xserver: Branch 'master' - 9 commits
Keith Packard
keithp at kemper.freedesktop.org
Wed Oct 14 20:08:35 PDT 2009
Xext/Makefile.am | 3
Xext/xselinux.c | 2070 --------------------------------------------------
Xext/xselinux.h | 412 ---------
Xext/xselinux_ext.c | 729 +++++++++++++++++
Xext/xselinux_hooks.c | 1030 ++++++++++++++++++++++++
Xext/xselinux_label.c | 381 +++++++++
Xext/xselinuxint.h | 556 +++++++++++++
Xi/queryst.c | 14
Xi/xiquerydevice.c | 41
Xi/xiquerydevice.h | 8
dix/devices.c | 5
dix/events.c | 23
include/dix.h | 4
xkb/xkb.c | 2
14 files changed, 2759 insertions(+), 2519 deletions(-)
New commits:
commit 264ce9e8360374b3a43442c8bdea08abde705446
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Wed Oct 14 20:33:53 2009 -0400
xselinux: Use the now-exported IsPointerDevice() instead of a copy.
Signed-off-by: Eamon Walsh <ewalsh at tycho.nsa.gov>
diff --git a/Xext/xselinux_hooks.c b/Xext/xselinux_hooks.c
index fd2bfcf..43683ff 100644
--- a/Xext/xselinux_hooks.c
+++ b/Xext/xselinux_hooks.c
@@ -87,16 +87,6 @@ static pointer truep = (pointer)1;
/*
- * Returns true if device is a pointer device.
- * Note: this duplicates dix IsPointerDevice() which is not exported.
- */
-static inline Bool
-IsPointerDev(DeviceIntPtr dev)
-{
- return (dev->type == MASTER_POINTER) || (dev->valuator && dev->button);
-}
-
-/*
* Performs an SELinux permission check.
*/
static int
@@ -383,7 +373,7 @@ SELinuxDevice(CallbackListPtr *pcbl, pointer unused, pointer calldata)
}
}
- cls = IsPointerDev(rec->dev) ? SECCLASS_X_POINTER : SECCLASS_X_KEYBOARD;
+ cls = IsPointerDevice(rec->dev) ? SECCLASS_X_POINTER : SECCLASS_X_KEYBOARD;
rc = SELinuxDoCheck(subj, obj, cls, rec->access_mode, &auditdata);
if (rc != Success)
rec->status = rc;
commit 0ae1632be045bfbb288bb57190c830f94247460f
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Wed Oct 14 20:32:28 2009 -0400
dix: Export IsPointerDevice() and IsKeyboardDevice().
Makes the functions available to extmod for extensions to call.
Signed-off-by: Eamon Walsh <ewalsh at tycho.nsa.gov>
diff --git a/include/dix.h b/include/dix.h
index b1edb6c..9fd2ed8 100644
--- a/include/dix.h
+++ b/include/dix.h
@@ -587,8 +587,8 @@ typedef struct {
extern int XItoCoreType(int xi_type);
extern Bool DevHasCursor(DeviceIntPtr pDev);
-extern Bool IsPointerDevice( DeviceIntPtr dev);
-extern Bool IsKeyboardDevice(DeviceIntPtr dev);
+extern Bool _X_EXPORT IsPointerDevice( DeviceIntPtr dev);
+extern Bool _X_EXPORT IsKeyboardDevice(DeviceIntPtr dev);
extern Bool IsPointerEvent(InternalEvent *event);
extern Bool IsMaster(DeviceIntPtr dev);
commit 6c2ae5fec552366e11ad64a27626eb5dec4becf0
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Tue Sep 22 13:31:49 2009 -0700
xselinux: switch from x_device to separate x_pointer and x_keyboard classes.
This will allow separate controls over pointer and keyboard without having
to relabel the devices to separate types.
Signed-off-by: Eamon Walsh <ewalsh at tycho.nsa.gov>
diff --git a/Xext/xselinux_hooks.c b/Xext/xselinux_hooks.c
index fe53488..fd2bfcf 100644
--- a/Xext/xselinux_hooks.c
+++ b/Xext/xselinux_hooks.c
@@ -87,6 +87,16 @@ static pointer truep = (pointer)1;
/*
+ * Returns true if device is a pointer device.
+ * Note: this duplicates dix IsPointerDevice() which is not exported.
+ */
+static inline Bool
+IsPointerDev(DeviceIntPtr dev)
+{
+ return (dev->type == MASTER_POINTER) || (dev->valuator && dev->button);
+}
+
+/*
* Performs an SELinux permission check.
*/
static int
@@ -348,6 +358,7 @@ SELinuxDevice(CallbackListPtr *pcbl, pointer unused, pointer calldata)
SELinuxSubjectRec *subj;
SELinuxObjectRec *obj;
SELinuxAuditRec auditdata = { .client = rec->client, .dev = rec->dev };
+ security_class_t cls;
int rc;
subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey);
@@ -372,8 +383,8 @@ SELinuxDevice(CallbackListPtr *pcbl, pointer unused, pointer calldata)
}
}
- rc = SELinuxDoCheck(subj, obj, SECCLASS_X_DEVICE, rec->access_mode,
- &auditdata);
+ cls = IsPointerDev(rec->dev) ? SECCLASS_X_POINTER : SECCLASS_X_KEYBOARD;
+ rc = SELinuxDoCheck(subj, obj, cls, rec->access_mode, &auditdata);
if (rc != Success)
rec->status = rc;
}
diff --git a/Xext/xselinuxint.h b/Xext/xselinuxint.h
index d1b35bf..854a57d 100644
--- a/Xext/xselinuxint.h
+++ b/Xext/xselinuxint.h
@@ -123,12 +123,13 @@ SELinuxFlaskReset(void);
#define SECCLASS_X_SELECTION 7
#define SECCLASS_X_CURSOR 8
#define SECCLASS_X_CLIENT 9
-#define SECCLASS_X_DEVICE 10
-#define SECCLASS_X_SERVER 11
-#define SECCLASS_X_EXTENSION 12
-#define SECCLASS_X_EVENT 13
-#define SECCLASS_X_FAKEEVENT 14
-#define SECCLASS_X_RESOURCE 15
+#define SECCLASS_X_POINTER 10
+#define SECCLASS_X_KEYBOARD 11
+#define SECCLASS_X_SERVER 12
+#define SECCLASS_X_EXTENSION 13
+#define SECCLASS_X_EVENT 14
+#define SECCLASS_X_FAKEEVENT 15
+#define SECCLASS_X_RESOURCE 16
#ifdef _XSELINUX_NEED_FLASK_MAP
/* Mapping from DixAccess bits to Flask permissions */
@@ -344,7 +345,37 @@ static struct security_class_mapping map[] = {
"", /* DixUseAccess */
"manage", /* DixManageAccess */
NULL }},
- { "x_device",
+ { "x_pointer",
+ { "read", /* DixReadAccess */
+ "write", /* DixWriteAccess */
+ "destroy", /* DixDestroyAccess */
+ "create", /* DixCreateAccess */
+ "getattr", /* DixGetAttrAccess */
+ "setattr", /* DixSetAttrAccess */
+ "list_property", /* DixListPropAccess */
+ "get_property", /* DixGetPropAccess */
+ "set_property", /* DixSetPropAccess */
+ "getfocus", /* DixGetFocusAccess */
+ "setfocus", /* DixSetFocusAccess */
+ "", /* DixListAccess */
+ "add", /* DixAddAccess */
+ "remove", /* DixRemoveAccess */
+ "", /* DixHideAccess */
+ "", /* DixShowAccess */
+ "", /* DixBlendAccess */
+ "grab", /* DixGrabAccess */
+ "freeze", /* DixFreezeAccess */
+ "force_cursor", /* DixForceAccess */
+ "", /* DixInstallAccess */
+ "", /* DixUninstallAccess */
+ "", /* DixSendAccess */
+ "", /* DixReceiveAccess */
+ "use", /* DixUseAccess */
+ "manage", /* DixManageAccess */
+ "", /* DixDebugAccess */
+ "bell", /* DixBellAccess */
+ NULL }},
+ { "x_keyboard",
{ "read", /* DixReadAccess */
"write", /* DixWriteAccess */
"destroy", /* DixDestroyAccess */
commit 4be354c4c2da5168b302601b91bd80cfaca7e193
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Tue Sep 22 13:18:44 2009 -0700
Remove some debug messages that trigger on XACE event delivery failure.
It is normal for XACE to deny an event delivery, so these log messages
shouldn't trigger when that happens. Just drop them for now.
Signed-off-by: Eamon Walsh <ewalsh at tycho.nsa.gov>
diff --git a/dix/events.c b/dix/events.c
index 4bc97b1..d070a4c 100644
--- a/dix/events.c
+++ b/dix/events.c
@@ -2507,9 +2507,7 @@ DeliverDeviceEvents(WindowPtr pWin, InternalEvent *event, GrabPtr grab,
filter, grab);
if (deliveries > 0)
goto unwind;
- } else if (rc != BadMatch)
- ErrorF("[dix] %s: XI conversion failed in DDE (%d, %d). Skipping delivery.\n",
- dev->name, event->any.type, rc);
+ }
}
/* Core event */
@@ -2525,9 +2523,7 @@ DeliverDeviceEvents(WindowPtr pWin, InternalEvent *event, GrabPtr grab,
filter, grab);
if (deliveries > 0)
goto unwind;
- } else if (rc != BadMatch)
- ErrorF("[dix] %s: Core conversion failed in DDE (%d, %d).\n",
- dev->name, event->any.type, rc);
+ }
}
if ((deliveries < 0) || (pWin == stopAt) ||
@@ -3811,9 +3807,7 @@ DeliverFocusedEvent(DeviceIntPtr keybd, InternalEvent *event, WindowPtr window)
deliveries = DeliverEventsToWindow(keybd, focus, &core, 1,
GetEventFilter(keybd, &core),
NullGrab);
- } else if (rc != BadMatch)
- ErrorF("[dix] %s: core conversion failed DFE (%d, %d). Skipping delivery.\n",
- keybd->name, event->any.type, rc);
+ }
}
unwind:
commit c4ffce4dc84a0a9d134a59b7e7765c99ed767e53
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Tue Sep 22 13:13:03 2009 -0700
xace: Relax permissions on XkbGetState from Read to Getattr.
This request is used to get the current keyboard group and is called from
GTK. It does not return an actual keymap (aside from modifiers) so it
should be safe to relax the permission on it. However it does return
button state information which should be controlled through a separate
pointer Read check.
Signed-off-by: Eamon Walsh <ewalsh at tycho.nsa.gov>
diff --git a/xkb/xkb.c b/xkb/xkb.c
index 7abbeaa..98e879d 100644
--- a/xkb/xkb.c
+++ b/xkb/xkb.c
@@ -554,7 +554,7 @@ ProcXkbGetState(ClientPtr client)
if (!(client->xkbClientFlags&_XkbClientInitialized))
return BadAccess;
- CHK_KBD_DEVICE(dev, stuff->deviceSpec, client, DixReadAccess);
+ CHK_KBD_DEVICE(dev, stuff->deviceSpec, client, DixGetAttrAccess);
xkb= &dev->key->xkbInfo->state;
bzero(&rep,sizeof(xkbGetStateReply));
commit 0ff28319906eeb3f236acd72201c416ce01f2c6e
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Tue Sep 15 19:41:04 2009 -0400
xselinux: Stop special-casing QueryPointer access checks.
XACE has been changed to not return BadAccess on device read failures.
Thus, no need for this workaround code.
Signed-off-by: Eamon Walsh <ewalsh at tycho.nsa.gov>
diff --git a/Xext/xselinux_hooks.c b/Xext/xselinux_hooks.c
index a270673..fe53488 100644
--- a/Xext/xselinux_hooks.c
+++ b/Xext/xselinux_hooks.c
@@ -372,17 +372,6 @@ SELinuxDevice(CallbackListPtr *pcbl, pointer unused, pointer calldata)
}
}
- /* XXX only check read permission on XQueryKeymap */
- /* This is to allow the numerous apps that call XQueryPointer to work */
- if (rec->access_mode & DixReadAccess) {
- ClientPtr client = rec->client;
- REQUEST(xReq);
- if (stuff && stuff->reqType != X_QueryKeymap) {
- rec->access_mode &= ~DixReadAccess;
- rec->access_mode |= DixGetAttrAccess;
- }
- }
-
rc = SELinuxDoCheck(subj, obj, SECCLASS_X_DEVICE, rec->access_mode,
&auditdata);
if (rc != Success)
commit 8502c06e19a4c00bf1311f54f9a365ee9e026e97
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Tue Sep 15 19:29:34 2009 -0400
xace: Fake return values on denials in input polling requests.
Instead of returning BadAccess when "read" permission is denied
on a device, falsify the device state (buttons down, keys pressed).
This is nicer to applications, but may still have undesired side
effects. The long-term solution is not to use these requests in
event-driven code!
Requests affected: QueryPointer, QueryKeymap, XiQueryDevice.
Signed-off-by: Eamon Walsh <ewalsh at tycho.nsa.gov>
diff --git a/Xi/queryst.c b/Xi/queryst.c
index 2ba1edb..78b97a7 100644
--- a/Xi/queryst.c
+++ b/Xi/queryst.c
@@ -96,7 +96,7 @@ ProcXQueryDeviceState(ClientPtr client)
rep.sequenceNumber = client->sequence;
rc = dixLookupDevice(&dev, stuff->deviceid, client, DixReadAccess);
- if (rc != Success)
+ if (rc != Success && rc != BadAccess)
return rc;
v = dev->valuator;
@@ -130,8 +130,9 @@ ProcXQueryDeviceState(ClientPtr client)
tk->length = sizeof(xKeyState);
tk->num_keys = k->xkbInfo->desc->max_key_code -
k->xkbInfo->desc->min_key_code + 1;
- for (i = 0; i < 32; i++)
- tk->keys[i] = k->down[i];
+ if (rc != BadAccess)
+ for (i = 0; i < 32; i++)
+ tk->keys[i] = k->down[i];
buf += sizeof(xKeyState);
}
@@ -140,7 +141,8 @@ ProcXQueryDeviceState(ClientPtr client)
tb->class = ButtonClass;
tb->length = sizeof(xButtonState);
tb->num_buttons = b->numButtons;
- memcpy(tb->buttons, b->down, sizeof(b->down));
+ if (rc != BadAccess)
+ memcpy(tb->buttons, b->down, sizeof(b->down));
buf += sizeof(xButtonState);
}
@@ -152,7 +154,9 @@ ProcXQueryDeviceState(ClientPtr client)
tv->mode = v->mode;
buf += sizeof(xValuatorState);
for (i = 0, values = v->axisVal; i < v->numAxes; i++) {
- *((int *)buf) = *values++;
+ if (rc != BadAccess)
+ *((int *)buf) = *values;
+ values++;
if (client->swapped) {
swapl((int *)buf, n); /* macro - braces needed */
}
diff --git a/Xi/xiquerydevice.c b/Xi/xiquerydevice.c
index 68d91fa..435868d 100644
--- a/Xi/xiquerydevice.c
+++ b/Xi/xiquerydevice.c
@@ -45,7 +45,8 @@
#include "xiquerydevice.h"
static Bool ShouldSkipDevice(ClientPtr client, int deviceid, DeviceIntPtr d);
-static int ListDeviceInfo(DeviceIntPtr dev, xXIDeviceInfo* info);
+static int
+ListDeviceInfo(ClientPtr client, DeviceIntPtr dev, xXIDeviceInfo* info);
static int SizeDeviceInfo(DeviceIntPtr dev);
static void SwapDeviceInfo(DeviceIntPtr dev, xXIDeviceInfo* info);
int
@@ -119,7 +120,7 @@ ProcXIQueryDevice(ClientPtr client)
ptr = info;
if (dev)
{
- len = ListDeviceInfo(dev, (xXIDeviceInfo*)info);
+ len = ListDeviceInfo(client, dev, (xXIDeviceInfo*)info);
if (client->swapped)
SwapDeviceInfo(dev, (xXIDeviceInfo*)info);
info += len;
@@ -131,7 +132,7 @@ ProcXIQueryDevice(ClientPtr client)
{
if (!skip[i])
{
- len = ListDeviceInfo(dev, (xXIDeviceInfo*)info);
+ len = ListDeviceInfo(client, dev, (xXIDeviceInfo*)info);
if (client->swapped)
SwapDeviceInfo(dev, (xXIDeviceInfo*)info);
info += len;
@@ -143,7 +144,7 @@ ProcXIQueryDevice(ClientPtr client)
{
if (!skip[i])
{
- len = ListDeviceInfo(dev, (xXIDeviceInfo*)info);
+ len = ListDeviceInfo(client, dev, (xXIDeviceInfo*)info);
if (client->swapped)
SwapDeviceInfo(dev, (xXIDeviceInfo*)info);
info += len;
@@ -240,7 +241,7 @@ SizeDeviceClasses(DeviceIntPtr dev)
* @return Number of bytes written into info.
*/
int
-ListButtonInfo(DeviceIntPtr dev, xXIButtonInfo* info)
+ListButtonInfo(DeviceIntPtr dev, xXIButtonInfo* info, Bool reportState)
{
unsigned char *bits;
int mask_len;
@@ -257,9 +258,11 @@ ListButtonInfo(DeviceIntPtr dev, xXIButtonInfo* info)
bits = (unsigned char*)&info[1];
memset(bits, 0, mask_len * 4);
- for (i = 0; dev && dev->button && i < dev->button->numButtons; i++)
- if (BitIsOn(dev->button->down, i))
- SetBit(bits, i);
+ if (reportState)
+ for (i = 0; dev && dev->button && i < dev->button->numButtons; i++)
+ if (BitIsOn(dev->button->down, i))
+ SetBit(bits, i);
+
bits += mask_len * 4;
memcpy(bits, dev->button->labels, dev->button->numButtons * sizeof(Atom));
@@ -327,7 +330,8 @@ SwapKeyInfo(DeviceIntPtr dev, xXIKeyInfo* info)
* @return The number of bytes written into info.
*/
int
-ListValuatorInfo(DeviceIntPtr dev, xXIValuatorInfo* info, int axisnumber)
+ListValuatorInfo(DeviceIntPtr dev, xXIValuatorInfo* info, int axisnumber,
+ Bool reportState)
{
ValuatorClassPtr v = dev->valuator;
@@ -345,6 +349,9 @@ ListValuatorInfo(DeviceIntPtr dev, xXIValuatorInfo* info, int axisnumber)
info->mode = v->mode; /* Server doesn't have per-axis mode yet */
info->sourceid = v->sourceid;
+ if (!reportState)
+ info->value = info->min;
+
return info->length * 4;
}
@@ -389,7 +396,7 @@ int GetDeviceUse(DeviceIntPtr dev, uint16_t *attachment)
* @return The number of bytes used.
*/
static int
-ListDeviceInfo(DeviceIntPtr dev, xXIDeviceInfo* info)
+ListDeviceInfo(ClientPtr client, DeviceIntPtr dev, xXIDeviceInfo* info)
{
char *any = (char*)&info[1];
int len = 0, total_len = 0;
@@ -407,7 +414,8 @@ ListDeviceInfo(DeviceIntPtr dev, xXIDeviceInfo* info)
any += len;
total_len += len;
- return total_len + ListDeviceClasses(dev, any, &info->num_classes);
+ total_len += ListDeviceClasses(client, dev, any, &info->num_classes);
+ return total_len;
}
/**
@@ -416,16 +424,21 @@ ListDeviceInfo(DeviceIntPtr dev, xXIDeviceInfo* info)
* written.
*/
int
-ListDeviceClasses(DeviceIntPtr dev, char *any, uint16_t *nclasses)
+ListDeviceClasses(ClientPtr client, DeviceIntPtr dev,
+ char *any, uint16_t *nclasses)
{
int total_len = 0;
int len;
int i;
+ int rc;
+
+ /* Check if the current device state should be suppressed */
+ rc = XaceHook(XACE_DEVICE_ACCESS, client, dev, DixReadAccess);
if (dev->button)
{
(*nclasses)++;
- len = ListButtonInfo(dev, (xXIButtonInfo*)any);
+ len = ListButtonInfo(dev, (xXIButtonInfo*)any, rc == Success);
any += len;
total_len += len;
}
@@ -441,7 +454,7 @@ ListDeviceClasses(DeviceIntPtr dev, char *any, uint16_t *nclasses)
for (i = 0; dev->valuator && i < dev->valuator->numAxes; i++)
{
(*nclasses)++;
- len = ListValuatorInfo(dev, (xXIValuatorInfo*)any, i);
+ len = ListValuatorInfo(dev, (xXIValuatorInfo*)any, i, rc == Success);
any += len;
total_len += len;
}
diff --git a/Xi/xiquerydevice.h b/Xi/xiquerydevice.h
index 34e87bd..02f0659 100644
--- a/Xi/xiquerydevice.h
+++ b/Xi/xiquerydevice.h
@@ -37,9 +37,11 @@ int SProcXIQueryDevice(ClientPtr client);
int ProcXIQueryDevice(ClientPtr client);
void SRepXIQueryDevice(ClientPtr client, int size, xXIQueryDeviceReply *rep);
int SizeDeviceClasses(DeviceIntPtr dev);
-int ListDeviceClasses(DeviceIntPtr dev, char* any, uint16_t* nclasses);
+int ListDeviceClasses(ClientPtr client, DeviceIntPtr dev,
+ char* any, uint16_t* nclasses);
int GetDeviceUse(DeviceIntPtr dev, uint16_t *attachment);
-int ListButtonInfo(DeviceIntPtr dev, xXIButtonInfo* info);
+int ListButtonInfo(DeviceIntPtr dev, xXIButtonInfo* info, Bool reportState);
int ListKeyInfo(DeviceIntPtr dev, xXIKeyInfo* info);
-int ListValuatorInfo(DeviceIntPtr dev, xXIValuatorInfo* info, int axisnumber);
+int ListValuatorInfo(DeviceIntPtr dev, xXIValuatorInfo* info,
+ int axisnumber, Bool reportState);
#endif /* QUERYDEV_H */
diff --git a/dix/devices.c b/dix/devices.c
index e86e606..6a79073 100644
--- a/dix/devices.c
+++ b/dix/devices.c
@@ -2221,12 +2221,15 @@ ProcQueryKeymap(ClientPtr client)
rep.length = 2;
rc = XaceHook(XACE_DEVICE_ACCESS, client, keybd, DixReadAccess);
- if (rc != Success)
+ if (rc != Success && rc != BadAccess)
return rc;
for (i = 0; i<32; i++)
rep.map[i] = down[i];
+ if (rc == BadAccess)
+ memset(rep.map, 0, 32);
+
WriteReplyToClient(client, sizeof(xQueryKeymapReply), &rep);
return Success;
diff --git a/dix/events.c b/dix/events.c
index aaf28b5..4bc97b1 100644
--- a/dix/events.c
+++ b/dix/events.c
@@ -4974,7 +4974,7 @@ ProcQueryPointer(ClientPtr client)
if (rc != Success)
return rc;
rc = XaceHook(XACE_DEVICE_ACCESS, client, mouse, DixReadAccess);
- if (rc != Success)
+ if (rc != Success && rc != BadAccess)
return rc;
keyboard = GetPairedDevice(mouse);
@@ -5022,6 +5022,15 @@ ProcQueryPointer(ClientPtr client)
}
#endif
+ if (rc == BadAccess) {
+ rep.mask = 0;
+ rep.child = None;
+ rep.rootX = 0;
+ rep.rootY = 0;
+ rep.winX = 0;
+ rep.winY = 0;
+ }
+
WriteReplyToClient(client, sizeof(xQueryPointerReply), &rep);
return(Success);
commit 0493935691e925ae137af7636fa15befa76c8b45
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Mon Aug 31 21:20:53 2009 -0400
xselinux: Factor out some dynamic array code into common helpers.
