xserver: Branch 'XACE-SELINUX' - 2 commits
Eamon Walsh
ewalsh at kemper.freedesktop.org
Mon Aug 6 11:08:35 PDT 2007
Xext/SecurityPolicy | 12 --
Xext/bigreq.c | 2
Xext/security.c | 116 ++++++--------------
Xext/securitysrv.h | 2
Xext/xcmisc.c | 2
Xext/xprint.c | 1
dix/extension.c | 8 -
hw/xfree86/dixmods/extmod/modinit.h | 1
hw/xfree86/loader/dixsym.c | 1
include/extnsionst.h | 4
mi/miinitext.c | 6 -
os/Makefile.am | 7 -
os/auth.c | 11 -
os/connection.c | 11 -
os/osdep.h | 3
os/secauth.c | 202 ------------------------------------
16 files changed, 45 insertions(+), 344 deletions(-)
New commits:
diff-tree 375864cb74cced40ae688078b1f7750998972535 (from d445d2f22b5c97fa010370f4ba9cb0555df4a853)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Fri Aug 3 13:23:34 2007 -0400
security: drop support for XC-QUERY-SECURITY authorization method.
diff --git a/Xext/SecurityPolicy b/Xext/SecurityPolicy
index 0000c5a..04dfb0e 100644
--- a/Xext/SecurityPolicy
+++ b/Xext/SecurityPolicy
@@ -2,13 +2,6 @@ version-1
# $Xorg: SecurityPolicy,v 1.3 2000/08/17 19:47:56 cpqbld Exp $
-# The site policy fields are interpreted by the XC-QUERY-SECURITY-1
-# authorization protocol. The values are arbitrary and site-specific.
-# Refer to the Security Extension Specification for the usage of the policies.
-#sitepolicy A
-#sitepolicy B
-#sitepolicy C
-
# Property access rules:
# property <property> <window> <permissions>
# <window> ::= any | root | <propertyselector>
diff --git a/Xext/security.c b/Xext/security.c
index b1c0ce0..9e3b2dd 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -1526,64 +1526,6 @@ SecurityParseExtensionRule(
} /* SecurityParseExtensionRule */
-static char **SecurityPolicyStrings = NULL;
-static int nSecurityPolicyStrings = 0;
-
-static Bool
-SecurityParseSitePolicy(
- char *p)
-{
- char *policyStr = SecurityParseString(&p);
- char *copyPolicyStr;
- char **newStrings;
-
- if (!policyStr)
- return FALSE;
-
- copyPolicyStr = (char *)Xalloc(strlen(policyStr) + 1);
- if (!copyPolicyStr)
- return TRUE;
- strcpy(copyPolicyStr, policyStr);
- newStrings = (char **)Xrealloc(SecurityPolicyStrings,
- sizeof (char *) * (nSecurityPolicyStrings + 1));
- if (!newStrings)
- {
- Xfree(copyPolicyStr);
- return TRUE;
- }
-
- SecurityPolicyStrings = newStrings;
- SecurityPolicyStrings[nSecurityPolicyStrings++] = copyPolicyStr;
-
- return TRUE;
-
-} /* SecurityParseSitePolicy */
-
-
-char **
-SecurityGetSitePolicyStrings(n)
- int *n;
-{
- *n = nSecurityPolicyStrings;
- return SecurityPolicyStrings;
-} /* SecurityGetSitePolicyStrings */
-
-static void
-SecurityFreeSitePolicyStrings(void)
-{
- if (SecurityPolicyStrings)
- {
- assert(nSecurityPolicyStrings);
- while (nSecurityPolicyStrings--)
- {
