xserver: Branch 'XACE-SELINUX' - 6 commits

Mon Nov 5 14:21:31 PST 2007

Xext/xselinux.c |  226 ++++++++++++++++++++++++++++++++++++++++++++++++++++----
 Xext/xselinux.h |  121 ++++++++++++++++++++++++++++-
 dix/events.c    |   10 ++
 dix/registry.c  |    2 
 4 files changed, 337 insertions(+), 22 deletions(-)

New commits:
commit c7e18beb3c87eb1ada9b21c4ffacd11c1939c087
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Mon Nov 5 15:01:13 2007 -0500

    xselinux: Register SELinux extension protocol names.

diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index 946e5b9..f6d1dcd 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -1395,4 +1395,28 @@ XSELinuxExtensionInit(INITARGS)
 
     /* Label objects that were created before we could register ourself */
     SELinuxLabelInitial();
+
+    /* Add names to registry */
+    RegisterRequestName(X_SELinuxQueryVersion, 0,
+			XSELINUX_EXTENSION_NAME ":SELinuxQueryVersion");
+    RegisterRequestName(X_SELinuxSetSelectionManager, 0,
+			XSELINUX_EXTENSION_NAME ":SELinuxSetSelectionManager");
+    RegisterRequestName(X_SELinuxGetSelectionManager, 0,
+			XSELINUX_EXTENSION_NAME ":SELinuxGetSelectionManager");
+    RegisterRequestName(X_SELinuxSetDeviceContext, 0,
+			XSELINUX_EXTENSION_NAME ":SELinuxSetDeviceContext");
+    RegisterRequestName(X_SELinuxGetDeviceContext, 0,
+			XSELINUX_EXTENSION_NAME ":SELinuxGetDeviceContext");
+    RegisterRequestName(X_SELinuxSetPropertyCreateContext, 0,
+			XSELINUX_EXTENSION_NAME ":SELinuxSetPropertyCreateContext");
+    RegisterRequestName(X_SELinuxGetPropertyCreateContext, 0,
+			XSELINUX_EXTENSION_NAME ":SELinuxGetPropertyCreateContext");
+    RegisterRequestName(X_SELinuxGetPropertyContext, 0,
+			XSELINUX_EXTENSION_NAME ":SELinuxGetPropertyContext");
+    RegisterRequestName(X_SELinuxSetWindowCreateContext, 0,
+			XSELINUX_EXTENSION_NAME ":SELinuxSetWindowCreateContext");
+    RegisterRequestName(X_SELinuxGetWindowCreateContext, 0,
+			XSELINUX_EXTENSION_NAME ":SELinuxGetWindowCreateContext");
+    RegisterRequestName(X_SELinuxGetWindowContext, 0,
+			XSELINUX_EXTENSION_NAME ":SELinuxGetWindowContext");
 }
commit 3b7af72fe315c7c26c89838c0c5dacbe58765d0f
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Fri Oct 26 20:32:10 2007 -0400

    xselinux: Add a SetDeviceContext request and stubs for more requests.

diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index bacbe6e..946e5b9 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -985,10 +985,6 @@ static int
 ProcSELinuxQueryVersion(ClientPtr client)
 {
     SELinuxQueryVersionReply rep;
-    /*
-      REQUEST(SELinuxQueryVersionReq);
-      REQUEST_SIZE_MATCH (SELinuxQueryVersionReq);
-    */
 
     rep.type = X_Reply;
     rep.length = 0;
@@ -1009,10 +1005,10 @@ ProcSELinuxQueryVersion(ClientPtr client)
 static int
 ProcSELinuxSetSelectionManager(ClientPtr client)
 {
-    REQUEST(SELinuxSetSelectionManagerReq);
     WindowPtr pWin;
     int rc;
 