Signed-off-by: Eamon Walsh <ewalsh at tycho.nsa.gov>
diff --git a/Xext/xselinux_label.c b/Xext/xselinux_label.c
index 7ec10ff..239536c 100644
--- a/Xext/xselinux_label.c
+++ b/Xext/xselinux_label.c
@@ -32,21 +32,60 @@ typedef struct {
SELinuxObjectRec sel;
} SELinuxAtomRec;
+/* dynamic array */
+typedef struct {
+ unsigned size;
+ void **array;
+} SELinuxArrayRec;
+
/* labeling handle */
static struct selabel_handle *label_hnd;
/* Array of object classes indexed by resource type */
-static security_class_t *knownTypes;
-static unsigned numKnownTypes;
-
+SELinuxArrayRec arr_types;
/* Array of event SIDs indexed by event type */
-static security_id_t *knownEvents;
-static unsigned numKnownEvents;
-
+SELinuxArrayRec arr_events;
/* Array of property and selection SID structures */
-static SELinuxAtomRec *knownAtoms;
-static unsigned numKnownAtoms;
+SELinuxArrayRec arr_atoms;
+
+/*
+ * Dynamic array helpers
+ */
+static void *
+SELinuxArrayGet(SELinuxArrayRec *rec, unsigned key)
+{
+ return (rec->size > key) ? rec->array[key] : 0;
+}
+
+static int
+SELinuxArraySet(SELinuxArrayRec *rec, unsigned key, void *val)
+{
+ if (key >= rec->size) {
+ /* Need to increase size of array */
+ rec->array = xrealloc(rec->array, (key + 1) * sizeof(val));
+ if (!rec->array)
+ return FALSE;
+ memset(rec->array + rec->size, 0, (key - rec->size + 1) * sizeof(val));
+ rec->size = key + 1;
+ }
+
+ rec->array[key] = val;
+ return TRUE;
+}
+static void
+SELinuxArrayFree(SELinuxArrayRec *rec, int free_elements)
+{
+ if (free_elements) {
+ unsigned i = rec->size;
+ while (i)
+ xfree(rec->array[--i]);
+ }
+
+ xfree(rec->array);
+ rec->size = 0;
+ rec->array = NULL;
+}
/*
* Looks up a name in the selection or property mappings
@@ -87,26 +126,23 @@ SELinuxAtomToSIDLookup(Atom atom, SELinuxObjectRec *obj, int map, int polymap)
int
SELinuxAtomToSID(Atom atom, int prop, SELinuxObjectRec **obj_rtn)
{
+ SELinuxAtomRec *rec;
SELinuxObjectRec *obj;
int rc, map, polymap;
- if (atom >= numKnownAtoms) {
- /* Need to increase size of atoms array */
- unsigned size = sizeof(SELinuxAtomRec);
- knownAtoms = xrealloc(knownAtoms, (atom + 1) * size);
- if (!knownAtoms)
+ rec = SELinuxArrayGet(&arr_atoms, atom);
+ if (!rec) {
+ rec = xcalloc(1, sizeof(SELinuxAtomRec));
+ if (!rec || !SELinuxArraySet(&arr_atoms, atom, rec))
return BadAlloc;
- memset(knownAtoms + numKnownAtoms, 0,
- (atom - numKnownAtoms + 1) * size);
- numKnownAtoms = atom + 1;
}
if (prop) {
- obj = &knownAtoms[atom].prp;
+ obj = &rec->prp;
map = SELABEL_X_PROP;
polymap = SELABEL_X_POLYPROP;
} else {
- obj = &knownAtoms[atom].sel;
+ obj = &rec->sel;
map = SELABEL_X_SELN;
polymap = SELABEL_X_POLYSELN;
}
@@ -218,36 +254,33 @@ SELinuxEventToSID(unsigned type, security_id_t sid_of_window,
SELinuxObjectRec *sid_return)
{
const char *name = LookupEventName(type);
+ security_id_t sid;
security_context_t ctx;
type &= 127;
- if (type >= numKnownEvents) {
- /* Need to increase size of classes array */
- unsigned size = sizeof(security_id_t);
- knownEvents = xrealloc(knownEvents, (type + 1) * size);
- if (!knownEvents)
- return BadAlloc;
- memset(knownEvents + numKnownEvents, 0,
- (type - numKnownEvents + 1) * size);
- numKnownEvents = type + 1;
- }
-
- if (!knownEvents[type]) {
+ sid = SELinuxArrayGet(&arr_events, type);
+ if (!sid) {
/* Look in the mappings of event names to contexts */
if (selabel_lookup_raw(label_hnd, &ctx, name, SELABEL_X_EVENT) < 0) {
ErrorF("SELinux: an event label lookup failed!\n");
return BadValue;
}
/* Get a SID for context */
- if (avc_context_to_sid_raw(ctx, knownEvents + type) < 0) {
+ if (avc_context_to_sid_raw(ctx, &sid) < 0) {
ErrorF("SELinux: a context_to_SID_raw call failed!\n");
+ freecon(ctx);
return BadAlloc;
}
freecon(ctx);
+ /* Cache the SID value */
+ if (!SELinuxArraySet(&arr_events, type, sid)) {
+ sidput(sid);
+ return BadAlloc;
+ }
}
/* Perform a transition to obtain the final SID */
- if (avc_compute_create(sid_of_window, knownEvents[type], SECCLASS_X_EVENT,
+ if (avc_compute_create(sid_of_window, sid, SECCLASS_X_EVENT,
&sid_return->sid) < 0) {
ErrorF("SELinux: a compute_create call failed!\n");
return BadValue;
@@ -282,44 +315,36 @@ SELinuxExtensionToSID(const char *name, security_id_t *sid_rtn)
security_class_t
SELinuxTypeToClass(RESTYPE type)
{
- RESTYPE fulltype = type;
- type &= TypeMask;
-
- if (type >= numKnownTypes) {
- /* Need to increase size of classes array */
- unsigned size = sizeof(security_class_t);
- knownTypes = xrealloc(knownTypes, (type + 1) * size);
- if (!knownTypes)
- return 0;
- memset(knownTypes + numKnownTypes, 0,
- (type - numKnownTypes + 1) * size);
- numKnownTypes = type + 1;
- }
+ void *tmp;
+
+ tmp = SELinuxArrayGet(&arr_types, type & TypeMask);
+ if (!tmp) {
+ unsigned long class = SECCLASS_X_RESOURCE;
+
+ if (type & RC_DRAWABLE)
+ class = SECCLASS_X_DRAWABLE;
+ else if (type == RT_GC)
+ class = SECCLASS_X_GC;
+ else if (type == RT_FONT)
+ class = SECCLASS_X_FONT;
+ else if (type == RT_CURSOR)
+ class = SECCLASS_X_CURSOR;
+ else if (type == RT_COLORMAP)
+ class = SECCLASS_X_COLORMAP;
+ else {
+ /* Need to do a string lookup */
+ const char *str = LookupResourceName(type);
+ if (!strcmp(str, "PICTURE"))
+ class = SECCLASS_X_DRAWABLE;
+ else if (!strcmp(str, "GLYPHSET"))
+ class = SECCLASS_X_FONT;
+ }
- if (!knownTypes[type]) {
- const char *str;
- knownTypes[type] = SECCLASS_X_RESOURCE;
-
- if (fulltype & RC_DRAWABLE)
- knownTypes[type] = SECCLASS_X_DRAWABLE;
- if (fulltype == RT_GC)
- knownTypes[type] = SECCLASS_X_GC;
- if (fulltype == RT_FONT)
- knownTypes[type] = SECCLASS_X_FONT;
- if (fulltype == RT_CURSOR)
- knownTypes[type] = SECCLASS_X_CURSOR;
- if (fulltype == RT_COLORMAP)
- knownTypes[type] = SECCLASS_X_COLORMAP;
-
- /* Need to do a string lookup */
- str = LookupResourceName(fulltype);
- if (!strcmp(str, "PICTURE"))
- knownTypes[type] = SECCLASS_X_DRAWABLE;
- if (!strcmp(str, "GLYPHSET"))
- knownTypes[type] = SECCLASS_X_FONT;
+ tmp = (void *)class;
+ SELinuxArraySet(&arr_types, type & TypeMask, tmp);
}
- return knownTypes[type];
+ return (security_class_t)(unsigned long)tmp;
}
security_context_t
@@ -350,15 +375,7 @@ SELinuxLabelReset(void)
label_hnd = NULL;
/* Free local state */
- xfree(knownAtoms);
- knownAtoms = NULL;
- numKnownAtoms = 0;
-
- xfree(knownEvents);
- knownEvents = NULL;
- numKnownEvents = 0;
-
- xfree(knownTypes);
- knownTypes = NULL;
- numKnownTypes = 0;
+ SELinuxArrayFree(&arr_types, 0);
+ SELinuxArrayFree(&arr_events, 0);
+ SELinuxArrayFree(&arr_atoms, 1);
}
commit ae8891ba0b63bfe6941a324e201d9ab7c645c0f3
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Mon Aug 31 18:46:23 2009 -0400
xselinux: refactor extension code into smaller files.
New files:
xselinux_ext.c: Extension init and request handlers.
xselinux_hooks.c: XACE hook functions and other callbacks.
xselinux_label.c: Object security-labeling code.
xselinuxint.h: Shared internal functions.
Signed-off-by: Eamon Walsh <ewalsh at tycho.nsa.gov>
diff --git a/Xext/Makefile.am b/Xext/Makefile.am
index ac45f95..7287c4a 100644
--- a/Xext/Makefile.am
+++ b/Xext/Makefile.am
@@ -80,7 +80,7 @@ endif
# SELinux extension: provides SELinux policy support for X objects
# requires X-ACE extension
-XSELINUX_SRCS = xselinux.c xselinux.h
+XSELINUX_SRCS = xselinux_ext.c xselinux_hooks.c xselinux_label.c xselinux.h xselinuxint.h
if XSELINUX
MODULE_SRCS += $(XSELINUX_SRCS)
endif
@@ -133,6 +133,7 @@ EXTRA_DIST = \
$(SCREENSAVER_SRCS) \
$(XACE_SRCS) \
$(XCSECURITY_SRCS) \
+ $(XSELINUX_SRCS) \
$(XCALIBRATE_SRCS) \
$(XINERAMA_SRCS) \
$(MULTIBUFFER_SRCS) \
diff --git a/Xext/xselinux.c b/Xext/xselinux.c
deleted file mode 100644
index b9b16b6..0000000
--- a/Xext/xselinux.c
+++ /dev/null
@@ -1,2070 +0,0 @@
-/************************************************************
-
-Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
-
-Permission to use, copy, modify, distribute, and sell this software and its
-documentation for any purpose is hereby granted without fee, provided that
-this permission notice appear in supporting documentation. This permission
-notice shall be included in all copies or substantial portions of the
-Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
-AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-********************************************************/
-
-/*
- * Portions of this code copyright (c) 2005 by Trusted Computer Solutions, Inc.
- * All rights reserved.
- */
-
-#ifdef HAVE_DIX_CONFIG_H
-#include <dix-config.h>
-#endif
-
-#include <sys/socket.h>
-#include <stdio.h>
-#include <stdarg.h>
-
-#include <selinux/selinux.h>
-#include <selinux/label.h>
-#include <selinux/avc.h>
-
-#include <libaudit.h>
-
-#include <X11/Xatom.h>
-#include "globals.h"
-#include "resource.h"
-#include "privates.h"
-#include "registry.h"
-#include "dixstruct.h"
-#include "inputstr.h"
-#include "windowstr.h"
-#include "propertyst.h"
-#include "extnsionst.h"
-#include "scrnintstr.h"
-#include "selection.h"
-#include "xacestr.h"
-#define _XSELINUX_NEED_FLASK
-#include "xselinux.h"
-#include "../os/osdep.h"
-#include "modinit.h"
-
-
-/*
- * Globals
- */
-
-/* private state keys */
-static int subjectKeyIndex;
-static DevPrivateKey subjectKey = &subjectKeyIndex;
-static int objectKeyIndex;
-static DevPrivateKey objectKey = &objectKeyIndex;
-static int dataKeyIndex;
-static DevPrivateKey dataKey = &dataKeyIndex;
-
-/* subject state (clients and devices only) */
-typedef struct {
- security_id_t sid;
- security_id_t dev_create_sid;
- security_id_t win_create_sid;
- security_id_t sel_create_sid;
- security_id_t prp_create_sid;
- security_id_t sel_use_sid;
- security_id_t prp_use_sid;
- struct avc_entry_ref aeref;
- char *command;
- int privileged;
-} SELinuxSubjectRec;
-
-/* object state */
-typedef struct {
- security_id_t sid;
- int poly;
-} SELinuxObjectRec;
-
-/* selection and property atom cache */
-typedef struct {
- SELinuxObjectRec prp;
- SELinuxObjectRec sel;
-} SELinuxAtomRec;
-
-/* audit file descriptor */
-static int audit_fd;
-
-/* structure passed to auditing callback */
-typedef struct {
- ClientPtr client; /* client */
- DeviceIntPtr dev; /* device */
- char *command; /* client's executable path */
- unsigned id; /* resource id, if any */
- int restype; /* resource type, if any */
- int event; /* event type, if any */
- Atom property; /* property name, if any */
- Atom selection; /* selection name, if any */
- char *extension; /* extension name, if any */
-} SELinuxAuditRec;
-
-/* labeling handle */
-static struct selabel_handle *label_hnd;
-
-/* whether AVC is active */
-static int avc_active;
-
-/* atoms for window label properties */
-static Atom atom_ctx;
-static Atom atom_client_ctx;
-
-/* The unlabeled SID */
-static security_id_t unlabeled_sid;
-
-/* Array of object classes indexed by resource type */
-static security_class_t *knownTypes;
-static unsigned numKnownTypes;
-
-/* Array of event SIDs indexed by event type */
-static security_id_t *knownEvents;
-static unsigned numKnownEvents;
-
-/* Array of property and selection SID structures */
-static SELinuxAtomRec *knownAtoms;
-static unsigned numKnownAtoms;
-
-/* forward declarations */
-static void SELinuxScreen(CallbackListPtr *, pointer, pointer);
-
-/* "true" pointer value for use as callback data */
-static pointer truep = (pointer)1;
-
-
-/*
- * Support Routines
- */
-
-/*
- * Looks up a name in the selection or property mappings
- */
-static int
-SELinuxAtomToSIDLookup(Atom atom, SELinuxObjectRec *obj, int map, int polymap)
-{
- const char *name = NameForAtom(atom);
- security_context_t ctx;
- int rc = Success;
-
- obj->poly = 1;
-
- /* Look in the mappings of names to contexts */
- if (selabel_lookup_raw(label_hnd, &ctx, name, map) == 0) {
- obj->poly = 0;
- } else if (errno != ENOENT) {
- ErrorF("SELinux: a property label lookup failed!\n");
- return BadValue;
- } else if (selabel_lookup_raw(label_hnd, &ctx, name, polymap) < 0) {
- ErrorF("SELinux: a property label lookup failed!\n");
- return BadValue;
- }
-
- /* Get a SID for context */
- if (avc_context_to_sid_raw(ctx, &obj->sid) < 0) {
- ErrorF("SELinux: a context_to_SID_raw call failed!\n");
- rc = BadAlloc;
- }
-
- freecon(ctx);
- return rc;
-}
-
-/*
- * Looks up the SID corresponding to the given property or selection atom
- */
-static int
-SELinuxAtomToSID(Atom atom, int prop, SELinuxObjectRec **obj_rtn)
-{
- SELinuxObjectRec *obj;
- int rc, map, polymap;
-
- if (atom >= numKnownAtoms) {
- /* Need to increase size of atoms array */
- unsigned size = sizeof(SELinuxAtomRec);
- knownAtoms = xrealloc(knownAtoms, (atom + 1) * size);
- if (!knownAtoms)
- return BadAlloc;
- memset(knownAtoms + numKnownAtoms, 0,
- (atom - numKnownAtoms + 1) * size);
- numKnownAtoms = atom + 1;
- }
-
- if (prop) {
- obj = &knownAtoms[atom].prp;
- map = SELABEL_X_PROP;
- polymap = SELABEL_X_POLYPROP;
- } else {
- obj = &knownAtoms[atom].sel;
- map = SELABEL_X_SELN;
- polymap = SELABEL_X_POLYSELN;
- }
-
- if (!obj->sid) {
- rc = SELinuxAtomToSIDLookup(atom, obj, map, polymap);
- if (rc != Success)
- goto out;
- }
-
- *obj_rtn = obj;
- rc = Success;
-out:
- return rc;
-}
-
-/*
- * Looks up a SID for a selection/subject pair
- */
-static int
-SELinuxSelectionToSID(Atom selection, SELinuxSubjectRec *subj,
- security_id_t *sid_rtn, int *poly_rtn)
-{
- int rc;
- SELinuxObjectRec *obj;
- security_id_t tsid;
-
- /* Get the default context and polyinstantiation bit */
- rc = SELinuxAtomToSID(selection, 0, &obj);
- if (rc != Success)
- return rc;
-
- /* Check for an override context next */
- if (subj->sel_use_sid) {
- sidget(tsid = subj->sel_use_sid);
- goto out;
- }
-
- sidget(tsid = obj->sid);
-
- /* Polyinstantiate if necessary to obtain the final SID */
- if (obj->poly) {
- sidput(tsid);
- if (avc_compute_member(subj->sid, obj->sid,
- SECCLASS_X_SELECTION, &tsid) < 0) {
- ErrorF("SELinux: a compute_member call failed!\n");
- return BadValue;
- }
- }
-out:
- *sid_rtn = tsid;
- if (poly_rtn)
- *poly_rtn = obj->poly;
- return Success;
-}
-
-/*
- * Looks up a SID for a property/subject pair
- */
-static int
-SELinuxPropertyToSID(Atom property, SELinuxSubjectRec *subj,
- security_id_t *sid_rtn, int *poly_rtn)
-{
- int rc;
- SELinuxObjectRec *obj;
- security_id_t tsid, tsid2;
-
- /* Get the default context and polyinstantiation bit */
- rc = SELinuxAtomToSID(property, 1, &obj);
- if (rc != Success)
- return rc;
-
- /* Check for an override context next */
- if (subj->prp_use_sid) {
- sidget(tsid = subj->prp_use_sid);
- goto out;
- }
-
- /* Perform a transition */
- if (avc_compute_create(subj->sid, obj->sid,
- SECCLASS_X_PROPERTY, &tsid) < 0) {
- ErrorF("SELinux: a compute_create call failed!\n");
- return BadValue;
- }
-
- /* Polyinstantiate if necessary to obtain the final SID */
- if (obj->poly) {
- tsid2 = tsid;
- if (avc_compute_member(subj->sid, tsid2,
- SECCLASS_X_PROPERTY, &tsid) < 0) {
- ErrorF("SELinux: a compute_member call failed!\n");
- sidput(tsid2);
- return BadValue;
- }
- sidput(tsid2);
- }
-out:
- *sid_rtn = tsid;
- if (poly_rtn)
- *poly_rtn = obj->poly;
- return Success;
-}
-
-/*
- * Looks up the SID corresponding to the given event type
- */
-static int
-SELinuxEventToSID(unsigned type, security_id_t sid_of_window,
- SELinuxObjectRec *sid_return)
-{
- const char *name = LookupEventName(type);
- security_context_t ctx;
- type &= 127;
-
- if (type >= numKnownEvents) {
- /* Need to increase size of classes array */
- unsigned size = sizeof(security_id_t);
- knownEvents = xrealloc(knownEvents, (type + 1) * size);
- if (!knownEvents)
- return BadAlloc;
- memset(knownEvents + numKnownEvents, 0,
- (type - numKnownEvents + 1) * size);
- numKnownEvents = type + 1;
- }
-
- if (!knownEvents[type]) {
- /* Look in the mappings of event names to contexts */
- if (selabel_lookup_raw(label_hnd, &ctx, name, SELABEL_X_EVENT) < 0) {
- ErrorF("SELinux: an event label lookup failed!\n");
- return BadValue;
- }
- /* Get a SID for context */
- if (avc_context_to_sid_raw(ctx, knownEvents + type) < 0) {
- ErrorF("SELinux: a context_to_SID_raw call failed!\n");
- return BadAlloc;
- }
- freecon(ctx);
- }
-
- /* Perform a transition to obtain the final SID */
- if (avc_compute_create(sid_of_window, knownEvents[type], SECCLASS_X_EVENT,
- &sid_return->sid) < 0) {
- ErrorF("SELinux: a compute_create call failed!\n");
- return BadValue;
- }
-
- return Success;
-}
-
-/*
- * Returns the object class corresponding to the given resource type.
- */
-static security_class_t
-SELinuxTypeToClass(RESTYPE type)
-{
- RESTYPE fulltype = type;
- type &= TypeMask;
-
- if (type >= numKnownTypes) {
- /* Need to increase size of classes array */
- unsigned size = sizeof(security_class_t);
- knownTypes = xrealloc(knownTypes, (type + 1) * size);
- if (!knownTypes)
- return 0;
- memset(knownTypes + numKnownTypes, 0,
- (type - numKnownTypes + 1) * size);
- numKnownTypes = type + 1;
- }
-
- if (!knownTypes[type]) {
- const char *str;
- knownTypes[type] = SECCLASS_X_RESOURCE;
-
- if (fulltype & RC_DRAWABLE)
- knownTypes[type] = SECCLASS_X_DRAWABLE;
- if (fulltype == RT_GC)
- knownTypes[type] = SECCLASS_X_GC;
- if (fulltype == RT_FONT)
- knownTypes[type] = SECCLASS_X_FONT;
- if (fulltype == RT_CURSOR)
- knownTypes[type] = SECCLASS_X_CURSOR;
- if (fulltype == RT_COLORMAP)
- knownTypes[type] = SECCLASS_X_COLORMAP;
-
- /* Need to do a string lookup */
- str = LookupResourceName(fulltype);
- if (!strcmp(str, "PICTURE"))
- knownTypes[type] = SECCLASS_X_DRAWABLE;
- if (!strcmp(str, "GLYPHSET"))
- knownTypes[type] = SECCLASS_X_FONT;
- }
-
- return knownTypes[type];
-}
-
-/*
- * Performs an SELinux permission check.
- */
-static int
-SELinuxDoCheck(SELinuxSubjectRec *subj, SELinuxObjectRec *obj,
- security_class_t class, Mask mode, SELinuxAuditRec *auditdata)
-{
- /* serverClient requests OK */
- if (subj->privileged)
- return Success;
-
- auditdata->command = subj->command;
- errno = 0;
-
- if (avc_has_perm(subj->sid, obj->sid, class, mode, &subj->aeref,
- auditdata) < 0) {
- if (mode == DixUnknownAccess)
- return Success; /* DixUnknownAccess requests OK ... for now */
- if (errno == EACCES)
- return BadAccess;
- ErrorF("SELinux: avc_has_perm: unexpected error %d\n", errno);
- return BadValue;
- }
-
- return Success;
-}
-
-/*
- * Labels a newly connected client.
- */
-static void
-SELinuxLabelClient(ClientPtr client)
-{
- int fd = XaceGetConnectionNumber(client);
- SELinuxSubjectRec *subj;
- SELinuxObjectRec *obj;
- security_context_t ctx;
-
- subj = dixLookupPrivate(&client->devPrivates, subjectKey);
- sidput(subj->sid);
- obj = dixLookupPrivate(&client->devPrivates, objectKey);
- sidput(obj->sid);
-
- /* Try to get a context from the socket */
- if (fd < 0 || getpeercon_raw(fd, &ctx) < 0) {
- /* Otherwise, fall back to a default context */
- if (selabel_lookup_raw(label_hnd, &ctx, "remote", SELABEL_X_CLIENT) < 0)
- FatalError("SELinux: failed to look up remote-client context\n");
- }
-
- /* For local clients, try and determine the executable name */
- if (XaceIsLocal(client)) {
- struct ucred creds;
- socklen_t len = sizeof(creds);
- char path[PATH_MAX + 1];
- size_t bytes;
-
- memset(&creds, 0, sizeof(creds));
- if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &creds, &len) < 0)
- goto finish;
-
- snprintf(path, PATH_MAX + 1, "/proc/%d/cmdline", creds.pid);
- fd = open(path, O_RDONLY);
- if (fd < 0)
- goto finish;
-
- bytes = read(fd, path, PATH_MAX + 1);
- close(fd);
- if (bytes <= 0)
- goto finish;
-
- subj->command = xalloc(bytes);
- if (!subj->command)
- goto finish;
-
- memcpy(subj->command, path, bytes);
- subj->command[bytes - 1] = 0;
- }
-
-finish:
- /* Get a SID from the context */
- if (avc_context_to_sid_raw(ctx, &subj->sid) < 0)
- FatalError("SELinux: client %d: context_to_sid_raw(%s) failed\n",
- client->index, ctx);
-
- sidget(obj->sid = subj->sid);
- freecon(ctx);
-}
-
-/*
- * Labels initial server objects.
- */
-static void
-SELinuxLabelInitial(void)
-{
- int i;
- XaceScreenAccessRec srec;
- SELinuxSubjectRec *subj;
- SELinuxObjectRec *obj;
- security_context_t ctx;
- pointer unused;
-
- /* Do the serverClient */
- subj = dixLookupPrivate(&serverClient->devPrivates, subjectKey);
- obj = dixLookupPrivate(&serverClient->devPrivates, objectKey);
- subj->privileged = 1;
- sidput(subj->sid);
-
- /* Use the context of the X server process for the serverClient */
- if (getcon_raw(&ctx) < 0)
- FatalError("SELinux: couldn't get context of X server process\n");
-
- /* Get a SID from the context */
- if (avc_context_to_sid_raw(ctx, &subj->sid) < 0)
- FatalError("SELinux: serverClient: context_to_sid(%s) failed\n", ctx);
-
- sidget(obj->sid = subj->sid);
- freecon(ctx);
-
- srec.client = serverClient;
- srec.access_mode = DixCreateAccess;
- srec.status = Success;
-
- for (i = 0; i < screenInfo.numScreens; i++) {
- /* Do the screen object */
- srec.screen = screenInfo.screens[i];
- SELinuxScreen(NULL, NULL, &srec);
-
- /* Do the default colormap */
- dixLookupResourceByType(&unused, screenInfo.screens[i]->defColormap,
- RT_COLORMAP, serverClient, DixCreateAccess);
- }
-}
-
-/*
- * Labels new resource objects.
- */
-static int
-SELinuxLabelResource(XaceResourceAccessRec *rec, SELinuxSubjectRec *subj,
- SELinuxObjectRec *obj, security_class_t class)
-{
- int offset;
- security_id_t tsid;
-
- /* Check for a create context */
- if (rec->rtype == RT_WINDOW && subj->win_create_sid) {
- sidget(obj->sid = subj->win_create_sid);
- return Success;
- }
-
- if (rec->parent)
- offset = dixLookupPrivateOffset(rec->ptype);
-
- if (rec->parent && offset >= 0) {
- /* Use the SID of the parent object in the labeling operation */
- PrivateRec **privatePtr = DEVPRIV_AT(rec->parent, offset);
- SELinuxObjectRec *pobj = dixLookupPrivate(privatePtr, objectKey);
- tsid = pobj->sid;
- } else {
- /* Use the SID of the subject */
- tsid = subj->sid;
- }
-
- /* Perform a transition to obtain the final SID */
- if (avc_compute_create(subj->sid, tsid, class, &obj->sid) < 0) {
- ErrorF("SELinux: a compute_create call failed!\n");
- return BadValue;
- }
-
- return Success;
-}
-
-
-/*
- * Libselinux Callbacks
- */
-
-static int
-SELinuxAudit(void *auditdata,
- security_class_t class,
- char *msgbuf,
- size_t msgbufsize)
-{
- SELinuxAuditRec *audit = auditdata;
- ClientPtr client = audit->client;
- char idNum[16];
- const char *propertyName, *selectionName;
- int major = -1, minor = -1;
-
- if (client) {
- REQUEST(xReq);
- if (stuff) {
- major = stuff->reqType;
- minor = MinorOpcodeOfRequest(client);
- }
- }
- if (audit->id)
- snprintf(idNum, 16, "%x", audit->id);
-
- propertyName = audit->property ? NameForAtom(audit->property) : NULL;
- selectionName = audit->selection ? NameForAtom(audit->selection) : NULL;
-
- return snprintf(msgbuf, msgbufsize,
- "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
- (major >= 0) ? "request=" : "",
- (major >= 0) ? LookupRequestName(major, minor) : "",
- audit->command ? " comm=" : "",
- audit->command ? audit->command : "",
- audit->dev ? " xdevice=\"" : "",
- audit->dev ? audit->dev->name : "",
- audit->dev ? "\"" : "",
- audit->id ? " resid=" : "",
- audit->id ? idNum : "",
- audit->restype ? " restype=" : "",
- audit->restype ? LookupResourceName(audit->restype) : "",
- audit->event ? " event=" : "",
- audit->event ? LookupEventName(audit->event & 127) : "",
- audit->property ? " property=" : "",
- audit->property ? propertyName : "",
- audit->selection ? " selection=" : "",
- audit->selection ? selectionName : "",
- audit->extension ? " extension=" : "",
- audit->extension ? audit->extension : "");
-}
-
-static int
-SELinuxLog(int type, const char *fmt, ...)
