aboutsummaryrefslogtreecommitdiff
path: root/xorg-server/Xext/xselinux.c
diff options
context:
space:
mode:
authormarha <marha@users.sourceforge.net>2009-09-09 05:23:48 +0000
committermarha <marha@users.sourceforge.net>2009-09-09 05:23:48 +0000
commit81f91c615982e50bb62708201569c33a3cd3d973 (patch)
tree4f32ecc48a3b7b5e76642f3792338263c53879bd /xorg-server/Xext/xselinux.c
parentb571a562410f565af2bdde52d9f7f9a23ffae04f (diff)
parenta915739887477b28d924ecc8417ee107d125bd6c (diff)
downloadvcxsrv-81f91c615982e50bb62708201569c33a3cd3d973.tar.gz
vcxsrv-81f91c615982e50bb62708201569c33a3cd3d973.tar.bz2
vcxsrv-81f91c615982e50bb62708201569c33a3cd3d973.zip
svn merge https://vcxsrv.svn.sourceforge.net/svnroot/vcxsrv/branches/released .
Diffstat (limited to 'xorg-server/Xext/xselinux.c')
-rw-r--r--xorg-server/Xext/xselinux.c60
1 files changed, 14 insertions, 46 deletions
diff --git a/xorg-server/Xext/xselinux.c b/xorg-server/Xext/xselinux.c
index 3124eb9b7..b9b16b6ce 100644
--- a/xorg-server/Xext/xselinux.c
+++ b/xorg-server/Xext/xselinux.c
@@ -1,6 +1,6 @@
/************************************************************
-Author: Eamon Walsh <ewalsh@epoch.ncsc.mil>
+Author: Eamon Walsh <ewalsh@tycho.nsa.gov>
Permission to use, copy, modify, distribute, and sell this software and its
documentation for any purpose is hereby granted without fee, provided that
@@ -49,10 +49,8 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#include "scrnintstr.h"
#include "selection.h"
#include "xacestr.h"
+#define _XSELINUX_NEED_FLASK
#include "xselinux.h"
-#define XSERV_t
-#define TRANS_SERVER
-#include <X11/Xtrans/Xtrans.h>
#include "../os/osdep.h"
#include "modinit.h"
@@ -136,32 +134,6 @@ static unsigned numKnownEvents;
static SELinuxAtomRec *knownAtoms;
static unsigned numKnownAtoms;
-/* dynamically allocated security classes and permissions */
-static struct security_class_mapping map[] = {
- { "x_drawable", { "read", "write", "destroy", "create", "getattr", "setattr", "list_property", "get_property", "set_property", "", "", "list_child", "add_child", "remove_child", "hide", "show", "blend", "override", "", "", "", "", "send", "receive", "", "manage", NULL }},
- { "x_screen", { "", "", "", "", "getattr", "setattr", "saver_getattr", "saver_setattr", "", "", "", "", "", "", "hide_cursor", "show_cursor", "saver_hide", "saver_show", NULL }},
- { "x_gc", { "", "", "destroy", "create", "getattr", "setattr", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "use", NULL }},
- { "x_font", { "", "", "destroy", "create", "getattr", "", "", "", "", "", "", "", "add_glyph", "remove_glyph", "", "", "", "", "", "", "", "", "", "", "use", NULL }},
- { "x_colormap", { "read", "write", "destroy", "create", "getattr", "", "", "", "", "", "", "", "add_color", "remove_color", "", "", "", "", "", "", "install", "uninstall", "", "", "use", NULL }},
- { "x_property", { "read", "write", "destroy", "create", "getattr", "setattr", "", "", "", "", "", "", "", "", "", "", "write", NULL }},
- { "x_selection", { "read", "", "", "setattr", "getattr", "setattr", NULL }},
- { "x_cursor", { "read", "write", "destroy", "create", "getattr", "setattr", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "use", NULL }},
- { "x_client", { "", "", "destroy", "", "getattr", "setattr", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "manage", NULL }},
- { "x_device", { "read", "write", "", "", "getattr", "setattr", "", "", "", "getfocus", "setfocus", "", "", "", "", "", "", "grab", "freeze", "force_cursor", "", "", "", "", "use", "manage", "", "bell", NULL }},
