xserver: Branch 'XACE-SELINUX' - 2 commits
Eamon Walsh
ewalsh at kemper.freedesktop.org
Tue May 22 14:50:51 PDT 2007
Xext/security.c | 100 +++++-------------------
Xext/xace.c | 49 ++++++-----
Xext/xace.h | 12 +-
Xext/xacestr.h | 20 ++--
Xext/xselinux.c | 232 +++++++++++++++++++++++++++++---------------------------
dix/devices.c | 10 +-
dix/dispatch.c | 11 +-
dix/dixutils.c | 7 +
dix/events.c | 19 ++--
dix/extension.c | 6 -
dix/property.c | 64 +++++----------
dix/resource.c | 18 ++--
dix/window.c | 13 +--
os/access.c | 2
14 files changed, 256 insertions(+), 307 deletions(-)
New commits:
diff-tree 9cee4ec5e6e06d23aafb302494b082c77ade4623 (from 47bd311e3dcc501cbb202ce79a55ac32e9db50f2)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Tue Apr 17 16:01:56 2007 -0400
xace: change the semantics of the return value of XACE hooks to allow
arbitrary X status codes instead of just TRUE/FALSE.
The dix layer in most cases still does not propagate the return value of
XACE hooks back to the client, however. There is more error propagation
work to do.
diff --git a/Xext/security.c b/Xext/security.c
index 12e79f9..0d46359 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -806,7 +806,7 @@ SecurityCheckDeviceAccess(CallbackListPt
case X_SetModifierMapping:
SecurityAudit("client %d attempted request %d\n",
client->index, reqtype);
- rec->rval = FALSE;
+ rec->status = BadAccess;
return;
default:
break;
@@ -875,7 +875,7 @@ SecurityCheckDeviceAccess(CallbackListPt
else
SecurityAudit("client %d attempted to access device %d (%s)\n",
client->index, dev->id, devname);
- rec->rval = FALSE;
+ rec->status = BadAccess;
}
return;
} /* SecurityCheckDeviceAccess */
@@ -1084,7 +1084,7 @@ SecurityCheckResourceIDAccess(CallbackLi
return;
deny:
SecurityAuditResourceIDAccess(client, id);
- rec->rval = FALSE; /* deny access */
+ rec->status = BadAccess; /* deny access */
} /* SecurityCheckResourceIDAccess */
@@ -1176,7 +1176,7 @@ SecurityCheckDrawableAccess(CallbackList
XaceDrawableAccessRec *rec = (XaceDrawableAccessRec*)calldata;
if (TRUSTLEVEL(rec->client) != XSecurityClientTrusted)
- rec->rval = FALSE;
+ rec->status = BadAccess;
}
static void
@@ -1192,7 +1192,7 @@ SecurityCheckMapAccess(CallbackListPtr *
pWin->parent && pWin->parent->parent &&
(TRUSTLEVEL(wClient(pWin->parent)) == XSecurityClientTrusted))
- rec->rval = FALSE;
+ rec->status = BadAccess;
}
static void
@@ -1202,7 +1202,7 @@ SecurityCheckBackgrndAccess(CallbackList
XaceMapAccessRec *rec = (XaceMapAccessRec*)calldata;
if (TRUSTLEVEL(rec->client) != XSecurityClientTrusted)
- rec->rval = FALSE;
+ rec->status = BadAccess;
}
static void
@@ -1214,7 +1214,7 @@ SecurityCheckExtAccess(CallbackListPtr *
if ((TRUSTLEVEL(rec->client) != XSecurityClientTrusted) &&
!EXTLEVEL(rec->ext))
- rec->rval = FALSE;
+ rec->status = BadAccess;
}
static void
@@ -1225,7 +1225,7 @@ SecurityCheckHostlistAccess(CallbackList
if (TRUSTLEVEL(rec->client) != XSecurityClientTrusted)
{
- rec->rval = FALSE;
+ rec->status = BadAccess;
if (rec->access_mode == DixWriteAccess)
SecurityAudit("client %d attempted to change host access\n",
rec->client->index);
@@ -1255,14 +1255,14 @@ typedef struct _PropertyAccessRec {
#define SecurityAnyWindow 0
#define SecurityRootWindow 1
#define SecurityWindowWithProperty 2
- char readAction;
- char writeAction;
- char destroyAction;
+ int readAction;
+ int writeAction;
+ int destroyAction;
struct _PropertyAccessRec *next;
} PropertyAccessRec, *PropertyAccessPtr;
static PropertyAccessPtr PropertyAccessList = NULL;
-static char SecurityDefaultAction = XaceErrorOperation;
+static int SecurityDefaultAction = BadAtom;
static char *SecurityPolicyFile = DEFAULTPOLICYFILE;
static ATOM SecurityMaxPropertyName = 0;
@@ -1372,8 +1372,8 @@ SecurityParsePropertyAccessRule(
{
char *propname;
char c;
- char action = SecurityDefaultAction;
- char readAction, writeAction, destroyAction;
+ int action = SecurityDefaultAction;
+ int readAction, writeAction, destroyAction;
PropertyAccessPtr pacl, prev, cur;
char *mustHaveProperty = NULL;
char *mustHaveValue = NULL;
@@ -1418,9 +1418,9 @@ SecurityParsePropertyAccessRule(
{
switch (c)
{
- case 'i': action = XaceIgnoreOperation; break;
- case 'a': action = XaceAllowOperation; break;
- case 'e': action = XaceErrorOperation; break;
+ case 'i': action = XaceIgnoreError; break;
+ case 'a': action = Success; break;
+ case 'e': action = BadAtom; break;
case 'r': readAction = action; break;
case 'w': writeAction = action; break;
@@ -1678,7 +1678,7 @@ SecurityCheckPropertyAccess(CallbackList
ATOM propertyName = rec->pProp->propertyName;
Mask access_mode = rec->access_mode;
PropertyAccessPtr pacl;
- char action = SecurityDefaultAction;
+ int action = SecurityDefaultAction;
/* if client trusted or window untrusted, allow operation */
@@ -1757,7 +1757,7 @@ SecurityCheckPropertyAccess(CallbackList
* If pacl doesn't apply, something above should have
* executed a continue, which will skip the follwing code.
*/
- action = XaceAllowOperation;
+ action = Success;
if (access_mode & DixReadAccess)
action = max(action, pacl->readAction);
if (access_mode & DixWriteAccess)
@@ -1768,19 +1768,18 @@ SecurityCheckPropertyAccess(CallbackList
} /* end for each pacl */
} /* end if propertyName <= SecurityMaxPropertyName */
- if (XaceAllowOperation != action)
+ if (action != Success)
{ /* audit the access violation */
int cid = CLIENT_ID(pWin->drawable.id);
int reqtype = ((xReq *)client->requestBuffer)->reqType;
- char *actionstr = (XaceIgnoreOperation == action) ?
