[PATCH xserver 2/4] xace: Remove the audit hooks and tune dispatch

[Adam Jackson]

There are no in-tree consumers of the audit hooks, and they are in any
case redundant with the dtrace dispatch hooks. Neither is there any
in-tree user of the core request dispatch hook. The extension hook is
only used for non-default security cases, but in the absence of LTO we
always have to take the function call into XaceHookDispatch to find out
that there's no callback registered.

Cc: Eamon Walsh <ewalsh at tycho.nsa.gov>
Signed-off-by: Adam Jackson <ajax at redhat.com>
---
 Xext/xace.c    | 35 ++++++++---------------------------
 Xext/xace.h    | 12 ++++++------
 dix/dispatch.c |  1 -
 3 files changed, 14 insertions(+), 34 deletions(-)

diff --git a/Xext/xace.c b/Xext/xace.c
index fcb38db..91c74d5 100644
--- a/Xext/xace.c
+++ b/Xext/xace.c
@@ -33,28 +33,17 @@ _X_EXPORT CallbackListPtr XaceHooks[XACE_NUM_HOOKS] = { 0 };
 
 /* Special-cased hook functions.  Called by Xserver.
  */
+#undef XaceHookDispatch
 int
 XaceHookDispatch(ClientPtr client, int major)
 {
-    /* Call the audit begin callback, there is no return value. */
-    XaceAuditRec rec = { client, 0 };
-    CallCallbacks(&XaceHooks[XACE_AUDIT_BEGIN], &rec);
-
-    if (major < 128) {
-        /* Call the core dispatch hook */
-        XaceCoreDispatchRec drec = { client, Success /* default allow */  };
-        CallCallbacks(&XaceHooks[XACE_CORE_DISPATCH], &drec);
-        return drec.status;
-    }
-    else {
-        /* Call the extension dispatch hook */
-        ExtensionEntry *ext = GetExtensionEntry(major);
-        XaceExtAccessRec erec = { client, ext, DixUseAccess, Success };
-        if (ext)
-            CallCallbacks(&XaceHooks[XACE_EXT_DISPATCH], &erec);
-        /* On error, pretend extension doesn't exist */
-        return (erec.status == Success) ? Success : BadRequest;
-    }
+    /* Call the extension dispatch hook */
+    ExtensionEntry *ext = GetExtensionEntry(major);
+    XaceExtAccessRec erec = { client, ext, DixUseAccess, Success };
+    if (ext)
+        CallCallbacks(&XaceHooks[XACE_EXT_DISPATCH], &erec);
+    /* On error, pretend extension doesn't exist */
+    return (erec.status == Success) ? Success : BadRequest;
 }
 
 int
@@ -74,14 +63,6 @@ XaceHookSelectionAccess(ClientPtr client, Selection ** ppSel, Mask access_mode)
     return rec.status;
 }
 
-void
-XaceHookAuditEnd(ClientPtr ptr, int result)
-{
-    XaceAuditRec rec = { ptr, result };
-    /* call callbacks, there is no return value. */
-    CallCallbacks(&XaceHooks[XACE_AUDIT_END], &rec);
-}
-
 /* Entry point for hook functions.  Called by Xserver.
  */
 int
diff --git a/Xext/xace.h b/Xext/xace.h
index 6a8d0c4..8c87232 100644
--- a/Xext/xace.h
+++ b/Xext/xace.h
@@ -52,9 +52,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #define XACE_SCREENSAVER_ACCESS		12
 #define XACE_AUTH_AVAIL			13
 #define XACE_KEY_AVAIL			14
-#define XACE_AUDIT_BEGIN		15
-#define XACE_AUDIT_END			16
-#define XACE_NUM_HOOKS			17
+#define XACE_NUM_HOOKS			15
 
 extern _X_EXPORT CallbackListPtr XaceHooks[XACE_NUM_HOOKS];
 
@@ -71,12 +69,16 @@ extern _X_EXPORT int XaceHookIsSet(int hook);
 /* Special-cased hook functions
  */
 extern _X_EXPORT int XaceHookDispatch(ClientPtr ptr, int major);
+#define XaceHookDispatch(c, m) \
+    ((XaceHooks[XACE_EXT_DISPATCH] && (m) >= EXTENSION_BASE) ? \
+    XaceHookDispatch((c), (m)) : \
+    Success)
+
 extern _X_EXPORT int XaceHookPropertyAccess(ClientPtr ptr, WindowPtr pWin,
                                             PropertyPtr *ppProp,
                                             Mask access_mode);
 extern _X_EXPORT int XaceHookSelectionAccess(ClientPtr ptr, Selection ** ppSel,
                                              Mask access_mode);
-extern _X_EXPORT void XaceHookAuditEnd(ClientPtr ptr, int result);
 
 /* Register a callback for a given hook.
  */
@@ -116,7 +118,6 @@ extern _X_EXPORT void XaceCensorImage(ClientPtr client,
 #define XaceHookDispatch(args...) Success
 #define XaceHookPropertyAccess(args...) Success
 #define XaceHookSelectionAccess(args...) Success
-#define XaceHookAuditEnd(args...) { ; }
 #define XaceCensorImage(args...) { ; }
 #else
 #define XaceHook(...) Success
@@ -124,7 +125,6 @@ extern _X_EXPORT void XaceCensorImage(ClientPtr client,
 #define XaceHookDispatch(...) Success
 #define XaceHookPropertyAccess(...) Success
 #define XaceHookSelectionAccess(...) Success
-#define XaceHookAuditEnd(...) { ; }
 #define XaceCensorImage(...) { ; }
 #endif
 
diff --git a/dix/dispatch.c b/dix/dispatch.c
index 26122c1..86124c6 100644
--- a/dix/dispatch.c
+++ b/dix/dispatch.c
@@ -426,7 +426,6 @@ Dispatch(void)
                     if (result == Success)
                         result =
                             (*client->requestVector[client->majorOp]) (client);
-                    XaceHookAuditEnd(client, result);
                 }
                 if (!SmartScheduleSignalEnable)
                     SmartScheduleTime = GetTimeInMillis();
-- 
2.7.4