system: move system access packages

These packages loosely belong in the "system" package and "system" provides high level wrappers for all of them.

Signed-off-by: Ophestra <cat@gensokyo.uk>

system/wayland/conn.go

@@ -0,0 +1,121 @@
+// Package wayland implements Wayland security_context_v1 protocol.
+package wayland
+
+import (
+	"errors"
+	"net"
+	"os"
+	"runtime"
+	"sync"
+	"syscall"
+)
+
+type Conn struct {
+	conn *net.UnixConn
+
+	done     chan struct{}
+	doneOnce sync.Once
+
+	mu sync.Mutex
+}
+
+// Attach connects Conn to a wayland socket.
+func (c *Conn) Attach(p string) (err error) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+
+	if c.conn != nil {
+		return errors.New("attached")
+	}
+
+	c.conn, err = net.DialUnix("unix", nil, &net.UnixAddr{Name: p, Net: "unix"})
+	return
+}
+
+// Close releases resources and closes the connection to the wayland compositor.
+func (c *Conn) Close() error {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+
+	if c.done == nil {
+		return errors.New("no socket bound")
+	}
+
+	c.doneOnce.Do(func() {
+		c.done <- struct{}{}
+		<-c.done
+	})
+
+	// closed by wayland
+	runtime.SetFinalizer(c.conn, nil)
+	return nil
+}
+
+func (c *Conn) Bind(p, appID, instanceID string) (*os.File, error) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+
+	if c.conn == nil {
+		return nil, errors.New("not attached")
+	}
+	if c.done != nil {
+		return nil, errors.New("bound")
+	}
+
+	if rc, err := c.conn.SyscallConn(); err != nil {
+		// unreachable
+		return nil, err
+	} else {
+		c.done = make(chan struct{})
+		return bindRawConn(c.done, rc, p, appID, instanceID)
+	}
+}
+
+func bindRawConn(done chan struct{}, rc syscall.RawConn, p, appID, instanceID string) (*os.File, error) {
+	var syncPipe [2]*os.File
+
+	if r, w, err := os.Pipe(); err != nil {
+		return nil, err
+	} else {
+		syncPipe[0] = r
+		syncPipe[1] = w
+	}
+
+	setupDone := make(chan error, 1) // does not block with c.done
+
+	go func() {
+		if err := rc.Control(func(fd uintptr) {
+			// prevent runtime from closing the read end of sync fd
+			runtime.SetFinalizer(syncPipe[0], nil)
+
+			// allow the Bind method to return after setup
+			setupDone <- bind(fd, p, appID, instanceID, syncPipe[0].Fd())
+			close(setupDone)
+
+			// keep socket alive until done is requested
+			<-done
+			runtime.KeepAlive(syncPipe[1])
+		}); err != nil {
+			setupDone <- err
+		}
+
+		// notify Close that rc.Control has returned
+		close(done)
+	}()
+
+	// return write end of the pipe
+	return syncPipe[1], <-setupDone
+}
+
+func bind(fd uintptr, p, appID, instanceID string, syncFd uintptr) error {
+	// ensure p is available
+	if f, err := os.Create(p); err != nil {
+		return err
+	} else if err = f.Close(); err != nil {
+		return err
+	} else if err = os.Remove(p); err != nil {
+		return err
+	}
+
+	return bindWaylandFd(p, fd, appID, instanceID, syncFd)
+}

system/wayland/consts.go

@@ -0,0 +1,15 @@
+package wayland
+
+const (
+	// WaylandDisplay contains the name of the server socket
+	// (https://gitlab.freedesktop.org/wayland/wayland/-/blob/1.23.1/src/wayland-client.c#L1147)
+	// which is concatenated with XDG_RUNTIME_DIR
+	// (https://gitlab.freedesktop.org/wayland/wayland/-/blob/1.23.1/src/wayland-client.c#L1171)
+	// or used as-is if absolute
+	// (https://gitlab.freedesktop.org/wayland/wayland/-/blob/1.23.1/src/wayland-client.c#L1176).
+	WaylandDisplay = "WAYLAND_DISPLAY"
+
+	// FallbackName is used as the wayland socket name if WAYLAND_DISPLAY is unset
+	// (https://gitlab.freedesktop.org/wayland/wayland/-/blob/1.23.1/src/wayland-client.c#L1149).
+	FallbackName = "wayland-0"
+)

