security/hakurei
security/hakurei
6
3
Fork 0
Code Issues 8 Pull Requests Actions Packages Projects Releases 9 Wiki Activity
hakurei/internal/system/wayland/security-context-v1-protocol.h
Ophestra 4e7aab07d5
All checks were successful
Test / Create distribution (push) Successful in 35s
Details
Test / Sandbox (push) Successful in 2m18s
Details
Test / Hakurei (push) Successful in 3m17s
Details
Test / Sandbox (race detector) (push) Successful in 4m7s
Details
Test / Hpkg (push) Successful in 4m13s
Details
Test / Hakurei (race detector) (push) Successful in 5m3s
Details
Test / Flake checks (push) Successful in 1m40s
Details
internal/system: relocate from system 
These packages are highly specific to hakurei and are difficult to use safely from other pieces of code.

Their exported symbols are made available until v0.4.0 where they will be removed for #24.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-11-13 01:17:47 +09:00

393 lines
15 KiB
C
Raw Blame History

/* Generated by wayland-scanner 1.23.1 */
#ifndef SECURITY_CONTEXT_V1_CLIENT_PROTOCOL_H
#define SECURITY_CONTEXT_V1_CLIENT_PROTOCOL_H
#include <stdint.h>
#include <stddef.h>
#include "wayland-client.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* @page page_security_context_v1 The security_context_v1 protocol
* @section page_ifaces_security_context_v1 Interfaces
* - @subpage page_iface_wp_security_context_manager_v1 - client security context manager
* - @subpage page_iface_wp_security_context_v1 - client security context
* @section page_copyright_security_context_v1 Copyright
* <pre>
*
* Copyright © 2021 Simon Ser
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice (including the next
* paragraph) shall be included in all copies or substantial portions of the
* Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
* </pre>
*/
struct wp_security_context_manager_v1;
struct wp_security_context_v1;
#ifndef WP_SECURITY_CONTEXT_MANAGER_V1_INTERFACE
#define WP_SECURITY_CONTEXT_MANAGER_V1_INTERFACE
/**
* @page page_iface_wp_security_context_manager_v1 wp_security_context_manager_v1
* @section page_iface_wp_security_context_manager_v1_desc Description
*
* This interface allows a client to register a new Wayland connection to
* the compositor and attach a security context to it.
*
* This is intended to be used by sandboxes. Sandbox engines attach a
* security context to all connections coming from inside the sandbox. The
* compositor can then restrict the features that the sandboxed connections
* can use.
*
* Compositors should forbid nesting multiple security contexts by not
* exposing wp_security_context_manager_v1 global to clients with a security
* context attached, or by sending the nested protocol error. Nested
* security contexts are dangerous because they can potentially allow
* privilege escalation of a sandboxed client.
*
* Warning! The protocol described in this file is currently in the testing
* phase. Backward compatible changes may be added together with the
* corresponding interface version bump. Backward incompatible changes can
* only be done by creating a new major version of the extension.
* @section page_iface_wp_security_context_manager_v1_api API
* See @ref iface_wp_security_context_manager_v1.
*/
/**
* @defgroup iface_wp_security_context_manager_v1 The wp_security_context_manager_v1 interface
*
* This interface allows a client to register a new Wayland connection to
* the compositor and attach a security context to it.
*
* This is intended to be used by sandboxes. Sandbox engines attach a
* security context to all connections coming from inside the sandbox. The
* compositor can then restrict the features that the sandboxed connections
* can use.
*
* Compositors should forbid nesting multiple security contexts by not
* exposing wp_security_context_manager_v1 global to clients with a security
* context attached, or by sending the nested protocol error. Nested
* security contexts are dangerous because they can potentially allow
* privilege escalation of a sandboxed client.
*
* Warning! The protocol described in this file is currently in the testing
* phase. Backward compatible changes may be added together with the
* corresponding interface version bump. Backward incompatible changes can
* only be done by creating a new major version of the extension.
