xserver: Branch 'master' - 2 commits
Eamon Walsh
ewalsh at kemper.freedesktop.org
Thu Jun 18 17:58:10 PDT 2009
Xext/xselinux.c | 27 ---
Xext/xselinux.h | 392 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 393 insertions(+), 26 deletions(-)
New commits:
commit 3efb23a6c40dc3583d083d25ada3853ecc56000d
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Thu Jun 18 19:35:22 2009 -0400
xselinux: Add new device permissions for XI2.
Refects the ability of clients to add/remove devices and device properties.
Signed-off-by: Eamon Walsh <ewalsh at tycho.nsa.gov>
diff --git a/Xext/xselinux.h b/Xext/xselinux.h
index 1c3efc9..065ff8d 100644
--- a/Xext/xselinux.h
+++ b/Xext/xselinux.h
@@ -377,14 +377,14 @@ static struct security_class_mapping map[] = {
"", /* DixCreateAccess */
"getattr", /* DixGetAttrAccess */
"setattr", /* DixSetAttrAccess */
- "", /* DixListPropAccess */
- "", /* DixGetPropAccess */
- "", /* DixSetPropAccess */
+ "list_property", /* DixListPropAccess */
+ "get_property", /* DixGetPropAccess */
+ "set_property", /* DixSetPropAccess */
"getfocus", /* DixGetFocusAccess */
"setfocus", /* DixSetFocusAccess */
"", /* DixListAccess */
- "", /* DixAddAccess */
- "", /* DixRemoveAccess */
+ "add", /* DixAddAccess */
+ "remove", /* DixRemoveAccess */
"", /* DixHideAccess */
"", /* DixShowAccess */
"", /* DixBlendAccess */
commit 1e060c3d8b13d352a58fc65980cb9a3c6cb5718f
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Thu Jun 18 18:48:24 2009 -0400
xselinux: Move the security class mapping to the header file.
Take the mapping of DixAccess bits to Flask permissions, move it
into the header file, break up the extremely long lines, and
annotate the permission names with the bit being referenced.
Signed-off-by: Eamon Walsh <ewalsh at tycho.nsa.gov>
diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index 3a6f096..9898b29 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -49,6 +49,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#include "scrnintstr.h"
#include "selection.h"
#include "xacestr.h"
+#define _XSELINUX_NEED_FLASK
#include "xselinux.h"
#include "../os/osdep.h"
#include "modinit.h"
@@ -133,32 +134,6 @@ static unsigned numKnownEvents;
static SELinuxAtomRec *knownAtoms;
static unsigned numKnownAtoms;
-/* dynamically allocated security classes and permissions */
-static struct security_class_mapping map[] = {
- { "x_drawable", { "read", "write", "destroy", "create", "getattr", "setattr", "list_property", "get_property", "set_property", "", "", "list_child", "add_child", "remove_child", "hide", "show", "blend", "override", "", "", "", "", "send", "receive", "", "manage", NULL }},
- { "x_screen", { "", "", "", "", "getattr", "setattr", "saver_getattr", "saver_setattr", "", "", "", "", "", "", "hide_cursor", "show_cursor", "saver_hide", "saver_show", NULL }},
- { "x_gc", { "", "", "destroy", "create", "getattr", "setattr", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "use", NULL }},
- { "x_font", { "", "", "destroy", "create", "getattr", "", "", "", "", "", "", "", "add_glyph", "remove_glyph", "", "", "", "", "", "", "", "", "", "", "use", NULL }},
- { "x_colormap", { "read", "write", "destroy", "create", "getattr", "", "", "", "", "", "", "", "add_color", "remove_color", "", "", "", "", "", "", "install", "uninstall", "", "", "use", NULL }},
- { "x_property", { "read", "write", "destroy", "create", "getattr", "setattr", "", "", "", "", "", "", "", "", "", "", "write", NULL }},
