xserver: Branch 'XACE-SELINUX' - 5 commits

Eamon Walsh ewalsh at kemper.freedesktop.org
Wed Apr 4 02:25:21 EEST 2007 

 Xext/security.c |   75 ++++++++++++++++++++++++++++----------------------------
 Xext/xacestr.h  |    3 --
 dix/privates.c  |    2 -
 dix/window.c    |    9 ++++++
 4 files changed, 49 insertions(+), 40 deletions(-)

New commits:
diff-tree 1cb84768f376b477a08a558854609b0743f2bd29 (from 14aea12cadef647369e44639ff5024dd7034570a)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Tue Apr 3 15:31:16 2007 -0400

    security: rewrite to use new devPrivates support.

diff --git a/Xext/security.c b/Xext/security.c
index bc92594..ad04045 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -30,6 +30,7 @@ in this Software without prior written a
 
 #include "scrnintstr.h"
 #include "colormapst.h"
+#include "privates.h"
 #include "xacestr.h"
 #include "securitysrv.h"
 #include <X11/extensions/securstr.h>
@@ -53,23 +54,23 @@ in this Software without prior written a
 
 static int SecurityErrorBase;  /* first Security error number */
 static int SecurityEventBase;  /* first Security event number */
-static int securityClientPrivateIndex;
-static int securityExtnsnPrivateIndex;
+static devprivate_key_t stateKey;
 
 /* this is what we store as client security state */
 typedef struct {
+    int haveState;
     unsigned int trustLevel;
     XID authId;
 } SecurityClientStateRec;
 
-#define STATEVAL(extnsn) \
-    ((extnsn)->devPrivates[securityExtnsnPrivateIndex].val)
-#define STATEPTR(client) \
-    ((client)->devPrivates[securityClientPrivateIndex].ptr)
-#define TRUSTLEVEL(client) \
-    (((SecurityClientStateRec*)STATEPTR(client))->trustLevel)
-#define AUTHID(client) \
-    (((SecurityClientStateRec*)STATEPTR(client))->authId)
+#define EXTLEVEL(extnsn) ((Bool) \
+    dixLookupPrivate(DEVPRIV_PTR(extnsn), &stateKey))
+#define HAVESTATE(client) (((SecurityClientStateRec *) \
+    dixLookupPrivate(DEVPRIV_PTR(client), &stateKey))->haveState)
+#define TRUSTLEVEL(client) (((SecurityClientStateRec *) \
+    dixLookupPrivate(DEVPRIV_PTR(client), &stateKey))->trustLevel)
+#define AUTHID(client)(((SecurityClientStateRec *) \
+    dixLookupPrivate(DEVPRIV_PTR(client), &stateKey))->authId)
 
 static CallbackListPtr SecurityValidateGroupCallback = NULL;
 
@@ -1149,7 +1150,7 @@ SecurityClientStateCallback(CallbackList
 	    SecurityAuthorizationPtr pAuth;
 
 	    /* client may not have any state (bad authorization) */
-	    if (!STATEPTR(client))
+	    if (!HAVESTATE(client))
 		break;
 
 	    pAuth = (SecurityAuthorizationPtr)LookupIDByType(AUTHID(client),
@@ -1185,7 +1186,7 @@ SecurityCheckMapAccess(CallbackListPtr *
     XaceMapAccessRec *rec = (XaceMapAccessRec*)calldata;
     WindowPtr pWin = rec->pWin;
 
-    if (STATEPTR(rec->client) &&
+    if (HAVESTATE(rec->client) &&
 	(TRUSTLEVEL(rec->client) != XSecurityClientTrusted) &&
 	(pWin->drawable.class == InputOnly) &&
 	pWin->parent && pWin->parent->parent &&
@@ -1211,7 +1212,7 @@ SecurityCheckExtAccess(CallbackListPtr *
     XaceExtAccessRec *rec = (XaceExtAccessRec*)calldata;
 
     if ((TRUSTLEVEL(rec->client) != XSecurityClientTrusted) &&
-	!STATEVAL(rec->ext))
+	!EXTLEVEL(rec->ext))
 
 	rec->rval = FALSE;
 }
@@ -1241,7 +1242,7 @@ SecurityDeclareExtSecure(CallbackListPtr
     XaceDeclareExtSecureRec *rec = (XaceDeclareExtSecureRec*)calldata;
 