- Xfree(SecurityPolicyStrings[nSecurityPolicyStrings]);
- }
- Xfree(SecurityPolicyStrings);
- SecurityPolicyStrings = NULL;
- nSecurityPolicyStrings = 0;
- }
-} /* SecurityFreeSitePolicyStrings */
-
static void
SecurityFreeTrustedExtensionStrings(void)
{
@@ -1646,6 +1588,7 @@ SecurityLoadPropertyAccessList(void)
switch (SecurityParseKeyword(&p))
{
case SecurityKeywordComment:
+ case SecurityKeywordSitePolicy:
validLine = TRUE;
break;
@@ -1653,10 +1596,6 @@ SecurityLoadPropertyAccessList(void)
validLine = SecurityParsePropertyAccessRule(p);
break;
- case SecurityKeywordSitePolicy:
- validLine = SecurityParseSitePolicy(p);
- break;
-
case SecurityKeywordExtension:
validLine = SecurityParseExtensionRule(p);
break;
@@ -1837,7 +1776,6 @@ SecurityResetProc(
{
SecurityFreePropertyAccessList();
SecurityFreeTrustedExtensionStrings();
- SecurityFreeSitePolicyStrings();
} /* SecurityResetProc */
diff --git a/Xext/securitysrv.h b/Xext/securitysrv.h
index 67d864e..7320ab7 100644
--- a/Xext/securitysrv.h
+++ b/Xext/securitysrv.h
@@ -84,6 +84,4 @@ extern int XSecurityOptions(int argc, ch
#define SECURITY_POLICY_FILE_VERSION "version-1"
-extern char **SecurityGetSitePolicyStrings(int *n);
-
#endif /* _SECURITY_SRV_H */
diff --git a/os/Makefile.am b/os/Makefile.am
index 53b2d7f..9dd1b54 100644
--- a/os/Makefile.am
+++ b/os/Makefile.am
@@ -6,7 +6,6 @@ AM_CFLAGS = $(DIX_CFLAGS)
SECURERPC_SRCS = rpcauth.c
INTERNALMALLOC_SRCS = xalloc.c
-XCSECURITY_SRCS = secauth.c
XDMCP_SRCS = xdmcp.c
STRLCAT_SRCS = strlcat.c strlcpy.c
XORG_SRCS = log.c
@@ -28,10 +27,6 @@ libos_la_SOURCES = \
xprintf.c \
$(XORG_SRCS)
-if XCSECURITY
-libos_la_SOURCES += $(XCSECURITY_SRCS)
-endif
-
if XDMCP
libos_la_SOURCES += $(XDMCP_SRCS)
endif
@@ -48,7 +43,7 @@ libcwrapper_la_CFLAGS = \
$(AM_CFLAGS)
EXTRA_DIST = $(SECURERPC_SRCS) $(INTERNALMALLOC_SRCS) \
- $(XCSECURITY_SRCS) $(XDMCP_SRCS) $(STRLCAT_SRCS)
+ $(XDMCP_SRCS) $(STRLCAT_SRCS)
if XSERVER_DTRACE
# Generate dtrace object code for probes in libos & libdix
diff --git a/os/auth.c b/os/auth.c
index b2a145f..d2aa980 100644
--- a/os/auth.c
+++ b/os/auth.c
@@ -42,9 +42,6 @@ from The Open Group.
# include "dixstruct.h"
# include <sys/types.h>
# include <sys/stat.h>
-#ifdef XCSECURITY
-# include "securitysrv.h"
-#endif
#ifdef WIN32
#include <X11/Xw32defs.h>
#endif
@@ -89,14 +86,6 @@ static struct protocol protocols[] = {
#endif
},
#endif
-#ifdef XCSECURITY
-{ (unsigned short) XSecurityAuthorizationNameLen,
- XSecurityAuthorizationName,
- NULL, AuthSecurityCheck, NULL,
- NULL, NULL, NULL,
- NULL
-},
-#endif
};
# define NUM_AUTHORIZATION (sizeof (protocols) /\
diff --git a/os/connection.c b/os/connection.c
index d975f87..c1152aa 100644
--- a/os/connection.c
+++ b/os/connection.c
@@ -140,9 +140,6 @@ SOFTWARE.
