[PATCH v2 3/5] Xext: Enable client ID tracking in extensions (SELinux).

Rami Ylimäki rami.ylimaki at vincit.fi
Fri Sep 10 09:58:40 PDT 2010


Make SELinux use the public interface for querying client command
string. SELinux could be optimized further by removing its own copy of
the command string. However, that optimization has been left out for
simplicity.

Signed-off-by: Rami Ylimäki <rami.ylimaki at vincit.fi>
---
 Xext/xselinux_hooks.c |   37 ++++++++-----------------------------
 1 files changed, 8 insertions(+), 29 deletions(-)

diff --git a/Xext/xselinux_hooks.c b/Xext/xselinux_hooks.c
index 560e1e9..baca533 100644
--- a/Xext/xselinux_hooks.c
+++ b/Xext/xselinux_hooks.c
@@ -33,6 +33,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #include <libaudit.h>
 
 #include <X11/Xatom.h>
+#include "client.h"
 #include "selection.h"
 #include "inputstr.h"
 #include "scrnintstr.h"
@@ -129,26 +130,12 @@ SELinuxLabelClient(ClientPtr client)
 
     /* For local clients, try and determine the executable name */
     if (XaceIsLocal(client)) {
-	struct ucred creds;
-	socklen_t len = sizeof(creds);
-	char path[PATH_MAX + 1];
-	size_t bytes;
+	const char *cmd = GetClientCmd(client);
 
-	memset(&creds, 0, sizeof(creds));
-	if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &creds, &len) < 0)
+	if (!cmd)
 	    goto finish;
 
-	snprintf(path, PATH_MAX + 1, "/proc/%d/cmdline", creds.pid);
-	fd = open(path, O_RDONLY);
-	if (fd < 0)
-	    goto finish;
-
-	bytes = read(fd, path, PATH_MAX + 1);
-	close(fd);
-	if (bytes <= 0)
-	    goto finish;
-
-	strncpy(subj->command, path, COMMAND_LEN - 1);
+	strncpy(subj->command, cmd, COMMAND_LEN - 1);
     }
 
 finish:
@@ -741,16 +728,8 @@ SELinuxServer(CallbackListPtr *pcbl, pointer unused, pointer calldata)
 static void
 SELinuxClientState(CallbackListPtr *pcbl, pointer unused, pointer calldata)
 {
-    NewClientInfoRec *pci = calldata;
-
-    switch (pci->client->clientState) {
-    case ClientStateInitial:
-	SELinuxLabelClient(pci->client);
-	break;
-
-    default:
-	break;
-    }
+    ClientPtr client = calldata;
+    SELinuxLabelClient(client);
 }
 
 static void
@@ -819,7 +798,7 @@ void
 SELinuxFlaskReset(void)
 {
     /* Unregister callbacks */
-    DeleteCallback(&ClientStateCallback, SELinuxClientState, NULL);
+    DeleteCallback(GetClientIdsReservedCbs(), SELinuxClientState, NULL);
     DeleteCallback(&ResourceStateCallback, SELinuxResourceState, NULL);
 
     XaceDeleteCallback(XACE_EXT_DISPATCH, SELinuxExtension, NULL);
@@ -912,7 +891,7 @@ SELinuxFlaskInit(void)
                                    NULL);
 
     /* Register callbacks */
-    ret &= AddCallback(&ClientStateCallback, SELinuxClientState, NULL);
+    ret &= AddCallback(GetClientIdsReservedCbs(), SELinuxClientState, NULL);
     ret &= AddCallback(&ResourceStateCallback, SELinuxResourceState, NULL);
 
     ret &= XaceRegisterCallback(XACE_EXT_DISPATCH, SELinuxExtension, NULL);
-- 
1.6.3.3



More information about the xorg-devel mailing list