- { "x_selection", { "read", "", "", "setattr", "getattr", "setattr", NULL }},
- { "x_cursor", { "read", "write", "destroy", "create", "getattr", "setattr", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "use", NULL }},
- { "x_client", { "", "", "destroy", "", "getattr", "setattr", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "manage", NULL }},
- { "x_device", { "read", "write", "", "", "getattr", "setattr", "", "", "", "getfocus", "setfocus", "", "", "", "", "", "", "grab", "freeze", "force_cursor", "", "", "", "", "use", "manage", "", "bell", NULL }},
- { "x_server", { "record", "", "", "", "getattr", "setattr", "", "", "", "", "", "", "", "", "", "", "", "grab", "", "", "", "", "", "", "", "manage", "debug", NULL }},
- { "x_extension", { "", "", "", "", "query", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "use", NULL }},
- { "x_event", { "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "send", "receive", NULL }},
- { "x_synthetic_event", { "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "send", "receive", NULL }},
- { "x_resource", { "read", "write", "write", "write", "read", "write", "read", "read", "write", "read", "write", "read", "write", "write", "write", "read", "read", "write", "write", "write", "write", "write", "write", "read", "read", "write", "read", "write", NULL }},
- { NULL }
-};
-
-/* x_resource "read" bits from the list above */
-#define SELinuxReadMask (DixReadAccess|DixGetAttrAccess|DixListPropAccess| \
- DixGetPropAccess|DixGetFocusAccess|DixListAccess| \
- DixShowAccess|DixBlendAccess|DixReceiveAccess| \
- DixUseAccess|DixDebugAccess)
-
/* forward declarations */
static void SELinuxScreen(CallbackListPtr *, pointer, pointer);
diff --git a/Xext/xselinux.h b/Xext/xselinux.h
index 7c3ffdc..1c3efc9 100644
--- a/Xext/xselinux.h
+++ b/Xext/xselinux.h
@@ -139,6 +139,7 @@ typedef struct {
} SELinuxListItemsReply;
+#ifdef _XSELINUX_NEED_FLASK
/* Private Flask definitions */
#define SECCLASS_X_DRAWABLE 1
#define SECCLASS_X_SCREEN 2
@@ -156,4 +157,395 @@ typedef struct {
#define SECCLASS_X_FAKEEVENT 14
#define SECCLASS_X_RESOURCE 15
+/* Mapping from DixAccess bits to Flask permissions */
+static struct security_class_mapping map[] = {
+ { "x_drawable",
+ { "read", /* DixReadAccess */
+ "write", /* DixWriteAccess */
+ "destroy", /* DixDestroyAccess */
+ "create", /* DixCreateAccess */
+ "getattr", /* DixGetAttrAccess */
+ "setattr", /* DixSetAttrAccess */
+ "list_property", /* DixListPropAccess */
+ "get_property", /* DixGetPropAccess */
+ "set_property", /* DixSetPropAccess */
+ "", /* DixGetFocusAccess */
+ "", /* DixSetFocusAccess */
+ "list_child", /* DixListAccess */
+ "add_child", /* DixAddAccess */
+ "remove_child", /* DixRemoveAccess */
+ "hide", /* DixHideAccess */
+ "show", /* DixShowAccess */
+ "blend", /* DixBlendAccess */
+ "override", /* DixGrabAccess */
+ "", /* DixFreezeAccess */
+ "", /* DixForceAccess */
+ "", /* DixInstallAccess */
+ "", /* DixUninstallAccess */
+ "send", /* DixSendAccess */
+ "receive", /* DixReceiveAccess */
+ "", /* DixUseAccess */
+ "manage", /* DixManageAccess */
+ NULL }},
+ { "x_screen",
+ { "", /* DixReadAccess */
+ "", /* DixWriteAccess */
+ "", /* DixDestroyAccess */
+ "", /* DixCreateAccess */
+ "getattr", /* DixGetAttrAccess */
+ "setattr", /* DixSetAttrAccess */
+ "saver_getattr", /* DixListPropAccess */