*/
extern const struct wl_interface wp_security_context_manager_v1_interface;
#endif
#ifndef WP_SECURITY_CONTEXT_V1_INTERFACE
#define WP_SECURITY_CONTEXT_V1_INTERFACE
/**
* @page page_iface_wp_security_context_v1 wp_security_context_v1
* @section page_iface_wp_security_context_v1_desc Description
*
* The security context allows a client to register a new client and attach
* security context metadata to the connections.
*
* When both are set, the combination of the application ID and the sandbox
* engine must uniquely identify an application. The same application ID
* will be used across instances (e.g. if the application is restarted, or
* if the application is started multiple times).
*
* When both are set, the combination of the instance ID and the sandbox
* engine must uniquely identify a running instance of an application.
* @section page_iface_wp_security_context_v1_api API
* See @ref iface_wp_security_context_v1.
*/
/**
* @defgroup iface_wp_security_context_v1 The wp_security_context_v1 interface
*
* The security context allows a client to register a new client and attach
* security context metadata to the connections.
*
* When both are set, the combination of the application ID and the sandbox
* engine must uniquely identify an application. The same application ID
* will be used across instances (e.g. if the application is restarted, or
* if the application is started multiple times).
*
* When both are set, the combination of the instance ID and the sandbox
* engine must uniquely identify a running instance of an application.
*/
extern const struct wl_interface wp_security_context_v1_interface;
#endif
#ifndef WP_SECURITY_CONTEXT_MANAGER_V1_ERROR_ENUM
#define WP_SECURITY_CONTEXT_MANAGER_V1_ERROR_ENUM
enum wp_security_context_manager_v1_error {
/**
* listening socket FD is invalid
*/
WP_SECURITY_CONTEXT_MANAGER_V1_ERROR_INVALID_LISTEN_FD = 1,
/**
* nested security contexts are forbidden
*/
WP_SECURITY_CONTEXT_MANAGER_V1_ERROR_NESTED = 2,
};
#endif /* WP_SECURITY_CONTEXT_MANAGER_V1_ERROR_ENUM */
#define WP_SECURITY_CONTEXT_MANAGER_V1_DESTROY 0
#define WP_SECURITY_CONTEXT_MANAGER_V1_CREATE_LISTENER 1
/**
* @ingroup iface_wp_security_context_manager_v1
*/
#define WP_SECURITY_CONTEXT_MANAGER_V1_DESTROY_SINCE_VERSION 1
/**
* @ingroup iface_wp_security_context_manager_v1
*/
#define WP_SECURITY_CONTEXT_MANAGER_V1_CREATE_LISTENER_SINCE_VERSION 1
/** @ingroup iface_wp_security_context_manager_v1 */
static inline void
wp_security_context_manager_v1_set_user_data(struct wp_security_context_manager_v1 *wp_security_context_manager_v1, void *user_data)
{
wl_proxy_set_user_data((struct wl_proxy *) wp_security_context_manager_v1, user_data);
}
/** @ingroup iface_wp_security_context_manager_v1 */
static inline void *
wp_security_context_manager_v1_get_user_data(struct wp_security_context_manager_v1 *wp_security_context_manager_v1)
{
return wl_proxy_get_user_data((struct wl_proxy *) wp_security_context_manager_v1);
}
static inline uint32_t
wp_security_context_manager_v1_get_version(struct wp_security_context_manager_v1 *wp_security_context_manager_v1)
{
return wl_proxy_get_version((struct wl_proxy *) wp_security_context_manager_v1);
}
/**
* @ingroup iface_wp_security_context_manager_v1
*
* Destroy the manager. This doesn't destroy objects created with the
* manager.
*/
static inline void
wp_security_context_manager_v1_destroy(struct wp_security_context_manager_v1 *wp_security_context_manager_v1)
{
wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_manager_v1,
WP_SECURITY_CONTEXT_MANAGER_V1_DESTROY, NULL, wl_proxy_get_version((struct wl_proxy *) wp_security_context_manager_v1), WL_MARSHAL_FLAG_DESTROY);
}
/**
* @ingroup iface_wp_security_context_manager_v1
*
* Creates a new security context with a socket listening FD.
