[PATCH 3/4] XACE: Add generic support for property and selection polyinstantiation.
Eamon Walsh
ewalsh at tycho.nsa.gov
Wed Feb 27 20:41:47 PST 2008
Signed-off-by: Eamon Walsh <ewalsh at moss-charon.epoch.ncsc.mil>
---
Xext/security.c | 2 +-
Xext/xace.c | 9 +++++----
Xext/xace.h | 7 ++++---
Xext/xacestr.h | 4 ++--
Xext/xselinux.c | 24 +++++++++---------------
dix/property.c | 6 +++---
dix/selection.c | 2 +-
7 files changed, 25 insertions(+), 29 deletions(-)
diff --git a/Xext/security.c b/Xext/security.c
index cd67120..e82b976 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -910,7 +910,7 @@ SecurityProperty(CallbackListPtr *pcbl, pointer unused, pointer calldata)
{
XacePropertyAccessRec *rec = calldata;
SecurityStateRec *subj, *obj;
- ATOM name = rec->pProp->propertyName;
+ ATOM name = (*rec->ppProp)->propertyName;
Mask requested = rec->access_mode;
Mask allowed = SecurityResourceMask | DixReadAccess;
diff --git a/Xext/xace.c b/Xext/xace.c
index e88debc..8a8f8c6 100644
--- a/Xext/xace.c
+++ b/Xext/xace.c
@@ -56,16 +56,17 @@ int XaceHookDispatch(ClientPtr client, int major)
}
int XaceHookPropertyAccess(ClientPtr client, WindowPtr pWin,
- PropertyPtr pProp, Mask access_mode)
+ PropertyPtr *ppProp, Mask access_mode)
{
- XacePropertyAccessRec rec = { client, pWin, pProp, access_mode, Success };
+ XacePropertyAccessRec rec = { client, pWin, ppProp, access_mode, Success };
CallCallbacks(&XaceHooks[XACE_PROPERTY_ACCESS], &rec);
return rec.status;
}
-int XaceHookSelectionAccess(ClientPtr client, Atom name, Mask access_mode)
+int XaceHookSelectionAccess(ClientPtr client,
+ Selection **ppSel, Mask access_mode)
{
- XaceSelectionAccessRec rec = { client, name, access_mode, Success };
+ XaceSelectionAccessRec rec = { client, ppSel, access_mode, Success };
CallCallbacks(&XaceHooks[XACE_SELECTION_ACCESS], &rec);
return rec.status;
}
diff --git a/Xext/xace.h b/Xext/xace.h
index 1f07d9f..bd69bca 100644
--- a/Xext/xace.h
+++ b/Xext/xace.h
@@ -29,6 +29,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#include "region.h"
#include "window.h"
#include "property.h"
+#include "selection.h"
/* Default window background */
#define XaceBackgroundNoneState(w) ((w)->forcedBG ? BackgroundPixel : None)
@@ -68,9 +69,9 @@ extern int XaceHook(
*/
extern int XaceHookDispatch(ClientPtr ptr, int major);
extern int XaceHookPropertyAccess(ClientPtr ptr, WindowPtr pWin,
- PropertyPtr pProp, Mask access_mode);
-extern int XaceHookSelectionAccess(ClientPtr ptr, Atom name,
- Mask access_mode);
+ PropertyPtr *ppProp, Mask access_mode);
+extern int XaceHookSelectionAccess(ClientPtr ptr,
+ Selection **ppSel, Mask access_mode);
extern void XaceHookAuditEnd(ClientPtr ptr, int result);
/* Register a callback for a given hook.