+    REQUEST(SELinuxSetSelectionManagerReq);
     REQUEST_SIZE_MATCH(SELinuxSetSelectionManagerReq);
 
     if (stuff->window == None) {
@@ -1032,6 +1028,98 @@ ProcSELinuxSetSelectionManager(ClientPtr client)
 }
 
 static int
+ProcSELinuxGetSelectionManager(ClientPtr client)
+{
+    SELinuxGetSelectionManagerReply rep;
+
+    rep.type = X_Reply;
+    rep.length = 0;
+    rep.sequenceNumber = client->sequence;
+    rep.window = selectionWindow;
+    if (client->swapped) {
+	int n;
+	swaps(&rep.sequenceNumber, n);
+	swapl(&rep.length, n);
+	swapl(&rep.window, n);
+    }
+    WriteToClient(client, sizeof(rep), (char *)&rep);
+    return (client->noClientException);
+}
+
+static int
+ProcSELinuxSetDeviceContext(ClientPtr client)
+{
+    char *ctx;
+    security_id_t sid;
+    DeviceIntPtr dev;
+    SELinuxStateRec *state;
+    int rc;
+
+    REQUEST(SELinuxSetContextReq);
+    REQUEST_FIXED_SIZE(SELinuxSetContextReq, stuff->context_len);
+
+    ctx = (char *)(stuff + 1);
+    if (ctx[stuff->context_len - 1])
+	return BadLength;
+
+    rc = dixLookupDevice(&dev, stuff->id, client, DixManageAccess);
+    if (rc != Success)
+	return rc;
+
+    rc = avc_context_to_sid(ctx, &sid);
+    if (rc != Success)
+	return BadValue;
+
+    state = dixLookupPrivate(&dev->devPrivates, stateKey);
+    sidput(state->sid);
+    state->sid = sid;
+    ErrorF("I really, actually did relabel a device to %s\n", ctx);
+    return Success;
+}
+
+static int
+ProcSELinuxGetDeviceContext(ClientPtr client)
+{
+    return Success;
+}
+
+static int
+ProcSELinuxSetPropertyCreateContext(ClientPtr client)
+{
+    return Success;
+}
+
+static int
+ProcSELinuxGetPropertyCreateContext(ClientPtr client)
+{
+    return Success;
+}
+
+static int
+ProcSELinuxGetPropertyContext(ClientPtr client)
+{
+    return Success;
+}
+
+static int
+ProcSELinuxSetWindowCreateContext(ClientPtr client)
+{
+    return Success;
+}
+
+static int
+ProcSELinuxGetWindowCreateContext(ClientPtr client)
+{
+    return Success;
+}
+
+static int
+ProcSELinuxGetWindowContext(ClientPtr client)
+{
+    return Success;
+}
+
+static int
 ProcSELinuxDispatch(ClientPtr client)
 {
     REQUEST(xReq);
@@ -1040,6 +1128,24 @@ ProcSELinuxDispatch(ClientPtr client)
         return ProcSELinuxQueryVersion(client);
     case X_SELinuxSetSelectionManager:
 	return ProcSELinuxSetSelectionManager(client);
+    case X_SELinuxGetSelectionManager:
+    	return ProcSELinuxGetSelectionManager(client);
+    case X_SELinuxSetDeviceContext:
+    	return ProcSELinuxSetDeviceContext(client);
+    case X_SELinuxGetDeviceContext:
+    	return ProcSELinuxGetDeviceContext(client);
+    case X_SELinuxSetPropertyCreateContext:
+    	return ProcSELinuxSetPropertyCreateContext(client);
+    case X_SELinuxGetPropertyCreateContext:
+    	return ProcSELinuxGetPropertyCreateContext(client);
+    case X_SELinuxGetPropertyContext:
+    	return ProcSELinuxGetPropertyContext(client);
+    case X_SELinuxSetWindowCreateContext:
+    	return ProcSELinuxSetWindowCreateContext(client);
+    case X_SELinuxGetWindowCreateContext:
+    	return ProcSELinuxGetWindowCreateContext(client);
+    case X_SELinuxGetWindowContext:
+    	return ProcSELinuxGetWindowContext(client);
     default:
 	return BadRequest;
     }
@@ -1069,6 +1175,60 @@ SProcSELinuxSetSelectionManager(ClientPtr client)
 }
 