     /* security state for extensions is simply a boolean trust value */
-    STATEVAL(rec->ext) = rec->secure;
+    dixSetPrivate(DEVPRIV_PTR(rec->ext), &stateKey, (pointer)rec->secure);
 }
 
 /**********************************************************************/
@@ -1887,29 +1888,14 @@ XSecurityOptions(argc, argv, i)
 void
 SecurityExtensionSetup(INITARGS)
 {
-    /* Allocate the client private index */
-    securityClientPrivateIndex = AllocateClientPrivateIndex();
-    if (!AllocateClientPrivate(securityClientPrivateIndex,
-			       sizeof (SecurityClientStateRec)))
-	FatalError("SecurityExtensionSetup: Can't allocate client private.\n");
-
-    /* Allocate the extension private index */
-    securityExtnsnPrivateIndex = AllocateExtensionPrivateIndex();
-    if (!AllocateExtensionPrivate(securityExtnsnPrivateIndex, 0))
-	FatalError("SecurityExtensionSetup: Can't allocate extnsn private.\n");
-
-    /* register callbacks */
-#define XaceRC XaceRegisterCallback
-    XaceRC(XACE_RESOURCE_ACCESS, SecurityCheckResourceIDAccess, NULL);
-    XaceRC(XACE_DEVICE_ACCESS, SecurityCheckDeviceAccess, NULL);
-    XaceRC(XACE_PROPERTY_ACCESS, SecurityCheckPropertyAccess, NULL);
-    XaceRC(XACE_DRAWABLE_ACCESS, SecurityCheckDrawableAccess, NULL);
-    XaceRC(XACE_MAP_ACCESS, SecurityCheckMapAccess, NULL);
-    XaceRC(XACE_BACKGRND_ACCESS, SecurityCheckBackgrndAccess, NULL);
-    XaceRC(XACE_EXT_DISPATCH, SecurityCheckExtAccess, NULL);
-    XaceRC(XACE_EXT_ACCESS, SecurityCheckExtAccess, NULL);
-    XaceRC(XACE_HOSTLIST_ACCESS, SecurityCheckHostlistAccess, NULL);
-    XaceRC(XACE_DECLARE_EXT_SECURE, SecurityDeclareExtSecure, NULL);
+    /* FIXME: this is here so it is registered before other extensions
+     * init themselves.  This also required commit 5e946dd853a4ebc... to
+     * call the setup functions on each server reset.
+     *
+     * The extension security bit should be delivered in some other way,
+     * either in a symbol or in the module data.
+     */
+    XaceRegisterCallback(XACE_DECLARE_EXT_SECURE, SecurityDeclareExtSecure, 0);
 } /* SecurityExtensionSetup */
 
 
@@ -1939,6 +1925,10 @@ SecurityExtensionInit(INITARGS)
 
     RTEventClient |= RC_NEVERRETAIN;
 
+    /* Allocate the private storage */
+    if (!dixRequestPrivate(&stateKey, sizeof(SecurityClientStateRec)))
+	FatalError("SecurityExtensionSetup: Can't allocate client private.\n");
+
     if (!AddCallback(&ClientStateCallback, SecurityClientStateCallback, NULL))
 	return;
 
@@ -1955,4 +1945,15 @@ SecurityExtensionInit(INITARGS)
 
     SecurityLoadPropertyAccessList();
 
