xserver: Branch 'XACE-SELINUX' - 2 commits

[Eamon Walsh]

 Xext/xace.c    |   15 +++++++++++++--
 Xext/xacestr.h |    1 +
 dix/window.c   |    6 ++++++
 3 files changed, 20 insertions(+), 2 deletions(-)

New commits:
commit db66e66dbf26b91c655f1659859c022cc31f0db6
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Wed Oct 17 13:51:11 2007 -0400

    xace: Add an access_mode field to the extension structure.
    This allows the same callback to be used for both extension hooks.

diff --git a/Xext/xace.c b/Xext/xace.c
index 3de259f..b126661 100644
--- a/Xext/xace.c
+++ b/Xext/xace.c
@@ -67,6 +67,17 @@ int XaceHook(int hook, ...)
 	    prv = &rec.status;
 	    break;
 	}
+	case XACE_EXT_DISPATCH: {
+	    XaceExtAccessRec rec = {
+		va_arg(ap, ClientPtr),
+		va_arg(ap, ExtensionEntry*),
+		DixUseAccess,
+		Success /* default allow */
+	    };
+	    calldata = &rec;
+	    prv = &rec.status;
+	    break;
+	}
 	case XACE_RESOURCE_ACCESS: {
 	    XaceResourceAccessRec rec = {
 		va_arg(ap, ClientPtr),
@@ -141,11 +152,11 @@ int XaceHook(int hook, ...)
 	    prv = &rec.status;
 	    break;
 	}
-	case XACE_EXT_DISPATCH:
 	case XACE_EXT_ACCESS: {
 	    XaceExtAccessRec rec = {
 		va_arg(ap, ClientPtr),
 		va_arg(ap, ExtensionEntry*),
+		DixGetAttrAccess,
 		Success /* default allow */
 	    };
 	    calldata = &rec;
@@ -228,7 +239,7 @@ int XaceHook(int hook, ...)
  
     /* call callbacks and return result, if any. */
     CallCallbacks(&XaceHooks[hook], calldata);
-    return prv ? *prv : 0;
+    return prv ? *prv : Success;
 }
 
 static int
diff --git a/Xext/xacestr.h b/Xext/xacestr.h
index 1dae4d6..1c61543 100644
--- a/Xext/xacestr.h
+++ b/Xext/xacestr.h
@@ -97,6 +97,7 @@ typedef struct {
 typedef struct {
     ClientPtr client;
     ExtensionEntry *ext;
+    Mask access_mode;
     int status;
 } XaceExtAccessRec;
 
commit e3a8cbe523bae8b771ad3c8ad497f4444f6d05d5
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Wed Oct 17 13:48:44 2007 -0400

    xace: add creation/labeling hook to CreateRootWindow().

diff --git a/dix/window.c b/dix/window.c
index 597ad2e..17ab2a7 100644
--- a/dix/window.c
+++ b/dix/window.c
@@ -434,6 +434,12 @@ CreateRootWindow(ScreenPtr pScreen)
     pWin->border.pixel = pScreen->blackPixel;
     pWin->borderWidth = 0;
 
+    /*  security creation/labeling check
+     */
+    if (XaceHook(XACE_RESOURCE_ACCESS, serverClient, pWin->drawable.id,
+		 RT_WINDOW, pWin, RT_NONE, NULL, DixCreateAccess))
+	return FALSE;
+
     if (!AddResource(pWin->drawable.id, RT_WINDOW, (pointer)pWin))
 	return FALSE;