xserver: Branch 'XACE-SELINUX' - 2 commits
Eamon Walsh
ewalsh at kemper.freedesktop.org
Wed Aug 29 16:30:32 PDT 2007
Xext/xace.c | 21 ++++++-
Xext/xace.h | 25 ++++----
Xext/xacestr.h | 18 +++++-
dix/devices.c | 129 ++++++++++++++++++++++++++++++++++------------
dix/events.c | 159 ++++++++++++++++++++++++++++++++++++++-------------------
dix/grabs.c | 10 +++
dix/window.c | 5 +
7 files changed, 263 insertions(+), 104 deletions(-)
New commits:
diff-tree e39694789e31e221fc8dec44ace9c697daf7acad (from 41355a53c29bbf879da0c6ea562294fcc7ef89ff)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Wed Aug 29 14:16:46 2007 -0400
xace: drop map-window checking hook, add new hooks for controlling the
delivery of events to windows and clients.
This is tentative. It's likely that an additional last-resort hook will
be necessary for code that calls TryClientEvents or WriteEventsToClient
directly. It's also possible that new xace machinery will be necessary
to classify events and pull useful resource ID's out of them.
The failure case also needs some thinking through. Should event delivery
"succeed" or should it report undeliverable?
Finally, XKB appears to call WriteToClient to pass events. Sigh.
diff --git a/Xext/xace.c b/Xext/xace.c
index 4d34dc3..3091ecd 100644
--- a/Xext/xace.c
+++ b/Xext/xace.c
@@ -113,10 +113,25 @@ int XaceHook(int hook, ...)
prv = &rec.status;
break;
}
- case XACE_MAP_ACCESS: {
- XaceMapAccessRec rec = {
+ case XACE_SEND_ACCESS: {
+ XaceSendAccessRec rec = {
va_arg(ap, ClientPtr),
+ va_arg(ap, DeviceIntPtr),
va_arg(ap, WindowPtr),
+ va_arg(ap, xEventPtr),
+ va_arg(ap, int),
+ Success /* default allow */
+ };
+ calldata = &rec;
+ prv = &rec.status;
+ break;
+ }
+ case XACE_RECEIVE_ACCESS: {
+ XaceReceiveAccessRec rec = {
+ va_arg(ap, ClientPtr),
+ va_arg(ap, WindowPtr),
+ va_arg(ap, xEventPtr),
+ va_arg(ap, int),
Success /* default allow */
};
calldata = &rec;
diff --git a/Xext/xace.h b/Xext/xace.h
index f1a6e9d..c1fc071 100644
--- a/Xext/xace.h
+++ b/Xext/xace.h
@@ -46,18 +46,19 @@ CONNECTION WITH THE SOFTWARE OR THE USE
#define XACE_DEVICE_ACCESS 3
#define XACE_PROPERTY_ACCESS 4
#define XACE_DRAWABLE_ACCESS 5
-#define XACE_MAP_ACCESS 6
-#define XACE_CLIENT_ACCESS 7
-#define XACE_EXT_ACCESS 8
-#define XACE_SERVER_ACCESS 9
-#define XACE_SELECTION_ACCESS 10
-#define XACE_SCREEN_ACCESS 11
-#define XACE_SCREENSAVER_ACCESS 12
-#define XACE_AUTH_AVAIL 13
-#define XACE_KEY_AVAIL 14
-#define XACE_AUDIT_BEGIN 15
-#define XACE_AUDIT_END 16
-#define XACE_NUM_HOOKS 17
+#define XACE_SEND_ACCESS 6
+#define XACE_RECEIVE_ACCESS 7
+#define XACE_CLIENT_ACCESS 8
+#define XACE_EXT_ACCESS 9
+#define XACE_SERVER_ACCESS 10
+#define XACE_SELECTION_ACCESS 11
+#define XACE_SCREEN_ACCESS 12
+#define XACE_SCREENSAVER_ACCESS 13
+#define XACE_AUTH_AVAIL 14
+#define XACE_KEY_AVAIL 15
+#define XACE_AUDIT_BEGIN 16
+#define XACE_AUDIT_END 17
+#define XACE_NUM_HOOKS 18
extern CallbackListPtr XaceHooks[XACE_NUM_HOOKS];
diff --git a/Xext/xacestr.h b/Xext/xacestr.h
index c98be3d..15d39b7 100644
--- a/Xext/xacestr.h
+++ b/Xext/xacestr.h
@@ -70,12 +70,24 @@ typedef struct {
int status;
} XaceDrawableAccessRec;
-/* XACE_MAP_ACCESS */
+/* XACE_SEND_ACCESS */
typedef struct {
ClientPtr client;
+ DeviceIntPtr dev;
WindowPtr pWin;
+ xEventPtr events;
+ int count;
+ int status;
+} XaceSendAccessRec;
+
+/* XACE_RECEIVE_ACCESS */
+typedef struct {
+ ClientPtr client;
+ WindowPtr pWin;
+ xEventPtr events;
+ int count;
int status;
-} XaceMapAccessRec;
+} XaceReceiveAccessRec;
/* XACE_CLIENT_ACCESS */
typedef struct {
diff --git a/dix/events.c b/dix/events.c
index deae4e3..42c3ba1 100644
--- a/dix/events.c
+++ b/dix/events.c
@@ -1753,8 +1753,10 @@ DeliverEventsToWindow(WindowPtr pWin, xE
if (filter != CantBeFiltered &&
!((wOtherEventMasks(pWin)|pWin->eventMask) & filter))
return 0;
- if ( (attempt = TryClientEvents(wClient(pWin), pEvents, count,
- pWin->eventMask, filter, grab)) )