system/wayland/security-context-v1-protocol.c

@@ -0,0 +1,74 @@
+/* Generated by wayland-scanner 1.23.1 */
+
+/*
+ * Copyright © 2021 Simon Ser
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice (including the next
+ * paragraph) shall be included in all copies or substantial portions of the
+ * Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ */
+
+#include <stdbool.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include "wayland-util.h"
+
+#ifndef __has_attribute
+# define __has_attribute(x) 0  /* Compatibility with non-clang compilers. */
+#endif
+
+#if (__has_attribute(visibility) || defined(__GNUC__) && __GNUC__ >= 4)
+#define WL_PRIVATE __attribute__ ((visibility("hidden")))
+#else
+#define WL_PRIVATE
+#endif
+
+extern const struct wl_interface wp_security_context_v1_interface;
+
+static const struct wl_interface *security_context_v1_types[] = {
+	NULL,
+	&wp_security_context_v1_interface,
+	NULL,
+	NULL,
+};
+
+static const struct wl_message wp_security_context_manager_v1_requests[] = {
+	{ "destroy", "", security_context_v1_types + 0 },
+	{ "create_listener", "nhh", security_context_v1_types + 1 },
+};
+
+WL_PRIVATE const struct wl_interface wp_security_context_manager_v1_interface = {
+	"wp_security_context_manager_v1", 1,
+	2, wp_security_context_manager_v1_requests,
+	0, NULL,
+};
+
+static const struct wl_message wp_security_context_v1_requests[] = {
+	{ "destroy", "", security_context_v1_types + 0 },
+	{ "set_sandbox_engine", "s", security_context_v1_types + 0 },
+	{ "set_app_id", "s", security_context_v1_types + 0 },
+	{ "set_instance_id", "s", security_context_v1_types + 0 },
+	{ "commit", "", security_context_v1_types + 0 },
+};
+
+WL_PRIVATE const struct wl_interface wp_security_context_v1_interface = {
+	"wp_security_context_v1", 1,
+	5, wp_security_context_v1_requests,
+	0, NULL,
+};
+