#include "appgroup.h"
#endif
#include "xace.h"
-#ifdef XCSECURITY
-#include "securitysrv.h"
-#endif
#ifdef X_NOT_POSIX
#define Pid_t int
@@ -669,13 +666,7 @@ ClientAuthorized(ClientPtr client,
if (auth_id == (XID) ~0L)
{
- if (
-#ifdef XCSECURITY
- (proto_n == 0 ||
- strncmp (auth_proto, XSecurityAuthorizationName, proto_n) != 0) &&
-#endif
- _XSERVTransGetPeerAddr (trans_conn,
- &family, &fromlen, &from) != -1)
+ if (_XSERVTransGetPeerAddr(trans_conn, &family, &fromlen, &from) != -1)
{
if (InvalidHost ((struct sockaddr *) from, fromlen, client))
AuthAudit(client, FALSE, (struct sockaddr *) from,
diff --git a/os/osdep.h b/os/osdep.h
index 965436d..0c07a90 100644
--- a/os/osdep.h
+++ b/os/osdep.h
@@ -260,9 +260,6 @@ extern int SecureRPCRemove (AuthRemCA
extern int SecureRPCReset (AuthRstCArgs);
#endif
-/* in secauth.c */
-extern XID AuthSecurityCheck (AuthCheckArgs);
-
/* in xdmcp.c */
extern void XdmcpUseMsg (void);
extern int XdmcpOptions(int argc, char **argv, int i);
diff --git a/os/secauth.c b/os/secauth.c
deleted file mode 100644
index d01879b..0000000
--- a/os/secauth.c
+++ /dev/null
@@ -1,202 +0,0 @@
-/*
-Copyright 1996, 1998 The Open Group
-
-Permission to use, copy, modify, distribute, and sell this software and its
-documentation for any purpose is hereby granted without fee, provided that
-the above copyright notice appear in all copies and that both that
-copyright notice and this permission notice appear in supporting
-documentation.
-
-The above copyright notice and this permission notice shall be included
-in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
-OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR
-OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
-ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
-OTHER DEALINGS IN THE SOFTWARE.
-
-Except as contained in this notice, the name of The Open Group shall
-not be used in advertising or otherwise to promote the sale, use or
-other dealings in this Software without prior written authorization
-from The Open Group.
-*/
-
-#ifdef HAVE_DIX_CONFIG_H
-#include <dix-config.h>
-#endif
-
-#include <X11/X.h>
-#include "os.h"
-#include "osdep.h"
-#include "dixstruct.h"
-#include "swaprep.h"
-
-#ifdef XCSECURITY
-#include "securitysrv.h"
-#endif
-
-static char InvalidPolicyReason[] = "invalid policy specification";
-static char PolicyViolationReason[] = "policy violation";
-
-static Bool
-AuthCheckSitePolicy(
- unsigned short *data_lengthP,
- char **dataP,
- ClientPtr client,
- char **reason)
-{
- CARD8 *policy = *(CARD8 **)dataP;
- int length;
- Bool permit;
- int nPolicies;
- char **sitePolicies;
- int nSitePolicies;
- Bool found = FALSE;
-
- if ((length = *data_lengthP) < 2) {
- *reason = InvalidPolicyReason;
- return FALSE;
- }
-
- permit = (*policy++ == 0);
- nPolicies = (CARD8) *policy++;
-
- length -= 2;
-
- sitePolicies = SecurityGetSitePolicyStrings(&nSitePolicies);
-
- while (nPolicies) {
- int strLen, sitePolicy;
-
- if (length == 0) {
