From c5a99933202c91630edc2ddd97e0e964b27540d6 Mon Sep 17 00:00:00 2001
From: Sebastien Braun
Date: Wed, 6 Oct 2010 17:56:59 +0200
Subject: Sanitize security model yet again

The flags model was not satisfactory since it made it unnecessarily
difficult to express the standard policy of "allow all to users that are
physically sitting in front of the machine and to privileged users".

The new model expressly knows different policies (two at the moment)
and refrains from decomposing them. Additional policies are not difficult
to add.
---
 src/input/inputHandlerChain.h | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'src/input/inputHandlerChain.h')

diff --git a/src/input/inputHandlerChain.h b/src/input/inputHandlerChain.h
index 8bcb1d8..b012aa6 100644
--- a/src/input/inputHandlerChain.h
+++ b/src/input/inputHandlerChain.h
@@ -34,14 +34,14 @@ typedef boost::mpl::list<
 		Handler<PrivilegedHandlerForwarder>
 >::type unprivileged_handler_list;
 
-typedef InputEventHandlerChain<unprivileged_handler_list> unprivileged_handler_chain;
+typedef InputEventHandlerChain<policy::SecurityAllowAny, unprivileged_handler_list> unprivileged_handler_chain;
 
 typedef boost::mpl::list<
-		Handler<SayHelloHandler>,
-		Handler<KillX11Handler, policy::RequireSystem<policy::Linux>, policy::Security<policy::SEC_PHYSICAL_SEAT> >,
-		Handler<RebootLinuxSystemHandler, policy::RequireSystem<policy::Linux>, policy::Security<policy::SEC_PHYSICAL_SEAT> >
+		Handler<SayHelloHandler, policy::RequireNoSystem, policy::SecurityAllowAny >,
+		Handler<KillX11Handler, policy::RequireSystem<policy::Linux> >,
+		Handler<RebootLinuxSystemHandler, policy::RequireSystem<policy::Linux> >
 >::type privileged_handler_list;
 
-typedef InputEventHandlerChain<privileged_handler_list> privileged_handler_chain;
+typedef InputEventHandlerChain<policy::SecurityAllowPhysicalOrPrivileged, privileged_handler_list> privileged_handler_chain;
 
 #endif /* INPUTHANDLERCHAIN_H_ */
-- 
cgit v1.2.3-55-g7522