+ "saver_setattr", /* DixGetPropAccess */
+ "", /* DixSetPropAccess */
+ "", /* DixGetFocusAccess */
+ "", /* DixSetFocusAccess */
+ "", /* DixListAccess */
+ "", /* DixAddAccess */
+ "", /* DixRemoveAccess */
+ "hide_cursor", /* DixHideAccess */
+ "show_cursor", /* DixShowAccess */
+ "saver_hide", /* DixBlendAccess */
+ "saver_show", /* DixGrabAccess */
+ NULL }},
+ { "x_gc",
+ { "", /* DixReadAccess */
+ "", /* DixWriteAccess */
+ "destroy", /* DixDestroyAccess */
+ "create", /* DixCreateAccess */
+ "getattr", /* DixGetAttrAccess */
+ "setattr", /* DixSetAttrAccess */
+ "", /* DixListPropAccess */
+ "", /* DixGetPropAccess */
+ "", /* DixSetPropAccess */
+ "", /* DixGetFocusAccess */
+ "", /* DixSetFocusAccess */
+ "", /* DixListAccess */
+ "", /* DixAddAccess */
+ "", /* DixRemoveAccess */
+ "", /* DixHideAccess */
+ "", /* DixShowAccess */
+ "", /* DixBlendAccess */
+ "", /* DixGrabAccess */
+ "", /* DixFreezeAccess */
+ "", /* DixForceAccess */
+ "", /* DixInstallAccess */
+ "", /* DixUninstallAccess */
+ "", /* DixSendAccess */
+ "", /* DixReceiveAccess */
+ "use", /* DixUseAccess */
+ NULL }},
+ { "x_font",
+ { "", /* DixReadAccess */
+ "", /* DixWriteAccess */
+ "destroy", /* DixDestroyAccess */
+ "create", /* DixCreateAccess */
+ "getattr", /* DixGetAttrAccess */
+ "", /* DixSetAttrAccess */
+ "", /* DixListPropAccess */
+ "", /* DixGetPropAccess */
+ "", /* DixSetPropAccess */
+ "", /* DixGetFocusAccess */
+ "", /* DixSetFocusAccess */
+ "", /* DixListAccess */
+ "add_glyph", /* DixAddAccess */
+ "remove_glyph", /* DixRemoveAccess */
+ "", /* DixHideAccess */
+ "", /* DixShowAccess */
+ "", /* DixBlendAccess */
+ "", /* DixGrabAccess */
+ "", /* DixFreezeAccess */
+ "", /* DixForceAccess */
+ "", /* DixInstallAccess */
+ "", /* DixUninstallAccess */
+ "", /* DixSendAccess */
+ "", /* DixReceiveAccess */
+ "use", /* DixUseAccess */
+ NULL }},
+ { "x_colormap",
+ { "read", /* DixReadAccess */
+ "write", /* DixWriteAccess */
+ "destroy", /* DixDestroyAccess */
+ "create", /* DixCreateAccess */
+ "getattr", /* DixGetAttrAccess */
+ "", /* DixSetAttrAccess */
+ "", /* DixListPropAccess */
+ "", /* DixGetPropAccess */
+ "", /* DixSetPropAccess */
+ "", /* DixGetFocusAccess */
+ "", /* DixSetFocusAccess */
+ "", /* DixListAccess */
+ "add_color", /* DixAddAccess */
+ "remove_color", /* DixRemoveAccess */
+ "", /* DixHideAccess */
+ "", /* DixShowAccess */
+ "", /* DixBlendAccess */
+ "", /* DixGrabAccess */
+ "", /* DixFreezeAccess */
+ "", /* DixForceAccess */
+ "install", /* DixInstallAccess */
+ "uninstall", /* DixUninstallAccess */
+ "", /* DixSendAccess */
+ "", /* DixReceiveAccess */
+ "use", /* DixUseAccess */
+ NULL }},
+ { "x_property",
+ { "read", /* DixReadAccess */
+ "write", /* DixWriteAccess */
+ "destroy", /* DixDestroyAccess */
+ "create", /* DixCreateAccess */
+ "getattr", /* DixGetAttrAccess */
+ "setattr", /* DixSetAttrAccess */
+ "", /* DixListPropAccess */
+ "", /* DixGetPropAccess */
+ "", /* DixSetPropAccess */
+ "", /* DixGetFocusAccess */
+ "", /* DixSetFocusAccess */
+ "", /* DixListAccess */
+ "", /* DixAddAccess */
+ "", /* DixRemoveAccess */
+ "", /* DixHideAccess */
+ "", /* DixShowAccess */
+ "write", /* DixBlendAccess */
+ NULL }},
+ { "x_selection",
+ { "read", /* DixReadAccess */
+ "", /* DixWriteAccess */
+ "", /* DixDestroyAccess */
+ "setattr", /* DixCreateAccess */