- *reason = InvalidPolicyReason;
- return FALSE;
- }
-
- strLen = (CARD8) *policy++;
- if (--length < strLen) {
- *reason = InvalidPolicyReason;
- return FALSE;
- }
-
- if (!found)
- {
- for (sitePolicy = 0; sitePolicy < nSitePolicies; sitePolicy++)
- {
- char *testPolicy = sitePolicies[sitePolicy];
- if ((strLen == strlen(testPolicy)) &&
- (strncmp((char *)policy, testPolicy, strLen) == 0))
- {
- found = TRUE; /* need to continue parsing the policy... */
- break;
- }
- }
- }
-
- policy += strLen;
- length -= strLen;
- nPolicies--;
- }
-
- if (found != permit)
- {
- *reason = PolicyViolationReason;
- return FALSE;
- }
-
- *data_lengthP = length;
- *dataP = (char *)policy;
- return TRUE;
-}
-
-XID
-AuthSecurityCheck (
- unsigned short data_length,
- char *data,
- ClientPtr client,
- char **reason)
-{
-#ifdef XCSECURITY
- xConnSetupPrefix csp;
- xReq freq;
-
- if (client->clientState == ClientStateCheckedSecurity)
- {
- *reason = "repeated security check not permitted";
- return (XID) -1;
- }
- else if (data_length > 0)
- {
- char policy_mask = *data++;
-
- if (--data_length == 1) {
- *reason = InvalidPolicyReason;
- return (XID) -1;
- }
-
- if (policy_mask & 0x01) /* Extensions policy */
- {
- /* AuthCheckExtensionPolicy(&data_length, &data, client, reason) */
- *reason = "security policy not implemented";
- return (XID) -1;
- }
-
- if (policy_mask & 0x02) /* Site policy */
- {
- if (!AuthCheckSitePolicy(&data_length, &data, client, reason))
- return (XID) -1;
- }
-
- if (data_length > 0) { /* did we consume the whole policy? */
- *reason = InvalidPolicyReason;
- return (XID) -1;
- }
-
- }
- else if (!GetAccessControl())
- {
- /*
- * The client - possibly the X FireWall Proxy - gave
- * no auth data and host-based authorization is turned
- * off. In this case, the client should be denied
- * access to the X server.
- */
- *reason = "server host access control is disabled";
- return (XID) -1;
- }
-
- client->clientState = ClientStateCheckingSecurity;
-
- csp.success = 2 /* Authenticate */;
- csp.lengthReason = 0;
- csp.length = 0;
- csp.majorVersion = X_PROTOCOL;
- csp.minorVersion = X_PROTOCOL_REVISION;
- if (client->swapped)
- WriteSConnSetupPrefix(client, &csp);
- else
- (void)WriteToClient(client, sz_xConnSetupPrefix, (char *) &csp);
-
- /*
- * Next time the client sends the real auth data, we want
- * ProcEstablishConnection to be called.
- */
-
- freq.reqType = 1;
- freq.length = (sz_xReq + sz_xConnClientPrefix) >> 2;
- client->swapped = FALSE;
- if (!InsertFakeRequest(client, (char *)&freq, sz_xReq))
- {
- *reason = "internal error";
- return (XID) -1;
- }
-
- return (XID) 0;
-#else
- *reason = "method not supported";
- return (XID) -1;
-#endif
-}
diff-tree d445d2f22b5c97fa010370f4ba9cb0555df4a853 (from e34fcd2bf42dbd72ab6ce2df80f2dcaa13416e74)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Fri Aug 3 10:56:18 2007 -0400
security: drop the "declare extension security" dix call. Use the
SecurityPolicy configuration file instead.