-{
- va_list ap;
- char buf[MAX_AUDIT_MESSAGE_LENGTH];
- int rc, aut;
-
- switch (type) {
- case SELINUX_INFO:
- aut = AUDIT_USER_MAC_POLICY_LOAD;
- break;
- case SELINUX_AVC:
- aut = AUDIT_USER_AVC;
- break;
- default:
- aut = AUDIT_USER_SELINUX_ERR;
- break;
- }
-
- va_start(ap, fmt);
- vsnprintf(buf, MAX_AUDIT_MESSAGE_LENGTH, fmt, ap);
- rc = audit_log_user_avc_message(audit_fd, aut, buf, NULL, NULL, NULL, 0);
- va_end(ap);
- LogMessageVerb(X_WARNING, 0, "%s", buf);
- return 0;
-}
-
-/*
- * XACE Callbacks
- */
-
-static void
-SELinuxDevice(CallbackListPtr *pcbl, pointer unused, pointer calldata)
-{
- XaceDeviceAccessRec *rec = calldata;
- SELinuxSubjectRec *subj;
- SELinuxObjectRec *obj;
- SELinuxAuditRec auditdata = { .client = rec->client, .dev = rec->dev };
- int rc;
-
- subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey);
- obj = dixLookupPrivate(&rec->dev->devPrivates, objectKey);
-
- /* If this is a new object that needs labeling, do it now */
- if (rec->access_mode & DixCreateAccess) {
- SELinuxSubjectRec *dsubj;
- dsubj = dixLookupPrivate(&rec->dev->devPrivates, subjectKey);
-
- sidput(dsubj->sid);
- sidput(obj->sid);
-
- if (subj->dev_create_sid) {
- /* Label the device with the create context */
- sidget(obj->sid = subj->dev_create_sid);
- sidget(dsubj->sid = subj->dev_create_sid);
- } else {
- /* Label the device directly with the process SID */
- sidget(obj->sid = subj->sid);
- sidget(dsubj->sid = subj->sid);
- }
- }
-
- /* XXX only check read permission on XQueryKeymap */
- /* This is to allow the numerous apps that call XQueryPointer to work */
- if (rec->access_mode & DixReadAccess) {
- ClientPtr client = rec->client;
- REQUEST(xReq);
- if (stuff && stuff->reqType != X_QueryKeymap) {
- rec->access_mode &= ~DixReadAccess;
- rec->access_mode |= DixGetAttrAccess;
- }
- }
-
- rc = SELinuxDoCheck(subj, obj, SECCLASS_X_DEVICE, rec->access_mode,
- &auditdata);
- if (rc != Success)
- rec->status = rc;
-}
-
-static void
-SELinuxSend(CallbackListPtr *pcbl, pointer unused, pointer calldata)
-{
- XaceSendAccessRec *rec = calldata;
- SELinuxSubjectRec *subj;
- SELinuxObjectRec *obj, ev_sid;
- SELinuxAuditRec auditdata = { .client = rec->client, .dev = rec->dev };
- security_class_t class;
- int rc, i, type;
-
- if (rec->dev)
- subj = dixLookupPrivate(&rec->dev->devPrivates, subjectKey);
- else
- subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey);
-
- obj = dixLookupPrivate(&rec->pWin->devPrivates, objectKey);
-
- /* Check send permission on window */
- rc = SELinuxDoCheck(subj, obj, SECCLASS_X_DRAWABLE, DixSendAccess,
- &auditdata);
- if (rc != Success)
- goto err;
-
- /* Check send permission on specific event types */
- for (i = 0; i < rec->count; i++) {
- type = rec->events[i].u.u.type;
- class = (type & 128) ? SECCLASS_X_FAKEEVENT : SECCLASS_X_EVENT;
-
- rc = SELinuxEventToSID(type, obj->sid, &ev_sid);
- if (rc != Success)
- goto err;
-
- auditdata.event = type;
- rc = SELinuxDoCheck(subj, &ev_sid, class, DixSendAccess, &auditdata);
- if (rc != Success)
- goto err;
- }
- return;
-err:
- rec->status = rc;
-}
-
-static void
-SELinuxReceive(CallbackListPtr *pcbl, pointer unused, pointer calldata)
-{
- XaceReceiveAccessRec *rec = calldata;
- SELinuxSubjectRec *subj;
- SELinuxObjectRec *obj, ev_sid;
- SELinuxAuditRec auditdata = { .client = NULL };
- security_class_t class;
- int rc, i, type;
-
- subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey);
- obj = dixLookupPrivate(&rec->pWin->devPrivates, objectKey);
-
- /* Check receive permission on window */
- rc = SELinuxDoCheck(subj, obj, SECCLASS_X_DRAWABLE, DixReceiveAccess,
- &auditdata);
- if (rc != Success)
- goto err;
-
- /* Check receive permission on specific event types */
- for (i = 0; i < rec->count; i++) {
- type = rec->events[i].u.u.type;
- class = (type & 128) ? SECCLASS_X_FAKEEVENT : SECCLASS_X_EVENT;
-
- rc = SELinuxEventToSID(type, obj->sid, &ev_sid);
- if (rc != Success)
- goto err;
-
- auditdata.event = type;
- rc = SELinuxDoCheck(subj, &ev_sid, class, DixReceiveAccess, &auditdata);
- if (rc != Success)
- goto err;
- }
- return;
-err:
- rec->status = rc;
-}
-
-static void
-SELinuxExtension(CallbackListPtr *pcbl, pointer unused, pointer calldata)
-{
- XaceExtAccessRec *rec = calldata;
- SELinuxSubjectRec *subj, *serv;
- SELinuxObjectRec *obj;
- SELinuxAuditRec auditdata = { .client = rec->client };
- int rc;
-
- subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey);
- obj = dixLookupPrivate(&rec->ext->devPrivates, objectKey);
-
- /* If this is a new object that needs labeling, do it now */
- /* XXX there should be a separate callback for this */
- if (obj->sid == unlabeled_sid) {
- const char *name = rec->ext->name;
- security_context_t ctx;
- security_id_t sid;
-
- serv = dixLookupPrivate(&serverClient->devPrivates, subjectKey);
-
- /* Look in the mappings of extension names to contexts */
- if (selabel_lookup_raw(label_hnd, &ctx, name, SELABEL_X_EXT) < 0) {
- ErrorF("SELinux: a property label lookup failed!\n");
- rec->status = BadValue;
- return;
- }
- /* Get a SID for context */
- if (avc_context_to_sid_raw(ctx, &sid) < 0) {
- ErrorF("SELinux: a context_to_SID_raw call failed!\n");
- rec->status = BadAlloc;
- return;
- }
-
- sidput(obj->sid);
-
- /* Perform a transition to obtain the final SID */
- if (avc_compute_create(serv->sid, sid, SECCLASS_X_EXTENSION,
- &obj->sid) < 0) {
- ErrorF("SELinux: a SID transition call failed!\n");
- freecon(ctx);
- rec->status = BadValue;
- return;
- }
- freecon(ctx);
- }
-
- /* Perform the security check */
- auditdata.extension = rec->ext->name;
- rc = SELinuxDoCheck(subj, obj, SECCLASS_X_EXTENSION, rec->access_mode,
- &auditdata);
- if (rc != Success)
- rec->status = rc;
-}
-
-static void
-SELinuxSelection(CallbackListPtr *pcbl, pointer unused, pointer calldata)
-{
- XaceSelectionAccessRec *rec = calldata;
- SELinuxSubjectRec *subj;
- SELinuxObjectRec *obj, *data;
- Selection *pSel = *rec->ppSel;
- Atom name = pSel->selection;
- Mask access_mode = rec->access_mode;
- SELinuxAuditRec auditdata = { .client = rec->client, .selection = name };
- security_id_t tsid;
- int rc;
-
- subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey);
- obj = dixLookupPrivate(&pSel->devPrivates, objectKey);
-
- /* If this is a new object that needs labeling, do it now */
- if (access_mode & DixCreateAccess) {
- sidput(obj->sid);
- rc = SELinuxSelectionToSID(name, subj, &obj->sid, &obj->poly);
- if (rc != Success)
- obj->sid = unlabeled_sid;
- access_mode = DixSetAttrAccess;
- }
- /* If this is a polyinstantiated object, find the right instance */
- else if (obj->poly) {
- rc = SELinuxSelectionToSID(name, subj, &tsid, NULL);
- if (rc != Success) {
- rec->status = rc;
- return;
- }
- while (pSel->selection != name || obj->sid != tsid) {
- if ((pSel = pSel->next) == NULL)
- break;
- obj = dixLookupPrivate(&pSel->devPrivates, objectKey);
- }
- sidput(tsid);
-
- if (pSel)
- *rec->ppSel = pSel;
- else {
- rec->status = BadMatch;
- return;
- }
- }
-
- /* Perform the security check */
- rc = SELinuxDoCheck(subj, obj, SECCLASS_X_SELECTION, access_mode,
- &auditdata);
- if (rc != Success)
- rec->status = rc;
-
- /* Label the content (advisory only) */
- if (access_mode & DixSetAttrAccess) {
- data = dixLookupPrivate(&pSel->devPrivates, dataKey);
- sidput(data->sid);
- if (subj->sel_create_sid)
- sidget(data->sid = subj->sel_create_sid);
- else
- sidget(data->sid = obj->sid);
- }
-}
-
-static void
-SELinuxProperty(CallbackListPtr *pcbl, pointer unused, pointer calldata)
-{
- XacePropertyAccessRec *rec = calldata;
- SELinuxSubjectRec *subj;
- SELinuxObjectRec *obj, *data;
- PropertyPtr pProp = *rec->ppProp;
- Atom name = pProp->propertyName;
- SELinuxAuditRec auditdata = { .client = rec->client, .property = name };
- security_id_t tsid;
- int rc;
-
- /* Don't care about the new content check */
- if (rec->access_mode & DixPostAccess)
- return;
-
- subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey);
- obj = dixLookupPrivate(&pProp->devPrivates, objectKey);
-
- /* If this is a new object that needs labeling, do it now */
- if (rec->access_mode & DixCreateAccess) {
- sidput(obj->sid);
- rc = SELinuxPropertyToSID(name, subj, &obj->sid, &obj->poly);
- if (rc != Success) {
- rec->status = rc;
- return;
- }
- }
- /* If this is a polyinstantiated object, find the right instance */
- else if (obj->poly) {
- rc = SELinuxPropertyToSID(name, subj, &tsid, NULL);
- if (rc != Success) {
- rec->status = rc;
- return;
- }
- while (pProp->propertyName != name || obj->sid != tsid) {
- if ((pProp = pProp->next) == NULL)
- break;
- obj = dixLookupPrivate(&pProp->devPrivates, objectKey);
- }
- sidput(tsid);
-
- if (pProp)
- *rec->ppProp = pProp;
- else {
- rec->status = BadMatch;
- return;
- }
- }
-
- /* Perform the security check */
- rc = SELinuxDoCheck(subj, obj, SECCLASS_X_PROPERTY, rec->access_mode,
- &auditdata);
- if (rc != Success)
- rec->status = rc;
-
- /* Label the content (advisory only) */
- if (rec->access_mode & DixWriteAccess) {
- data = dixLookupPrivate(&pProp->devPrivates, dataKey);
- sidput(data->sid);
- if (subj->prp_create_sid)
- sidget(data->sid = subj->prp_create_sid);
- else
- sidget(data->sid = obj->sid);
- }
-}
-
-static void
-SELinuxResource(CallbackListPtr *pcbl, pointer unused, pointer calldata)
-{
- XaceResourceAccessRec *rec = calldata;
- SELinuxSubjectRec *subj;
- SELinuxObjectRec *obj;
- SELinuxAuditRec auditdata = { .client = rec->client };
- Mask access_mode = rec->access_mode;
- PrivateRec **privatePtr;
- security_class_t class;
- int rc, offset;
-
- subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey);
-
- /* Determine if the resource object has a devPrivates field */
- offset = dixLookupPrivateOffset(rec->rtype);
- if (offset < 0) {
- /* No: use the SID of the owning client */
- class = SECCLASS_X_RESOURCE;
- privatePtr = &clients[CLIENT_ID(rec->id)]->devPrivates;
- obj = dixLookupPrivate(privatePtr, objectKey);
- } else {
- /* Yes: use the SID from the resource object itself */
- class = SELinuxTypeToClass(rec->rtype);
- privatePtr = DEVPRIV_AT(rec->res, offset);
- obj = dixLookupPrivate(privatePtr, objectKey);
- }
-
- /* If this is a new object that needs labeling, do it now */
- if (access_mode & DixCreateAccess && offset >= 0) {
- rc = SELinuxLabelResource(rec, subj, obj, class);
- if (rc != Success) {
- rec->status = rc;
- return;
- }
- }
-
- /* Collapse generic resource permissions down to read/write */
- if (class == SECCLASS_X_RESOURCE) {
- access_mode = !!(rec->access_mode & SELinuxReadMask); /* rd */
- access_mode |= !!(rec->access_mode & ~SELinuxReadMask) << 1; /* wr */
- }
-
- /* Perform the security check */
- auditdata.restype = rec->rtype;
- auditdata.id = rec->id;
- rc = SELinuxDoCheck(subj, obj, class, access_mode, &auditdata);
- if (rc != Success)
- rec->status = rc;
-
- /* Perform the background none check on windows */
- if (access_mode & DixCreateAccess && rec->rtype == RT_WINDOW) {
- rc = SELinuxDoCheck(subj, obj, class, DixBlendAccess, &auditdata);
- if (rc != Success)
- ((WindowPtr)rec->res)->forcedBG = TRUE;
- }
-}
-
-static void
-SELinuxScreen(CallbackListPtr *pcbl, pointer is_saver, pointer calldata)
-{
- XaceScreenAccessRec *rec = calldata;
- SELinuxSubjectRec *subj;
- SELinuxObjectRec *obj;
- SELinuxAuditRec auditdata = { .client = rec->client };
- Mask access_mode = rec->access_mode;
- int rc;
-
- subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey);
- obj = dixLookupPrivate(&rec->screen->devPrivates, objectKey);
-
- /* If this is a new object that needs labeling, do it now */
- if (access_mode & DixCreateAccess) {
- sidput(obj->sid);
-
- /* Perform a transition to obtain the final SID */
- if (avc_compute_create(subj->sid, subj->sid, SECCLASS_X_SCREEN,
- &obj->sid) < 0) {
- ErrorF("SELinux: a compute_create call failed!\n");
- rec->status = BadValue;
- return;
- }
- }
-
- if (is_saver)
- access_mode <<= 2;
-
- rc = SELinuxDoCheck(subj, obj, SECCLASS_X_SCREEN, access_mode, &auditdata);
- if (rc != Success)
- rec->status = rc;
-}
-
-static void
-SELinuxClient(CallbackListPtr *pcbl, pointer unused, pointer calldata)
-{
- XaceClientAccessRec *rec = calldata;
- SELinuxSubjectRec *subj;
- SELinuxObjectRec *obj;
- SELinuxAuditRec auditdata = { .client = rec->client };
- int rc;
-
- subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey);
- obj = dixLookupPrivate(&rec->target->devPrivates, objectKey);
-
- rc = SELinuxDoCheck(subj, obj, SECCLASS_X_CLIENT, rec->access_mode,
- &auditdata);
- if (rc != Success)
- rec->status = rc;
-}
-
-static void
-SELinuxServer(CallbackListPtr *pcbl, pointer unused, pointer calldata)
-{
- XaceServerAccessRec *rec = calldata;
- SELinuxSubjectRec *subj;
- SELinuxObjectRec *obj;
- SELinuxAuditRec auditdata = { .client = rec->client };
- int rc;
-
- subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey);
- obj = dixLookupPrivate(&serverClient->devPrivates, objectKey);
-
- rc = SELinuxDoCheck(subj, obj, SECCLASS_X_SERVER, rec->access_mode,
- &auditdata);
- if (rc != Success)
- rec->status = rc;
-}
-
-
-/*
- * DIX Callbacks
- */
-
-static void
-SELinuxClientState(CallbackListPtr *pcbl, pointer unused, pointer calldata)
-{
- NewClientInfoRec *pci = calldata;
-
- switch (pci->client->clientState) {
- case ClientStateInitial:
- SELinuxLabelClient(pci->client);
- break;
-
- default:
- break;
- }
-}
-
-static void
-SELinuxResourceState(CallbackListPtr *pcbl, pointer unused, pointer calldata)
-{
- ResourceStateInfoRec *rec = calldata;
- SELinuxSubjectRec *subj;
- SELinuxObjectRec *obj;
- WindowPtr pWin;
-
- if (rec->type != RT_WINDOW)
- return;
- if (rec->state != ResourceStateAdding)
- return;
-
- pWin = (WindowPtr)rec->value;
- subj = dixLookupPrivate(&wClient(pWin)->devPrivates, subjectKey);
-
- if (subj->sid) {
- security_context_t ctx;
- int rc = avc_sid_to_context_raw(subj->sid, &ctx);
- if (rc < 0)
- FatalError("SELinux: Failed to get security context!\n");
- rc = dixChangeWindowProperty(serverClient,
- pWin, atom_client_ctx, XA_STRING, 8,
- PropModeReplace, strlen(ctx), ctx, FALSE);
- if (rc != Success)
- FatalError("SELinux: Failed to set label property on window!\n");
- freecon(ctx);
- } else
- FatalError("SELinux: Unexpected unlabeled client found\n");
-
- obj = dixLookupPrivate(&pWin->devPrivates, objectKey);
-
- if (obj->sid) {
- security_context_t ctx;
- int rc = avc_sid_to_context_raw(obj->sid, &ctx);
- if (rc < 0)
- FatalError("SELinux: Failed to get security context!\n");
- rc = dixChangeWindowProperty(serverClient,
- pWin, atom_ctx, XA_STRING, 8,
- PropModeReplace, strlen(ctx), ctx, FALSE);
- if (rc != Success)
- FatalError("SELinux: Failed to set label property on window!\n");
- freecon(ctx);
- } else
- FatalError("SELinux: Unexpected unlabeled window found\n");
-}
-
-
-/*
- * DevPrivates Callbacks
- */
-
-static void
-SELinuxSubjectInit(CallbackListPtr *pcbl, pointer unused, pointer calldata)
-{
- PrivateCallbackRec *rec = calldata;
- SELinuxSubjectRec *subj = *rec->value;
-
- sidget(unlabeled_sid);
- subj->sid = unlabeled_sid;
-
- avc_entry_ref_init(&subj->aeref);
-}
-
-static void
-SELinuxSubjectFree(CallbackListPtr *pcbl, pointer unused, pointer calldata)
-{
- PrivateCallbackRec *rec = calldata;
- SELinuxSubjectRec *subj = *rec->value;
-
- xfree(subj->command);
-
- if (avc_active) {
- sidput(subj->sid);
- sidput(subj->dev_create_sid);
- sidput(subj->win_create_sid);
- sidput(subj->sel_create_sid);
- sidput(subj->prp_create_sid);
- }
-}
-
-static void
-SELinuxObjectInit(CallbackListPtr *pcbl, pointer unused, pointer calldata)
-{
- PrivateCallbackRec *rec = calldata;
- SELinuxObjectRec *obj = *rec->value;
-
- sidget(unlabeled_sid);
- obj->sid = unlabeled_sid;
-}
-
-static void
-SELinuxObjectFree(CallbackListPtr *pcbl, pointer unused, pointer calldata)
-{
- PrivateCallbackRec *rec = calldata;
- SELinuxObjectRec *obj = *rec->value;
-
- if (avc_active)
- sidput(obj->sid);
-}
-
-
-/*
- * Extension Dispatch
- */
-
-#define CTX_DEV offsetof(SELinuxSubjectRec, dev_create_sid)
-#define CTX_WIN offsetof(SELinuxSubjectRec, win_create_sid)
-#define CTX_PRP offsetof(SELinuxSubjectRec, prp_create_sid)
-#define CTX_SEL offsetof(SELinuxSubjectRec, sel_create_sid)
-#define USE_PRP offsetof(SELinuxSubjectRec, prp_use_sid)
-#define USE_SEL offsetof(SELinuxSubjectRec, sel_use_sid)
-
-typedef struct {
- security_context_t octx;
- security_context_t dctx;
- CARD32 octx_len;
- CARD32 dctx_len;
- CARD32 id;
-} SELinuxListItemRec;
-
-static security_context_t
-SELinuxCopyContext(char *ptr, unsigned len)
-{
- security_context_t copy = xalloc(len + 1);
- if (!copy)
- return NULL;
- strncpy(copy, ptr, len);
- copy[len] = '\0';
- return copy;
-}
-
-static int
-ProcSELinuxQueryVersion(ClientPtr client)
-{
- SELinuxQueryVersionReply rep;
-
- rep.type = X_Reply;
- rep.length = 0;
- rep.sequenceNumber = client->sequence;
- rep.server_major = SELINUX_MAJOR_VERSION;
- rep.server_minor = SELINUX_MINOR_VERSION;
- if (client->swapped) {
- int n;
- swaps(&rep.sequenceNumber, n);
- swapl(&rep.length, n);
- swaps(&rep.server_major, n);
- swaps(&rep.server_minor, n);
- }
- WriteToClient(client, sizeof(rep), (char *)&rep);
- return (client->noClientException);
-}
-
-static int
-SELinuxSendContextReply(ClientPtr client, security_id_t sid)
-{
- SELinuxGetContextReply rep;
- security_context_t ctx = NULL;
- int len = 0;
-
- if (sid) {
- if (avc_sid_to_context_raw(sid, &ctx) < 0)
- return BadValue;
- len = strlen(ctx) + 1;
- }
-
- rep.type = X_Reply;
- rep.length = bytes_to_int32(len);
- rep.sequenceNumber = client->sequence;
- rep.context_len = len;
-
- if (client->swapped) {
- int n;
- swapl(&rep.length, n);
- swaps(&rep.sequenceNumber, n);
- swapl(&rep.context_len, n);
- }
-
- WriteToClient(client, sizeof(SELinuxGetContextReply), (char *)&rep);
- WriteToClient(client, len, ctx);
- freecon(ctx);
- return client->noClientException;
-}
-
-static int
-ProcSELinuxSetCreateContext(ClientPtr client, unsigned offset)
-{
- PrivateRec **privPtr = &client->devPrivates;
- security_id_t *pSid;
- security_context_t ctx = NULL;
- char *ptr;
- int rc;
-
- REQUEST(SELinuxSetCreateContextReq);
- REQUEST_FIXED_SIZE(SELinuxSetCreateContextReq, stuff->context_len);
-
- if (stuff->context_len > 0) {
- ctx = SELinuxCopyContext((char *)(stuff + 1), stuff->context_len);
- if (!ctx)
- return BadAlloc;
- }
-
- ptr = dixLookupPrivate(privPtr, subjectKey);
- pSid = (security_id_t *)(ptr + offset);
- sidput(*pSid);
- *pSid = NULL;
-
- rc = Success;
- if (stuff->context_len > 0) {
- if (security_check_context_raw(ctx) < 0 ||
- avc_context_to_sid_raw(ctx, pSid) < 0)
- rc = BadValue;
- }
-
- xfree(ctx);
- return rc;
-}
-
-static int
-ProcSELinuxGetCreateContext(ClientPtr client, unsigned offset)
-{
- security_id_t *pSid;
- char *ptr;
-
- REQUEST_SIZE_MATCH(SELinuxGetCreateContextReq);
-
- if (offset == CTX_DEV)
- ptr = dixLookupPrivate(&serverClient->devPrivates, subjectKey);
- else
- ptr = dixLookupPrivate(&client->devPrivates, subjectKey);
-
- pSid = (security_id_t *)(ptr + offset);
- return SELinuxSendContextReply(client, *pSid);
-}
-
-static int
-ProcSELinuxSetDeviceContext(ClientPtr client)
-{
- security_context_t ctx;
- security_id_t sid;
- DeviceIntPtr dev;
- SELinuxSubjectRec *subj;
- SELinuxObjectRec *obj;
- int rc;
-
- REQUEST(SELinuxSetContextReq);
- REQUEST_FIXED_SIZE(SELinuxSetContextReq, stuff->context_len);
-
- if (stuff->context_len < 1)
- return BadLength;
- ctx = SELinuxCopyContext((char *)(stuff + 1), stuff->context_len);
- if (!ctx)
- return BadAlloc;
-
- rc = dixLookupDevice(&dev, stuff->id, client, DixManageAccess);
- if (rc != Success)
- goto out;
-
- if (security_check_context_raw(ctx) < 0 ||
- avc_context_to_sid_raw(ctx, &sid) < 0) {
- rc = BadValue;
- goto out;
- }
-
- subj = dixLookupPrivate(&dev->devPrivates, subjectKey);
