security/hakurei
security/hakurei
5
2
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases 7 Wiki Activity
hakurei/system/wayland/security-context-v1-protocol.h
Ophestra 82561d62b6
All checks were successful
Test / Create distribution (push) Successful in 31s
Details
Test / Sandbox (push) Successful in 1m52s
Details
Test / Hakurei (push) Successful in 3m3s
Details
Test / Planterette (push) Successful in 3m38s
Details
Test / Hakurei (race detector) (push) Successful in 4m48s
Details
Test / Sandbox (race detector) (push) Successful in 1m14s
Details
Test / Flake checks (push) Successful in 1m6s
Details
system: move system access packages 
These packages loosely belong in the "system" package and "system" provides high level wrappers for all of them.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-07-02 21:52:07 +09:00

393 lines
15 KiB
C
Raw Blame History

/* Generated by wayland-scanner 1.23.1 */
#ifndef SECURITY_CONTEXT_V1_CLIENT_PROTOCOL_H
#define SECURITY_CONTEXT_V1_CLIENT_PROTOCOL_H
#include <stdint.h>
#include <stddef.h>
#include "wayland-client.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* @page page_security_context_v1 The security_context_v1 protocol
* @section page_ifaces_security_context_v1 Interfaces
* - @subpage page_iface_wp_security_context_manager_v1 - client security context manager
* - @subpage page_iface_wp_security_context_v1 - client security context
* @section page_copyright_security_context_v1 Copyright
* <pre>
*
* Copyright © 2021 Simon Ser
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice (including the next
* paragraph) shall be included in all copies or substantial portions of the
* Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
* DEALINGS IN THE SOFTWARE.
* </pre>
*/
struct wp_security_context_manager_v1;
struct wp_security_context_v1;
#ifndef WP_SECURITY_CONTEXT_MANAGER_V1_INTERFACE
#define WP_SECURITY_CONTEXT_MANAGER_V1_INTERFACE
/**
* @page page_iface_wp_security_context_manager_v1 wp_security_context_manager_v1
* @section page_iface_wp_security_context_manager_v1_desc Description
*
* This interface allows a client to register a new Wayland connection to
* the compositor and attach a security context to it.
*
* This is intended to be used by sandboxes. Sandbox engines attach a
* security context to all connections coming from inside the sandbox. The
* compositor can then restrict the features that the sandboxed connections
* can use.
*
* Compositors should forbid nesting multiple security contexts by not
* exposing wp_security_context_manager_v1 global to clients with a security
* context attached, or by sending the nested protocol error. Nested
* security contexts are dangerous because they can potentially allow
* privilege escalation of a sandboxed client.
*
* Warning! The protocol described in this file is currently in the testing
* phase. Backward compatible changes may be added together with the
* corresponding interface version bump. Backward incompatible changes can
* only be done by creating a new major version of the extension.
* @section page_iface_wp_security_context_manager_v1_api API
* See @ref iface_wp_security_context_manager_v1.
*/
/**
* @defgroup iface_wp_security_context_manager_v1 The wp_security_context_manager_v1 interface
*
* This interface allows a client to register a new Wayland connection to
* the compositor and attach a security context to it.
*
* This is intended to be used by sandboxes. Sandbox engines attach a
* security context to all connections coming from inside the sandbox. The
* compositor can then restrict the features that the sandboxed connections
* can use.
*
* Compositors should forbid nesting multiple security contexts by not
* exposing wp_security_context_manager_v1 global to clients with a security
* context attached, or by sending the nested protocol error. Nested
* security contexts are dangerous because they can potentially allow
* privilege escalation of a sandboxed client.
*
* Warning! The protocol described in this file is currently in the testing
* phase. Backward compatible changes may be added together with the
* corresponding interface version bump. Backward incompatible changes can
* only be done by creating a new major version of the extension.
