xserver: Branch 'master' - 2 commits
Eamon Walsh
ewalsh at kemper.freedesktop.org
Tue Feb 5 18:25:38 PST 2008
Xext/security.c | 3 +++
Xext/xace.c | 24 ++++++++++++------------
Xext/xace.h | 10 ++++++++--
Xext/xacestr.h | 9 ++++-----
Xext/xselinux.c | 19 ++++++++++++-------
dix/property.c | 16 +++++++---------
6 files changed, 46 insertions(+), 35 deletions(-)
New commits:
commit 5c30327275509576b7848a5f842e7a1bffabe980
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Tue Feb 5 21:06:05 2008 -0500
XACE: Push the dix "structure" includes down to the security modules.
diff --git a/Xext/security.c b/Xext/security.c
index 6aab3a3..0696559 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -29,6 +29,9 @@ in this Software without prior written authorization from The Open Group.
#endif
#include "scrnintstr.h"
+#include "inputstr.h"
+#include "windowstr.h"
+#include "propertyst.h"
#include "colormapst.h"
#include "privates.h"
#include "registry.h"
diff --git a/Xext/xace.c b/Xext/xace.c
index 9ffac45..b2c7e4a 100644
--- a/Xext/xace.c
+++ b/Xext/xace.c
@@ -23,6 +23,10 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#include <stdarg.h>
#include "scrnintstr.h"
+#include "extnsionst.h"
+#include "pixmapstr.h"
+#include "regionstr.h"
+#include "gcstruct.h"
#include "xacestr.h"
CallbackListPtr XaceHooks[XACE_NUM_HOOKS] = {0};
diff --git a/Xext/xace.h b/Xext/xace.h
index 24b9dce..6f1f267 100644
--- a/Xext/xace.h
+++ b/Xext/xace.h
@@ -25,10 +25,10 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#define XACE_MAJOR_VERSION 2
#define XACE_MINOR_VERSION 0
-#include "pixmap.h" /* for DrawablePtr */
-#include "regionstr.h" /* for RegionPtr */
-#include "window.h" /* for WindowPtr */
-#include "property.h" /* for PropertyPtr */
+#include "pixmap.h"
+#include "region.h"
+#include "window.h"
+#include "property.h"
/* Default window background */
#define XaceBackgroundNoneState None
diff --git a/Xext/xacestr.h b/Xext/xacestr.h
index 045f836..e31d424 100644
--- a/Xext/xacestr.h
+++ b/Xext/xacestr.h
@@ -20,13 +20,12 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#ifndef _XACESTR_H
#define _XACESTR_H
-#include "dixstruct.h"
+#include "dix.h"
#include "resource.h"
#include "extnsionst.h"
-#include "gcstruct.h"
-#include "windowstr.h"
-#include "inputstr.h"
-#include "propertyst.h"
+#include "window.h"
+#include "input.h"
+#include "property.h"
#include "selection.h"
#include "xace.h"
diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index 47383a4..b3d938b 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -22,21 +22,28 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
* All rights reserved.
*/
+#ifdef HAVE_DIX_CONFIG_H
+#include <dix-config.h>
+#endif
+
+#include <sys/socket.h>
+#include <stdio.h>
+#include <stdarg.h>
+
#include <selinux/selinux.h>
#include <selinux/label.h>
#include <selinux/avc.h>
#include <libaudit.h>
-#ifdef HAVE_DIX_CONFIG_H
-#include <dix-config.h>
-#endif
-
#include <X11/Xatom.h>
#include "resource.h"
#include "privates.h"
#include "registry.h"
#include "dixstruct.h"
+#include "inputstr.h"
+#include "windowstr.h"
+#include "propertyst.h"
#include "extnsionst.h"
#include "scrnintstr.h"
#include "selection.h"
@@ -46,8 +53,6 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#define TRANS_SERVER
#include <X11/Xtrans/Xtrans.h>
#include "../os/osdep.h"
-#include <stdio.h>
-#include <stdarg.h>
#include "modinit.h"
commit bb1a577a6822f781f1e38d2434a13914e74f89aa
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Tue Feb 5 20:07:08 2008 -0500
XACE: Move the property access hook to its own function.
diff --git a/Xext/xace.c b/Xext/xace.c
index 0470e44..9ffac45 100644
--- a/Xext/xace.c
+++ b/Xext/xace.c
@@ -51,6 +51,14 @@ int XaceHookDispatch(ClientPtr client, int major)
}
}
+int XaceHookPropertyAccess(ClientPtr client, WindowPtr pWin,
+ PropertyPtr pProp, Mask access_mode)
+{
+ XacePropertyAccessRec rec = { client, pWin, pProp, access_mode, Success };
+ CallCallbacks(&XaceHooks[XACE_PROPERTY_ACCESS], &rec);
+ return rec.status;
+}
+
void XaceHookAuditEnd(ClientPtr ptr, int result)
{
XaceAuditRec rec = { ptr, result };
@@ -100,18 +108,6 @@ int XaceHook(int hook, ...)