*
* The compositor will accept new client connections on listen_fd.
* listen_fd must be ready to accept new connections when this request is
* sent by the client. In other words, the client must call bind(2) and
* listen(2) before sending the FD.
*
* close_fd is a FD that will signal hangup when the compositor should stop
* accepting new connections on listen_fd.
*
* The compositor must continue to accept connections on listen_fd when
* the Wayland client which created the security context disconnects.
*
* After sending this request, closing listen_fd and close_fd remains the
* only valid operation on them.
*/
static inline struct wp_security_context_v1 *
wp_security_context_manager_v1_create_listener(struct wp_security_context_manager_v1 *wp_security_context_manager_v1, int32_t listen_fd, int32_t close_fd)
{
struct wl_proxy *id;
id = wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_manager_v1,
WP_SECURITY_CONTEXT_MANAGER_V1_CREATE_LISTENER, &wp_security_context_v1_interface, wl_proxy_get_version((struct wl_proxy *) wp_security_context_manager_v1), 0, NULL, listen_fd, close_fd);
return (struct wp_security_context_v1 *) id;
}
#ifndef WP_SECURITY_CONTEXT_V1_ERROR_ENUM
#define WP_SECURITY_CONTEXT_V1_ERROR_ENUM
enum wp_security_context_v1_error {
/**
* security context has already been committed
*/
WP_SECURITY_CONTEXT_V1_ERROR_ALREADY_USED = 1,
/**
* metadata has already been set
*/
WP_SECURITY_CONTEXT_V1_ERROR_ALREADY_SET = 2,
/**
* metadata is invalid
*/
WP_SECURITY_CONTEXT_V1_ERROR_INVALID_METADATA = 3,
};
#endif /* WP_SECURITY_CONTEXT_V1_ERROR_ENUM */
#define WP_SECURITY_CONTEXT_V1_DESTROY 0
#define WP_SECURITY_CONTEXT_V1_SET_SANDBOX_ENGINE 1
#define WP_SECURITY_CONTEXT_V1_SET_APP_ID 2
#define WP_SECURITY_CONTEXT_V1_SET_INSTANCE_ID 3
#define WP_SECURITY_CONTEXT_V1_COMMIT 4
/**
* @ingroup iface_wp_security_context_v1
*/
#define WP_SECURITY_CONTEXT_V1_DESTROY_SINCE_VERSION 1
/**
* @ingroup iface_wp_security_context_v1
*/
#define WP_SECURITY_CONTEXT_V1_SET_SANDBOX_ENGINE_SINCE_VERSION 1
/**
* @ingroup iface_wp_security_context_v1
*/
#define WP_SECURITY_CONTEXT_V1_SET_APP_ID_SINCE_VERSION 1
/**
* @ingroup iface_wp_security_context_v1
*/
#define WP_SECURITY_CONTEXT_V1_SET_INSTANCE_ID_SINCE_VERSION 1
/**
* @ingroup iface_wp_security_context_v1
*/
#define WP_SECURITY_CONTEXT_V1_COMMIT_SINCE_VERSION 1
/** @ingroup iface_wp_security_context_v1 */
static inline void
wp_security_context_v1_set_user_data(struct wp_security_context_v1 *wp_security_context_v1, void *user_data)
{
wl_proxy_set_user_data((struct wl_proxy *) wp_security_context_v1, user_data);
}
/** @ingroup iface_wp_security_context_v1 */
static inline void *
wp_security_context_v1_get_user_data(struct wp_security_context_v1 *wp_security_context_v1)
{
return wl_proxy_get_user_data((struct wl_proxy *) wp_security_context_v1);
}
static inline uint32_t
wp_security_context_v1_get_version(struct wp_security_context_v1 *wp_security_context_v1)
{
return wl_proxy_get_version((struct wl_proxy *) wp_security_context_v1);
}
/**
* @ingroup iface_wp_security_context_v1
*
* Destroy the security context object.