+ if (XaceHook(XACE_RECEIVE_ACCESS, wClient(pWin), pWin, pEvents, count))
+ nondeliveries--;
+ else if ( (attempt = TryClientEvents(wClient(pWin), pEvents, count,
+ pWin->eventMask, filter, grab)) )
{
if (attempt > 0)
{
@@ -1781,7 +1783,10 @@ DeliverEventsToWindow(WindowPtr pWin, xE
other = (InputClients *)wOtherClients(pWin);
for (; other; other = other->next)
{
- if ( (attempt = TryClientEvents(rClient(other), pEvents, count,
+ if (XaceHook(XACE_RECEIVE_ACCESS, rClient(other), pWin, pEvents,
+ count))
+ nondeliveries--;
+ else if ( (attempt = TryClientEvents(rClient(other), pEvents, count,
other->mask[mskidx], filter, grab)) )
{
if (attempt > 0)
@@ -1878,6 +1883,8 @@ MaybeDeliverEventsToClient(WindowPtr pWi
return XineramaTryClientEventsResult(
wClient(pWin), NullGrab, pWin->eventMask, filter);
#endif
+ if (XaceHook(XACE_RECEIVE_ACCESS, wClient(pWin), pWin, pEvents, count))
+ return 0;
return TryClientEvents(wClient(pWin), pEvents, count,
pWin->eventMask, filter, NullGrab);
}
@@ -1892,6 +1899,9 @@ MaybeDeliverEventsToClient(WindowPtr pWi
return XineramaTryClientEventsResult(
rClient(other), NullGrab, other->mask, filter);
#endif
+ if (XaceHook(XACE_RECEIVE_ACCESS, rClient(other), pWin, pEvents,
+ count))
+ return 0;
return TryClientEvents(rClient(other), pEvents, count,
other->mask, filter, NullGrab);
}
@@ -1986,6 +1996,9 @@ DeliverDeviceEvents(WindowPtr pWin, xEve
Mask filter = filters[type];
int deliveries = 0;
+ if (XaceHook(XACE_SEND_ACCESS, NULL, dev, pWin, xE, count))
+ return 0;
+
if (type & EXTENSION_EVENT_BASE)
{
OtherInputMasks *inputMasks;
@@ -2829,6 +2842,8 @@ DeliverFocusedEvent(DeviceIntPtr keybd,
return;
}
/* just deliver it to the focus window */
+ if (XaceHook(XACE_SEND_ACCESS, NULL, keybd, focus, xE, count))
+ return;
FixUpEventFromWindow(xE, focus, None, FALSE);
if (xE->u.u.type & EXTENSION_EVENT_BASE)
mskidx = keybd->id;
@@ -2877,9 +2892,12 @@ DeliverGrabbedEvent(xEvent *xE, DeviceIn
if (!deliveries)
{
FixUpEventFromWindow(xE, grab->window, None, TRUE);
- deliveries = TryClientEvents(rClient(grab), xE, count,
- (Mask)grab->eventMask,
- filters[xE->u.u.type], grab);
+ if (!XaceHook(XACE_SEND_ACCESS, thisDev, grab->window, xE, count) &&
+ !XaceHook(XACE_RECEIVE_ACCESS, rClient(grab), grab->window, xE,
+ count))
+ deliveries = TryClientEvents(rClient(grab), xE, count,
+ (Mask)grab->eventMask,
+ filters[xE->u.u.type], grab);
if (deliveries && (xE->u.u.type == MotionNotify
#ifdef XINPUT
|| xE->u.u.type == DeviceMotionNotify
@@ -4530,6 +4548,9 @@ ProcSendEvent(ClientPtr client)
{
for (;pWin; pWin = pWin->parent)
{
+ if (XaceHook(XACE_SEND_ACCESS, client, NULL, pWin,
+ &stuff->event, 1))
+ return Success;
if (DeliverEventsToWindow(pWin, &stuff->event, 1, stuff->eventMask,
NullGrab, 0))
return Success;
@@ -4540,7 +4561,7 @@ ProcSendEvent(ClientPtr client)
break;
}
}
- else
+ else if (!XaceHook(XACE_SEND_ACCESS, client, NULL, pWin, &stuff->event, 1))
(void)DeliverEventsToWindow(pWin, &stuff->event, 1, stuff->eventMask,
NullGrab, 0);
return Success;
diff --git a/dix/window.c b/dix/window.c
index 1a598fa..b6bbdd4 100644
--- a/dix/window.c
+++ b/dix/window.c
@@ -2744,8 +2744,9 @@ MapWindow(WindowPtr pWin, ClientPtr clie
return(Success);
/* general check for permission to map window */
- if (XaceHook(XACE_MAP_ACCESS, client, pWin) != Success)
- return Success;
+ if (XaceHook(XACE_RESOURCE_ACCESS, client, pWin->drawable.id, RT_WINDOW,
+ DixShowAccess, pWin) != Success)
+ return Success;
pScreen = pWin->drawable.pScreen;
if ( (pParent = pWin->parent) )
diff-tree 41355a53c29bbf879da0c6ea562294fcc7ef89ff (from 4017d3190234e189a0bbd33193a148d4d3c7556b)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Tue Aug 28 15:10:20 2007 -0400
xace: add hooks + new access codes: core protocol input requests
diff --git a/Xext/xace.c b/Xext/xace.c
index 54e910f..4d34dc3 100644
--- a/Xext/xace.c
+++ b/Xext/xace.c
@@ -84,7 +84,7 @@ int XaceHook(int hook, ...)