+ "getattr", /* DixGetAttrAccess */
+ "setattr", /* DixSetAttrAccess */
+ NULL }},
+ { "x_cursor",
+ { "read", /* DixReadAccess */
+ "write", /* DixWriteAccess */
+ "destroy", /* DixDestroyAccess */
+ "create", /* DixCreateAccess */
+ "getattr", /* DixGetAttrAccess */
+ "setattr", /* DixSetAttrAccess */
+ "", /* DixListPropAccess */
+ "", /* DixGetPropAccess */
+ "", /* DixSetPropAccess */
+ "", /* DixGetFocusAccess */
+ "", /* DixSetFocusAccess */
+ "", /* DixListAccess */
+ "", /* DixAddAccess */
+ "", /* DixRemoveAccess */
+ "", /* DixHideAccess */
+ "", /* DixShowAccess */
+ "", /* DixBlendAccess */
+ "", /* DixGrabAccess */
+ "", /* DixFreezeAccess */
+ "", /* DixForceAccess */
+ "", /* DixInstallAccess */
+ "", /* DixUninstallAccess */
+ "", /* DixSendAccess */
+ "", /* DixReceiveAccess */
+ "use", /* DixUseAccess */
+ NULL }},
+ { "x_client",
+ { "", /* DixReadAccess */
+ "", /* DixWriteAccess */
+ "destroy", /* DixDestroyAccess */
+ "", /* DixCreateAccess */
+ "getattr", /* DixGetAttrAccess */
+ "setattr", /* DixSetAttrAccess */
+ "", /* DixListPropAccess */
+ "", /* DixGetPropAccess */
+ "", /* DixSetPropAccess */
+ "", /* DixGetFocusAccess */
+ "", /* DixSetFocusAccess */
+ "", /* DixListAccess */
+ "", /* DixAddAccess */
+ "", /* DixRemoveAccess */
+ "", /* DixHideAccess */
+ "", /* DixShowAccess */
+ "", /* DixBlendAccess */
+ "", /* DixGrabAccess */
+ "", /* DixFreezeAccess */
+ "", /* DixForceAccess */
+ "", /* DixInstallAccess */
+ "", /* DixUninstallAccess */
+ "", /* DixSendAccess */
+ "", /* DixReceiveAccess */
+ "", /* DixUseAccess */
+ "manage", /* DixManageAccess */
+ NULL }},
+ { "x_device",
+ { "read", /* DixReadAccess */
+ "write", /* DixWriteAccess */
+ "", /* DixDestroyAccess */
+ "", /* DixCreateAccess */
+ "getattr", /* DixGetAttrAccess */
+ "setattr", /* DixSetAttrAccess */
+ "", /* DixListPropAccess */
+ "", /* DixGetPropAccess */
+ "", /* DixSetPropAccess */
+ "getfocus", /* DixGetFocusAccess */
+ "setfocus", /* DixSetFocusAccess */
+ "", /* DixListAccess */
+ "", /* DixAddAccess */
+ "", /* DixRemoveAccess */
+ "", /* DixHideAccess */
+ "", /* DixShowAccess */
+ "", /* DixBlendAccess */
+ "grab", /* DixGrabAccess */
+ "freeze", /* DixFreezeAccess */
+ "force_cursor", /* DixForceAccess */
+ "", /* DixInstallAccess */
+ "", /* DixUninstallAccess */
+ "", /* DixSendAccess */
+ "", /* DixReceiveAccess */
+ "use", /* DixUseAccess */
+ "manage", /* DixManageAccess */
+ "", /* DixDebugAccess */
+ "bell", /* DixBellAccess */
+ NULL }},
+ { "x_server",
+ { "record", /* DixReadAccess */
+ "", /* DixWriteAccess */
+ "", /* DixDestroyAccess */
+ "", /* DixCreateAccess */
+ "getattr", /* DixGetAttrAccess */
+ "setattr", /* DixSetAttrAccess */
+ "", /* DixListPropAccess */
+ "", /* DixGetPropAccess */
+ "", /* DixSetPropAccess */
+ "", /* DixGetFocusAccess */
+ "", /* DixSetFocusAccess */
+ "", /* DixListAccess */
+ "", /* DixAddAccess */
+ "", /* DixRemoveAccess */
+ "", /* DixHideAccess */
+ "", /* DixShowAccess */
+ "", /* DixBlendAccess */
+ "grab", /* DixGrabAccess */
+ "", /* DixFreezeAccess */
+ "", /* DixForceAccess */
+ "", /* DixInstallAccess */
+ "", /* DixUninstallAccess */
+ "", /* DixSendAccess */
+ "", /* DixReceiveAccess */
+ "", /* DixUseAccess */
+ "manage", /* DixManageAccess */
+ "debug", /* DixDebugAccess */
+ NULL }},
+ { "x_extension",
+ { "", /* DixReadAccess */
+ "", /* DixWriteAccess */
+ "", /* DixDestroyAccess */
