[PATCH 3/3] Xext: Enable client ID tracking in extensions (SELinux).
Rami Ylimäki
rami.ylimaki at vincit.fi
Mon Aug 30 06:29:33 PDT 2010
Make SELinux use the public interface for querying client command
string. SELinux could be optimized further by removing its own copy of
the command string. However, that optimization has been left out for
simplicity.
Signed-off-by: Rami Ylimäki <rami.ylimaki at vincit.fi>
---
I haven't tested SELinux extension with this patch. I've only checked
that similar changes in a different context are working correctly.
Xext/xselinux_hooks.c | 37 ++++++++-----------------------------
1 files changed, 8 insertions(+), 29 deletions(-)
diff --git a/Xext/xselinux_hooks.c b/Xext/xselinux_hooks.c
index 560e1e9..baca533 100644
--- a/Xext/xselinux_hooks.c
+++ b/Xext/xselinux_hooks.c
@@ -33,6 +33,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#include <libaudit.h>
#include <X11/Xatom.h>
+#include "client.h"
#include "selection.h"
#include "inputstr.h"
#include "scrnintstr.h"
@@ -129,26 +130,12 @@ SELinuxLabelClient(ClientPtr client)
/* For local clients, try and determine the executable name */
if (XaceIsLocal(client)) {
- struct ucred creds;
- socklen_t len = sizeof(creds);
- char path[PATH_MAX + 1];
- size_t bytes;
+ const char *cmd = GetClientCmd(client);
- memset(&creds, 0, sizeof(creds));
- if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &creds, &len) < 0)
+ if (!cmd)
goto finish;
- snprintf(path, PATH_MAX + 1, "/proc/%d/cmdline", creds.pid);
- fd = open(path, O_RDONLY);
- if (fd < 0)
- goto finish;
-
- bytes = read(fd, path, PATH_MAX + 1);
- close(fd);
- if (bytes <= 0)
- goto finish;
-
- strncpy(subj->command, path, COMMAND_LEN - 1);
+ strncpy(subj->command, cmd, COMMAND_LEN - 1);
}
finish:
@@ -741,16 +728,8 @@ SELinuxServer(CallbackListPtr *pcbl, pointer unused, pointer calldata)
static void
SELinuxClientState(CallbackListPtr *pcbl, pointer unused, pointer calldata)
{
- NewClientInfoRec *pci = calldata;
-
- switch (pci->client->clientState) {
- case ClientStateInitial:
- SELinuxLabelClient(pci->client);
- break;
-
- default:
- break;
- }
+ ClientPtr client = calldata;
+ SELinuxLabelClient(client);
}
static void
@@ -819,7 +798,7 @@ void
SELinuxFlaskReset(void)
{
/* Unregister callbacks */
- DeleteCallback(&ClientStateCallback, SELinuxClientState, NULL);
+ DeleteCallback(GetClientIdsReservedCbs(), SELinuxClientState, NULL);
DeleteCallback(&ResourceStateCallback, SELinuxResourceState, NULL);
XaceDeleteCallback(XACE_EXT_DISPATCH, SELinuxExtension, NULL);
@@ -912,7 +891,7 @@ SELinuxFlaskInit(void)
NULL);
/* Register callbacks */
- ret &= AddCallback(&ClientStateCallback, SELinuxClientState, NULL);
+ ret &= AddCallback(GetClientIdsReservedCbs(), SELinuxClientState, NULL);
ret &= AddCallback(&ResourceStateCallback, SELinuxResourceState, NULL);
ret &= XaceRegisterCallback(XACE_EXT_DISPATCH, SELinuxExtension, NULL);
--
1.6.3.3
More information about the xorg-devel
mailing list