xserver: Branch 'master' - 5 commits

Eamon Walsh ewalsh at kemper.freedesktop.org
Mon Aug 17 11:51:17 PDT 2009 

 Xext/xselinux.c  |   10 +---------
 Xext/xselinux.h  |    4 ++--
 dix/events.c     |    2 +-
 dix/protocol.txt |   22 ++++++++++++++++++++++
 randr/rrmode.c   |    2 +-
 randr/rrscreen.c |    8 ++++----
 6 files changed, 31 insertions(+), 17 deletions(-)

New commits:
commit 4098ad72d00e65d142fb9fe8a1194be35338508b
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Sun Aug 16 00:06:10 2009 -0400

    xace: fix access mode in dixLookupWindow within several RandR calls.
    
    Referencing a screen using a window only requires GetAttr access.
    
    Signed-off-by: Eamon Walsh <ewalsh at tycho.nsa.gov>

diff --git a/randr/rrmode.c b/randr/rrmode.c
index 3d053bc..9642dda 100644
--- a/randr/rrmode.c
+++ b/randr/rrmode.c
@@ -288,7 +288,7 @@ ProcRRCreateMode (ClientPtr client)
     RRModePtr		mode;
     
     REQUEST_AT_LEAST_SIZE (xRRCreateModeReq);
-    rc = dixLookupWindow(&pWin, stuff->window, client, DixReadAccess);
+    rc = dixLookupWindow(&pWin, stuff->window, client, DixGetAttrAccess);
     if (rc != Success)
 	return rc;
 
diff --git a/randr/rrscreen.c b/randr/rrscreen.c
index 97b8b96..630ff57 100644
--- a/randr/rrscreen.c
+++ b/randr/rrscreen.c
@@ -210,7 +210,7 @@ ProcRRGetScreenSizeRange (ClientPtr client)
     int				rc;
     
     REQUEST_SIZE_MATCH(xRRGetScreenInfoReq);
-    rc = dixLookupWindow(&pWin, stuff->window, client, DixReadAccess);
+    rc = dixLookupWindow(&pWin, stuff->window, client, DixGetAttrAccess);
     if (rc != Success)
 	return rc;
 
@@ -261,7 +261,7 @@ ProcRRSetScreenSize (ClientPtr client)
     int			i, rc;
     
     REQUEST_SIZE_MATCH(xRRSetScreenSizeReq);
-    rc = dixLookupWindow(&pWin, stuff->window, client, DixReadAccess);
+    rc = dixLookupWindow(&pWin, stuff->window, client, DixGetAttrAccess);
     if (rc != Success)
 	return rc;
 
@@ -331,7 +331,7 @@ rrGetScreenResources(ClientPtr client, Bool query)
     CARD8			*names;
     
     REQUEST_SIZE_MATCH(xRRGetScreenResourcesReq);
-    rc = dixLookupWindow(&pWin, stuff->window, client, DixReadAccess);
+    rc = dixLookupWindow(&pWin, stuff->window, client, DixGetAttrAccess);
     if (rc != Success)
 	return rc;
     
@@ -606,7 +606,7 @@ ProcRRGetScreenInfo (ClientPtr client)
     RROutputPtr		    output;
 
     REQUEST_SIZE_MATCH(xRRGetScreenInfoReq);
-    rc = dixLookupWindow(&pWin, stuff->window, client, DixReadAccess);
+    rc = dixLookupWindow(&pWin, stuff->window, client, DixGetAttrAccess);
     if (rc != Success)
 	return rc;
 
commit d4b8f7602b5e266a0ebd3b1ba23724362cc7de3a
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Mon Aug 10 18:39:04 2009 -0400

    xace: fix access mode in dixLookupWindow call within ProcUngrabKey.
    
    Referencing a window (as grab-window) only requires GetAttr access.
    
    Signed-off-by: Eamon Walsh <ewalsh at tycho.nsa.gov>

diff --git a/dix/events.c b/dix/events.c
index 8450706..b32960a 100644
--- a/dix/events.c
+++ b/dix/events.c
@@ -5137,7 +5137,7 @@ ProcUngrabKey(ClientPtr client)
     int rc;
 
     REQUEST_SIZE_MATCH(xUngrabKeyReq);
-    rc = dixLookupWindow(&pWin, stuff->grabWindow, client, DixReadAccess);
+    rc = dixLookupWindow(&pWin, stuff->grabWindow, client, DixGetAttrAccess);
     if (rc != Success)
 	return rc;
 
commit 6d2f4e487869f10de4a62365b4d6de036c752ab8
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Mon Aug 10 18:36:53 2009 -0400