- "ignored" : "error";
+ char *actionstr = (XaceIgnoreError == action) ? "ignored" : "error";
SecurityAudit("client %d attempted request %d with window 0x%x property %s (atom 0x%x) of client %d, %s\n",
client->index, reqtype, pWin->drawable.id,
NameForAtom(propertyName), propertyName, cid, actionstr);
}
/* return codes increase with strictness */
- if (action > rec->rval)
- rec->rval = action;
+ if (action != Success)
+ rec->status = action;
} /* SecurityCheckPropertyAccess */
diff --git a/Xext/xace.c b/Xext/xace.c
index aff45d9..46fe7bc 100644
--- a/Xext/xace.c
+++ b/Xext/xace.c
@@ -61,10 +61,10 @@ int XaceHook(int hook, ...)
case XACE_CORE_DISPATCH: {
XaceCoreDispatchRec rec = {
va_arg(ap, ClientPtr),
- TRUE /* default allow */
+ Success /* default allow */
};
calldata = &rec;
- prv = &rec.rval;
+ prv = &rec.status;
break;
}
case XACE_RESOURCE_ACCESS: {
@@ -74,10 +74,10 @@ int XaceHook(int hook, ...)
va_arg(ap, RESTYPE),
va_arg(ap, Mask),
va_arg(ap, pointer),
- TRUE /* default allow */
+ Success /* default allow */
};
calldata = &rec;
- prv = &rec.rval;
+ prv = &rec.status;
break;
}
case XACE_DEVICE_ACCESS: {
@@ -85,10 +85,10 @@ int XaceHook(int hook, ...)
va_arg(ap, ClientPtr),
va_arg(ap, DeviceIntPtr),
va_arg(ap, Bool),
- TRUE /* default allow */
+ Success /* default allow */
};
calldata = &rec;
- prv = &rec.rval;
+ prv = &rec.status;
break;
}
case XACE_PROPERTY_ACCESS: {
@@ -97,20 +97,20 @@ int XaceHook(int hook, ...)
va_arg(ap, WindowPtr),
va_arg(ap, PropertyPtr),
va_arg(ap, Mask),
- XaceAllowOperation /* default allow */
+ Success /* default allow */
};
calldata = &rec;
- prv = &rec.rval;
+ prv = &rec.status;
break;
}
case XACE_DRAWABLE_ACCESS: {
XaceDrawableAccessRec rec = {
va_arg(ap, ClientPtr),
va_arg(ap, DrawablePtr),
- TRUE /* default allow */
+ Success /* default allow */
};
calldata = &rec;
- prv = &rec.rval;
+ prv = &rec.status;
break;
}
case XACE_MAP_ACCESS:
@@ -118,10 +118,10 @@ int XaceHook(int hook, ...)
XaceMapAccessRec rec = {
va_arg(ap, ClientPtr),
va_arg(ap, WindowPtr),
- TRUE /* default allow */
+ Success /* default allow */
};
calldata = &rec;
- prv = &rec.rval;
+ prv = &rec.status;
break;
}
case XACE_EXT_DISPATCH:
@@ -129,20 +129,20 @@ int XaceHook(int hook, ...)
XaceExtAccessRec rec = {
va_arg(ap, ClientPtr),
va_arg(ap, ExtensionEntry*),
- TRUE /* default allow */
+ Success /* default allow */
};
calldata = &rec;
- prv = &rec.rval;
+ prv = &rec.status;
break;
}
case XACE_HOSTLIST_ACCESS: {
XaceHostlistAccessRec rec = {
va_arg(ap, ClientPtr),
va_arg(ap, Mask),
- TRUE /* default allow */
+ Success /* default allow */
};
calldata = &rec;
- prv = &rec.rval;
+ prv = &rec.status;
break;
}
case XACE_SELECTION_ACCESS: {
@@ -150,20 +150,20 @@ int XaceHook(int hook, ...)
va_arg(ap, ClientPtr),
va_arg(ap, Selection*),
va_arg(ap, Mask),
- TRUE /* default allow */
+ Success /* default allow */
};
calldata = &rec;
- prv = &rec.rval;
+ prv = &rec.status;
break;
}
case XACE_SITE_POLICY: {
XaceSitePolicyRec rec = {
va_arg(ap, char*),
va_arg(ap, int),
- FALSE /* default unrecognized */
+ BadValue /* default unrecognized */
};
calldata = &rec;
- prv = &rec.rval;
+ prv = &rec.status;
break;
}
case XACE_DECLARE_EXT_SECURE: {
@@ -271,13 +271,14 @@ static int
XaceCatchDispatchProc(ClientPtr client)
{
REQUEST(xReq);
- int major = stuff->reqType;
+ int rc, major = stuff->reqType;
if (!ProcVector[major])
return (BadRequest);
- if (!XaceHook(XACE_CORE_DISPATCH, client))
- return (BadAccess);
+ rc = XaceHook(XACE_CORE_DISPATCH, client);
+ if (rc != Success)
+ return rc;
return client->swapped ?
(* SwappedProcVector[major])(client) :
@@ -294,7 +295,7 @@ XaceCatchExtProc(ClientPtr client)
if (!ext || !ProcVector[major])
return (BadRequest);
- if (!XaceHook(XACE_EXT_DISPATCH, client, ext))
+ if (XaceHook(XACE_EXT_DISPATCH, client, ext) != Success)
return (BadRequest); /* pretend extension doesn't exist */
return client->swapped ?
diff --git a/Xext/xace.h b/Xext/xace.h
index ec13842..0832612 100644
--- a/Xext/xace.h
+++ b/Xext/xace.h
@@ -20,10 +20,10 @@ CONNECTION WITH THE SOFTWARE OR THE USE
#ifndef _XACE_H
#define _XACE_H
-/* Hook return codes */
-#define XaceErrorOperation 0
-#define XaceAllowOperation 1
-#define XaceIgnoreOperation 2
+/* Special value used for ignore operation. This is a deprecated feature
+ * only for Security extension support. Do not use in new code.
+ */
+#define XaceIgnoreError BadRequest
#ifdef XACE
@@ -97,10 +97,10 @@ extern void XaceCensorImage(
/* Define calls away when XACE is not being built. */
#ifdef __GNUC__
-#define XaceHook(args...) XaceAllowOperation
+#define XaceHook(args...) Success
#define XaceCensorImage(args...) { ; }
#else
-#define XaceHook(...) XaceAllowOperation
+#define XaceHook(...) Success
#define XaceCensorImage(...) { ; }
#endif
diff --git a/Xext/xacestr.h b/Xext/xacestr.h
index 184fb9b..8eb74d5 100644
--- a/Xext/xacestr.h
+++ b/Xext/xacestr.h
@@ -33,7 +33,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE
/* XACE_CORE_DISPATCH */
typedef struct {
ClientPtr client;
- int rval;
+ int status;
} XaceCoreDispatchRec;
/* XACE_RESOURCE_ACCESS */
@@ -43,7 +43,7 @@ typedef struct {
RESTYPE rtype;
Mask access_mode;
pointer res;
- int rval;
+ int status;
} XaceResourceAccessRec;
/* XACE_DEVICE_ACCESS */
@@ -51,7 +51,7 @@ typedef struct {
ClientPtr client;
DeviceIntPtr dev;
Bool fromRequest;
- int rval;
+ int status;
} XaceDeviceAccessRec;
/* XACE_PROPERTY_ACCESS */
@@ -60,14 +60,14 @@ typedef struct {
WindowPtr pWin;
PropertyPtr pProp;
Mask access_mode;
- int rval;
+ int status;
} XacePropertyAccessRec;
/* XACE_DRAWABLE_ACCESS */
typedef struct {
ClientPtr client;
DrawablePtr pDraw;
- int rval;
+ int status;
} XaceDrawableAccessRec;
/* XACE_MAP_ACCESS */
@@ -75,7 +75,7 @@ typedef struct {
typedef struct {
ClientPtr client;
WindowPtr pWin;
- int rval;
+ int status;
} XaceMapAccessRec;
/* XACE_EXT_DISPATCH */
@@ -83,14 +83,14 @@ typedef struct {
typedef struct {
ClientPtr client;
ExtensionEntry *ext;
- int rval;
+ int status;
} XaceExtAccessRec;
/* XACE_HOSTLIST_ACCESS */
typedef struct {
ClientPtr client;
Mask access_mode;
- int rval;
+ int status;
} XaceHostlistAccessRec;
/* XACE_SELECTION_ACCESS */
@@ -98,14 +98,14 @@ typedef struct {
ClientPtr client;
Selection *selection;
Mask access_mode;
- int rval;
+ int status;
} XaceSelectionAccessRec;
/* XACE_SITE_POLICY */
typedef struct {
char *policyString;
int len;
- int rval;
+ int status;
} XaceSitePolicyRec;
/* XACE_DECLARE_EXT_SECURE */
diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index 648bb6e..3cec21b 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -193,7 +193,7 @@ SwapXID(ClientPtr client, XID id)
* class: Security class of the server object being accessed.
