diff options
author | marha <marha@users.sourceforge.net> | 2012-03-26 14:23:28 +0200 |
---|---|---|
committer | marha <marha@users.sourceforge.net> | 2012-03-26 14:23:28 +0200 |
commit | 76bcc36ed305418a3ddc5752d287ede894243e1b (patch) | |
tree | bacb320c825768471ce56f058f17ce863d592376 /xorg-server/Xext/xselinuxint.h | |
parent | 7d894e32566b710952c44cbc71939ad1d9e2fa8d (diff) | |
parent | 0f834b91a4768673833ab4917e87d86c237bb1a6 (diff) | |
download | vcxsrv-76bcc36ed305418a3ddc5752d287ede894243e1b.tar.gz vcxsrv-76bcc36ed305418a3ddc5752d287ede894243e1b.tar.bz2 vcxsrv-76bcc36ed305418a3ddc5752d287ede894243e1b.zip |
Merge remote-tracking branch 'origin/released'
Conflicts:
pixman/pixman/pixman-mmx.c
xorg-server/Xext/shm.c
xorg-server/Xext/syncsrv.h
xorg-server/Xext/xvmain.c
xorg-server/Xi/exevents.c
xorg-server/Xi/opendev.c
xorg-server/composite/compalloc.c
xorg-server/composite/compoverlay.c
xorg-server/dix/colormap.c
xorg-server/dix/devices.c
xorg-server/dix/dispatch.c
xorg-server/dix/dixfonts.c
xorg-server/dix/eventconvert.c
xorg-server/dix/events.c
xorg-server/dix/gc.c
xorg-server/dix/getevents.c
xorg-server/dix/main.c
xorg-server/dix/privates.c
xorg-server/dix/registry.c
xorg-server/dix/resource.c
xorg-server/exa/exa_accel.c
xorg-server/exa/exa_migration_classic.c
xorg-server/exa/exa_unaccel.c
xorg-server/fb/fb.h
xorg-server/fb/fbcopy.c
xorg-server/fb/fbpixmap.c
xorg-server/glx/dispatch.h
xorg-server/glx/glapi.h
xorg-server/glx/glapi_gentable.c
xorg-server/glx/glapitable.h
xorg-server/glx/glprocs.h
xorg-server/glx/glxcmds.c
xorg-server/glx/glxcmdsswap.c
xorg-server/glx/glxdricommon.c
xorg-server/glx/glxdriswrast.c
xorg-server/glx/glxext.c
xorg-server/glx/indirect_dispatch.c
xorg-server/glx/indirect_dispatch.h
xorg-server/glx/indirect_dispatch_swap.c
xorg-server/glx/indirect_size.h
xorg-server/glx/indirect_size_get.h
xorg-server/glx/indirect_table.c
xorg-server/glx/indirect_util.c
xorg-server/glx/rensize.c
xorg-server/glx/single2swap.c
xorg-server/glx/singlepix.c
xorg-server/glx/singlepixswap.c
xorg-server/glx/singlesize.c
xorg-server/hw/dmx/dmxinit.c
xorg-server/hw/kdrive/ephyr/ephyr.c
xorg-server/hw/kdrive/ephyr/hostx.c
xorg-server/hw/kdrive/ephyr/hostx.h
xorg-server/hw/kdrive/src/kinput.c
xorg-server/hw/xfree86/common/compiler.h
xorg-server/hw/xwin/InitInput.c
xorg-server/hw/xwin/InitOutput.c
xorg-server/hw/xwin/ddraw.h
xorg-server/hw/xwin/glx/glwrap.c
xorg-server/hw/xwin/glx/indirect.c
xorg-server/hw/xwin/glx/wgl_ext_api.h
xorg-server/hw/xwin/glx/winpriv.c
xorg-server/hw/xwin/win.h
xorg-server/hw/xwin/winallpriv.c
xorg-server/hw/xwin/winauth.c
xorg-server/hw/xwin/winclipboard.h
xorg-server/hw/xwin/winclipboardinit.c
xorg-server/hw/xwin/winclipboardthread.c
xorg-server/hw/xwin/winclipboardunicode.c
xorg-server/hw/xwin/winclipboardwndproc.c
xorg-server/hw/xwin/winclipboardwrappers.c
xorg-server/hw/xwin/winclipboardxevents.c
xorg-server/hw/xwin/wincmap.c
xorg-server/hw/xwin/winconfig.c
xorg-server/hw/xwin/wincreatewnd.c
xorg-server/hw/xwin/wincursor.c
xorg-server/hw/xwin/windialogs.c
xorg-server/hw/xwin/winengine.c
xorg-server/hw/xwin/winerror.c
xorg-server/hw/xwin/wingc.c
xorg-server/hw/xwin/wingetsp.c
xorg-server/hw/xwin/winkeybd.c
xorg-server/hw/xwin/winkeybd.h
xorg-server/hw/xwin/winlayouts.h
xorg-server/hw/xwin/winmisc.c
xorg-server/hw/xwin/winmonitors.c
xorg-server/hw/xwin/winmouse.c
xorg-server/hw/xwin/winmsg.c
xorg-server/hw/xwin/winmsg.h
xorg-server/hw/xwin/winmultiwindowclass.c
xorg-server/hw/xwin/winmultiwindowicons.c
xorg-server/hw/xwin/winmultiwindowshape.c
xorg-server/hw/xwin/winmultiwindowwindow.c
xorg-server/hw/xwin/winmultiwindowwm.c
xorg-server/hw/xwin/winmultiwindowwndproc.c
xorg-server/hw/xwin/winnativegdi.c
xorg-server/hw/xwin/winpfbdd.c
xorg-server/hw/xwin/winpixmap.c
xorg-server/hw/xwin/winpolyline.c
xorg-server/hw/xwin/winprefs.c
xorg-server/hw/xwin/winprocarg.c
xorg-server/hw/xwin/winregistry.c
xorg-server/hw/xwin/winscrinit.c
xorg-server/hw/xwin/winsetsp.c
xorg-server/hw/xwin/winshaddd.c
xorg-server/hw/xwin/winshadddnl.c
xorg-server/hw/xwin/winshadgdi.c
xorg-server/hw/xwin/wintrayicon.c
xorg-server/hw/xwin/winwin32rootless.c
xorg-server/hw/xwin/winwin32rootlesswindow.c
xorg-server/hw/xwin/winwin32rootlesswndproc.c
xorg-server/hw/xwin/winwindow.c
xorg-server/hw/xwin/winwindow.h
xorg-server/hw/xwin/winwindowswm.c
xorg-server/hw/xwin/winwndproc.c
xorg-server/include/callback.h
xorg-server/include/dixstruct.h
xorg-server/include/misc.h
xorg-server/include/os.h
xorg-server/include/scrnintstr.h
xorg-server/mi/micmap.c
