# Wayland Server Initialization
[wayland::Server](https://source.chromium.org/chromium/chromium/src/+/main:components/exo/wayland/server.h;l=47;drc=313971e914c3a42c3fa74eca6ad7601cbda9cc1f) class is a wrapper around a Wayland display server.
Let's take a look into its wrapper class to understand the initialization process and its features.
## Who initializes Server
ChromeBrowserMainExtraPartsAsh initializes [ExoParts](https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/ui/ash/chrome_browser_main_extra_parts_ash.cc;l=277;drc=f5bdc89c7395ed24f1b8d196a3bdd6232d5bf771).
ExoParts has [WaylandServerController](https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/exo_parts.h;l=32;drc=f5bdc89c7395ed24f1b8d196a3bdd6232d5bf771) who controls wayland::Server object.
WaylandServerController ctor instantiates [`default_server_`] via wayland::Server::Create and owns it. Here, it uses [GetDefaultSecurityDelegate](https://source.chromium.org/chromium/chromium/src/+/main:components/exo/security_delegate.cc;l=47;drc=f5bdc89c7395ed24f1b8d196a3bdd6232d5bf771) as a SecurityDelegate.
## Initialize Server
To initialize Server object, call static method [Server::Create](https://source.chromium.org/chromium/chromium/src/+/main:components/exo/wayland/server.h;l=64;drc=313971e914c3a42c3fa74eca6ad7601cbda9cc1f).
This is called from WaylandServerController constructor as well.
There are two arguments: `display` and `security_delegate`.
On creation, [Server::Initialize](https://source.chromium.org/chromium/chromium/src/+/main:components/exo/wayland/server.cc;l=272;drc=b6660c771b294ba1460182a9751934110ba3a80c) is called to create wayland global objects.
[wl_global_create](https://source.chromium.org/chromium/chromium/src/+/main:third_party/wayland/src/src/wayland-server.c;l=1231;drc=f5bdc89c7395ed24f1b8d196a3bdd6232d5bf771) is a method in third party wayland library.
The order of the initalization of globcal objects are listed inside this Initialize implementation.
First, it initialize `wl_compositor_interface`, `wl_shm_interface` and then `zaura_output_manager_interface` and so on.
Let's check only the objects I'm related.
- `wl_compositor_interface`
- `wl_shm_interface`
- `zaura_output_manager_interface`
- `zcr_vsync_feedback_v1_interface`
- `wl_data_device_manager_interface`
- `surface_augmenter_interface`
- `wp_presentation_interface`
- `zwp_linux_explicit_synchronization_v1_interface`
- `zaura_shell_interface`
- `zwp_text_input_manager_v1_interface`
There are so many other interfaces initialized here.
zaura_shell initialization is suprizingly late in my feeling.
## SecurityDelegate
[SecurityDelegate](https://source.chromium.org/chromium/chromium/src/+/main:components/exo/security_delegate.h;l=27;drc=f5bdc89c7395ed24f1b8d196a3bdd6232d5bf771) is used to control security-sensitive features of the server.
If client is allowed to control any UI feature, the client may run malicious actions, but for some previleged clients we allow some access so that thoes clients can make richer features.
Here, the previledged clietns are usually a Google product, Lacros or ARC.
- CanSelfActivate: Whether the client can activate itself. ARC++ can active itself while Crostini should not.
- CanLockPointer: Whether client can lock the location of the pointer / disable pointer movement. Note that this pointer is not C++ pointer, it's a UI pointer like mouse cursor.
- CanSetBounds: Whether the window bounds can be set from client.
SecurityDelegate is overriden by BorealisSecurityDelegate for borealis, but let's focus on exo usage.
[DefaultSecurityDelegate](https://source.chromium.org/chromium/chromium/src/+/main:components/exo/security_delegate.cc;l=17;drc=f5bdc89c7395ed24f1b8d196a3bdd6232d5bf771) is a SecurityDelegate used by default Server::Create.
This is also used for WaylandServerController.
## DefaultSecurityDelegate restriction
[CanLockPointer](https://source.chromium.org/chromium/chromium/src/+/main:components/exo/security_delegate.cc;l=22;drc=f5bdc89c7395ed24f1b8d196a3bdd6232d5bf771): Returns true if the window is Arc window or Lacros window.
[CanSetBounds](https://source.chromium.org/chromium/chromium/src/+/main:components/exo/security_delegate.cc;l=28;drc=f5bdc89c7395ed24f1b8d196a3bdd6232d5bf771):
For lacros, clients are allowed to set bounds but Exo may DCHECK on requests when server side decoration is done, which implies that clients can set bounds only when client decoration is enabled.
Fir ARC, clients are allowed to set bounds for any window. If there is a decoration done on Exo side, Exo will expand the requested bounds to account for server-side decoration inset.
For otheres, ignore all bounds settings.
CanSetBounds is used from [ShellSurfaceBase::SetWindowBounds](https://source.chromium.org/chromium/chromium/src/+/main:components/exo/shell_surface_base.cc;l=798-837;drc=f5bdc89c7395ed24f1b8d196a3bdd6232d5bf771). It's more clear which SetBoundsPolicy does what by reading this code.
[CanSelfActivate](https://source.chromium.org/chromium/chromium/src/+/main:components/exo/security_delegate.cc;l=51;drc=f5bdc89c7395ed24f1b8d196a3bdd6232d5bf771) does not have a specific implementation in DefaultSecurityDelegate, so it falls back to the original implementation of SecurityDelegate class itself.
Its inner implementation is [HasPermissionToActivate](https://source.chromium.org/chromium/chromium/src/+/main:components/exo/shell_surface_util.cc;l=314;drc=f5bdc89c7395ed24f1b8d196a3bdd6232d5bf771) which checks kActivate permission in UI Property paired with kPermissionKey.
## Note
We can check whether the window is arc window / lacros window.
There is a UI property called [kAppType](https://source.chromium.org/chromium/chromium/src/+/main:ui/aura/client/aura_constants.cc;l=48;drc=f5bdc89c7395ed24f1b8d196a3bdd6232d5bf771) and it value is NON_APP, BROWSER, CHROME_APP, ARC_APP, CROSTINI_APP, SYSTEMAPP or LACROS.
Sign in with Wallet
Connect another wallet