 static int
+SProcSELinuxGetSelectionManager(ClientPtr client)
+{
+    return ProcSELinuxGetSelectionManager(client);
+}
+
+static int
+SProcSELinuxSetDeviceContext(ClientPtr client)
+{
+    return ProcSELinuxSetDeviceContext(client);
+}
+
+static int
+SProcSELinuxGetDeviceContext(ClientPtr client)
+{
+    return ProcSELinuxGetDeviceContext(client);
+}
+
+static int
+SProcSELinuxSetPropertyCreateContext(ClientPtr client)
+{
+    return ProcSELinuxSetPropertyCreateContext(client);
+}
+
+static int
+SProcSELinuxGetPropertyCreateContext(ClientPtr client)
+{
+    return ProcSELinuxGetPropertyCreateContext(client);
+}
+
+static int
+SProcSELinuxGetPropertyContext(ClientPtr client)
+{
+    return ProcSELinuxGetPropertyContext(client);
+}
+
+static int
+SProcSELinuxSetWindowCreateContext(ClientPtr client)
+{
+    return ProcSELinuxSetWindowCreateContext(client);
+}
+
+static int
+SProcSELinuxGetWindowCreateContext(ClientPtr client)
+{
+    return ProcSELinuxGetWindowCreateContext(client);
+}
+
+static int
+SProcSELinuxGetWindowContext(ClientPtr client)
+{
+    return ProcSELinuxGetWindowContext(client);
+}
+
+static int
 SProcSELinuxDispatch(ClientPtr client)
 {
     REQUEST(xReq);
@@ -1080,7 +1240,25 @@ SProcSELinuxDispatch(ClientPtr client)
     case X_SELinuxQueryVersion:
         return SProcSELinuxQueryVersion(client);
     case X_SELinuxSetSelectionManager:
-        return SProcSELinuxSetSelectionManager(client);
+	return SProcSELinuxSetSelectionManager(client);
+    case X_SELinuxGetSelectionManager:
+    	return SProcSELinuxGetSelectionManager(client);
+    case X_SELinuxSetDeviceContext:
+    	return SProcSELinuxSetDeviceContext(client);
+    case X_SELinuxGetDeviceContext:
+    	return SProcSELinuxGetDeviceContext(client);
+    case X_SELinuxSetPropertyCreateContext:
+    	return SProcSELinuxSetPropertyCreateContext(client);
+    case X_SELinuxGetPropertyCreateContext:
+    	return SProcSELinuxGetPropertyCreateContext(client);
+    case X_SELinuxGetPropertyContext:
+    	return SProcSELinuxGetPropertyContext(client);
+    case X_SELinuxSetWindowCreateContext:
+    	return SProcSELinuxSetWindowCreateContext(client);
+    case X_SELinuxGetWindowCreateContext:
+    	return SProcSELinuxGetWindowCreateContext(client);
+    case X_SELinuxGetWindowContext:
+    	return SProcSELinuxGetWindowContext(client);
     default:
 	return BadRequest;
     }
diff --git a/Xext/xselinux.h b/Xext/xselinux.h
index 691154d..50838d7 100644
--- a/Xext/xselinux.h
+++ b/Xext/xselinux.h
@@ -30,10 +30,19 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #define XSELinuxNumberErrors		0
 
 /* Extension protocol */
-#define X_SELinuxQueryVersion		0
-#define X_SELinuxSetSelectionManager	1
+#define X_SELinuxQueryVersion			0
+#define X_SELinuxSetSelectionManager		1
+#define X_SELinuxGetSelectionManager		2
+#define X_SELinuxSetDeviceContext		3
+#define X_SELinuxGetDeviceContext		4
+#define X_SELinuxSetPropertyCreateContext	5
+#define X_SELinuxGetPropertyCreateContext	6
+#define X_SELinuxGetPropertyContext		7
+#define X_SELinuxSetWindowCreateContext		8
+#define X_SELinuxGetWindowCreateContext		9
+#define X_SELinuxGetWindowContext		10
 
