diff options
-rw-r--r-- | doc/README.md | 16 | ||||
-rw-r--r-- | protocol/agl-shell-desktop.xml | 4 |
2 files changed, 14 insertions, 6 deletions
diff --git a/doc/README.md b/doc/README.md index 5899d87..090b1ae 100644 --- a/doc/README.md +++ b/doc/README.md @@ -165,7 +165,14 @@ needed to activate applications. ## Policy The compositor contains an API useful for defining policy rules. It contains -the bare minimum and installs, by default, an allow-all kind of engine. +the bare minimum and installs, by default, an allow-all kind of engine. A +deny-all policy engine exists and can be switched to by using +`-Dpolicy-default=deny-all` build time option. + +For instance, in order to configure the compositor with that policy one could +issue: + + $ meson -Dprefix=/path/to/where/to/install/compositor -Dpolicy-default=deny-all build_directory Users wanting to create their own policy engine should create a specialized version and use `struct ivi_policy_api` where they can install their own @@ -186,9 +193,10 @@ control if policy rules (the next type) can be added or not. Finally, we have `ivi_policy_api::policy_rule_try_event()` which is executed for each policy rules currently added, by using the policy API `ivi_policy_add()`. -Users can customize the hooks by using some sort of database to retrieve -the application name to compare against, or incorporate some kind of policy -rule engine. +Users can customize the hooks by using some sort of database to retrieve the +application name to compare against, or incorporate some kind of policy rule +engine. Alternatively, one can use the deny-all policy engine which allows the +top panel applications to be used/displayed as permitted applications. ### Policy rules diff --git a/protocol/agl-shell-desktop.xml b/protocol/agl-shell-desktop.xml index e7b9493..e8ae153 100644 --- a/protocol/agl-shell-desktop.xml +++ b/protocol/agl-shell-desktop.xml @@ -28,8 +28,8 @@ to activate or switch to other running (regular) applications. The client is responsbile for filtering their own app_id when receiving application id. - Note that other (regular) applications can bind to this interface and there is - no mechanism to place to restrict or limit that. + The compositor will allow clients to bind to this interface only if the + policy engine allows it. </description> <enum name="app_role"> |