Add a new flag to allow surfaces from unknown Wayland clients

Before, this was only possible by running with the "noSecurity" flag,
which disabled all security checks completely.

Change-Id: I06fbd1cca414be518a19b2250b28e114687e7f93
Fixes: QTBUG-101703
Pick-to: 5.15
Reviewed-by: Bernd Weimer <bernd.weimer@qt.io>

12 files changed, 46 insertions, 9 deletions

diff --git a/doc/configuration.qdoc b/doc/configuration.qdoc
index fa1935b4..238fa2dc 100644
--- a/doc/configuration.qdoc
+++ b/doc/configuration.qdoc
@@ -330,6 +330,11 @@ ui:
             production, if you are verifying packages by other means, while also limiting the
             access to the installer API. (default: false)
     \row
+        \li [\c flags/allowUnknownUiClients]
+        \li bool
+        \li If set, the Wayland compositor will accept surfaces from clients that have not been
+            started by the application manager. (default: false)
+    \row
         \li \b --no-ui-watchdog
             \br [\c flags/noUiWatchdog]
         \li bool
diff --git a/qmltypes/QtApplicationManager/SystemUI/plugins.qmltypes b/qmltypes/QtApplicationManager/SystemUI/plugins.qmltypes
index ce8b54ff..814d3c3f 100644
--- a/qmltypes/QtApplicationManager/SystemUI/plugins.qmltypes
+++ b/qmltypes/QtApplicationManager/SystemUI/plugins.qmltypes
@@ -299,6 +299,7 @@ Module {
         Property { name: "count"; type: "int"; isReadonly: true }
         Property { name: "runningOnDesktop"; type: "bool"; isReadonly: true }
         Property { name: "slowAnimations"; type: "bool"; }
+        Property { name: "allowUnknownUiClients"; type: "bool"; isReadonly: true }
         Signal {
             name: "countChanged"
         }
diff --git a/src/main-lib/configuration.cpp b/src/main-lib/configuration.cpp
index c17f2ca0..f08c5562 100644
--- a/src/main-lib/configuration.cpp
+++ b/src/main-lib/configuration.cpp
@@ -386,7 +386,7 @@ void Configuration::parseWithArguments(const QStringList &arguments)
 }
 
 
-const quint32 ConfigurationData::DataStreamVersion = 7;
+const quint32 ConfigurationData::DataStreamVersion = 8;
 
 
 ConfigurationData *ConfigurationData::loadFromCache(QDataStream &ds)
@@ -447,7 +447,8 @@ ConfigurationData *ConfigurationData::loadFromCache(QDataStream &ds)
        >> cd->flags.forceSingleProcess
        >> cd->wayland.socketName
        >> cd->wayland.extraSockets
-       >> cd->flags.allowUnsignedPackages;
+       >> cd->flags.allowUnsignedPackages
+       >> cd->flags.allowUnknownUiClients;
 
     return cd;
 }
@@ -509,7 +510,8 @@ void ConfigurationData::saveToCache(QDataStream &ds) const
        << flags.forceSingleProcess
        << wayland.socketName
        << wayland.extraSockets
-       << flags.allowUnsignedPackages;
+       << flags.allowUnsignedPackages
+       << flags.allowUnknownUiClients;
 }
 
 template <typename T> void mergeField(T &into, const T &from, const T &def)
@@ -609,6 +611,7 @@ void ConfigurationData::mergeFrom(const ConfigurationData *from)
     MERGE_FIELD(wayland.socketName);
     MERGE_FIELD(wayland.extraSockets);
     MERGE_FIELD(flags.allowUnsignedPackages);
+    MERGE_FIELD(flags.allowUnknownUiClients);
 }
 
 QByteArray ConfigurationData::substituteVars(const QByteArray &sourceContent, const QString &fileName)
@@ -832,6 +835,8 @@ ConfigurationData *ConfigurationData::loadFromSource(QIODevice *source, const QS
                             cd->flags.noUiWatchdog = p->parseScalar().toBool(); } },
                       { "allowUnsignedPackages", false, YamlParser::Scalar, [&cd](YamlParser *p) {
                             cd->flags.allowUnsignedPackages = p->parseScalar().toBool(); } },
+                      { "allowUnknownUiClients", false, YamlParser::Scalar, [&cd](YamlParser *p) {
+                            cd->flags.allowUnknownUiClients = p->parseScalar().toBool(); } },
                   }); } },
             { "wayland", false, YamlParser::Map, [&cd](YamlParser *p) {
                   p->parseFields({
@@ -1077,6 +1082,11 @@ bool Configuration::allowUnsignedPackages() const
     return m_data->flags.allowUnsignedPackages;
 }
 
