server: Add an API to get the file descriptor for a client

This adds an API to get the file descriptor for a client.
The client file descriptor can be used for a wayland compositor to validate
a request from a client if there are any additional information provided from
the client's file descriptor.

For instance, this will be helpful in some linux distributions, in which SELinux
or SMACK is enabled. In those environments, each file (including socket) will have
each security contexts in its inode as xattr member variable. A wayland compositor
can validate a client request by getting the file descriptor of the client and
by checking the security contexts associated with the file descriptor.

Signed-off-by: Sung-Jin Park <input.hacker@gmail.com>

4 files changed, 47 insertions, 0 deletions

diff --git a/src/connection.c b/src/connection.c
index bc373f6..65b64e9 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -405,6 +405,12 @@ wl_message_count_arrays(const struct wl_message *message)
 	return arrays;
 }
 
+int
+wl_connection_get_fd(struct wl_connection *connection)
+{
+	return connection->fd;
+}
+
 static int
 wl_connection_put_fd(struct wl_connection *connection, int32_t fd)
 {
diff --git a/src/wayland-private.h b/src/wayland-private.h
index da578d1..994bc45 100644
--- a/src/wayland-private.h
+++ b/src/wayland-private.h
@@ -136,6 +136,9 @@ int
 wl_connection_queue(struct wl_connection *connection,
 		    const void *data, size_t count);
 
+int
+wl_connection_get_fd(struct wl_connection *connection);
+
 struct wl_closure {
 	int count;
 	const struct wl_message *message;
diff --git a/src/wayland-server-core.h b/src/wayland-server-core.h
index 1700cd3..e8e1e9c 100644
--- a/src/wayland-server-core.h
+++ b/src/wayland-server-core.h
@@ -182,6 +182,9 @@ void
 wl_client_get_credentials(struct wl_client *client,
 			  pid_t *pid, uid_t *uid, gid_t *gid);
 
+int
+wl_client_get_fd(struct wl_client *client);
+
 void
 wl_client_add_destroy_listener(struct wl_client *client,
 			       struct wl_listener *listener);
diff --git a/src/wayland-server.c b/src/wayland-server.c
index 3a7d79d..6654cd7 100644
--- a/src/wayland-server.c
+++ b/src/wayland-server.c
@@ -491,6 +491,41 @@ wl_client_get_credentials(struct wl_client *client,
 		*gid = client->ucred.gid;
 }
 
+/** Get the file descriptor for the client
+ *
+ * \param client The display object
+ * \return The file descriptor to use for the connection
+ *
+ * This function returns the file descriptor for the given client.
+ *
+ * Be sure to use the file descriptor from the client for inspection only.
+ * If the caller does anything to the file descriptor that changes its state,
+ * it will likely cause problems.
+ *
+ * See also wl_client_get_credentials().
+ * It is recommended that you evaluate whether wl_client_get_credentials()
+ * can be applied to your use case instead of this function.
+ *
+ * If you would like to distinguish just between the client and the compositor
+ * itself from the client's request, it can be done by getting the client
+ * credentials and by checking the PID of the client and the compositor's PID.
+ * Regarding the case in which the socketpair() is being used, you need to be
+ * careful. Please note the documentation for wl_client_get_credentials().
+ *
+ * This function can be used for a compositor to validate a request from
+ * a client if there are additional information provided from the client's
+ * file descriptor. For instance, suppose you can get the security contexts
+ * from the client's file descriptor. The compositor can validate the client's
+ * request with the contexts and make a decision whether it permits or deny it.
+ *
+ * \memberof wl_client
+ */
+WL_EXPORT int
+wl_client_get_fd(struct wl_client *client)
+{
+	return wl_connection_get_fd(client->connection);
+}
+
 /** Look up an object in the client name space
  *
  * \param client The client object