xorg-server/mi/miinitext.c
xorg-server/mi/mioverlay.c
xorg-server/mi/misprite.c
xorg-server/mi/mivaltree.c
xorg-server/mi/miwindow.c
xorg-server/miext/damage/damage.c
xorg-server/miext/rootless/rootlessGC.c
xorg-server/miext/rootless/rootlessWindow.c
xorg-server/os/WaitFor.c
xorg-server/os/access.c
xorg-server/os/connection.c
xorg-server/os/io.c
xorg-server/os/log.c
xorg-server/os/osinit.c
xorg-server/os/utils.c
xorg-server/os/xdmcp.c
xorg-server/os/xprintf.c
xorg-server/os/xstrans.c
xorg-server/render/mipict.c
xorg-server/xkb/xkbActions.c
xorg-server/xkb/xkbInit.c
xorg-server/xkeyboard-config/compat/default.in
Diffstat (limited to 'xorg-server/Xext/xselinuxint.h')
-rw-r--r-- | xorg-server/Xext/xselinuxint.h | 1125 |
1 files changed, 564 insertions, 561 deletions
diff --git a/xorg-server/Xext/xselinuxint.h b/xorg-server/Xext/xselinuxint.h index fb1d7f4c7..57f8b7305 100644 --- a/xorg-server/Xext/xselinuxint.h +++ b/xorg-server/Xext/xselinuxint.h @@ -1,561 +1,564 @@ -/************************************************************
-
-Author: Eamon Walsh <ewalsh@tycho.nsa.gov>
-
-Permission to use, copy, modify, distribute, and sell this software and its
-documentation for any purpose is hereby granted without fee, provided that
-this permission notice appear in supporting documentation. This permission
-notice shall be included in all copies or substantial portions of the
-Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
-AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-********************************************************/
-
-#ifndef _XSELINUXINT_H
-#define _XSELINUXINT_H
-
-#include <selinux/selinux.h>
-#include <selinux/avc.h>
-
-#include "globals.h"
-#include "dixaccess.h"
-#include "dixstruct.h"
-#include "privates.h"
-#include "resource.h"
-#include "registry.h"
-#include "inputstr.h"
-#include "xselinux.h"
-
-/*
- * Types
- */
-
-#define COMMAND_LEN 64
-
-/* subject state (clients and devices only) */
-typedef struct {
- security_id_t sid;
- security_id_t dev_create_sid;
- security_id_t win_create_sid;
- security_id_t sel_create_sid;
- security_id_t prp_create_sid;
- security_id_t sel_use_sid;
- security_id_t prp_use_sid;
- struct avc_entry_ref aeref;
- char command[COMMAND_LEN];
- int privileged;
-} SELinuxSubjectRec;
-
-/* object state */
-typedef struct {
- security_id_t sid;
- int poly;
-} SELinuxObjectRec;
-
-/*
- * Globals
- */
-
-extern DevPrivateKeyRec subjectKeyRec;
-#define subjectKey (&subjectKeyRec)
-extern DevPrivateKeyRec objectKeyRec;
-#define objectKey (&objectKeyRec)
-extern DevPrivateKeyRec dataKeyRec;
-#define dataKey (&dataKeyRec)
-
-/*
- * Label functions
- */
-
-int
-SELinuxAtomToSID(Atom atom, int prop, SELinuxObjectRec **obj_rtn);
-
-int
-SELinuxSelectionToSID(Atom selection, SELinuxSubjectRec *subj,
- security_id_t *sid_rtn, int *poly_rtn);
-
-int
-SELinuxPropertyToSID(Atom property, SELinuxSubjectRec *subj,
- security_id_t *sid_rtn, int *poly_rtn);
-
-int
-SELinuxEventToSID(unsigned type, security_id_t sid_of_window,
- SELinuxObjectRec *sid_return);
-
-int
-SELinuxExtensionToSID(const char *name, security_id_t *sid_rtn);
-
-security_class_t
-SELinuxTypeToClass(RESTYPE type);
-
-security_context_t
-SELinuxDefaultClientLabel(void);
-
-void
-SELinuxLabelInit(void);
-
-void
-SELinuxLabelReset(void);
-
-/*
- * Security module functions
- */
-
-void
-SELinuxFlaskInit(void);
-
-void
-SELinuxFlaskReset(void);
-
-
-/*
- * Private Flask definitions
- */
-
-/* Security class constants */
-#define SECCLASS_X_DRAWABLE 1
-#define SECCLASS_X_SCREEN 2
-#define SECCLASS_X_GC 3
-#define SECCLASS_X_FONT 4
-#define SECCLASS_X_COLORMAP 5
-#define SECCLASS_X_PROPERTY 6
-#define SECCLASS_X_SELECTION 7
-#define SECCLASS_X_CURSOR 8
-#define SECCLASS_X_CLIENT 9
-#define SECCLASS_X_POINTER 10
-#define SECCLASS_X_KEYBOARD 11
-#define SECCLASS_X_SERVER 12
-#define SECCLASS_X_EXTENSION 13
-#define SECCLASS_X_EVENT 14
-#define SECCLASS_X_FAKEEVENT 15
-#define SECCLASS_X_RESOURCE 16
-
-#ifdef _XSELINUX_NEED_FLASK_MAP
-/* Mapping from DixAccess bits to Flask permissions */
-static struct security_class_mapping map[] = {
- { "x_drawable",
- { "read", /* DixReadAccess */
- "write", /* DixWriteAccess */
- "destroy", /* DixDestroyAccess */
- "create", /* DixCreateAccess */
- "getattr", /* DixGetAttrAccess */
- "setattr", /* DixSetAttrAccess */
- "list_property", /* DixListPropAccess */
- "get_property", /* DixGetPropAccess */
- "set_property", /* DixSetPropAccess */
- "", /* DixGetFocusAccess */
- "", /* DixSetFocusAccess */