- sidput(subj->sid);
- subj->sid = sid;
- obj = dixLookupPrivate(&dev->devPrivates, objectKey);
- sidput(obj->sid);
- sidget(obj->sid = sid);
-
- rc = Success;
-out:
- xfree(ctx);
- return rc;
-}
-
-static int
-ProcSELinuxGetDeviceContext(ClientPtr client)
-{
- DeviceIntPtr dev;
- SELinuxSubjectRec *subj;
- int rc;
-
- REQUEST(SELinuxGetContextReq);
- REQUEST_SIZE_MATCH(SELinuxGetContextReq);
-
- rc = dixLookupDevice(&dev, stuff->id, client, DixGetAttrAccess);
- if (rc != Success)
- return rc;
-
- subj = dixLookupPrivate(&dev->devPrivates, subjectKey);
- return SELinuxSendContextReply(client, subj->sid);
-}
-
-static int
-ProcSELinuxGetWindowContext(ClientPtr client)
-{
- WindowPtr pWin;
- SELinuxObjectRec *obj;
- int rc;
-
- REQUEST(SELinuxGetContextReq);
- REQUEST_SIZE_MATCH(SELinuxGetContextReq);
-
- rc = dixLookupWindow(&pWin, stuff->id, client, DixGetAttrAccess);
- if (rc != Success)
- return rc;
-
- obj = dixLookupPrivate(&pWin->devPrivates, objectKey);
- return SELinuxSendContextReply(client, obj->sid);
-}
-
-static int
-ProcSELinuxGetPropertyContext(ClientPtr client, pointer privKey)
-{
- WindowPtr pWin;
- PropertyPtr pProp;
- SELinuxObjectRec *obj;
- int rc;
-
- REQUEST(SELinuxGetPropertyContextReq);
- REQUEST_SIZE_MATCH(SELinuxGetPropertyContextReq);
-
- rc = dixLookupWindow(&pWin, stuff->window, client, DixGetPropAccess);
- if (rc != Success)
- return rc;
-
- rc = dixLookupProperty(&pProp, pWin, stuff->property, client,
- DixGetAttrAccess);
- if (rc != Success)
- return rc;
-
- obj = dixLookupPrivate(&pProp->devPrivates, privKey);
- return SELinuxSendContextReply(client, obj->sid);
-}
-
-static int
-ProcSELinuxGetSelectionContext(ClientPtr client, pointer privKey)
-{
- Selection *pSel;
- SELinuxObjectRec *obj;
- int rc;
-
- REQUEST(SELinuxGetContextReq);
- REQUEST_SIZE_MATCH(SELinuxGetContextReq);
-
- rc = dixLookupSelection(&pSel, stuff->id, client, DixGetAttrAccess);
- if (rc != Success)
- return rc;
-
- obj = dixLookupPrivate(&pSel->devPrivates, privKey);
- return SELinuxSendContextReply(client, obj->sid);
-}
-
-static int
-ProcSELinuxGetClientContext(ClientPtr client)
-{
- ClientPtr target;
- SELinuxSubjectRec *subj;
- int rc;
-
- REQUEST(SELinuxGetContextReq);
- REQUEST_SIZE_MATCH(SELinuxGetContextReq);
-
- rc = dixLookupClient(&target, stuff->id, client, DixGetAttrAccess);
- if (rc != Success)
- return rc;
-
- subj = dixLookupPrivate(&target->devPrivates, subjectKey);
- return SELinuxSendContextReply(client, subj->sid);
-}
-
-static int
-SELinuxPopulateItem(SELinuxListItemRec *i, PrivateRec **privPtr, CARD32 id,
- int *size)
-{
- SELinuxObjectRec *obj = dixLookupPrivate(privPtr, objectKey);
- SELinuxObjectRec *data = dixLookupPrivate(privPtr, dataKey);
-
- if (avc_sid_to_context_raw(obj->sid, &i->octx) < 0)
- return BadValue;
- if (avc_sid_to_context_raw(data->sid, &i->dctx) < 0)
- return BadValue;
-
- i->id = id;
- i->octx_len = bytes_to_int32(strlen(i->octx) + 1);
- i->dctx_len = bytes_to_int32(strlen(i->dctx) + 1);
-
- *size += i->octx_len + i->dctx_len + 3;
- return Success;
-}
-
-static void
-SELinuxFreeItems(SELinuxListItemRec *items, int count)
-{
- int k;
- for (k = 0; k < count; k++) {
- freecon(items[k].octx);
- freecon(items[k].dctx);
- }
- xfree(items);
-}
-
-static int
-SELinuxSendItemsToClient(ClientPtr client, SELinuxListItemRec *items,
- int size, int count)
-{
- int rc, k, n, pos = 0;
- SELinuxListItemsReply rep;
- CARD32 *buf;
-
- buf = xcalloc(size, sizeof(CARD32));
- if (size && !buf) {
- rc = BadAlloc;
- goto out;
- }
-
- /* Fill in the buffer */
- for (k = 0; k < count; k++) {
- buf[pos] = items[k].id;
- if (client->swapped)
- swapl(buf + pos, n);
- pos++;
-
- buf[pos] = items[k].octx_len * 4;
- if (client->swapped)
- swapl(buf + pos, n);
- pos++;
-
- buf[pos] = items[k].dctx_len * 4;
- if (client->swapped)
- swapl(buf + pos, n);
- pos++;
-
- memcpy((char *)(buf + pos), items[k].octx, strlen(items[k].octx) + 1);
- pos += items[k].octx_len;
- memcpy((char *)(buf + pos), items[k].dctx, strlen(items[k].dctx) + 1);
- pos += items[k].dctx_len;
- }
-
- /* Send reply to client */
- rep.type = X_Reply;
- rep.length = size;
- rep.sequenceNumber = client->sequence;
- rep.count = count;
-
- if (client->swapped) {
- swapl(&rep.length, n);
- swaps(&rep.sequenceNumber, n);
- swapl(&rep.count, n);
- }
-
- WriteToClient(client, sizeof(SELinuxListItemsReply), (char *)&rep);
- WriteToClient(client, size * 4, (char *)buf);
-
- /* Free stuff and return */
- rc = client->noClientException;
- xfree(buf);
-out:
- SELinuxFreeItems(items, count);
- return rc;
-}
-
-static int
-ProcSELinuxListProperties(ClientPtr client)
-{
- WindowPtr pWin;
- PropertyPtr pProp;
- SELinuxListItemRec *items;
- int rc, count, size, i;
- CARD32 id;
-
- REQUEST(SELinuxGetContextReq);
- REQUEST_SIZE_MATCH(SELinuxGetContextReq);
-
- rc = dixLookupWindow(&pWin, stuff->id, client, DixListPropAccess);
- if (rc != Success)
- return rc;
-
- /* Count the number of properties and allocate items */
- count = 0;
- for (pProp = wUserProps(pWin); pProp; pProp = pProp->next)
- count++;
- items = xcalloc(count, sizeof(SELinuxListItemRec));
- if (count && !items)
- return BadAlloc;
-
- /* Fill in the items and calculate size */
- i = 0;
- size = 0;
- for (pProp = wUserProps(pWin); pProp; pProp = pProp->next) {
- id = pProp->propertyName;
- rc = SELinuxPopulateItem(items + i, &pProp->devPrivates, id, &size);
- if (rc != Success) {
- SELinuxFreeItems(items, count);
- return rc;
- }
- i++;
- }
-
- return SELinuxSendItemsToClient(client, items, size, count);
-}
-
-static int
-ProcSELinuxListSelections(ClientPtr client)
-{
- Selection *pSel;
- SELinuxListItemRec *items;
- int rc, count, size, i;
- CARD32 id;
-
- REQUEST_SIZE_MATCH(SELinuxGetCreateContextReq);
-
- /* Count the number of selections and allocate items */
- count = 0;
- for (pSel = CurrentSelections; pSel; pSel = pSel->next)
- count++;
- items = xcalloc(count, sizeof(SELinuxListItemRec));
- if (count && !items)
- return BadAlloc;
-
- /* Fill in the items and calculate size */
- i = 0;
- size = 0;
- for (pSel = CurrentSelections; pSel; pSel = pSel->next) {
- id = pSel->selection;
- rc = SELinuxPopulateItem(items + i, &pSel->devPrivates, id, &size);
- if (rc != Success) {
- SELinuxFreeItems(items, count);
- return rc;
- }
- i++;
- }
-
- return SELinuxSendItemsToClient(client, items, size, count);
-}
-
-static int
-ProcSELinuxDispatch(ClientPtr client)
-{
- REQUEST(xReq);
- switch (stuff->data) {
- case X_SELinuxQueryVersion:
- return ProcSELinuxQueryVersion(client);
- case X_SELinuxSetDeviceCreateContext:
- return ProcSELinuxSetCreateContext(client, CTX_DEV);
- case X_SELinuxGetDeviceCreateContext:
- return ProcSELinuxGetCreateContext(client, CTX_DEV);
- case X_SELinuxSetDeviceContext:
- return ProcSELinuxSetDeviceContext(client);
- case X_SELinuxGetDeviceContext:
- return ProcSELinuxGetDeviceContext(client);
- case X_SELinuxSetWindowCreateContext:
- return ProcSELinuxSetCreateContext(client, CTX_WIN);
- case X_SELinuxGetWindowCreateContext:
- return ProcSELinuxGetCreateContext(client, CTX_WIN);
- case X_SELinuxGetWindowContext:
- return ProcSELinuxGetWindowContext(client);
- case X_SELinuxSetPropertyCreateContext:
- return ProcSELinuxSetCreateContext(client, CTX_PRP);
- case X_SELinuxGetPropertyCreateContext:
- return ProcSELinuxGetCreateContext(client, CTX_PRP);
- case X_SELinuxSetPropertyUseContext:
- return ProcSELinuxSetCreateContext(client, USE_PRP);
- case X_SELinuxGetPropertyUseContext:
- return ProcSELinuxGetCreateContext(client, USE_PRP);
- case X_SELinuxGetPropertyContext:
- return ProcSELinuxGetPropertyContext(client, objectKey);
- case X_SELinuxGetPropertyDataContext:
- return ProcSELinuxGetPropertyContext(client, dataKey);
- case X_SELinuxListProperties:
- return ProcSELinuxListProperties(client);
- case X_SELinuxSetSelectionCreateContext:
- return ProcSELinuxSetCreateContext(client, CTX_SEL);
- case X_SELinuxGetSelectionCreateContext:
- return ProcSELinuxGetCreateContext(client, CTX_SEL);
- case X_SELinuxSetSelectionUseContext:
- return ProcSELinuxSetCreateContext(client, USE_SEL);
- case X_SELinuxGetSelectionUseContext:
- return ProcSELinuxGetCreateContext(client, USE_SEL);
- case X_SELinuxGetSelectionContext:
- return ProcSELinuxGetSelectionContext(client, objectKey);
- case X_SELinuxGetSelectionDataContext:
- return ProcSELinuxGetSelectionContext(client, dataKey);
- case X_SELinuxListSelections:
- return ProcSELinuxListSelections(client);
- case X_SELinuxGetClientContext:
- return ProcSELinuxGetClientContext(client);
- default:
- return BadRequest;
- }
-}
-
-static int
-SProcSELinuxQueryVersion(ClientPtr client)
-{
- REQUEST(SELinuxQueryVersionReq);
- int n;
-
- REQUEST_SIZE_MATCH(SELinuxQueryVersionReq);
- swaps(&stuff->client_major, n);
- swaps(&stuff->client_minor, n);
- return ProcSELinuxQueryVersion(client);
-}
-
-static int
-SProcSELinuxSetCreateContext(ClientPtr client, unsigned offset)
-{
- REQUEST(SELinuxSetCreateContextReq);
- int n;
-
- REQUEST_AT_LEAST_SIZE(SELinuxSetCreateContextReq);
- swapl(&stuff->context_len, n);
- return ProcSELinuxSetCreateContext(client, offset);
-}
-
-static int
-SProcSELinuxSetDeviceContext(ClientPtr client)
-{
- REQUEST(SELinuxSetContextReq);
- int n;
-
- REQUEST_AT_LEAST_SIZE(SELinuxSetContextReq);
- swapl(&stuff->id, n);
- swapl(&stuff->context_len, n);
- return ProcSELinuxSetDeviceContext(client);
-}
-
-static int
-SProcSELinuxGetDeviceContext(ClientPtr client)
-{
- REQUEST(SELinuxGetContextReq);
- int n;
-
- REQUEST_SIZE_MATCH(SELinuxGetContextReq);
- swapl(&stuff->id, n);
- return ProcSELinuxGetDeviceContext(client);
-}
-
-static int
-SProcSELinuxGetWindowContext(ClientPtr client)
-{
- REQUEST(SELinuxGetContextReq);
- int n;
-
- REQUEST_SIZE_MATCH(SELinuxGetContextReq);
- swapl(&stuff->id, n);
- return ProcSELinuxGetWindowContext(client);
-}
-
-static int
-SProcSELinuxGetPropertyContext(ClientPtr client, pointer privKey)
-{
- REQUEST(SELinuxGetPropertyContextReq);
- int n;
-
- REQUEST_SIZE_MATCH(SELinuxGetPropertyContextReq);
- swapl(&stuff->window, n);
- swapl(&stuff->property, n);
- return ProcSELinuxGetPropertyContext(client, privKey);
-}
-
-static int
-SProcSELinuxGetSelectionContext(ClientPtr client, pointer privKey)
-{
- REQUEST(SELinuxGetContextReq);
- int n;
-
- REQUEST_SIZE_MATCH(SELinuxGetContextReq);
- swapl(&stuff->id, n);
- return ProcSELinuxGetSelectionContext(client, privKey);
-}
-
-static int
-SProcSELinuxListProperties(ClientPtr client)
-{
- REQUEST(SELinuxGetContextReq);
- int n;
-
- REQUEST_SIZE_MATCH(SELinuxGetContextReq);
- swapl(&stuff->id, n);
- return ProcSELinuxListProperties(client);
-}
-
-static int
-SProcSELinuxGetClientContext(ClientPtr client)
-{
- REQUEST(SELinuxGetContextReq);
- int n;
-
- REQUEST_SIZE_MATCH(SELinuxGetContextReq);
- swapl(&stuff->id, n);
- return ProcSELinuxGetClientContext(client);
-}
-
-static int
-SProcSELinuxDispatch(ClientPtr client)
-{
- REQUEST(xReq);
- int n;
-
- swaps(&stuff->length, n);
-
- switch (stuff->data) {
- case X_SELinuxQueryVersion:
- return SProcSELinuxQueryVersion(client);
- case X_SELinuxSetDeviceCreateContext:
- return SProcSELinuxSetCreateContext(client, CTX_DEV);
- case X_SELinuxGetDeviceCreateContext:
- return ProcSELinuxGetCreateContext(client, CTX_DEV);
- case X_SELinuxSetDeviceContext:
- return SProcSELinuxSetDeviceContext(client);
- case X_SELinuxGetDeviceContext:
- return SProcSELinuxGetDeviceContext(client);
- case X_SELinuxSetWindowCreateContext:
- return SProcSELinuxSetCreateContext(client, CTX_WIN);
- case X_SELinuxGetWindowCreateContext:
- return ProcSELinuxGetCreateContext(client, CTX_WIN);
- case X_SELinuxGetWindowContext:
- return SProcSELinuxGetWindowContext(client);
- case X_SELinuxSetPropertyCreateContext:
- return SProcSELinuxSetCreateContext(client, CTX_PRP);
- case X_SELinuxGetPropertyCreateContext:
- return ProcSELinuxGetCreateContext(client, CTX_PRP);
- case X_SELinuxSetPropertyUseContext:
- return SProcSELinuxSetCreateContext(client, USE_PRP);
- case X_SELinuxGetPropertyUseContext:
- return ProcSELinuxGetCreateContext(client, USE_PRP);
- case X_SELinuxGetPropertyContext:
- return SProcSELinuxGetPropertyContext(client, objectKey);
- case X_SELinuxGetPropertyDataContext:
- return SProcSELinuxGetPropertyContext(client, dataKey);
- case X_SELinuxListProperties:
- return SProcSELinuxListProperties(client);
- case X_SELinuxSetSelectionCreateContext:
- return SProcSELinuxSetCreateContext(client, CTX_SEL);
- case X_SELinuxGetSelectionCreateContext:
- return ProcSELinuxGetCreateContext(client, CTX_SEL);
- case X_SELinuxSetSelectionUseContext:
- return SProcSELinuxSetCreateContext(client, USE_SEL);
- case X_SELinuxGetSelectionUseContext:
- return ProcSELinuxGetCreateContext(client, USE_SEL);
- case X_SELinuxGetSelectionContext:
- return SProcSELinuxGetSelectionContext(client, objectKey);
- case X_SELinuxGetSelectionDataContext:
- return SProcSELinuxGetSelectionContext(client, dataKey);
- case X_SELinuxListSelections:
- return ProcSELinuxListSelections(client);
- case X_SELinuxGetClientContext:
- return SProcSELinuxGetClientContext(client);
- default:
- return BadRequest;
- }
-}
-
-#ifdef HAVE_AVC_NETLINK_ACQUIRE_FD
-static int netlink_fd;
-
-static void
-SELinuxBlockHandler(void *data, struct timeval **tv, void *read_mask)
-{
-}
-
-static void
-SELinuxWakeupHandler(void *data, int err, void *read_mask)
-{
- if (FD_ISSET(netlink_fd, (fd_set *)read_mask))
- avc_netlink_check_nb();
-}
-#endif
-
-
-/*
- * Extension Setup / Teardown
- */
-
-static void
-SELinuxResetProc(ExtensionEntry *extEntry)
-{
- /* Unregister callbacks */
- DeleteCallback(&ClientStateCallback, SELinuxClientState, NULL);
- DeleteCallback(&ResourceStateCallback, SELinuxResourceState, NULL);
-
- XaceDeleteCallback(XACE_EXT_DISPATCH, SELinuxExtension, NULL);
- XaceDeleteCallback(XACE_RESOURCE_ACCESS, SELinuxResource, NULL);
- XaceDeleteCallback(XACE_DEVICE_ACCESS, SELinuxDevice, NULL);
- XaceDeleteCallback(XACE_PROPERTY_ACCESS, SELinuxProperty, NULL);
- XaceDeleteCallback(XACE_SEND_ACCESS, SELinuxSend, NULL);
- XaceDeleteCallback(XACE_RECEIVE_ACCESS, SELinuxReceive, NULL);
- XaceDeleteCallback(XACE_CLIENT_ACCESS, SELinuxClient, NULL);
- XaceDeleteCallback(XACE_EXT_ACCESS, SELinuxExtension, NULL);
- XaceDeleteCallback(XACE_SERVER_ACCESS, SELinuxServer, NULL);
- XaceDeleteCallback(XACE_SELECTION_ACCESS, SELinuxSelection, NULL);
- XaceDeleteCallback(XACE_SCREEN_ACCESS, SELinuxScreen, NULL);
- XaceDeleteCallback(XACE_SCREENSAVER_ACCESS, SELinuxScreen, truep);
-
- /* Tear down SELinux stuff */
- selabel_close(label_hnd);
- label_hnd = NULL;
-
- audit_close(audit_fd);
-#ifdef HAVE_AVC_NETLINK_ACQUIRE_FD
- avc_netlink_release_fd();
- RemoveBlockAndWakeupHandlers(SELinuxBlockHandler, SELinuxWakeupHandler,
- NULL);
- RemoveGeneralSocket(netlink_fd);
-#endif
-
- avc_destroy();
- avc_active = 0;
-
- /* Free local state */
- xfree(knownAtoms);
- knownAtoms = NULL;
- numKnownAtoms = 0;
-
- xfree(knownEvents);
- knownEvents = NULL;
- numKnownEvents = 0;
-
- xfree(knownTypes);
- knownTypes = NULL;
- numKnownTypes = 0;
-}
-
-void
-SELinuxExtensionInit(INITARGS)
-{
- ExtensionEntry *extEntry;
- struct selinux_opt selabel_option = { SELABEL_OPT_VALIDATE, (char *)1 };
- struct selinux_opt avc_option = { AVC_OPT_SETENFORCE, (char *)0 };
- security_context_t ctx;
- int ret = TRUE;
-
- /* Check SELinux mode on system */
- if (!is_selinux_enabled()) {
- ErrorF("SELinux: Disabled on system, not enabling in X server\n");
- return;
- }
-
- /* Don't init unless there's something to do */
- if (!security_get_boolean_active("xserver_object_manager"))
- return;
-
- /* Check SELinux mode in configuration file */
- switch(selinuxEnforcingState) {
- case SELINUX_MODE_DISABLED:
- LogMessage(X_INFO, "SELinux: Disabled in configuration file\n");
- return;
- case SELINUX_MODE_ENFORCING:
- LogMessage(X_INFO, "SELinux: Configured in enforcing mode\n");
- avc_option.value = (char *)1;
- break;
- case SELINUX_MODE_PERMISSIVE:
- LogMessage(X_INFO, "SELinux: Configured in permissive mode\n");
- avc_option.value = (char *)0;
- break;
- default:
- avc_option.type = AVC_OPT_UNUSED;
- break;
- }
-
- /* Set up SELinux stuff */
- selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback)SELinuxLog);
- selinux_set_callback(SELINUX_CB_AUDIT, (union selinux_callback)SELinuxAudit);
-
- if (selinux_set_mapping(map) < 0) {
- if (errno == EINVAL) {
- ErrorF("SELinux: Invalid object class mapping, disabling SELinux support.\n");
- return;
- }
- FatalError("SELinux: Failed to set up security class mapping\n");
- }
-
- if (avc_open(&avc_option, 1) < 0)
- FatalError("SELinux: Couldn't initialize SELinux userspace AVC\n");
- avc_active = 1;
-
- label_hnd = selabel_open(SELABEL_CTX_X, &selabel_option, 1);
- if (!label_hnd)
- FatalError("SELinux: Failed to open x_contexts mapping in policy\n");
-
- if (security_get_initial_context_raw("unlabeled", &ctx) < 0)
- FatalError("SELinux: Failed to look up unlabeled context\n");
- if (avc_context_to_sid_raw(ctx, &unlabeled_sid) < 0)
- FatalError("SELinux: a context_to_SID call failed!\n");
- freecon(ctx);
-
- /* Prepare for auditing */
- audit_fd = audit_open();
- if (audit_fd < 0)
- FatalError("SELinux: Failed to open the system audit log\n");
-
- /* Allocate private storage */
- if (!dixRequestPrivate(subjectKey, sizeof(SELinuxSubjectRec)) ||
- !dixRequestPrivate(objectKey, sizeof(SELinuxObjectRec)) ||
- !dixRequestPrivate(dataKey, sizeof(SELinuxObjectRec)))
- FatalError("SELinux: Failed to allocate private storage.\n");
-
- /* Create atoms for doing window labeling */
- atom_ctx = MakeAtom("_SELINUX_CONTEXT", 16, TRUE);
- if (atom_ctx == BAD_RESOURCE)
- FatalError("SELinux: Failed to create atom\n");
- atom_client_ctx = MakeAtom("_SELINUX_CLIENT_CONTEXT", 23, TRUE);
- if (atom_client_ctx == BAD_RESOURCE)
- FatalError("SELinux: Failed to create atom\n");
-
-#ifdef HAVE_AVC_NETLINK_ACQUIRE_FD
- netlink_fd = avc_netlink_acquire_fd();
- AddGeneralSocket(netlink_fd);
- RegisterBlockAndWakeupHandlers(SELinuxBlockHandler, SELinuxWakeupHandler,
- NULL);
-#endif
-
- /* Register callbacks */
- ret &= dixRegisterPrivateInitFunc(subjectKey, SELinuxSubjectInit, NULL);
- ret &= dixRegisterPrivateDeleteFunc(subjectKey, SELinuxSubjectFree, NULL);
- ret &= dixRegisterPrivateInitFunc(objectKey, SELinuxObjectInit, NULL);
- ret &= dixRegisterPrivateDeleteFunc(objectKey, SELinuxObjectFree, NULL);
- ret &= dixRegisterPrivateInitFunc(dataKey, SELinuxObjectInit, NULL);
- ret &= dixRegisterPrivateDeleteFunc(dataKey, SELinuxObjectFree, NULL);
-
- ret &= AddCallback(&ClientStateCallback, SELinuxClientState, NULL);
- ret &= AddCallback(&ResourceStateCallback, SELinuxResourceState, NULL);
-
- ret &= XaceRegisterCallback(XACE_EXT_DISPATCH, SELinuxExtension, NULL);
- ret &= XaceRegisterCallback(XACE_RESOURCE_ACCESS, SELinuxResource, NULL);
- ret &= XaceRegisterCallback(XACE_DEVICE_ACCESS, SELinuxDevice, NULL);
- ret &= XaceRegisterCallback(XACE_PROPERTY_ACCESS, SELinuxProperty, NULL);
- ret &= XaceRegisterCallback(XACE_SEND_ACCESS, SELinuxSend, NULL);
- ret &= XaceRegisterCallback(XACE_RECEIVE_ACCESS, SELinuxReceive, NULL);
- ret &= XaceRegisterCallback(XACE_CLIENT_ACCESS, SELinuxClient, NULL);
- ret &= XaceRegisterCallback(XACE_EXT_ACCESS, SELinuxExtension, NULL);
- ret &= XaceRegisterCallback(XACE_SERVER_ACCESS, SELinuxServer, NULL);
- ret &= XaceRegisterCallback(XACE_SELECTION_ACCESS, SELinuxSelection, NULL);
- ret &= XaceRegisterCallback(XACE_SCREEN_ACCESS, SELinuxScreen, NULL);
- ret &= XaceRegisterCallback(XACE_SCREENSAVER_ACCESS, SELinuxScreen, truep);
- if (!ret)
- FatalError("SELinux: Failed to register one or more callbacks\n");
-
- /* Add extension to server */
- extEntry = AddExtension(SELINUX_EXTENSION_NAME,
- SELinuxNumberEvents, SELinuxNumberErrors,
