The rationale behind the check was sandboxed apps could have a different
mount namespace to kwin, therefore lying about the executable path was
doable.
Moving forward anything sandboxed will have a security context app Id.
Anything not sandboxed can circumvent these checks anyway.
This significantly improves application launch time.
The security context appId is set by the launching container (i.e
flatpak) and is therefore more trustworthy than any other source of
application ID.
Use this when looking up allowed wayland extensions.
This allows KWin to securely identify the client for a given connection,
without relying on the process name.
This patch does not do anything meaningful with the application ID other
than store it.
This first version does not support kwin restarts, it can come
afterwards.
Testing done:
With latest flatpak, running `WAYLAND_DEBUG=1 flatpak run org.telegram.desktop |& grep security`
shows that flatpak itself bound the security context, and the client did not see it advertised.
The configuration file may contain entries that have the same output identifiers if
there's a bug in the implementation. To repair the config, this commit checks for
duplicate entries in the output list and removes them when loading the config file.
OffscreenQuickView replaces the contents of the default scene. Nothing
will be repainted beneath it.
On the other hand, if the OffscreenQuickView contains translucent region,
there might be visual glitches. To prevent that, this change makes
scene effect views opaque.
We want some quick views to be opaque, for example SceneEffect views.
This changes adds an api allowing to specify whether the given
OffscreenQuickView must be opaque or translucent.
If another compositor changes the color encoding and color range properties, the
resulting colors will be wrong. This commit ensures they're always set to BT.709
limited range to prevent that
When a display gets turned off while a pageflip event was still pending, the pending
state gets changed immediately, without waiting for the pageflip event to arrive first.
When this happens, activePending() returns false, and so the pageflip event gets discarded.
This commit changes the logic to only check for activePending() when the pageflip is for a
modeset, avoiding that issue.
BUG: 476340
BUG: 476341
BUG: 476342
BUG: 437520
BUG: 475146
It's used as a float and otherwise it makes (some?) drivers very
confused as they're required to cast at runtime.
The original value is double so it makes sense to keep the same type.
Signed-off-by: Victoria Fischer <victoria.fischer@mbition.io>
As KWin measures render times properly now, these settings and estimations
should no longer be necessary, so this commit replaces them with one hardcoded
algorithm that should prevent most dropped frames and reduce latency
When sorting surfaces in the ancestor order we need to ignore null
surfaces.
In addition to that, we also need to properly handle the case where
a transaction with dependencies is unlocked and it contains null
surfaces.
For example, if there are three transactions A -> B -> C, and the B
transaction is unlocked, we cannot apply it until transaction A is
applied. The readiness check is based on checking the first pending
transaction of the surface. But if the surface is null, the check
will be skipped, which is not ideal as transaction B can be applied
before transaction A now. To address that, this change makes every
transaction entry remember the previous transaction. With that, the
readiness check can be performed even if the surface has been destroyed.
BUG: 475648
It doesn't make sense for a window to become 1x1 pixels small. When we have
server side decorations we also know that the decoration takes a lot of
space, so this commit enforces a bigger minimum size for decorated windows
BUG: 469237
By default, hyper keys are interpreted as meta keys. However, due to
a Qt bug, it had been incorrectly mapped.
Commit b45b9090c3b66d541f57f8d049c22247f8c115ca in qtbase repo fixed it,
so the test needs adjustments.