[RFC PATCH] XACE: support for property polyinstantiation

[Eamon Walsh]

Eamon Walsh wrote:
> Early adopters of the SELinux controls for X have requested support for 
> polyinstantiation of window properties.  The following patch is the 
> implementation I have come up with for XACE.
>
> The patch supports having more than one property with the same name in 
> the list of properties for each window.  A new lookup function 
> dixLookupProperty() traverses the list normally to find the first match, 
> but afterwards calls into XACE which can give back the "real" property 
> structure to use.
>
> If XACE is not enabled, this patch has no impact except for the lookup 
> API and the delete operation, which must traverse the list of properties 
> twice: once to look up the list element and once to find the previous 
> one.  A possible tradeoff could be to make the list doubly-linked, in 
> which case only one traversal would be needed, but this would change the 
> PropertyRec structure.
>
> I've run the xtest scenarios for the property protocol requests and they 
> all pass.  I need to do the polyinstantiation bits to test that part out 
> though, so this will be here to soak for a while.
>
> Comments?
>   

OK, the scope of this has expanded to include polyinstantiation for 
selections as well.  The mechanism will be the same: more than one 
instance allowed in the list of selections; lookup function used for all 
accesses; calls into XACE which can return the "real" selection 
structure to use; optimized away when XACE not built.  I've factored the 
selection code out of dispatch.c into a new file dix/selection.c for 
better organization.  Will post the patch in a little bit.

This supersedes the older redirection work I did on selections, 
referenced below, which will be backed out.
http://lists.freedesktop.org/archives/xorg/2007-March/022720.html

-- 
Eamon Walsh <ewalsh at tycho.nsa.gov>
National Security Agency