    Add XI2 requests to protocol.txt
    
    Signed-off-by: Eamon Walsh <ewalsh at tycho.nsa.gov>

diff --git a/dix/protocol.txt b/dix/protocol.txt
index 364f13e..ac81c44 100644
--- a/dix/protocol.txt
+++ b/dix/protocol.txt
@@ -590,6 +590,7 @@ V031 X11:SelectionNotify
 V032 X11:ColormapNotify
 V033 X11:ClientMessage
 V034 X11:MappingNotify
+V035 X11:GenericEvent
 E000 X11:Success
 E001 X11:BadRequest
 E002 X11:BadValue
@@ -948,6 +949,27 @@ R036 XInputExtension:ListDeviceProperties
 R037 XInputExtension:ChangeDeviceProperty
 R038 XInputExtension:DeleteDeviceProperty
 R039 XInputExtension:GetDeviceProperty
+R040 XInputExtension:QueryPointer
+R041 XInputExtension:WarpPointer
+R042 XInputExtension:ChangeCursor
+R043 XInputExtension:ChangeHierarchy
+R044 XInputExtension:SetClientPointer
+R045 XInputExtension:GetClientPointer
+R046 XInputExtension:SelectEvents
+R047 XInputExtension:QueryVersion
+R048 XInputExtension:QueryDevice
+R049 XInputExtension:SetFocus
+R050 XInputExtension:GetFocus
+R051 XInputExtension:GrabDevice
+R052 XInputExtension:UngrabDevice
+R053 XInputExtension:AllowEvents
+R054 XInputExtension:PassiveGrabDevice
+R055 XInputExtension:PassiveUngrabDevice
+R056 XInputExtension:ListProperties
+R057 XInputExtension:ChangeProperty
+R058 XInputExtension:DeleteProperty
+R059 XInputExtension:GetProperty
+R060 XInputExtension:GetSelectedEvents
 V000 XInputExtension:DeviceValuator
 V001 XInputExtension:DeviceKeyPress
 V002 XInputExtension:DeviceKeyRelease
commit 73975ef3a39ce522c6206ca800ed175fbf851dcf
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Mon Aug 10 18:34:07 2009 -0400

    xselinux: Allow per-client device create contexts.
    
    The previous behavior was to set the serverClient's value which was used globally.
    This is in support of XI2, where clients can create device pairs directly.
    
    Signed-off-by: Eamon Walsh <ewalsh at tycho.nsa.gov>

diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index d718951..a199a0e 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -1318,14 +1318,6 @@ ProcSELinuxSetCreateContext(ClientPtr client, unsigned offset)
 	    return BadAlloc;
     }
 
-    if (offset == CTX_DEV) {
-	/* Device create context currently requires manage permission */
-	rc = XaceHook(XACE_SERVER_ACCESS, client, DixManageAccess);
-	if (rc != Success)
-	    goto out;
-	privPtr = &serverClient->devPrivates;
-    }
-
     ptr = dixLookupPrivate(privPtr, subjectKey);
     pSid = (security_id_t *)(ptr + offset);
     sidput(*pSid);
@@ -1337,7 +1329,7 @@ ProcSELinuxSetCreateContext(ClientPtr client, unsigned offset)
 	    avc_context_to_sid_raw(ctx, pSid) < 0)
 	    rc = BadValue;
     }
-out:
+
     xfree(ctx);
     return rc;
 }
commit 66e32d252cffcd4fe7d505f1c211253f23c5002c
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Mon Aug 10 18:33:05 2009 -0400

    xselinux: Add more new device permissions for XI2.
    
    Reflects the ability of clients to create/destroy device objects.
    
    Signed-off-by: Eamon Walsh <ewalsh at tycho.nsa.gov>

diff --git a/Xext/xselinux.h b/Xext/xselinux.h
index 065ff8d..e4a2ec2 100644
--- a/Xext/xselinux.h
+++ b/Xext/xselinux.h
@@ -373,8 +373,8 @@ static struct security_class_mapping map[] = {
     { "x_device",
         { "read",		/* DixReadAccess */
           "write",		/* DixWriteAccess */
-          "",			/* DixDestroyAccess */
-          "",			/* DixCreateAccess */
+          "destroy",		/* DixDestroyAccess */
+          "create",		/* DixCreateAccess */
           "getattr",		/* DixGetAttrAccess */
           "setattr",		/* DixSetAttrAccess */
           "list_property",	/* DixListPropAccess */

More information about the xorg-commit mailing list