- "list_child", /* DixListAccess */
- "add_child", /* DixAddAccess */
- "remove_child", /* DixRemoveAccess */
- "hide", /* DixHideAccess */
- "show", /* DixShowAccess */
- "blend", /* DixBlendAccess */
- "override", /* DixGrabAccess */
- "", /* DixFreezeAccess */
- "", /* DixForceAccess */
- "", /* DixInstallAccess */
- "", /* DixUninstallAccess */
- "send", /* DixSendAccess */
- "receive", /* DixReceiveAccess */
- "", /* DixUseAccess */
- "manage", /* DixManageAccess */
- NULL }},
- { "x_screen",
- { "", /* DixReadAccess */
- "", /* DixWriteAccess */
- "", /* DixDestroyAccess */
- "", /* DixCreateAccess */
- "getattr", /* DixGetAttrAccess */
- "setattr", /* DixSetAttrAccess */
- "saver_getattr", /* DixListPropAccess */
- "saver_setattr", /* DixGetPropAccess */
- "", /* DixSetPropAccess */
- "", /* DixGetFocusAccess */
- "", /* DixSetFocusAccess */
- "", /* DixListAccess */
- "", /* DixAddAccess */
- "", /* DixRemoveAccess */
- "hide_cursor", /* DixHideAccess */
- "show_cursor", /* DixShowAccess */
- "saver_hide", /* DixBlendAccess */
- "saver_show", /* DixGrabAccess */
- NULL }},
- { "x_gc",
- { "", /* DixReadAccess */
- "", /* DixWriteAccess */
- "destroy", /* DixDestroyAccess */
- "create", /* DixCreateAccess */
- "getattr", /* DixGetAttrAccess */
- "setattr", /* DixSetAttrAccess */
- "", /* DixListPropAccess */
- "", /* DixGetPropAccess */
- "", /* DixSetPropAccess */
- "", /* DixGetFocusAccess */
- "", /* DixSetFocusAccess */
- "", /* DixListAccess */
- "", /* DixAddAccess */
- "", /* DixRemoveAccess */
- "", /* DixHideAccess */
- "", /* DixShowAccess */
- "", /* DixBlendAccess */
- "", /* DixGrabAccess */
- "", /* DixFreezeAccess */
- "", /* DixForceAccess */
- "", /* DixInstallAccess */
- "", /* DixUninstallAccess */
- "", /* DixSendAccess */
- "", /* DixReceiveAccess */
- "use", /* DixUseAccess */
- NULL }},
- { "x_font",
- { "", /* DixReadAccess */
- "", /* DixWriteAccess */
- "destroy", /* DixDestroyAccess */
- "create", /* DixCreateAccess */
- "getattr", /* DixGetAttrAccess */
- "", /* DixSetAttrAccess */
- "", /* DixListPropAccess */
- "", /* DixGetPropAccess */
- "", /* DixSetPropAccess */
- "", /* DixGetFocusAccess */
- "", /* DixSetFocusAccess */
- "", /* DixListAccess */
- "add_glyph", /* DixAddAccess */
- "remove_glyph", /* DixRemoveAccess */
- "", /* DixHideAccess */
- "", /* DixShowAccess */
- "", /* DixBlendAccess */
- "", /* DixGrabAccess */
- "", /* DixFreezeAccess */
- "", /* DixForceAccess */
- "", /* DixInstallAccess */
- "", /* DixUninstallAccess */
- "", /* DixSendAccess */
- "", /* DixReceiveAccess */
- "use", /* DixUseAccess */
- NULL }},
- { "x_colormap",
- { "read", /* DixReadAccess */
- "write", /* DixWriteAccess */
- "destroy", /* DixDestroyAccess */
- "create", /* DixCreateAccess */
- "getattr", /* DixGetAttrAccess */
- "", /* DixSetAttrAccess */
- "", /* DixListPropAccess */
- "", /* DixGetPropAccess */
- "", /* DixSetPropAccess */
- "", /* DixGetFocusAccess */
- "", /* DixSetFocusAccess */
- "", /* DixListAccess */
- "add_color", /* DixAddAccess */
- "remove_color", /* DixRemoveAccess */
- "", /* DixHideAccess */
- "", /* DixShowAccess */
- "", /* DixBlendAccess */
- "", /* DixGrabAccess */
- "", /* DixFreezeAccess */
- "", /* DixForceAccess */
- "install", /* DixInstallAccess */
- "uninstall", /* DixUninstallAccess */
- "", /* DixSendAccess */
- "", /* DixReceiveAccess */
- "use", /* DixUseAccess */
- NULL }},
- { "x_property",
- { "read", /* DixReadAccess */
- "write", /* DixWriteAccess */
- "destroy", /* DixDestroyAccess */
- "create", /* DixCreateAccess */
- "getattr", /* DixGetAttrAccess */
- "setattr", /* DixSetAttrAccess */
- "", /* DixListPropAccess */
- "", /* DixGetPropAccess */
- "", /* DixSetPropAccess */
- "", /* DixGetFocusAccess */
- "", /* DixSetFocusAccess */
- "", /* DixListAccess */
- "", /* DixAddAccess */
- "", /* DixRemoveAccess */
- "", /* DixHideAccess */
- "", /* DixShowAccess */
- "write", /* DixBlendAccess */
- NULL }},
- { "x_selection",
- { "read", /* DixReadAccess */
- "", /* DixWriteAccess */
- "", /* DixDestroyAccess */
- "setattr", /* DixCreateAccess */
- "getattr", /* DixGetAttrAccess */
- "setattr", /* DixSetAttrAccess */
- NULL }},
- { "x_cursor",
- { "read", /* DixReadAccess */
- "write", /* DixWriteAccess */
- "destroy", /* DixDestroyAccess */
- "create", /* DixCreateAccess */
- "getattr", /* DixGetAttrAccess */
- "setattr", /* DixSetAttrAccess */
- "", /* DixListPropAccess */
- "", /* DixGetPropAccess */
- "", /* DixSetPropAccess */
- "", /* DixGetFocusAccess */
- "", /* DixSetFocusAccess */
