xserver: Branch 'master' - 3 commits
Eamon Walsh
ewalsh at kemper.freedesktop.org
Thu Jan 24 17:05:24 PST 2008
Xext/xselinux.c | 239 ++++++++++++++++++++++++++++++++++++++++----------------
Xext/xselinux.h | 10 +-
2 files changed, 178 insertions(+), 71 deletions(-)
New commits:
commit 46794d0c9665f07913980830d038c88d00407612
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Thu Jan 24 19:49:13 2008 -0500
xselinux: Rename SelectionManager to more generic SecurityManager.
diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index 53ea6c1..a6e27e6 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -72,8 +72,8 @@ typedef struct {
security_id_t sid;
} SELinuxSelectionRec;
-static ClientPtr selectionManager;
-static Window selectionWindow;
+static ClientPtr securityManager;
+static Window securityWindow;
/* audit file descriptor */
static int audit_fd;
@@ -849,9 +849,9 @@ SELinuxClientState(CallbackListPtr *pcbl, pointer unused, pointer calldata)
case ClientStateRetained:
case ClientStateGone:
- if (pci->client == selectionManager) {
- selectionManager = NULL;
- selectionWindow = 0;
+ if (pci->client == securityManager) {
+ securityManager = NULL;
+ securityWindow = 0;
}
break;
@@ -935,9 +935,9 @@ SELinuxSelectionState(CallbackListPtr *pcbl, pointer unused, pointer calldata)
case SelectionConvertSelection:
/* redirect the convert request if necessary */
- if (selectionManager && selectionManager != rec->client) {
- rec->selection->client = selectionManager;
- rec->selection->window = selectionWindow;
+ if (securityManager && securityManager != rec->client) {
+ rec->selection->client = securityManager;
+ rec->selection->window = securityWindow;
} else {
rec->selection->client = rec->selection->alt_client;
rec->selection->window = rec->selection->alt_window;
@@ -1004,39 +1004,39 @@ ProcSELinuxQueryVersion(ClientPtr client)
}
static int
-ProcSELinuxSetSelectionManager(ClientPtr client)
+ProcSELinuxSetSecurityManager(ClientPtr client)
{
WindowPtr pWin;
int rc;
- REQUEST(SELinuxSetSelectionManagerReq);
- REQUEST_SIZE_MATCH(SELinuxSetSelectionManagerReq);
+ REQUEST(SELinuxSetSecurityManagerReq);
+ REQUEST_SIZE_MATCH(SELinuxSetSecurityManagerReq);
if (stuff->window == None) {
- selectionManager = NULL;
- selectionWindow = None;
+ securityManager = NULL;
+ securityWindow = None;
} else {
rc = dixLookupResource((pointer *)&pWin, stuff->window, RT_WINDOW,
client, DixGetAttrAccess);
if (rc != Success)
return rc;
- selectionManager = client;
- selectionWindow = stuff->window;
+ securityManager = client;
+ securityWindow = stuff->window;
}
return Success;
}
static int
-ProcSELinuxGetSelectionManager(ClientPtr client)
+ProcSELinuxGetSecurityManager(ClientPtr client)
{
- SELinuxGetSelectionManagerReply rep;
+ SELinuxGetSecurityManagerReply rep;
rep.type = X_Reply;
rep.length = 0;
rep.sequenceNumber = client->sequence;
- rep.window = selectionWindow;
+ rep.window = securityWindow;
if (client->swapped) {
int n;
swaps(&rep.sequenceNumber, n);
@@ -1251,10 +1251,10 @@ ProcSELinuxDispatch(ClientPtr client)
switch (stuff->data) {
case X_SELinuxQueryVersion:
return ProcSELinuxQueryVersion(client);
- case X_SELinuxSetSelectionManager:
- return ProcSELinuxSetSelectionManager(client);
- case X_SELinuxGetSelectionManager:
- return ProcSELinuxGetSelectionManager(client);
+ case X_SELinuxSetSecurityManager:
+ return ProcSELinuxSetSecurityManager(client);
+ case X_SELinuxGetSecurityManager:
+ return ProcSELinuxGetSecurityManager(client);
case X_SELinuxSetDeviceCreateContext:
return ProcSELinuxSetDeviceCreateContext(client);
case X_SELinuxGetDeviceCreateContext:
@@ -1293,14 +1293,14 @@ SProcSELinuxQueryVersion(ClientPtr client)
}
static int
-SProcSELinuxSetSelectionManager(ClientPtr client)
+SProcSELinuxSetSecurityManager(ClientPtr client)
{
- REQUEST(SELinuxSetSelectionManagerReq);
+ REQUEST(SELinuxSetSecurityManagerReq);
int n;
- REQUEST_SIZE_MATCH(SELinuxSetSelectionManagerReq);
+ REQUEST_SIZE_MATCH(SELinuxSetSecurityManagerReq);
swapl(&stuff->window, n);
- return ProcSELinuxSetSelectionManager(client);
+ return ProcSELinuxSetSecurityManager(client);
}
static int
@@ -1393,10 +1393,10 @@ SProcSELinuxDispatch(ClientPtr client)
switch (stuff->data) {
case X_SELinuxQueryVersion:
return SProcSELinuxQueryVersion(client);
- case X_SELinuxSetSelectionManager:
- return SProcSELinuxSetSelectionManager(client);
- case X_SELinuxGetSelectionManager:
- return ProcSELinuxGetSelectionManager(client);
+ case X_SELinuxSetSecurityManager:
+ return SProcSELinuxSetSecurityManager(client);
+ case X_SELinuxGetSecurityManager:
+ return ProcSELinuxGetSecurityManager(client);
case X_SELinuxSetDeviceCreateContext:
return SProcSELinuxSetDeviceCreateContext(client);
case X_SELinuxGetDeviceCreateContext:
diff --git a/Xext/xselinux.h b/Xext/xselinux.h
index ba1380b..7eeea50 100644
--- a/Xext/xselinux.h
+++ b/Xext/xselinux.h
@@ -31,8 +31,8 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
/* Extension protocol */
#define X_SELinuxQueryVersion 0
-#define X_SELinuxSetSelectionManager 1
-#define X_SELinuxGetSelectionManager 2
+#define X_SELinuxSetSecurityManager 1
+#define X_SELinuxGetSecurityManager 2
#define X_SELinuxSetDeviceCreateContext 3
#define X_SELinuxGetDeviceCreateContext 4
#define X_SELinuxSetDeviceContext 5
@@ -72,13 +72,13 @@ typedef struct {
CARD8 SELinuxReqType;
CARD16 length;
CARD32 window;
-} SELinuxSetSelectionManagerReq;
+} SELinuxSetSecurityManagerReq;
typedef struct {
CARD8 reqType;
CARD8 SELinuxReqType;
CARD16 length;
-} SELinuxGetSelectionManagerReq;
+} SELinuxGetSecurityManagerReq;
typedef struct {
CARD8 type;
@@ -91,7 +91,7 @@ typedef struct {
CARD32 pad4;
CARD32 pad5;
CARD32 pad6;
-} SELinuxGetSelectionManagerReply;
+} SELinuxGetSecurityManagerReply;
typedef struct {
CARD8 reqType;
commit 6ffeecabb7f3f3173864e0f0af21a99bdc5b5044
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Thu Jan 24 18:11:49 2008 -0500
xselinux: Use a privileged bit in the state instead of passing an index
to the permission checking function.
diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index 1432916..53ea6c1 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -63,6 +63,7 @@ typedef struct {
security_id_t sid;
struct avc_entry_ref aeref;
char *command;
+ int privileged;
} SELinuxStateRec;
/* selection manager */
@@ -287,11 +288,11 @@ SELinuxTypeToClass(RESTYPE type)
* Performs an SELinux permission check.