XaceDeviceAccessRec rec = {
va_arg(ap, ClientPtr),
va_arg(ap, DeviceIntPtr),
- va_arg(ap, Bool),
+ va_arg(ap, Mask),
Success /* default allow */
};
calldata = &rec;
diff --git a/Xext/xacestr.h b/Xext/xacestr.h
index 10c625b..c98be3d 100644
--- a/Xext/xacestr.h
+++ b/Xext/xacestr.h
@@ -50,7 +50,7 @@ typedef struct {
typedef struct {
ClientPtr client;
DeviceIntPtr dev;
- Bool fromRequest;
+ Mask access_mode;
int status;
} XaceDeviceAccessRec;
diff --git a/dix/devices.c b/dix/devices.c
index a62ab65..dfbd2bf 100644
--- a/dix/devices.c
+++ b/dix/devices.c
@@ -1271,10 +1271,10 @@ AllModifierKeysAreUp(dev, map1, per1, ma
static int
DoSetModifierMapping(ClientPtr client, KeyCode *inputMap,
- int numKeyPerModifier)
+ int numKeyPerModifier, xSetModifierMappingReply *rep)
{
DeviceIntPtr pDev = NULL;
- int i = 0, inputMapLen = numKeyPerModifier * 8;
+ int rc, i = 0, inputMapLen = numKeyPerModifier * 8;
for (pDev = inputInfo.devices; pDev; pDev = pDev->next) {
if ((pDev->coreEvents || pDev == inputInfo.keyboard) && pDev->key) {
@@ -1289,8 +1289,9 @@ DoSetModifierMapping(ClientPtr client, K
}
}
- if (XaceHook(XACE_DEVICE_ACCESS, client, pDev, TRUE) != Success)
- return BadAccess;
+ rc = XaceHook(XACE_DEVICE_ACCESS, client, pDev, DixSetAttrAccess);
+ if (rc != Success)
+ return rc;
/* None of the modifiers (old or new) may be down while we change
* the map. */
@@ -1300,7 +1301,8 @@ DoSetModifierMapping(ClientPtr client, K
!AllModifierKeysAreUp(pDev, inputMap, numKeyPerModifier,
pDev->key->modifierKeyMap,
pDev->key->maxKeysPerModifier)) {
- return MappingBusy;
+ rep->success = MappingBusy;
+ return Success;
}
}
}
@@ -1337,6 +1339,7 @@ DoSetModifierMapping(ClientPtr client, K
}
}
+ rep->success = Success;
return Success;
}
@@ -1344,8 +1347,8 @@ int
ProcSetModifierMapping(ClientPtr client)
{
xSetModifierMappingReply rep;
+ int rc;
REQUEST(xSetModifierMappingReq);
-
REQUEST_AT_LEAST_SIZE(xSetModifierMappingReq);
if (client->req_len != ((stuff->numKeyPerModifier << 1) +
@@ -1356,8 +1359,10 @@ ProcSetModifierMapping(ClientPtr client)
rep.length = 0;
rep.sequenceNumber = client->sequence;
- rep.success = DoSetModifierMapping(client, (KeyCode *)&stuff[1],
- stuff->numKeyPerModifier);
+ rc = DoSetModifierMapping(client, (KeyCode *)&stuff[1],
+ stuff->numKeyPerModifier, &rep);
+ if (rc != Success)
+ return rc;
/* FIXME: Send mapping notifies for all the extended devices as well. */
SendMappingNotify(MappingModifier, 0, 0, client);
@@ -1370,8 +1375,14 @@ ProcGetModifierMapping(ClientPtr client)
{
xGetModifierMappingReply rep;
KeyClassPtr keyc = inputInfo.keyboard->key;
-
+ int rc;
REQUEST_SIZE_MATCH(xReq);
+
+ rc = XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard,
+ DixGetAttrAccess);
+ if (rc != Success)
+ return rc;
+
rep.type = X_Reply;
rep.numKeyPerModifier = keyc->maxKeysPerModifier;
rep.sequenceNumber = client->sequence;
@@ -1394,6 +1405,7 @@ ProcChangeKeyboardMapping(ClientPtr clie
KeySymsRec keysyms;
KeySymsPtr curKeySyms = &inputInfo.keyboard->key->curKeySyms;
DeviceIntPtr pDev = NULL;
+ int rc;
REQUEST_AT_LEAST_SIZE(xChangeKeyboardMappingReq);
len = client->req_len - (sizeof(xChangeKeyboardMappingReq) >> 2);
@@ -1414,8 +1426,9 @@ ProcChangeKeyboardMapping(ClientPtr clie
for (pDev = inputInfo.devices; pDev; pDev = pDev->next) {
if ((pDev->coreEvents || pDev == inputInfo.keyboard) && pDev->key) {