system/wayland/security-context-v1-protocol.h

@@ -0,0 +1,392 @@
+/* Generated by wayland-scanner 1.23.1 */
+
+#ifndef SECURITY_CONTEXT_V1_CLIENT_PROTOCOL_H
+#define SECURITY_CONTEXT_V1_CLIENT_PROTOCOL_H
+
+#include <stdint.h>
+#include <stddef.h>
+#include "wayland-client.h"
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @page page_security_context_v1 The security_context_v1 protocol
+ * @section page_ifaces_security_context_v1 Interfaces
+ * - @subpage page_iface_wp_security_context_manager_v1 - client security context manager
+ * - @subpage page_iface_wp_security_context_v1 - client security context
+ * @section page_copyright_security_context_v1 Copyright
+ * <pre>
+ *
+ * Copyright © 2021 Simon Ser
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice (including the next
+ * paragraph) shall be included in all copies or substantial portions of the
+ * Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ * </pre>
+ */
+struct wp_security_context_manager_v1;
+struct wp_security_context_v1;
+
+#ifndef WP_SECURITY_CONTEXT_MANAGER_V1_INTERFACE
+#define WP_SECURITY_CONTEXT_MANAGER_V1_INTERFACE
+/**
+ * @page page_iface_wp_security_context_manager_v1 wp_security_context_manager_v1
+ * @section page_iface_wp_security_context_manager_v1_desc Description
+ *
+ * This interface allows a client to register a new Wayland connection to
+ * the compositor and attach a security context to it.
+ *
+ * This is intended to be used by sandboxes. Sandbox engines attach a
+ * security context to all connections coming from inside the sandbox. The
+ * compositor can then restrict the features that the sandboxed connections
+ * can use.
+ *
+ * Compositors should forbid nesting multiple security contexts by not
+ * exposing wp_security_context_manager_v1 global to clients with a security
+ * context attached, or by sending the nested protocol error. Nested
+ * security contexts are dangerous because they can potentially allow
+ * privilege escalation of a sandboxed client.
+ *
+ * Warning! The protocol described in this file is currently in the testing
+ * phase. Backward compatible changes may be added together with the
+ * corresponding interface version bump. Backward incompatible changes can
+ * only be done by creating a new major version of the extension.
+ * @section page_iface_wp_security_context_manager_v1_api API
+ * See @ref iface_wp_security_context_manager_v1.
+ */
+/**
+ * @defgroup iface_wp_security_context_manager_v1 The wp_security_context_manager_v1 interface
+ *
+ * This interface allows a client to register a new Wayland connection to
+ * the compositor and attach a security context to it.
+ *
+ * This is intended to be used by sandboxes. Sandbox engines attach a
+ * security context to all connections coming from inside the sandbox. The
+ * compositor can then restrict the features that the sandboxed connections
+ * can use.
+ *
+ * Compositors should forbid nesting multiple security contexts by not
+ * exposing wp_security_context_manager_v1 global to clients with a security
+ * context attached, or by sending the nested protocol error. Nested
+ * security contexts are dangerous because they can potentially allow
+ * privilege escalation of a sandboxed client.
+ *
+ * Warning! The protocol described in this file is currently in the testing
+ * phase. Backward compatible changes may be added together with the
+ * corresponding interface version bump. Backward incompatible changes can
+ * only be done by creating a new major version of the extension.
+ */
+extern const struct wl_interface wp_security_context_manager_v1_interface;
+#endif
+#ifndef WP_SECURITY_CONTEXT_V1_INTERFACE