* perm: Permissions required on the object.
*
- * Returns: boolean TRUE=allowed, FALSE=denied.
+ * Returns: X status code.
*/
static int
ServerPerm(ClientPtr client,
@@ -211,18 +211,19 @@ ServerPerm(ClientPtr client,
if (avc_has_perm(SID(client), RSID(serverClient,idx), class,
perm, &AEREF(client), &auditdata) < 0)
{
- if (errno != EACCES)
- ErrorF("ServerPerm: unexpected error %d\n", errno);
- return FALSE;
+ if (errno == EACCES)
+ return BadAccess;
+ ErrorF("ServerPerm: unexpected error %d\n", errno);
+ return BadValue;
}
}
else
{
ErrorF("No client state in server-perm check!\n");
- return TRUE;
+ return Success;
}
- return TRUE;
+ return Success;
}
/*
@@ -234,7 +235,7 @@ ServerPerm(ClientPtr client,
* class: Security class of the resource being accessed.
* perm: Permissions required on the resource.
*
- * Returns: boolean TRUE=allowed, FALSE=denied.
+ * Returns: X status code.
*/
static int
IDPerm(ClientPtr sclient,
@@ -247,7 +248,7 @@ IDPerm(ClientPtr sclient,
XSELinuxAuditRec auditdata;
if (id == None)
- return TRUE;
+ return Success;
CheckXID(id);
tclient = clients[CLIENT_ID(id)];
@@ -259,7 +260,7 @@ IDPerm(ClientPtr sclient,
*/
if (!tclient || !HAVESTATE(tclient) || !HAVESTATE(sclient))
{
- return TRUE;
+ return Success;
}
auditdata.client = sclient;
@@ -269,12 +270,13 @@ IDPerm(ClientPtr sclient,
if (avc_has_perm(SID(sclient), RSID(tclient,idx), class,
perm, &AEREF(sclient), &auditdata) < 0)
{
- if (errno != EACCES)
- ErrorF("IDPerm: unexpected error %d\n", errno);
- return FALSE;
+ if (errno == EACCES)
+ return BadAccess;
+ ErrorF("IDPerm: unexpected error %d\n", errno);
+ return BadValue;
}
- return TRUE;
+ return Success;
}
/*
@@ -501,8 +503,9 @@ FreeClientState(ClientPtr client)
#define REQUEST_SIZE_CHECK(client, req) \
(client->req_len >= (sizeof(req) >> 2))
#define IDPERM(client, req, field, class, perm) \
- (REQUEST_SIZE_CHECK(client,req) && \
- IDPerm(client, SwapXID(client,((req*)stuff)->field), class, perm))
+ (REQUEST_SIZE_CHECK(client,req) ? \
+ IDPerm(client, SwapXID(client,((req*)stuff)->field), class, perm) : \
+ BadLength)
static int
CheckSendEventPerms(ClientPtr client)
@@ -513,7 +516,7 @@ CheckSendEventPerms(ClientPtr client)
/* might need type bounds checking here */
if (!REQUEST_SIZE_CHECK(client, xSendEventReq))
- return FALSE;
+ return BadLength;
switch (stuff->event.u.u.type) {
case SelectionClear:
@@ -574,11 +577,11 @@ static int
CheckConvertSelectionPerms(ClientPtr client)
{
register char n;
- int rval = TRUE;
+ int rval = Success;
REQUEST(xConvertSelectionReq);
if (!REQUEST_SIZE_CHECK(client, xConvertSelectionReq))
- return FALSE;
+ return BadLength;
if (client->swapped)
{
@@ -591,24 +594,26 @@ CheckConvertSelectionPerms(ClientPtr cli
int i = 0;
while ((i < NumCurrentSelections) &&
CurrentSelections[i].selection != stuff->selection) i++;
- if (i < NumCurrentSelections)
- rval = rval && IDPerm(client, CurrentSelections[i].window,
- SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT);
- }
- rval = rval && IDPerm(client, stuff->requestor,
+ if (i < NumCurrentSelections) {
+ rval = IDPerm(client, CurrentSelections[i].window,
SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT);
- return rval;
+ if (rval != Success)
+ return rval;
+ }
+ }
+ return IDPerm(client, stuff->requestor,
+ SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT);
}
static int
CheckSetSelectionOwnerPerms(ClientPtr client)
{
register char n;
- int rval = TRUE;
+ int rval = Success;
REQUEST(xSetSelectionOwnerReq);
if (!REQUEST_SIZE_CHECK(client, xSetSelectionOwnerReq))
- return FALSE;
+ return BadLength;
if (client->swapped)
{
@@ -621,13 +626,15 @@ CheckSetSelectionOwnerPerms(ClientPtr cl
int i = 0;
while ((i < NumCurrentSelections) &&
CurrentSelections[i].selection != stuff->selection) i++;
- if (i < NumCurrentSelections)
- rval = rval && IDPerm(client, CurrentSelections[i].window,
- SECCLASS_WINDOW, WINDOW__CHSELECTION);
+ if (i < NumCurrentSelections) {
+ rval = IDPerm(client, CurrentSelections[i].window,
+ SECCLASS_WINDOW, WINDOW__CHSELECTION);
+ if (rval != Success)
+ return rval;
+ }
}
- rval = rval && IDPerm(client, stuff->window,
+ return IDPerm(client, stuff->window,
SECCLASS_WINDOW, WINDOW__CHSELECTION);
- return rval;
}
static void
@@ -636,7 +643,7 @@ XSELinuxCoreDispatch(CallbackListPtr *pc
XaceCoreDispatchRec *rec = (XaceCoreDispatchRec*)calldata;
ClientPtr client = rec->client;
REQUEST(xReq);
- Bool rval;
+ int rval = Success, rval2 = Success, rval3 = Success;
switch(stuff->reqType) {
/* Drawable class control requirements */
@@ -668,9 +675,9 @@ XSELinuxCoreDispatch(CallbackListPtr *pc
case X_CopyArea:
case X_CopyPlane:
rval = IDPERM(client, xCopyAreaReq, srcDrawable,
- SECCLASS_DRAWABLE, DRAWABLE__COPY)
- && IDPERM(client, xCopyAreaReq, dstDrawable,
- SECCLASS_DRAWABLE, DRAWABLE__DRAW);
+ SECCLASS_DRAWABLE, DRAWABLE__COPY);
+ rval2 = IDPERM(client, xCopyAreaReq, dstDrawable,
+ SECCLASS_DRAWABLE, DRAWABLE__DRAW);
break;
case X_GetImage:
rval = IDPERM(client, xGetImageReq, drawable,
@@ -712,12 +719,12 @@ XSELinuxCoreDispatch(CallbackListPtr *pc