diff --git a/Xext/xacestr.h b/Xext/xacestr.h
index e31d424..ba115a4 100644
--- a/Xext/xacestr.h
+++ b/Xext/xacestr.h
@@ -59,7 +59,7 @@ typedef struct {
typedef struct {
ClientPtr client;
WindowPtr pWin;
- PropertyPtr pProp;
+ PropertyPtr *ppProp;
Mask access_mode;
int status;
} XacePropertyAccessRec;
@@ -110,7 +110,7 @@ typedef struct {
/* XACE_SELECTION_ACCESS */
typedef struct {
ClientPtr client;
- Atom name;
+ Selection **ppSel;
Mask access_mode;
int status;
} XaceSelectionAccessRec;
diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index 142de32..00e347c 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -679,14 +679,15 @@ SELinuxProperty(CallbackListPtr *pcbl, pointer unused, pointer calldata)
SELinuxSubjectRec *subj;
SELinuxObjectRec *obj;
SELinuxAuditRec auditdata = { .client = rec->client };
+ PropertyPtr pProp = *rec->ppProp;
int rc;
subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey);
- obj = dixLookupPrivate(&rec->pProp->devPrivates, objectKey);
+ obj = dixLookupPrivate(&pProp->devPrivates, objectKey);
/* If this is a new object that needs labeling, do it now */
if (rec->access_mode & DixCreateAccess) {
- const char *name = NameForAtom(rec->pProp->propertyName);
+ const char *name = NameForAtom(pProp->propertyName);
security_context_t con;
security_id_t sid;
@@ -717,7 +718,7 @@ SELinuxProperty(CallbackListPtr *pcbl, pointer unused, pointer calldata)
}
/* Perform the security check */
- auditdata.property = rec->pProp->propertyName;
+ auditdata.property = pProp->propertyName;
rc = SELinuxDoCheck(subj, obj, SECCLASS_X_PROPERTY, rec->access_mode,
&auditdata);
if (rc != Success)
@@ -858,17 +859,18 @@ SELinuxSelection(CallbackListPtr *pcbl, pointer unused, pointer calldata)
SELinuxSubjectRec *subj;
SELinuxObjectRec sel_sid;
SELinuxAuditRec auditdata = { .client = rec->client };
+ Selection *pSel = *rec->ppSel;
int rc;
subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey);
- rc = SELinuxSelectionToSID(rec->name, &sel_sid);
+ rc = SELinuxSelectionToSID(pSel->selection, &sel_sid);
if (rc != Success) {
rec->status = rc;
return;
}
- auditdata.selection = rec->name;
+ auditdata.selection = pSel->selection;
rc = SELinuxDoCheck(subj, &sel_sid, SECCLASS_X_SELECTION, rec->access_mode,
&auditdata);
if (rc != Success)
@@ -1194,16 +1196,8 @@ ProcSELinuxGetPropertyContext(ClientPtr client)
if (rc != Success)
return rc;
- pProp = wUserProps(pWin);
- while (pProp) {
- if (pProp->propertyName == stuff->property)
- break;
- pProp = pProp->next;
- }
- if (!pProp)
- return BadValue;
-
- rc = XaceHookPropertyAccess(client, pWin, pProp, DixGetAttrAccess);
+ rc = dixLookupProperty(&pProp, pWin, stuff->property, client,
+ DixGetAttrAccess);
if (rc != Success)
return rc;
diff --git a/dix/property.c b/dix/property.c
index e74becf..be68f07 100644
--- a/dix/property.c
+++ b/dix/property.c
@@ -103,7 +103,7 @@ dixLookupProperty(PropertyPtr *result, WindowPtr pWin, Atom propertyName,
break;
if (pProp)
- rc = XaceHookPropertyAccess(client, pWin, pProp, access_mode);
+ rc = XaceHookPropertyAccess(client, pWin, &pProp, access_mode);
*result = pProp;
return rc;
}
@@ -284,7 +284,7 @@ dixChangeWindowProperty(ClientPtr pClient, WindowPtr pWin, Atom property,
memmove((char *)data, (char *)value, totalSize);
pProp->size = len;
pProp->devPrivates = NULL;
- rc = XaceHookPropertyAccess(pClient, pWin, pProp,
+ rc = XaceHookPropertyAccess(pClient, pWin, &pProp,
DixCreateAccess|DixWriteAccess);
if (rc != Success) {
xfree(data);
@@ -588,7 +588,7 @@ ProcListProperties(ClientPtr client)
temppAtoms = pAtoms;
for (pProp = wUserProps(pWin); pProp; pProp = pProp->next) {
realProp = pProp;
- rc = XaceHookPropertyAccess(client, pWin, pProp, DixGetAttrAccess);
+ rc = XaceHookPropertyAccess(client, pWin, &realProp, DixGetAttrAccess);
if (rc == Success && realProp == pProp) {
*temppAtoms++ = pProp->propertyName;
numProps++;
diff --git a/dix/selection.c b/dix/selection.c
index e04fa5c..d1d6aaf 100644
--- a/dix/selection.c
+++ b/dix/selection.c
@@ -80,7 +80,7 @@ dixLookupSelection(Selection **result, Atom selectionName,
for (i = 0; i < NumCurrentSelections; i++)
if (CurrentSelections[i].selection == selectionName) {
pSel = CurrentSelections + i;
- rc = XaceHookSelectionAccess(client, selectionName, access_mode);
+ rc = XaceHookSelectionAccess(client, &pSel, access_mode);
break;
}
--
1.5.4.3
More information about the xorg
mailing list