*/
static inline void
wp_security_context_v1_destroy(struct wp_security_context_v1 *wp_security_context_v1)
{
wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_v1,
WP_SECURITY_CONTEXT_V1_DESTROY, NULL, wl_proxy_get_version((struct wl_proxy *) wp_security_context_v1), WL_MARSHAL_FLAG_DESTROY);
}
/**
* @ingroup iface_wp_security_context_v1
*
* Attach a unique sandbox engine name to the security context. The name
* should follow the reverse-DNS style (e.g. "org.flatpak").
*
* A list of well-known engines is maintained at:
* https://gitlab.freedesktop.org/wayland/wayland-protocols/-/blob/main/staging/security-context/engines.md
*
* It is a protocol error to call this request twice. The already_set
* error is sent in this case.
*/
static inline void
wp_security_context_v1_set_sandbox_engine(struct wp_security_context_v1 *wp_security_context_v1, const char *name)
{
wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_v1,
WP_SECURITY_CONTEXT_V1_SET_SANDBOX_ENGINE, NULL, wl_proxy_get_version((struct wl_proxy *) wp_security_context_v1), 0, name);
}
/**
* @ingroup iface_wp_security_context_v1
*
* Attach an application ID to the security context.
*
* The application ID is an opaque, sandbox-specific identifier for an
* application. See the well-known engines document for more details:
* https://gitlab.freedesktop.org/wayland/wayland-protocols/-/blob/main/staging/security-context/engines.md
*
* The compositor may use the application ID to group clients belonging to
* the same security context application.
*
* Whether this request is optional or not depends on the sandbox engine used.
*
* It is a protocol error to call this request twice. The already_set
* error is sent in this case.
*/
static inline void
wp_security_context_v1_set_app_id(struct wp_security_context_v1 *wp_security_context_v1, const char *app_id)
{
wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_v1,
WP_SECURITY_CONTEXT_V1_SET_APP_ID, NULL, wl_proxy_get_version((struct wl_proxy *) wp_security_context_v1), 0, app_id);
}
/**
* @ingroup iface_wp_security_context_v1
*
* Attach an instance ID to the security context.
*
* The instance ID is an opaque, sandbox-specific identifier for a running
* instance of an application. See the well-known engines document for
* more details:
* https://gitlab.freedesktop.org/wayland/wayland-protocols/-/blob/main/staging/security-context/engines.md
*
* Whether this request is optional or not depends on the sandbox engine used.
*
* It is a protocol error to call this request twice. The already_set
* error is sent in this case.
*/
static inline void
wp_security_context_v1_set_instance_id(struct wp_security_context_v1 *wp_security_context_v1, const char *instance_id)
{
wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_v1,
WP_SECURITY_CONTEXT_V1_SET_INSTANCE_ID, NULL, wl_proxy_get_version((struct wl_proxy *) wp_security_context_v1), 0, instance_id);
}
/**
* @ingroup iface_wp_security_context_v1
*
* Atomically register the new client and attach the security context
* metadata.
*
* If the provided metadata is inconsistent or does not match with out of
* band metadata (see
* https://gitlab.freedesktop.org/wayland/wayland-protocols/-/blob/main/staging/security-context/engines.md),
* the invalid_metadata error may be sent eventually.
*
* It's a protocol error to send any request other than "destroy" after
* this request. In this case, the already_used error is sent.
*/
static inline void
wp_security_context_v1_commit(struct wp_security_context_v1 *wp_security_context_v1)
{
wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_v1,
WP_SECURITY_CONTEXT_V1_COMMIT, NULL, wl_proxy_get_version((struct wl_proxy *) wp_security_context_v1), 0);
}
#ifdef __cplusplus
}
#endif
#endif
Reference in New Issue View Git Blame Copy Permalink