*/
static int
-SELinuxDoCheck(int clientIndex, SELinuxStateRec *subj, SELinuxStateRec *obj,
+SELinuxDoCheck(SELinuxStateRec *subj, SELinuxStateRec *obj,
security_class_t class, Mask mode, SELinuxAuditRec *auditdata)
{
/* serverClient requests OK */
- if (clientIndex == 0)
+ if (subj->privileged)
return Success;
auditdata->command = subj->command;
@@ -383,6 +384,7 @@ SELinuxLabelInitial(void)
/* Do the serverClient */
state = dixLookupPrivate(&serverClient->devPrivates, stateKey);
+ state->privileged = 1;
sidput(state->sid);
/* Use the context of the X server process for the serverClient */
@@ -496,8 +498,8 @@ SELinuxDevice(CallbackListPtr *pcbl, pointer unused, pointer calldata)
obj->sid = subj->sid;
}
- rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_DEVICE,
- rec->access_mode, &auditdata);
+ rc = SELinuxDoCheck(subj, obj, SECCLASS_X_DEVICE, rec->access_mode,
+ &auditdata);
if (rc != Success)
rec->status = rc;
}
@@ -509,21 +511,18 @@ SELinuxSend(CallbackListPtr *pcbl, pointer unused, pointer calldata)
SELinuxStateRec *subj, *obj, ev_sid;
SELinuxAuditRec auditdata = { .client = rec->client };
security_class_t class;
- int rc, i, type, clientIndex;
+ int rc, i, type;
- if (rec->dev) {
+ if (rec->dev)
subj = dixLookupPrivate(&rec->dev->devPrivates, stateKey);
- clientIndex = -1; /* some nonzero value */
- } else {
+ else
subj = dixLookupPrivate(&rec->client->devPrivates, stateKey);
- clientIndex = rec->client->index;
- }
obj = dixLookupPrivate(&rec->pWin->devPrivates, stateKey);
/* Check send permission on window */
- rc = SELinuxDoCheck(clientIndex, subj, obj, SECCLASS_X_DRAWABLE,
- DixSendAccess, &auditdata);
+ rc = SELinuxDoCheck(subj, obj, SECCLASS_X_DRAWABLE, DixSendAccess,
+ &auditdata);
if (rc != Success)
goto err;
@@ -537,8 +536,7 @@ SELinuxSend(CallbackListPtr *pcbl, pointer unused, pointer calldata)
goto err;
auditdata.event = type;
- rc = SELinuxDoCheck(clientIndex, subj, &ev_sid, class,
- DixSendAccess, &auditdata);
+ rc = SELinuxDoCheck(subj, &ev_sid, class, DixSendAccess, &auditdata);
if (rc != Success)
goto err;
}
@@ -560,8 +558,8 @@ SELinuxReceive(CallbackListPtr *pcbl, pointer unused, pointer calldata)
obj = dixLookupPrivate(&rec->pWin->devPrivates, stateKey);
/* Check receive permission on window */
- rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_DRAWABLE,
- DixReceiveAccess, &auditdata);
+ rc = SELinuxDoCheck(subj, obj, SECCLASS_X_DRAWABLE, DixReceiveAccess,
+ &auditdata);
if (rc != Success)
goto err;
@@ -575,8 +573,7 @@ SELinuxReceive(CallbackListPtr *pcbl, pointer unused, pointer calldata)
goto err;
auditdata.event = type;
- rc = SELinuxDoCheck(rec->client->index, subj, &ev_sid, class,
- DixReceiveAccess, &auditdata);
+ rc = SELinuxDoCheck(subj, &ev_sid, class, DixReceiveAccess, &auditdata);
if (rc != Success)
goto err;
}
@@ -633,8 +630,8 @@ SELinuxExtension(CallbackListPtr *pcbl, pointer unused, pointer calldata)
