dix: Opt-in keyboard isolation from unfocused windows.

Adds "IsolateKeyboard" option to "ServerFlags" section.
If enabled: Disallows raw keyboard events and prevents
keyboard input events to unfocused windows and clients
without window to prevent keylogging.
If disabled: Follows default X behavior.

Signed-off-by: itz-me-zappex <[email protected]>

Author: itz-me-zappex

dix/events.c

@@ -2489,6 +2489,21 @@ DeliverRawEvent(RawDeviceEvent *ev, DeviceIntPtr device)
     if (grab)
         DeliverGrabbedEvent((InternalEvent *) ev, device, FALSE);
 
+    /*
+     * To prevent keylogging, not grabbed raw keyboard event
+     * should not be sent to any client.
+     */
+    if (globalIsolateKeyboard) {
+        switch (ev->type) {
+        case ET_RawKeyPress:
+        case ET_RawKeyRelease:
+            free(xi);
+            return;
+        default:
+            break;
+        }
+    }
+
     filter = GetEventFilter(device, xi);
 
     DIX_FOR_EACH_SCREEN({
@@ -2828,6 +2843,25 @@ static int
 DeliverOneEvent(InternalEvent *event, DeviceIntPtr dev, enum InputLevel level,
                 WindowPtr win, Window child, GrabPtr grab)
 {
+    /*
+     * Deliver keyboard events only if client is focused.
+     * Even if it does not have a window, that means unfocused.
+     * Needed to prevent keylogging.
+     */
+    if (globalIsolateKeyboard) {
+        WindowPtr focus = inputInfo.keyboard->focus->win;
+
+        if (focus != win) {
+            switch (event->any.type) {
+            case ET_KeyPress:
+            case ET_KeyRelease:
+                return 0;
+            default:
+                break;
+            }
+        }
+    }
+
     xEvent *xE = NULL;
     int count = 0;
     int deliveries = 0;

dix/globals.c

@@ -122,3 +122,5 @@ int monitorResolution = 0;
 
 Bool explicit_display = FALSE;
 char *ConnectionInfo;
+
+Bool globalIsolateKeyboard = FALSE;

hw/xfree86/common/xf86Config.c

@@ -658,6 +658,7 @@ typedef enum {
     FLAG_DEBUG,
     FLAG_ALLOW_BYTE_SWAPPED_CLIENTS,
     FLAG_SINGLE_DRIVER,
+    FLAG_ISOLATEKEYBOARD,
 } FlagValues;
 
 /**
@@ -721,6 +722,8 @@ static OptionInfoRec FlagOptions[] = {
      {0}, FALSE},
     {FLAG_SINGLE_DRIVER, "SingleDriver", OPTV_BOOLEAN,
      {0}, FALSE},
+    {FLAG_ISOLATEKEYBOARD, "IsolateKeyboard", OPTV_BOOLEAN,
+     {0}, FALSE},
     {-1, NULL, OPTV_NONE,
      {0}, FALSE},
 };
@@ -757,6 +760,9 @@ configServerFlags(XF86ConfFlagsPtr flagsconf, XF86OptionPtr layoutopts)
     xf86GetOptValBool(FlagOptions, FLAG_DONTZAP, &xf86Info.dontZap);
     xf86GetOptValBool(FlagOptions, FLAG_DONTZOOM, &xf86Info.dontZoom);
 
+    xf86GetOptValBool(FlagOptions, FLAG_ISOLATEKEYBOARD, &xf86Info.isolateKeyboard);
+    globalIsolateKeyboard = xf86Info.isolateKeyboard;
+
     xf86GetOptValBool(FlagOptions, FLAG_IGNORE_ABI, &xf86Info.ignoreABI);
     if (xf86Info.ignoreABI) {
         LogMessageVerb(X_CONFIG, 1, "Ignoring ABI Version\n");

hw/xfree86/common/xf86Globals.c

@@ -132,6 +132,7 @@ xf86InfoRec xf86Info = {
 #endif
     .autoBindGPU = TRUE,
     .singleDriver = FALSE,
+    .isolateKeyboard = FALSE,
 };
 
 const char *xf86ConfigFile = NULL;

hw/xfree86/common/xf86Privstr.h

@@ -97,6 +97,8 @@ typedef struct {
 
     Bool singleDriver;          /* Only the first successfully probed driver adds primary screens,
                                  * others may add GPU secondary screens only */
+
+    Bool isolateKeyboard;
 } xf86InfoRec, *xf86InfoPtr;
 
 /* ISC's cc can't handle ~ of UL constants, so explicitly type cast them. */

hw/xfree86/man/xorg.conf.man

@@ -692,6 +692,11 @@ Allow clients with a different byte-order than the server. Disabled by default.
 Only the first successfully probed driver is allowed to add screens to the current layout, others may
 add secondary GPU screens only (e.g., if non-primary GPUs are used for offloading).
 Disabled by default.
+.TP 7
+.BI "Option \*qIsolateKeyboard\*q \*q" boolean \*q
+Disallows not grabbed raw keyboard events and keyboard input events to
+both unfocused windows and clients without window preventing keylogging.
+Disabled by default.
 .SH "MODULE SECTION"
 The
 .B Module

hw/xfree86/parser/Flags.c

@@ -80,6 +80,7 @@ static const xf86ConfigSymTabRec ServerFlagsTab[] = {
     {SUSPENDTIME, "suspendtime"},
     {OFFTIME, "offtime"},
     {DEFAULTLAYOUT, "defaultserverlayout"},
+    {ISOLATEKEYBOARD, "isolatekeyboard"},
     {-1, ""},
 };
 
@@ -127,6 +128,7 @@ xf86parseFlagsSection(XF86ConfFlagsPtr ptr)
         case DISABLEMODINDEV:
         case MODINDEVALLOWNONLOCAL:
         case ALLOWMOUSEOPENFAIL:
+        case ISOLATEKEYBOARD:
         {
             int i = 0;
 

hw/xfree86/parser/xf86tokens.h

@@ -107,6 +107,7 @@ typedef enum {
     SUSPENDTIME,
     OFFTIME,
     DEFAULTLAYOUT,
+    ISOLATEKEYBOARD,
 
     /* Monitor tokens */
     MODEL,

include/globals.h

@@ -12,4 +12,6 @@ extern _X_EXPORT int defaultColorVisualClass;
 
 extern _X_EXPORT char *SeatId;
 
+extern _X_EXPORT Bool globalIsolateKeyboard;
+
 #endif                          /* !_XSERV_GLOBAL_H_ */