diff options
Diffstat (limited to 'src/input')
| -rw-r--r-- | src/input/CMakeLists.txt | 2 | ||||
| -rw-r--r-- | src/input/inputEventHandler.h | 58 | ||||
| -rw-r--r-- | src/input/inputHandlerChain.h | 10 |
3 files changed, 48 insertions, 22 deletions
diff --git a/src/input/CMakeLists.txt b/src/input/CMakeLists.txt index 398ca55..0e72c4c 100644 --- a/src/input/CMakeLists.txt +++ b/src/input/CMakeLists.txt @@ -2,7 +2,6 @@ include(${QT_USE_FILE}) set(pvsinput_SRCS inputEvent.cpp - inputEventHandler.cpp ) if(UNIX) @@ -23,6 +22,7 @@ if(UNIX) rebootSystemHandler.cpp killX11Handler.cpp sayHelloHandler.cpp + inputEventHandler.cpp ) set(pvsprivinputd_MOC_HDRS diff --git a/src/input/inputEventHandler.h b/src/input/inputEventHandler.h index 44713c2..52e3338 100644 --- a/src/input/inputEventHandler.h +++ b/src/input/inputEventHandler.h @@ -18,6 +18,7 @@ #define INPUTEVENTHANDLER_H_ #include <QtGlobal> +#include <QtDebug> #include <QList> #include <QString> #include <QCoreApplication> @@ -97,26 +98,33 @@ public: namespace policy { enum SecurityFlags { - SEC_PHYSICAL_SEAT = 1, - SEC_PRIVILEGED_USER = 2 + SEC_FREE_FOR_ALL, + SEC_PHYSICAL_OR_PRIVILEGED }; bool allowPhysicalSeat(InputEvent const& evt, InputEventContext const* ctx); bool allowPrivilegedUser(InputEvent const& evt, InputEventContext const* ctx); -template<int flags = 0> -struct Security +struct SecurityAllowAny { bool allow(InputEvent const& evt, InputEventContext const* ctx) { - if((flags & SEC_PHYSICAL_SEAT) && !allowPhysicalSeat(evt, ctx)) - return false; - if((flags & SEC_PRIVILEGED_USER) && !allowPrivilegedUser(evt, ctx)) - return false; return true; } }; +struct SecurityAllowPhysicalOrPrivileged +{ + bool allow(InputEvent const& evt, InputEventContext const* ctx) + { + if(allowPhysicalSeat(evt, ctx)) + return true; + else if(allowPrivilegedUser(evt, ctx)) + return true; + return false; + } +}; + struct UnixLike; struct Linux; struct Windows; @@ -154,6 +162,8 @@ public: bool handle(InputEvent const& evt, InputEventContext const* context = 0) { if(!securityPolicy.allow(evt, context)) { + std::string evtStr = evt.toString(); + qWarning("Input Event %s has been denied by security policy", evtStr.c_str()); return true; } if(delegate.matches(evt, context)) { @@ -196,19 +206,32 @@ public: } }; -template<typename Delegate, typename SystemPolicy = policy::RequireNoSystem, typename SecurityPolicy = policy::Security<> > +template<typename Delegate, typename SystemPolicy = policy::RequireNoSystem, typename SecurityPolicy = void> struct Handler : public HandlerHelper<SystemPolicy::enabled, Delegate, SecurityPolicy> { }; -template<typename Begin, typename End> +template<typename DefaultSecurityPolicy, typename HandlerType> +struct ApplyDefaultSecurityPolicy +{ + typedef HandlerType type; +}; + +template<typename DefaultSecurityPolicy, typename Delegate, typename SystemPolicy> +struct ApplyDefaultSecurityPolicy<DefaultSecurityPolicy, Handler<Delegate, SystemPolicy, void> > +{ + typedef Handler<Delegate, SystemPolicy, DefaultSecurityPolicy> type; +}; + +template<typename DefaultSecurityPolicy, typename Begin, typename End> struct InputEventHandlerChainHelper { private: typedef typename boost::mpl::next<Begin>::type next_iterator_type; - typedef InputEventHandlerChainHelper<next_iterator_type, End> next_in_chain; + typedef InputEventHandlerChainHelper<DefaultSecurityPolicy, next_iterator_type, End> next_in_chain; - typedef typename boost::mpl::deref<Begin>::type handler_type; + typedef typename boost::mpl::deref<Begin>::type handler_entry_type; + typedef typename ApplyDefaultSecurityPolicy<DefaultSecurityPolicy, handler_entry_type>::type handler_type; handler_type _handler; next_in_chain _next; @@ -239,8 +262,8 @@ public: } }; -template<typename End> -struct InputEventHandlerChainHelper<End, End> +template<typename DefaultSecurityPolicy, typename End> +struct InputEventHandlerChainHelper<DefaultSecurityPolicy, End, End> { void handle(InputEvent const&, InputEventContext const* context = 0) { // do nothing @@ -261,8 +284,11 @@ struct InputEventHandlerChainHelper<End, End> } }; -template<typename Collection> -struct InputEventHandlerChain : public InputEventHandlerChainHelper<typename boost::mpl::begin<Collection>::type, typename boost::mpl::end<Collection>::type> +template<typename DefaultSecurityPolicy, typename Collection> +struct InputEventHandlerChain : + public InputEventHandlerChainHelper<DefaultSecurityPolicy, + typename boost::mpl::begin<Collection>::type, + typename boost::mpl::end<Collection>::type> { }; diff --git a/src/input/inputHandlerChain.h b/src/input/inputHandlerChain.h index 8bcb1d8..b012aa6 100644 --- a/src/input/inputHandlerChain.h +++ b/src/input/inputHandlerChain.h @@ -34,14 +34,14 @@ typedef boost::mpl::list< Handler<PrivilegedHandlerForwarder> >::type unprivileged_handler_list; -typedef InputEventHandlerChain<unprivileged_handler_list> unprivileged_handler_chain; +typedef InputEventHandlerChain<policy::SecurityAllowAny, unprivileged_handler_list> unprivileged_handler_chain; typedef boost::mpl::list< - Handler<SayHelloHandler>, - Handler<KillX11Handler, policy::RequireSystem<policy::Linux>, policy::Security<policy::SEC_PHYSICAL_SEAT> >, - Handler<RebootLinuxSystemHandler, policy::RequireSystem<policy::Linux>, policy::Security<policy::SEC_PHYSICAL_SEAT> > + Handler<SayHelloHandler, policy::RequireNoSystem, policy::SecurityAllowAny >, + Handler<KillX11Handler, policy::RequireSystem<policy::Linux> >, + Handler<RebootLinuxSystemHandler, policy::RequireSystem<policy::Linux> > >::type privileged_handler_list; -typedef InputEventHandlerChain<privileged_handler_list> privileged_handler_chain; +typedef InputEventHandlerChain<policy::SecurityAllowPhysicalOrPrivileged, privileged_handler_list> privileged_handler_chain; #endif /* INPUTHANDLERCHAIN_H_ */ |