <wlr/types/wlr_presentation_time.h>
 #include <wlr/types/wlr_relative_pointer_v1.h>
+#include <wlr/types/wlr_security_context_v1.h>
 #include <wlr/types/wlr_session_lock_v1.h>
 #include <wlr/types/wlr_server_decoration.h>
 #include <wlr/types/wlr_text_input_v3.h>
@@ -78,6 +79,8 @@ struct sway_server {
 	struct wl_listener xdg_decoration;
 	struct wl_list xdg_decorations; // sway_xdg_decoration::link
 
+	struct wlr_security_context_manager_v1 *security_context_manager;
+
 	struct wlr_drm_lease_v1_manager *drm_lease_manager;
 	struct wl_listener drm_lease_request;
 

include/sway/tree/view.h

@@ -30,6 +30,8 @@ enum sway_view_prop {
 	VIEW_PROP_X11_WINDOW_ID,
 	VIEW_PROP_X11_PARENT_ID,
 #endif
+	VIEW_PROP_SANDBOX_APP_ID,
+	VIEW_PROP_SANDBOX_ENGINE,
 };
 
 struct sway_view_impl {
@@ -232,6 +234,10 @@ const char *view_get_class(struct sway_view *view);
 
 const char *view_get_instance(struct sway_view *view);
 
+const char *view_get_sandbox_app_id(struct sway_view *view);
+
+const char *view_get_sandbox_engine(struct sway_view *view);
+
 uint32_t view_get_x11_window_id(struct sway_view *view);
 
 uint32_t view_get_x11_parent_id(struct sway_view *view);

sway/desktop/xdg_shell.c

@@ -4,6 +4,7 @@
 #include <stdlib.h>
 #include <wayland-server-core.h>
 #include <wlr/types/wlr_xdg_shell.h>
+#include <wlr/types/wlr_security_context_v1.h>
 #include <wlr/util/edges.h>
 #include "log.h"
 #include "sway/decoration.h"
@@ -136,6 +137,24 @@ static const char *get_string_prop(struct sway_view *view,
 		return view->wlr_xdg_toplevel->title;
 	case VIEW_PROP_APP_ID:
 		return view->wlr_xdg_toplevel->app_id;
+	case VIEW_PROP_SANDBOX_APP_ID: {
+		struct wl_client *client = wl_resource_get_client(view->surface->resource);
+		const struct wlr_security_context_v1_state *state = wlr_security_context_manager_v1_lookup_client(server.security_context_manager, client);
+		if (state == NULL) {
+			return NULL;
+		}
+
+		return state->app_id;
+	}
+	case VIEW_PROP_SANDBOX_ENGINE: {
+		struct wl_client *client = wl_resource_get_client(view->surface->resource);
+		const struct wlr_security_context_v1_state *state = wlr_security_context_manager_v1_lookup_client(server.security_context_manager, client);
+		if (state == NULL) {
+			return NULL;
+		}
+
+		return state->sandbox_engine;
+	}
 	default:
 		return NULL;
 	}

sway/server.c

@@ -202,7 +202,7 @@ bool server_init(struct sway_server *server) {
 	wlr_primary_selection_v1_device_manager_create(server->wl_display);
 	wlr_viewporter_create(server->wl_display);
 	wlr_single_pixel_buffer_manager_v1_create(server->wl_display);
-	wlr_security_context_manager_v1_create(server->wl_display);
+	server->security_context_manager = wlr_security_context_manager_v1_create(server->wl_display);
 
 	struct wlr_xdg_foreign_registry *foreign_registry =
 		wlr_xdg_foreign_registry_create(server->wl_display);

sway/tree/view.c

@@ -97,6 +97,20 @@ const char *view_get_app_id(struct sway_view *view) {
 	return NULL;
 }
 
+const char *view_get_sandbox_app_id(struct sway_view *view) {
+	if (view->impl->get_string_prop) {
+		return view->impl->get_string_prop(view, VIEW_PROP_SANDBOX_APP_ID);
+	}
+	return NULL;
+}
+
+const char *view_get_sandbox_engine(struct sway_view *view) {
+	if (view->impl->get_string_prop) {
+		return view->impl->get_string_prop(view, VIEW_PROP_SANDBOX_ENGINE);
+	}
+	return NULL;
+}
+
 const char *view_get_class(struct sway_view *view) {
 	if (view->impl->get_string_prop) {
 		return view->impl->get_string_prop(view, VIEW_PROP_CLASS);