- ProcSELinuxDispatch, SProcSELinuxDispatch,
- SELinuxResetProc, StandardMinorOpcode);
-
- AddExtensionAlias("Flask", extEntry);
-
- /* Label objects that were created before we could register ourself */
- SELinuxLabelInitial();
-}
diff --git a/Xext/xselinux.h b/Xext/xselinux.h
index e99f05b..dcd250e 100644
--- a/Xext/xselinux.h
+++ b/Xext/xselinux.h
@@ -20,8 +20,6 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#ifndef _XSELINUX_H
#define _XSELINUX_H
-#include "dixaccess.h"
-
/* Extension info */
#define SELINUX_EXTENSION_NAME "SELinux"
#define SELINUX_MAJOR_VERSION 1
@@ -138,414 +136,4 @@ typedef struct {
CARD32 pad6;
} SELinuxListItemsReply;
-
-#ifdef _XSELINUX_NEED_FLASK
-/* Private Flask definitions */
-#define SECCLASS_X_DRAWABLE 1
-#define SECCLASS_X_SCREEN 2
-#define SECCLASS_X_GC 3
-#define SECCLASS_X_FONT 4
-#define SECCLASS_X_COLORMAP 5
-#define SECCLASS_X_PROPERTY 6
-#define SECCLASS_X_SELECTION 7
-#define SECCLASS_X_CURSOR 8
-#define SECCLASS_X_CLIENT 9
-#define SECCLASS_X_DEVICE 10
-#define SECCLASS_X_SERVER 11
-#define SECCLASS_X_EXTENSION 12
-#define SECCLASS_X_EVENT 13
-#define SECCLASS_X_FAKEEVENT 14
-#define SECCLASS_X_RESOURCE 15
-
-/* Mapping from DixAccess bits to Flask permissions */
-static struct security_class_mapping map[] = {
- { "x_drawable",
- { "read", /* DixReadAccess */
- "write", /* DixWriteAccess */
- "destroy", /* DixDestroyAccess */
- "create", /* DixCreateAccess */
- "getattr", /* DixGetAttrAccess */
- "setattr", /* DixSetAttrAccess */
- "list_property", /* DixListPropAccess */
- "get_property", /* DixGetPropAccess */
- "set_property", /* DixSetPropAccess */
- "", /* DixGetFocusAccess */
- "", /* DixSetFocusAccess */
- "list_child", /* DixListAccess */
- "add_child", /* DixAddAccess */
- "remove_child", /* DixRemoveAccess */
- "hide", /* DixHideAccess */
- "show", /* DixShowAccess */
- "blend", /* DixBlendAccess */
- "override", /* DixGrabAccess */
- "", /* DixFreezeAccess */
- "", /* DixForceAccess */
- "", /* DixInstallAccess */
- "", /* DixUninstallAccess */
- "send", /* DixSendAccess */
- "receive", /* DixReceiveAccess */
- "", /* DixUseAccess */
- "manage", /* DixManageAccess */
- NULL }},
- { "x_screen",
- { "", /* DixReadAccess */
- "", /* DixWriteAccess */
- "", /* DixDestroyAccess */
- "", /* DixCreateAccess */
- "getattr", /* DixGetAttrAccess */
- "setattr", /* DixSetAttrAccess */
- "saver_getattr", /* DixListPropAccess */
- "saver_setattr", /* DixGetPropAccess */
- "", /* DixSetPropAccess */
- "", /* DixGetFocusAccess */
- "", /* DixSetFocusAccess */
- "", /* DixListAccess */
- "", /* DixAddAccess */
- "", /* DixRemoveAccess */
- "hide_cursor", /* DixHideAccess */
- "show_cursor", /* DixShowAccess */
- "saver_hide", /* DixBlendAccess */
- "saver_show", /* DixGrabAccess */
- NULL }},
- { "x_gc",
- { "", /* DixReadAccess */
- "", /* DixWriteAccess */
- "destroy", /* DixDestroyAccess */
- "create", /* DixCreateAccess */
- "getattr", /* DixGetAttrAccess */
- "setattr", /* DixSetAttrAccess */
- "", /* DixListPropAccess */
- "", /* DixGetPropAccess */
- "", /* DixSetPropAccess */
- "", /* DixGetFocusAccess */
- "", /* DixSetFocusAccess */
- "", /* DixListAccess */
- "", /* DixAddAccess */
- "", /* DixRemoveAccess */
- "", /* DixHideAccess */
- "", /* DixShowAccess */
- "", /* DixBlendAccess */
- "", /* DixGrabAccess */
- "", /* DixFreezeAccess */
- "", /* DixForceAccess */
- "", /* DixInstallAccess */
- "", /* DixUninstallAccess */
- "", /* DixSendAccess */
- "", /* DixReceiveAccess */
- "use", /* DixUseAccess */
- NULL }},
- { "x_font",
- { "", /* DixReadAccess */
- "", /* DixWriteAccess */
- "destroy", /* DixDestroyAccess */
- "create", /* DixCreateAccess */
- "getattr", /* DixGetAttrAccess */
- "", /* DixSetAttrAccess */
- "", /* DixListPropAccess */
- "", /* DixGetPropAccess */
- "", /* DixSetPropAccess */
- "", /* DixGetFocusAccess */
- "", /* DixSetFocusAccess */
- "", /* DixListAccess */
- "add_glyph", /* DixAddAccess */
- "remove_glyph", /* DixRemoveAccess */
- "", /* DixHideAccess */
- "", /* DixShowAccess */
- "", /* DixBlendAccess */
- "", /* DixGrabAccess */
- "", /* DixFreezeAccess */
- "", /* DixForceAccess */
- "", /* DixInstallAccess */
- "", /* DixUninstallAccess */
- "", /* DixSendAccess */
- "", /* DixReceiveAccess */
- "use", /* DixUseAccess */
- NULL }},
- { "x_colormap",
- { "read", /* DixReadAccess */
- "write", /* DixWriteAccess */
- "destroy", /* DixDestroyAccess */
- "create", /* DixCreateAccess */
- "getattr", /* DixGetAttrAccess */
- "", /* DixSetAttrAccess */
- "", /* DixListPropAccess */
- "", /* DixGetPropAccess */
- "", /* DixSetPropAccess */
- "", /* DixGetFocusAccess */
- "", /* DixSetFocusAccess */
- "", /* DixListAccess */
- "add_color", /* DixAddAccess */
- "remove_color", /* DixRemoveAccess */
- "", /* DixHideAccess */
- "", /* DixShowAccess */
- "", /* DixBlendAccess */
- "", /* DixGrabAccess */
- "", /* DixFreezeAccess */
- "", /* DixForceAccess */
- "install", /* DixInstallAccess */
- "uninstall", /* DixUninstallAccess */
- "", /* DixSendAccess */
- "", /* DixReceiveAccess */
- "use", /* DixUseAccess */
- NULL }},
- { "x_property",
- { "read", /* DixReadAccess */
- "write", /* DixWriteAccess */
- "destroy", /* DixDestroyAccess */
- "create", /* DixCreateAccess */
- "getattr", /* DixGetAttrAccess */
- "setattr", /* DixSetAttrAccess */
- "", /* DixListPropAccess */
- "", /* DixGetPropAccess */
- "", /* DixSetPropAccess */
- "", /* DixGetFocusAccess */
- "", /* DixSetFocusAccess */
- "", /* DixListAccess */
- "", /* DixAddAccess */
- "", /* DixRemoveAccess */
- "", /* DixHideAccess */
- "", /* DixShowAccess */
- "write", /* DixBlendAccess */
- NULL }},
- { "x_selection",
- { "read", /* DixReadAccess */
- "", /* DixWriteAccess */
- "", /* DixDestroyAccess */
- "setattr", /* DixCreateAccess */
- "getattr", /* DixGetAttrAccess */
- "setattr", /* DixSetAttrAccess */
- NULL }},
- { "x_cursor",
- { "read", /* DixReadAccess */
- "write", /* DixWriteAccess */
- "destroy", /* DixDestroyAccess */
- "create", /* DixCreateAccess */
- "getattr", /* DixGetAttrAccess */
- "setattr", /* DixSetAttrAccess */
- "", /* DixListPropAccess */
- "", /* DixGetPropAccess */
- "", /* DixSetPropAccess */
- "", /* DixGetFocusAccess */
- "", /* DixSetFocusAccess */
- "", /* DixListAccess */
- "", /* DixAddAccess */
- "", /* DixRemoveAccess */
- "", /* DixHideAccess */
- "", /* DixShowAccess */
- "", /* DixBlendAccess */
- "", /* DixGrabAccess */
- "", /* DixFreezeAccess */
- "", /* DixForceAccess */
- "", /* DixInstallAccess */
- "", /* DixUninstallAccess */
- "", /* DixSendAccess */
- "", /* DixReceiveAccess */
- "use", /* DixUseAccess */
- NULL }},
- { "x_client",
- { "", /* DixReadAccess */
- "", /* DixWriteAccess */
- "destroy", /* DixDestroyAccess */
- "", /* DixCreateAccess */
- "getattr", /* DixGetAttrAccess */
- "setattr", /* DixSetAttrAccess */
- "", /* DixListPropAccess */
- "", /* DixGetPropAccess */
- "", /* DixSetPropAccess */
- "", /* DixGetFocusAccess */
- "", /* DixSetFocusAccess */
- "", /* DixListAccess */
- "", /* DixAddAccess */
- "", /* DixRemoveAccess */
- "", /* DixHideAccess */
- "", /* DixShowAccess */
- "", /* DixBlendAccess */
- "", /* DixGrabAccess */
- "", /* DixFreezeAccess */
- "", /* DixForceAccess */
- "", /* DixInstallAccess */
- "", /* DixUninstallAccess */
- "", /* DixSendAccess */
- "", /* DixReceiveAccess */
- "", /* DixUseAccess */
- "manage", /* DixManageAccess */
- NULL }},
- { "x_device",
- { "read", /* DixReadAccess */
- "write", /* DixWriteAccess */
- "destroy", /* DixDestroyAccess */
- "create", /* DixCreateAccess */
- "getattr", /* DixGetAttrAccess */
- "setattr", /* DixSetAttrAccess */
- "list_property", /* DixListPropAccess */
- "get_property", /* DixGetPropAccess */
- "set_property", /* DixSetPropAccess */
- "getfocus", /* DixGetFocusAccess */
- "setfocus", /* DixSetFocusAccess */
- "", /* DixListAccess */
- "add", /* DixAddAccess */
- "remove", /* DixRemoveAccess */
- "", /* DixHideAccess */
- "", /* DixShowAccess */
- "", /* DixBlendAccess */
- "grab", /* DixGrabAccess */
- "freeze", /* DixFreezeAccess */
- "force_cursor", /* DixForceAccess */
- "", /* DixInstallAccess */
- "", /* DixUninstallAccess */
- "", /* DixSendAccess */
- "", /* DixReceiveAccess */
- "use", /* DixUseAccess */
- "manage", /* DixManageAccess */
- "", /* DixDebugAccess */
- "bell", /* DixBellAccess */
- NULL }},
- { "x_server",
- { "record", /* DixReadAccess */
- "", /* DixWriteAccess */
- "", /* DixDestroyAccess */
- "", /* DixCreateAccess */
- "getattr", /* DixGetAttrAccess */
- "setattr", /* DixSetAttrAccess */
- "", /* DixListPropAccess */
- "", /* DixGetPropAccess */
- "", /* DixSetPropAccess */
- "", /* DixGetFocusAccess */
- "", /* DixSetFocusAccess */
- "", /* DixListAccess */
- "", /* DixAddAccess */
- "", /* DixRemoveAccess */
- "", /* DixHideAccess */
- "", /* DixShowAccess */
- "", /* DixBlendAccess */
- "grab", /* DixGrabAccess */
- "", /* DixFreezeAccess */
- "", /* DixForceAccess */
- "", /* DixInstallAccess */
- "", /* DixUninstallAccess */
- "", /* DixSendAccess */
- "", /* DixReceiveAccess */
- "", /* DixUseAccess */
- "manage", /* DixManageAccess */
- "debug", /* DixDebugAccess */
- NULL }},
- { "x_extension",
- { "", /* DixReadAccess */
- "", /* DixWriteAccess */
- "", /* DixDestroyAccess */
- "", /* DixCreateAccess */
- "query", /* DixGetAttrAccess */
- "", /* DixSetAttrAccess */
- "", /* DixListPropAccess */
- "", /* DixGetPropAccess */
- "", /* DixSetPropAccess */
- "", /* DixGetFocusAccess */
- "", /* DixSetFocusAccess */
- "", /* DixListAccess */
- "", /* DixAddAccess */
- "", /* DixRemoveAccess */
- "", /* DixHideAccess */
- "", /* DixShowAccess */
- "", /* DixBlendAccess */
- "", /* DixGrabAccess */
- "", /* DixFreezeAccess */
- "", /* DixForceAccess */
- "", /* DixInstallAccess */
- "", /* DixUninstallAccess */
- "", /* DixSendAccess */
- "", /* DixReceiveAccess */
- "use", /* DixUseAccess */
- NULL }},
- { "x_event",
- { "", /* DixReadAccess */
- "", /* DixWriteAccess */
- "", /* DixDestroyAccess */
- "", /* DixCreateAccess */
- "", /* DixGetAttrAccess */
- "", /* DixSetAttrAccess */
- "", /* DixListPropAccess */
- "", /* DixGetPropAccess */
- "", /* DixSetPropAccess */
- "", /* DixGetFocusAccess */
- "", /* DixSetFocusAccess */
- "", /* DixListAccess */
- "", /* DixAddAccess */
- "", /* DixRemoveAccess */
- "", /* DixHideAccess */
- "", /* DixShowAccess */
- "", /* DixBlendAccess */
- "", /* DixGrabAccess */
- "", /* DixFreezeAccess */
- "", /* DixForceAccess */
- "", /* DixInstallAccess */
- "", /* DixUninstallAccess */
- "send", /* DixSendAccess */
- "receive", /* DixReceiveAccess */
- NULL }},
- { "x_synthetic_event",
- { "", /* DixReadAccess */
- "", /* DixWriteAccess */
- "", /* DixDestroyAccess */
- "", /* DixCreateAccess */
- "", /* DixGetAttrAccess */
- "", /* DixSetAttrAccess */
- "", /* DixListPropAccess */
- "", /* DixGetPropAccess */
- "", /* DixSetPropAccess */
- "", /* DixGetFocusAccess */
- "", /* DixSetFocusAccess */
- "", /* DixListAccess */
- "", /* DixAddAccess */
- "", /* DixRemoveAccess */
- "", /* DixHideAccess */
- "", /* DixShowAccess */
- "", /* DixBlendAccess */
- "", /* DixGrabAccess */
- "", /* DixFreezeAccess */
- "", /* DixForceAccess */
- "", /* DixInstallAccess */
- "", /* DixUninstallAccess */
- "send", /* DixSendAccess */
- "receive", /* DixReceiveAccess */
- NULL }},
- { "x_resource",
- { "read", /* DixReadAccess */
- "write", /* DixWriteAccess */
- "write", /* DixDestroyAccess */
- "write", /* DixCreateAccess */
- "read", /* DixGetAttrAccess */
- "write", /* DixSetAttrAccess */
- "read", /* DixListPropAccess */
- "read", /* DixGetPropAccess */
- "write", /* DixSetPropAccess */
- "read", /* DixGetFocusAccess */
- "write", /* DixSetFocusAccess */
- "read", /* DixListAccess */
- "write", /* DixAddAccess */
- "write", /* DixRemoveAccess */
- "write", /* DixHideAccess */
- "read", /* DixShowAccess */
- "read", /* DixBlendAccess */
- "write", /* DixGrabAccess */
- "write", /* DixFreezeAccess */
- "write", /* DixForceAccess */
- "write", /* DixInstallAccess */
- "write", /* DixUninstallAccess */
- "write", /* DixSendAccess */
- "read", /* DixReceiveAccess */
- "read", /* DixUseAccess */
- "write", /* DixManageAccess */
- "read", /* DixDebugAccess */
- "write", /* DixBellAccess */
- NULL }},
- { NULL }
-};
-
-/* x_resource "read" bits from the list above */
-#define SELinuxReadMask (DixReadAccess|DixGetAttrAccess|DixListPropAccess| \
- DixGetPropAccess|DixGetFocusAccess|DixListAccess| \
- DixShowAccess|DixBlendAccess|DixReceiveAccess| \
- DixUseAccess|DixDebugAccess)
-
-#endif /* _XSELINUX_NEED_FLASK */
#endif /* _XSELINUX_H */
diff --git a/Xext/xselinux_ext.c b/Xext/xselinux_ext.c
new file mode 100644
index 0000000..b36fb13
--- /dev/null
+++ b/Xext/xselinux_ext.c
@@ -0,0 +1,729 @@
+/************************************************************
+
+Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+this permission notice appear in supporting documentation. This permission
+notice shall be included in all copies or substantial portions of the
+Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+********************************************************/
+
+#ifdef HAVE_DIX_CONFIG_H
+#include <dix-config.h>
+#endif
+
+#include "selection.h"
+#include "inputstr.h"
+#include "windowstr.h"
+#include "propertyst.h"
+#include "extnsionst.h"
+#include "modinit.h"
+#include "xselinuxint.h"
+
+#define CTX_DEV offsetof(SELinuxSubjectRec, dev_create_sid)
+#define CTX_WIN offsetof(SELinuxSubjectRec, win_create_sid)
+#define CTX_PRP offsetof(SELinuxSubjectRec, prp_create_sid)
+#define CTX_SEL offsetof(SELinuxSubjectRec, sel_create_sid)
+#define USE_PRP offsetof(SELinuxSubjectRec, prp_use_sid)
+#define USE_SEL offsetof(SELinuxSubjectRec, sel_use_sid)
+
+typedef struct {
+ security_context_t octx;
+ security_context_t dctx;
+ CARD32 octx_len;
+ CARD32 dctx_len;
+ CARD32 id;
+} SELinuxListItemRec;
+
+
+/*
+ * Extension Dispatch
+ */
+
+static security_context_t
+SELinuxCopyContext(char *ptr, unsigned len)
+{
+ security_context_t copy = xalloc(len + 1);
+ if (!copy)
+ return NULL;
+ strncpy(copy, ptr, len);
+ copy[len] = '\0';
+ return copy;
+}
+
+static int
+ProcSELinuxQueryVersion(ClientPtr client)
+{
+ SELinuxQueryVersionReply rep;
+
+ rep.type = X_Reply;
+ rep.length = 0;
+ rep.sequenceNumber = client->sequence;
+ rep.server_major = SELINUX_MAJOR_VERSION;
+ rep.server_minor = SELINUX_MINOR_VERSION;
+ if (client->swapped) {
+ int n;
+ swaps(&rep.sequenceNumber, n);
+ swapl(&rep.length, n);
+ swaps(&rep.server_major, n);
+ swaps(&rep.server_minor, n);
+ }
+ WriteToClient(client, sizeof(rep), (char *)&rep);
+ return (client->noClientException);
+}
+
+static int
+SELinuxSendContextReply(ClientPtr client, security_id_t sid)
+{
+ SELinuxGetContextReply rep;
+ security_context_t ctx = NULL;
+ int len = 0;
+
+ if (sid) {
+ if (avc_sid_to_context_raw(sid, &ctx) < 0)
+ return BadValue;
+ len = strlen(ctx) + 1;
+ }
+
+ rep.type = X_Reply;
+ rep.length = bytes_to_int32(len);
+ rep.sequenceNumber = client->sequence;
+ rep.context_len = len;
+
+ if (client->swapped) {
+ int n;
+ swapl(&rep.length, n);
+ swaps(&rep.sequenceNumber, n);
+ swapl(&rep.context_len, n);
+ }
+
+ WriteToClient(client, sizeof(SELinuxGetContextReply), (char *)&rep);
+ WriteToClient(client, len, ctx);
+ freecon(ctx);
+ return client->noClientException;
+}
+
+static int
+ProcSELinuxSetCreateContext(ClientPtr client, unsigned offset)
+{
+ PrivateRec **privPtr = &client->devPrivates;
+ security_id_t *pSid;
+ security_context_t ctx = NULL;
+ char *ptr;
+ int rc;
+
+ REQUEST(SELinuxSetCreateContextReq);
+ REQUEST_FIXED_SIZE(SELinuxSetCreateContextReq, stuff->context_len);
+
+ if (stuff->context_len > 0) {
+ ctx = SELinuxCopyContext((char *)(stuff + 1), stuff->context_len);
+ if (!ctx)
+ return BadAlloc;
+ }
+
+ ptr = dixLookupPrivate(privPtr, subjectKey);
+ pSid = (security_id_t *)(ptr + offset);
+ sidput(*pSid);
+ *pSid = NULL;
+
+ rc = Success;
+ if (stuff->context_len > 0) {
+ if (security_check_context_raw(ctx) < 0 ||
+ avc_context_to_sid_raw(ctx, pSid) < 0)
+ rc = BadValue;
+ }
+
+ xfree(ctx);
+ return rc;
+}
+
+static int
+ProcSELinuxGetCreateContext(ClientPtr client, unsigned offset)
+{
+ security_id_t *pSid;
+ char *ptr;
+
+ REQUEST_SIZE_MATCH(SELinuxGetCreateContextReq);
+
+ if (offset == CTX_DEV)
+ ptr = dixLookupPrivate(&serverClient->devPrivates, subjectKey);
+ else
+ ptr = dixLookupPrivate(&client->devPrivates, subjectKey);
+
+ pSid = (security_id_t *)(ptr + offset);
+ return SELinuxSendContextReply(client, *pSid);
+}
+
+static int
+ProcSELinuxSetDeviceContext(ClientPtr client)
+{
+ security_context_t ctx;
+ security_id_t sid;
+ DeviceIntPtr dev;
+ SELinuxSubjectRec *subj;
+ SELinuxObjectRec *obj;
+ int rc;
+
+ REQUEST(SELinuxSetContextReq);
+ REQUEST_FIXED_SIZE(SELinuxSetContextReq, stuff->context_len);
+
+ if (stuff->context_len < 1)
+ return BadLength;
+ ctx = SELinuxCopyContext((char *)(stuff + 1), stuff->context_len);
+ if (!ctx)
+ return BadAlloc;
+
+ rc = dixLookupDevice(&dev, stuff->id, client, DixManageAccess);
+ if (rc != Success)
+ goto out;
+
+ if (security_check_context_raw(ctx) < 0 ||
+ avc_context_to_sid_raw(ctx, &sid) < 0) {
+ rc = BadValue;
+ goto out;
+ }
+
+ subj = dixLookupPrivate(&dev->devPrivates, subjectKey);
+ sidput(subj->sid);
+ subj->sid = sid;
+ obj = dixLookupPrivate(&dev->devPrivates, objectKey);
+ sidput(obj->sid);
+ sidget(obj->sid = sid);
+
+ rc = Success;
+out:
+ xfree(ctx);
+ return rc;
+}
+
+static int
+ProcSELinuxGetDeviceContext(ClientPtr client)
+{
+ DeviceIntPtr dev;
+ SELinuxSubjectRec *subj;
+ int rc;
+
+ REQUEST(SELinuxGetContextReq);
+ REQUEST_SIZE_MATCH(SELinuxGetContextReq);
+
+ rc = dixLookupDevice(&dev, stuff->id, client, DixGetAttrAccess);
+ if (rc != Success)
+ return rc;
+
+ subj = dixLookupPrivate(&dev->devPrivates, subjectKey);
+ return SELinuxSendContextReply(client, subj->sid);
+}
+
+static int
+ProcSELinuxGetWindowContext(ClientPtr client)
+{
+ WindowPtr pWin;
+ SELinuxObjectRec *obj;
+ int rc;
+
+ REQUEST(SELinuxGetContextReq);
+ REQUEST_SIZE_MATCH(SELinuxGetContextReq);
+
+ rc = dixLookupWindow(&pWin, stuff->id, client, DixGetAttrAccess);
+ if (rc != Success)
+ return rc;
+
+ obj = dixLookupPrivate(&pWin->devPrivates, objectKey);
+ return SELinuxSendContextReply(client, obj->sid);
+}
+
+static int
+ProcSELinuxGetPropertyContext(ClientPtr client, pointer privKey)
+{
+ WindowPtr pWin;
+ PropertyPtr pProp;
+ SELinuxObjectRec *obj;
+ int rc;
+
+ REQUEST(SELinuxGetPropertyContextReq);
+ REQUEST_SIZE_MATCH(SELinuxGetPropertyContextReq);
+
+ rc = dixLookupWindow(&pWin, stuff->window, client, DixGetPropAccess);
+ if (rc != Success)
+ return rc;
+
+ rc = dixLookupProperty(&pProp, pWin, stuff->property, client,
+ DixGetAttrAccess);
+ if (rc != Success)
+ return rc;
+
+ obj = dixLookupPrivate(&pProp->devPrivates, privKey);
+ return SELinuxSendContextReply(client, obj->sid);
+}
+
+static int
+ProcSELinuxGetSelectionContext(ClientPtr client, pointer privKey)
+{
+ Selection *pSel;
+ SELinuxObjectRec *obj;
+ int rc;
+
+ REQUEST(SELinuxGetContextReq);
+ REQUEST_SIZE_MATCH(SELinuxGetContextReq);
+
+ rc = dixLookupSelection(&pSel, stuff->id, client, DixGetAttrAccess);
+ if (rc != Success)
+ return rc;
+
+ obj = dixLookupPrivate(&pSel->devPrivates, privKey);
+ return SELinuxSendContextReply(client, obj->sid);
+}
+
+static int
+ProcSELinuxGetClientContext(ClientPtr client)
+{
+ ClientPtr target;
+ SELinuxSubjectRec *subj;
+ int rc;
+
+ REQUEST(SELinuxGetContextReq);
+ REQUEST_SIZE_MATCH(SELinuxGetContextReq);
+
+ rc = dixLookupClient(&target, stuff->id, client, DixGetAttrAccess);
+ if (rc != Success)
+ return rc;
+
+ subj = dixLookupPrivate(&target->devPrivates, subjectKey);
+ return SELinuxSendContextReply(client, subj->sid);
+}
+
+static int