*/
extern const struct wl_interface wp_security_context_manager_v1_interface;
#endif
#ifndef WP_SECURITY_CONTEXT_V1_INTERFACE
#define WP_SECURITY_CONTEXT_V1_INTERFACE
/**
* @page page_iface_wp_security_context_v1 wp_security_context_v1
* @section page_iface_wp_security_context_v1_desc Description
*
* The security context allows a client to register a new client and attach
* security context metadata to the connections.
*
* When both are set, the combination of the application ID and the sandbox
* engine must uniquely identify an application. The same application ID
* will be used across instances (e.g. if the application is restarted, or
* if the application is started multiple times).
*
* When both are set, the combination of the instance ID and the sandbox
* engine must uniquely identify a running instance of an application.
* @section page_iface_wp_security_context_v1_api API
* See @ref iface_wp_security_context_v1.
*/
/**
* @defgroup iface_wp_security_context_v1 The wp_security_context_v1 interface
*
* The security context allows a client to register a new client and attach
* security context metadata to the connections.
*
* When both are set, the combination of the application ID and the sandbox
* engine must uniquely identify an application. The same application ID
* will be used across instances (e.g. if the application is restarted, or
* if the application is started multiple times).
*
* When both are set, the combination of the instance ID and the sandbox
* engine must uniquely identify a running instance of an application.
*/
extern const struct wl_interface wp_security_context_v1_interface;
#endif
#ifndef WP_SECURITY_CONTEXT_MANAGER_V1_ERROR_ENUM
#define WP_SECURITY_CONTEXT_MANAGER_V1_ERROR_ENUM
enum wp_security_context_manager_v1_error {
/**
* listening socket FD is invalid
*/
WP_SECURITY_CONTEXT_MANAGER_V1_ERROR_INVALID_LISTEN_FD = 1,
/**
* nested security contexts are forbidden
*/
WP_SECURITY_CONTEXT_MANAGER_V1_ERROR_NESTED = 2,
};
#endif /* WP_SECURITY_CONTEXT_MANAGER_V1_ERROR_ENUM */
#define WP_SECURITY_CONTEXT_MANAGER_V1_DESTROY 0
#define WP_SECURITY_CONTEXT_MANAGER_V1_CREATE_LISTENER 1
/**
* @ingroup iface_wp_security_context_manager_v1
*/
#define WP_SECURITY_CONTEXT_MANAGER_V1_DESTROY_SINCE_VERSION 1
/**
* @ingroup iface_wp_security_context_manager_v1
*/
#define WP_SECURITY_CONTEXT_MANAGER_V1_CREATE_LISTENER_SINCE_VERSION 1
/** @ingroup iface_wp_security_context_manager_v1 */
static inline void
wp_security_context_manager_v1_set_user_data(struct wp_security_context_manager_v1 *wp_security_context_manager_v1, void *user_data)
{
wl_proxy_set_user_data((struct wl_proxy *) wp_security_context_manager_v1, user_data);
}
/** @ingroup iface_wp_security_context_manager_v1 */
static inline void *
wp_security_context_manager_v1_get_user_data(struct wp_security_context_manager_v1 *wp_security_context_manager_v1)
{
return wl_proxy_get_user_data((struct wl_proxy *) wp_security_context_manager_v1);
}
static inline uint32_t
wp_security_context_manager_v1_get_version(struct wp_security_context_manager_v1 *wp_security_context_manager_v1)
{
return wl_proxy_get_version((struct wl_proxy *) wp_security_context_manager_v1);
}
/**
* @ingroup iface_wp_security_context_manager_v1
*
* Destroy the manager. This doesn't destroy objects created with the
* manager.
*/
static inline void
wp_security_context_manager_v1_destroy(struct wp_security_context_manager_v1 *wp_security_context_manager_v1)
{
wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_manager_v1,
WP_SECURITY_CONTEXT_MANAGER_V1_DESTROY, NULL, wl_proxy_get_version((struct wl_proxy *) wp_security_context_manager_v1), WL_MARSHAL_FLAG_DESTROY);
}
/**
* @ingroup iface_wp_security_context_manager_v1
*
* Creates a new security context with a socket listening FD.
