[PULL -v2] XACE and SELinux updates for server-1.7-branch

Peter Hutterer peter.hutterer at who-t.net
Wed Oct 21 18:36:10 PDT 2009

On Wed, Oct 21, 2009 at 09:07:40PM -0400, Eamon Walsh wrote:
> Hi Peter,
> Please pull these updates into server-1.7-branch.
> Thanks.
> The following changes are available in the git repository at:
>     git://anongit.freedesktop.org/~ewalsh/xserver server-1.7-branch
> Eamon Walsh (9):
>       xace: Fake return values on denials in input polling requests.
>       xselinux: Stop special-casing QueryPointer access checks.
>       xace: Relax permissions on XkbGetState from Read to Getattr.
>       xselinux: switch from x_device to separate x_pointer and x_keyboard classes.
>       xselinux: Allow SetWindowCreateContext to be used for pixmaps as well.
>       dix: Export IsPointerDevice() and IsKeyboardDevice().
>       xselinux: Use the now-exported IsPointerDevice() instead of a copy.
>       xselinux: Note something in the log if disabled by boolean.
>       Remove some debug messages that trigger on XACE event delivery failure.

I should have spotted this earlier but - the last patch is not quite
optimal and the commit message makes it sound like a different issue.

EventToXI can return BadMatch, BadAlloc and BadImplementation. Both of the
latter are worth noting in the log file since things are expected to go bad
if that happens  EventToCore only returns BadMatch or BadImplementation on
failure (in both cases, BadImplementation is logged anyway).

The reason why XACE triggered these logs is because the if condition was
joined. XACE doesn't modify rc either, so just reading this patch and the
associated commit message is confusing.

I think it'd be better to split the condition from the current 

if (rc == Success && XACE(...) == Success)

to something like this

if (rc == Success) {
     if (XACE == Success) {
         do stuff
} else {
     log message

any opinions?


More information about the xorg-devel mailing list