diff --git a/Xext/SecurityPolicy b/Xext/SecurityPolicy
index cc521c2..0000c5a 100644
--- a/Xext/SecurityPolicy
+++ b/Xext/SecurityPolicy
@@ -86,3 +86,8 @@ property XDCCC_GRAY_CORRECTION root ar
# To let untrusted clients use the overlay visuals that many vendors
# support, include this line.
property SERVER_OVERLAY_VISUALS root ar
+
+# Only trusted extensions can be used by untrusted clients
+trust extension XC-MISC
+trust extension BIG-REQUESTS
+trust extension XpExtension
diff --git a/Xext/bigreq.c b/Xext/bigreq.c
index fcd848a..d388790 100644
--- a/Xext/bigreq.c
+++ b/Xext/bigreq.c
@@ -66,8 +66,6 @@ BigReqExtensionInit(INITARGS)
ProcBigReqDispatch, ProcBigReqDispatch,
BigReqResetProc, StandardMinorOpcode);
#endif
-
- DeclareExtensionSecurity(XBigReqExtensionName, TRUE);
}
/*ARGSUSED*/
diff --git a/Xext/security.c b/Xext/security.c
index b6df61a..b1c0ce0 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -63,8 +63,6 @@ typedef struct {
XID authId;
} SecurityClientStateRec;
-#define EXTLEVEL(extnsn) ((Bool) \
- dixLookupPrivate(DEVPRIV_PTR(extnsn), &stateKey))
#define HAVESTATE(client) (((SecurityClientStateRec *) \
dixLookupPrivate(DEVPRIV_PTR(client), &stateKey))->haveState)
#define TRUSTLEVEL(client) (((SecurityClientStateRec *) \
@@ -74,6 +72,9 @@ typedef struct {
static CallbackListPtr SecurityValidateGroupCallback = NULL;
+static char **SecurityTrustedExtensions = NULL;
+static int nSecurityTrustedExtensions = 0;
+
RESTYPE SecurityAuthorizationResType; /* resource type for authorizations */
static RESTYPE RTEventClient;
@@ -1210,10 +1211,13 @@ SecurityCheckExtAccess(CallbackListPtr *
pointer calldata)
{
XaceExtAccessRec *rec = (XaceExtAccessRec*)calldata;
+ int i, trusted = 0;
- if ((TRUSTLEVEL(rec->client) != XSecurityClientTrusted) &&
- !EXTLEVEL(rec->ext))
+ for (i = 0; i < nSecurityTrustedExtensions; i++)
+ if (!strcmp(SecurityTrustedExtensions[i], rec->ext->name))
+ trusted = 1;
+ if ((TRUSTLEVEL(rec->client) != XSecurityClientTrusted) && !trusted)
rec->status = BadAccess;
}
@@ -1235,16 +1239,6 @@ SecurityCheckHostlistAccess(CallbackList
}
}
-static void
-SecurityDeclareExtSecure(CallbackListPtr *pcbl, pointer unused,
- pointer calldata)
-{
- XaceDeclareExtSecureRec *rec = (XaceDeclareExtSecureRec*)calldata;
-
- /* security state for extensions is simply a boolean trust value */
- dixSetPrivate(DEVPRIV_PTR(rec->ext), &stateKey, (pointer)rec->secure);
-}
-
/**********************************************************************/
typedef struct _PropertyAccessRec {
@@ -1276,7 +1270,9 @@ static char *SecurityKeywords[] = {
#define SecurityKeywordRoot 3
"root",
#define SecurityKeywordAny 4
- "any"
+ "any",
+#define SecurityKeywordExtension 5
+ "trust extension",
};
#define NUMKEYWORDS (sizeof(SecurityKeywords) / sizeof(char *))