*
* The compositor will accept new client connections on listen_fd.
* listen_fd must be ready to accept new connections when this request is
* sent by the client. In other words, the client must call bind(2) and
* listen(2) before sending the FD.
*
* close_fd is a FD that will signal hangup when the compositor should stop
* accepting new connections on listen_fd.
*
* The compositor must continue to accept connections on listen_fd when
* the Wayland client which created the security context disconnects.
*
* After sending this request, closing listen_fd and close_fd remains the
* only valid operation on them.
*/
static inline struct wp_security_context_v1 *
wp_security_context_manager_v1_create_listener(struct wp_security_context_manager_v1 *wp_security_context_manager_v1, int32_t listen_fd, int32_t close_fd)
{
struct wl_proxy *id;
id = wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_manager_v1,
WP_SECURITY_CONTEXT_MANAGER_V1_CREATE_LISTENER, &wp_security_context_v1_interface, wl_proxy_get_version((struct wl_proxy *) wp_security_context_manager_v1), 0, NULL, listen_fd, close_fd);
return (struct wp_security_context_v1 *) id;
}
#ifndef WP_SECURITY_CONTEXT_V1_ERROR_ENUM
#define WP_SECURITY_CONTEXT_V1_ERROR_ENUM
enum wp_security_context_v1_error {
/**
* security context has already been committed
*/
WP_SECURITY_CONTEXT_V1_ERROR_ALREADY_USED = 1,
/**
* metadata has already been set
*/
WP_SECURITY_CONTEXT_V1_ERROR_ALREADY_SET = 2,
/**
* metadata is invalid
*/
WP_SECURITY_CONTEXT_V1_ERROR_INVALID_METADATA = 3,
};
#endif /* WP_SECURITY_CONTEXT_V1_ERROR_ENUM */
#define WP_SECURITY_CONTEXT_V1_DESTROY 0
#define WP_SECURITY_CONTEXT_V1_SET_SANDBOX_ENGINE 1
#define WP_SECURITY_CONTEXT_V1_SET_APP_ID 2
#define WP_SECURITY_CONTEXT_V1_SET_INSTANCE_ID 3
#define WP_SECURITY_CONTEXT_V1_COMMIT 4
/**
* @ingroup iface_wp_security_context_v1
*/
#define WP_SECURITY_CONTEXT_V1_DESTROY_SINCE_VERSION 1
/**
* @ingroup iface_wp_security_context_v1
*/
#define WP_SECURITY_CONTEXT_V1_SET_SANDBOX_ENGINE_SINCE_VERSION 1
/**
* @ingroup iface_wp_security_context_v1
*/
#define WP_SECURITY_CONTEXT_V1_SET_APP_ID_SINCE_VERSION 1
/**
* @ingroup iface_wp_security_context_v1
*/
#define WP_SECURITY_CONTEXT_V1_SET_INSTANCE_ID_SINCE_VERSION 1
/**
* @ingroup iface_wp_security_context_v1
*/
#define WP_SECURITY_CONTEXT_V1_COMMIT_SINCE_VERSION 1
/** @ingroup iface_wp_security_context_v1 */
static inline void
wp_security_context_v1_set_user_data(struct wp_security_context_v1 *wp_security_context_v1, void *user_data)
{
wl_proxy_set_user_data((struct wl_proxy *) wp_security_context_v1, user_data);
}
/** @ingroup iface_wp_security_context_v1 */
static inline void *
wp_security_context_v1_get_user_data(struct wp_security_context_v1 *wp_security_context_v1)
{
return wl_proxy_get_user_data((struct wl_proxy *) wp_security_context_v1);
}
static inline uint32_t
wp_security_context_v1_get_version(struct wp_security_context_v1 *wp_security_context_v1)
{
return wl_proxy_get_version((struct wl_proxy *) wp_security_context_v1);
}
/**
* @ingroup iface_wp_security_context_v1
*
* Destroy the security context object.