- if (XaceHook(XACE_DEVICE_ACCESS, client, pDev, TRUE) != Success)
- return BadAccess;
+ rc = XaceHook(XACE_DEVICE_ACCESS, client, pDev, DixSetAttrAccess);
+ if (rc != Success)
+ return rc;
}
}
@@ -1437,9 +1450,9 @@ ProcChangeKeyboardMapping(ClientPtr clie
}
static int
-DoSetPointerMapping(DeviceIntPtr device, BYTE *map, int n)
+DoSetPointerMapping(ClientPtr client, DeviceIntPtr device, BYTE *map, int n)
{
- int i = 0;
+ int rc, i = 0;
DeviceIntPtr dev = NULL;
if (!device || !device->button)
@@ -1447,6 +1460,14 @@ DoSetPointerMapping(DeviceIntPtr device,
for (dev = inputInfo.devices; dev; dev = dev->next) {
if ((dev->coreEvents || dev == inputInfo.pointer) && dev->button) {
+ rc = XaceHook(XACE_DEVICE_ACCESS, client, dev, DixSetAttrAccess);
+ if (rc != Success)
+ return rc;
+ }
+ }
+
+ for (dev = inputInfo.devices; dev; dev = dev->next) {
+ if ((dev->coreEvents || dev == inputInfo.pointer) && dev->button) {
for (i = 0; i < n; i++) {
if ((device->button->map[i + 1] != map[i]) &&
BitIsOn(device->button->down, i + 1)) {
@@ -1469,12 +1490,12 @@ DoSetPointerMapping(DeviceIntPtr device,
int
ProcSetPointerMapping(ClientPtr client)
{
- REQUEST(xSetPointerMappingReq);
BYTE *map;
int ret;
xSetPointerMappingReply rep;
-
+ REQUEST(xSetPointerMappingReq);
REQUEST_AT_LEAST_SIZE(xSetPointerMappingReq);
+
if (client->req_len != (sizeof(xSetPointerMappingReq)+stuff->nElts+3) >> 2)
return BadLength;
rep.type = X_Reply;
@@ -1492,7 +1513,7 @@ ProcSetPointerMapping(ClientPtr client)
if (BadDeviceMap(&map[0], (int)stuff->nElts, 1, 255, &client->errorValue))
return BadValue;
- ret = DoSetPointerMapping(inputInfo.pointer, map, stuff->nElts);
+ ret = DoSetPointerMapping(client, inputInfo.pointer, map, stuff->nElts);
if (ret != Success) {
rep.success = ret;
WriteReplyToClient(client, sizeof(xSetPointerMappingReply), &rep);
@@ -1509,11 +1530,16 @@ int
ProcGetKeyboardMapping(ClientPtr client)
{
xGetKeyboardMappingReply rep;
- REQUEST(xGetKeyboardMappingReq);
KeySymsPtr curKeySyms = &inputInfo.keyboard->key->curKeySyms;
-
+ int rc;
+ REQUEST(xGetKeyboardMappingReq);
REQUEST_SIZE_MATCH(xGetKeyboardMappingReq);
+ rc = XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard,
+ DixGetAttrAccess);
+ if (rc != Success)
+ return rc;
+
if ((stuff->firstKeyCode < curKeySyms->minKeyCode) ||
(stuff->firstKeyCode > curKeySyms->maxKeyCode)) {
client->errorValue = stuff->firstKeyCode;
@@ -1546,8 +1572,14 @@ ProcGetPointerMapping(ClientPtr client)
{
xGetPointerMappingReply rep;
ButtonClassPtr butc = inputInfo.pointer->button;
-
+ int rc;
REQUEST_SIZE_MATCH(xReq);
+
+ rc = XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.pointer,
+ DixGetAttrAccess);
+ if (rc != Success)
+ return rc;
+
rep.type = X_Reply;
rep.sequenceNumber = client->sequence;
rep.nElts = butc->numButtons;
@@ -1766,8 +1798,9 @@ ProcChangeKeyboardControl (ClientPtr cli
for (pDev = inputInfo.devices; pDev; pDev = pDev->next) {
if ((pDev->coreEvents || pDev == inputInfo.keyboard) &&
pDev->kbdfeed && pDev->kbdfeed->CtrlProc) {
- if (XaceHook(XACE_DEVICE_ACCESS, client, pDev, TRUE) != Success)
- return BadAccess;
+ ret = XaceHook(XACE_DEVICE_ACCESS, client, pDev, DixSetAttrAccess);
+ if (ret != Success)
+ return ret;
}
}
@@ -1786,11 +1819,16 @@ ProcChangeKeyboardControl (ClientPtr cli
int
ProcGetKeyboardControl (ClientPtr client)
{
- int i;
+ int rc, i;
KeybdCtrl *ctrl = &inputInfo.keyboard->kbdfeed->ctrl;