+ "", /* DixCreateAccess */
+ "query", /* DixGetAttrAccess */
+ "", /* DixSetAttrAccess */
+ "", /* DixListPropAccess */
+ "", /* DixGetPropAccess */
+ "", /* DixSetPropAccess */
+ "", /* DixGetFocusAccess */
+ "", /* DixSetFocusAccess */
+ "", /* DixListAccess */
+ "", /* DixAddAccess */
+ "", /* DixRemoveAccess */
+ "", /* DixHideAccess */
+ "", /* DixShowAccess */
+ "", /* DixBlendAccess */
+ "", /* DixGrabAccess */
+ "", /* DixFreezeAccess */
+ "", /* DixForceAccess */
+ "", /* DixInstallAccess */
+ "", /* DixUninstallAccess */
+ "", /* DixSendAccess */
+ "", /* DixReceiveAccess */
+ "use", /* DixUseAccess */
+ NULL }},
+ { "x_event",
+ { "", /* DixReadAccess */
+ "", /* DixWriteAccess */
+ "", /* DixDestroyAccess */
+ "", /* DixCreateAccess */
+ "", /* DixGetAttrAccess */
+ "", /* DixSetAttrAccess */
+ "", /* DixListPropAccess */
+ "", /* DixGetPropAccess */
+ "", /* DixSetPropAccess */
+ "", /* DixGetFocusAccess */
+ "", /* DixSetFocusAccess */
+ "", /* DixListAccess */
+ "", /* DixAddAccess */
+ "", /* DixRemoveAccess */
+ "", /* DixHideAccess */
+ "", /* DixShowAccess */
+ "", /* DixBlendAccess */
+ "", /* DixGrabAccess */
+ "", /* DixFreezeAccess */
+ "", /* DixForceAccess */
+ "", /* DixInstallAccess */
+ "", /* DixUninstallAccess */
+ "send", /* DixSendAccess */
+ "receive", /* DixReceiveAccess */
+ NULL }},
+ { "x_synthetic_event",
+ { "", /* DixReadAccess */
+ "", /* DixWriteAccess */
+ "", /* DixDestroyAccess */
+ "", /* DixCreateAccess */
+ "", /* DixGetAttrAccess */
+ "", /* DixSetAttrAccess */
+ "", /* DixListPropAccess */
+ "", /* DixGetPropAccess */
+ "", /* DixSetPropAccess */
+ "", /* DixGetFocusAccess */
+ "", /* DixSetFocusAccess */
+ "", /* DixListAccess */
+ "", /* DixAddAccess */
+ "", /* DixRemoveAccess */
+ "", /* DixHideAccess */
+ "", /* DixShowAccess */
+ "", /* DixBlendAccess */
+ "", /* DixGrabAccess */
+ "", /* DixFreezeAccess */
+ "", /* DixForceAccess */
+ "", /* DixInstallAccess */
+ "", /* DixUninstallAccess */
+ "send", /* DixSendAccess */
+ "receive", /* DixReceiveAccess */
+ NULL }},
+ { "x_resource",
+ { "read", /* DixReadAccess */
+ "write", /* DixWriteAccess */
+ "write", /* DixDestroyAccess */
+ "write", /* DixCreateAccess */
+ "read", /* DixGetAttrAccess */
+ "write", /* DixSetAttrAccess */
+ "read", /* DixListPropAccess */
+ "read", /* DixGetPropAccess */
+ "write", /* DixSetPropAccess */
+ "read", /* DixGetFocusAccess */
+ "write", /* DixSetFocusAccess */
+ "read", /* DixListAccess */
+ "write", /* DixAddAccess */
+ "write", /* DixRemoveAccess */
+ "write", /* DixHideAccess */
+ "read", /* DixShowAccess */
+ "read", /* DixBlendAccess */
+ "write", /* DixGrabAccess */
+ "write", /* DixFreezeAccess */
+ "write", /* DixForceAccess */
+ "write", /* DixInstallAccess */
+ "write", /* DixUninstallAccess */
+ "write", /* DixSendAccess */
+ "read", /* DixReceiveAccess */
+ "read", /* DixUseAccess */
+ "write", /* DixManageAccess */
+ "read", /* DixDebugAccess */
+ "write", /* DixBellAccess */
+ NULL }},
+ { NULL }
+};
+
+/* x_resource "read" bits from the list above */
+#define SELinuxReadMask (DixReadAccess|DixGetAttrAccess|DixListPropAccess| \
+ DixGetPropAccess|DixGetFocusAccess|DixListAccess| \
+ DixShowAccess|DixBlendAccess|DixReceiveAccess| \
+ DixUseAccess|DixDebugAccess)
+
+#endif /* _XSELINUX_NEED_FLASK */
#endif /* _XSELINUX_H */
More information about the xorg-commit
mailing list