xserver: Branch 'master' - 3 commits
Eamon Walsh
ewalsh at kemper.freedesktop.org
Thu Feb 28 19:18:48 PST 2008
Xext/xselinux.c | 12 ++++++++++++
composite/compext.c | 4 ++--
2 files changed, 14 insertions(+), 2 deletions(-)
New commits:
commit d04ea267a4a51c16088d9ef429681a1edde536b1
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Thu Feb 28 21:53:16 2008 -0500
xselinux: Don't require device "read" permission for XQueryPointer.
These keyboard and pointer state polling calls are a real problem.
diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index 3aa62e2..9adc931 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -532,6 +532,17 @@ SELinuxDevice(CallbackListPtr *pcbl, pointer unused, pointer calldata)
dsubj->sid = subj->sid;
}
+ /* XXX only check read permission on XQueryKeymap */
+ /* This is to allow the numerous apps that call XQueryPointer to work */
+ if (rec->access_mode & DixReadAccess) {
+ ClientPtr client = rec->client;
+ REQUEST(xReq);
+ if (stuff && stuff->reqType != X_QueryKeymap) {
+ rec->access_mode &= ~DixReadAccess;
+ rec->access_mode |= DixGetAttrAccess;
+ }
+ }
+
rc = SELinuxDoCheck(subj, obj, SECCLASS_X_DEVICE, rec->access_mode,
&auditdata);
if (rc != Success)
commit 3fb17a3e647e926688c91a49a9b5b97f37dbc367
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Thu Feb 28 21:52:57 2008 -0500
xselinux: Log messages to both libaudit and Xorg.0.log.
diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index 98e1ec5..3aa62e2 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -497,6 +497,7 @@ SELinuxLog(int type, const char *fmt, ...)
vsnprintf(buf, MAX_AUDIT_MESSAGE_LENGTH, fmt, ap);
rc = audit_log_user_avc_message(audit_fd, aut, buf, NULL, NULL, NULL, 0);
va_end(ap);
+ LogMessageVerb(X_WARNING, 0, "%s", buf);
return 0;
}
commit 4d91b1d5e422c5c460b1b7050baa9487a59b8aa8
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Thu Feb 28 21:52:32 2008 -0500
XACE: Adjust the location of the COMPOSITE creation hook.
Avoids incrementing the refcnt if the hook fails.
diff --git a/composite/compext.c b/composite/compext.c
index 97ea6d6..b3433f7 100644
--- a/composite/compext.c
+++ b/composite/compext.c
@@ -289,14 +289,14 @@ ProcCompositeNameWindowPixmap (ClientPtr client)
if (!pPixmap)
return BadMatch;
- ++pPixmap->refcnt;
-
/* security creation/labeling check */
rc = XaceHook(XACE_RESOURCE_ACCESS, client, stuff->pixmap, RT_PIXMAP,
pPixmap, RT_WINDOW, pWin, DixCreateAccess);
if (rc != Success)
return rc;
+ ++pPixmap->refcnt;
+
if (!AddResource (stuff->pixmap, RT_PIXMAP, (pointer) pPixmap))
return BadAlloc;
More information about the xorg-commit
mailing list