+bool Configuration::allowUnknownUiClients() const
+{
+    return m_data->flags.allowUnknownUiClients;
+}
+
 bool Configuration::noUiWatchdog() const
 {
     return value<bool>("no-ui-watchdog", m_data->flags.noUiWatchdog);
diff --git a/src/main-lib/configuration.h b/src/main-lib/configuration.h
index dce0baa3..926ac01a 100644
--- a/src/main-lib/configuration.h
+++ b/src/main-lib/configuration.h
@@ -83,6 +83,7 @@ public:
     bool noSecurity() const;
     bool developmentMode() const;
     bool allowUnsignedPackages() const;
+    bool allowUnknownUiClients() const;
     bool noUiWatchdog() const;
     bool noDltLogging() const;
     bool forceSingleProcess() const;
diff --git a/src/main-lib/configuration_p.h b/src/main-lib/configuration_p.h
index 1195c4fb..e2eb7946 100644
--- a/src/main-lib/configuration_p.h
+++ b/src/main-lib/configuration_p.h
@@ -143,6 +143,7 @@ struct ConfigurationData
         bool noSecurity = false;
         bool developmentMode = false;
         bool allowUnsignedPackages = false;
+        bool allowUnknownUiClients = false;
         bool noUiWatchdog = false;
     } flags;
 
diff --git a/src/main-lib/main.cpp b/src/main-lib/main.cpp
index a0140294..c4dc4069 100644
--- a/src/main-lib/main.cpp
+++ b/src/main-lib/main.cpp
@@ -243,8 +243,8 @@ void Main::setup(const Configuration *cfg) Q_DECL_NOEXCEPT_EXPR(false)
     setLibraryPaths(libraryPaths() + cfg->pluginPaths());
     setupQmlEngine(cfg->importPaths(), cfg->style());
     setupWindowTitle(QString(), cfg->windowIcon());
-    setupWindowManager(cfg->waylandSocketName(), cfg->waylandExtraSockets(),
-                       cfg->slowAnimations(), cfg->noUiWatchdog());
+    setupWindowManager(cfg->waylandSocketName(), cfg->waylandExtraSockets(), cfg->slowAnimations(),
+                       cfg->noUiWatchdog(), cfg->allowUnknownUiClients());
 
     setupDBus(std::bind(&Configuration::dbusRegistration, cfg, std::placeholders::_1),
               std::bind(&Configuration::dbusPolicy, cfg, std::placeholders::_1));
@@ -637,11 +637,12 @@ void Main::setupWindowTitle(const QString &title, const QString &iconPath)
 }
 
 void Main::setupWindowManager(const QString &waylandSocketName, const QVariantList &waylandExtraSockets,
-                              bool slowAnimations, bool uiWatchdog)
+                              bool slowAnimations, bool uiWatchdog, bool allowUnknownUiClients)
 {
     QUnifiedTimer::instance()->setSlowModeEnabled(slowAnimations);
 
     m_windowManager = WindowManager::createInstance(m_engine, waylandSocketName);
+    m_windowManager->setAllowUnknownUiClients(m_noSecurity || allowUnknownUiClients);
     m_windowManager->setSlowAnimations(slowAnimations);
     m_windowManager->enableWatchdog(!uiWatchdog);
 
diff --git a/src/main-lib/main.h b/src/main-lib/main.h
index 6793ec44..38fba2e2 100644
--- a/src/main-lib/main.h
+++ b/src/main-lib/main.h
@@ -115,7 +115,8 @@ protected:
 
     void setupQmlEngine(const QStringList &importPaths, const QString &quickControlsStyle = QString());
     void setupWindowTitle(const QString &title, const QString &iconPath);
-    void setupWindowManager(const QString &waylandSocketName, const QVariantList &waylandExtraSockets, bool slowAnimations, bool uiWatchdog);
+    void setupWindowManager(const QString &waylandSocketName, const QVariantList &waylandExtraSockets,
+                            bool slowAnimations, bool uiWatchdog, bool allowUnknownUiClients);
 
     enum SystemProperties {
         SP_ThirdParty = 0,
diff --git a/src/window-lib/windowmanager.cpp b/src/window-lib/windowmanager.cpp
index 81ee8412..b7c77efe 100644
--- a/src/window-lib/windowmanager.cpp
+++ b/src/window-lib/windowmanager.cpp
@@ -339,6 +339,16 @@ void WindowManager::setSlowAnimations(bool slowAnimations)
     }
 }
 
+bool WindowManager::allowUnknownUiClients() const
+{
+    return d->allowUnknownUiClients;
+}
+
+void WindowManager::setAllowUnknownUiClients(bool enable)
+{
+    d->allowUnknownUiClients = enable;
+}
+
 void WindowManager::updateViewSlowMode(QQuickWindow *view)
 {
     // QUnifiedTimer are thread-local. To also slow down animations running in the SG thread
@@ -824,7 +834,7 @@ void WindowManager::waylandSurfaceMapped(WindowSurface *surface)
         }
     }
 
