chromium/third_party/wayland-protocols/unstable/secure-output/secure-output-unstable-v1.xml

<?xml version="1.0" encoding="UTF-8"?>
<protocol name="secure_output_unstable_v1">

  <copyright>
    Copyright 2016 The Chromium Authors

    Permission is hereby granted, free of charge, to any person obtaining a
    copy of this software and associated documentation files (the "Software"),
    to deal in the Software without restriction, including without limitation
    the rights to use, copy, modify, merge, publish, distribute, sublicense,
    and/or sell copies of the Software, and to permit persons to whom the
    Software is furnished to do so, subject to the following conditions:

    The above copyright notice and this permission notice (including the next
    paragraph) shall be included in all copies or substantial portions of the
    Software.

    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
    THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
    FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
    DEALINGS IN THE SOFTWARE.
  </copyright>

  <description summary="Protocol for providing secure output">
    This protocol specifies a set of interfaces used to prevent surface
    contents from appearing in screenshots or from being visible on non-secure
    outputs.

    In order to prevent surface contents from appearing in screenshots or from
    being visible on non-secure outputs, a client must first bind the global
    interface "wp_secure_output" which, if a compositor supports secure output,
    is exposed by the registry. Using the bound global object, the client uses
    the "get_security" request to instantiate an interface extension for a
    wl_surface object. This extended interface will then allow surfaces
    to be marked as only visible on secure outputs.

    Warning! The protocol described in this file is experimental and backward
    incompatible changes may be made. Backward compatible changes may be added
    together with the corresponding interface version bump. Backward
    incompatible changes are done by bumping the version number in the protocol
    and interface names and resetting the interface version. Once the protocol
    is to be declared stable, the 'z' prefix and the version number in the
    protocol and interface names are removed and the interface version number is
    reset.
  </description>

  <interface name="zcr_secure_output_v1" version="1">
    <description summary="secure output">
      The global interface exposing secure output capabilities is used
      to instantiate an interface extension for a wl_surface object.
      This extended interface will then allow surfaces to be marked as
      as only visible on secure outputs.
    </description>

    <request name="destroy" type="destructor">
      <description summary="unbind from the secure output interface">
	Informs the server that the client will not be using this
	protocol object anymore. This does not affect any other objects,
	security objects included.
      </description>
    </request>

    <enum name="error">
      <entry name="security_exists" value="0"
	     summary="the surface already has a security object associated"/>
    </enum>

    <request name="get_security">
      <description summary="extend surface interface for security">
	Instantiate an interface extension for the given wl_surface to
	provide surface security. If the given wl_surface already has
	a security object associated, the security_exists protocol error
	is raised.
      </description>

      <arg name="id" type="new_id" interface="zcr_security_v1"
	   summary="the new security interface id"/>
      <arg name="surface" type="object" interface="wl_surface"
	   summary="the surface"/>
    </request>
  </interface>

  <interface name="zcr_security_v1" version="1">
    <description summary="security interface to a wl_surface">
      An additional interface to a wl_surface object, which allows the
      client to specify that a surface should not appear in screenshots
      or be visible on non-secure outputs.

      If the wl_surface associated with the security object is destroyed,
      the security object becomes inert.

      If the security object is destroyed, the security state is removed
      from the wl_surface. The change will be applied on the next
      wl_surface.commit.
    </description>

    <request name="destroy" type="destructor">
      <description summary="remove security from the surface">
	The associated wl_surface's security state is removed.
	The change is applied on the next wl_surface.commit.
      </description>
    </request>

    <request name="only_visible_on_secure_output">
      <description summary="set the only visible on secure output state">
	Constrain visibility of wl_surface contents to secure outputs.
	See wp_secure_output for the description.

	The only visible on secure output state is double-buffered state,
	and will be applied on the next wl_surface.commit.
      </description>
    </request>
  </interface>

</protocol>