From bbf173123cdd4c64330fbf77631a9ae120e7d09f Mon Sep 17 00:00:00 2001
From: Marius Vlad <marius.vlad@collabora.com>
Date: Tue, 9 Jun 2020 13:18:11 +0300
Subject: [PATCH] policy: Add a new policy hook to restrict access to private
 extensions

In this manner we can control which clients can bind to which interface
(either the agl_shell one or the agl_shell_desktop one).

Bug-AGL: SPEC-3394

Signed-off-by: Marius Vlad <marius.vlad@collabora.com>
Change-Id: I9da4b3596dc5980b325aada8f8fcc7a11431c755
---
 src/policy-default.c |  7 +++++++
 src/policy.h         |  2 ++
 src/shell.c          | 25 ++++++++++++++++++++++++-
 3 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/src/policy-default.c b/src/policy-default.c
index 735f5c5..23842ab 100644
--- a/src/policy-default.c
+++ b/src/policy-default.c
@@ -78,6 +78,12 @@ ivi_policy_default_surface_advertise_state_change(struct ivi_surface *surf, void
 	return true;
 }
 
+static bool
+ivi_policy_default_shell_bind_interface(void *client, void *interface)
+{
+	return true;
+}
+
 static bool
 ivi_policy_default_allow_to_add(void *user_data)
 {
@@ -113,6 +119,7 @@ static const struct ivi_policy_api policy_api = {
 	.surface_deactivate = ivi_policy_default_surface_deactivate,
 	.surface_activate_by_default = ivi_policy_default_surface_activate_default,
 	.surface_advertise_state_change = ivi_policy_default_surface_advertise_state_change,
+	.shell_bind_interface = ivi_policy_default_shell_bind_interface,
 	.policy_rule_allow_to_add = ivi_policy_default_allow_to_add,
 	.policy_rule_try_event = ivi_policy_default_try_event,
 };
diff --git a/src/policy.h b/src/policy.h
index 67da4aa..c59fbe4 100644
--- a/src/policy.h
+++ b/src/policy.h
@@ -75,6 +75,8 @@ struct ivi_policy_api {
 	bool (*surface_activate_by_default)(struct ivi_surface *surf, void *user_data);
 	bool (*surface_advertise_state_change)(struct ivi_surface *surf, void *user_data);
 
+	bool (*shell_bind_interface)(void *client, void *interface);
+
 	/** see also ivi_policy_add(). If set this will be executed before
 	 * adding a new policy rule  */
 	bool (*policy_rule_allow_to_add)(void *user_data);
diff --git a/src/shell.c b/src/shell.c
index 5561898..82cc1d3 100644
--- a/src/shell.c
+++ b/src/shell.c
@@ -949,6 +949,17 @@ bind_agl_shell(struct wl_client *client,
 {
 	struct ivi_compositor *ivi = data;
 	struct wl_resource *resource;
+	struct ivi_policy *policy;
+	void *interface;
+
+	policy = ivi->policy;
+	interface = (void *) &agl_shell_interface;
+	if (policy && policy->api.shell_bind_interface &&
+	    !policy->api.shell_bind_interface(client, interface)) {
+		wl_client_post_implementation_error(client,
+				       "client not authorized to use agl_shell");
+		return;
+	}
 
 	resource = wl_resource_create(client, &agl_shell_interface,
 				      1, id);
@@ -991,8 +1002,20 @@ bind_agl_shell_desktop(struct wl_client *client,
 {
 	struct ivi_compositor *ivi = data;
 	struct wl_resource *resource;
-	struct desktop_client *dclient = zalloc(sizeof(*dclient));
+	struct ivi_policy *policy;
+	struct desktop_client *dclient;
+	void *interface;
+
+	policy = ivi->policy;
+	interface  = (void *) &agl_shell_desktop_interface;
+	if (policy && policy->api.shell_bind_interface &&
+	    !policy->api.shell_bind_interface(client, interface)) {
+		wl_client_post_implementation_error(client,
+				"client not authorized to use agl_shell_desktop");
+		return;
+	}
 
+	dclient = zalloc(sizeof(*dclient));
 	if (!dclient) {
 		wl_client_post_no_memory(client);
 		return;
-- 
2.16.6