prv = &rec.status;
break;
}
- case XACE_PROPERTY_ACCESS: {
- XacePropertyAccessRec rec = {
- va_arg(ap, ClientPtr),
- va_arg(ap, WindowPtr),
- va_arg(ap, PropertyPtr),
- va_arg(ap, Mask),
- Success /* default allow */
- };
- calldata = &rec;
- prv = &rec.status;
- break;
- }
case XACE_SEND_ACCESS: {
XaceSendAccessRec rec = {
va_arg(ap, ClientPtr),
diff --git a/Xext/xace.h b/Xext/xace.h
index 4100ba1..24b9dce 100644
--- a/Xext/xace.h
+++ b/Xext/xace.h
@@ -27,6 +27,8 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#include "pixmap.h" /* for DrawablePtr */
#include "regionstr.h" /* for RegionPtr */
+#include "window.h" /* for WindowPtr */
+#include "property.h" /* for PropertyPtr */
/* Default window background */
#define XaceBackgroundNoneState None
@@ -65,6 +67,8 @@ extern int XaceHook(
/* Special-cased hook functions
*/
extern int XaceHookDispatch(ClientPtr ptr, int major);
+extern int XaceHookPropertyAccess(ClientPtr ptr, WindowPtr pWin,
+ PropertyPtr pProp, Mask access_mode);
extern void XaceHookAuditEnd(ClientPtr ptr, int result);
/* Register a callback for a given hook.
@@ -101,11 +105,13 @@ extern void XaceCensorImage(
#ifdef __GNUC__
#define XaceHook(args...) Success
#define XaceHookDispatch(args...) Success
+#define XaceHookPropertyAccess(args...) Success
#define XaceHookAuditEnd(args...) { ; }
#define XaceCensorImage(args...) { ; }
#else
#define XaceHook(...) Success
#define XaceHookDispatch(...) Success
+#define XaceHookPropertyAccess(...) Success
#define XaceHookAuditEnd(...) { ; }
#define XaceCensorImage(...) { ; }
#endif
diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index a6e27e6..47383a4 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -1166,7 +1166,7 @@ ProcSELinuxGetPropertyContext(ClientPtr client)
if (!pProp)
return BadValue;
- rc = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, pProp, DixGetAttrAccess);
+ rc = XaceHookPropertyAccess(client, pWin, pProp, DixGetAttrAccess);
if (rc != Success)
return rc;
diff --git a/dix/property.c b/dix/property.c
index 3c0eaf1..ce61169 100644
--- a/dix/property.c
+++ b/dix/property.c
@@ -156,8 +156,8 @@ ProcRotateProperties(ClientPtr client)
xfree(props);
return BadMatch;
}
- rc = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, pProp,
- DixReadAccess|DixWriteAccess);
+ rc = XaceHookPropertyAccess(client, pWin, pProp,
+ DixReadAccess|DixWriteAccess);
if (rc != Success) {
xfree(props);
client->errorValue = atoms[i];
@@ -276,8 +276,8 @@ dixChangeWindowProperty(ClientPtr pClient, WindowPtr pWin, Atom property,
memmove((char *)data, (char *)value, totalSize);
pProp->size = len;
pProp->devPrivates = NULL;
- rc = XaceHook(XACE_PROPERTY_ACCESS, pClient, pWin, pProp,
- DixCreateAccess|DixWriteAccess);
+ rc = XaceHookPropertyAccess(pClient, pWin, pProp,
+ DixCreateAccess|DixWriteAccess);
if (rc != Success) {
xfree(data);
xfree(pProp);
@@ -289,8 +289,7 @@ dixChangeWindowProperty(ClientPtr pClient, WindowPtr pWin, Atom property,
}
else
{
- rc = XaceHook(XACE_PROPERTY_ACCESS, pClient, pWin, pProp,
- DixWriteAccess);
+ rc = XaceHookPropertyAccess(pClient, pWin, pProp, DixWriteAccess);
if (rc != Success) {
pClient->errorValue = property;
return rc;
@@ -382,8 +381,7 @@ DeleteProperty(ClientPtr client, WindowPtr pWin, Atom propName)
}
if (pProp)
{
- rc = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, pProp,
- DixDestroyAccess);
+ rc = XaceHookPropertyAccess(client, pWin, pProp, DixDestroyAccess);
if (rc != Success)
return rc;
@@ -502,7 +500,7 @@ ProcGetProperty(ClientPtr client)
if (stuff->delete)
access_mode |= DixDestroyAccess;
- rc = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, pProp, access_mode);
+ rc = XaceHookPropertyAccess(client, pWin, pProp, access_mode);
if (rc != Success) {
client->errorValue = stuff->property;
return rc;
More information about the xorg-commit
mailing list