xserver: Branch 'XACE-SELINUX' - 2 commits

Eamon Walsh ewalsh at kemper.freedesktop.org
Mon Aug 6 14:23:45 PDT 2007 

 Xext/xace.c    |   20 +++++++-------------
 Xext/xace.h    |    4 ++--
 Xext/xacestr.h |   14 ++++----------
 configure.ac   |    4 ++--
 4 files changed, 15 insertions(+), 27 deletions(-)

New commits:
diff-tree acc9a42c926a3f84159780de12ecc1dc6186068a (from 102df4f9bac59d95963572d1a7f31d1a064ca4ca)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Mon Aug 6 12:16:59 2007 -0400

    Temporarily disable Security and SELinux extensions
    while changes to XACE are being made.

diff --git a/configure.ac b/configure.ac
index 2af3114..a0fc31f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -510,8 +510,8 @@ AC_ARG_ENABLE(xinerama,	      AS_HELP_ST
 AC_ARG_ENABLE(xf86vidmode,    AS_HELP_STRING([--disable-xf86vidmode], [Build XF86VidMode extension (default: auto)]), [XF86VIDMODE=$enableval], [XF86VIDMODE=auto])
 AC_ARG_ENABLE(xf86misc,       AS_HELP_STRING([--disable-xf86misc], [Build XF86Misc extension (default: auto)]), [XF86MISC=$enableval], [XF86MISC=auto])
 AC_ARG_ENABLE(xace,           AS_HELP_STRING([--disable-xace], [Build X-ACE extension (default: enabled)]), [XACE=$enableval], [XACE=yes])
-AC_ARG_ENABLE(xselinux,       AS_HELP_STRING([--disable-xselinux], [Build SELinux extension (default: enabled)]), [XSELINUX=$enableval], [XSELINUX=$XACE])
-AC_ARG_ENABLE(xcsecurity,     AS_HELP_STRING([--disable-xcsecurity], [Build Security extension (default: enabled)]), [XCSECURITY=$enableval], [XCSECURITY=$XACE])
+AC_ARG_ENABLE(xselinux,       AS_HELP_STRING([--disable-xselinux], [Build SELinux extension (TEMPORARILY DISABLED)]), [XSELINUX=no], [XSELINUX=no])
+AC_ARG_ENABLE(xcsecurity,     AS_HELP_STRING([--disable-xcsecurity], [Build Security extension (TEMPORARILY DISABLED)]), [XCSECURITY=no], [XCSECURITY=no])
 AC_ARG_ENABLE(appgroup,       AS_HELP_STRING([--disable-appgroup], [Build XC-APPGROUP extension (default: enabled)]), [APPGROUP=$enableval], [APPGROUP=$XCSECURITY])
 AC_ARG_ENABLE(xcalibrate,     AS_HELP_STRING([--enable-xcalibrate], [Build XCalibrate extension (default: disabled)]), [XCALIBRATE=$enableval], [XCALIBRATE=no])
 AC_ARG_ENABLE(tslib,          AS_HELP_STRING([--enable-tslib], [Build kdrive tslib touchscreen support (default: disabled)]), [TSLIB=$enableval], [TSLIB=no])
diff-tree 102df4f9bac59d95963572d1a7f31d1a064ca4ca (from 375864cb74cced40ae688078b1f7750998972535)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Mon Aug 6 09:16:30 2007 -0400

    xace: drop site-policy and declare-extension-security hooks, add 2 new hooks
    for controlling access to screens and screen savers.

diff --git a/Xext/xace.c b/Xext/xace.c
index 46fe7bc..50361d0 100644
--- a/Xext/xace.c
+++ b/Xext/xace.c
@@ -156,24 +156,18 @@ int XaceHook(int hook, ...)
 	    prv = &rec.status;
 	    break;
 	}
-	case XACE_SITE_POLICY: {
-	    XaceSitePolicyRec rec = {
-		va_arg(ap, char*),
-		va_arg(ap, int),
-		BadValue /* default unrecognized */
+	case XACE_SCREEN_ACCESS:
+	case XACE_SCREENSAVER_ACCESS: {
+	    XaceScreenAccessRec rec = {
+		va_arg(ap, ClientPtr),
+		va_arg(ap, ScreenPtr),
+		va_arg(ap, Mask),
+		Success /* default allow */
 	    };
 	    calldata = &rec;
 	    prv = &rec.status;
 	    break;
 	}
-	case XACE_DECLARE_EXT_SECURE: {
-	    XaceDeclareExtSecureRec rec = {
-		va_arg(ap, ExtensionEntry*),
-		va_arg(ap, Bool)
-	    };
-	    calldata = &rec;
-	    break;
-	}
 	case XACE_AUTH_AVAIL: {
 	    XaceAuthAvailRec rec = {
 		va_arg(ap, ClientPtr),
diff --git a/Xext/xace.h b/Xext/xace.h
index 0832612..e2982cf 100644
--- a/Xext/xace.h
+++ b/Xext/xace.h
@@ -51,8 +51,8 @@ CONNECTION WITH THE SOFTWARE OR THE USE 
 #define XACE_EXT_ACCESS			8
 #define XACE_HOSTLIST_ACCESS		9
 #define XACE_SELECTION_ACCESS		10
-#define XACE_SITE_POLICY		11
-#define XACE_DECLARE_EXT_SECURE		12
+#define XACE_SCREEN_ACCESS		11
+#define XACE_SCREENSAVER_ACCESS		12
 #define XACE_AUTH_AVAIL			13
 #define XACE_KEY_AVAIL			14
 #define XACE_AUDIT_BEGIN		15
diff --git a/Xext/xacestr.h b/Xext/xacestr.h
index 8eb74d5..8d09251 100644
--- a/Xext/xacestr.h
+++ b/Xext/xacestr.h
@@ -101,18 +101,12 @@ typedef struct {
     int status;
 } XaceSelectionAccessRec;
 
-/* XACE_SITE_POLICY */
 typedef struct {
-    char *policyString;
-    int len;
+    ClientPtr client;
+    ScreenPtr screen;
+    Mask access_mode;
     int status;
-} XaceSitePolicyRec;
-
-/* XACE_DECLARE_EXT_SECURE */
-typedef struct {
-    ExtensionEntry *ext;
-    Bool secure;
-} XaceDeclareExtSecureRec;
+} XaceScreenAccessRec;
 
 /* XACE_AUTH_AVAIL */
 typedef struct {

More information about the xorg-commit mailing list