xGetKeyboardControlReply rep;
-
REQUEST_SIZE_MATCH(xReq);
+
+ rc = XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard,
+ DixGetAttrAccess);
+ if (rc != Success)
+ return rc;
+
rep.type = X_Reply;
rep.length = 5;
rep.sequenceNumber = client->sequence;
@@ -1812,6 +1850,7 @@ ProcBell(ClientPtr client)
DeviceIntPtr keybd = inputInfo.keyboard;
int base = keybd->kbdfeed->ctrl.bell;
int newpercent;
+ int rc;
REQUEST(xBellReq);
REQUEST_SIZE_MATCH(xBellReq);
@@ -1832,6 +1871,10 @@ ProcBell(ClientPtr client)
for (keybd = inputInfo.devices; keybd; keybd = keybd->next) {
if ((keybd->coreEvents || keybd == inputInfo.keyboard) &&
keybd->kbdfeed && keybd->kbdfeed->BellProc) {
+
+ rc = XaceHook(XACE_DEVICE_ACCESS, client, keybd, DixBellAccess);
+ if (rc != Success)
+ return rc;
#ifdef XKB
if (!noXkbExtension)
XkbHandleBell(FALSE, FALSE, keybd, newpercent,
@@ -1851,8 +1894,8 @@ ProcChangePointerControl(ClientPtr clien
{
DeviceIntPtr mouse = inputInfo.pointer;
PtrCtrl ctrl; /* might get BadValue part way through */
+ int rc;
REQUEST(xChangePointerControlReq);
-
REQUEST_SIZE_MATCH(xChangePointerControlReq);
if (!mouse->ptrfeed->CtrlProc)
@@ -1903,6 +1946,14 @@ ProcChangePointerControl(ClientPtr clien
}
}
+ for (mouse = inputInfo.devices; mouse; mouse = mouse->next) {
+ if ((mouse->coreEvents || mouse == inputInfo.pointer) &&
+ mouse->ptrfeed && mouse->ptrfeed->CtrlProc) {
+ rc = XaceHook(XACE_DEVICE_ACCESS, client, mouse, DixSetAttrAccess);
+ if (rc != Success)
+ return rc;
+ }
+ }
for (mouse = inputInfo.devices; mouse; mouse = mouse->next) {
if ((mouse->coreEvents || mouse == inputInfo.pointer) &&
@@ -1920,8 +1971,14 @@ ProcGetPointerControl(ClientPtr client)
{
PtrCtrl *ctrl = &inputInfo.pointer->ptrfeed->ctrl;
xGetPointerControlReply rep;
-
+ int rc;
REQUEST_SIZE_MATCH(xReq);
+
+ rc = XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.pointer,
+ DixGetAttrAccess);
+ if (rc != Success)
+ return rc;
+
rep.type = X_Reply;
rep.length = 0;
rep.sequenceNumber = client->sequence;
@@ -1959,11 +2016,15 @@ ProcGetMotionEvents(ClientPtr client)
DeviceIntPtr mouse = inputInfo.pointer;
TimeStamp start, stop;
REQUEST(xGetMotionEventsReq);
-
REQUEST_SIZE_MATCH(xGetMotionEventsReq);
- rc = dixLookupWindow(&pWin, stuff->window, client, DixUnknownAccess);
+
+ rc = dixLookupWindow(&pWin, stuff->window, client, DixGetAttrAccess);
if (rc != Success)
return rc;
+ rc = XaceHook(XACE_DEVICE_ACCESS, client, mouse, DixReadAccess);
+ if (rc != Success)
+ return rc;
+
if (mouse->valuator->motionHintWindow)
MaybeStopHint(mouse, client);
rep.type = X_Reply;
@@ -2019,7 +2080,7 @@ int
ProcQueryKeymap(ClientPtr client)
{
xQueryKeymapReply rep;
- int i;
+ int rc, i;
CARD8 *down = inputInfo.keyboard->key->down;
REQUEST_SIZE_MATCH(xReq);
@@ -2027,11 +2088,13 @@ ProcQueryKeymap(ClientPtr client)
rep.sequenceNumber = client->sequence;
rep.length = 2;
- if (XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
- bzero((char *)&rep.map[0], 32);
- else
- for (i = 0; i<32; i++)
- rep.map[i] = down[i];
+ rc = XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard,
+ DixReadAccess);
+ if (rc != Success)
+ return rc;
+
+ for (i = 0; i<32; i++)
+ rep.map[i] = down[i];
WriteReplyToClient(client, sizeof(xQueryKeymapReply), &rep);
return Success;
diff --git a/dix/events.c b/dix/events.c
index f109dad..deae4e3 100644
--- a/dix/events.c
+++ b/dix/events.c
