diff options
| author | Robert Griebl <robert.griebl@qt.io> | 2022-03-22 18:45:35 +0100 |
|---|---|---|
| committer | Robert Griebl <robert.griebl@qt.io> | 2022-03-24 12:03:40 +0100 |
| commit | a056e53da86cd61fec962ec1821a1dfca050a8e1 (patch) | |
| tree | 9ea321ad2c4955158b01c2b756a850eaad700563 | |
| parent | bb158100dd6b7c694142a1c5395ba121e55c9236 (diff) | |
| download | qtapplicationmanager-a056e53da86cd61fec962ec1821a1dfca050a8e1.tar.gz | |
Add a new flag to allow surfaces from unknown Wayland clients
Before, this was only possible by running with the "noSecurity" flag,
which disabled all security checks completely.
Change-Id: I06fbd1cca414be518a19b2250b28e114687e7f93
Fixes: QTBUG-101703
Reviewed-by: Bernd Weimer <bernd.weimer@qt.io>
(cherry picked from commit c1fbd8b4f27d810c70fad85d0a9365aee360becb)
Reviewed-by: Robert Griebl <robert.griebl@qt.io>
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
| -rw-r--r-- | doc/configuration.qdoc | 5 | ||||
| -rw-r--r-- | qmltypes/QtApplicationManager/SystemUI/plugins.qmltypes | 1 | ||||
| -rw-r--r-- | src/main-lib/configuration.cpp | 16 | ||||
| -rw-r--r-- | src/main-lib/configuration.h | 1 | ||||
| -rw-r--r-- | src/main-lib/configuration_p.h | 1 | ||||
| -rw-r--r-- | src/main-lib/main.cpp | 8 | ||||
| -rw-r--r-- | src/main-lib/main.h | 3 | ||||
| -rw-r--r-- | src/window-lib/windowmanager.cpp | 12 | ||||
| -rw-r--r-- | src/window-lib/windowmanager.h | 4 | ||||
| -rw-r--r-- | src/window-lib/windowmanager_p.h | 1 | ||||
| -rw-r--r-- | tests/configuration/data/config1.yaml | 1 | ||||
| -rw-r--r-- | tests/configuration/tst_configuration.cpp | 3 |
12 files changed, 47 insertions, 9 deletions
diff --git a/doc/configuration.qdoc b/doc/configuration.qdoc index 9f9a124a..86b71262 100644 --- a/doc/configuration.qdoc +++ b/doc/configuration.qdoc @@ -320,6 +320,11 @@ or across multiple config files, the final value is resolved based on these rule production, if you are verifying packages by other means, while also limiting the access to the installer API. (default: false) \row + \li [\c flags/allowUnknownUiClients] + \li bool + \li If set, the Wayland compositor will accept surfaces from clients that have not been + started by the application manager. (default: false) + \row \li \b --no-ui-watchdog \br [\c flags/noUiWatchdog] \li bool diff --git a/qmltypes/QtApplicationManager/SystemUI/plugins.qmltypes b/qmltypes/QtApplicationManager/SystemUI/plugins.qmltypes index 6637b02c..b40c8b33 100644 --- a/qmltypes/QtApplicationManager/SystemUI/plugins.qmltypes +++ b/qmltypes/QtApplicationManager/SystemUI/plugins.qmltypes @@ -294,6 +294,7 @@ Module { Property { name: "count"; type: "int"; isReadonly: true } Property { name: "runningOnDesktop"; type: "bool"; isReadonly: true } Property { name: "slowAnimations"; type: "bool"; } + Property { name: "allowUnknownUiClients"; type: "bool"; isReadonly: true } Signal { name: "countChanged" } diff --git a/src/main-lib/configuration.cpp b/src/main-lib/configuration.cpp index 39ffe3da..5e77430e 100644 --- a/src/main-lib/configuration.cpp +++ b/src/main-lib/configuration.cpp @@ -401,7 +401,7 @@ void Configuration::parseWithArguments(const QStringList &arguments) } -const quint32 ConfigurationData::DataStreamVersion = 6; +const quint32 ConfigurationData::DataStreamVersion = 7; ConfigurationData *ConfigurationData::loadFromCache(QDataStream &ds) @@ -463,7 +463,8 @@ ConfigurationData *ConfigurationData::loadFromCache(QDataStream &ds) >> cd->flags.forceSingleProcess >> cd->wayland.socketName >> cd->wayland.extraSockets - >> cd->flags.allowUnsignedPackages; + >> cd->flags.allowUnsignedPackages + >> cd->flags.allowUnknownUiClients; return cd; } @@ -526,7 +527,8 @@ void ConfigurationData::saveToCache(QDataStream &ds) const << flags.forceSingleProcess << wayland.socketName << wayland.extraSockets - << flags.allowUnsignedPackages; + << flags.allowUnsignedPackages + << flags.allowUnknownUiClients; } template <typename T> void mergeField(T &into, const T &from, const T &def) @@ -627,6 +629,7 @@ void ConfigurationData::mergeFrom(const ConfigurationData *from) MERGE_FIELD(wayland.socketName); MERGE_FIELD(wayland.extraSockets); MERGE_FIELD(flags.allowUnsignedPackages); + MERGE_FIELD(flags.allowUnknownUiClients); } QByteArray ConfigurationData::substituteVars(const QByteArray &sourceContent, const QString &fileName) @@ -849,6 +852,8 @@ ConfigurationData *ConfigurationData::loadFromSource(QIODevice *source, const QS cd->flags.noUiWatchdog = p->parseScalar().toBool(); } }, { "allowUnsignedPackages", false, YamlParser::Scalar, [&cd](YamlParser *p) { cd->flags.allowUnsignedPackages = p->parseScalar().toBool(); } }, + { "allowUnknownUiClients", false, YamlParser::Scalar, [&cd](YamlParser *p) { + cd->flags.allowUnknownUiClients = p->parseScalar().toBool(); } }, }); } }, { "wayland", false, YamlParser::Map, [&cd](YamlParser *p) { p->parseFields({ @@ -1094,6 +1099,11 @@ bool Configuration::allowUnsignedPackages() const return m_data->flags.allowUnsignedPackages; } +bool Configuration::allowUnknownUiClients() const +{ + return m_data->flags.allowUnknownUiClients; +} + bool Configuration::noUiWatchdog() const { return value<bool>("no-ui-watchdog", m_data->flags.noUiWatchdog); diff --git a/src/main-lib/configuration.h b/src/main-lib/configuration.h index 4cf97421..e2fd49d1 100644 --- a/src/main-lib/configuration.h +++ b/src/main-lib/configuration.h @@ -95,6 +95,7 @@ public: bool noSecurity() const; bool developmentMode() const; bool allowUnsignedPackages() const; + bool allowUnknownUiClients() const; bool noUiWatchdog() const; bool noDltLogging() const; bool forceSingleProcess() const; diff --git a/src/main-lib/configuration_p.h b/src/main-lib/configuration_p.h index a1addb7e..08295589 100644 --- a/src/main-lib/configuration_p.h +++ b/src/main-lib/configuration_p.h @@ -156,6 +156,7 @@ struct ConfigurationData bool noSecurity = false; bool developmentMode = false; bool allowUnsignedPackages = false; + bool allowUnknownUiClients = false; bool noUiWatchdog = false; } flags; diff --git a/src/main-lib/main.cpp b/src/main-lib/main.cpp index 2cbe7ec2..be656810 100644 --- a/src/main-lib/main.cpp +++ b/src/main-lib/main.cpp @@ -282,8 +282,8 @@ void Main::setup(const Configuration *cfg) Q_DECL_NOEXCEPT_EXPR(false) setLibraryPaths(libraryPaths() + cfg->pluginPaths()); setupQmlEngine(cfg->importPaths(), cfg->style()); setupWindowTitle(QString(), cfg->windowIcon()); - setupWindowManager(cfg->waylandSocketName(), cfg->waylandExtraSockets(), - cfg->slowAnimations(), cfg->noUiWatchdog()); + setupWindowManager(cfg->waylandSocketName(), cfg->waylandExtraSockets(), cfg->slowAnimations(), + cfg->noUiWatchdog(), cfg->allowUnknownUiClients()); setupTouchEmulation(cfg->enableTouchEmulation()); setupShellServer(QString(), 0); // remove setupSSDPService(); @@ -697,16 +697,18 @@ void Main::setupWindowTitle(const QString &title, const QString &iconPath) } void Main::setupWindowManager(const QString &waylandSocketName, const QVariantList &waylandExtraSockets, - bool slowAnimations, bool uiWatchdog) + bool slowAnimations, bool uiWatchdog, bool allowUnknownUiClients) { #if defined(AM_HEADLESS) Q_UNUSED(waylandSocketName) Q_UNUSED(slowAnimations) Q_UNUSED(uiWatchdog) + Q_UNUSED(allowUnknownUiClients) #else QUnifiedTimer::instance()->setSlowModeEnabled(slowAnimations); m_windowManager = WindowManager::createInstance(m_engine, waylandSocketName); + m_windowManager->setAllowUnknownUiClients(m_noSecurity || allowUnknownUiClients); m_windowManager->setSlowAnimations(slowAnimations); m_windowManager->enableWatchdog(!uiWatchdog); diff --git a/src/main-lib/main.h b/src/main-lib/main.h index 082187a8..e48b442a 100644 --- a/src/main-lib/main.h +++ b/src/main-lib/main.h @@ -129,7 +129,8 @@ protected: void setupQmlEngine(const QStringList &importPaths, const QString &quickControlsStyle = QString()); void setupWindowTitle(const QString &title, const QString &iconPath); - void setupWindowManager(const QString &waylandSocketName, const QVariantList &waylandExtraSockets, bool slowAnimations, bool uiWatchdog); + void setupWindowManager(const QString &waylandSocketName, const QVariantList &waylandExtraSockets, + bool slowAnimations, bool