Skip to content

wayland: Prefer security context appId for permission lookup where available

David Edmundson requested to merge work/d_ed/security_context into master

The security context appId is set by the launching container (i.e flatpak) and is therefore more trustworthy than any other source of application ID.

Use this when looking up allowed wayland extensions.

wayland: Drop isTrustedOrigin check

The rationale behind the check was sandboxed apps could have a different mount namespace to kwin, therefore lying about the executable path was doable.

Moving forward anything sandboxed will have a security context app Id. Anything not sandboxed can circumvent these checks anyway.

This significantly improves application launch time.

Merge request reports

Loading