@@ -2523,18 +2523,24 @@ ProcWarpPointer(ClientPtr client)
WindowPtr dest = NULL;
int x, y, rc;
ScreenPtr newScreen;
-
+ DeviceIntPtr dev;
REQUEST(xWarpPointerReq);
-
REQUEST_SIZE_MATCH(xWarpPointerReq);
+ for (dev = inputInfo.devices; dev; dev = dev->next) {
+ if ((dev->coreEvents || dev == inputInfo.pointer) && dev->button) {
+ rc = XaceHook(XACE_DEVICE_ACCESS, client, dev, DixWriteAccess);
+ if (rc != Success)
+ return rc;
+ }
+ }
#ifdef PANORAMIX
if(!noPanoramiXExtension)
return XineramaWarpPointer(client);
#endif
if (stuff->dstWid != None) {
- rc = dixLookupWindow(&dest, stuff->dstWid, client, DixReadAccess);
+ rc = dixLookupWindow(&dest, stuff->dstWid, client, DixGetAttrAccess);
if (rc != Success)
return rc;
}
@@ -2547,7 +2553,7 @@ ProcWarpPointer(ClientPtr client)
XID winID = stuff->srcWid;
WindowPtr source;
- rc = dixLookupWindow(&source, winID, client, DixReadAccess);
+ rc = dixLookupWindow(&source, winID, client, DixGetAttrAccess);
if (rc != Success)
return rc;
@@ -2689,8 +2695,6 @@ CheckPassiveGrabsOnWindow(
(grab->confineTo->realized &&
BorderSizeNotEmpty(grab->confineTo))))
{
- if (XaceHook(XACE_DEVICE_ACCESS, wClient(pWin), device, FALSE))
- return FALSE;
#ifdef XKB
if (!noXkbExtension) {
XE_KBPTR.state &= 0x1f00;
@@ -3546,10 +3550,10 @@ EnterLeaveEvent(
xKeymapEvent ke;
ClientPtr client = grab ? rClient(grab)
: clients[CLIENT_ID(pWin->drawable.id)];
- if (XaceHook(XACE_DEVICE_ACCESS, client, keybd, FALSE) == Success)
- memmove((char *)&ke.map[0], (char *)&keybd->key->down[1], 31);
- else
+ if (XaceHook(XACE_DEVICE_ACCESS, client, keybd, DixReadAccess))
bzero((char *)&ke.map[0], 31);
+ else
+ memmove((char *)&ke.map[0], (char *)&keybd->key->down[1], 31);
ke.type = KeymapNotify;
if (grab)
@@ -3653,10 +3657,10 @@ FocusEvent(DeviceIntPtr dev, int type, i
{
xKeymapEvent ke;
ClientPtr client = clients[CLIENT_ID(pWin->drawable.id)];
- if (XaceHook(XACE_DEVICE_ACCESS, client, dev, FALSE) == Success)
- memmove((char *)&ke.map[0], (char *)&dev->key->down[1], 31);
- else
+ if (XaceHook(XACE_DEVICE_ACCESS, client, dev, DixReadAccess))
bzero((char *)&ke.map[0], 31);
+ else
+ memmove((char *)&ke.map[0], (char *)&dev->key->down[1], 31);
ke.type = KeymapNotify;
(void)DeliverEventsToWindow(pWin, (xEvent *)&ke, 1,
@@ -3881,7 +3885,7 @@ SetInputFocus(
else if ((focusID == FollowKeyboard) && followOK)
focusWin = inputInfo.keyboard->focus->win;
else {
- rc = dixLookupWindow(&focusWin, focusID, client, DixReadAccess);
+ rc = dixLookupWindow(&focusWin, focusID, client, DixSetAttrAccess);
if (rc != Success)
return rc;
/* It is a match error to try to set the input focus to an
@@ -3889,6 +3893,10 @@ SetInputFocus(
if(!focusWin->realized)
return(BadMatch);
}
+ rc = XaceHook(XACE_DEVICE_ACCESS, client, dev, DixSetFocusAccess);
+ if (rc != Success)
+ return Success;
+
focus = dev->focus;
if ((CompareTimeStamps(time, currentTime) == LATER) ||
(CompareTimeStamps(time, focus->time) == EARLIER))
@@ -3941,9 +3949,6 @@ ProcSetInputFocus(client)
REQUEST_SIZE_MATCH(xSetInputFocusReq);
- if (XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
- return Success;
-
return SetInputFocus(client, inputInfo.keyboard, stuff->focus,
stuff->revertTo, stuff->time, FALSE);
}
@@ -3958,10 +3963,16 @@ int
ProcGetInputFocus(ClientPtr client)
{
xGetInputFocusReply rep;
- /* REQUEST(xReq); */
FocusClassPtr focus = inputInfo.keyboard->focus;
-
+ int rc;
