[PATCH v2 3/5] Xext: Enable client ID tracking in extensions (SELinux).

Vignatti Tiago (Nokia-MS/Helsinki) tiago.vignatti at nokia.com
Tue Sep 14 10:36:32 PDT 2010 

On Fri, Sep 10, 2010 at 06:58:40PM +0200, ext Rami Ylimäki wrote:
> Make SELinux use the public interface for querying client command
> string. SELinux could be optimized further by removing its own copy of
> the command string. However, that optimization has been left out for
> simplicity.

do we want to make SELinux depend on client tracking infrastructure? Seems
that we're going to be tying more the stuff.

 
> Signed-off-by: Rami Ylimäki <rami.ylimaki at vincit.fi>
> ---
>  Xext/xselinux_hooks.c |   37 ++++++++-----------------------------
>  1 files changed, 8 insertions(+), 29 deletions(-)
> 
> diff --git a/Xext/xselinux_hooks.c b/Xext/xselinux_hooks.c
> index 560e1e9..baca533 100644
> --- a/Xext/xselinux_hooks.c
> +++ b/Xext/xselinux_hooks.c
> @@ -33,6 +33,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
>  #include <libaudit.h>
>  
>  #include <X11/Xatom.h>
> +#include "client.h"
>  #include "selection.h"
>  #include "inputstr.h"
>  #include "scrnintstr.h"
> @@ -129,26 +130,12 @@ SELinuxLabelClient(ClientPtr client)
>  
>      /* For local clients, try and determine the executable name */
>      if (XaceIsLocal(client)) {
> -	struct ucred creds;
> -	socklen_t len = sizeof(creds);
> -	char path[PATH_MAX + 1];
> -	size_t bytes;
> +	const char *cmd = GetClientCmd(client);
>  
> -	memset(&creds, 0, sizeof(creds));
> -	if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &creds, &len) < 0)
> +	if (!cmd)
>  	    goto finish;
>  
> -	snprintf(path, PATH_MAX + 1, "/proc/%d/cmdline", creds.pid);
> -	fd = open(path, O_RDONLY);
> -	if (fd < 0)
> -	    goto finish;
> -
> -	bytes = read(fd, path, PATH_MAX + 1);
> -	close(fd);
> -	if (bytes <= 0)
> -	    goto finish;
> -
> -	strncpy(subj->command, path, COMMAND_LEN - 1);
> +	strncpy(subj->command, cmd, COMMAND_LEN - 1);
>      }
>  
>  finish:
> @@ -741,16 +728,8 @@ SELinuxServer(CallbackListPtr *pcbl, pointer unused, pointer calldata)
>  static void
>  SELinuxClientState(CallbackListPtr *pcbl, pointer unused, pointer calldata)
>  {
> -    NewClientInfoRec *pci = calldata;
> -
> -    switch (pci->client->clientState) {
> -    case ClientStateInitial:
> -	SELinuxLabelClient(pci->client);
> -	break;
> -
> -    default:
> -	break;
> -    }
> +    ClientPtr client = calldata;
> +    SELinuxLabelClient(client);
>  }
>  
>  static void
> @@ -819,7 +798,7 @@ void
>  SELinuxFlaskReset(void)
>  {
>      /* Unregister callbacks */
> -    DeleteCallback(&ClientStateCallback, SELinuxClientState, NULL);
> +    DeleteCallback(GetClientIdsReservedCbs(), SELinuxClientState, NULL);
>      DeleteCallback(&ResourceStateCallback, SELinuxResourceState, NULL);
>  
>      XaceDeleteCallback(XACE_EXT_DISPATCH, SELinuxExtension, NULL);
> @@ -912,7 +891,7 @@ SELinuxFlaskInit(void)
>                                     NULL);
>  
>      /* Register callbacks */
> -    ret &= AddCallback(&ClientStateCallback, SELinuxClientState, NULL);
> +    ret &= AddCallback(GetClientIdsReservedCbs(), SELinuxClientState, NULL);
>      ret &= AddCallback(&ResourceStateCallback, SELinuxResourceState, NULL);
>  
>      ret &= XaceRegisterCallback(XACE_EXT_DISPATCH, SELinuxExtension, NULL);
> -- 
> 1.6.3.3
> 
             Tiago

More information about the xorg-devel mailing list