xserver: Branch 'XACE-SELINUX' - 2 commits
Eamon Walsh
ewalsh at kemper.freedesktop.org
Mon Aug 6 14:23:45 PDT 2007
Xext/xace.c | 20 +++++++-------------
Xext/xace.h | 4 ++--
Xext/xacestr.h | 14 ++++----------
configure.ac | 4 ++--
4 files changed, 15 insertions(+), 27 deletions(-)
New commits:
diff-tree acc9a42c926a3f84159780de12ecc1dc6186068a (from 102df4f9bac59d95963572d1a7f31d1a064ca4ca)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Mon Aug 6 12:16:59 2007 -0400
Temporarily disable Security and SELinux extensions
while changes to XACE are being made.
diff --git a/configure.ac b/configure.ac
index 2af3114..a0fc31f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -510,8 +510,8 @@ AC_ARG_ENABLE(xinerama, AS_HELP_ST
AC_ARG_ENABLE(xf86vidmode, AS_HELP_STRING([--disable-xf86vidmode], [Build XF86VidMode extension (default: auto)]), [XF86VIDMODE=$enableval], [XF86VIDMODE=auto])
AC_ARG_ENABLE(xf86misc, AS_HELP_STRING([--disable-xf86misc], [Build XF86Misc extension (default: auto)]), [XF86MISC=$enableval], [XF86MISC=auto])
AC_ARG_ENABLE(xace, AS_HELP_STRING([--disable-xace], [Build X-ACE extension (default: enabled)]), [XACE=$enableval], [XACE=yes])
-AC_ARG_ENABLE(xselinux, AS_HELP_STRING([--disable-xselinux], [Build SELinux extension (default: enabled)]), [XSELINUX=$enableval], [XSELINUX=$XACE])
-AC_ARG_ENABLE(xcsecurity, AS_HELP_STRING([--disable-xcsecurity], [Build Security extension (default: enabled)]), [XCSECURITY=$enableval], [XCSECURITY=$XACE])
+AC_ARG_ENABLE(xselinux, AS_HELP_STRING([--disable-xselinux], [Build SELinux extension (TEMPORARILY DISABLED)]), [XSELINUX=no], [XSELINUX=no])
+AC_ARG_ENABLE(xcsecurity, AS_HELP_STRING([--disable-xcsecurity], [Build Security extension (TEMPORARILY DISABLED)]), [XCSECURITY=no], [XCSECURITY=no])
AC_ARG_ENABLE(appgroup, AS_HELP_STRING([--disable-appgroup], [Build XC-APPGROUP extension (default: enabled)]), [APPGROUP=$enableval], [APPGROUP=$XCSECURITY])
AC_ARG_ENABLE(xcalibrate, AS_HELP_STRING([--enable-xcalibrate], [Build XCalibrate extension (default: disabled)]), [XCALIBRATE=$enableval], [XCALIBRATE=no])
AC_ARG_ENABLE(tslib, AS_HELP_STRING([--enable-tslib], [Build kdrive tslib touchscreen support (default: disabled)]), [TSLIB=$enableval], [TSLIB=no])
diff-tree 102df4f9bac59d95963572d1a7f31d1a064ca4ca (from 375864cb74cced40ae688078b1f7750998972535)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Mon Aug 6 09:16:30 2007 -0400
xace: drop site-policy and declare-extension-security hooks, add 2 new hooks
for controlling access to screens and screen savers.
diff --git a/Xext/xace.c b/Xext/xace.c
index 46fe7bc..50361d0 100644
--- a/Xext/xace.c
+++ b/Xext/xace.c
@@ -156,24 +156,18 @@ int XaceHook(int hook, ...)
prv = &rec.status;
break;
}
- case XACE_SITE_POLICY: {
- XaceSitePolicyRec rec = {
- va_arg(ap, char*),
- va_arg(ap, int),
- BadValue /* default unrecognized */
+ case XACE_SCREEN_ACCESS:
+ case XACE_SCREENSAVER_ACCESS: {
+ XaceScreenAccessRec rec = {
+ va_arg(ap, ClientPtr),
+ va_arg(ap, ScreenPtr),
+ va_arg(ap, Mask),
+ Success /* default allow */
};
calldata = &rec;
prv = &rec.status;
break;
}
- case XACE_DECLARE_EXT_SECURE: {
- XaceDeclareExtSecureRec rec = {
- va_arg(ap, ExtensionEntry*),
- va_arg(ap, Bool)
- };
- calldata = &rec;
- break;
- }
case XACE_AUTH_AVAIL: {
XaceAuthAvailRec rec = {
va_arg(ap, ClientPtr),
diff --git a/Xext/xace.h b/Xext/xace.h
index 0832612..e2982cf 100644
--- a/Xext/xace.h
+++ b/Xext/xace.h
@@ -51,8 +51,8 @@ CONNECTION WITH THE SOFTWARE OR THE USE
#define XACE_EXT_ACCESS 8
#define XACE_HOSTLIST_ACCESS 9
#define XACE_SELECTION_ACCESS 10
-#define XACE_SITE_POLICY 11
-#define XACE_DECLARE_EXT_SECURE 12
+#define XACE_SCREEN_ACCESS 11
+#define XACE_SCREENSAVER_ACCESS 12
#define XACE_AUTH_AVAIL 13
#define XACE_KEY_AVAIL 14
#define XACE_AUDIT_BEGIN 15
diff --git a/Xext/xacestr.h b/Xext/xacestr.h
index 8eb74d5..8d09251 100644
--- a/Xext/xacestr.h
+++ b/Xext/xacestr.h
@@ -101,18 +101,12 @@ typedef struct {
int status;
} XaceSelectionAccessRec;
-/* XACE_SITE_POLICY */
typedef struct {
- char *policyString;
- int len;
+ ClientPtr client;
+ ScreenPtr screen;
+ Mask access_mode;
int status;
-} XaceSitePolicyRec;
-
-/* XACE_DECLARE_EXT_SECURE */
-typedef struct {
- ExtensionEntry *ext;
- Bool secure;
-} XaceDeclareExtSecureRec;
+} XaceScreenAccessRec;
/* XACE_AUTH_AVAIL */
typedef struct {
More information about the xorg-commit
mailing list