- "", /* DixListAccess */
- "", /* DixAddAccess */
- "", /* DixRemoveAccess */
- "", /* DixHideAccess */
- "", /* DixShowAccess */
- "", /* DixBlendAccess */
- "", /* DixGrabAccess */
- "", /* DixFreezeAccess */
- "", /* DixForceAccess */
- "", /* DixInstallAccess */
- "", /* DixUninstallAccess */
- "", /* DixSendAccess */
- "", /* DixReceiveAccess */
- "use", /* DixUseAccess */
- NULL }},
- { "x_client",
- { "", /* DixReadAccess */
- "", /* DixWriteAccess */
- "destroy", /* DixDestroyAccess */
- "", /* DixCreateAccess */
- "getattr", /* DixGetAttrAccess */
- "setattr", /* DixSetAttrAccess */
- "", /* DixListPropAccess */
- "", /* DixGetPropAccess */
- "", /* DixSetPropAccess */
- "", /* DixGetFocusAccess */
- "", /* DixSetFocusAccess */
- "", /* DixListAccess */
- "", /* DixAddAccess */
- "", /* DixRemoveAccess */
- "", /* DixHideAccess */
- "", /* DixShowAccess */
- "", /* DixBlendAccess */
- "", /* DixGrabAccess */
- "", /* DixFreezeAccess */
- "", /* DixForceAccess */
- "", /* DixInstallAccess */
- "", /* DixUninstallAccess */
- "", /* DixSendAccess */
- "", /* DixReceiveAccess */
- "", /* DixUseAccess */
- "manage", /* DixManageAccess */
- NULL }},
- { "x_pointer",
- { "read", /* DixReadAccess */
- "write", /* DixWriteAccess */
- "destroy", /* DixDestroyAccess */
- "create", /* DixCreateAccess */
- "getattr", /* DixGetAttrAccess */
- "setattr", /* DixSetAttrAccess */
- "list_property", /* DixListPropAccess */
- "get_property", /* DixGetPropAccess */
- "set_property", /* DixSetPropAccess */
- "getfocus", /* DixGetFocusAccess */
- "setfocus", /* DixSetFocusAccess */
- "", /* DixListAccess */
- "add", /* DixAddAccess */
- "remove", /* DixRemoveAccess */
- "", /* DixHideAccess */
- "", /* DixShowAccess */
- "", /* DixBlendAccess */
- "grab", /* DixGrabAccess */
- "freeze", /* DixFreezeAccess */
- "force_cursor", /* DixForceAccess */
- "", /* DixInstallAccess */
- "", /* DixUninstallAccess */
- "", /* DixSendAccess */
- "", /* DixReceiveAccess */
- "use", /* DixUseAccess */
- "manage", /* DixManageAccess */
- "", /* DixDebugAccess */
- "bell", /* DixBellAccess */
- NULL }},
- { "x_keyboard",
- { "read", /* DixReadAccess */
- "write", /* DixWriteAccess */
- "destroy", /* DixDestroyAccess */
- "create", /* DixCreateAccess */
- "getattr", /* DixGetAttrAccess */
- "setattr", /* DixSetAttrAccess */
- "list_property", /* DixListPropAccess */
- "get_property", /* DixGetPropAccess */
- "set_property", /* DixSetPropAccess */
- "getfocus", /* DixGetFocusAccess */
- "setfocus", /* DixSetFocusAccess */
- "", /* DixListAccess */
- "add", /* DixAddAccess */
- "remove", /* DixRemoveAccess */
- "", /* DixHideAccess */
- "", /* DixShowAccess */
- "", /* DixBlendAccess */
- "grab", /* DixGrabAccess */
- "freeze", /* DixFreezeAccess */
- "force_cursor", /* DixForceAccess */
- "", /* DixInstallAccess */
- "", /* DixUninstallAccess */
- "", /* DixSendAccess */
- "", /* DixReceiveAccess */
- "use", /* DixUseAccess */
- "manage", /* DixManageAccess */
- "", /* DixDebugAccess */
- "bell", /* DixBellAccess */
- NULL }},
- { "x_server",
- { "record", /* DixReadAccess */
- "", /* DixWriteAccess */
- "", /* DixDestroyAccess */
- "", /* DixCreateAccess */
- "getattr", /* DixGetAttrAccess */
- "setattr", /* DixSetAttrAccess */
- "", /* DixListPropAccess */
- "", /* DixGetPropAccess */
- "", /* DixSetPropAccess */
- "", /* DixGetFocusAccess */
- "", /* DixSetFocusAccess */
- "", /* DixListAccess */
- "", /* DixAddAccess */
- "", /* DixRemoveAccess */
- "", /* DixHideAccess */
- "", /* DixShowAccess */
- "", /* DixBlendAccess */
- "grab", /* DixGrabAccess */
- "", /* DixFreezeAccess */
- "", /* DixForceAccess */
- "", /* DixInstallAccess */
- "", /* DixUninstallAccess */
- "", /* DixSendAccess */
- "", /* DixReceiveAccess */
- "", /* DixUseAccess */
- "manage", /* DixManageAccess */
- "debug", /* DixDebugAccess */
- NULL }},
- { "x_extension",
- { "", /* DixReadAccess */
- "", /* DixWriteAccess */
- "", /* DixDestroyAccess */
- "", /* DixCreateAccess */
- "query", /* DixGetAttrAccess */
- "", /* DixSetAttrAccess */
- "", /* DixListPropAccess */
- "", /* DixGetPropAccess */
- "", /* DixSetPropAccess */
- "", /* DixGetFocusAccess */
- "", /* DixSetFocusAccess */
- "", /* DixListAccess */
- "", /* DixAddAccess */
- "", /* DixRemoveAccess */
- "", /* DixHideAccess */
- "", /* DixShowAccess */
- "", /* DixBlendAccess */
- "", /* DixGrabAccess */
- "", /* DixFreezeAccess */
- "", /* DixForceAccess */
- "", /* DixInstallAccess */
- "", /* DixUninstallAccess */
- "", /* DixSendAccess */
