wayland: Drop isTrustedOrigin check

The rationale behind the check was sandboxed apps could have a different
mount namespace to kwin, therefore lying about the executable path was
doable.

Moving forward anything sandboxed will have a security context app Id.
Anything not sandboxed can circumvent these checks anyway.

This significantly improves application launch time.
This commit is contained in:
David Edmundson 2023-11-13 10:38:08 +00:00
parent aec896acc0
commit 4016406e1e

View file

@ -77,7 +77,6 @@
#include "xdgshellwindow.h"
// Qt
#include <QCryptographicHash>
#include <QDir>
#include <QFileInfo>
@ -104,31 +103,6 @@ public:
{
}
static QByteArray sha256(const QString &fileName)
{
QFile f(fileName);
if (f.open(QFile::ReadOnly)) {
QCryptographicHash hash(QCryptographicHash::Sha256);
if (hash.addData(&f)) {
return hash.result();
}
}
return QByteArray();
}
bool isTrustedOrigin(ClientConnection *client) const
{
const auto fullPathSha = sha256(client->executablePath());
const auto localSha = sha256(QLatin1String("/proc/") + QString::number(client->processId()) + QLatin1String("/exe"));
const bool trusted = !localSha.isEmpty() && fullPathSha == localSha;
if (!trusted) {
qCWarning(KWIN_CORE) << "Could not trust" << client->executablePath() << "sha" << localSha << fullPathSha;
}
return trusted;
}
QStringList fetchRequestedInterfaces(ClientConnection *client) const
{
if (!client->securityContextAppId().isEmpty()) {
@ -201,17 +175,6 @@ public:
}
}
{
auto trustedOrigin = client->property("isPrivileged");
if (trustedOrigin.isNull()) {
trustedOrigin = isTrustedOrigin(client);
client->setProperty("isPrivileged", trustedOrigin);
}
if (!trustedOrigin.toBool()) {
return false;
}
}
qCDebug(KWIN_CORE) << "authorized" << client->executablePath() << interfaceName;
return true;
}