# Security Delegate Wayland client can send some risky requests. We must be careful not to allow dangerous clients to send the request. To guard the request from invalid clients, we use [SecurityDelegate](https://source.chromium.org/chromium/chromium/src/+/main:components/exo/security_delegate.h;l=42;drc=fa67bc861debe561f482e5023096ced07cf33f45). ## Overview [SecurityDelegate](https://source.chromium.org/chromium/chromium/src/+/main:components/exo/security_delegate.h;l=42;drc=fa67bc861debe561f482e5023096ced07cf33f45) is an abstract interface that is associated with the wayland server to control security sensitive features. This allows exo to make strong guarantees about the relationship between the wayland client and the server which owns SecurityDelegate. [ChromeSecurityDelegate](https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/ash/exo/chrome_security_delegate.h;l=27;drc=f47a266a5d48fc008efe65d520fa29185196dbd9) is the delegate we use for real Exo server. [TestSecurityDelegate](https://source.chromium.org/chromium/chromium/src/+/main:components/exo/test/test_security_delegate.h;l=18;drc=23f3eda65e2ccfa03b31c53f090b251677dd2c75) is the delegate we use for testing. From here, let's see each privilege. ## SetBounds Setting the window bounds is allowed/disallowed per clients since its security relevant policy. SecurityDelegate holds its information. [SetBoundsPolicy](https://source.chromium.org/chromium/chromium/src/+/main:components/exo/security_delegate.h;l=45;drc=fa67bc861debe561f482e5023096ced07cf33f45) represents the policy whether the client is allowed to set bounds. - IGNORE: default, cannot set bounds - DCHECK_IF_DECORATED: client can set bounds with DCHECK on requests with server side decoration - ADJUST_IF_DECORATED: client can set bounds and exo will expand the requested bounds to account for server side decoration This can be checked via [CanSetBounds](https://source.chromium.org/chromium/chromium/src/+/main:components/exo/security_delegate.h;l=78;drc=fa67bc861debe561f482e5023096ced07cf33f45). [ChromeSecurityDelegate::CanSetBounds](https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/ash/exo/chrome_security_delegate.cc;l=298;drc=f47a266a5d48fc008efe65d520fa29185196dbd9) returns - DCHECK_IF_DECORATED if it's lacros window - ADJUST_IF_DECORATED if it's ARC window - IGNORE if else ## Lock pointer [CanLockPointer](https://source.chromium.org/chromium/chromium/src/+/main:components/exo/security_delegate.h;l=70;drc=fa67bc861debe561f482e5023096ced07cf33f45) determines whether we can lock the location of the pointer and disable movement. Obviously, this should be security relevant request. Pointer lock is defined in pointer-constraints-unstable-v1.xml extension protocol and used by for example fullscreen games. [ChromeSecurityDelegate::CanLockPointer](https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/ash/exo/chrome_security_delegate.cc;l=292;drc=f47a266a5d48fc008efe65d520fa29185196dbd9) returns true if it's ARC or Lacros window. ## Self Activate Self-activation is also security sensitive windowing operation. This is common paradigm in X11. We have [CanSelfActivate](https://source.chromium.org/chromium/chromium/src/+/main:components/exo/security_delegate.h;l=64;drc=fa67bc861debe561f482e5023096ced07cf33f45) to check the window may self activate. [ChromeSecurityDelegate::CanSelfActivate](https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/ash/exo/chrome_security_delegate.cc;l=283;drc=f47a266a5d48fc008efe65d520fa29185196dbd9) returns true if the window has a value for [kPermissionKey](https://source.chromium.org/chromium/chromium/src/+/main:components/exo/permission.cc;l=14;drc=fa67bc861debe561f482e5023096ced07cf33f45) and its value is [Permission::Capability::kActivate](https://source.chromium.org/chromium/chromium/src/+/main:components/exo/permission.h;l=17;drc=fa67bc861debe561f482e5023096ced07cf33f45).