+SELinuxPopulateItem(SELinuxListItemRec *i, PrivateRec **privPtr, CARD32 id,
+ int *size)
+{
+ SELinuxObjectRec *obj = dixLookupPrivate(privPtr, objectKey);
+ SELinuxObjectRec *data = dixLookupPrivate(privPtr, dataKey);
+
+ if (avc_sid_to_context_raw(obj->sid, &i->octx) < 0)
+ return BadValue;
+ if (avc_sid_to_context_raw(data->sid, &i->dctx) < 0)
+ return BadValue;
+
+ i->id = id;
+ i->octx_len = bytes_to_int32(strlen(i->octx) + 1);
+ i->dctx_len = bytes_to_int32(strlen(i->dctx) + 1);
+
+ *size += i->octx_len + i->dctx_len + 3;
+ return Success;
+}
+
+static void
+SELinuxFreeItems(SELinuxListItemRec *items, int count)
+{
+ int k;
+ for (k = 0; k < count; k++) {
+ freecon(items[k].octx);
+ freecon(items[k].dctx);
+ }
+ xfree(items);
+}
+
+static int
+SELinuxSendItemsToClient(ClientPtr client, SELinuxListItemRec *items,
+ int size, int count)
+{
+ int rc, k, n, pos = 0;
+ SELinuxListItemsReply rep;
+ CARD32 *buf;
+
+ buf = xcalloc(size, sizeof(CARD32));
+ if (size && !buf) {
+ rc = BadAlloc;
+ goto out;
+ }
+
+ /* Fill in the buffer */
+ for (k = 0; k < count; k++) {
+ buf[pos] = items[k].id;
+ if (client->swapped)
+ swapl(buf + pos, n);
+ pos++;
+
+ buf[pos] = items[k].octx_len * 4;
+ if (client->swapped)
+ swapl(buf + pos, n);
+ pos++;
+
+ buf[pos] = items[k].dctx_len * 4;
+ if (client->swapped)
+ swapl(buf + pos, n);
+ pos++;
+
+ memcpy((char *)(buf + pos), items[k].octx, strlen(items[k].octx) + 1);
+ pos += items[k].octx_len;
+ memcpy((char *)(buf + pos), items[k].dctx, strlen(items[k].dctx) + 1);
+ pos += items[k].dctx_len;
+ }
+
+ /* Send reply to client */
+ rep.type = X_Reply;
+ rep.length = size;
+ rep.sequenceNumber = client->sequence;
+ rep.count = count;
+
+ if (client->swapped) {
+ swapl(&rep.length, n);
+ swaps(&rep.sequenceNumber, n);
+ swapl(&rep.count, n);
+ }
+
+ WriteToClient(client, sizeof(SELinuxListItemsReply), (char *)&rep);
+ WriteToClient(client, size * 4, (char *)buf);
+
+ /* Free stuff and return */
+ rc = client->noClientException;
+ xfree(buf);
+out:
+ SELinuxFreeItems(items, count);
+ return rc;
+}
+
+static int
+ProcSELinuxListProperties(ClientPtr client)
+{
+ WindowPtr pWin;
+ PropertyPtr pProp;
+ SELinuxListItemRec *items;
+ int rc, count, size, i;
+ CARD32 id;
+
+ REQUEST(SELinuxGetContextReq);
+ REQUEST_SIZE_MATCH(SELinuxGetContextReq);
+
+ rc = dixLookupWindow(&pWin, stuff->id, client, DixListPropAccess);
+ if (rc != Success)
+ return rc;
+
+ /* Count the number of properties and allocate items */
+ count = 0;
+ for (pProp = wUserProps(pWin); pProp; pProp = pProp->next)
+ count++;
+ items = xcalloc(count, sizeof(SELinuxListItemRec));
+ if (count && !items)
+ return BadAlloc;
+
+ /* Fill in the items and calculate size */
+ i = 0;
+ size = 0;
+ for (pProp = wUserProps(pWin); pProp; pProp = pProp->next) {
+ id = pProp->propertyName;
+ rc = SELinuxPopulateItem(items + i, &pProp->devPrivates, id, &size);
+ if (rc != Success) {
+ SELinuxFreeItems(items, count);
+ return rc;
+ }
+ i++;
+ }
+
+ return SELinuxSendItemsToClient(client, items, size, count);
+}
+
+static int
+ProcSELinuxListSelections(ClientPtr client)
+{
+ Selection *pSel;
+ SELinuxListItemRec *items;
+ int rc, count, size, i;
+ CARD32 id;
+
+ REQUEST_SIZE_MATCH(SELinuxGetCreateContextReq);
+
+ /* Count the number of selections and allocate items */
+ count = 0;
+ for (pSel = CurrentSelections; pSel; pSel = pSel->next)
+ count++;
+ items = xcalloc(count, sizeof(SELinuxListItemRec));
+ if (count && !items)
+ return BadAlloc;
+
+ /* Fill in the items and calculate size */
+ i = 0;
+ size = 0;
+ for (pSel = CurrentSelections; pSel; pSel = pSel->next) {
+ id = pSel->selection;
+ rc = SELinuxPopulateItem(items + i, &pSel->devPrivates, id, &size);
+ if (rc != Success) {
+ SELinuxFreeItems(items, count);
+ return rc;
+ }
+ i++;
+ }
+
+ return SELinuxSendItemsToClient(client, items, size, count);
+}
+
+static int
+ProcSELinuxDispatch(ClientPtr client)
+{
+ REQUEST(xReq);
+ switch (stuff->data) {
+ case X_SELinuxQueryVersion:
+ return ProcSELinuxQueryVersion(client);
+ case X_SELinuxSetDeviceCreateContext:
+ return ProcSELinuxSetCreateContext(client, CTX_DEV);
+ case X_SELinuxGetDeviceCreateContext:
+ return ProcSELinuxGetCreateContext(client, CTX_DEV);
+ case X_SELinuxSetDeviceContext:
+ return ProcSELinuxSetDeviceContext(client);
+ case X_SELinuxGetDeviceContext:
+ return ProcSELinuxGetDeviceContext(client);
+ case X_SELinuxSetWindowCreateContext:
+ return ProcSELinuxSetCreateContext(client, CTX_WIN);
+ case X_SELinuxGetWindowCreateContext:
+ return ProcSELinuxGetCreateContext(client, CTX_WIN);
+ case X_SELinuxGetWindowContext:
+ return ProcSELinuxGetWindowContext(client);
+ case X_SELinuxSetPropertyCreateContext:
+ return ProcSELinuxSetCreateContext(client, CTX_PRP);
+ case X_SELinuxGetPropertyCreateContext:
+ return ProcSELinuxGetCreateContext(client, CTX_PRP);
+ case X_SELinuxSetPropertyUseContext:
+ return ProcSELinuxSetCreateContext(client, USE_PRP);
+ case X_SELinuxGetPropertyUseContext:
+ return ProcSELinuxGetCreateContext(client, USE_PRP);
+ case X_SELinuxGetPropertyContext:
+ return ProcSELinuxGetPropertyContext(client, objectKey);
+ case X_SELinuxGetPropertyDataContext:
+ return ProcSELinuxGetPropertyContext(client, dataKey);
+ case X_SELinuxListProperties:
+ return ProcSELinuxListProperties(client);
+ case X_SELinuxSetSelectionCreateContext:
+ return ProcSELinuxSetCreateContext(client, CTX_SEL);
+ case X_SELinuxGetSelectionCreateContext:
+ return ProcSELinuxGetCreateContext(client, CTX_SEL);
+ case X_SELinuxSetSelectionUseContext:
+ return ProcSELinuxSetCreateContext(client, USE_SEL);
+ case X_SELinuxGetSelectionUseContext:
+ return ProcSELinuxGetCreateContext(client, USE_SEL);
+ case X_SELinuxGetSelectionContext:
+ return ProcSELinuxGetSelectionContext(client, objectKey);
+ case X_SELinuxGetSelectionDataContext:
+ return ProcSELinuxGetSelectionContext(client, dataKey);
+ case X_SELinuxListSelections:
+ return ProcSELinuxListSelections(client);
+ case X_SELinuxGetClientContext:
+ return ProcSELinuxGetClientContext(client);
+ default:
+ return BadRequest;
+ }
+}
+
+static int
+SProcSELinuxQueryVersion(ClientPtr client)
+{
+ REQUEST(SELinuxQueryVersionReq);
+ int n;
+
+ REQUEST_SIZE_MATCH(SELinuxQueryVersionReq);
+ swaps(&stuff->client_major, n);
+ swaps(&stuff->client_minor, n);
+ return ProcSELinuxQueryVersion(client);
+}
+
+static int
+SProcSELinuxSetCreateContext(ClientPtr client, unsigned offset)
+{
+ REQUEST(SELinuxSetCreateContextReq);
+ int n;
+
+ REQUEST_AT_LEAST_SIZE(SELinuxSetCreateContextReq);
+ swapl(&stuff->context_len, n);
+ return ProcSELinuxSetCreateContext(client, offset);
+}
+
+static int
+SProcSELinuxSetDeviceContext(ClientPtr client)
+{
+ REQUEST(SELinuxSetContextReq);
+ int n;
+
+ REQUEST_AT_LEAST_SIZE(SELinuxSetContextReq);
+ swapl(&stuff->id, n);
+ swapl(&stuff->context_len, n);
+ return ProcSELinuxSetDeviceContext(client);
+}
+
+static int
+SProcSELinuxGetDeviceContext(ClientPtr client)
+{
+ REQUEST(SELinuxGetContextReq);
+ int n;
+
+ REQUEST_SIZE_MATCH(SELinuxGetContextReq);
+ swapl(&stuff->id, n);
+ return ProcSELinuxGetDeviceContext(client);
+}
+
+static int
+SProcSELinuxGetWindowContext(ClientPtr client)
+{
+ REQUEST(SELinuxGetContextReq);
+ int n;
+
+ REQUEST_SIZE_MATCH(SELinuxGetContextReq);
+ swapl(&stuff->id, n);
+ return ProcSELinuxGetWindowContext(client);
+}
+
+static int
+SProcSELinuxGetPropertyContext(ClientPtr client, pointer privKey)
+{
+ REQUEST(SELinuxGetPropertyContextReq);
+ int n;
+
+ REQUEST_SIZE_MATCH(SELinuxGetPropertyContextReq);
+ swapl(&stuff->window, n);
+ swapl(&stuff->property, n);
+ return ProcSELinuxGetPropertyContext(client, privKey);
+}
+
+static int
+SProcSELinuxGetSelectionContext(ClientPtr client, pointer privKey)
+{
+ REQUEST(SELinuxGetContextReq);
+ int n;
+
+ REQUEST_SIZE_MATCH(SELinuxGetContextReq);
+ swapl(&stuff->id, n);
+ return ProcSELinuxGetSelectionContext(client, privKey);
+}
+
+static int
+SProcSELinuxListProperties(ClientPtr client)
+{
+ REQUEST(SELinuxGetContextReq);
+ int n;
+
+ REQUEST_SIZE_MATCH(SELinuxGetContextReq);
+ swapl(&stuff->id, n);
+ return ProcSELinuxListProperties(client);
+}
+
+static int
+SProcSELinuxGetClientContext(ClientPtr client)
+{
+ REQUEST(SELinuxGetContextReq);
+ int n;
+
+ REQUEST_SIZE_MATCH(SELinuxGetContextReq);
+ swapl(&stuff->id, n);
+ return ProcSELinuxGetClientContext(client);
+}
+
+static int
+SProcSELinuxDispatch(ClientPtr client)
+{
+ REQUEST(xReq);
+ int n;
+
+ swaps(&stuff->length, n);
+
+ switch (stuff->data) {
+ case X_SELinuxQueryVersion:
+ return SProcSELinuxQueryVersion(client);
+ case X_SELinuxSetDeviceCreateContext:
+ return SProcSELinuxSetCreateContext(client, CTX_DEV);
+ case X_SELinuxGetDeviceCreateContext:
+ return ProcSELinuxGetCreateContext(client, CTX_DEV);
+ case X_SELinuxSetDeviceContext:
+ return SProcSELinuxSetDeviceContext(client);
+ case X_SELinuxGetDeviceContext:
+ return SProcSELinuxGetDeviceContext(client);
+ case X_SELinuxSetWindowCreateContext:
+ return SProcSELinuxSetCreateContext(client, CTX_WIN);
+ case X_SELinuxGetWindowCreateContext:
+ return ProcSELinuxGetCreateContext(client, CTX_WIN);
+ case X_SELinuxGetWindowContext:
+ return SProcSELinuxGetWindowContext(client);
+ case X_SELinuxSetPropertyCreateContext:
+ return SProcSELinuxSetCreateContext(client, CTX_PRP);
+ case X_SELinuxGetPropertyCreateContext:
+ return ProcSELinuxGetCreateContext(client, CTX_PRP);
+ case X_SELinuxSetPropertyUseContext:
+ return SProcSELinuxSetCreateContext(client, USE_PRP);
+ case X_SELinuxGetPropertyUseContext:
+ return ProcSELinuxGetCreateContext(client, USE_PRP);
+ case X_SELinuxGetPropertyContext:
+ return SProcSELinuxGetPropertyContext(client, objectKey);
+ case X_SELinuxGetPropertyDataContext:
+ return SProcSELinuxGetPropertyContext(client, dataKey);
+ case X_SELinuxListProperties:
+ return SProcSELinuxListProperties(client);
+ case X_SELinuxSetSelectionCreateContext:
+ return SProcSELinuxSetCreateContext(client, CTX_SEL);
+ case X_SELinuxGetSelectionCreateContext:
+ return ProcSELinuxGetCreateContext(client, CTX_SEL);
+ case X_SELinuxSetSelectionUseContext:
+ return SProcSELinuxSetCreateContext(client, USE_SEL);
+ case X_SELinuxGetSelectionUseContext:
+ return ProcSELinuxGetCreateContext(client, USE_SEL);
+ case X_SELinuxGetSelectionContext:
+ return SProcSELinuxGetSelectionContext(client, objectKey);
+ case X_SELinuxGetSelectionDataContext:
+ return SProcSELinuxGetSelectionContext(client, dataKey);
+ case X_SELinuxListSelections:
+ return ProcSELinuxListSelections(client);
+ case X_SELinuxGetClientContext:
+ return SProcSELinuxGetClientContext(client);
+ default:
+ return BadRequest;
+ }
+}
+
+
+/*
+ * Extension Setup / Teardown
+ */
+
+static void
+SELinuxResetProc(ExtensionEntry *extEntry)
+{
+ SELinuxFlaskReset();
+ SELinuxLabelReset();
+}
+
+void
+SELinuxExtensionInit(INITARGS)
+{
+ ExtensionEntry *extEntry;
+
+ /* Check SELinux mode on system, configuration file, and boolean */
+ if (!is_selinux_enabled()) {
+ LogMessage(X_INFO, "SELinux: Disabled on system\n");
+ return;
+ }
+ if (selinuxEnforcingState == SELINUX_MODE_DISABLED) {
+ LogMessage(X_INFO, "SELinux: Disabled in configuration file\n");
+ return;
+ }
+ if (!security_get_boolean_active("xserver_object_manager")) {
+ LogMessage(X_INFO, "SELinux: Disabled by boolean\n");
+ return;
+ }
+
+ /* Set up XACE hooks */
+ SELinuxLabelInit();
+ SELinuxFlaskInit();
+
+ /* Add extension to server */
+ extEntry = AddExtension(SELINUX_EXTENSION_NAME,
+ SELinuxNumberEvents, SELinuxNumberErrors,
+ ProcSELinuxDispatch, SProcSELinuxDispatch,
+ SELinuxResetProc, StandardMinorOpcode);
+
+ AddExtensionAlias("Flask", extEntry);
+}
diff --git a/Xext/xselinux_hooks.c b/Xext/xselinux_hooks.c
new file mode 100644
index 0000000..a270673
--- /dev/null
+++ b/Xext/xselinux_hooks.c
@@ -0,0 +1,1040 @@
+/************************************************************
+
+Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+this permission notice appear in supporting documentation. This permission
+notice shall be included in all copies or substantial portions of the
+Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+********************************************************/
+
+/*
+ * Portions of this code copyright (c) 2005 by Trusted Computer Solutions, Inc.
+ * All rights reserved.
+ */
+
+#ifdef HAVE_DIX_CONFIG_H
+#include <dix-config.h>
+#endif
+
+#include <sys/socket.h>
+#include <stdio.h>
+#include <stdarg.h>
+
+#include <libaudit.h>
+
+#include <X11/Xatom.h>
+#include "selection.h"
+#include "inputstr.h"
+#include "scrnintstr.h"
+#include "windowstr.h"
+#include "propertyst.h"
+#include "extnsionst.h"
+#include "xacestr.h"
+#include "../os/osdep.h"
+#define _XSELINUX_NEED_FLASK_MAP
+#include "xselinuxint.h"
+
+
+/* structure passed to auditing callback */
+typedef struct {
+ ClientPtr client; /* client */
+ DeviceIntPtr dev; /* device */
+ char *command; /* client's executable path */
+ unsigned id; /* resource id, if any */
+ int restype; /* resource type, if any */
+ int event; /* event type, if any */
+ Atom property; /* property name, if any */
+ Atom selection; /* selection name, if any */
+ char *extension; /* extension name, if any */
+} SELinuxAuditRec;
+
+/* private state keys */
+static int subjectKeyIndex;
+DevPrivateKey subjectKey = &subjectKeyIndex;
+static int objectKeyIndex;
+DevPrivateKey objectKey = &objectKeyIndex;
+static int dataKeyIndex;
+DevPrivateKey dataKey = &dataKeyIndex;
+
+/* audit file descriptor */
+static int audit_fd;
+
+/* whether AVC is active */
+static int avc_active;
+
+/* atoms for window label properties */
+static Atom atom_ctx;
+static Atom atom_client_ctx;
+
+/* The unlabeled SID */
+static security_id_t unlabeled_sid;
+
+/* forward declarations */
+static void SELinuxScreen(CallbackListPtr *, pointer, pointer);
+
+/* "true" pointer value for use as callback data */
+static pointer truep = (pointer)1;
+
+
+/*
+ * Performs an SELinux permission check.
+ */
+static int
+SELinuxDoCheck(SELinuxSubjectRec *subj, SELinuxObjectRec *obj,
+ security_class_t class, Mask mode, SELinuxAuditRec *auditdata)
+{
+ /* serverClient requests OK */
+ if (subj->privileged)
+ return Success;
+
+ auditdata->command = subj->command;
+ errno = 0;
+
+ if (avc_has_perm(subj->sid, obj->sid, class, mode, &subj->aeref,
+ auditdata) < 0) {
+ if (mode == DixUnknownAccess)
+ return Success; /* DixUnknownAccess requests OK ... for now */
+ if (errno == EACCES)
+ return BadAccess;
+ ErrorF("SELinux: avc_has_perm: unexpected error %d\n", errno);
+ return BadValue;
+ }
+
+ return Success;
+}
+
+/*
+ * Labels a newly connected client.
+ */
+static void
+SELinuxLabelClient(ClientPtr client)
+{
+ int fd = XaceGetConnectionNumber(client);
+ SELinuxSubjectRec *subj;
+ SELinuxObjectRec *obj;
+ security_context_t ctx;
+
+ subj = dixLookupPrivate(&client->devPrivates, subjectKey);
+ sidput(subj->sid);
+ obj = dixLookupPrivate(&client->devPrivates, objectKey);
+ sidput(obj->sid);
+
+ /* Try to get a context from the socket */
+ if (fd < 0 || getpeercon_raw(fd, &ctx) < 0) {
+ /* Otherwise, fall back to a default context */
+ ctx = SELinuxDefaultClientLabel();
+ }
+
+ /* For local clients, try and determine the executable name */
+ if (XaceIsLocal(client)) {
+ struct ucred creds;
+ socklen_t len = sizeof(creds);
+ char path[PATH_MAX + 1];
+ size_t bytes;
+
+ memset(&creds, 0, sizeof(creds));
+ if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &creds, &len) < 0)
+ goto finish;
+
+ snprintf(path, PATH_MAX + 1, "/proc/%d/cmdline", creds.pid);
+ fd = open(path, O_RDONLY);
+ if (fd < 0)
+ goto finish;
+
+ bytes = read(fd, path, PATH_MAX + 1);
+ close(fd);
+ if (bytes <= 0)
+ goto finish;
+
+ subj->command = xalloc(bytes);
+ if (!subj->command)
+ goto finish;
+
+ memcpy(subj->command, path, bytes);
+ subj->command[bytes - 1] = 0;
+ }
+
+finish:
+ /* Get a SID from the context */
+ if (avc_context_to_sid_raw(ctx, &subj->sid) < 0)
+ FatalError("SELinux: client %d: context_to_sid_raw(%s) failed\n",
+ client->index, ctx);
+
+ sidget(obj->sid = subj->sid);
+ freecon(ctx);
+}
+
+/*
+ * Labels initial server objects.
+ */
+static void
+SELinuxLabelInitial(void)
+{
+ int i;
+ XaceScreenAccessRec srec;
+ SELinuxSubjectRec *subj;
+ SELinuxObjectRec *obj;
+ security_context_t ctx;
+ pointer unused;
+
+ /* Do the serverClient */
+ subj = dixLookupPrivate(&serverClient->devPrivates, subjectKey);
+ obj = dixLookupPrivate(&serverClient->devPrivates, objectKey);
+ subj->privileged = 1;
+ sidput(subj->sid);
+
+ /* Use the context of the X server process for the serverClient */
+ if (getcon_raw(&ctx) < 0)
+ FatalError("SELinux: couldn't get context of X server process\n");
+
+ /* Get a SID from the context */
+ if (avc_context_to_sid_raw(ctx, &subj->sid) < 0)
+ FatalError("SELinux: serverClient: context_to_sid(%s) failed\n", ctx);
+
+ sidget(obj->sid = subj->sid);
+ freecon(ctx);
+
+ srec.client = serverClient;
+ srec.access_mode = DixCreateAccess;
+ srec.status = Success;
+
+ for (i = 0; i < screenInfo.numScreens; i++) {
+ /* Do the screen object */
+ srec.screen = screenInfo.screens[i];
+ SELinuxScreen(NULL, NULL, &srec);
+
+ /* Do the default colormap */
+ dixLookupResourceByType(&unused, screenInfo.screens[i]->defColormap,
+ RT_COLORMAP, serverClient, DixCreateAccess);
+ }
+}
+
+/*
+ * Labels new resource objects.
+ */
+static int
+SELinuxLabelResource(XaceResourceAccessRec *rec, SELinuxSubjectRec *subj,
+ SELinuxObjectRec *obj, security_class_t class)
+{
+ int offset;
+ security_id_t tsid;
+
+ /* Check for a create context */
+ if (rec->rtype == RT_WINDOW && subj->win_create_sid) {
+ sidget(obj->sid = subj->win_create_sid);
+ return Success;
+ }
+
+ if (rec->parent)
+ offset = dixLookupPrivateOffset(rec->ptype);
+
+ if (rec->parent && offset >= 0) {
+ /* Use the SID of the parent object in the labeling operation */
+ PrivateRec **privatePtr = DEVPRIV_AT(rec->parent, offset);
+ SELinuxObjectRec *pobj = dixLookupPrivate(privatePtr, objectKey);
+ tsid = pobj->sid;
+ } else {
+ /* Use the SID of the subject */
+ tsid = subj->sid;
+ }
+
+ /* Perform a transition to obtain the final SID */
+ if (avc_compute_create(subj->sid, tsid, class, &obj->sid) < 0) {
+ ErrorF("SELinux: a compute_create call failed!\n");
+ return BadValue;
+ }
+
+ return Success;
+}
+
+
+/*
+ * Libselinux Callbacks
+ */
+
+static int
+SELinuxAudit(void *auditdata,
+ security_class_t class,
+ char *msgbuf,
+ size_t msgbufsize)
+{
+ SELinuxAuditRec *audit = auditdata;
+ ClientPtr client = audit->client;
+ char idNum[16];
+ const char *propertyName, *selectionName;
+ int major = -1, minor = -1;
+
+ if (client) {
+ REQUEST(xReq);
+ if (stuff) {
+ major = stuff->reqType;
+ minor = MinorOpcodeOfRequest(client);
+ }
+ }
+ if (audit->id)
+ snprintf(idNum, 16, "%x", audit->id);
+
+ propertyName = audit->property ? NameForAtom(audit->property) : NULL;
+ selectionName = audit->selection ? NameForAtom(audit->selection) : NULL;
+
+ return snprintf(msgbuf, msgbufsize,
+ "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
+ (major >= 0) ? "request=" : "",
+ (major >= 0) ? LookupRequestName(major, minor) : "",
+ audit->command ? " comm=" : "",
+ audit->command ? audit->command : "",
+ audit->dev ? " xdevice=\"" : "",
+ audit->dev ? audit->dev->name : "",
+ audit->dev ? "\"" : "",
+ audit->id ? " resid=" : "",
+ audit->id ? idNum : "",
+ audit->restype ? " restype=" : "",
+ audit->restype ? LookupResourceName(audit->restype) : "",
+ audit->event ? " event=" : "",
+ audit->event ? LookupEventName(audit->event & 127) : "",
+ audit->property ? " property=" : "",
+ audit->property ? propertyName : "",
+ audit->selection ? " selection=" : "",
+ audit->selection ? selectionName : "",
+ audit->extension ? " extension=" : "",
+ audit->extension ? audit->extension : "");
+}
+
+static int
+SELinuxLog(int type, const char *fmt, ...)