- "", /* DixReceiveAccess */
- "use", /* DixUseAccess */
- NULL }},
- { "x_event",
- { "", /* DixReadAccess */
- "", /* DixWriteAccess */
- "", /* DixDestroyAccess */
- "", /* DixCreateAccess */
- "", /* DixGetAttrAccess */
- "", /* DixSetAttrAccess */
- "", /* DixListPropAccess */
- "", /* DixGetPropAccess */
- "", /* DixSetPropAccess */
- "", /* DixGetFocusAccess */
- "", /* DixSetFocusAccess */
- "", /* DixListAccess */
- "", /* DixAddAccess */
- "", /* DixRemoveAccess */
- "", /* DixHideAccess */
- "", /* DixShowAccess */
- "", /* DixBlendAccess */
- "", /* DixGrabAccess */
- "", /* DixFreezeAccess */
- "", /* DixForceAccess */
- "", /* DixInstallAccess */
- "", /* DixUninstallAccess */
- "send", /* DixSendAccess */
- "receive", /* DixReceiveAccess */
- NULL }},
- { "x_synthetic_event",
- { "", /* DixReadAccess */
- "", /* DixWriteAccess */
- "", /* DixDestroyAccess */
- "", /* DixCreateAccess */
- "", /* DixGetAttrAccess */
- "", /* DixSetAttrAccess */
- "", /* DixListPropAccess */
- "", /* DixGetPropAccess */
- "", /* DixSetPropAccess */
- "", /* DixGetFocusAccess */
- "", /* DixSetFocusAccess */
- "", /* DixListAccess */
- "", /* DixAddAccess */
- "", /* DixRemoveAccess */
- "", /* DixHideAccess */
- "", /* DixShowAccess */
- "", /* DixBlendAccess */
- "", /* DixGrabAccess */
- "", /* DixFreezeAccess */
- "", /* DixForceAccess */
- "", /* DixInstallAccess */
- "", /* DixUninstallAccess */
- "send", /* DixSendAccess */
- "receive", /* DixReceiveAccess */
- NULL }},
- { "x_resource",
- { "read", /* DixReadAccess */
- "write", /* DixWriteAccess */
- "write", /* DixDestroyAccess */
- "write", /* DixCreateAccess */
- "read", /* DixGetAttrAccess */
- "write", /* DixSetAttrAccess */
- "read", /* DixListPropAccess */
- "read", /* DixGetPropAccess */
- "write", /* DixSetPropAccess */
- "read", /* DixGetFocusAccess */
- "write", /* DixSetFocusAccess */
- "read", /* DixListAccess */
- "write", /* DixAddAccess */
- "write", /* DixRemoveAccess */
- "write", /* DixHideAccess */
- "read", /* DixShowAccess */
- "read", /* DixBlendAccess */
- "write", /* DixGrabAccess */
- "write", /* DixFreezeAccess */
- "write", /* DixForceAccess */
- "write", /* DixInstallAccess */
- "write", /* DixUninstallAccess */
- "write", /* DixSendAccess */
- "read", /* DixReceiveAccess */
- "read", /* DixUseAccess */
- "write", /* DixManageAccess */
- "read", /* DixDebugAccess */
- "write", /* DixBellAccess */
- NULL }},
- { NULL }
-};
-
-/* x_resource "read" bits from the list above */
-#define SELinuxReadMask (DixReadAccess|DixGetAttrAccess|DixListPropAccess| \
- DixGetPropAccess|DixGetFocusAccess|DixListAccess| \
- DixShowAccess|DixBlendAccess|DixReceiveAccess| \
- DixUseAccess|DixDebugAccess)
-
-#endif /* _XSELINUX_NEED_FLASK_MAP */
-#endif /* _XSELINUXINT_H */
+/************************************************************ + +Author: Eamon Walsh <ewalsh@tycho.nsa.gov> + +Permission to use, copy, modify, distribute, and sell this software and its +documentation for any purpose is hereby granted without fee, provided that +this permission notice appear in supporting documentation. This permission +notice shall be included in all copies or substantial portions of the +Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +********************************************************/ + +#ifndef _XSELINUXINT_H +#define _XSELINUXINT_H + +#include <selinux/selinux.h> +#include <selinux/avc.h> + +#include "globals.h" +#include "dixaccess.h" +#include "dixstruct.h" +#include "privates.h" +#include "resource.h" +#include "registry.h" +#include "inputstr.h" +#include "xselinux.h" + +/* + * Types + */ + +#define COMMAND_LEN 64 + +/* subject state (clients and devices only) */ +typedef struct { + security_id_t sid; + security_id_t dev_create_sid; + security_id_t win_create_sid; + security_id_t sel_create_sid; + security_id_t prp_create_sid; + security_id_t sel_use_sid; + security_id_t prp_use_sid; + struct avc_entry_ref aeref; + char command[COMMAND_LEN]; + int privileged; +} SELinuxSubjectRec; + +/* object state */ +typedef struct { + security_id_t sid; + int poly; +} SELinuxObjectRec; + +/* + * Globals + */ + +extern DevPrivateKeyRec subjectKeyRec; + +#define subjectKey (&subjectKeyRec) +extern DevPrivateKeyRec objectKeyRec; + +#define objectKey (&objectKeyRec) +extern DevPrivateKeyRec dataKeyRec; + +#define dataKey (&dataKeyRec) + +/* + * Label functions + */ + +int + SELinuxAtomToSID(Atom atom, int prop, SELinuxObjectRec ** obj_rtn); + +int + +SELinuxSelectionToSID(Atom