-typedef struct _SELinuxQueryVersion {
+typedef struct {
     CARD8   reqType;
     CARD8   SELinuxReqType;
     CARD16  length;
@@ -41,7 +50,6 @@ typedef struct _SELinuxQueryVersion {
     CARD8   client_minor;
     CARD16  unused;
 } SELinuxQueryVersionReq;
-#define sz_SELinuxQueryVersionReq 8
 
 typedef struct {
     CARD8   type;
@@ -56,15 +64,114 @@ typedef struct {
     CARD32  pad5;
     CARD32  pad6; 
 } SELinuxQueryVersionReply;
-#define sz_SELinuxQueryVersionReply  32
 
-typedef struct _SELinuxSetSelectionManager {
+typedef struct {
     CARD8   reqType;
     CARD8   SELinuxReqType;
     CARD16  length;
     CARD32  window;
 } SELinuxSetSelectionManagerReq;
-#define sz_SELinuxSetSelectionManagerReq 8
+
+typedef struct {
+    CARD8   reqType;
+    CARD8   SELinuxReqType;
+    CARD16  length;
+} SELinuxGetSelectionManagerReq;
+
+typedef struct {
+    CARD8   type;
+    CARD8   pad1;
+    CARD16  sequenceNumber;
+    CARD32  length;
+    CARD32  window;
+    CARD32  pad2;
+    CARD32  pad3;
+    CARD32  pad4;
+    CARD32  pad5;
+    CARD32  pad6;
+} SELinuxGetSelectionManagerReply;
+
+typedef struct {
+    CARD8   reqType;
+    CARD8   SELinuxReqType;
+    CARD16  length;
+    CARD8   permanent;
+    CARD8   unused;
+    CARD16  context_len;
+} SELinuxSetCreateContextReq;
+
+typedef struct {
+    CARD8   reqType;
+    CARD8   SELinuxReqType;
+    CARD16  length;
+} SELinuxGetCreateContextReq;
+
+typedef struct {
+    CARD8   type;
+    CARD8   permanent;
+    CARD16  sequenceNumber;
+    CARD32  length;
+    CARD16  context_len;
+    CARD16  pad1;
+    CARD32  pad2;
+    CARD32  pad3;
+    CARD32  pad4;
+    CARD32  pad5;
+    CARD32  pad6;
+} SELinuxGetCreateContextReply;
+
+typedef struct {
+    CARD8   reqType;
+    CARD8   SELinuxReqType;
+    CARD16  length;
+    CARD32  id;
+    CARD16  unused;
+    CARD16  context_len;
+} SELinuxSetContextReq;
+
+typedef struct {
+    CARD8   reqType;
+    CARD8   SELinuxReqType;
+    CARD16  length;
+    CARD32  id;
+} SELinuxGetContextReq;
+
+typedef struct {
+    CARD8   type;
+    CARD8   pad1;
+    CARD16  sequenceNumber;
+    CARD32  length;
+    CARD16  context_len;
+    CARD16  pad2;
+    CARD32  pad3;
+    CARD32  pad4;
+    CARD32  pad5;
+    CARD32  pad6;
+    CARD32  pad7;
+} SELinuxGetContextReply;
+
+typedef struct {
+    CARD8   reqType;
+    CARD8   SELinuxReqType;
+    CARD16  length;
+    CARD32  window;
+    CARD32  property;
+} SELinuxGetPropertyContextReq;
+
+typedef struct {
+    CARD8   type;
+    CARD8   pad1;
+    CARD16  sequenceNumber;
+    CARD32  length;
+    CARD16  context_len;
+    CARD16  pad2;
+    CARD32  pad3;
+    CARD32  pad4;
+    CARD32  pad5;
+    CARD32  pad6;
+    CARD32  pad7;
+} SELinuxGetPropertyContextReply;
+
 