+{
+ va_list ap;
+ char buf[MAX_AUDIT_MESSAGE_LENGTH];
+ int rc, aut;
+
+ switch (type) {
+ case SELINUX_INFO:
+ aut = AUDIT_USER_MAC_POLICY_LOAD;
+ break;
+ case SELINUX_AVC:
+ aut = AUDIT_USER_AVC;
+ break;
+ default:
+ aut = AUDIT_USER_SELINUX_ERR;
+ break;
+ }
+
+ va_start(ap, fmt);
+ vsnprintf(buf, MAX_AUDIT_MESSAGE_LENGTH, fmt, ap);
+ rc = audit_log_user_avc_message(audit_fd, aut, buf, NULL, NULL, NULL, 0);
+ va_end(ap);
+ LogMessageVerb(X_WARNING, 0, "%s", buf);
+ return 0;
+}
+
+/*
+ * XACE Callbacks
+ */
+
+static void
+SELinuxDevice(CallbackListPtr *pcbl, pointer unused, pointer calldata)
+{
+ XaceDeviceAccessRec *rec = calldata;
+ SELinuxSubjectRec *subj;
+ SELinuxObjectRec *obj;
+ SELinuxAuditRec auditdata = { .client = rec->client, .dev = rec->dev };
+ int rc;
+
+ subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey);
+ obj = dixLookupPrivate(&rec->dev->devPrivates, objectKey);
+
+ /* If this is a new object that needs labeling, do it now */
+ if (rec->access_mode & DixCreateAccess) {
+ SELinuxSubjectRec *dsubj;
+ dsubj = dixLookupPrivate(&rec->dev->devPrivates, subjectKey);
+
+ sidput(dsubj->sid);
+ sidput(obj->sid);
+
+ if (subj->dev_create_sid) {
+ /* Label the device with the create context */
+ sidget(obj->sid = subj->dev_create_sid);
+ sidget(dsubj->sid = subj->dev_create_sid);
+ } else {
+ /* Label the device directly with the process SID */
+ sidget(obj->sid = subj->sid);
+ sidget(dsubj->sid = subj->sid);
+ }
+ }
+
+ /* XXX only check read permission on XQueryKeymap */
+ /* This is to allow the numerous apps that call XQueryPointer to work */
+ if (rec->access_mode & DixReadAccess) {
+ ClientPtr client = rec->client;
+ REQUEST(xReq);
+ if (stuff && stuff->reqType != X_QueryKeymap) {
+ rec->access_mode &= ~DixReadAccess;
+ rec->access_mode |= DixGetAttrAccess;
+ }
+ }
+
+ rc = SELinuxDoCheck(subj, obj, SECCLASS_X_DEVICE, rec->access_mode,
+ &auditdata);
+ if (rc != Success)
+ rec->status = rc;
+}
+
+static void
+SELinuxSend(CallbackListPtr *pcbl, pointer unused, pointer calldata)
+{
+ XaceSendAccessRec *rec = calldata;
+ SELinuxSubjectRec *subj;
+ SELinuxObjectRec *obj, ev_sid;
+ SELinuxAuditRec auditdata = { .client = rec->client, .dev = rec->dev };
+ security_class_t class;
+ int rc, i, type;
+
+ if (rec->dev)
+ subj = dixLookupPrivate(&rec->dev->devPrivates, subjectKey);
+ else
+ subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey);
+
+ obj = dixLookupPrivate(&rec->pWin->devPrivates, objectKey);
+
+ /* Check send permission on window */
+ rc = SELinuxDoCheck(subj, obj, SECCLASS_X_DRAWABLE, DixSendAccess,
+ &auditdata);
+ if (rc != Success)
+ goto err;
+
+ /* Check send permission on specific event types */
+ for (i = 0; i < rec->count; i++) {
+ type = rec->events[i].u.u.type;
+ class = (type & 128) ? SECCLASS_X_FAKEEVENT : SECCLASS_X_EVENT;
+
+ rc = SELinuxEventToSID(type, obj->sid, &ev_sid);
+ if (rc != Success)
+ goto err;
+
+ auditdata.event = type;
+ rc = SELinuxDoCheck(subj, &ev_sid, class, DixSendAccess, &auditdata);
+ if (rc != Success)
+ goto err;
+ }
+ return;
+err:
+ rec->status = rc;
+}
+
+static void
+SELinuxReceive(CallbackListPtr *pcbl, pointer unused, pointer calldata)
+{
+ XaceReceiveAccessRec *rec = calldata;
+ SELinuxSubjectRec *subj;
+ SELinuxObjectRec *obj, ev_sid;
+ SELinuxAuditRec auditdata = { .client = NULL };
+ security_class_t class;
+ int rc, i, type;
+
+ subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey);
+ obj = dixLookupPrivate(&rec->pWin->devPrivates, objectKey);
+
+ /* Check receive permission on window */
+ rc = SELinuxDoCheck(subj, obj, SECCLASS_X_DRAWABLE, DixReceiveAccess,
+ &auditdata);
+ if (rc != Success)
+ goto err;
+
+ /* Check receive permission on specific event types */
+ for (i = 0; i < rec->count; i++) {
+ type = rec->events[i].u.u.type;
+ class = (type & 128) ? SECCLASS_X_FAKEEVENT : SECCLASS_X_EVENT;
+
+ rc = SELinuxEventToSID(type, obj->sid, &ev_sid);
+ if (rc != Success)
+ goto err;
+
+ auditdata.event = type;
+ rc = SELinuxDoCheck(subj, &ev_sid, class, DixReceiveAccess, &auditdata);
+ if (rc != Success)
+ goto err;
+ }
+ return;
+err:
+ rec->status = rc;
+}
+
+static void
+SELinuxExtension(CallbackListPtr *pcbl, pointer unused, pointer calldata)
+{
+ XaceExtAccessRec *rec = calldata;
+ SELinuxSubjectRec *subj, *serv;
+ SELinuxObjectRec *obj;
+ SELinuxAuditRec auditdata = { .client = rec->client };
+ int rc;
+
+ subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey);
+ obj = dixLookupPrivate(&rec->ext->devPrivates, objectKey);
+
+ /* If this is a new object that needs labeling, do it now */
+ /* XXX there should be a separate callback for this */
+ if (obj->sid == unlabeled_sid) {
+ security_id_t sid;
+
+ serv = dixLookupPrivate(&serverClient->devPrivates, subjectKey);
+ rc = SELinuxExtensionToSID(rec->ext->name, &sid);
+ if (rc != Success) {
+ rec->status = rc;
+ return;
+ }
+
+ sidput(obj->sid);
+
+ /* Perform a transition to obtain the final SID */
+ if (avc_compute_create(serv->sid, sid, SECCLASS_X_EXTENSION,
+ &obj->sid) < 0) {
+ ErrorF("SELinux: a SID transition call failed!\n");
+ rec->status = BadValue;
+ return;
+ }
+ }
+
+ /* Perform the security check */
+ auditdata.extension = rec->ext->name;
+ rc = SELinuxDoCheck(subj, obj, SECCLASS_X_EXTENSION, rec->access_mode,
+ &auditdata);
+ if (rc != Success)
+ rec->status = rc;
+}
+
+static void
+SELinuxSelection(CallbackListPtr *pcbl, pointer unused, pointer calldata)
+{
+ XaceSelectionAccessRec *rec = calldata;
+ SELinuxSubjectRec *subj;
+ SELinuxObjectRec *obj, *data;
+ Selection *pSel = *rec->ppSel;
+ Atom name = pSel->selection;
+ Mask access_mode = rec->access_mode;
+ SELinuxAuditRec auditdata = { .client = rec->client, .selection = name };
+ security_id_t tsid;
+ int rc;
+
+ subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey);
+ obj = dixLookupPrivate(&pSel->devPrivates, objectKey);
+
+ /* If this is a new object that needs labeling, do it now */
+ if (access_mode & DixCreateAccess) {
+ sidput(obj->sid);
+ rc = SELinuxSelectionToSID(name, subj, &obj->sid, &obj->poly);
+ if (rc != Success)
+ obj->sid = unlabeled_sid;
+ access_mode = DixSetAttrAccess;
+ }
+ /* If this is a polyinstantiated object, find the right instance */
+ else if (obj->poly) {
+ rc = SELinuxSelectionToSID(name, subj, &tsid, NULL);
+ if (rc != Success) {
+ rec->status = rc;
+ return;
+ }
+ while (pSel->selection != name || obj->sid != tsid) {
+ if ((pSel = pSel->next) == NULL)
+ break;
+ obj = dixLookupPrivate(&pSel->devPrivates, objectKey);
+ }
+ sidput(tsid);
+
+ if (pSel)
+ *rec->ppSel = pSel;
+ else {
+ rec->status = BadMatch;
+ return;
+ }
+ }
+
+ /* Perform the security check */
+ rc = SELinuxDoCheck(subj, obj, SECCLASS_X_SELECTION, access_mode,
+ &auditdata);
+ if (rc != Success)
+ rec->status = rc;
+
+ /* Label the content (advisory only) */
+ if (access_mode & DixSetAttrAccess) {
+ data = dixLookupPrivate(&pSel->devPrivates, dataKey);
+ sidput(data->sid);
+ if (subj->sel_create_sid)
+ sidget(data->sid = subj->sel_create_sid);
+ else
+ sidget(data->sid = obj->sid);
+ }
+}
+
+static void
+SELinuxProperty(CallbackListPtr *pcbl, pointer unused, pointer calldata)
+{
+ XacePropertyAccessRec *rec = calldata;
+ SELinuxSubjectRec *subj;
+ SELinuxObjectRec *obj, *data;
+ PropertyPtr pProp = *rec->ppProp;
+ Atom name = pProp->propertyName;
+ SELinuxAuditRec auditdata = { .client = rec->client, .property = name };
+ security_id_t tsid;
+ int rc;
+
+ /* Don't care about the new content check */
+ if (rec->access_mode & DixPostAccess)
+ return;
+
+ subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey);
+ obj = dixLookupPrivate(&pProp->devPrivates, objectKey);
+
+ /* If this is a new object that needs labeling, do it now */
+ if (rec->access_mode & DixCreateAccess) {
+ sidput(obj->sid);
+ rc = SELinuxPropertyToSID(name, subj, &obj->sid, &obj->poly);
+ if (rc != Success) {
+ rec->status = rc;
+ return;
+ }
+ }
+ /* If this is a polyinstantiated object, find the right instance */
+ else if (obj->poly) {
+ rc = SELinuxPropertyToSID(name, subj, &tsid, NULL);
+ if (rc != Success) {
+ rec->status = rc;
+ return;
+ }
+ while (pProp->propertyName != name || obj->sid != tsid) {
+ if ((pProp = pProp->next) == NULL)
+ break;
+ obj = dixLookupPrivate(&pProp->devPrivates, objectKey);
+ }
+ sidput(tsid);
+
+ if (pProp)
+ *rec->ppProp = pProp;
+ else {
+ rec->status = BadMatch;
+ return;
+ }
+ }
+
+ /* Perform the security check */
+ rc = SELinuxDoCheck(subj, obj, SECCLASS_X_PROPERTY, rec->access_mode,
+ &auditdata);
+ if (rc != Success)
+ rec->status = rc;
+
+ /* Label the content (advisory only) */
+ if (rec->access_mode & DixWriteAccess) {
+ data = dixLookupPrivate(&pProp->devPrivates, dataKey);
+ sidput(data->sid);
+ if (subj->prp_create_sid)
+ sidget(data->sid = subj->prp_create_sid);
+ else
+ sidget(data->sid = obj->sid);
+ }
+}
+
+static void
+SELinuxResource(CallbackListPtr *pcbl, pointer unused, pointer calldata)
+{
+ XaceResourceAccessRec *rec = calldata;
+ SELinuxSubjectRec *subj;
+ SELinuxObjectRec *obj;
+ SELinuxAuditRec auditdata = { .client = rec->client };
+ Mask access_mode = rec->access_mode;
+ PrivateRec **privatePtr;
+ security_class_t class;
+ int rc, offset;
+
+ subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey);
+
+ /* Determine if the resource object has a devPrivates field */
+ offset = dixLookupPrivateOffset(rec->rtype);
+ if (offset < 0) {
+ /* No: use the SID of the owning client */
+ class = SECCLASS_X_RESOURCE;
+ privatePtr = &clients[CLIENT_ID(rec->id)]->devPrivates;
+ obj = dixLookupPrivate(privatePtr, objectKey);
+ } else {
+ /* Yes: use the SID from the resource object itself */
+ class = SELinuxTypeToClass(rec->rtype);
+ privatePtr = DEVPRIV_AT(rec->res, offset);
+ obj = dixLookupPrivate(privatePtr, objectKey);
+ }
+
+ /* If this is a new object that needs labeling, do it now */
+ if (access_mode & DixCreateAccess && offset >= 0) {
+ rc = SELinuxLabelResource(rec, subj, obj, class);
+ if (rc != Success) {
+ rec->status = rc;
+ return;
+ }
+ }
+
+ /* Collapse generic resource permissions down to read/write */
+ if (class == SECCLASS_X_RESOURCE) {
+ access_mode = !!(rec->access_mode & SELinuxReadMask); /* rd */
+ access_mode |= !!(rec->access_mode & ~SELinuxReadMask) << 1; /* wr */
+ }
+
+ /* Perform the security check */
+ auditdata.restype = rec->rtype;
+ auditdata.id = rec->id;
+ rc = SELinuxDoCheck(subj, obj, class, access_mode, &auditdata);
+ if (rc != Success)
+ rec->status = rc;
+
+ /* Perform the background none check on windows */
+ if (access_mode & DixCreateAccess && rec->rtype == RT_WINDOW) {
+ rc = SELinuxDoCheck(subj, obj, class, DixBlendAccess, &auditdata);
+ if (rc != Success)
+ ((WindowPtr)rec->res)->forcedBG = TRUE;
+ }
+}
+
+static void
+SELinuxScreen(CallbackListPtr *pcbl, pointer is_saver, pointer calldata)
+{
+ XaceScreenAccessRec *rec = calldata;
+ SELinuxSubjectRec *subj;
+ SELinuxObjectRec *obj;
+ SELinuxAuditRec auditdata = { .client = rec->client };
+ Mask access_mode = rec->access_mode;
+ int rc;
+
+ subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey);
+ obj = dixLookupPrivate(&rec->screen->devPrivates, objectKey);
+
+ /* If this is a new object that needs labeling, do it now */
+ if (access_mode & DixCreateAccess) {
+ sidput(obj->sid);
+
+ /* Perform a transition to obtain the final SID */
+ if (avc_compute_create(subj->sid, subj->sid, SECCLASS_X_SCREEN,
+ &obj->sid) < 0) {
+ ErrorF("SELinux: a compute_create call failed!\n");
+ rec->status = BadValue;
+ return;
+ }
+ }
+
+ if (is_saver)
+ access_mode <<= 2;
+
+ rc = SELinuxDoCheck(subj, obj, SECCLASS_X_SCREEN, access_mode, &auditdata);
+ if (rc != Success)
+ rec->status = rc;
+}
+
+static void
+SELinuxClient(CallbackListPtr *pcbl, pointer unused, pointer calldata)
+{
+ XaceClientAccessRec *rec = calldata;
+ SELinuxSubjectRec *subj;
+ SELinuxObjectRec *obj;
+ SELinuxAuditRec auditdata = { .client = rec->client };
+ int rc;
+
+ subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey);
+ obj = dixLookupPrivate(&rec->target->devPrivates, objectKey);
+
+ rc = SELinuxDoCheck(subj, obj, SECCLASS_X_CLIENT, rec->access_mode,
+ &auditdata);
+ if (rc != Success)
+ rec->status = rc;
+}
+
+static void
+SELinuxServer(CallbackListPtr *pcbl, pointer unused, pointer calldata)
+{
+ XaceServerAccessRec *rec = calldata;
+ SELinuxSubjectRec *subj;
+ SELinuxObjectRec *obj;
+ SELinuxAuditRec auditdata = { .client = rec->client };
+ int rc;
+
+ subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey);
+ obj = dixLookupPrivate(&serverClient->devPrivates, objectKey);
+
+ rc = SELinuxDoCheck(subj, obj, SECCLASS_X_SERVER, rec->access_mode,
+ &auditdata);
+ if (rc != Success)
+ rec->status = rc;
+}
+
+
+/*
+ * DIX Callbacks
+ */
+
+static void
+SELinuxClientState(CallbackListPtr *pcbl, pointer unused, pointer calldata)
+{
+ NewClientInfoRec *pci = calldata;
+
+ switch (pci->client->clientState) {
+ case ClientStateInitial:
+ SELinuxLabelClient(pci->client);
+ break;
+
+ default:
+ break;
+ }
+}
+
+static void
+SELinuxResourceState(CallbackListPtr *pcbl, pointer unused, pointer calldata)
+{
+ ResourceStateInfoRec *rec = calldata;
+ SELinuxSubjectRec *subj;
+ SELinuxObjectRec *obj;
+ WindowPtr pWin;
+
+ if (rec->type != RT_WINDOW)
+ return;
+ if (rec->state != ResourceStateAdding)
+ return;
+
+ pWin = (WindowPtr)rec->value;
+ subj = dixLookupPrivate(&wClient(pWin)->devPrivates, subjectKey);
+
+ if (subj->sid) {
+ security_context_t ctx;
+ int rc = avc_sid_to_context_raw(subj->sid, &ctx);
+ if (rc < 0)
+ FatalError("SELinux: Failed to get security context!\n");
+ rc = dixChangeWindowProperty(serverClient,
+ pWin, atom_client_ctx, XA_STRING, 8,
+ PropModeReplace, strlen(ctx), ctx, FALSE);
+ if (rc != Success)
+ FatalError("SELinux: Failed to set label property on window!\n");
+ freecon(ctx);
+ } else
+ FatalError("SELinux: Unexpected unlabeled client found\n");
+
+ obj = dixLookupPrivate(&pWin->devPrivates, objectKey);
+
+ if (obj->sid) {
+ security_context_t ctx;
+ int rc = avc_sid_to_context_raw(obj->sid, &ctx);
+ if (rc < 0)
+ FatalError("SELinux: Failed to get security context!\n");
+ rc = dixChangeWindowProperty(serverClient,
+ pWin, atom_ctx, XA_STRING, 8,
+ PropModeReplace, strlen(ctx), ctx, FALSE);
+ if (rc != Success)
+ FatalError("SELinux: Failed to set label property on window!\n");
+ freecon(ctx);
+ } else
+ FatalError("SELinux: Unexpected unlabeled window found\n");
+}
+
+
+/*
+ * DevPrivates Callbacks
+ */
+
+static void
+SELinuxSubjectInit(CallbackListPtr *pcbl, pointer unused, pointer calldata)
+{
+ PrivateCallbackRec *rec = calldata;
+ SELinuxSubjectRec *subj = *rec->value;
+
+ sidget(unlabeled_sid);
+ subj->sid = unlabeled_sid;
+
+ avc_entry_ref_init(&subj->aeref);
+}
+
+static void
+SELinuxSubjectFree(CallbackListPtr *pcbl, pointer unused, pointer calldata)
+{
+ PrivateCallbackRec *rec = calldata;
+ SELinuxSubjectRec *subj = *rec->value;
+
+ xfree(subj->command);
+
+ if (avc_active) {
+ sidput(subj->sid);
+ sidput(subj->dev_create_sid);
+ sidput(subj->win_create_sid);
+ sidput(subj->sel_create_sid);
+ sidput(subj->prp_create_sid);
+ }
+}
+
+static void
+SELinuxObjectInit(CallbackListPtr *pcbl, pointer unused, pointer calldata)
+{
+ PrivateCallbackRec *rec = calldata;
+ SELinuxObjectRec *obj = *rec->value;
+
+ sidget(unlabeled_sid);
+ obj->sid = unlabeled_sid;
+}
+
+static void
+SELinuxObjectFree(CallbackListPtr *pcbl, pointer unused, pointer calldata)
+{
+ PrivateCallbackRec *rec = calldata;
+ SELinuxObjectRec *obj = *rec->value;
+
+ if (avc_active)
+ sidput(obj->sid);
+}
+
+#ifdef HAVE_AVC_NETLINK_ACQUIRE_FD
+static int netlink_fd;
+
+static void
+SELinuxBlockHandler(void *data, struct timeval **tv, void *read_mask)
+{
+}
+
+static void
+SELinuxWakeupHandler(void *data, int err, void *read_mask)
+{
+ if (FD_ISSET(netlink_fd, (fd_set *)read_mask))
+ avc_netlink_check_nb();
+}
+#endif
+
+void
+SELinuxFlaskReset(void)
+{
+ /* Unregister callbacks */
+ DeleteCallback(&ClientStateCallback, SELinuxClientState, NULL);
+ DeleteCallback(&ResourceStateCallback, SELinuxResourceState, NULL);
+
+ XaceDeleteCallback(XACE_EXT_DISPATCH, SELinuxExtension, NULL);
+ XaceDeleteCallback(XACE_RESOURCE_ACCESS, SELinuxResource, NULL);
+ XaceDeleteCallback(XACE_DEVICE_ACCESS, SELinuxDevice, NULL);
+ XaceDeleteCallback(XACE_PROPERTY_ACCESS, SELinuxProperty, NULL);
+ XaceDeleteCallback(XACE_SEND_ACCESS, SELinuxSend, NULL);
+ XaceDeleteCallback(XACE_RECEIVE_ACCESS, SELinuxReceive, NULL);
+ XaceDeleteCallback(XACE_CLIENT_ACCESS, SELinuxClient, NULL);
+ XaceDeleteCallback(XACE_EXT_ACCESS, SELinuxExtension, NULL);
+ XaceDeleteCallback(XACE_SERVER_ACCESS, SELinuxServer, NULL);
+ XaceDeleteCallback(XACE_SELECTION_ACCESS, SELinuxSelection, NULL);
+ XaceDeleteCallback(XACE_SCREEN_ACCESS, SELinuxScreen, NULL);
+ XaceDeleteCallback(XACE_SCREENSAVER_ACCESS, SELinuxScreen, truep);
+
+ /* Tear down SELinux stuff */
+ audit_close(audit_fd);
+#ifdef HAVE_AVC_NETLINK_ACQUIRE_FD
+ avc_netlink_release_fd();
+ RemoveBlockAndWakeupHandlers(SELinuxBlockHandler, SELinuxWakeupHandler,
+ NULL);
+ RemoveGeneralSocket(netlink_fd);
+#endif
+
+ avc_destroy();
+ avc_active = 0;
+}
+
+void
+SELinuxFlaskInit(void)
+{
+ struct selinux_opt avc_option = { AVC_OPT_SETENFORCE, (char *)0 };
+ security_context_t ctx;
+ int ret = TRUE;
+
+ switch(selinuxEnforcingState) {
+ case SELINUX_MODE_ENFORCING:
+ LogMessage(X_INFO, "SELinux: Configured in enforcing mode\n");
+ avc_option.value = (char *)1;
+ break;
+ case SELINUX_MODE_PERMISSIVE:
+ LogMessage(X_INFO, "SELinux: Configured in permissive mode\n");
+ avc_option.value = (char *)0;
+ break;
+ default:
+ avc_option.type = AVC_OPT_UNUSED;
+ break;
+ }
+
+ /* Set up SELinux stuff */
+ selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback)SELinuxLog);
+ selinux_set_callback(SELINUX_CB_AUDIT, (union selinux_callback)SELinuxAudit);
+
+ if (selinux_set_mapping(map) < 0) {
+ if (errno == EINVAL) {
+ ErrorF("SELinux: Invalid object class mapping, disabling SELinux support.\n");
+ return;
+ }
+ FatalError("SELinux: Failed to set up security class mapping\n");
+ }
+
+ if (avc_open(&avc_option, 1) < 0)
+ FatalError("SELinux: Couldn't initialize SELinux userspace AVC\n");
+ avc_active = 1;
+
+ if (security_get_initial_context_raw("unlabeled", &ctx) < 0)
+ FatalError("SELinux: Failed to look up unlabeled context\n");
+ if (avc_context_to_sid_raw(ctx, &unlabeled_sid) < 0)
+ FatalError("SELinux: a context_to_SID call failed!\n");
+ freecon(ctx);
+
+ /* Prepare for auditing */
+ audit_fd = audit_open();
+ if (audit_fd < 0)
+ FatalError("SELinux: Failed to open the system audit log\n");
+
+ /* Allocate private storage */
+ if (!dixRequestPrivate(subjectKey, sizeof(SELinuxSubjectRec)) ||
+ !dixRequestPrivate(objectKey, sizeof(SELinuxObjectRec)) ||
+ !dixRequestPrivate(dataKey, sizeof(SELinuxObjectRec)))
+ FatalError("SELinux: Failed to allocate private storage.\n");
+
+ /* Create atoms for doing window labeling */
+ atom_ctx = MakeAtom("_SELINUX_CONTEXT", 16, TRUE);
+ if (atom_ctx == BAD_RESOURCE)
+ FatalError("SELinux: Failed to create atom\n");
+ atom_client_ctx = MakeAtom("_SELINUX_CLIENT_CONTEXT", 23, TRUE);
+ if (atom_client_ctx == BAD_RESOURCE)
+ FatalError("SELinux: Failed to create atom\n");
+
+#ifdef HAVE_AVC_NETLINK_ACQUIRE_FD
+ netlink_fd = avc_netlink_acquire_fd();
+ AddGeneralSocket(netlink_fd);
+ RegisterBlockAndWakeupHandlers(SELinuxBlockHandler, SELinuxWakeupHandler,
+ NULL);
+#endif
+
+ /* Register callbacks */
+ ret &= dixRegisterPrivateInitFunc(subjectKey, SELinuxSubjectInit, NULL);
+ ret &= dixRegisterPrivateDeleteFunc(subjectKey, SELinuxSubjectFree, NULL);
+ ret &= dixRegisterPrivateInitFunc(objectKey, SELinuxObjectInit, NULL);
+ ret &= dixRegisterPrivateDeleteFunc(objectKey, SELinuxObjectFree, NULL);
+ ret &= dixRegisterPrivateInitFunc(dataKey, SELinuxObjectInit, NULL);
+ ret &= dixRegisterPrivateDeleteFunc(dataKey, SELinuxObjectFree, NULL);
+
+ ret &= AddCallback(&ClientStateCallback, SELinuxClientState, NULL);
+ ret &= AddCallback(&ResourceStateCallback, SELinuxResourceState, NULL);
+
+ ret &= XaceRegisterCallback(XACE_EXT_DISPATCH, SELinuxExtension, NULL);
+ ret &= XaceRegisterCallback(XACE_RESOURCE_ACCESS, SELinuxResource, NULL);
+ ret &= XaceRegisterCallback(XACE_DEVICE_ACCESS, SELinuxDevice, NULL);
+ ret &= XaceRegisterCallback(XACE_PROPERTY_ACCESS, SELinuxProperty, NULL);
+ ret &= XaceRegisterCallback(XACE_SEND_ACCESS, SELinuxSend, NULL);
+ ret &= XaceRegisterCallback(XACE_RECEIVE_ACCESS, SELinuxReceive, NULL);
+ ret &= XaceRegisterCallback(XACE_CLIENT_ACCESS, SELinuxClient, NULL);
+ ret &= XaceRegisterCallback(XACE_EXT_ACCESS, SELinuxExtension, NULL);
+ ret &= XaceRegisterCallback(XACE_SERVER_ACCESS, SELinuxServer, NULL);
+ ret &= XaceRegisterCallback(XACE_SELECTION_ACCESS, SELinuxSelection, NULL);
+ ret &= XaceRegisterCallback(XACE_SCREEN_ACCESS, SELinuxScreen, NULL);
+ ret &= XaceRegisterCallback(XACE_SCREENSAVER_ACCESS, SELinuxScreen, truep);
+ if (!ret)
+ FatalError("SELinux: Failed to register one or more callbacks\n");
+
+ /* Label objects that were created before we could register ourself */
+ SELinuxLabelInitial();
+}
diff --git a/Xext/xselinux_label.c b/Xext/xselinux_label.c
new file mode 100644
index 0000000..7ec10ff
--- /dev/null
+++ b/Xext/xselinux_label.c
@@ -0,0 +1,364 @@
+/************************************************************
+
+Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+this permission notice appear in supporting documentation. This permission
+notice shall be included in all copies or substantial portions of the
+Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+********************************************************/
+
+#ifdef HAVE_DIX_CONFIG_H
+#include <dix-config.h>
+#endif
+
+#include <selinux/label.h>
+
+#include "registry.h"
+#include "xselinuxint.h"
+
+/* selection and property atom cache */
+typedef struct {
+ SELinuxObjectRec prp;
+ SELinuxObjectRec sel;
+} SELinuxAtomRec;
+
+/* labeling handle */
+static struct selabel_handle *label_hnd;
+
+/* Array of object classes indexed by resource type */
+static security_class_t *knownTypes;
+static unsigned numKnownTypes;
+
+/* Array of event SIDs indexed by event type */
+static security_id_t *knownEvents;
+static unsigned numKnownEvents;
+
+/* Array of property and selection SID structures */
+static SELinuxAtomRec *knownAtoms;
+static unsigned numKnownAtoms;
+
+
+/*
+ * Looks up a name in the selection or property mappings
+ */
+static int
+SELinuxAtomToSIDLookup(Atom atom, SELinuxObjectRec *obj, int map, int polymap)
+{
+ const char *name = NameForAtom(atom);
+ security_context_t ctx;
+ int rc = Success;
+
+ obj->poly = 1;
+
+ /* Look in the mappings of names to contexts */
+ if (selabel_lookup_raw(label_hnd, &ctx, name, map) == 0) {
+ obj->poly = 0;
+ } else if (errno != ENOENT) {
+ ErrorF("SELinux: a property label lookup failed!\n");
+ return BadValue;
+ } else if (selabel_lookup_raw(label_hnd, &ctx, name, polymap) < 0) {
+ ErrorF("SELinux: a property label lookup failed!\n");
+ return BadValue;
+ }
+
+ /* Get a SID for context */
+ if (avc_context_to_sid_raw(ctx, &obj->sid) < 0) {
+ ErrorF("SELinux: a context_to_SID_raw call failed!\n");
+ rc = BadAlloc;
+ }
+
+ freecon(ctx);
+ return rc;
+}
+
+/*
+ * Looks up the SID corresponding to the given property or selection atom
+ */
+int
+SELinuxAtomToSID(Atom atom, int prop, SELinuxObjectRec **obj_rtn)
+{
+ SELinuxObjectRec *obj;
+ int rc, map, polymap;
+
+ if (atom >= numKnownAtoms) {
+ /* Need to increase size of atoms array */
+ unsigned size = sizeof(SELinuxAtomRec);
+ knownAtoms = xrealloc(knownAtoms, (atom + 1) * size);
+ if (!knownAtoms)
+ return BadAlloc;
+ memset(knownAtoms + numKnownAtoms, 0,
+ (atom - numKnownAtoms + 1) * size);
+ numKnownAtoms = atom + 1;
+ }
+
+ if (prop) {
+ obj = &knownAtoms[atom].prp;
+ map = SELABEL_X_PROP;
+ polymap = SELABEL_X_POLYPROP;
+ } else {
+ obj = &knownAtoms[atom].sel;
+ map = SELABEL_X_SELN;
+ polymap = SELABEL_X_POLYSELN;
+ }
+
+ if (!obj->sid) {
+ rc = SELinuxAtomToSIDLookup(atom, obj, map, polymap);
+ if (rc != Success)
+ goto out;
+ }
+
+ *obj_rtn = obj;
+ rc = Success;
+out:
+ return rc;
+}
+
+/*
+ * Looks up a SID for a selection/subject pair
+ */
+int
+SELinuxSelectionToSID(Atom selection, SELinuxSubjectRec *subj,
+ security_id_t *sid_rtn, int *poly_rtn)
+{
+ int rc;
+ SELinuxObjectRec *obj;
+ security_id_t tsid;
+
+ /* Get the default context and polyinstantiation bit */
+ rc = SELinuxAtomToSID(selection, 0, &obj);
+ if (rc != Success)
+ return rc;
+
+ /* Check for an override context next */
+ if (subj->sel_use_sid) {
+ sidget(tsid = subj->sel_use_sid);
+ goto out;
+ }
+
+ sidget(tsid = obj->sid);
+
+ /* Polyinstantiate if necessary to obtain the final SID */
+ if (obj->poly) {
+ sidput(tsid);
+ if (avc_compute_member(subj->sid, obj->sid,
+ SECCLASS_X_SELECTION, &tsid) < 0) {
+ ErrorF("SELinux: a compute_member call failed!\n");
+ return BadValue;
+ }
+ }
+out:
+ *sid_rtn = tsid;
+ if (poly_rtn)
+ *poly_rtn = obj->poly;
+ return Success;
+}
+
+/*
+ * Looks up a SID for a property/subject pair
+ */
+int
+SELinuxPropertyToSID(Atom property, SELinuxSubjectRec *subj,
+ security_id_t *sid_rtn, int *poly_rtn)
+{
+ int rc;
+ SELinuxObjectRec *obj;
+ security_id_t tsid, tsid2;
+
+ /* Get the default context and polyinstantiation bit */
+ rc = SELinuxAtomToSID(property, 1, &obj);
+ if (rc != Success)
+ return rc;
+
+ /* Check for an override context next */
+ if (subj->prp_use_sid) {
+ sidget(tsid = subj->prp_use_sid);
+ goto out;
+ }
+
+ /* Perform a transition */
+ if (avc_compute_create(subj->sid, obj->sid,
+ SECCLASS_X_PROPERTY, &tsid) < 0) {
+ ErrorF("SELinux: a compute_create call failed!\n");
+ return BadValue;
+ }
+
+ /* Polyinstantiate if necessary to obtain the final SID */
+ if (obj->poly) {
+ tsid2 = tsid;
+ if (avc_compute_member(subj->sid, tsid2,
+ SECCLASS_X_PROPERTY, &tsid) < 0) {
+ ErrorF("SELinux: a compute_member call failed!\n");
+ sidput(tsid2);
+ return BadValue;
+ }
+ sidput(tsid2);
+ }
+out:
+ *sid_rtn = tsid;
+ if (poly_rtn)
+ *poly_rtn = obj->poly;
+ return Success;
+}
+
+/*
+ * Looks up the SID corresponding to the given event type
+ */
+int
+SELinuxEventToSID(unsigned type, security_id_t sid_of_window,
+ SELinuxObjectRec *sid_return)
+{
+ const char *name = LookupEventName(type);
+ security_context_t ctx;
+ type &= 127;
+
+ if (type >= numKnownEvents) {
+ /* Need to increase size of classes array */
+ unsigned size = sizeof(security_id_t);
+ knownEvents = xrealloc(knownEvents, (type + 1) * size);
+ if (!knownEvents)
+ return BadAlloc;
+ memset(knownEvents + numKnownEvents, 0,
+ (type - numKnownEvents + 1) * size);
+ numKnownEvents = type + 1;
+ }
+
+ if (!knownEvents[type]) {
+ /* Look in the mappings of event names to contexts */
+ if (selabel_lookup_raw(label_hnd, &ctx, name, SELABEL_X_EVENT) < 0) {
+ ErrorF("SELinux: an event label lookup failed!\n");
+ return BadValue;
+ }
+ /* Get a SID for context */
+ if (avc_context_to_sid_raw(ctx, knownEvents + type) < 0) {
+ ErrorF("SELinux: a context_to_SID_raw call failed!\n");
+ return BadAlloc;
+ }
+ freecon(ctx);
+ }
+
+ /* Perform a transition to obtain the final SID */
+ if (avc_compute_create(sid_of_window, knownEvents[type], SECCLASS_X_EVENT,
+ &sid_return->sid) < 0) {
+ ErrorF("SELinux: a compute_create call failed!\n");
+ return BadValue;
+ }
+
+ return Success;
+}
+
+int
+SELinuxExtensionToSID(const char *name, security_id_t *sid_rtn)
+{
+ security_context_t ctx;
+
+ /* Look in the mappings of extension names to contexts */
+ if (selabel_lookup_raw(label_hnd, &ctx, name, SELABEL_X_EXT) < 0) {
+ ErrorF("SELinux: a property label lookup failed!\n");
+ return BadValue;
+ }
+ /* Get a SID for context */
+ if (avc_context_to_sid_raw(ctx, sid_rtn) < 0) {
+ ErrorF("SELinux: a context_to_SID_raw call failed!\n");
+ freecon(ctx);
+ return BadAlloc;
+ }
+ freecon(ctx);
+ return Success;
+}
+
+/*
+ * Returns the object class corresponding to the given resource type.