case X_CreateWindow:
rval = IDPERM(client, xCreateWindowReq, wid,
SECCLASS_WINDOW,
- WINDOW__CREATE | WINDOW__SETATTR | WINDOW__MOVE)
- && IDPERM(client, xCreateWindowReq, parent,
- SECCLASS_WINDOW,
- WINDOW__CHSTACK | WINDOW__ADDCHILD)
- && IDPERM(client, xCreateWindowReq, wid,
- SECCLASS_DRAWABLE, DRAWABLE__CREATE);
+ WINDOW__CREATE | WINDOW__SETATTR | WINDOW__MOVE);
+ rval2 = IDPERM(client, xCreateWindowReq, parent,
+ SECCLASS_WINDOW,
+ WINDOW__CHSTACK | WINDOW__ADDCHILD);
+ rval3 = IDPERM(client, xCreateWindowReq, wid,
+ SECCLASS_DRAWABLE, DRAWABLE__CREATE);
break;
case X_DeleteProperty:
rval = IDPERM(client, xDeletePropertyReq, window,
@@ -728,9 +735,9 @@ XSELinuxCoreDispatch(CallbackListPtr *pc
case X_DestroySubwindows:
rval = IDPERM(client, xResourceReq, id,
SECCLASS_WINDOW,
- WINDOW__ENUMERATE | WINDOW__UNMAP | WINDOW__DESTROY)
- && IDPERM(client, xResourceReq, id,
- SECCLASS_DRAWABLE, DRAWABLE__DESTROY);
+ WINDOW__ENUMERATE | WINDOW__UNMAP | WINDOW__DESTROY);
+ rval2 = IDPERM(client, xResourceReq, id,
+ SECCLASS_DRAWABLE, DRAWABLE__DESTROY);
break;
case X_GetMotionEvents:
rval = IDPERM(client, xGetMotionEventsReq, window,
@@ -768,26 +775,26 @@ XSELinuxCoreDispatch(CallbackListPtr *pc
break;
case X_ReparentWindow:
rval = IDPERM(client, xReparentWindowReq, window,
- SECCLASS_WINDOW, WINDOW__CHPARENT | WINDOW__MOVE)
- && IDPERM(client, xReparentWindowReq, parent,
- SECCLASS_WINDOW, WINDOW__CHSTACK | WINDOW__ADDCHILD);
+ SECCLASS_WINDOW, WINDOW__CHPARENT | WINDOW__MOVE);
+ rval2 = IDPERM(client, xReparentWindowReq, parent,
+ SECCLASS_WINDOW, WINDOW__CHSTACK | WINDOW__ADDCHILD);
break;
case X_SendEvent:
rval = CheckSendEventPerms(client);
break;
case X_SetInputFocus:
rval = IDPERM(client, xSetInputFocusReq, focus,
- SECCLASS_WINDOW, WINDOW__SETFOCUS)
- && ServerPerm(client, SECCLASS_XINPUT, XINPUT__SETFOCUS);
+ SECCLASS_WINDOW, WINDOW__SETFOCUS);
+ rval2 = ServerPerm(client, SECCLASS_XINPUT, XINPUT__SETFOCUS);
break;
case X_SetSelectionOwner:
rval = CheckSetSelectionOwnerPerms(client);
break;
case X_TranslateCoords:
rval = IDPERM(client, xTranslateCoordsReq, srcWid,
- SECCLASS_WINDOW, WINDOW__GETATTR)
- && IDPERM(client, xTranslateCoordsReq, dstWid,
SECCLASS_WINDOW, WINDOW__GETATTR);
+ rval2 = IDPERM(client, xTranslateCoordsReq, dstWid,
+ SECCLASS_WINDOW, WINDOW__GETATTR);
break;
case X_UnmapWindow:
case X_UnmapSubwindows:
@@ -798,10 +805,10 @@ XSELinuxCoreDispatch(CallbackListPtr *pc
break;
case X_WarpPointer:
rval = IDPERM(client, xWarpPointerReq, srcWid,
- SECCLASS_WINDOW, WINDOW__GETATTR)
- && IDPERM(client, xWarpPointerReq, dstWid,
- SECCLASS_WINDOW, WINDOW__GETATTR)
- && ServerPerm(client, SECCLASS_XINPUT, XINPUT__WARPPOINTER);
+ SECCLASS_WINDOW, WINDOW__GETATTR);
+ rval2 = IDPERM(client, xWarpPointerReq, dstWid,
+ SECCLASS_WINDOW, WINDOW__GETATTR);
+ rval3 = ServerPerm(client, SECCLASS_XINPUT, XINPUT__WARPPOINTER);
break;
/* Input class control requirements */
@@ -852,16 +859,16 @@ XSELinuxCoreDispatch(CallbackListPtr *pc
break;
case X_CopyColormapAndFree:
rval = IDPERM(client, xCopyColormapAndFreeReq, mid,
- SECCLASS_COLORMAP, COLORMAP__CREATE)
- && IDPERM(client, xCopyColormapAndFreeReq, srcCmap,
- SECCLASS_COLORMAP,
- COLORMAP__READ | COLORMAP__FREE);
+ SECCLASS_COLORMAP, COLORMAP__CREATE);
+ rval2 = IDPERM(client, xCopyColormapAndFreeReq, srcCmap,
+ SECCLASS_COLORMAP,
+ COLORMAP__READ | COLORMAP__FREE);
break;
case X_CreateColormap:
rval = IDPERM(client, xCreateColormapReq, mid,
- SECCLASS_COLORMAP, COLORMAP__CREATE)
- && IDPERM(client, xCreateColormapReq, window,
- SECCLASS_DRAWABLE, DRAWABLE__DRAW);
+ SECCLASS_COLORMAP, COLORMAP__CREATE);
+ rval2 = IDPERM(client, xCreateColormapReq, window,
+ SECCLASS_DRAWABLE, DRAWABLE__DRAW);
break;
case X_FreeColormap:
rval = IDPERM(client, xResourceReq, id,
@@ -873,8 +880,8 @@ XSELinuxCoreDispatch(CallbackListPtr *pc
break;
case X_InstallColormap:
rval = IDPERM(client, xResourceReq, id,
- SECCLASS_COLORMAP, COLORMAP__INSTALL)
- && ServerPerm(client, SECCLASS_COLORMAP, COLORMAP__INSTALL);
+ SECCLASS_COLORMAP, COLORMAP__INSTALL);
+ rval2 = ServerPerm(client, SECCLASS_COLORMAP, COLORMAP__INSTALL);
break;
case X_ListInstalledColormaps:
rval = ServerPerm(client, SECCLASS_COLORMAP, COLORMAP__LIST);
@@ -891,8 +898,8 @@ XSELinuxCoreDispatch(CallbackListPtr *pc
break;
case X_UninstallColormap:
rval = IDPERM(client, xResourceReq, id,
- SECCLASS_COLORMAP, COLORMAP__UNINSTALL)
- && ServerPerm(client, SECCLASS_COLORMAP, COLORMAP__UNINSTALL);
+ SECCLASS_COLORMAP, COLORMAP__UNINSTALL);
+ rval2 = ServerPerm(client, SECCLASS_COLORMAP, COLORMAP__UNINSTALL);
break;
/* Font class control requirements */
@@ -907,18 +914,18 @@ XSELinuxCoreDispatch(CallbackListPtr *pc
SECCLASS_DRAWABLE, DRAWABLE__DRAW);
break;
case X_OpenFont:
- rval = ServerPerm(client, SECCLASS_FONT, FONT__LOAD)
- && IDPERM(client, xOpenFontReq, fid,
- SECCLASS_FONT, FONT__USE);
+ rval = ServerPerm(client, SECCLASS_FONT, FONT__LOAD);
+ rval2 = IDPERM(client, xOpenFontReq, fid,
+ SECCLASS_FONT, FONT__USE);
break;
