diff options
author | Marius Vlad <marius.vlad@collabora.com> | 2020-06-09 13:18:11 +0300 |
---|---|---|
committer | Jan-Simon Moeller <jsmoeller@linuxfoundation.org> | 2020-06-26 15:00:49 +0000 |
commit | bbf173123cdd4c64330fbf77631a9ae120e7d09f (patch) | |
tree | 4492f4856d57438c10d401decc7eaa45813eae28 /src/shell.c | |
parent | 9827cfd255780640650f7c9667daa7802dc1bb34 (diff) |
policy: Add a new policy hook to restrict access to private extensions
In this manner we can control which clients can bind to which interface
(either the agl_shell one or the agl_shell_desktop one).
Bug-AGL: SPEC-3394
Signed-off-by: Marius Vlad <marius.vlad@collabora.com>
Change-Id: I9da4b3596dc5980b325aada8f8fcc7a11431c755
Diffstat (limited to 'src/shell.c')
-rw-r--r-- | src/shell.c | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/src/shell.c b/src/shell.c index 5561898..82cc1d3 100644 --- a/src/shell.c +++ b/src/shell.c @@ -949,6 +949,17 @@ bind_agl_shell(struct wl_client *client, { struct ivi_compositor *ivi = data; struct wl_resource *resource; + struct ivi_policy *policy; + void *interface; + + policy = ivi->policy; + interface = (void *) &agl_shell_interface; + if (policy && policy->api.shell_bind_interface && + !policy->api.shell_bind_interface(client, interface)) { + wl_client_post_implementation_error(client, + "client not authorized to use agl_shell"); + return; + } resource = wl_resource_create(client, &agl_shell_interface, 1, id); @@ -991,8 +1002,20 @@ bind_agl_shell_desktop(struct wl_client *client, { struct ivi_compositor *ivi = data; struct wl_resource *resource; - struct desktop_client *dclient = zalloc(sizeof(*dclient)); + struct ivi_policy *policy; + struct desktop_client *dclient; + void *interface; + + policy = ivi->policy; + interface = (void *) &agl_shell_desktop_interface; + if (policy && policy->api.shell_bind_interface && + !policy->api.shell_bind_interface(client, interface)) { + wl_client_post_implementation_error(client, + "client not authorized to use agl_shell_desktop"); + return; + } + dclient = zalloc(sizeof(*dclient)); if (!dclient) { wl_client_post_no_memory(client); return; |