xprop-sink

lightweight, streaming X11 property updater
git clone https://9o.is/git/xprop-sink.git
user.WindowStatus

(1275B)
      1 #!/usr/bin/env sh
      2 set -e
      3 STATUS_PROP=_MY_WIN_STATUS
      4 ##
      5 ## Allows an AppVM to update an X11 property on its own window via `qrexec`
      6 ## without compromising the security of other windows. The map_window function checks
      7 ## if the window belongs to the appvm making the request. The window status prop is
      8 ## hardcoded in the STATUS_PROP variable.
      9 ##
     10 ## Usage:
     11 ##     while true; do
     12 ##         echo "Counter: $(date +%S)"
     13 ##         sleep 0.1
     14 ##     done | qrexec-client-vm @default user.WindowStatus+$WINDOWID
     15 ##
     16 ## Policy (if using sys-gui):
     17 ##     user.WindowStatus * @tag:guivm-sys-gui @default allow target=sys-gui
     18 ##
     19 
     20 map_window() {
     21 	local target_vm="$1"
     22 	local target_xid="$2"
     23 
     24 	for win in $(xprop -root _NET_CLIENT_LIST | cut -d'#' -f2 | tr ',' ' '); do
     25 		vm=$(xprop -id "$win" _QUBES_VMNAME 2>/dev/null | cut -d'"' -f2)
     26 		vmid=$(xprop -id "$win" _QUBES_VMWINDOWID 2>/dev/null | awk -F' # ' '{print $2}')
     27 
     28 		if [ "$vm" = "$target_vm" ] && [ "$vmid" = "$target_xid" ]; then
     29 			echo "$win"
     30 			return 0
     31 		fi
     32 	done
     33 }
     34 
     35 if [ -z "$1" ]; then
     36 	echo "Error: Missing window ID argument" >&2
     37 	exit 1
     38 fi
     39 
     40 XID=$(map_window "$QREXEC_REMOTE_DOMAIN" "$(printf '0x%x' $1)")
     41 
     42 if [ -n "$XID" ]; then
     43 	xprop-sink "$XID" "$STATUS_PROP"
     44 else
     45 	echo "Error: Window mapping failed" >&2
     46 	exit 1
     47 fi