+    /* register callbacks */
+#define XaceRC XaceRegisterCallback
+    XaceRC(XACE_RESOURCE_ACCESS, SecurityCheckResourceIDAccess, NULL);
+    XaceRC(XACE_DEVICE_ACCESS, SecurityCheckDeviceAccess, NULL);
+    XaceRC(XACE_PROPERTY_ACCESS, SecurityCheckPropertyAccess, NULL);
+    XaceRC(XACE_DRAWABLE_ACCESS, SecurityCheckDrawableAccess, NULL);
+    XaceRC(XACE_MAP_ACCESS, SecurityCheckMapAccess, NULL);
+    XaceRC(XACE_BACKGRND_ACCESS, SecurityCheckBackgrndAccess, NULL);
+    XaceRC(XACE_EXT_DISPATCH, SecurityCheckExtAccess, NULL);
+    XaceRC(XACE_EXT_ACCESS, SecurityCheckExtAccess, NULL);
+    XaceRC(XACE_HOSTLIST_ACCESS, SecurityCheckHostlistAccess, NULL);
 } /* SecurityExtensionInit */
diff-tree 14aea12cadef647369e44639ff5024dd7034570a (from 353e19fd5e18ad55a0dd12a7b63f6af9df7bfe6b)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Tue Apr 3 15:23:56 2007 -0400

    xace: forgot one of the hook call arguments.  Add it.

diff --git a/dix/window.c b/dix/window.c
index 2e85209..9967053 100644
--- a/dix/window.c
+++ b/dix/window.c
@@ -731,7 +731,8 @@ CreateWindow(Window wid, WindowPtr pPare
 
     /*  security creation/labeling check
      */
-    if (!XaceHook(XACE_RESOURCE_ACCESS, wid, RT_WINDOW, DixCreateAccess, pWin))
+    if (!XaceHook(XACE_RESOURCE_ACCESS, client,
+		  wid, RT_WINDOW, DixCreateAccess, pWin))
     {
 	xfree(pWin);
 	*error = BadAccess;
diff-tree 353e19fd5e18ad55a0dd12a7b63f6af9df7bfe6b (from 327bc332a61294209d39286228199f54bdde73d1)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Tue Apr 3 14:06:02 2007 -0400

    devPrivates rework: zero out newly allocated private space.

diff --git a/dix/privates.c b/dix/privates.c
index cc4b016..8a39437 100644
--- a/dix/privates.c
+++ b/dix/privates.c
@@ -107,7 +107,7 @@ dixAllocatePrivate(PrivateRec **privates
     if (item)
 	size += item->size;
 
-    ptr = (PrivateRec *)xalloc(size);
+    ptr = (PrivateRec *)xcalloc(size, 1);
     if (!ptr)
 	return NULL;
     ptr->key = key;
diff-tree 327bc332a61294209d39286228199f54bdde73d1 (from 299ff4c82998d2a32204bfbecde4993dfbd3d4a5)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Wed Mar 28 13:00:03 2007 -0400

    xace: minor comment fixes.

diff --git a/Xext/xacestr.h b/Xext/xacestr.h
index dc1bdfc..184fb9b 100644
--- a/Xext/xacestr.h
+++ b/Xext/xacestr.h
@@ -37,7 +37,6 @@ typedef struct {
 } XaceCoreDispatchRec;
 
 /* XACE_RESOURCE_ACCESS */
-/* XACE_RESOURCE_CREATE */
 typedef struct {
     ClientPtr client;
     XID id;
@@ -79,7 +78,7 @@ typedef struct {
     int rval;
 } XaceMapAccessRec;
 
-/* XACE_EXT_DISPATCH_ACCESS */
+/* XACE_EXT_DISPATCH */
 /* XACE_EXT_ACCESS */
 typedef struct {
     ClientPtr client;
diff-tree 299ff4c82998d2a32204bfbecde4993dfbd3d4a5 (from 99b220969f2f8ba829bc8294b27ca90fd9311be4)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Wed Mar 28 12:57:11 2007 -0400

    xace: provide creation-time resource hook call in CreateWindow().

diff --git a/dix/window.c b/dix/window.c
index e4f1ae1..2e85209 100644
--- a/dix/window.c
+++ b/dix/window.c
@@ -729,6 +729,14 @@ CreateWindow(Window wid, WindowPtr pPare
 
     pWin->borderWidth = bw;
 
+    /*  security creation/labeling check
+     */
+    if (!XaceHook(XACE_RESOURCE_ACCESS, wid, RT_WINDOW, DixCreateAccess, pWin))
+    {
+	xfree(pWin);
+	*error = BadAccess;
+	return NullWindow;
+    }
     /*  can't let untrusted clients have background None windows;
      *  they make it too easy to steal window contents
      */

More information about the xorg-commit mailing list