xserver: Branch 'master' - 2 commits

Eamon Walsh ewalsh at kemper.freedesktop.org
Wed Feb 20 13:01:50 PST 2008 

 Xext/security.c     |    5 +++++
 Xext/xace.h         |    4 ++--
 dix/window.c        |   11 +++++------
 include/windowstr.h |    5 ++---
 4 files changed, 14 insertions(+), 11 deletions(-)

New commits:
commit f343265a289724c81017f089c024a7618267c4e3
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Fri Feb 15 19:53:45 2008 -0500

    XACE: Make the default window background state configurable per-window.
    
    To recap: the original XC-SECURITY extension disallowed background "None" if
    the window was untrusted.  XACE 1.0 preserved this check as a hook function.
    XACE pre-2.0 removed the hook and first abolished background "None entirely,
    then restored it as a global on/off switch in response to Bug #13683.
    Now it's back to being per-window, via a flag instead of a hook function.

diff --git a/Xext/security.c b/Xext/security.c
index a3cde2c..27ef382 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -810,6 +810,11 @@ SecurityResource(CallbackListPtr *pcbl, pointer unused, pointer calldata)
     subj = dixLookupPrivate(&rec->client->devPrivates, stateKey);
     obj = dixLookupPrivate(&clients[cid]->devPrivates, stateKey);
 
+    /* disable background None for untrusted windows */
+    if ((requested & DixCreateAccess) && (rec->rtype == RT_WINDOW))
+	if (subj->haveState && subj->trustLevel != XSecurityClientTrusted)
+	    ((WindowPtr)rec->res)->forcedBG = TRUE;
+
     /* special checks for server-owned resources */
     if (cid == 0) {
 	if (rec->rtype & RC_DRAWABLE)
diff --git a/Xext/xace.h b/Xext/xace.h
index 2016ca3..1f07d9f 100644
--- a/Xext/xace.h
+++ b/Xext/xace.h
@@ -31,7 +31,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #include "property.h"
 
 /* Default window background */
-#define XaceBackgroundNoneState		None
+#define XaceBackgroundNoneState(w) ((w)->forcedBG ? BackgroundPixel : None)
 
 /* security hooks */
 /* Constants used to identify the available security hooks
@@ -100,7 +100,7 @@ extern void XaceCensorImage(
 #else /* XACE */
 
 /* Default window background */
-#define XaceBackgroundNoneState		None
+#define XaceBackgroundNoneState(w)		None
 
 /* Define calls away when XACE is not being built. */
 
diff --git a/dix/window.c b/dix/window.c
index 70e32fb..9975b5e 100644
--- a/dix/window.c
+++ b/dix/window.c
@@ -291,6 +291,7 @@ SetWindowToDefaults(WindowPtr pWin)
     pWin->dontPropagate = 0;
     pWin->forcedBS = FALSE;
     pWin->redirectDraw = RedirectDrawNone;
+    pWin->forcedBG = FALSE;
 }
 
 static void
@@ -702,8 +703,8 @@ CreateWindow(Window wid, WindowPtr pParent, int x, int y, unsigned w,
 	return NullWindow;
     }
 
-    pWin->backgroundState = XaceBackgroundNoneState;
-    pWin->background.pixel = 0;
+    pWin->backgroundState = XaceBackgroundNoneState(pWin);
+    pWin->background.pixel = pScreen->whitePixel;
 
     pWin->borderIsPixel = pParent->borderIsPixel;
     pWin->border = pParent->border;
@@ -1014,8 +1015,8 @@ ChangeWindowAttributes(WindowPtr pWin, Mask vmask, XID *vlist, ClientPtr client)
 		if (!pWin->parent)
 		    MakeRootTile(pWin);
 		else {
-		    pWin->backgroundState = XaceBackgroundNoneState;
-		    pWin->background.pixel = 0;
+		    pWin->backgroundState = XaceBackgroundNoneState(pWin);
+		    pWin->background.pixel = pScreen->whitePixel;
 		}
 	    }
 	    else if (pixID == ParentRelative)
diff --git a/include/windowstr.h b/include/windowstr.h
index a161324..e06a2f1 100644
--- a/include/windowstr.h
+++ b/include/windowstr.h
@@ -159,6 +159,7 @@ typedef struct _Window {
     unsigned		dontPropagate:3;/* index into DontPropagateMasks */
     unsigned		forcedBS:1;	/* system-supplied backingStore */
     unsigned		redirectDraw:2;	/* COMPOSITE rendering redirect */
+    unsigned		forcedBG:1;	/* must have an opaque background */
 } WindowRec;
 
 /*
commit 7c2f0a8befb310707ea923dbcdfde84521e52c88
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Fri Feb 15 19:17:40 2008 -0500

    Remove COMPOSITE ifdefs around WindowRec bitfield as it has no ABI effect.

diff --git a/dix/window.c b/dix/window.c
index b896ef7..70e32fb 100644
--- a/dix/window.c
+++ b/dix/window.c
@@ -290,9 +290,7 @@ SetWindowToDefaults(WindowPtr pWin)
     pWin->deliverableEvents = 0;
     pWin->dontPropagate = 0;
     pWin->forcedBS = FALSE;
-#ifdef COMPOSITE
     pWin->redirectDraw = RedirectDrawNone;
-#endif
 }
 
 static void
diff --git a/include/windowstr.h b/include/windowstr.h
index 4359481..a161324 100644
--- a/include/windowstr.h
+++ b/include/windowstr.h
@@ -158,9 +158,7 @@ typedef struct _Window {
     unsigned		viewable:1;	/* realized && InputOutput */
     unsigned		dontPropagate:3;/* index into DontPropagateMasks */
     unsigned		forcedBS:1;	/* system-supplied backingStore */
-#ifdef COMPOSITE
-    unsigned		redirectDraw:2;	/* rendering is redirected from here */
-#endif
+    unsigned		redirectDraw:2;	/* COMPOSITE rendering redirect */
 } WindowRec;
 
 /*

More information about the xorg-commit mailing list