dix: Opt-in keyboard isolation from unfocused windows.

itz-me-zappex · itz-me-zappex · commit 0ceec3a8aa81 · 2025-12-30T00:42:15.000+02:00
Adds "IsolateKeyboard" option to "ServerFlags" section in "xorg.conf".
Disabled by default.
If enabled: disallows not grabbed raw events, prevents sending
keyboard input events to clients with unfocused windows and
clients without window to prevent keylogging.
If disabled: follows default X behavior.

Signed-off-by: itz-me-zappex &lt;85901674+itz-me-zappex@users.noreply.github.com&gt;
diff --git a/dix/events.c b/dix/events.c
@@ -2489,6 +2489,15 @@ DeliverRawEvent(RawDeviceEvent *ev, DeviceIntPtr device)
     if (grab)
         DeliverGrabbedEvent((InternalEvent *) ev, device, FALSE);
 
+    /*
+     * To prevent keylogging, not grabbed event should not be sent
+     * to any client.
+     */
+    if (globalIsolateKeyboard) {
+        free(xi);
+        return;
+    }
+
     filter = GetEventFilter(device, xi);
 
     DIX_FOR_EACH_SCREEN({
@@ -2828,6 +2837,25 @@ static int
 DeliverOneEvent(InternalEvent *event, DeviceIntPtr dev, enum InputLevel level,
                 WindowPtr win, Window child, GrabPtr grab)
 {
+    /*
+     * Deliver keyboard events only if client is focused.
+     * Even if it does not have a window, that means unfocused.
+     * Needed to prevent keylogging.
+     */
+    if (globalIsolateKeyboard) {
+        WindowPtr focus = inputInfo.keyboard->focus->win;
+
+        if (focus != win) {
+            switch (event->any.type) {
+            case ET_KeyPress:
+            case ET_KeyRelease:
+                return 0;
+            default:
+                break;
+            }
+        }
+    }
+
     xEvent *xE = NULL;
     int count = 0;
     int deliveries = 0;
diff --git a/dix/globals.c b/dix/globals.c
@@ -122,3 +122,5 @@ int monitorResolution = 0;
 
 Bool explicit_display = FALSE;
 char *ConnectionInfo;
+
+Bool globalIsolateKeyboard = FALSE;
diff --git a/hw/xfree86/common/xf86Config.c b/hw/xfree86/common/xf86Config.c
@@ -657,6 +657,7 @@ typedef enum {
     FLAG_IGLX,
     FLAG_DEBUG,
     FLAG_ALLOW_BYTE_SWAPPED_CLIENTS,
+    FLAG_ISOLATEKEYBOARD,
 } FlagValues;
 
 /**
@@ -718,6 +719,8 @@ static OptionInfoRec FlagOptions[] = {
      {0}, FALSE},
     {FLAG_ALLOW_BYTE_SWAPPED_CLIENTS, "AllowByteSwappedClients", OPTV_BOOLEAN,
      {0}, FALSE},
+    {FLAG_ISOLATEKEYBOARD, "IsolateKeyboard", OPTV_BOOLEAN,
+     {0}, FALSE},
     {-1, NULL, OPTV_NONE,
      {0}, FALSE},
 };
@@ -754,6 +757,9 @@ configServerFlags(XF86ConfFlagsPtr flagsconf, XF86OptionPtr layoutopts)
     xf86GetOptValBool(FlagOptions, FLAG_DONTZAP, &xf86Info.dontZap);
     xf86GetOptValBool(FlagOptions, FLAG_DONTZOOM, &xf86Info.dontZoom);
 
+    xf86GetOptValBool(FlagOptions, FLAG_ISOLATEKEYBOARD, &xf86Info.isolateKeyboard);
+    globalIsolateKeyboard = xf86Info.isolateKeyboard;
+
     xf86GetOptValBool(FlagOptions, FLAG_IGNORE_ABI, &xf86Info.ignoreABI);
     if (xf86Info.ignoreABI) {
         LogMessageVerb(X_CONFIG, 1, "Ignoring ABI Version\n");
diff --git a/hw/xfree86/common/xf86Globals.c b/hw/xfree86/common/xf86Globals.c
@@ -131,6 +131,7 @@ xf86InfoRec xf86Info = {
     .autoAddGPU = FALSE,
 #endif
     .autoBindGPU = TRUE,
+    .isolateKeyboard = FALSE,
 };
 
 const char *xf86ConfigFile = NULL;
diff --git a/hw/xfree86/common/xf86Privstr.h b/hw/xfree86/common/xf86Privstr.h
@@ -94,6 +94,8 @@ typedef struct {
     Bool autoAddGPU;
     const char *debug;
     Bool autoBindGPU;
+
+    Bool isolateKeyboard;
 } xf86InfoRec, *xf86InfoPtr;
 
 /* ISC's cc can't handle ~ of UL constants, so explicitly type cast them. */
diff --git a/hw/xfree86/man/xorg.conf.man b/hw/xfree86/man/xorg.conf.man
@@ -687,6 +687,11 @@ Unset by default.
 .TP 7
 .BI "Option \*qAllowByteSwappedClients\*q  \*q" boolean \*q
 Allow clients with a different byte-order than the server. Disabled by default.
+.TP 7
+.BI "Option \*qIsolateKeyboard\*q \*q" boolean \*q
+Disallows all not grabbed raw events and keyboard input events to both
+unfocused windows and clients without window to prevent keylogging.
+Disabled by default.
 .SH "MODULE SECTION"
 The
 .B Module
diff --git a/hw/xfree86/parser/Flags.c b/hw/xfree86/parser/Flags.c
@@ -80,6 +80,7 @@ static const xf86ConfigSymTabRec ServerFlagsTab[] = {
     {SUSPENDTIME, "suspendtime"},
     {OFFTIME, "offtime"},
     {DEFAULTLAYOUT, "defaultserverlayout"},
+    {ISOLATEKEYBOARD, "isolatekeyboard"},
     {-1, ""},
 };
 
@@ -127,6 +128,7 @@ xf86parseFlagsSection(XF86ConfFlagsPtr ptr)
         case DISABLEMODINDEV:
         case MODINDEVALLOWNONLOCAL:
         case ALLOWMOUSEOPENFAIL:
+        case ISOLATEKEYBOARD:
         {
             int i = 0;
 
diff --git a/hw/xfree86/parser/xf86tokens.h b/hw/xfree86/parser/xf86tokens.h
@@ -107,6 +107,7 @@ typedef enum {
     SUSPENDTIME,
     OFFTIME,
     DEFAULTLAYOUT,
+    ISOLATEKEYBOARD,
 
     /* Monitor tokens */
     MODEL,
diff --git a/include/globals.h b/include/globals.h
@@ -12,4 +12,6 @@ extern _X_EXPORT int defaultColorVisualClass;
 
 extern _X_EXPORT char *SeatId;
 
+extern _X_EXPORT Bool globalIsolateKeyboard;
+
 #endif                          /* !_XSERV_GLOBAL_H_ */