case X_PolyText8:
case X_PolyText16:
/* Font accesses checked through the resource manager */
- rval = ServerPerm(client, SECCLASS_FONT, FONT__LOAD)
- && IDPERM(client, xPolyTextReq, gc,
- SECCLASS_GC, GC__SETATTR)
- && IDPERM(client, xPolyTextReq, drawable,
- SECCLASS_DRAWABLE, DRAWABLE__DRAW);
+ rval = ServerPerm(client, SECCLASS_FONT, FONT__LOAD);
+ rval2 = IDPERM(client, xPolyTextReq, gc,
+ SECCLASS_GC, GC__SETATTR);
+ rval3 = IDPERM(client, xPolyTextReq, drawable,
+ SECCLASS_DRAWABLE, DRAWABLE__DRAW);
break;
/* Pixmap class control requirements */
@@ -934,19 +941,19 @@ XSELinuxCoreDispatch(CallbackListPtr *pc
/* Cursor class control requirements */
case X_CreateCursor:
rval = IDPERM(client, xCreateCursorReq, cid,
- SECCLASS_CURSOR, CURSOR__CREATE)
- && IDPERM(client, xCreateCursorReq, source,
- SECCLASS_DRAWABLE, DRAWABLE__DRAW)
- && IDPERM(client, xCreateCursorReq, mask,
- SECCLASS_DRAWABLE, DRAWABLE__COPY);
+ SECCLASS_CURSOR, CURSOR__CREATE);
+ rval2 = IDPERM(client, xCreateCursorReq, source,
+ SECCLASS_DRAWABLE, DRAWABLE__DRAW);
+ rval3 = IDPERM(client, xCreateCursorReq, mask,
+ SECCLASS_DRAWABLE, DRAWABLE__COPY);
break;
case X_CreateGlyphCursor:
rval = IDPERM(client, xCreateGlyphCursorReq, cid,
- SECCLASS_CURSOR, CURSOR__CREATEGLYPH)
- && IDPERM(client, xCreateGlyphCursorReq, source,
- SECCLASS_FONT, FONT__USE)
- && IDPERM(client, xCreateGlyphCursorReq, mask,
- SECCLASS_FONT, FONT__USE);
+ SECCLASS_CURSOR, CURSOR__CREATEGLYPH);
+ rval2 = IDPERM(client, xCreateGlyphCursorReq, source,
+ SECCLASS_FONT, FONT__USE);
+ rval3 = IDPERM(client, xCreateGlyphCursorReq, mask,
+ SECCLASS_FONT, FONT__USE);
break;
case X_RecolorCursor:
rval = IDPERM(client, xRecolorCursorReq, cursor,
@@ -970,9 +977,9 @@ XSELinuxCoreDispatch(CallbackListPtr *pc
break;
case X_CopyGC:
rval = IDPERM(client, xCopyGCReq, srcGC,
- SECCLASS_GC, GC__GETATTR)
- && IDPERM(client, xCopyGCReq, dstGC,
- SECCLASS_GC, GC__SETATTR);
+ SECCLASS_GC, GC__GETATTR);
+ rval2 = IDPERM(client, xCopyGCReq, dstGC,
+ SECCLASS_GC, GC__SETATTR);
break;
case X_FreeGC:
rval = IDPERM(client, xResourceReq, id,
@@ -1009,11 +1016,14 @@ XSELinuxCoreDispatch(CallbackListPtr *pc
break;
default:
- rval = TRUE;
break;
}
- if (!rval)
- rec->rval = FALSE;
+ if (rval != Success)
+ rec->status = rval;
+ if (rval2 != Success)
+ rec->status = rval2;
+ if (rval != Success)
+ rec->status = rval3;
}
static void
@@ -1050,9 +1060,10 @@ XSELinuxExtDispatch(CallbackListPtr *pcb
if (avc_has_perm(SID(client), extsid, SECCLASS_XEXTENSION,
perm, &AEREF(client), &auditdata) < 0)
{
- if (errno != EACCES)
- ErrorF("ExtDispatch: unexpected error %d\n", errno);
- rec->rval = FALSE;
+ if (errno == EACCES)
+ rec->status = BadAccess;
+ ErrorF("ExtDispatch: unexpected error %d\n", errno);
+ rec->status = BadValue;
}
} else
ErrorF("No client state in extension dispatcher!\n");
@@ -1096,9 +1107,10 @@ XSELinuxProperty(CallbackListPtr *pcbl,
if (avc_has_perm(SID(client), propsid, SECCLASS_PROPERTY,
perm, &AEREF(client), &auditdata) < 0)
{
- if (errno != EACCES)
- ErrorF("Property: unexpected error %d\n", errno);
- rec->rval = XaceIgnoreOperation;
+ if (errno == EACCES)
+ rec->status = BadAccess;
+ ErrorF("Property: unexpected error %d\n", errno);
+ rec->status = BadValue;
}
} else
ErrorF("No client state in property callback!\n");
@@ -1114,7 +1126,7 @@ XSELinuxResLookup(CallbackListPtr *pcbl,
ClientPtr client = rec->client;
REQUEST(xReq);
access_vector_t perm = 0;
- Bool rval = TRUE;
+ int rval = Success;
/* serverClient requests OK */
if (client->index == 0)
@@ -1145,35 +1157,35 @@ XSELinuxResLookup(CallbackListPtr *pcbl,
default:
break;
}
- if (!rval)
- rec->rval = FALSE;
+ if (rval != Success)
+ rec->status = rval;
} /* XSELinuxResLookup */
static void
XSELinuxMap(CallbackListPtr *pcbl, pointer unused, pointer calldata)
{
XaceMapAccessRec *rec = (XaceMapAccessRec*)calldata;
- if (!IDPerm(rec->client, rec->pWin->drawable.id,
- SECCLASS_WINDOW, WINDOW__MAP))
- rec->rval = FALSE;
+ if (IDPerm(rec->client, rec->pWin->drawable.id,
+ SECCLASS_WINDOW, WINDOW__MAP) != Success)
+ rec->status = BadAccess;
} /* XSELinuxMap */
static void
XSELinuxBackgrnd(CallbackListPtr *pcbl, pointer unused, pointer calldata)
{
XaceMapAccessRec *rec = (XaceMapAccessRec*)calldata;
- if (!IDPerm(rec->client, rec->pWin->drawable.id,
- SECCLASS_WINDOW, WINDOW__TRANSPARENT))
- rec->rval = FALSE;
+ if (IDPerm(rec->client, rec->pWin->drawable.id,
+ SECCLASS_WINDOW, WINDOW__TRANSPARENT) != Success)
+ rec->status = BadAccess;
} /* XSELinuxBackgrnd */
static void
XSELinuxDrawable(CallbackListPtr *pcbl, pointer unused, pointer calldata)
{
XaceDrawableAccessRec *rec = (XaceDrawableAccessRec*)calldata;
- if (!IDPerm(rec->client, rec->pDraw->id,
- SECCLASS_DRAWABLE, DRAWABLE__COPY))
- rec->rval = FALSE;
+ if (IDPerm(rec->client, rec->pDraw->id,
+ SECCLASS_DRAWABLE, DRAWABLE__COPY) != Success)
+ rec->status = BadAccess;
} /* XSELinuxDrawable */
static void
@@ -1183,8 +1195,8 @@ XSELinuxHostlist(CallbackListPtr *pcbl,
access_vector_t perm = (rec->access_mode == DixReadAccess) ?