- { "x_server", { "record", "", "", "", "getattr", "setattr", "", "", "", "", "", "", "", "", "", "", "", "grab", "", "", "", "", "", "", "", "manage", "debug", NULL }},
- { "x_extension", { "", "", "", "", "query", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "use", NULL }},
- { "x_event", { "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "send", "receive", NULL }},
- { "x_synthetic_event", { "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "send", "receive", NULL }},
- { "x_resource", { "read", "write", "write", "write", "read", "write", "read", "read", "write", "read", "write", "read", "write", "write", "write", "read", "read", "write", "write", "write", "write", "write", "write", "read", "read", "write", "read", "write", NULL }},
- { NULL }
-};
-
-/* x_resource "read" bits from the list above */
-#define SELinuxReadMask (DixReadAccess|DixGetAttrAccess|DixListPropAccess| \
- DixGetPropAccess|DixGetFocusAccess|DixListAccess| \
- DixShowAccess|DixBlendAccess|DixReceiveAccess| \
- DixUseAccess|DixDebugAccess)
-
/* forward declarations */
static void SELinuxScreen(CallbackListPtr *, pointer, pointer);
@@ -460,8 +432,7 @@ SELinuxDoCheck(SELinuxSubjectRec *subj, SELinuxObjectRec *obj,
static void
SELinuxLabelClient(ClientPtr client)
{
- XtransConnInfo ci = ((OsCommPtr)client->osPrivate)->trans_conn;
- int fd = _XSERVTransGetConnectionNumber(ci);
+ int fd = XaceGetConnectionNumber(client);
SELinuxSubjectRec *subj;
SELinuxObjectRec *obj;
security_context_t ctx;
@@ -479,7 +450,7 @@ SELinuxLabelClient(ClientPtr client)
}
/* For local clients, try and determine the executable name */
- if (_XSERVTransIsLocal(ci)) {
+ if (XaceIsLocal(client)) {
struct ucred creds;
socklen_t len = sizeof(creds);
char path[PATH_MAX + 1];
@@ -613,7 +584,8 @@ SELinuxAudit(void *auditdata,
{
SELinuxAuditRec *audit = auditdata;
ClientPtr client = audit->client;
- char idNum[16], *propertyName, *selectionName;
+ char idNum[16];
+ const char *propertyName, *selectionName;
int major = -1, minor = -1;
if (client) {
@@ -941,6 +913,10 @@ SELinuxProperty(CallbackListPtr *pcbl, pointer unused, pointer calldata)
security_id_t tsid;
int rc;
+ /* Don't care about the new content check */
+ if (rec->access_mode & DixPostAccess)
+ return;
+
subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey);
obj = dixLookupPrivate(&pProp->devPrivates, objectKey);
@@ -1307,7 +1283,7 @@ SELinuxSendContextReply(ClientPtr client, security_id_t sid)
}
rep.type = X_Reply;
- rep.length = (len + 3) >> 2;
+ rep.length = bytes_to_int32(len);
rep.sequenceNumber = client->sequence;
rep.context_len = len;
@@ -1342,14 +1318,6 @@ ProcSELinuxSetCreateContext(ClientPtr client, unsigned offset)
return BadAlloc;
}
- if (offset == CTX_DEV) {
- /* Device create context currently requires manage permission */
- rc = XaceHook(XACE_SERVER_ACCESS, client, DixManageAccess);
- if (rc != Success)
- goto out;
- privPtr = &serverClient->devPrivates;
- }
-
ptr = dixLookupPrivate(privPtr, subjectKey);
pSid = (security_id_t *)(ptr + offset);
sidput(*pSid);
@@ -1361,7 +1329,7 @@ ProcSELinuxSetCreateContext(ClientPtr client, unsigned offset)
avc_context_to_sid_raw(ctx, pSid) < 0)
rc = BadValue;
}
-out:
+
xfree(ctx);
return rc;
}
@@ -1534,8 +1502,8 @@ SELinuxPopulateItem(SELinuxListItemRec *i, PrivateRec **privPtr, CARD32 id,
return BadValue;
i->id = id;
- i->octx_len = (strlen(i->octx) + 4) >> 2;
- i->dctx_len = (strlen(i->dctx) + 4) >> 2;
+ i->octx_len = bytes_to_int32(strlen(i->octx) + 1);
+ i->dctx_len = bytes_to_int32(strlen(i->dctx) + 1);
*size += i->octx_len + i->dctx_len + 3;
return Success;