+ /* REQUEST(xReq); */
REQUEST_SIZE_MATCH(xReq);
+
+ rc = XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard,
+ DixGetFocusAccess);
+ if (rc != Success)
+ return rc;
+
rep.type = X_Reply;
rep.length = 0;
rep.sequenceNumber = client->sequence;
@@ -3991,6 +4002,7 @@ ProcGrabPointer(ClientPtr client)
CursorPtr cursor, oldCursor;
REQUEST(xGrabPointerReq);
TimeStamp time;
+ Mask access_mode = DixGrabAccess;
int rc;
REQUEST_SIZE_MATCH(xGrabPointerReq);
@@ -4017,7 +4029,7 @@ ProcGrabPointer(ClientPtr client)
client->errorValue = stuff->eventMask;
return BadValue;
}
- rc = dixLookupWindow(&pWin, stuff->grabWindow, client, DixReadAccess);
+ rc = dixLookupWindow(&pWin, stuff->grabWindow, client, DixSetAttrAccess);
if (rc != Success)
return rc;
if (stuff->confineTo == None)
@@ -4025,7 +4037,7 @@ ProcGrabPointer(ClientPtr client)
else
{
rc = dixLookupWindow(&confineTo, stuff->confineTo, client,
- DixReadAccess);
+ DixSetAttrAccess);
if (rc != Success)
return rc;
}
@@ -4033,14 +4045,22 @@ ProcGrabPointer(ClientPtr client)
cursor = NullCursor;
else
{
- cursor = (CursorPtr)SecurityLookupIDByType(client, stuff->cursor,
- RT_CURSOR, DixReadAccess);
- if (!cursor)
+ rc = dixLookupResource((pointer *)&cursor, stuff->cursor, RT_CURSOR,
+ client, DixUseAccess);
+ if (rc != Success)
{
client->errorValue = stuff->cursor;
- return BadCursor;
+ return (rc == BadValue) ? BadCursor : rc;
}
+ access_mode |= DixForceAccess;
}
+ if (stuff->pointerMode == GrabModeSync ||
+ stuff->keyboardMode == GrabModeSync)
+ access_mode |= DixFreezeAccess;
+ rc = XaceHook(XACE_DEVICE_ACCESS, client, device, access_mode);
+ if (rc != Success)
+ return rc;
+
/* at this point, some sort of reply is guaranteed. */
time = ClientTimeToServerTime(stuff->time);
rep.type = X_Reply;
@@ -4192,6 +4212,7 @@ GrabDevice(ClientPtr client, DeviceIntPt
WindowPtr pWin;
GrabPtr grab;
TimeStamp time;
+ Mask access_mode = DixGrabAccess;
int rc;
UpdateCurrentTime();
@@ -4210,9 +4231,16 @@ GrabDevice(ClientPtr client, DeviceIntPt
client->errorValue = ownerEvents;
return BadValue;
}
- rc = dixLookupWindow(&pWin, grabWindow, client, DixReadAccess);
+
+ rc = dixLookupWindow(&pWin, grabWindow, client, DixSetAttrAccess);
+ if (rc != Success)
+ return rc;
+ if (this_mode == GrabModeSync || other_mode == GrabModeSync)
+ access_mode |= DixFreezeAccess;
+ rc = XaceHook(XACE_DEVICE_ACCESS, client, dev, access_mode);
if (rc != Success)
return rc;
+
time = ClientTimeToServerTime(ctime);
grab = dev->grab;
if (grab && !SameClient(grab, client))
@@ -4256,14 +4284,10 @@ ProcGrabKeyboard(ClientPtr client)
REQUEST_SIZE_MATCH(xGrabKeyboardReq);
- if (XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE)) {
- result = Success;
- rep.status = AlreadyGrabbed;
- } else
- result = GrabDevice(client, inputInfo.keyboard, stuff->keyboardMode,
- stuff->pointerMode, stuff->grabWindow,
- stuff->ownerEvents, stuff->time,
- KeyPressMask | KeyReleaseMask, &rep.status);
+ result = GrabDevice(client, inputInfo.keyboard, stuff->keyboardMode,
+ stuff->pointerMode, stuff->grabWindow,
+ stuff->ownerEvents, stuff->time,
+ KeyPressMask | KeyReleaseMask, &rep.status);
if (result != Success)
return result;
@@ -4308,14 +4332,18 @@ ProcQueryPointer(ClientPtr client)
{
xQueryPointerReply rep;
WindowPtr pWin, t;
- REQUEST(xResourceReq);
DeviceIntPtr mouse = inputInfo.pointer;
int rc;
-
+ REQUEST(xResourceReq);