XSERVER__GETHOSTLIST : XSERVER__SETHOSTLIST;
- if (!ServerPerm(rec->client, SECCLASS_XSERVER, perm))
- rec->rval = FALSE;
+ if (ServerPerm(rec->client, SECCLASS_XSERVER, perm) != Success)
+ rec->status = BadAccess;
} /* XSELinuxHostlist */
/* Extension callbacks */
diff --git a/dix/devices.c b/dix/devices.c
index 1ce6be6..5ffa81d 100644
--- a/dix/devices.c
+++ b/dix/devices.c
@@ -1206,7 +1206,7 @@ DoSetModifierMapping(ClientPtr client, K
}
}
- if (!XaceHook(XACE_DEVICE_ACCESS, client, pDev, TRUE))
+ if (XaceHook(XACE_DEVICE_ACCESS, client, pDev, TRUE) != Success)
return BadAccess;
/* None of the modifiers (old or new) may be down while we change
@@ -1330,7 +1330,7 @@ ProcChangeKeyboardMapping(ClientPtr clie
for (pDev = inputInfo.devices; pDev; pDev = pDev->next) {
if ((pDev->coreEvents || pDev == inputInfo.keyboard) && pDev->key) {
- if (!XaceHook(XACE_DEVICE_ACCESS, client, pDev, TRUE))
+ if (XaceHook(XACE_DEVICE_ACCESS, client, pDev, TRUE) != Success)
return BadAccess;
}
}
@@ -1682,7 +1682,7 @@ ProcChangeKeyboardControl (ClientPtr cli
for (pDev = inputInfo.devices; pDev; pDev = pDev->next) {
if ((pDev->coreEvents || pDev == inputInfo.keyboard) &&
pDev->kbdfeed && pDev->kbdfeed->CtrlProc) {
- if (!XaceHook(XACE_DEVICE_ACCESS, client, pDev, TRUE))
+ if (XaceHook(XACE_DEVICE_ACCESS, client, pDev, TRUE) != Success)
return BadAccess;
}
}
@@ -1944,10 +1944,10 @@ ProcQueryKeymap(ClientPtr client)
rep.length = 2;
if (XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
+ bzero((char *)&rep.map[0], 32);
+ else
for (i = 0; i<32; i++)
rep.map[i] = down[i];
- else
- bzero((char *)&rep.map[0], 32);
WriteReplyToClient(client, sizeof(xQueryKeymapReply), &rep);
return Success;
diff --git a/dix/dispatch.c b/dix/dispatch.c
index 0a86dc5..4519d85 100644
--- a/dix/dispatch.c
+++ b/dix/dispatch.c
@@ -1120,7 +1120,7 @@ ProcGetSelectionOwner(ClientPtr client)
reply.sequenceNumber = client->sequence;
if (i < NumCurrentSelections &&
XaceHook(XACE_SELECTION_ACCESS, client, &CurrentSelections[i],
- DixReadAccess))
+ DixReadAccess) == Success)
reply.owner = CurrentSelections[i].destwindow;
else
reply.owner = None;
@@ -1161,7 +1161,7 @@ ProcConvertSelection(ClientPtr client)
if ((i < NumCurrentSelections) &&
(CurrentSelections[i].window != None) &&
XaceHook(XACE_SELECTION_ACCESS, client, &CurrentSelections[i],
- DixReadAccess))
+ DixReadAccess) == Success)
{
event.u.u.type = SelectionRequest;
event.u.selectionRequest.time = stuff->time;
@@ -2276,7 +2276,7 @@ DoGetImage(ClientPtr client, int format,
}
if (pDraw->type == DRAWABLE_WINDOW &&
- !XaceHook(XACE_DRAWABLE_ACCESS, client, pDraw))
+ XaceHook(XACE_DRAWABLE_ACCESS, client, pDraw) != Success)
{
pVisibleRegion = NotClippedByChildren((WindowPtr)pDraw);
if (pVisibleRegion)
@@ -3343,8 +3343,9 @@ ProcListHosts(ClientPtr client)
REQUEST_SIZE_MATCH(xListHostsReq);
/* untrusted clients can't list hosts */
- if (!XaceHook(XACE_HOSTLIST_ACCESS, client, DixReadAccess))
- return BadAccess;
+ result = XaceHook(XACE_HOSTLIST_ACCESS, client, DixReadAccess);
+ if (result != Success)
+ return result;
result = GetHosts(&pdata, &nHosts, &len, &reply.enabled);
if (result != Success)
diff --git a/dix/dixutils.c b/dix/dixutils.c
index e97a791..4d082cd 100644
--- a/dix/dixutils.c
+++ b/dix/dixutils.c
@@ -209,6 +209,8 @@ dixLookupDrawable(DrawablePtr *pDraw, XI
{
DrawablePtr pTmp;
RESTYPE rtype;
+ int rc;
+
*pDraw = NULL;
client->errorValue = id;
@@ -220,8 +222,9 @@ dixLookupDrawable(DrawablePtr *pDraw, XI
/* an access check is required for cached drawables */
rtype = (type & M_WINDOW) ? RT_WINDOW : RT_PIXMAP;
- if (!XaceHook(XACE_RESOURCE_ACCESS, client, id, rtype, access, pTmp))
- return BadDrawable;
+ rc = XaceHook(XACE_RESOURCE_ACCESS, client, id, rtype, access, pTmp);
+ if (rc != Success)
+ return rc;
} else
dixLookupResource((void **)&pTmp, id, RC_DRAWABLE, client, access);
diff --git a/dix/events.c b/dix/events.c
index bc6b6ae..88895b5 100644
--- a/dix/events.c
+++ b/dix/events.c
@@ -2682,7 +2682,7 @@ CheckPassiveGrabsOnWindow(
(grab->confineTo->realized &&
BorderSizeNotEmpty(grab->confineTo))))
{
- if (!XaceHook(XACE_DEVICE_ACCESS, wClient(pWin), device, FALSE))
+ if (XaceHook(XACE_DEVICE_ACCESS, wClient(pWin), device, FALSE))
return FALSE;
#ifdef XKB
if (!noXkbExtension) {
@@ -3529,7 +3529,7 @@ EnterLeaveEvent(
xKeymapEvent ke;
ClientPtr client = grab ? rClient(grab)
: clients[CLIENT_ID(pWin->drawable.id)];
- if (XaceHook(XACE_DEVICE_ACCESS, client, keybd, FALSE))
+ if (XaceHook(XACE_DEVICE_ACCESS, client, keybd, FALSE) == Success)
memmove((char *)&ke.map[0], (char *)&keybd->key->down[1], 31);
else
bzero((char *)&ke.map[0], 31);
@@ -3636,7 +3636,7 @@ FocusEvent(DeviceIntPtr dev, int type, i
{
xKeymapEvent ke;
ClientPtr client = clients[CLIENT_ID(pWin->drawable.id)];
- if (XaceHook(XACE_DEVICE_ACCESS, client, dev, FALSE))
+ if (XaceHook(XACE_DEVICE_ACCESS, client, dev, FALSE) == Success)
