policy: Add a new policy hook to restrict access to private extensions

In this manner we can control which clients can bind to which interface
(either the agl_shell one or the agl_shell_desktop one).

Bug-AGL: SPEC-3394

Signed-off-by: Marius Vlad <marius.vlad@collabora.com>
Change-Id: I9da4b3596dc5980b325aada8f8fcc7a11431c755

diff --git a/src/policy-default.c b/src/policy-default.c
index 735f5c5..23842ab 100644 (file)
--- a/src/policy-default.c
+++ b/src/policy-default.c
@@ -78,6 +78,12 @@ ivi_policy_default_surface_advertise_state_change(struct ivi_surface *surf, void
        return true;
 }
 
+static bool
+ivi_policy_default_shell_bind_interface(void *client, void *interface)
+{
+       return true;
+}
+
 static bool
 ivi_policy_default_allow_to_add(void *user_data)
 {
@@ -113,6 +119,7 @@ static const struct ivi_policy_api policy_api = {
        .surface_deactivate = ivi_policy_default_surface_deactivate,
        .surface_activate_by_default = ivi_policy_default_surface_activate_default,
        .surface_advertise_state_change = ivi_policy_default_surface_advertise_state_change,
+       .shell_bind_interface = ivi_policy_default_shell_bind_interface,
        .policy_rule_allow_to_add = ivi_policy_default_allow_to_add,
        .policy_rule_try_event = ivi_policy_default_try_event,
 };

diff --git a/src/policy.h b/src/policy.h
index 67da4aa..c59fbe4 100644 (file)
--- a/src/policy.h
+++ b/src/policy.h
@@ -75,6 +75,8 @@ struct ivi_policy_api {
        bool (*surface_activate_by_default)(struct ivi_surface *surf, void *user_data);
        bool (*surface_advertise_state_change)(struct ivi_surface *surf, void *user_data);
 
+       bool (*shell_bind_interface)(void *client, void *interface);
+
        /** see also ivi_policy_add(). If set this will be executed before
         * adding a new policy rule  */
        bool (*policy_rule_allow_to_add)(void *user_data);

diff --git a/src/shell.c b/src/shell.c
index 5561898..82cc1d3 100644 (file)
--- a/src/shell.c
+++ b/src/shell.c
@@ -949,6 +949,17 @@ bind_agl_shell(struct wl_client *client,
 {
        struct ivi_compositor *ivi = data;
        struct wl_resource *resource;
+       struct ivi_policy *policy;
+       void *interface;
+
+       policy = ivi->policy;
+       interface = (void *) &agl_shell_interface;
+       if (policy && policy->api.shell_bind_interface &&
+           !policy->api.shell_bind_interface(client, interface)) {
+               wl_client_post_implementation_error(client,
+                                      "client not authorized to use agl_shell");
+               return;
+       }
 
        resource = wl_resource_create(client, &agl_shell_interface,
                                      1, id);
@@ -991,8 +1002,20 @@ bind_agl_shell_desktop(struct wl_client *client,
 {
        struct ivi_compositor *ivi = data;
        struct wl_resource *resource;
-       struct desktop_client *dclient = zalloc(sizeof(*dclient));
+       struct ivi_policy *policy;
+       struct desktop_client *dclient;
+       void *interface;
+
+       policy = ivi->policy;
+       interface  = (void *) &agl_shell_desktop_interface;
+       if (policy && policy->api.shell_bind_interface &&
+           !policy->api.shell_bind_interface(client, interface)) {
+               wl_client_post_implementation_error(client,
+                               "client not authorized to use agl_shell_desktop");
+               return;
+       }
 
+       dclient = zalloc(sizeof(*dclient));
        if (!dclient) {
                wl_client_post_no_memory(client);
                return;