@@ -1500,6 +1496,36 @@ SecurityParsePropertyAccessRule(
return TRUE;
} /* SecurityParsePropertyAccessRule */
+static Bool
+SecurityParseExtensionRule(
+ char *p)
+{
+ char *extName = SecurityParseString(&p);
+ char *copyExtName;
+ char **newStrings;
+
+ if (!extName)
+ return FALSE;
+
+ copyExtName = (char *)Xalloc(strlen(extName) + 1);
+ if (!copyExtName)
+ return TRUE;
+ strcpy(copyExtName, extName);
+ newStrings = (char **)Xrealloc(SecurityTrustedExtensions,
+ sizeof (char *) * (nSecurityTrustedExtensions + 1));
+ if (!newStrings)
+ {
+ Xfree(copyExtName);
+ return TRUE;
+ }
+
+ SecurityTrustedExtensions = newStrings;
+ SecurityTrustedExtensions[nSecurityTrustedExtensions++] = copyExtName;
+
+ return TRUE;
+
+} /* SecurityParseExtensionRule */
+
static char **SecurityPolicyStrings = NULL;
static int nSecurityPolicyStrings = 0;
@@ -1558,6 +1584,21 @@ SecurityFreeSitePolicyStrings(void)
}
} /* SecurityFreeSitePolicyStrings */
+static void
+SecurityFreeTrustedExtensionStrings(void)
+{
+ if (SecurityTrustedExtensions)
+ {
+ assert(nSecurityTrustedExtensions);
+ while (nSecurityTrustedExtensions--)
+ {
+ Xfree(SecurityTrustedExtensions[nSecurityTrustedExtensions]);
+ }
+ Xfree(SecurityTrustedExtensions);
+ SecurityTrustedExtensions = NULL;
+ nSecurityTrustedExtensions = 0;
+ }
+} /* SecurityFreeSiteTrustedExtensions */
static void
SecurityLoadPropertyAccessList(void)
@@ -1616,6 +1657,10 @@ SecurityLoadPropertyAccessList(void)
validLine = SecurityParseSitePolicy(p);
break;
+ case SecurityKeywordExtension:
+ validLine = SecurityParseExtensionRule(p);
+ break;
+
default:
validLine = (*p == '\0'); /* blank lines OK, others not */
break;
@@ -1791,6 +1836,7 @@ SecurityResetProc(
ExtensionEntry *extEntry)
{
SecurityFreePropertyAccessList();
+ SecurityFreeTrustedExtensionStrings();
SecurityFreeSitePolicyStrings();
} /* SecurityResetProc */
@@ -1811,32 +1857,6 @@ XSecurityOptions(argc, argv, i)
} /* XSecurityOptions */
-/* SecurityExtensionSetup
- *
- * Arguments: none.
- *
- * Returns: nothing.
- *
- * Side Effects:
- * Sets up the Security extension if possible.
- * This function contains things that need to be done
- * before any other extension init functions get called.
- */
-
-void
-SecurityExtensionSetup(INITARGS)
-{
- /* FIXME: this is here so it is registered before other extensions
- * init themselves. This also required commit 5e946dd853a4ebc... to
- * call the setup functions on each server reset.
- *
- * The extension security bit should be delivered in some other way,
- * either in a symbol or in the module data.
- */
- XaceRegisterCallback(XACE_DECLARE_EXT_SECURE, SecurityDeclareExtSecure, 0);
-} /* SecurityExtensionSetup */
-
-
/* SecurityExtensionInit
*
* Arguments: none.