-    if (!app && ApplicationManager::instance()->securityChecksEnabled()) {
+    if (!app && !d->allowUnknownUiClients) {
         qCCritical(LogGraphics) << "SECURITY ALERT: an unknown application with pid" << processId
                                 << "tried to map a Wayland surface!"
                                 << "\n  You can disable this check by using the commandline option "
diff --git a/src/window-lib/windowmanager.h b/src/window-lib/windowmanager.h
index 16cc80ae..53618731 100644
--- a/src/window-lib/windowmanager.h
+++ b/src/window-lib/windowmanager.h
@@ -77,6 +77,7 @@ class WindowManager : public QAbstractListModel
     Q_PROPERTY(int count READ count NOTIFY countChanged)
     Q_PROPERTY(bool runningOnDesktop READ isRunningOnDesktop CONSTANT)
     Q_PROPERTY(bool slowAnimations READ slowAnimations WRITE setSlowAnimations NOTIFY slowAnimationsChanged)
+    Q_PROPERTY(bool allowUnknownUiClients READ allowUnknownUiClients CONSTANT)
 
 public:
     ~WindowManager() override;
@@ -89,7 +90,8 @@ public:
     bool isRunningOnDesktop() const;
     bool slowAnimations() const;
     void setSlowAnimations(bool slowAnimations);
-
+    bool allowUnknownUiClients() const;
+    void setAllowUnknownUiClients(bool enable);
     void enableWatchdog(bool enable);
 
     bool addWaylandSocket(QLocalServer *waylandSocket);
diff --git a/src/window-lib/windowmanager_p.h b/src/window-lib/windowmanager_p.h
index 9b504f17..bf2a2419 100644
--- a/src/window-lib/windowmanager_p.h
+++ b/src/window-lib/windowmanager_p.h
@@ -67,6 +67,7 @@ public:
 
     bool shuttingDown = false;
     bool slowAnimations = false;
+    bool allowUnknownUiClients = false;
 
     QList<QQuickWindow *> views;
     QString waylandSocketName;
diff --git a/tests/auto/configuration/data/config1.yaml b/tests/auto/configuration/data/config1.yaml
index 2f6289b9..0db3414e 100644
--- a/tests/auto/configuration/data/config1.yaml
+++ b/tests/auto/configuration/data/config1.yaml
@@ -85,6 +85,7 @@ flags:
   developmentMode: true
   noUiWatchdog: true
   allowUnsignedPackages: true
+  allowUnknownUiClients: true
 
 wayland:
   socketName: "my-wlsock-42"
diff --git a/tests/auto/configuration/tst_configuration.cpp b/tests/auto/configuration/tst_configuration.cpp
index ba0eae75..21a18303 100644
--- a/tests/auto/configuration/tst_configuration.cpp
+++ b/tests/auto/configuration/tst_configuration.cpp
@@ -94,6 +94,7 @@ void tst_Configuration::defaultConfig()
     QCOMPARE(c.developmentMode(), false);
     QCOMPARE(c.noUiWatchdog(), false);
     QCOMPARE(c.allowUnsignedPackages(), false);
+    QCOMPARE(c.allowUnknownUiClients(), false);
     QCOMPARE(c.forceSingleProcess(), false);
     QCOMPARE(c.forceMultiProcess(), false);
     QCOMPARE(c.loggingRules(), {});
@@ -177,6 +178,7 @@ void tst_Configuration::simpleConfig()
     QCOMPARE(c.developmentMode(), true);
     QCOMPARE(c.noUiWatchdog(), true);
     QCOMPARE(c.allowUnsignedPackages(), true);
+    QCOMPARE(c.allowUnknownUiClients(), true);
     QCOMPARE(c.forceSingleProcess(), true);
     QCOMPARE(c.forceMultiProcess(), true);
     QCOMPARE(c.loggingRules(), QStringList({ qSL("lr1"), qSL("lr2") }));
@@ -307,6 +309,7 @@ void tst_Configuration::mergedConfig()
     QCOMPARE(c.developmentMode(), true);
     QCOMPARE(c.noUiWatchdog(), true);
     QCOMPARE(c.allowUnsignedPackages(), true);
+    QCOMPARE(c.allowUnknownUiClients(), true);
     QCOMPARE(c.forceSingleProcess(), true);
     QCOMPARE(c.forceMultiProcess(), true);
     QCOMPARE(c.loggingRules(), QStringList({ qSL("lr1"), qSL("lr2"), qSL("lr3") }));