+ */
+security_class_t
+SELinuxTypeToClass(RESTYPE type)
+{
+ RESTYPE fulltype = type;
+ type &= TypeMask;
+
+ if (type >= numKnownTypes) {
+ /* Need to increase size of classes array */
+ unsigned size = sizeof(security_class_t);
+ knownTypes = xrealloc(knownTypes, (type + 1) * size);
+ if (!knownTypes)
+ return 0;
+ memset(knownTypes + numKnownTypes, 0,
+ (type - numKnownTypes + 1) * size);
+ numKnownTypes = type + 1;
+ }
+
+ if (!knownTypes[type]) {
+ const char *str;
+ knownTypes[type] = SECCLASS_X_RESOURCE;
+
+ if (fulltype & RC_DRAWABLE)
+ knownTypes[type] = SECCLASS_X_DRAWABLE;
+ if (fulltype == RT_GC)
+ knownTypes[type] = SECCLASS_X_GC;
+ if (fulltype == RT_FONT)
+ knownTypes[type] = SECCLASS_X_FONT;
+ if (fulltype == RT_CURSOR)
+ knownTypes[type] = SECCLASS_X_CURSOR;
+ if (fulltype == RT_COLORMAP)
+ knownTypes[type] = SECCLASS_X_COLORMAP;
+
+ /* Need to do a string lookup */
+ str = LookupResourceName(fulltype);
+ if (!strcmp(str, "PICTURE"))
+ knownTypes[type] = SECCLASS_X_DRAWABLE;
+ if (!strcmp(str, "GLYPHSET"))
+ knownTypes[type] = SECCLASS_X_FONT;
+ }
+
+ return knownTypes[type];
+}
+
+security_context_t
+SELinuxDefaultClientLabel(void)
+{
+ security_context_t ctx;
+
+ if (selabel_lookup_raw(label_hnd, &ctx, "remote", SELABEL_X_CLIENT) < 0)
+ FatalError("SELinux: failed to look up remote-client context\n");
+
+ return ctx;
+}
+
+void
+SELinuxLabelInit(void)
+{
+ struct selinux_opt selabel_option = { SELABEL_OPT_VALIDATE, (char *)1 };
+
+ label_hnd = selabel_open(SELABEL_CTX_X, &selabel_option, 1);
+ if (!label_hnd)
+ FatalError("SELinux: Failed to open x_contexts mapping in policy\n");
+}
+
+void
+SELinuxLabelReset(void)
+{
+ selabel_close(label_hnd);
+ label_hnd = NULL;
+
+ /* Free local state */
+ xfree(knownAtoms);
+ knownAtoms = NULL;
+ numKnownAtoms = 0;
+
+ xfree(knownEvents);
+ knownEvents = NULL;
+ numKnownEvents = 0;
+
+ xfree(knownTypes);
+ knownTypes = NULL;
+ numKnownTypes = 0;
+}
diff --git a/Xext/xselinuxint.h b/Xext/xselinuxint.h
new file mode 100644
index 0000000..d1b35bf
--- /dev/null
+++ b/Xext/xselinuxint.h
@@ -0,0 +1,525 @@
+/************************************************************
+
+Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
+
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+this permission notice appear in supporting documentation. This permission
+notice shall be included in all copies or substantial portions of the
+Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+********************************************************/
+
+#ifndef _XSELINUXINT_H
+#define _XSELINUXINT_H
+
+#include <selinux/selinux.h>
+#include <selinux/avc.h>
+
+#include "globals.h"
+#include "dixaccess.h"
+#include "dixstruct.h"
+#include "privates.h"
+#include "resource.h"
+#include "registry.h"
+#include "inputstr.h"
+#include "xselinux.h"
+
+/*
+ * Types
+ */
+
+/* subject state (clients and devices only) */
+typedef struct {
+ security_id_t sid;
+ security_id_t dev_create_sid;
+ security_id_t win_create_sid;
+ security_id_t sel_create_sid;
+ security_id_t prp_create_sid;
+ security_id_t sel_use_sid;
+ security_id_t prp_use_sid;
+ struct avc_entry_ref aeref;
+ char *command;
+ int privileged;
+} SELinuxSubjectRec;
+
+/* object state */
+typedef struct {
+ security_id_t sid;
+ int poly;
+} SELinuxObjectRec;
+
+/*
+ * Globals
+ */
+
+extern DevPrivateKey subjectKey;
+extern DevPrivateKey objectKey;
+extern DevPrivateKey dataKey;
+
+/*
+ * Label functions
+ */
+
+int
+SELinuxAtomToSID(Atom atom, int prop, SELinuxObjectRec **obj_rtn);
+
+int
+SELinuxSelectionToSID(Atom selection, SELinuxSubjectRec *subj,
+ security_id_t *sid_rtn, int *poly_rtn);
+
+int
+SELinuxPropertyToSID(Atom property, SELinuxSubjectRec *subj,
+ security_id_t *sid_rtn, int *poly_rtn);
+
+int
+SELinuxEventToSID(unsigned type, security_id_t sid_of_window,
+ SELinuxObjectRec *sid_return);
+
+int
+SELinuxExtensionToSID(const char *name, security_id_t *sid_rtn);
+
+security_class_t
+SELinuxTypeToClass(RESTYPE type);
+
+security_context_t
+SELinuxDefaultClientLabel(void);
+
+void
+SELinuxLabelInit(void);
+
+void
+SELinuxLabelReset(void);
+
+/*
+ * Security module functions
+ */
+
+void
+SELinuxFlaskInit(void);
+
+void
+SELinuxFlaskReset(void);
+
+
+/*
+ * Private Flask definitions
+ */
+
+/* Security class constants */
+#define SECCLASS_X_DRAWABLE 1
+#define SECCLASS_X_SCREEN 2
+#define SECCLASS_X_GC 3
+#define SECCLASS_X_FONT 4
+#define SECCLASS_X_COLORMAP 5
+#define SECCLASS_X_PROPERTY 6
+#define SECCLASS_X_SELECTION 7
+#define SECCLASS_X_CURSOR 8
+#define SECCLASS_X_CLIENT 9
+#define SECCLASS_X_DEVICE 10
+#define SECCLASS_X_SERVER 11
+#define SECCLASS_X_EXTENSION 12
+#define SECCLASS_X_EVENT 13
+#define SECCLASS_X_FAKEEVENT 14
+#define SECCLASS_X_RESOURCE 15
+
+#ifdef _XSELINUX_NEED_FLASK_MAP
+/* Mapping from DixAccess bits to Flask permissions */
+static struct security_class_mapping map[] = {
+ { "x_drawable",
+ { "read", /* DixReadAccess */
+ "write", /* DixWriteAccess */
+ "destroy", /* DixDestroyAccess */
+ "create", /* DixCreateAccess */
+ "getattr", /* DixGetAttrAccess */
+ "setattr", /* DixSetAttrAccess */
+ "list_property", /* DixListPropAccess */
+ "get_property", /* DixGetPropAccess */
+ "set_property", /* DixSetPropAccess */
+ "", /* DixGetFocusAccess */
+ "", /* DixSetFocusAccess */
+ "list_child", /* DixListAccess */
+ "add_child", /* DixAddAccess */
+ "remove_child", /* DixRemoveAccess */
+ "hide", /* DixHideAccess */
+ "show", /* DixShowAccess */
+ "blend", /* DixBlendAccess */
+ "override", /* DixGrabAccess */
+ "", /* DixFreezeAccess */
+ "", /* DixForceAccess */
+ "", /* DixInstallAccess */
+ "", /* DixUninstallAccess */
+ "send", /* DixSendAccess */
+ "receive", /* DixReceiveAccess */
+ "", /* DixUseAccess */
+ "manage", /* DixManageAccess */
+ NULL }},
+ { "x_screen",
+ { "", /* DixReadAccess */
+ "", /* DixWriteAccess */
+ "", /* DixDestroyAccess */
+ "", /* DixCreateAccess */
+ "getattr", /* DixGetAttrAccess */
+ "setattr", /* DixSetAttrAccess */
+ "saver_getattr", /* DixListPropAccess */
+ "saver_setattr", /* DixGetPropAccess */
+ "", /* DixSetPropAccess */
+ "", /* DixGetFocusAccess */
+ "", /* DixSetFocusAccess */
+ "", /* DixListAccess */
+ "", /* DixAddAccess */
+ "", /* DixRemoveAccess */
+ "hide_cursor", /* DixHideAccess */
+ "show_cursor", /* DixShowAccess */
+ "saver_hide", /* DixBlendAccess */
+ "saver_show", /* DixGrabAccess */
+ NULL }},
+ { "x_gc",
+ { "", /* DixReadAccess */
+ "", /* DixWriteAccess */
+ "destroy", /* DixDestroyAccess */
+ "create", /* DixCreateAccess */
+ "getattr", /* DixGetAttrAccess */
+ "setattr", /* DixSetAttrAccess */
+ "", /* DixListPropAccess */
+ "", /* DixGetPropAccess */
+ "", /* DixSetPropAccess */
+ "", /* DixGetFocusAccess */
+ "", /* DixSetFocusAccess */
+ "", /* DixListAccess */
+ "", /* DixAddAccess */
+ "", /* DixRemoveAccess */
+ "", /* DixHideAccess */
+ "", /* DixShowAccess */
+ "", /* DixBlendAccess */
+ "", /* DixGrabAccess */
+ "", /* DixFreezeAccess */
+ "", /* DixForceAccess */
+ "", /* DixInstallAccess */
+ "", /* DixUninstallAccess */
+ "", /* DixSendAccess */
+ "", /* DixReceiveAccess */
+ "use", /* DixUseAccess */
+ NULL }},
+ { "x_font",
+ { "", /* DixReadAccess */
+ "", /* DixWriteAccess */
+ "destroy", /* DixDestroyAccess */
+ "create", /* DixCreateAccess */
+ "getattr", /* DixGetAttrAccess */
+ "", /* DixSetAttrAccess */
+ "", /* DixListPropAccess */
+ "", /* DixGetPropAccess */
+ "", /* DixSetPropAccess */
+ "", /* DixGetFocusAccess */
+ "", /* DixSetFocusAccess */
+ "", /* DixListAccess */
+ "add_glyph", /* DixAddAccess */
+ "remove_glyph", /* DixRemoveAccess */
+ "", /* DixHideAccess */
+ "", /* DixShowAccess */
+ "", /* DixBlendAccess */
+ "", /* DixGrabAccess */
+ "", /* DixFreezeAccess */
+ "", /* DixForceAccess */
+ "", /* DixInstallAccess */
+ "", /* DixUninstallAccess */
+ "", /* DixSendAccess */
+ "", /* DixReceiveAccess */
+ "use", /* DixUseAccess */
+ NULL }},
+ { "x_colormap",
+ { "read", /* DixReadAccess */
+ "write", /* DixWriteAccess */
+ "destroy", /* DixDestroyAccess */
+ "create", /* DixCreateAccess */
+ "getattr", /* DixGetAttrAccess */
+ "", /* DixSetAttrAccess */
+ "", /* DixListPropAccess */
+ "", /* DixGetPropAccess */
+ "", /* DixSetPropAccess */
+ "", /* DixGetFocusAccess */
+ "", /* DixSetFocusAccess */
+ "", /* DixListAccess */
+ "add_color", /* DixAddAccess */
+ "remove_color", /* DixRemoveAccess */
+ "", /* DixHideAccess */
+ "", /* DixShowAccess */
+ "", /* DixBlendAccess */
+ "", /* DixGrabAccess */
+ "", /* DixFreezeAccess */
+ "", /* DixForceAccess */
+ "install", /* DixInstallAccess */
+ "uninstall", /* DixUninstallAccess */
+ "", /* DixSendAccess */
+ "", /* DixReceiveAccess */
+ "use", /* DixUseAccess */
+ NULL }},
+ { "x_property",
+ { "read", /* DixReadAccess */
+ "write", /* DixWriteAccess */
+ "destroy", /* DixDestroyAccess */
+ "create", /* DixCreateAccess */
+ "getattr", /* DixGetAttrAccess */
+ "setattr", /* DixSetAttrAccess */
+ "", /* DixListPropAccess */
+ "", /* DixGetPropAccess */
+ "", /* DixSetPropAccess */
+ "", /* DixGetFocusAccess */
+ "", /* DixSetFocusAccess */
+ "", /* DixListAccess */
+ "", /* DixAddAccess */
+ "", /* DixRemoveAccess */
+ "", /* DixHideAccess */
+ "", /* DixShowAccess */
+ "write", /* DixBlendAccess */
+ NULL }},
+ { "x_selection",
+ { "read", /* DixReadAccess */
+ "", /* DixWriteAccess */
+ "", /* DixDestroyAccess */
+ "setattr", /* DixCreateAccess */
+ "getattr", /* DixGetAttrAccess */
+ "setattr", /* DixSetAttrAccess */
+ NULL }},
+ { "x_cursor",
+ { "read", /* DixReadAccess */
+ "write", /* DixWriteAccess */
+ "destroy", /* DixDestroyAccess */
+ "create", /* DixCreateAccess */
+ "getattr", /* DixGetAttrAccess */
+ "setattr", /* DixSetAttrAccess */
+ "", /* DixListPropAccess */
+ "", /* DixGetPropAccess */
+ "", /* DixSetPropAccess */
+ "", /* DixGetFocusAccess */
+ "", /* DixSetFocusAccess */
+ "", /* DixListAccess */
+ "", /* DixAddAccess */
+ "", /* DixRemoveAccess */
+ "", /* DixHideAccess */
+ "", /* DixShowAccess */
+ "", /* DixBlendAccess */
+ "", /* DixGrabAccess */
+ "", /* DixFreezeAccess */
+ "", /* DixForceAccess */
+ "", /* DixInstallAccess */
+ "", /* DixUninstallAccess */
+ "", /* DixSendAccess */
+ "", /* DixReceiveAccess */
+ "use", /* DixUseAccess */
+ NULL }},
+ { "x_client",
+ { "", /* DixReadAccess */
+ "", /* DixWriteAccess */
+ "destroy", /* DixDestroyAccess */
+ "", /* DixCreateAccess */
+ "getattr", /* DixGetAttrAccess */
+ "setattr", /* DixSetAttrAccess */
+ "", /* DixListPropAccess */
+ "", /* DixGetPropAccess */
+ "", /* DixSetPropAccess */
+ "", /* DixGetFocusAccess */
+ "", /* DixSetFocusAccess */
+ "", /* DixListAccess */
+ "", /* DixAddAccess */
+ "", /* DixRemoveAccess */
+ "", /* DixHideAccess */
+ "", /* DixShowAccess */
+ "", /* DixBlendAccess */
+ "", /* DixGrabAccess */
+ "", /* DixFreezeAccess */
+ "", /* DixForceAccess */
+ "", /* DixInstallAccess */
+ "", /* DixUninstallAccess */
+ "", /* DixSendAccess */
+ "", /* DixReceiveAccess */
+ "", /* DixUseAccess */
+ "manage", /* DixManageAccess */
+ NULL }},
+ { "x_device",
+ { "read", /* DixReadAccess */
+ "write", /* DixWriteAccess */
+ "destroy", /* DixDestroyAccess */
+ "create", /* DixCreateAccess */
+ "getattr", /* DixGetAttrAccess */
+ "setattr", /* DixSetAttrAccess */
+ "list_property", /* DixListPropAccess */
+ "get_property", /* DixGetPropAccess */
+ "set_property", /* DixSetPropAccess */
+ "getfocus", /* DixGetFocusAccess */
+ "setfocus", /* DixSetFocusAccess */
+ "", /* DixListAccess */
+ "add", /* DixAddAccess */
+ "remove", /* DixRemoveAccess */
+ "", /* DixHideAccess */
+ "", /* DixShowAccess */
+ "", /* DixBlendAccess */
+ "grab", /* DixGrabAccess */
+ "freeze", /* DixFreezeAccess */
+ "force_cursor", /* DixForceAccess */
+ "", /* DixInstallAccess */
+ "", /* DixUninstallAccess */
+ "", /* DixSendAccess */
+ "", /* DixReceiveAccess */
+ "use", /* DixUseAccess */
+ "manage", /* DixManageAccess */
+ "", /* DixDebugAccess */
+ "bell", /* DixBellAccess */
+ NULL }},
+ { "x_server",
+ { "record", /* DixReadAccess */
+ "", /* DixWriteAccess */
+ "", /* DixDestroyAccess */
+ "", /* DixCreateAccess */
+ "getattr", /* DixGetAttrAccess */
+ "setattr", /* DixSetAttrAccess */
+ "", /* DixListPropAccess */
+ "", /* DixGetPropAccess */
+ "", /* DixSetPropAccess */
+ "", /* DixGetFocusAccess */
+ "", /* DixSetFocusAccess */
+ "", /* DixListAccess */
+ "", /* DixAddAccess */
+ "", /* DixRemoveAccess */
+ "", /* DixHideAccess */
+ "", /* DixShowAccess */
+ "", /* DixBlendAccess */
+ "grab", /* DixGrabAccess */
+ "", /* DixFreezeAccess */
+ "", /* DixForceAccess */
+ "", /* DixInstallAccess */
+ "", /* DixUninstallAccess */
+ "", /* DixSendAccess */
+ "", /* DixReceiveAccess */
+ "", /* DixUseAccess */
+ "manage", /* DixManageAccess */
+ "debug", /* DixDebugAccess */
+ NULL }},
+ { "x_extension",
+ { "", /* DixReadAccess */
+ "", /* DixWriteAccess */
+ "", /* DixDestroyAccess */
+ "", /* DixCreateAccess */
+ "query", /* DixGetAttrAccess */
+ "", /* DixSetAttrAccess */
+ "", /* DixListPropAccess */
+ "", /* DixGetPropAccess */
+ "", /* DixSetPropAccess */
+ "", /* DixGetFocusAccess */
+ "", /* DixSetFocusAccess */
+ "", /* DixListAccess */
+ "", /* DixAddAccess */
+ "", /* DixRemoveAccess */
+ "", /* DixHideAccess */
+ "", /* DixShowAccess */
+ "", /* DixBlendAccess */
+ "", /* DixGrabAccess */
+ "", /* DixFreezeAccess */
+ "", /* DixForceAccess */
+ "", /* DixInstallAccess */
+ "", /* DixUninstallAccess */
+ "", /* DixSendAccess */
+ "", /* DixReceiveAccess */
+ "use", /* DixUseAccess */
+ NULL }},
+ { "x_event",
+ { "", /* DixReadAccess */
+ "", /* DixWriteAccess */
+ "", /* DixDestroyAccess */
+ "", /* DixCreateAccess */
+ "", /* DixGetAttrAccess */
+ "", /* DixSetAttrAccess */
+ "", /* DixListPropAccess */
+ "", /* DixGetPropAccess */
+ "", /* DixSetPropAccess */
+ "", /* DixGetFocusAccess */
+ "", /* DixSetFocusAccess */
+ "", /* DixListAccess */
+ "", /* DixAddAccess */
+ "", /* DixRemoveAccess */
+ "", /* DixHideAccess */
+ "", /* DixShowAccess */
+ "", /* DixBlendAccess */
+ "", /* DixGrabAccess */
+ "", /* DixFreezeAccess */
+ "", /* DixForceAccess */
+ "", /* DixInstallAccess */
+ "", /* DixUninstallAccess */
+ "send", /* DixSendAccess */
+ "receive", /* DixReceiveAccess */
+ NULL }},
+ { "x_synthetic_event",
+ { "", /* DixReadAccess */
+ "", /* DixWriteAccess */
+ "", /* DixDestroyAccess */
+ "", /* DixCreateAccess */
+ "", /* DixGetAttrAccess */
+ "", /* DixSetAttrAccess */
+ "", /* DixListPropAccess */
+ "", /* DixGetPropAccess */
+ "", /* DixSetPropAccess */
+ "", /* DixGetFocusAccess */
+ "", /* DixSetFocusAccess */
+ "", /* DixListAccess */
+ "", /* DixAddAccess */
+ "", /* DixRemoveAccess */
+ "", /* DixHideAccess */
+ "", /* DixShowAccess */
+ "", /* DixBlendAccess */
+ "", /* DixGrabAccess */
+ "", /* DixFreezeAccess */
+ "", /* DixForceAccess */
+ "", /* DixInstallAccess */
+ "", /* DixUninstallAccess */
+ "send", /* DixSendAccess */
+ "receive", /* DixReceiveAccess */
+ NULL }},
+ { "x_resource",
+ { "read", /* DixReadAccess */
+ "write", /* DixWriteAccess */
+ "write", /* DixDestroyAccess */
+ "write", /* DixCreateAccess */
+ "read", /* DixGetAttrAccess */
+ "write", /* DixSetAttrAccess */
+ "read", /* DixListPropAccess */
+ "read", /* DixGetPropAccess */
+ "write", /* DixSetPropAccess */
+ "read", /* DixGetFocusAccess */
+ "write", /* DixSetFocusAccess */
+ "read", /* DixListAccess */
+ "write", /* DixAddAccess */
+ "write", /* DixRemoveAccess */
+ "write", /* DixHideAccess */
+ "read", /* DixShowAccess */
+ "read", /* DixBlendAccess */
+ "write", /* DixGrabAccess */
+ "write", /* DixFreezeAccess */
+ "write", /* DixForceAccess */
+ "write", /* DixInstallAccess */
+ "write", /* DixUninstallAccess */
+ "write", /* DixSendAccess */
+ "read", /* DixReceiveAccess */
+ "read", /* DixUseAccess */
+ "write", /* DixManageAccess */
+ "read", /* DixDebugAccess */
+ "write", /* DixBellAccess */
+ NULL }},
+ { NULL }
+};
+
+/* x_resource "read" bits from the list above */
+#define SELinuxReadMask (DixReadAccess|DixGetAttrAccess|DixListPropAccess| \
+ DixGetPropAccess|DixGetFocusAccess|DixListAccess| \
+ DixShowAccess|DixBlendAccess|DixReceiveAccess| \
+ DixUseAccess|DixDebugAccess)
+
+#endif /* _XSELINUX_NEED_FLASK_MAP */
+#endif /* _XSELINUXINT_H */
More information about the xorg-commit
mailing list