memmove((char *)&ke.map[0], (char *)&dev->key->down[1], 31);
else
bzero((char *)&ke.map[0], 31);
@@ -3924,7 +3924,7 @@ ProcSetInputFocus(client)
REQUEST_SIZE_MATCH(xSetInputFocusReq);
- if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
+ if (XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
return Success;
return SetInputFocus(client, inputInfo.keyboard, stuff->focus,
@@ -4239,15 +4239,14 @@ ProcGrabKeyboard(ClientPtr client)
REQUEST_SIZE_MATCH(xGrabKeyboardReq);
- if (XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
- result = GrabDevice(client, inputInfo.keyboard, stuff->keyboardMode,
+ if (XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE)) {
+ result = Success;
+ rep.status = AlreadyGrabbed;
+ } else
+ result = GrabDevice(client, inputInfo.keyboard, stuff->keyboardMode,
stuff->pointerMode, stuff->grabWindow,
stuff->ownerEvents, stuff->time,
KeyPressMask | KeyReleaseMask, &rep.status);
- else {
- result = Success;
- rep.status = AlreadyGrabbed;
- }
if (result != Success)
return result;
diff --git a/dix/extension.c b/dix/extension.c
index d409c3f..ad4e697 100644
--- a/dix/extension.c
+++ b/dix/extension.c
@@ -319,7 +319,7 @@ ProcQueryExtension(ClientPtr client)
else
{
i = FindExtension((char *)&stuff[1], stuff->nbytes);
- if (i < 0 || !XaceHook(XACE_EXT_ACCESS, client, extensions[i]))
+ if (i < 0 || XaceHook(XACE_EXT_ACCESS, client, extensions[i]))
reply.present = xFalse;
else
{
@@ -355,7 +355,7 @@ ProcListExtensions(ClientPtr client)
for (i=0; i<NumExtensions; i++)
{
/* call callbacks to find out whether to show extension */
- if (!XaceHook(XACE_EXT_ACCESS, client, extensions[i]))
+ if (XaceHook(XACE_EXT_ACCESS, client, extensions[i]) != Success)
continue;
total_length += strlen(extensions[i]->name) + 1;
@@ -370,7 +370,7 @@ ProcListExtensions(ClientPtr client)
for (i=0; i<NumExtensions; i++)
{
int len;
- if (!XaceHook(XACE_EXT_ACCESS, client, extensions[i]))
+ if (XaceHook(XACE_EXT_ACCESS, client, extensions[i]) != Success)
continue;
*bufptr++ = len = strlen(extensions[i]->name);
diff --git a/dix/property.c b/dix/property.c
index 8deb621..09f9e31 100644
--- a/dix/property.c
+++ b/dix/property.c
@@ -144,16 +144,12 @@ ProcRotateProperties(ClientPtr client)
DEALLOCATE_LOCAL(props);
return BadMatch;
}
- switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin, pProp,
- DixReadAccess|DixWriteAccess))
- {
- case XaceErrorOperation:
+ rc = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, pProp,
+ DixReadAccess|DixWriteAccess);
+ if (rc != Success) {
DEALLOCATE_LOCAL(props);
client->errorValue = atoms[i];
- return BadAtom;
- case XaceIgnoreOperation:
- DEALLOCATE_LOCAL(props);
- return Success;
+ return (rc == XaceIgnoreError) ? Success : rc;
}
props[i] = pProp;
}
@@ -246,8 +242,7 @@ dixChangeWindowProperty(ClientPtr pClien
{
PropertyPtr pProp;
xEvent event;
- int sizeInBytes;
- int totalSize;
+ int sizeInBytes, totalSize, rc;
pointer data;
sizeInBytes = format>>3;
@@ -277,32 +272,24 @@ dixChangeWindowProperty(ClientPtr pClien
memmove((char *)data, (char *)value, totalSize);
pProp->size = len;
pProp->devPrivates = NULL;
- switch (XaceHook(XACE_PROPERTY_ACCESS, pClient, pWin, pProp,
- DixCreateAccess))
- {
- case XaceErrorOperation:
+ rc = XaceHook(XACE_PROPERTY_ACCESS, pClient, pWin, pProp,
+ DixCreateAccess);
+ if (rc != Success) {
xfree(data);
xfree(pProp);
pClient->errorValue = property;
- return BadAtom;
- case XaceIgnoreOperation:
- xfree(data);
- xfree(pProp);
- return Success;
+ return (rc == XaceIgnoreError) ? Success : rc;
}
pProp->next = pWin->optional->userProps;
pWin->optional->userProps = pProp;
}
else
{
- switch (XaceHook(XACE_PROPERTY_ACCESS, pClient, pWin, pProp,
- DixWriteAccess))
- {
- case XaceErrorOperation:
+ rc = XaceHook(XACE_PROPERTY_ACCESS, pClient, pWin, pProp,
+ DixWriteAccess);
+ if (rc != Success) {
pClient->errorValue = property;
- return BadAtom;
- case XaceIgnoreOperation:
- return Success;
+ return (rc == XaceIgnoreError) ? Success : rc;
}
/* To append or prepend to a property the request format and type
must match those of the already defined property. The
@@ -471,7 +458,8 @@ int
ProcGetProperty(ClientPtr client)
{
PropertyPtr pProp, prevProp;
- unsigned long n, len, ind, rc;
+ unsigned long n, len, ind;
+ int rc;
WindowPtr pWin;
xGetPropertyReply reply;
Mask access_mode = DixReadAccess;
@@ -517,13 +505,12 @@ ProcGetProperty(ClientPtr client)
if (stuff->delete)
access_mode |= DixDestroyAccess;
- switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin, pProp, access_mode))
- {
- case XaceErrorOperation:
+
+ rc = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, pProp, access_mode);
+ if (rc != Success) {
client->errorValue = stuff->property;
- return BadAtom;;
- case XaceIgnoreOperation:
- return NullPropertyReply(client, pProp->type, pProp->format, &reply);
+ return (rc == XaceIgnoreError) ?