+#define WP_SECURITY_CONTEXT_V1_INTERFACE
+/**
+ * @page page_iface_wp_security_context_v1 wp_security_context_v1
+ * @section page_iface_wp_security_context_v1_desc Description
+ *
+ * The security context allows a client to register a new client and attach
+ * security context metadata to the connections.
+ *
+ * When both are set, the combination of the application ID and the sandbox
+ * engine must uniquely identify an application. The same application ID
+ * will be used across instances (e.g. if the application is restarted, or
+ * if the application is started multiple times).
+ *
+ * When both are set, the combination of the instance ID and the sandbox
+ * engine must uniquely identify a running instance of an application.
+ * @section page_iface_wp_security_context_v1_api API
+ * See @ref iface_wp_security_context_v1.
+ */
+/**
+ * @defgroup iface_wp_security_context_v1 The wp_security_context_v1 interface
+ *
+ * The security context allows a client to register a new client and attach
+ * security context metadata to the connections.
+ *
+ * When both are set, the combination of the application ID and the sandbox
+ * engine must uniquely identify an application. The same application ID
+ * will be used across instances (e.g. if the application is restarted, or
+ * if the application is started multiple times).
+ *
+ * When both are set, the combination of the instance ID and the sandbox
+ * engine must uniquely identify a running instance of an application.
+ */
+extern const struct wl_interface wp_security_context_v1_interface;
+#endif
+
+#ifndef WP_SECURITY_CONTEXT_MANAGER_V1_ERROR_ENUM
+#define WP_SECURITY_CONTEXT_MANAGER_V1_ERROR_ENUM
+enum wp_security_context_manager_v1_error {
+	/**
+	 * listening socket FD is invalid
+	 */
+	WP_SECURITY_CONTEXT_MANAGER_V1_ERROR_INVALID_LISTEN_FD = 1,
+	/**
+	 * nested security contexts are forbidden
+	 */
+	WP_SECURITY_CONTEXT_MANAGER_V1_ERROR_NESTED = 2,
+};
+#endif /* WP_SECURITY_CONTEXT_MANAGER_V1_ERROR_ENUM */
+
+#define WP_SECURITY_CONTEXT_MANAGER_V1_DESTROY 0
+#define WP_SECURITY_CONTEXT_MANAGER_V1_CREATE_LISTENER 1
+
+
+/**
+ * @ingroup iface_wp_security_context_manager_v1
+ */
+#define WP_SECURITY_CONTEXT_MANAGER_V1_DESTROY_SINCE_VERSION 1
+/**
+ * @ingroup iface_wp_security_context_manager_v1
+ */
+#define WP_SECURITY_CONTEXT_MANAGER_V1_CREATE_LISTENER_SINCE_VERSION 1
+
+/** @ingroup iface_wp_security_context_manager_v1 */
+static inline void
+wp_security_context_manager_v1_set_user_data(struct wp_security_context_manager_v1 *wp_security_context_manager_v1, void *user_data)
+{
+	wl_proxy_set_user_data((struct wl_proxy *) wp_security_context_manager_v1, user_data);
+}
+
+/** @ingroup iface_wp_security_context_manager_v1 */
+static inline void *
+wp_security_context_manager_v1_get_user_data(struct wp_security_context_manager_v1 *wp_security_context_manager_v1)
+{
+	return wl_proxy_get_user_data((struct wl_proxy *) wp_security_context_manager_v1);
+}
+
+static inline uint32_t
+wp_security_context_manager_v1_get_version(struct wp_security_context_manager_v1 *wp_security_context_manager_v1)
+{
+	return wl_proxy_get_version((struct wl_proxy *) wp_security_context_manager_v1);
+}
+
+/**
+ * @ingroup iface_wp_security_context_manager_v1
+ *
+ * Destroy the manager. This doesn't destroy objects created with the
+ * manager.
+ */
+static inline void
+wp_security_context_manager_v1_destroy(struct wp_security_context_manager_v1 *wp_security_context_manager_v1)
+{
+	wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_manager_v1,
+			 WP_SECURITY_CONTEXT_MANAGER_V1_DESTROY, NULL, wl_proxy_get_version((struct wl_proxy *) wp_security_context_manager_v1), WL_MARSHAL_FLAG_DESTROY);
