summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--doc/README.md16
-rw-r--r--protocol/agl-shell-desktop.xml4
2 files changed, 14 insertions, 6 deletions
diff --git a/doc/README.md b/doc/README.md
index 5899d87..090b1ae 100644
--- a/doc/README.md
+++ b/doc/README.md
@@ -165,7 +165,14 @@ needed to activate applications.
## Policy
The compositor contains an API useful for defining policy rules. It contains
-the bare minimum and installs, by default, an allow-all kind of engine.
+the bare minimum and installs, by default, an allow-all kind of engine. A
+deny-all policy engine exists and can be switched to by using
+`-Dpolicy-default=deny-all` build time option.
+
+For instance, in order to configure the compositor with that policy one could
+issue:
+
+ $ meson -Dprefix=/path/to/where/to/install/compositor -Dpolicy-default=deny-all build_directory
Users wanting to create their own policy engine should create a specialized
version and use `struct ivi_policy_api` where they can install their own
@@ -186,9 +193,10 @@ control if policy rules (the next type) can be added or not. Finally, we have
`ivi_policy_api::policy_rule_try_event()` which is executed for each policy
rules currently added, by using the policy API `ivi_policy_add()`.
-Users can customize the hooks by using some sort of database to retrieve
-the application name to compare against, or incorporate some kind of policy
-rule engine.
+Users can customize the hooks by using some sort of database to retrieve the
+application name to compare against, or incorporate some kind of policy rule
+engine. Alternatively, one can use the deny-all policy engine which allows the
+top panel applications to be used/displayed as permitted applications.
### Policy rules
diff --git a/protocol/agl-shell-desktop.xml b/protocol/agl-shell-desktop.xml
index e7b9493..e8ae153 100644
--- a/protocol/agl-shell-desktop.xml
+++ b/protocol/agl-shell-desktop.xml
@@ -28,8 +28,8 @@
to activate or switch to other running (regular) applications. The client
is responsbile for filtering their own app_id when receiving application id.
- Note that other (regular) applications can bind to this interface and there is
- no mechanism to place to restrict or limit that.
+ The compositor will allow clients to bind to this interface only if the
+ policy engine allows it.
</description>
<enum name="app_role">