+ NullPropertyReply(client, pProp->type, pProp->format, &reply) : rc;
}
/* If the request type and actual type don't match. Return the
@@ -669,14 +656,11 @@ ProcDeleteProperty(ClientPtr client)
return (BadAtom);
}
- switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin,
- FindProperty(pWin, stuff->property), DixDestroyAccess))
- {
- case XaceErrorOperation:
+ result = XaceHook(XACE_PROPERTY_ACCESS, client, pWin,
+ FindProperty(pWin, stuff->property), DixDestroyAccess);
+ if (result != Success) {
client->errorValue = stuff->property;
- return BadAtom;;
- case XaceIgnoreOperation:
- return Success;
+ return (result == XaceIgnoreError) ? Success : result;
}
result = DeleteProperty(pWin, stuff->property);
diff --git a/dix/resource.c b/dix/resource.c
index e1bb74f..67124c7 100644
--- a/dix/resource.c
+++ b/dix/resource.c
@@ -918,12 +918,16 @@ dixLookupResource(pointer *result, XID i
(!istype && res->type & rtype)))
break;
}
- if (res) {
- if (client && !XaceHook(XACE_RESOURCE_ACCESS, client, id, res->type,
- mode, res->value))
- return BadAccess;
- *result = res->value;
- return Success;
+ if (!res)
+ return BadValue;
+
+ if (client) {
+ cid = XaceHook(XACE_RESOURCE_ACCESS, client, id, res->type,
+ mode, res->value);
+ if (cid != Success)
+ return cid;
}
- return BadValue;
+
+ *result = res->value;
+ return Success;
}
diff --git a/dix/window.c b/dix/window.c
index b505947..95b7b16 100644
--- a/dix/window.c
+++ b/dix/window.c
@@ -732,17 +732,16 @@ CreateWindow(Window wid, WindowPtr pPare
/* security creation/labeling check
*/
- if (!XaceHook(XACE_RESOURCE_ACCESS, client,
- wid, RT_WINDOW, DixCreateAccess, pWin))
- {
+ *error = XaceHook(XACE_RESOURCE_ACCESS, client, wid, RT_WINDOW,
+ DixCreateAccess, pWin);
+ if (*error != Success) {
xfree(pWin);
- *error = BadAccess;
return NullWindow;
}
/* can't let untrusted clients have background None windows;
* they make it too easy to steal window contents
*/
- if (XaceHook(XACE_BACKGRND_ACCESS, client, pWin))
+ if (XaceHook(XACE_BACKGRND_ACCESS, client, pWin) == Success)
pWin->backgroundState = None;
else {
pWin->backgroundState = BackgroundPixel;
@@ -1052,7 +1051,7 @@ ChangeWindowAttributes(WindowPtr pWin, M
if (pixID == None)
{
/* can't let untrusted clients have background None windows */
- if (XaceHook(XACE_BACKGRND_ACCESS, client, pWin)) {
+ if (XaceHook(XACE_BACKGRND_ACCESS, client, pWin) == Success) {
if (pWin->backgroundState == BackgroundPixmap)
(*pScreen->DestroyPixmap)(pWin->background.pixmap);
if (!pWin->parent)
@@ -2773,7 +2772,7 @@ MapWindow(WindowPtr pWin, ClientPtr clie
return(Success);
/* general check for permission to map window */
- if (!XaceHook(XACE_MAP_ACCESS, client, pWin))
+ if (XaceHook(XACE_MAP_ACCESS, client, pWin) != Success)
return Success;
pScreen = pWin->drawable.pScreen;
diff --git a/os/access.c b/os/access.c
index 221b8cb..d9fcd44 100644
--- a/os/access.c
+++ b/os/access.c
@@ -1528,7 +1528,7 @@ AuthorizedClient(ClientPtr client)
return TRUE;
/* untrusted clients can't change host access */
- if (!XaceHook(XACE_HOSTLIST_ACCESS, client, DixWriteAccess))
+ if (XaceHook(XACE_HOSTLIST_ACCESS, client, DixWriteAccess) != Success)
return FALSE;
return LocalClient(client);
diff-tree 47bd311e3dcc501cbb202ce79a55ac32e9db50f2 (from 1f06d32ef58749d0f0c062193d237ee98f60e90f)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Tue Apr 17 13:46:55 2007 -0400
security: remove debugging code.
diff --git a/Xext/security.c b/Xext/security.c
index ad04045..12e79f9 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -1281,9 +1281,6 @@ static char *SecurityKeywords[] = {
#define NUMKEYWORDS (sizeof(SecurityKeywords) / sizeof(char *))
-#undef PROPDEBUG
-/*#define PROPDEBUG 1*/
-
static void
SecurityFreePropertyAccessList(void)
{
@@ -1638,32 +1635,6 @@ SecurityLoadPropertyAccessList(void)
lineNumber, SecurityPolicyFile);
} /* end while more input */
-#ifdef PROPDEBUG
- {
- PropertyAccessPtr pacl;
- char *op = "aie";
- for (pacl = PropertyAccessList; pacl; pacl = pacl->next)
- {
- ErrorF("property %s ", NameForAtom(pacl->name));
- switch (pacl->windowRestriction)
- {
- case SecurityAnyWindow: ErrorF("any "); break;
- case SecurityRootWindow: ErrorF("root "); break;
- case SecurityWindowWithProperty:
- {
- ErrorF("%s ", NameForAtom(pacl->mustHaveProperty));
- if (pacl->mustHaveValue)
- ErrorF(" = \"%s\" ", pacl->mustHaveValue);
-
- }
- break;
- }
- ErrorF("%cr %cw %cd\n", op[pacl->readAction],
- op[pacl->writeAction], op[pacl->destroyAction]);
- }
- }
-#endif /* PROPDEBUG */
-
fclose(f);
} /* SecurityLoadPropertyAccessList */
@@ -1696,11 +1667,6 @@ SecurityMatchString(
&& (*cs == '\0') );
} /* SecurityMatchString */
-#ifdef PROPDEBUG
-#include <sys/types.h>
-#include <sys/stat.h>
-#endif
-
static void
SecurityCheckPropertyAccess(CallbackListPtr *pcbl, pointer unused,
@@ -1720,25 +1686,6 @@ SecurityCheckPropertyAccess(CallbackList
(TRUSTLEVEL(wClient(pWin)) != XSecurityClientTrusted) )
return;
-#ifdef PROPDEBUG
- /* For testing, it's more convenient if the property rules file gets
- * reloaded whenever it changes, so we can rapidly try things without
- * having to reset the server.
- */
- {
- struct stat buf;
- static time_t lastmod = 0;
- int ret = stat(SecurityPolicyFile , &buf);
- if ( (ret == 0) && (buf.st_mtime > lastmod) )
- {
- ErrorF("reloading property rules\n");
- SecurityFreePropertyAccessList();
- SecurityLoadPropertyAccessList();
- lastmod = buf.st_mtime;
- }
- }
-#endif
-
/* If the property atom is bigger than any atoms on the list,
* we know we won't find it, so don't even bother looking.
*/
More information about the xorg-commit
mailing list