Hi,<br><br>Looks good to me, although I thought this was handled at the callsites. I guess some callsites have been added or changed that pass in the special ID's.<br><br>Acked-by: Eamon Walsh <<a href="mailto:efw@eamonwalsh.com">efw@eamonwalsh.com</a>><br>
<br><br><div class="gmail_quote">On Tue, Jun 12, 2012 at 9:49 AM, Richard Haines <span dir="ltr"><<a href="mailto:richard_c_haines@btinternet.com" target="_blank">richard_c_haines@btinternet.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">This patch was created using xorg-server-1.12.0 source.<br>
<br>
When using Fedora 17 with xorg-server-1.12.0 and SELinux is enabled<br>
('setsebool xserver_object_manager on') the xserver will not load. The X<br>
log file has a seg fault pointing to XACE/SELinux. Bug 50641 was raised<br>
(<a href="https://bugs.freedesktop.org/show_bug.cgi?id=50641" target="_blank">https://bugs.freedesktop.org/show_bug.cgi?id=50641</a>). The patch below is a<br>
possible fix.<br>
<br>
The bug is caused by X calling XaceHook(XACE_DEVICE_ACCESS, client, ...)<br>
with a device ID of '1' that is XIAllMasterDevices. It would also happen<br>
if the device ID = 0 (XIAllDevices).<br>
<br>
The only places currently seen calling with a device id=1 are:<br>
GrabKey - in Xi/exevents.c and AddPassiveGrabToList - in dix/grabs.c<br>
These start life in ProcXIPassiveGrabDevice (in Xi/xipassivegrab.c) that<br>
has been called by XIGrabKeycode.<br>
<br>
The patch has been tested using the other XI calls that would also impact<br>
this: XIGrabTouchBegin, XIGrabButton, XIGrabFocusIn and XIGrabEnter with<br>
and without the correct permissions (grab and freeze) with no problems.<br>
<br>
Both possible classes have to be checked (x_keyboard and x_pointer) as it<br>
is not known whether it is a pointer or keyboard as this info is not<br>
available. To get this info would require a change to the<br>
XaceHook(XACE_DEVICE_ACCESS, client, ..) call to pass an additional<br>
parameter stating the actual devices (that would defeat the objective of<br>
the XIAllMasterDevices and XIAllDevices dev ids).<br>
<br>
Note that there are other devices apart from the keyboard and pointer, for<br>
example on the test system: DeviceID: 9 is the Integrated_Webcam_1.3M. As<br>
it is classed as a slave keyboard it is checked.<br>
<br>
Signed-off-by: Richard Haines <<a href="mailto:richard_c_haines@btinternet.com">richard_c_haines@btinternet.com</a>><br>
---<br>
Xext/xselinux_hooks.c | 44 +++++++++++++++++++++++++++++++++++++++-----<br>
1 file changed, 39 insertions(+), 5 deletions(-)<br>
<br>
diff --git a/Xext/xselinux_hooks.c b/Xext/xselinux_hooks.c<br>
index 0d4c9ab..c2b21d6 100644<br>
--- a/Xext/xselinux_hooks.c<br>
+++ b/Xext/xselinux_hooks.c<br>
@@ -336,9 +336,17 @@ SELinuxDevice(CallbackListPtr *pcbl, pointer unused, pointer calldata)<br>
SELinuxAuditRec auditdata = { .client = rec->client, .dev = rec->dev };<br>
security_class_t cls;<br>
int rc;<br>
+ DeviceIntPtr dev = NULL;<br>
+ int i = 0;<br>
<br>
subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey);<br>
- obj = dixLookupPrivate(&rec->dev->devPrivates, objectKey);<br>
+ /*<br>
+ * The XIAllMasterDevices or XIAllDevices do not have devPrivates<br>
+ * entries. Therefore dixLookupPrivate for the object is done later<br>
+ * for these device IDs.<br>
+ */<br>
+ if (rec->dev->id != XIAllDevices && rec->dev->id != XIAllMasterDevices)<br>
+ obj = dixLookupPrivate(&rec->dev->devPrivates, objectKey);<br>
<br>
/* If this is a new object that needs labeling, do it now */<br>
if (rec->access_mode & DixCreateAccess) {<br>
@@ -356,12 +364,38 @@ SELinuxDevice(CallbackListPtr *pcbl, pointer unused, pointer calldata)<br>
}<br>
}<br>
<br>
- cls = IsPointerDevice(rec->dev) ? SECCLASS_X_POINTER : SECCLASS_X_KEYBOARD;<br>
- rc = SELinuxDoCheck(subj, obj, cls, rec->access_mode, &auditdata);<br>
- if (rc != Success)<br>
- rec->status = rc;<br>
+ if (rec->dev->id != XIAllDevices && rec->dev->id != XIAllMasterDevices) {<br>
+ cls = IsPointerDevice(rec->dev) ? SECCLASS_X_POINTER : SECCLASS_X_KEYBOARD;<br>
+ rc = SELinuxDoCheck(subj, obj, cls, rec->access_mode, &auditdata);<br>
+ if (rc != Success)<br>
+ rec->status = rc;<br>
+ return;<br>
+ } else {<br>
+ /*<br>
+ * Device ID must be 0 or 1<br>
+ * We have to check both possible classes as we don't know whether it<br>
+ * was a pointer or keyboard. Therefore all devices are checked for:<br>
+ * rec->dev->id == XIAllDevices<br>
+ * and only masters for:<br>
+ * rec->dev->id == XIAllMasterDevices<br>
+ *<br>
+ * An error is returned should any device fail SELinuxDoCheck<br>
+ */<br>
+ for (dev = inputInfo.devices; dev; dev = dev->next, i++) {<br>
+ if (!IsMaster(dev) && rec->dev->id == XIAllMasterDevices)<br>
+ continue;<br>
+ cls = IsPointerDevice(dev) ? SECCLASS_X_POINTER : SECCLASS_X_KEYBOARD;<br>
+ obj = dixLookupPrivate(&dev->devPrivates, objectKey);<br>
+ rc = SELinuxDoCheck(subj, obj, cls, rec->access_mode, &auditdata);<br>
+ if (rc != Success) {<br>
+ rec->status = rc;<br>
+ return;<br>
+ }<br>
+ }<br>
+ }<br>
}<br>
<br>
+<br>
static void<br>
SELinuxSend(CallbackListPtr *pcbl, pointer unused, pointer calldata)<br>
{<br>
<span class="HOEnZb"><font color="#888888">--<br>
1.7.10.2<br>
<br>
_______________________________________________<br>
<a href="mailto:xorg-devel@lists.x.org">xorg-devel@lists.x.org</a>: X.Org development<br>
Archives: <a href="http://lists.x.org/archives/xorg-devel" target="_blank">http://lists.x.org/archives/xorg-devel</a><br>
Info: <a href="http://lists.x.org/mailman/listinfo/xorg-devel" target="_blank">http://lists.x.org/mailman/listinfo/xorg-devel</a><br>
</font></span></blockquote></div><br>