selection, SELinuxSubjectRec * subj, + security_id_t * sid_rtn, int *poly_rtn); + +int + +SELinuxPropertyToSID(Atom property, SELinuxSubjectRec * subj, + security_id_t * sid_rtn, int *poly_rtn); + +int + +SELinuxEventToSID(unsigned type, security_id_t sid_of_window, + SELinuxObjectRec * sid_return); + +int + SELinuxExtensionToSID(const char *name, security_id_t * sid_rtn); + +security_class_t SELinuxTypeToClass(RESTYPE type); + +security_context_t SELinuxDefaultClientLabel(void); + +void + SELinuxLabelInit(void); + +void + SELinuxLabelReset(void); + +/* + * Security module functions + */ + +void + SELinuxFlaskInit(void); + +void + SELinuxFlaskReset(void); + +/* + * Private Flask definitions + */ + +/* Security class constants */ +#define SECCLASS_X_DRAWABLE 1 +#define SECCLASS_X_SCREEN 2 +#define SECCLASS_X_GC 3 +#define SECCLASS_X_FONT 4 +#define SECCLASS_X_COLORMAP 5 +#define SECCLASS_X_PROPERTY 6 +#define SECCLASS_X_SELECTION 7 +#define SECCLASS_X_CURSOR 8 +#define SECCLASS_X_CLIENT 9 +#define SECCLASS_X_POINTER 10 +#define SECCLASS_X_KEYBOARD 11 +#define SECCLASS_X_SERVER 12 +#define SECCLASS_X_EXTENSION 13 +#define SECCLASS_X_EVENT 14 +#define SECCLASS_X_FAKEEVENT 15 +#define SECCLASS_X_RESOURCE 16 + +#ifdef _XSELINUX_NEED_FLASK_MAP +/* Mapping from DixAccess bits to Flask permissions */ +static struct security_class_mapping map[] = { + {"x_drawable", + {"read", /* DixReadAccess */ + "write", /* DixWriteAccess */ + "destroy", /* DixDestroyAccess */ + "create", /* DixCreateAccess */ + "getattr", /* DixGetAttrAccess */ + "setattr", /* DixSetAttrAccess */ + "list_property", /* DixListPropAccess */ + "get_property", /* DixGetPropAccess */ + "set_property", /* DixSetPropAccess */ + "", /* DixGetFocusAccess */ + "", /* DixSetFocusAccess */ + "list_child", /* DixListAccess */ + "add_child", /* DixAddAccess */ + "remove_child", /* DixRemoveAccess */ + "hide", /* DixHideAccess */ + "show", /* DixShowAccess */ + "blend", /* DixBlendAccess */ + "override", /* DixGrabAccess */ + "", /* DixFreezeAccess */ + "", /* DixForceAccess */ + "", /* DixInstallAccess */ + "", /* DixUninstallAccess */ + "send", /* DixSendAccess */ + "receive", /* DixReceiveAccess */ + "", /* DixUseAccess */ + "manage", /* DixManageAccess */ + NULL}}, + {"x_screen", + {"", /* DixReadAccess */ + "", /* DixWriteAccess */ + "", /* DixDestroyAccess */ + "", /* DixCreateAccess */ + "getattr", /* DixGetAttrAccess */ + "setattr", /* DixSetAttrAccess */ + "saver_getattr", /* DixListPropAccess */ + "saver_setattr", /* DixGetPropAccess */ + "", /* DixSetPropAccess */ + "", /* DixGetFocusAccess */ + "", /* DixSetFocusAccess */ + "", /* DixListAccess */ + "", /* DixAddAccess */ + "", /* DixRemoveAccess */ + "hide_cursor", /* DixHideAccess */ + "show_cursor", /* DixShowAccess */ + "saver_hide", /* DixBlendAccess */ + "saver_show", /* DixGrabAccess */ + NULL}}, + {"x_gc", + {"", /* DixReadAccess */ + "", /* DixWriteAccess */ + "destroy", /* DixDestroyAccess */ + "create", /* DixCreateAccess */ + "getattr", /* DixGetAttrAccess */ + "setattr", /* DixSetAttrAccess */ + "", /* DixListPropAccess */ + "", /* DixGetPropAccess */ + "", /* DixSetPropAccess */ + "", /* DixGetFocusAccess */ + "", /* DixSetFocusAccess */ + "", /* DixListAccess */ + "", /* DixAddAccess */ + "", /* DixRemoveAccess */ + "", /* DixHideAccess */ + "", /* DixShowAccess */ + "", /* DixBlendAccess */ + "", /* DixGrabAccess */ + "", /* DixFreezeAccess */ + "", /* DixForceAccess */ + "", /* DixInstallAccess */ + "", /* DixUninstallAccess */ + "", /* DixSendAccess */ + "", /* DixReceiveAccess */ + "use", /* DixUseAccess */ + NULL}}, + {"x_font", + {"", /* DixReadAccess */ + "", /* DixWriteAccess */ + "destroy", /* DixDestroyAccess */ + "create", /* DixCreateAccess */ + "getattr", /* DixGetAttrAccess */ + "", /* DixSetAttrAccess */ + "", /* DixListPropAccess */ + "", /* DixGetPropAccess */ + "", /* DixSetPropAccess */ + "", /* DixGetFocusAccess */ + "", /* DixSetFocusAccess */ + "", /* DixListAccess */ + "add_glyph", /* DixAddAccess */ + "remove_glyph", /* DixRemoveAccess */ + "", /* DixHideAccess */ + "", /* DixShowAccess */ + "", /* DixBlendAccess */ + "", /* DixGrabAccess */ + "", /* DixFreezeAccess */ + "", /* DixForceAccess */ + "", /* DixInstallAccess */ + "", /* DixUninstallAccess */ + "", /* DixSendAccess */ + "", /* DixReceiveAccess */ + "use", /* DixUseAccess */ + NULL}}, + {"x_colormap", + {"read", /* DixReadAccess */ + "write", /* DixWriteAccess */ + "destroy", /* DixDestroyAccess */ + "create", /* DixCreateAccess */ + "getattr", /* DixGetAttrAccess */ + "", /* DixSetAttrAccess */ + "", /* DixListPropAccess */ + "", /* DixGetPropAccess */ + "", /* DixSetPropAccess */ + "", /* DixGetFocusAccess */ + "", /* DixSetFocusAccess */ + "", /* DixListAccess */ + "add_color", /* DixAddAccess */ + "remove_color", /* DixRemoveAccess */ + "", /* DixHideAccess */ + "", /* DixShowAccess */ + "", /* DixBlendAccess */ + "", /* DixGrabAccess */ + "", /* DixFreezeAccess */ + "", /* DixForceAccess */ + "install", /* DixInstallAccess */ + "uninstall", /* DixUninstallAccess */ + "", /* DixSendAccess */ + "", /* DixReceiveAccess */ + "use", /* DixUseAccess */ + NULL}}, + {"x_property", + {"read", /* DixReadAccess */ + "write", /* DixWriteAccess */ + "destroy", /* DixDestroyAccess */ + "create", /* DixCreateAccess */ + "getattr", /* DixGetAttrAccess */ + "setattr", /* DixSetAttrAccess */ + "", /* DixListPropAccess */ + "", /* DixGetPropAccess */ + "", /* DixSetPropAccess */ + "", /* DixGetFocusAccess */ + "", /* DixSetFocusAccess */ + "", /* DixListAccess */ + "", /* DixAddAccess */ + "", /* DixRemoveAccess */ + "", /* DixHideAccess */ + "", /* DixShowAccess */ + "write", /* DixBlendAccess */ + NULL}}, + {"x_selection", + {"read", /* DixReadAccess */ + "", /* DixWriteAccess */ + "", /* DixDestroyAccess */ + "setattr", /* DixCreateAccess */ + "getattr", /* DixGetAttrAccess */ + "setattr", /* DixSetAttrAccess */ + NULL}}, + {"x_cursor", + {"read", /* DixReadAccess */ + "write", /* DixWriteAccess */ + "destroy", /* DixDestroyAccess */ + "create", /* DixCreateAccess */ + "getattr", /* DixGetAttrAccess */ + "setattr", /* DixSetAttrAccess */ + "", /* DixListPropAccess */ + "", /* DixGetPropAccess */ + "", /* DixSetPropAccess */ + "", /* DixGetFocusAccess */ + "", /* DixSetFocusAccess */ + "", /* DixListAccess */ + "", /* DixAddAccess */ + "", /* DixRemoveAccess */ + "", /* DixHideAccess */ + "", /* DixShowAccess */ + "", /* DixBlendAccess */ + "", /* DixGrabAccess */ + "", /* DixFreezeAccess */ + "", /* DixForceAccess */ + "", /* DixInstallAccess */ + "", /* DixUninstallAccess */ + "", /* DixSendAccess */ + "", /* DixReceiveAccess */ + "use", /* DixUseAccess */ + NULL}}, + {"x_client", + {"", /* DixReadAccess */ + "", /* DixWriteAccess */ + "destroy", /* DixDestroyAccess */ + "", /* DixCreateAccess */ + "getattr", /* DixGetAttrAccess */ + "setattr", /* DixSetAttrAccess */ + "", /* DixListPropAccess */ + "", /* DixGetPropAccess */ + "", /* DixSetPropAccess */ + "", /* DixGetFocusAccess */ + "", /* DixSetFocusAccess */ + "", /* DixListAccess */ + "", /* DixAddAccess */ + "", /* DixRemoveAccess */ + "", /* DixHideAccess */ + "", /* DixShowAccess */ + "", /* DixBlendAccess */ + "", /* DixGrabAccess */ + "", /* DixFreezeAccess */ + "", /* DixForceAccess */ + "", /* DixInstallAccess */ + "", /* DixUninstallAccess */ + "", /* DixSendAccess */ + "", /* DixReceiveAccess */ + "", /* DixUseAccess */ + "manage", /* DixManageAccess */ + NULL}}, + {"x_pointer", + {"read", /* DixReadAccess */ + "write", /* DixWriteAccess */ + "destroy", /* DixDestroyAccess */ + "create", /* DixCreateAccess */ + "getattr", /* DixGetAttrAccess */ + "setattr", /* DixSetAttrAccess */ + "list_property", /* DixListPropAccess */ + "get_property", /* DixGetPropAccess */ + "set_property", /* DixSetPropAccess */ + "getfocus", /* DixGetFocusAccess */ + "setfocus", /* DixSetFocusAccess */ + "", /* DixListAccess */ + "add", /* DixAddAccess */ + "remove", /* DixRemoveAccess */ + "", /* DixHideAccess */ + "", /* DixShowAccess */ + "", /* DixBlendAccess */ + "grab", /* DixGrabAccess */ + "freeze", /* DixFreezeAccess */ + "force_cursor", /* DixForceAccess */ + "", /* DixInstallAccess */ + "", /* DixUninstallAccess */ + "", /* DixSendAccess */ + "", /* DixReceiveAccess */ + "use", /* DixUseAccess */ + "manage", /* DixManageAccess */ + "", /* DixDebugAccess */ + "bell", /* DixBellAccess */ + NULL}}, + {"x_keyboard", + {"read", /* DixReadAccess */ + "write", /* DixWriteAccess */ + "destroy", /* DixDestroyAccess */ + "create", /* DixCreateAccess */ + "getattr", /* DixGetAttrAccess */ + "setattr", /* DixSetAttrAccess */ + "list_property", /* DixListPropAccess */ + "get_property", /* DixGetPropAccess */ + "set_property", /* DixSetPropAccess */ + "getfocus", /* DixGetFocusAccess */ + "setfocus", /* DixSetFocusAccess */ + "", /* DixListAccess */ + "add", /* DixAddAccess */ + "remove", /* DixRemoveAccess */ + "", /* DixHideAccess */ + "", /* DixShowAccess */ + "", /* DixBlendAccess */ + "grab", /* DixGrabAccess */ + "freeze", /* DixFreezeAccess */ + "force_cursor", /* DixForceAccess */ + "", /* DixInstallAccess */ + "", /* DixUninstallAccess */ + "", /* DixSendAccess */ + "", /* DixReceiveAccess */ + "use", /* DixUseAccess */ + "manage", /* DixManageAccess */ + "", /* DixDebugAccess */ + "bell", /* DixBellAccess */ + NULL}}, + {"x_server", + {"record", /* DixReadAccess */ + "", /* DixWriteAccess */ + "", /* DixDestroyAccess */ + "", /* DixCreateAccess */ + "getattr", /* DixGetAttrAccess */ + "setattr", /* DixSetAttrAccess */ + "", /* DixListPropAccess */ + "", /* DixGetPropAccess */ + "", /* DixSetPropAccess */ + "", /* DixGetFocusAccess */ + "", /* DixSetFocusAccess */ + "", /* DixListAccess */ + "", /* DixAddAccess */ + "", /* DixRemoveAccess */ + "", /* DixHideAccess */ + "", /* DixShowAccess */ + "", /* DixBlendAccess */ + "grab", /* DixGrabAccess */ + "", /* DixFreezeAccess */ + "", /* DixForceAccess */ + "", /* DixInstallAccess */ + "", /* DixUninstallAccess */ + "", /* DixSendAccess */ + "", /* DixReceiveAccess */ + "", /* DixUseAccess */ + "manage", /* DixManageAccess */ + "debug", /* DixDebugAccess */ + NULL}}, + {"x_extension", + {"", /* DixReadAccess */ + "", /* DixWriteAccess */ + "", /* DixDestroyAccess */ + "", /* DixCreateAccess */ + "query", /* DixGetAttrAccess */ + "", /* DixSetAttrAccess */ + "", /* DixListPropAccess */ + "", /* DixGetPropAccess */ + "", /* DixSetPropAccess */ + "", /* DixGetFocusAccess */ + "", /* DixSetFocusAccess */ + "", /* DixListAccess */ + "", /* DixAddAccess */ + "", /* DixRemoveAccess */ + "", /* DixHideAccess */ + "", /* DixShowAccess */ + "", /* DixBlendAccess */ + "", /* DixGrabAccess */ + "", /* DixFreezeAccess */ + "", /* DixForceAccess */ + "", /* DixInstallAccess */ + "", /* DixUninstallAccess */ + "", /* DixSendAccess */ + "", /* DixReceiveAccess */ + "use", /* DixUseAccess */ + NULL}}, + {"x_event", + {"", /* DixReadAccess */ + "", /* DixWriteAccess */ + "", /* DixDestroyAccess */ + "", /* DixCreateAccess */ + "", /* DixGetAttrAccess */ + "", /* DixSetAttrAccess */ + "", /* DixListPropAccess */ + "", /* DixGetPropAccess */ + "", /* DixSetPropAccess */ + "", /* DixGetFocusAccess */ + "", /* DixSetFocusAccess */ + "", /* DixListAccess */ + "", /* DixAddAccess */ + "", /* DixRemoveAccess */ + "", /* DixHideAccess */ + "", /* DixShowAccess */ + "", /* DixBlendAccess */ + "", /* DixGrabAccess */ + "", /* DixFreezeAccess */ + "", /* DixForceAccess */ + "", /* DixInstallAccess */ + "", /* DixUninstallAccess */ + "send", /* DixSendAccess */ + "receive", /* DixReceiveAccess */ + NULL}}, + {"x_synthetic_event", + {"", /* DixReadAccess */ + "", /* DixWriteAccess */ + "", /* DixDestroyAccess */ + "", /* DixCreateAccess */ + "", /* DixGetAttrAccess */ + "", /* DixSetAttrAccess */ + "", /* DixListPropAccess */ + "", /* DixGetPropAccess */ + "", /* DixSetPropAccess */ + "", /* DixGetFocusAccess */ + "", /* DixSetFocusAccess */ + "", /* DixListAccess */ + "", /* DixAddAccess */ + "", /* DixRemoveAccess */ + "", /* DixHideAccess */ + "", /* DixShowAccess */ + "", /* DixBlendAccess */ + "", /* DixGrabAccess */ + "", /* DixFreezeAccess */ + "", /* DixForceAccess */ + "", /* DixInstallAccess */ + "", /* DixUninstallAccess */ + "send", /* DixSendAccess */ + "receive", /* DixReceiveAccess */ + NULL}}, + {"x_resource", + {"read", /* DixReadAccess */ + "write", /* DixWriteAccess */ + "write", /* DixDestroyAccess */ + "write", /* DixCreateAccess */ + "read", /* DixGetAttrAccess */ + "write", /* DixSetAttrAccess */ + "read", /* DixListPropAccess */ + "read", /* DixGetPropAccess */ + "write", /* DixSetPropAccess */ + "read", /* DixGetFocusAccess */ + "write", /* DixSetFocusAccess */ + "read", /* DixListAccess */ + "write", /* DixAddAccess */ + "write", /* DixRemoveAccess */ + "write", /* DixHideAccess */ + "read", /* DixShowAccess */ + "read", /* DixBlendAccess */ + "write", /* DixGrabAccess */ + "write", /* DixFreezeAccess */ + "write", /* DixForceAccess */ + "write", /* DixInstallAccess */ + "write", /* DixUninstallAccess */ + "write", /* DixSendAccess */ + "read", /* DixReceiveAccess */ + "read", /* DixUseAccess */ + "write", /* DixManageAccess */ + "read", /* DixDebugAccess */ + "write", /* DixBellAccess */ + NULL}}, + {NULL} +}; + +/* x_resource "read" bits from the list above */ +#define SELinuxReadMask (DixReadAccess|DixGetAttrAccess|DixListPropAccess| \ + DixGetPropAccess|DixGetFocusAccess|DixListAccess| \ + DixShowAccess|DixBlendAccess|DixReceiveAccess| \ + DixUseAccess|DixDebugAccess) + +#endif /* _XSELINUX_NEED_FLASK_MAP */ +#endif /* _XSELINUXINT_H */ |