xserver: Branch 'XACE-SELINUX'
Eamon Walsh
ewalsh at kemper.freedesktop.org
Tue Oct 2 16:04:10 PDT 2007
dix/devices.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
New commits:
diff-tree 59cebcd2e9302d15a52588ecafbbc2d2c5ae3a6c (from b77d272d7555c1e0f176ee74b8717030a6d6c7b0)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Tue Oct 2 13:39:25 2007 -0400
xace: add creation hook for new input devices.
Unfortunately, more information is needed to properly label the device.
This will come from the configuration file, the hotplug messages, etc.
It will either have to be passed into this function,
or this hook moved down into the callers.
diff --git a/dix/devices.c b/dix/devices.c
index b6cb4a5..3395cd3 100644
--- a/dix/devices.c
+++ b/dix/devices.c
@@ -119,7 +119,6 @@ AddInputDevice(DeviceProc deviceProc, Bo
dev->name = (char *)NULL;
dev->type = 0;
dev->id = devid;
- inputInfo.numDevices++;
dev->public.on = FALSE;
dev->public.processInputProc = (ProcessInputProc)NoopDDA;
dev->public.realInputProc = (ProcessInputProc)NoopDDA;
@@ -156,6 +155,15 @@ AddInputDevice(DeviceProc deviceProc, Bo
dev->inited = FALSE;
dev->enabled = FALSE;
+ /* security creation/labeling check
+ */
+ if (XaceHook(XACE_DEVICE_ACCESS, serverClient, dev, DixCreateAccess)) {
+ xfree(dev);
+ return NULL;
+ }
+
+ inputInfo.numDevices++;
+
for (prev = &inputInfo.off_devices; *prev; prev = &(*prev)->next)
;
*prev = dev;
More information about the xorg-commit
mailing list