diff options
| author |   Marius Vlad <marius.vlad@collabora.com> | 2020-07-10 15:56:21 +0300 |
|---|---|---|
| committer | Marius Vlad <marius.vlad@collabora.com> | 2020-07-14 19:34:18 +0300 |
| commit | 5fe16df2348396c87ab24ef5e2a5e6ceaf2eb4c6 (patch) | |
| tree | 937050fa71edc8236625d08008cd7a8a4f833803 /src/policy-default.c | |
| parent | 39ea644837dd29cd47a579a9703b43458187f82b (diff) | |
policy-*: Remove any private binding restrictions for allow-all policyjellyfish_9.99.2jellyfish/9.99.29.99.2
As we don't have any proper mechanisms in place to perform some
level of authentication on the clients binding to the private extensions,
we will resort to allow that to happen, under the default, allow-all policy.
In the same time we add some helpers for checking which applications can
bind to the private extensions but this is for the deny-all policy.
This also includes cluster-receiver and cluster-dashboard application to
that array, as without it the cluster-demo will not all work when using
the deny-all policy.
Bug-AGL: SPEC-3382
Signed-off-by: Marius Vlad <marius.vlad@collabora.com>
Change-Id: I9ea0d8fd63a323bfcee6aa146a1617aa572d131f
Diffstat (limited to 'src/policy-default.c')
| -rw-r--r-- | src/policy-default.c | 44 |
1 files changed, 3 insertions, 41 deletions
diff --git a/src/policy-default.c b/src/policy-default.c index a09bb1a..8d70684 100644 --- a/src/policy-default.c +++ b/src/policy-default.c @@ -84,52 +84,14 @@ ivi_policy_default_surface_advertise_state_change(struct ivi_surface *surf, void return true; } -#ifdef HAVE_SMACK -static bool -ivi_policy_default_shell_bind_interface(void *client, void *interface) -{ - struct wl_interface *shell_interface = interface; - struct wl_client *conn_client = client; - - pid_t pid, uid, gid; - int client_fd; - char *label; - bool ret = false; - - wl_client_get_credentials(conn_client, &pid, &uid, &gid); - - client_fd = wl_client_get_fd(conn_client); - if (smack_new_label_from_socket(client_fd, &label) < 0) { - return ret; - } - - if (strcmp(shell_interface->name, "agl_shell") == 0) - if (strcmp(label, "User::App::homescreen") == 0) - ret = true; - - if (strcmp(shell_interface->name, "agl_shell_desktop") == 0) - if (strcmp(label, "User::App::launcher") == 0 || - strcmp(label, "User::App::alexa-viewer") == 0 || - strcmp(label, "User::App::tbtnavi") == 0 || - strcmp(label, "User::App::hvac") == 0) - ret = true; - - if (ret) - weston_log("Client with pid %d, uid %d, gid %d, allowed " - "to bind to %s for label %s\n", pid, uid, gid, - shell_interface->name, label); - - /* client responsible for free'ing */ - free(label); - return ret; -} -#else +/* we allow all applications to bind to private extensions. See the deny-all + * policy instead for how to retrieve the clients fd and its label to check + * against */ static bool ivi_policy_default_shell_bind_interface(void *client, void *interface) { return true; } -#endif static bool ivi_policy_default_allow_to_add(void *user_data) |