*/
static inline void
wp_security_context_v1_destroy(struct wp_security_context_v1 *wp_security_context_v1)
{
wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_v1,
WP_SECURITY_CONTEXT_V1_DESTROY, NULL, wl_proxy_get_version((struct wl_proxy *) wp_security_context_v1), WL_MARSHAL_FLAG_DESTROY);
}
/**
* @ingroup iface_wp_security_context_v1
*
* Attach a unique sandbox engine name to the security context. The name
* should follow the reverse-DNS style (e.g. "org.flatpak").
*
* A list of well-known engines is maintained at:
* https://gitlab.freedesktop.org/wayland/wayland-protocols/-/blob/main/staging/security-context/engines.md
*
* It is a protocol error to call this request twice. The already_set
* error is sent in this case.
*/
static inline void
wp_security_context_v1_set_sandbox_engine(struct wp_security_context_v1 *wp_security_context_v1, const char *name)
{
wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_v1,
WP_SECURITY_CONTEXT_V1_SET_SANDBOX_ENGINE, NULL, wl_proxy_get_version((struct wl_proxy *) wp_security_context_v1), 0, name);
}
/**
* @ingroup iface_wp_security_context_v1
*
* Attach an application ID to the security context.
*
* The application ID is an opaque, sandbox-specific identifier for an
* application. See the well-known engines document for more details:
* https://gitlab.freedesktop.org/wayland/wayland-protocols/-/blob/main/staging/security-context/engines.md
*
* The compositor may use the application ID to group clients belonging to
* the same security context application.
*
* Whether this request is optional or not depends on the sandbox engine used.
*
* It is a protocol error to call this request twice. The already_set
* error is sent in this case.
*/
static inline void
wp_security_context_v1_set_app_id(struct wp_security_context_v1 *wp_security_context_v1, const char *app_id)
{
wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_v1,
WP_SECURITY_CONTEXT_V1_SET_APP_ID, NULL, wl_proxy_get_version((struct wl_proxy *) wp_security_context_v1), 0, app_id);
}
/**
* @ingroup iface_wp_security_context_v1
*
* Attach an instance ID to the security context.
*
* The instance ID is an opaque, sandbox-specific identifier for a running
* instance of an application. See the well-known engines document for
* more details:
* https://gitlab.freedesktop.org/wayland/wayland-protocols/-/blob/main/staging/security-context/engines.md
*
* Whether this request is optional or not depends on the sandbox engine used.
*
* It is a protocol error to call this request twice. The already_set
* error is sent in this case.
*/
static inline void
wp_security_context_v1_set_instance_id(struct wp_security_context_v1 *wp_security_context_v1, const char *instance_id)
{
wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_v1,
WP_SECURITY_CONTEXT_V1_SET_INSTANCE_ID, NULL, wl_proxy_get_version((struct wl_proxy *) wp_security_context_v1), 0, instance_id);
}
/**
* @ingroup iface_wp_security_context_v1
*
* Atomically register the new client and attach the security context
* metadata.
*
* If the provided metadata is inconsistent or does not match with out of
* band metadata (see
* https://gitlab.freedesktop.org/wayland/wayland-protocols/-/blob/main/staging/security-context/engines.md),
* the invalid_metadata error may be sent eventually.
*
* It's a protocol error to send any request other than "destroy" after
* this request. In this case, the already_used error is sent.
*/
static inline void
wp_security_context_v1_commit(struct wp_security_context_v1 *wp_security_context_v1)
{
wl_proxy_marshal_flags((struct wl_proxy *) wp_security_context_v1,
WP_SECURITY_CONTEXT_V1_COMMIT, NULL, wl_proxy_get_version((struct wl_proxy *) wp_security_context_v1), 0);
}
#ifdef __cplusplus
}
#endif
#endif
Reference in New Issue View Git Blame Copy Permalink