From c5fd8c050f7ddbfe3e5b7abc8f5f6ace3a3c5307 Mon Sep 17 00:00:00 2001 From: Simon Ser Date: Thu, 4 Jan 2024 15:01:26 +0100 Subject: [PATCH] Mark DRM lease protocol privileged Allowing sandboxed clients to request DRM leases has security implications. --- sway/server.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/sway/server.c b/sway/server.c index e34ea2ff..4bef4588 100644 --- a/sway/server.c +++ b/sway/server.c @@ -77,6 +77,17 @@ static void handle_drm_lease_request(struct wl_listener *listener, void *data) { #endif static bool is_privileged(const struct wl_global *global) { +#if WLR_HAS_DRM_BACKEND + if (server.drm_lease_manager != NULL) { + struct wlr_drm_lease_device_v1 *drm_lease_dev; + wl_list_for_each(drm_lease_dev, &server.drm_lease_manager->devices, link) { + if (drm_lease_dev->global == global) { + return true; + } + } + } +#endif + return global == server.output_manager_v1->global || global == server.output_power_manager_v1->global ||