 /* Private Flask definitions */
 #define SECCLASS_X_DRAWABLE		1
commit 5f9095f0d29bac0190d82c87a09cf32d6a34c17c
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Thu Oct 25 19:02:03 2007 -0400

    registry: Remove synthetic bit from event types in lookup function.

diff --git a/dix/registry.c b/dix/registry.c
index 48e1b5d..1cf7fa5 100644
--- a/dix/registry.c
+++ b/dix/registry.c
@@ -134,6 +134,7 @@ LookupRequestName(int major, int minor)
 const char *
 LookupEventName(int event)
 {
+    event &= 127;
     if (event >= nevent)
 	return XREGISTRY_UNKNOWN;
 
@@ -153,7 +154,6 @@ const char *
 LookupResourceName(RESTYPE resource)
 {
     resource &= TypeMask;
-
     if (resource >= nresource)
 	return XREGISTRY_UNKNOWN;
 
commit 8c6923018c7d71cd15d9cf4ef9e8528ef5ec7c2e
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Thu Oct 25 19:01:29 2007 -0400

    xace: Add a "manage" access check when setting the Redirect event bits.

diff --git a/dix/events.c b/dix/events.c
index 24de947..e13e290 100644
--- a/dix/events.c
+++ b/dix/events.c
@@ -3330,6 +3330,8 @@ ProcessPointerEvent (xEvent *xE, DeviceIntPtr mouse, int count)
 
 #define AtMostOneClient \
 	(SubstructureRedirectMask | ResizeRedirectMask | ButtonPressMask)
+#define ManagerMask \
+	(SubstructureRedirectMask | ResizeRedirectMask)
 
 /**
  * Recalculate which events may be deliverable for the given window.
@@ -3418,12 +3420,20 @@ EventSelectForWindow(WindowPtr pWin, ClientPtr client, Mask mask)
 {
     Mask check;
     OtherClients * others;
+    int rc;
 
     if (mask & ~AllEventMasks)
     {
 	client->errorValue = mask;
 	return BadValue;
     }
+    check = (mask & ManagerMask);
+    if (check) {
+	rc = XaceHook(XACE_RESOURCE_ACCESS, client, pWin->drawable.id,
+		      RT_WINDOW, pWin, RT_NONE, NULL, DixManageAccess);
+	if (rc != Success)
+	    return rc;
+    }
     check = (mask & AtMostOneClient);
     if (check & (pWin->eventMask|wOtherEventMasks(pWin)))
     {				       /* It is illegal for two different
commit 7d14ca59c5b942c09feaa2429c394cde9d8d3fd1
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Thu Oct 25 19:00:50 2007 -0400

    xselinux: Don't include the client in the receive hook audit messages.

diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index b780170..bacbe6e 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -545,7 +545,7 @@ SELinuxReceive(CallbackListPtr *pcbl, pointer unused, pointer calldata)
 {
     XaceReceiveAccessRec *rec = calldata;
     SELinuxStateRec *subj, *obj;
-    SELinuxAuditRec auditdata = { .client = rec->client };
+    SELinuxAuditRec auditdata = { .client = NULL };
     int rc, i;
 
     subj = dixLookupPrivate(&rec->client->devPrivates, stateKey);
commit 40de9fcf18930811dd5ae355c83275af887a9f83
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Thu Oct 25 12:35:01 2007 -0400

    xselinux: Label the default device directly with the process context.

diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index cb62cb9..b780170 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -486,13 +486,9 @@ SELinuxDevice(CallbackListPtr *pcbl, pointer unused, pointer calldata)
     if (rec->access_mode & DixCreateAccess) {
 	sidput(obj->sid);
 
-	/* Perform a transition to obtain the final SID */
-	if (avc_compute_create(subj->sid, subj->sid, SECCLASS_X_DEVICE,
-			       &obj->sid) < 0) {
-	    ErrorF("XSELinux: a compute_create call failed!\n");
-	    rec->status = BadValue;
-	    return;
-	}
+	/* Label the device directly with the process SID */
+	sidget(subj->sid);
+	obj->sid = subj->sid;
     }
 
     rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_DEVICE,