+}
+
+/**
+ * @ingroup iface_wp_security_context_manager_v1
+ *
+ * Creates a new security context with a socket listening FD.
+ *
+ * The compositor will accept new client connections on listen_fd.
+ * listen_fd must be ready to accept new connections when this request is
+ * sent by the client. In other words, the client must call bind(2) and
+ * listen(2) before sending the FD.
+ *
+ * close_fd is a FD that will signal hangup when the compositor should stop
+ * accepting new connections on listen_fd.
+ *
+ * The compositor must continue to accept connections on listen_fd when
+ * the Wayland client which created the security context disconnects.
+ *
+ * After sending this request, closing listen_fd and close_fd remains the
+ * only valid operation on them.
+ */
+static inline struct wp_security_context_v1 *
+wp_security_context_manager_v1_create_listener(struct wp_security_context_manager_v1 *wp_security_context_manager_v1, int32_t listen_fd, int32_t close_fd)
+{
+	struct wl_proxy *id;
+
+	id = wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_manager_v1,
+			 WP_SECURITY_CONTEXT_MANAGER_V1_CREATE_LISTENER, &wp_security_context_v1_interface, wl_proxy_get_version((struct wl_proxy *) wp_security_context_manager_v1), 0, NULL, listen_fd, close_fd);
+
+	return (struct wp_security_context_v1 *) id;
+}
+
+#ifndef WP_SECURITY_CONTEXT_V1_ERROR_ENUM
+#define WP_SECURITY_CONTEXT_V1_ERROR_ENUM
+enum wp_security_context_v1_error {
+	/**
+	 * security context has already been committed
+	 */
+	WP_SECURITY_CONTEXT_V1_ERROR_ALREADY_USED = 1,
+	/**
+	 * metadata has already been set
+	 */
+	WP_SECURITY_CONTEXT_V1_ERROR_ALREADY_SET = 2,
+	/**
+	 * metadata is invalid
+	 */
+	WP_SECURITY_CONTEXT_V1_ERROR_INVALID_METADATA = 3,
+};
+#endif /* WP_SECURITY_CONTEXT_V1_ERROR_ENUM */
+
+#define WP_SECURITY_CONTEXT_V1_DESTROY 0
+#define WP_SECURITY_CONTEXT_V1_SET_SANDBOX_ENGINE 1
+#define WP_SECURITY_CONTEXT_V1_SET_APP_ID 2
+#define WP_SECURITY_CONTEXT_V1_SET_INSTANCE_ID 3
+#define WP_SECURITY_CONTEXT_V1_COMMIT 4
+
+
+/**
+ * @ingroup iface_wp_security_context_v1
+ */
+#define WP_SECURITY_CONTEXT_V1_DESTROY_SINCE_VERSION 1
+/**
+ * @ingroup iface_wp_security_context_v1
+ */
+#define WP_SECURITY_CONTEXT_V1_SET_SANDBOX_ENGINE_SINCE_VERSION 1
+/**
+ * @ingroup iface_wp_security_context_v1
+ */
+#define WP_SECURITY_CONTEXT_V1_SET_APP_ID_SINCE_VERSION 1
+/**
+ * @ingroup iface_wp_security_context_v1
+ */
+#define WP_SECURITY_CONTEXT_V1_SET_INSTANCE_ID_SINCE_VERSION 1
+/**
+ * @ingroup iface_wp_security_context_v1
+ */
+#define WP_SECURITY_CONTEXT_V1_COMMIT_SINCE_VERSION 1
+
+/** @ingroup iface_wp_security_context_v1 */
+static inline void
+wp_security_context_v1_set_user_data(struct wp_security_context_v1 *wp_security_context_v1, void *user_data)
+{
+	wl_proxy_set_user_data((struct wl_proxy *) wp_security_context_v1, user_data);
+}
+
+/** @ingroup iface_wp_security_context_v1 */
+static inline void *
+wp_security_context_v1_get_user_data(struct wp_security_context_v1 *wp_security_context_v1)
+{
+	return wl_proxy_get_user_data((struct wl_proxy *) wp_security_context_v1);
+}
+
+static inline uint32_t
+wp_security_context_v1_get_version(struct wp_security_context_v1 *wp_security_context_v1)
+{
+	return wl_proxy_get_version((struct wl_proxy *) wp_security_context_v1);
+}
+
+/**
+ * @ingroup iface_wp_security_context_v1
+ *
+ * Destroy the security context object.
+ */
+static inline void
+wp_security_context_v1_destroy(struct wp_security_context_v1 *wp_security_context_v1)
+{
+	wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_v1,
+			 WP_SECURITY_CONTEXT_V1_DESTROY, NULL, wl_proxy_get_version((struct wl_proxy *) wp_security_context_v1), WL_MARSHAL_FLAG_DESTROY);