REQUEST_SIZE_MATCH(xResourceReq);
- rc = dixLookupWindow(&pWin, stuff->id, client, DixReadAccess);
+
+ rc = dixLookupWindow(&pWin, stuff->id, client, DixGetAttrAccess);
if (rc != Success)
return rc;
+ rc = XaceHook(XACE_DEVICE_ACCESS, client, mouse, DixReadAccess);
+ if (rc != Success)
+ return rc;
+
if (mouse->valuator->motionHintWindow)
MaybeStopHint(mouse, client);
rep.type = X_Reply;
@@ -4488,7 +4516,7 @@ ProcSendEvent(ClientPtr client)
effectiveFocus = pWin = inputFocus;
}
else
- dixLookupWindow(&pWin, stuff->destination, client, DixReadAccess);
+ dixLookupWindow(&pWin, stuff->destination, client, DixSendAccess);
if (!pWin)
return BadWindow;
@@ -4612,7 +4640,7 @@ ProcGrabKey(ClientPtr client)
client->errorValue = stuff->modifiers;
return BadValue;
}
- rc = dixLookupWindow(&pWin, stuff->grabWindow, client, DixReadAccess);
+ rc = dixLookupWindow(&pWin, stuff->grabWindow, client, DixSetAttrAccess);
if (rc != Success)
return rc;
@@ -4640,6 +4668,7 @@ ProcGrabButton(ClientPtr client)
REQUEST(xGrabButtonReq);
CursorPtr cursor;
GrabPtr grab;
+ Mask access_mode = DixGrabAccess;
int rc;
REQUEST_SIZE_MATCH(xGrabButtonReq);
@@ -4671,14 +4700,14 @@ ProcGrabButton(ClientPtr client)
client->errorValue = stuff->eventMask;
return BadValue;
}
- rc = dixLookupWindow(&pWin, stuff->grabWindow, client, DixReadAccess);
+ rc = dixLookupWindow(&pWin, stuff->grabWindow, client, DixSetAttrAccess);
if (rc != Success)
return rc;
if (stuff->confineTo == None)
confineTo = NullWindow;
else {
rc = dixLookupWindow(&confineTo, stuff->confineTo, client,
- DixReadAccess);
+ DixSetAttrAccess);
if (rc != Success)
return rc;
}
@@ -4686,15 +4715,22 @@ ProcGrabButton(ClientPtr client)
cursor = NullCursor;
else
{
- cursor = (CursorPtr)SecurityLookupIDByType(client, stuff->cursor,
- RT_CURSOR, DixReadAccess);
+ rc = dixLookupResource((pointer *)&cursor, stuff->cursor, RT_CURSOR,
+ client, DixUseAccess);
+ if (rc != Success)
if (!cursor)
{
client->errorValue = stuff->cursor;
- return BadCursor;
+ return (rc == BadValue) ? BadCursor : rc;
}
+ access_mode |= DixForceAccess;
}
-
+ if (stuff->pointerMode == GrabModeSync ||
+ stuff->keyboardMode == GrabModeSync)
+ access_mode |= DixFreezeAccess;
+ rc = XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.pointer, access_mode);
+ if (rc != Success)
+ return rc;
grab = CreateGrab(client->index, inputInfo.pointer, pWin,
(Mask)stuff->eventMask, (Bool)stuff->ownerEvents,
diff --git a/dix/grabs.c b/dix/grabs.c
index 2210cd0..b8d0df8 100644
--- a/dix/grabs.c
+++ b/dix/grabs.c
@@ -58,6 +58,7 @@ SOFTWARE.
#include "inputstr.h"
#include "cursorstr.h"
#include "dixgrabs.h"
+#include "xace.h"
#define BITMASK(i) (((Mask)1) << ((i) & 31))
#define MASKIDX(i) ((i) >> 5)
@@ -309,6 +310,8 @@ int
AddPassiveGrabToList(GrabPtr pGrab)
{
GrabPtr grab;
+ Mask access_mode = DixGrabAccess;
+ int rc;
for (grab = wPassiveGrabs(pGrab->window); grab; grab = grab->next)
{
@@ -322,6 +325,13 @@ AddPassiveGrabToList(GrabPtr pGrab)
}
}
+ if (grab->keyboardMode == GrabModeSync || grab->pointerMode == GrabModeSync)
+ access_mode |= DixFreezeAccess;
+ rc = XaceHook(XACE_DEVICE_ACCESS, clients[CLIENT_ID(grab->resource)],
+ grab->device, access_mode);
+ if (rc != Success)
+ return rc;
+
/* Remove all grabs that match the new one exactly */
for (grab = wPassiveGrabs(pGrab->window); grab; grab = grab->next)
{
More information about the xorg-commit
mailing list