uiWatchdog, bool allowUnknownUiClients); void setupTouchEmulation(bool enableTouchEmulation); void setupShellServer(const QString &telnetAddress, quint16 telnetPort) Q_DECL_NOEXCEPT_EXPR(false); diff --git a/src/window-lib/windowmanager.cpp b/src/window-lib/windowmanager.cpp index d237f295..e34bb3f3 100644 --- a/src/window-lib/windowmanager.cpp +++ b/src/window-lib/windowmanager.cpp @@ -349,6 +349,16 @@ void WindowManager::setSlowAnimations(bool slowAnimations) } } +bool WindowManager::allowUnknownUiClients() const +{ + return d->allowUnknownUiClients; +} + +void WindowManager::setAllowUnknownUiClients(bool enable) +{ + d->allowUnknownUiClients = enable; +} + void WindowManager::updateViewSlowMode(QQuickWindow *view) { // QUnifiedTimer are thread-local. To also slow down animations running in the SG thread @@ -829,7 +839,7 @@ void WindowManager::waylandSurfaceMapped(WindowSurface *surface) } } - if (!app && ApplicationManager::instance()->securityChecksEnabled()) { + if (!app && !d->allowUnknownUiClients) { qCCritical(LogGraphics) << "SECURITY ALERT: an unknown application with pid" << processId << "tried to map a Wayland surface!"; return; diff --git a/src/window-lib/windowmanager.h b/src/window-lib/windowmanager.h index 8b7fc3dc..4d1560ae 100644 --- a/src/window-lib/windowmanager.h +++ b/src/window-lib/windowmanager.h @@ -88,6 +88,7 @@ class WindowManager : public QAbstractListModel Q_PROPERTY(int count READ count NOTIFY countChanged) Q_PROPERTY(bool runningOnDesktop READ isRunningOnDesktop CONSTANT) Q_PROPERTY(bool slowAnimations READ slowAnimations WRITE setSlowAnimations NOTIFY slowAnimationsChanged) + Q_PROPERTY(bool allowUnknownUiClients READ allowUnknownUiClients CONSTANT) public: ~WindowManager() override; @@ -100,7 +101,8 @@ public: bool isRunningOnDesktop() const; bool slowAnimations() const; void setSlowAnimations(bool slowAnimations); - + bool allowUnknownUiClients() const; + void setAllowUnknownUiClients(bool enable); void enableWatchdog(bool enable); bool addWaylandSocket(QLocalServer *waylandSocket); diff --git a/src/window-lib/windowmanager_p.h b/src/window-lib/windowmanager_p.h index 8bf93300..a4a296ac 100644 --- a/src/window-lib/windowmanager_p.h +++ b/src/window-lib/windowmanager_p.h @@ -78,6 +78,7 @@ public: bool shuttingDown = false; bool slowAnimations = false; + bool allowUnknownUiClients = false; QList<QQuickWindow *> views; QString waylandSocketName; diff --git a/tests/configuration/data/config1.yaml b/tests/configuration/data/config1.yaml index 77e9ad8b..4db268b7 100644 --- a/tests/configuration/data/config1.yaml +++ b/tests/configuration/data/config1.yaml @@ -86,6 +86,7 @@ flags: developmentMode: true noUiWatchdog: true allowUnsignedPackages: true + allowUnknownUiClients: true wayland: socketName: "my-wlsock-42" diff --git a/tests/configuration/tst_configuration.cpp b/tests/configuration/tst_configuration.cpp index 06daaf62..1383fcd8 100644 --- a/tests/configuration/tst_configuration.cpp +++ b/tests/configuration/tst_configuration.cpp @@ -94,6 +94,7 @@ void tst_Configuration::defaultConfig() QCOMPARE(c.developmentMode(), false); QCOMPARE(c.noUiWatchdog(), false); QCOMPARE(c.allowUnsignedPackages(), false); + QCOMPARE(c.allowUnknownUiClients(), false); QCOMPARE(c.forceSingleProcess(), false); QCOMPARE(c.forceMultiProcess(), false); QCOMPARE(c.loggingRules(), {}); @@ -178,6 +179,7 @@ void tst_Configuration::simpleConfig() QCOMPARE(c.developmentMode(), true); QCOMPARE(c.noUiWatchdog(), true); QCOMPARE(c.allowUnsignedPackages(), true); + QCOMPARE(c.allowUnknownUiClients(), true); QCOMPARE(c.forceSingleProcess(), true); QCOMPARE(c.forceMultiProcess(), true); QCOMPARE(c.loggingRules(), QStringList({ qSL("lr1"), qSL("lr2") })); @@ -309,6 +311,7 @@ void tst_Configuration::mergedConfig() QCOMPARE(c.developmentMode(), true); QCOMPARE(c.noUiWatchdog(), true); QCOMPARE(c.allowUnsignedPackages(), true); + QCOMPARE(c.allowUnknownUiClients(), true); QCOMPARE(c.forceSingleProcess(), true); QCOMPARE(c.forceMultiProcess(), true); QCOMPARE(c.loggingRules(), QStringList({ qSL("lr1"), qSL("lr2"), qSL("lr3") })); |