From c5c46660130456afea285e460be44e1c723e4a49 Mon Sep 17 00:00:00 2001
From: Sebastien Braun
Date: Tue, 5 Oct 2010 15:07:43 +0200
Subject: Refactor InputEvent handler code.

- Make static methods virtual and store instances in the chains.
- Propagate security context information.
- Saner security policy implementation.
---
 src/input/inputEventHandler.h | 108 ++++++++++++++++++++++++++++--------------
 1 file changed, 73 insertions(+), 35 deletions(-)

(limited to 'src/input/inputEventHandler.h')

diff --git a/src/input/inputEventHandler.h b/src/input/inputEventHandler.h
index 3910f93..330f5a7 100644
--- a/src/input/inputEventHandler.h
+++ b/src/input/inputEventHandler.h
@@ -27,49 +27,80 @@
 #define HANDLER_CODE_DONT_CARE 0xffff
 #define HANDLER_VALUE_DONT_CARE 0xffffffff
 
+class InputEventContext
+{
+public:
+	virtual pid_t getSenderPid() const = 0;
+	virtual uid_t getSenderUid() const = 0;
+	virtual gid_t getSenderGid() const = 0;
+};
+
+struct SpecialInputEventDescription
+{
+	SpecialInputEventDescription(QString const& d, quint16 t, quint16 c, quint32 v = 0)
+		: descriptionString(d), evtType(t), evtCode(c), evtValue(v)
+	{
+	}
+
+	QString descriptionString;
+	quint16 evtType;
+	quint16 evtCode;
+	quint32 evtValue;
+
+	InputEvent toEvent() const
+	{
+		return InputEvent(evtType, evtCode, evtValue);
+	}
+};
+
 template<quint16 Type = HANDLER_TYPE_DONT_CARE,
 		quint16 Code = HANDLER_CODE_DONT_CARE,
 		quint32 Value = HANDLER_VALUE_DONT_CARE>
 class DefaultInputEventHandler {
 public:
-	static bool matches(InputEvent const& evt) {
-		if(Type != 0xffff) {
+	virtual bool matches(InputEvent const& evt, InputEventContext const*) {
+		if(Type != HANDLER_TYPE_DONT_CARE) {
 			if(evt.type() != Type)
 				return false;
 		}
-		if(Code != 0xffff) {
+		if(Code != HANDLER_CODE_DONT_CARE) {
 			if(evt.code() != Code)
 				return false;
 		}
-		if(Value != 0xffffffff) {
+		if(Value != HANDLER_VALUE_DONT_CARE) {
 			if(evt.value() != Value)
 				return false;
 		}
 		return true;
 	}
 
-	static void initialize()
+	virtual void initialize()
 	{
 	}
-};
 
-namespace policy {
+	virtual void handle(InputEvent const& evt, InputEventContext const*) = 0;
 
-struct NoSecurityCheck {
-	static bool allow(InputEvent const&) {
-		return true;
+	static void describeInto(QList<SpecialInputEventDescription>& description)
+	{
 	}
 };
 
-struct PhysicalSeatSecurityCheck {
-	static bool allow(InputEvent const&) {
-		return /* TODO implement */ true;
-	}
+namespace policy {
+
+enum SecurityFlags {
+	SEC_PHYSICAL_SEAT = 1,
+	SEC_PRIVILEGED_USER = 2
 };
 
-struct AlwaysDenySecurityCheck {
-	static bool allow(InputEvent const&) {
-		return false;
+bool allowPhysicalSeat(InputEvent const& evt, InputEventContext const* ctx);
+bool allowPrivilegedUser(InputEvent const& evt, InputEventContext const* ctx);
+
+template<int flags = 0>
+struct Security
+{
+	bool allow(InputEvent const& evt, InputEventContext const* ctx)
+	{
+		return true;
 	}
 };
 
@@ -107,39 +138,43 @@ template<bool Enabled, typename Delegate, typename SecurityPolicy>
 class HandlerHelper
 {
 public:
-	static bool handle(InputEvent const& evt) {
-		if(!SecurityPolicy::allow(evt))
+	bool handle(InputEvent const& evt, InputEventContext const* context = 0) {
+		if(!securityPolicy.allow(evt, context))
 		{
 			return true;
 		}
-		if(Delegate::matches(evt)) {
-			Delegate::handle(evt);
+		if(delegate.matches(evt, context)) {
+			delegate.handle(evt, context);
 			return true;
 		} else {
 			return false;
 		}
 	}
 
-	static void initialize()
+	void initialize()
 	{
-		Delegate::initialize();
+		delegate.initialize();
 	}
+
+private:
+	Delegate delegate;
+	SecurityPolicy securityPolicy;
 };
 
 template<typename Delegate, typename SecurityPolicy>
 class HandlerHelper<false, Delegate, SecurityPolicy>
 {
 public:
-	static bool handle(InputEvent const& evt) {
+	bool handle(InputEvent const& evt, InputEventContext const* context = 0) {
 		return false;
 	}
 
-	static void initialize()
+	void initialize()
 	{
 	}
 };
 
-template<typename Delegate, typename SecurityPolicy = policy::NoSecurityCheck, typename SystemPolicy = policy::RequireNoSystem>
+template<typename Delegate, typename SystemPolicy = policy::RequireNoSystem, typename SecurityPolicy = policy::Security<> >
 struct Handler : public HandlerHelper<SystemPolicy::enabled, Delegate, SecurityPolicy>
 {
 };
@@ -153,28 +188,31 @@ private:
 
 	typedef typename boost::mpl::deref<Begin>::type handler_type;
 
+	handler_type _handler;
+	next_in_chain _next;
+
 public:
-	static void handle(InputEvent const& evt) {
-		if(!handler_type::handle(evt)) {
-			next_in_chain::handle(evt);
+	void handle(InputEvent const& evt, InputEventContext const* context = 0) {
+		if(!_handler.handle(evt, context)) {
+			_next.handle(evt, context);
 		}
 	}
 
-	static void initialize() {
-		handler_type::initialize();
-		next_in_chain::initialize();
+	void initialize() {
+		_handler.initialize();
+		_next.initialize();
+	}
 	}
 };
 
 template<typename End>
 struct InputEventHandlerChainHelper<End, End>
 {
-public:
-	static void handle(InputEvent const&) {
+	void handle(InputEvent const&, InputEventContext const* context = 0) {
 		// do nothing
 	}
 
-	static void initialize() {
+	void initialize() {
 		// do nothing
 	}
 };
-- 
cgit v1.2.3-55-g7522