Replaces the agl-shell-desktop mention that all clients can bind to the
interface with a mention that that happens only if the policy engine
allows.
Bug-AGL: SPEC-3413
Signed-off-by: Marius Vlad <marius.vlad@collabora.com>
Change-Id: Ieb6b9df1181cb7a0ad6da09519655ebd8f73a1a5
## Policy
The compositor contains an API useful for defining policy rules. It contains
## Policy
The compositor contains an API useful for defining policy rules. It contains
-the bare minimum and installs, by default, an allow-all kind of engine.
+the bare minimum and installs, by default, an allow-all kind of engine. A
+deny-all policy engine exists and can be switched to by using
+`-Dpolicy-default=deny-all` build time option.
+
+For instance, in order to configure the compositor with that policy one could
+issue:
+
+ $ meson -Dprefix=/path/to/where/to/install/compositor -Dpolicy-default=deny-all build_directory
Users wanting to create their own policy engine should create a specialized
version and use `struct ivi_policy_api` where they can install their own
Users wanting to create their own policy engine should create a specialized
version and use `struct ivi_policy_api` where they can install their own
`ivi_policy_api::policy_rule_try_event()` which is executed for each policy
rules currently added, by using the policy API `ivi_policy_add()`.
`ivi_policy_api::policy_rule_try_event()` which is executed for each policy
rules currently added, by using the policy API `ivi_policy_add()`.
-Users can customize the hooks by using some sort of database to retrieve
-the application name to compare against, or incorporate some kind of policy
-rule engine.
+Users can customize the hooks by using some sort of database to retrieve the
+application name to compare against, or incorporate some kind of policy rule
+engine. Alternatively, one can use the deny-all policy engine which allows the
+top panel applications to be used/displayed as permitted applications.
to activate or switch to other running (regular) applications. The client
is responsbile for filtering their own app_id when receiving application id.
to activate or switch to other running (regular) applications. The client
is responsbile for filtering their own app_id when receiving application id.
- Note that other (regular) applications can bind to this interface and there is
- no mechanism to place to restrict or limit that.
+ The compositor will allow clients to bind to this interface only if the
+ policy engine allows it.
</description>
<enum name="app_role">
</description>
<enum name="app_role">