/* Perform the security check */
auditdata.extension = rec->ext->name;
- rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_EXTENSION,
- rec->access_mode, &auditdata);
+ rc = SELinuxDoCheck(subj, obj, SECCLASS_X_EXTENSION, rec->access_mode,
+ &auditdata);
if (rc != Success)
rec->status = rc;
}
@@ -680,13 +677,12 @@ SELinuxProperty(CallbackListPtr *pcbl, pointer unused, pointer calldata)
return;
}
freecon(con);
- avc_entry_ref_init(&obj->aeref);
}
/* Perform the security check */
auditdata.property = rec->pProp->propertyName;
- rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_PROPERTY,
- rec->access_mode, &auditdata);
+ rc = SELinuxDoCheck(subj, obj, SECCLASS_X_PROPERTY, rec->access_mode,
+ &auditdata);
if (rc != Success)
rec->status = rc;
}
@@ -741,8 +737,7 @@ SELinuxResource(CallbackListPtr *pcbl, pointer unused, pointer calldata)
/* Perform the security check */
auditdata.restype = rec->rtype;
auditdata.id = rec->id;
- rc = SELinuxDoCheck(rec->client->index, subj, obj, class,
- rec->access_mode, &auditdata);
+ rc = SELinuxDoCheck(subj, obj, class, rec->access_mode, &auditdata);
if (rc != Success)
rec->status = rc;
}
@@ -775,8 +770,7 @@ SELinuxScreen(CallbackListPtr *pcbl, pointer is_saver, pointer calldata)
if (is_saver)
access_mode <<= 2;
- rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_SCREEN,
- access_mode, &auditdata);
+ rc = SELinuxDoCheck(subj, obj, SECCLASS_X_SCREEN, access_mode, &auditdata);
if (rc != Success)
rec->status = rc;
}
@@ -792,8 +786,8 @@ SELinuxClient(CallbackListPtr *pcbl, pointer unused, pointer calldata)
subj = dixLookupPrivate(&rec->client->devPrivates, stateKey);
obj = dixLookupPrivate(&rec->target->devPrivates, stateKey);
- rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_CLIENT,
- rec->access_mode, &auditdata);
+ rc = SELinuxDoCheck(subj, obj, SECCLASS_X_CLIENT, rec->access_mode,
+ &auditdata);
if (rc != Success)
rec->status = rc;
}
@@ -809,8 +803,8 @@ SELinuxServer(CallbackListPtr *pcbl, pointer unused, pointer calldata)
subj = dixLookupPrivate(&rec->client->devPrivates, stateKey);
obj = dixLookupPrivate(&serverClient->devPrivates, stateKey);
- rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_SERVER,
- rec->access_mode, &auditdata);
+ rc = SELinuxDoCheck(subj, obj, SECCLASS_X_SERVER, rec->access_mode,
+ &auditdata);
if (rc != Success)
rec->status = rc;
}
@@ -832,8 +826,8 @@ SELinuxSelection(CallbackListPtr *pcbl, pointer unused, pointer calldata)
}
auditdata.selection = rec->name;
- rc = SELinuxDoCheck(rec->client->index, subj, &sel_sid,
- SECCLASS_X_SELECTION, rec->access_mode, &auditdata);
+ rc = SELinuxDoCheck(subj, &sel_sid, SECCLASS_X_SELECTION, rec->access_mode,
+ &auditdata);
if (rc != Success)
rec->status = rc;
}
commit 7ba8e97cbabfef4d614a6a38314830ec0f925471
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Thu Jan 24 19:09:58 2008 -0500
xselinux: Implement "get context" protocol requests.
diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index ede0350..1432916 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -1098,7 +1098,40 @@ ProcSELinuxSetDeviceContext(ClientPtr client)
static int
ProcSELinuxGetDeviceContext(ClientPtr client)
{
- return Success;
+ char *ctx;
+ DeviceIntPtr dev;
+ SELinuxStateRec *state;
+ SELinuxGetContextReply rep;
+ int rc;
+
+ REQUEST(SELinuxGetContextReq);
+ REQUEST_SIZE_MATCH(SELinuxGetContextReq);
+
+ rc = dixLookupDevice(&dev, stuff->id, client, DixGetAttrAccess);
+ if (rc != Success)
+ return rc;
+
+ state = dixLookupPrivate(&dev->devPrivates, stateKey);
+ rc = avc_sid_to_context(state->sid, &ctx);
+ if (rc != Success)
+ return BadValue;
+
+ rep.type = X_Reply;
+ rep.length = (strlen(ctx) + 4) >> 2;
+ rep.sequenceNumber = client->sequence;
+ rep.context_len = strlen(ctx) + 1;
+
+ if (client->swapped) {
+ int n;
+ swapl(&rep.length, n);
+ swaps(&rep.sequenceNumber, n);
+ swaps(&rep.context_len, n);
+ }
+
+ WriteToClient(client, sizeof(SELinuxGetContextReply), (char *)&rep);
+ WriteToClient(client, rep.context_len, ctx);
+ free(ctx);
+ return client->noClientException;
}
static int
@@ -1116,7 +1149,54 @@ ProcSELinuxGetPropertyCreateContext(ClientPtr client)
static int
ProcSELinuxGetPropertyContext(ClientPtr client)
{
- return Success;
+ char *ctx;
+ WindowPtr pWin;
+ PropertyPtr pProp;
+ SELinuxStateRec *state;
+ SELinuxGetContextReply rep;
+ int rc;
+
+ REQUEST(SELinuxGetPropertyContextReq);
+ REQUEST_SIZE_MATCH(SELinuxGetPropertyContextReq);
+
+ rc = dixLookupWindow(&pWin, stuff->window, client, DixGetPropAccess);
+ if (rc != Success)
+ return rc;
+
+ pProp = wUserProps(pWin);
+ while (pProp) {
+ if (pProp->propertyName == stuff->property)
+ break;
+ pProp = pProp->next;
+ }
+ if (!pProp)
+ return BadValue;
+
+ rc = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, pProp, DixGetAttrAccess);
+ if (rc != Success)
+ return rc;
+
+ state = dixLookupPrivate(&pProp->devPrivates, stateKey);
+ rc = avc_sid_to_context(state->sid, &ctx);
+ if (rc != Success)
+ return BadValue;
+
+ rep.type = X_Reply;
+ rep.length = (strlen(ctx) + 4) >> 2;
+ rep.sequenceNumber = client->sequence;
+ rep.context_len = strlen(ctx) + 1;
+
+ if (client->swapped) {
+ int n;
+ swapl(&rep.length, n);
+ swaps(&rep.sequenceNumber, n);
+ swaps(&rep.context_len, n);
+ }
+
+ WriteToClient(client, sizeof(SELinuxGetContextReply), (char *)&rep);
+ WriteToClient(client, rep.context_len, ctx);
+ free(ctx);
+ return client->noClientException;
}
static int
@@ -1134,7 +1214,40 @@ ProcSELinuxGetWindowCreateContext(ClientPtr client)
static int
ProcSELinuxGetWindowContext(ClientPtr client)
{
- return Success;
+ char *ctx;
+ WindowPtr pWin;
+ SELinuxStateRec *state;
+ SELinuxGetContextReply rep;
+ int rc;
+
+ REQUEST(SELinuxGetContextReq);
+ REQUEST_SIZE_MATCH(SELinuxGetContextReq);
+
+ rc = dixLookupWindow(&pWin, stuff->id, client, DixGetAttrAccess);
+ if (rc != Success)
+ return rc;
+
+ state = dixLookupPrivate(&pWin->devPrivates, stateKey);
+ rc = avc_sid_to_context(state->sid, &ctx);
+ if (rc != Success)
+ return BadValue;
+
+ rep.type = X_Reply;
+ rep.length = (strlen(ctx) + 4) >> 2;
+ rep.sequenceNumber = client->sequence;
+ rep.context_len = strlen(ctx) + 1;
+
+ if (client->swapped) {
+ int n;
+ swapl(&rep.length, n);
+ swaps(&rep.sequenceNumber, n);
+ swaps(&rep.context_len, n);
+ }
+
+ WriteToClient(client, sizeof(SELinuxGetContextReply), (char *)&rep);
+ WriteToClient(client, rep.context_len, ctx);
+ free(ctx);
+ return client->noClientException;
}
static int
More information about the xorg-commit
mailing list