diff --git a/Xext/xcmisc.c b/Xext/xcmisc.c
index 8c7a86e..d9a7f10 100644
--- a/Xext/xcmisc.c
+++ b/Xext/xcmisc.c
@@ -80,8 +80,6 @@ XCMiscExtensionInit(INITARGS)
ProcXCMiscDispatch, SProcXCMiscDispatch,
XCMiscResetProc, StandardMinorOpcode);
#endif
-
- DeclareExtensionSecurity(XCMiscExtensionName, TRUE);
}
/*ARGSUSED*/
diff --git a/Xext/xprint.c b/Xext/xprint.c
index 4ac13e6..ff739c0 100644
--- a/Xext/xprint.c
+++ b/Xext/xprint.c
@@ -335,7 +335,6 @@ XpExtensionInit(INITARGS)
screenInfo.screens[i]->CloseScreen = XpCloseScreen;
}
}
- DeclareExtensionSecurity(XP_PRINTNAME, TRUE);
}
static void
diff --git a/dix/extension.c b/dix/extension.c
index ad4e697..ec47ef1 100644
--- a/dix/extension.c
+++ b/dix/extension.c
@@ -250,14 +250,6 @@ GetExtensionEntry(int major)
return extensions[major];
}
-_X_EXPORT void
-DeclareExtensionSecurity(char *extname, Bool secure)
-{
- int i = FindExtension(extname, strlen(extname));
- if (i >= 0)
- XaceHook(XACE_DECLARE_EXT_SECURE, extensions[i], secure);
-}
-
_X_EXPORT unsigned short
StandardMinorOpcode(ClientPtr client)
{
diff --git a/hw/xfree86/dixmods/extmod/modinit.h b/hw/xfree86/dixmods/extmod/modinit.h
index 131b9e6..fb75092 100644
--- a/hw/xfree86/dixmods/extmod/modinit.h
+++ b/hw/xfree86/dixmods/extmod/modinit.h
@@ -135,7 +135,6 @@ extern void XSELinuxExtensionInit(INITAR
#endif
#if 1
-extern void SecurityExtensionSetup(INITARGS);
extern void SecurityExtensionInit(INITARGS);
#endif
diff --git a/hw/xfree86/loader/dixsym.c b/hw/xfree86/loader/dixsym.c
index 043f2db..1af076b 100644
--- a/hw/xfree86/loader/dixsym.c
+++ b/hw/xfree86/loader/dixsym.c
@@ -200,7 +200,6 @@ _X_HIDDEN void *dixLookupTab[] = {
SYMFUNC(AddExtension)
SYMFUNC(AddExtensionAlias)
SYMFUNC(CheckExtension)
- SYMFUNC(DeclareExtensionSecurity)
SYMFUNC(MinorOpcodeOfRequest)
SYMFUNC(StandardMinorOpcode)
#ifdef XEVIE
diff --git a/include/extnsionst.h b/include/extnsionst.h
index 28ae1d5..58bf0a2 100644
--- a/include/extnsionst.h
+++ b/include/extnsionst.h
@@ -107,9 +107,5 @@ extern Bool AddExtensionAlias(
extern ExtensionEntry *CheckExtension(const char *extname);
extern ExtensionEntry *GetExtensionEntry(int major);
-extern void DeclareExtensionSecurity(
- char * /*extname*/,
- Bool /*secure*/);
-
#endif /* EXTENSIONSTRUCT_H */
diff --git a/mi/miinitext.c b/mi/miinitext.c
index f142540..964ef3e 100644
--- a/mi/miinitext.c
+++ b/mi/miinitext.c
@@ -321,7 +321,6 @@ extern void XagExtensionInit(INITARGS);
extern void XaceExtensionInit(INITARGS);
#endif
#ifdef XCSECURITY
-extern void SecurityExtensionSetup(INITARGS);
extern void SecurityExtensionInit(INITARGS);
#endif
#ifdef XSELINUX
@@ -538,9 +537,6 @@ InitExtensions(argc, argv)
int argc;
char *argv[];
{
-#ifdef XCSECURITY
- SecurityExtensionSetup();
-#endif
#ifdef XSELINUX
XSELinuxExtensionSetup();
#endif
@@ -719,7 +715,7 @@ static ExtensionModule staticExtensions[
{ XaceExtensionInit, XACE_EXTENSION_NAME, NULL, NULL, NULL },
#endif
#ifdef XCSECURITY
- { SecurityExtensionInit, SECURITY_EXTENSION_NAME, &noSecurityExtension, SecurityExtensionSetup, NULL },
+ { SecurityExtensionInit, SECURITY_EXTENSION_NAME, &noSecurityExtension, NULL, NULL },
#endif
#ifdef XSELINUX
{ XSELinuxExtensionInit, XSELINUX_EXTENSION_NAME, NULL, XSELinuxExtensionSetup, NULL },
More information about the xorg-commit
mailing list