[RFC PATCH] XACE: support for property polyinstantiation
ewalsh at tycho.nsa.gov
Mon Feb 11 17:00:24 PST 2008
Eamon Walsh wrote:
> Early adopters of the SELinux controls for X have requested support for
> polyinstantiation of window properties. The following patch is the
> implementation I have come up with for XACE.
> The patch supports having more than one property with the same name in
> the list of properties for each window. A new lookup function
> dixLookupProperty() traverses the list normally to find the first match,
> but afterwards calls into XACE which can give back the "real" property
> structure to use.
> If XACE is not enabled, this patch has no impact except for the lookup
> API and the delete operation, which must traverse the list of properties
> twice: once to look up the list element and once to find the previous
> one. A possible tradeoff could be to make the list doubly-linked, in
> which case only one traversal would be needed, but this would change the
> PropertyRec structure.
> I've run the xtest scenarios for the property protocol requests and they
> all pass. I need to do the polyinstantiation bits to test that part out
> though, so this will be here to soak for a while.
OK, the scope of this has expanded to include polyinstantiation for
selections as well. The mechanism will be the same: more than one
instance allowed in the list of selections; lookup function used for all
accesses; calls into XACE which can return the "real" selection
structure to use; optimized away when XACE not built. I've factored the
selection code out of dispatch.c into a new file dix/selection.c for
better organization. Will post the patch in a little bit.
This supersedes the older redirection work I did on selections,
referenced below, which will be backed out.
Eamon Walsh <ewalsh at tycho.nsa.gov>
National Security Agency
More information about the xorg