+}
+
+/**
+ * @ingroup iface_wp_security_context_v1
+ *
+ * Attach a unique sandbox engine name to the security context. The name
+ * should follow the reverse-DNS style (e.g. "org.flatpak").
+ *
+ * A list of well-known engines is maintained at:
+ * https://gitlab.freedesktop.org/wayland/wayland-protocols/-/blob/main/staging/security-context/engines.md
+ *
+ * It is a protocol error to call this request twice. The already_set
+ * error is sent in this case.
+ */
+static inline void
+wp_security_context_v1_set_sandbox_engine(struct wp_security_context_v1 *wp_security_context_v1, const char *name)
+{
+	wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_v1,
+			 WP_SECURITY_CONTEXT_V1_SET_SANDBOX_ENGINE, NULL, wl_proxy_get_version((struct wl_proxy *) wp_security_context_v1), 0, name);
+}
+
+/**
+ * @ingroup iface_wp_security_context_v1
+ *
+ * Attach an application ID to the security context.
+ *
+ * The application ID is an opaque, sandbox-specific identifier for an
+ * application. See the well-known engines document for more details:
+ * https://gitlab.freedesktop.org/wayland/wayland-protocols/-/blob/main/staging/security-context/engines.md
+ *
+ * The compositor may use the application ID to group clients belonging to
+ * the same security context application.
+ *
+ * Whether this request is optional or not depends on the sandbox engine used.
+ *
+ * It is a protocol error to call this request twice. The already_set
+ * error is sent in this case.
+ */
+static inline void
+wp_security_context_v1_set_app_id(struct wp_security_context_v1 *wp_security_context_v1, const char *app_id)
+{
+	wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_v1,
+			 WP_SECURITY_CONTEXT_V1_SET_APP_ID, NULL, wl_proxy_get_version((struct wl_proxy *) wp_security_context_v1), 0, app_id);
+}
+
+/**
+ * @ingroup iface_wp_security_context_v1
+ *
+ * Attach an instance ID to the security context.
+ *
+ * The instance ID is an opaque, sandbox-specific identifier for a running
+ * instance of an application. See the well-known engines document for
+ * more details:
+ * https://gitlab.freedesktop.org/wayland/wayland-protocols/-/blob/main/staging/security-context/engines.md
+ *
+ * Whether this request is optional or not depends on the sandbox engine used.
+ *
+ * It is a protocol error to call this request twice. The already_set
+ * error is sent in this case.
+ */
+static inline void
+wp_security_context_v1_set_instance_id(struct wp_security_context_v1 *wp_security_context_v1, const char *instance_id)
+{
+	wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_v1,
+			 WP_SECURITY_CONTEXT_V1_SET_INSTANCE_ID, NULL, wl_proxy_get_version((struct wl_proxy *) wp_security_context_v1), 0, instance_id);
+}
+
+/**
+ * @ingroup iface_wp_security_context_v1
+ *
+ * Atomically register the new client and attach the security context
+ * metadata.
+ *
+ * If the provided metadata is inconsistent or does not match with out of
+ * band metadata (see
+ * https://gitlab.freedesktop.org/wayland/wayland-protocols/-/blob/main/staging/security-context/engines.md),
+ * the invalid_metadata error may be sent eventually.
+ *
+ * It's a protocol error to send any request other than "destroy" after
+ * this request. In this case, the already_used error is sent.
+ */
+static inline void
+wp_security_context_v1_commit(struct wp_security_context_v1 *wp_security_context_v1)
+{
+	wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_v1,
+			 WP_SECURITY_CONTEXT_V1_COMMIT, NULL, wl_proxy_get_version((struct wl_proxy *) wp_security_context_v1), 0);
+}
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif

system/wayland/wayland-client-helper.c

@@ -0,0 +1,96 @@
+#include "wayland-client-helper.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <unistd.h>
+
+#include "security-context-v1-protocol.h"
+#include <wayland-client.h>
+
+static void registry_handle_global(void *data, struct wl_registry *registry,
+                                   uint32_t name, const char *interface,
+                                   uint32_t version) {
+  struct wp_security_context_manager_v1 **out = data;
+
+  if (strcmp(interface, wp_security_context_manager_v1_interface.name) == 0)
+    *out = wl_registry_bind(registry, name,
+                            &wp_security_context_manager_v1_interface, 1);
+}
+
+static void registry_handle_global_remove(void *data,
+                                          struct wl_registry *registry,
+                                          uint32_t name) {} /* no-op */
+
+static const struct wl_registry_listener registry_listener = {
+    .global = registry_handle_global,
+    .global_remove = registry_handle_global_remove,
+};
+
+int32_t hakurei_bind_wayland_fd(char *socket_path, int fd, const char *app_id,
+                                const char *instance_id, int sync_fd) {
+  int32_t res = 0; /* refer to resErr for corresponding Go error */
+
+  struct wl_display *display;
+  display = wl_display_connect_to_fd(fd);
+  if (!display) {
+    res = 1;
+    goto out;
+  };
+
+  struct wl_registry *registry;
+  registry = wl_display_get_registry(display);
+
+  struct wp_security_context_manager_v1 *security_context_manager = NULL;
+  wl_registry_add_listener(registry, &registry_listener,
+                           &security_context_manager);
+  int ret;
+  ret = wl_display_roundtrip(display);
+  wl_registry_destroy(registry);
+  if (ret < 0)
+    goto out;
+
+  if (!security_context_manager) {
+    res = 2;
+    goto out;
+  }
+
+  int listen_fd = -1;
+  listen_fd = socket(AF_UNIX, SOCK_STREAM, 0);
+  if (listen_fd < 0)
+    goto out;
+
+  struct sockaddr_un sockaddr = {0};
+  sockaddr.sun_family = AF_UNIX;
+  snprintf(sockaddr.sun_path, sizeof(sockaddr.sun_path), "%s", socket_path);
+  if (bind(listen_fd, (struct sockaddr *)&sockaddr, sizeof(sockaddr)) != 0)
+    goto out;
+
+  if (listen(listen_fd, 0) != 0)
+    goto out;
+
+  struct wp_security_context_v1 *security_context;
+  security_context = wp_security_context_manager_v1_create_listener(
+      security_context_manager, listen_fd, sync_fd);
+  wp_security_context_v1_set_sandbox_engine(security_context, "app.hakurei");
+  wp_security_context_v1_set_app_id(security_context, app_id);
+  wp_security_context_v1_set_instance_id(security_context, instance_id);
+  wp_security_context_v1_commit(security_context);
+  wp_security_context_v1_destroy(security_context);
+  if (wl_display_roundtrip(display) < 0)
+    goto out;
+
+out:
+  if (listen_fd >= 0)
+    close(listen_fd);
+  if (security_context_manager)
+    wp_security_context_manager_v1_destroy(security_context_manager);
+  if (display)
+    wl_display_disconnect(display);
+
+  free((void *)socket_path);
+  free((void *)app_id);
+  free((void *)instance_id);
+  return res;
+}

system/wayland/wayland-client-helper.h

@@ -0,0 +1,4 @@
+#include <stdint.h>
+
+int32_t hakurei_bind_wayland_fd(char *socket_path, int fd, const char *app_id,
+                                const char *instance_id, int sync_fd);

system/wayland/wayland.go

@@ -0,0 +1,36 @@
+package wayland
+
+//go:generate sh -c "wayland-scanner client-header `pkg-config --variable=datarootdir wayland-protocols`/wayland-protocols/staging/security-context/security-context-v1.xml security-context-v1-protocol.h"
+//go:generate sh -c "wayland-scanner private-code `pkg-config --variable=datarootdir wayland-protocols`/wayland-protocols/staging/security-context/security-context-v1.xml security-context-v1-protocol.c"
+
+/*
+#cgo linux pkg-config: --static wayland-client
+#cgo freebsd openbsd LDFLAGS: -lwayland-client
+
+#include "wayland-client-helper.h"
+*/
+import "C"
+import (
+	"errors"
+	"strings"
+)
+
+var (
+	ErrContainsNull = errors.New("string contains null character")
+)
+
+var resErr = [...]error{
+	0: nil,
+	1: errors.New("wl_display_connect_to_fd() failed"),
+	2: errors.New("wp_security_context_v1 not available"),
+}
+
+func bindWaylandFd(socketPath string, fd uintptr, appID, instanceID string, syncFd uintptr) error {
+	if hasNull(appID) || hasNull(instanceID) {
+		return ErrContainsNull
+	}
+	res := C.hakurei_bind_wayland_fd(C.CString(socketPath), C.int(fd), C.CString(appID), C.CString(instanceID), C.int(syncFd))
+	return resErr[int32(res)]
+}
+
+func hasNull(s string) bool { return strings.IndexByte(s, '\x00') > -1 }