xace: Remove the audit hooks and tune dispatch

There are no in-tree consumers of the audit hooks, and they are in any case redundant with the dtrace dispatch hooks. Neither is there any in-tree user of the core request dispatch hook. The extension hook is only used for non-default security cases, but in the absence of LTO we always have to take the function call into XaceHookDispatch to find out that there's no callback registered. Cc: Eamon Walsh <ewalsh@tycho.nsa.gov> Signed-off-by: Adam Jackson <ajax@redhat.com> Reviewed-by: Keith Packard <keithp@keithp.com>
2016-04-29 14:22:52 -04:00 · 2016-04-29 14:22:52 -04:00 · 6cb34816af
parent da9fec4edd
commit 6cb34816af
3 changed files with 14 additions and 34 deletions
--- a/Xext/xace.c
+++ b/Xext/xace.c
@ -33,28 +33,17 @@ _X_EXPORT CallbackListPtr XaceHooks[XACE_NUM_HOOKS] = { 0 };

 /* Special-cased hook functions.  Called by Xserver.
 */
+#undef XaceHookDispatch
 int
 XaceHookDispatch(ClientPtr client, int major)
 {
-    /* Call the audit begin callback, there is no return value. */
-    XaceAuditRec rec = { client, 0 };
-    CallCallbacks(&XaceHooks[XACE_AUDIT_BEGIN], &rec);
-
-    if (major < 128) {
-        /* Call the core dispatch hook */
-        XaceCoreDispatchRec drec = { client, Success /* default allow */  };
-        CallCallbacks(&XaceHooks[XACE_CORE_DISPATCH], &drec);
-        return drec.status;
-    }
-    else {
-        /* Call the extension dispatch hook */
-        ExtensionEntry *ext = GetExtensionEntry(major);
-        XaceExtAccessRec erec = { client, ext, DixUseAccess, Success };
-        if (ext)
-            CallCallbacks(&XaceHooks[XACE_EXT_DISPATCH], &erec);
-        /* On error, pretend extension doesn't exist */
-        return (erec.status == Success) ? Success : BadRequest;
-    }
+    /* Call the extension dispatch hook */
+    ExtensionEntry *ext = GetExtensionEntry(major);
+    XaceExtAccessRec erec = { client, ext, DixUseAccess, Success };
+    if (ext)
+        CallCallbacks(&XaceHooks[XACE_EXT_DISPATCH], &erec);
+    /* On error, pretend extension doesn't exist */
+    return (erec.status == Success) ? Success : BadRequest;
 }

 int
@ -74,14 +63,6 @@ XaceHookSelectionAccess(ClientPtr client, Selection ** ppSel, Mask access_mode)
    return rec.status;
 }

-void
-XaceHookAuditEnd(ClientPtr ptr, int result)
-{
-    XaceAuditRec rec = { ptr, result };
-    /* call callbacks, there is no return value. */
-    CallCallbacks(&XaceHooks[XACE_AUDIT_END], &rec);
-}
-
 /* Entry point for hook functions.  Called by Xserver.
 */
 int
--- a/Xext/xace.h
+++ b/Xext/xace.h
@ -52,9 +52,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #define XACE_SCREENSAVER_ACCESS		12
 #define XACE_AUTH_AVAIL			13
 #define XACE_KEY_AVAIL			14
-#define XACE_AUDIT_BEGIN		15
-#define XACE_AUDIT_END			16
-#define XACE_NUM_HOOKS			17
+#define XACE_NUM_HOOKS			15

 extern _X_EXPORT CallbackListPtr XaceHooks[XACE_NUM_HOOKS];

@ -71,12 +69,16 @@ extern _X_EXPORT int XaceHookIsSet(int hook);
 /* Special-cased hook functions
 */
 extern _X_EXPORT int XaceHookDispatch(ClientPtr ptr, int major);
+#define XaceHookDispatch(c, m) \
+    ((XaceHooks[XACE_EXT_DISPATCH] && (m) >= EXTENSION_BASE) ? \
+    XaceHookDispatch((c), (m)) : \
+    Success)
+
 extern _X_EXPORT int XaceHookPropertyAccess(ClientPtr ptr, WindowPtr pWin,
                                            PropertyPtr *ppProp,
                                            Mask access_mode);
 extern _X_EXPORT int XaceHookSelectionAccess(ClientPtr ptr, Selection ** ppSel,
                                             Mask access_mode);
-extern _X_EXPORT void XaceHookAuditEnd(ClientPtr ptr, int result);

 /* Register a callback for a given hook.
 */
@ -116,7 +118,6 @@ extern _X_EXPORT void XaceCensorImage(ClientPtr client,
 #define XaceHookDispatch(args...) Success
 #define XaceHookPropertyAccess(args...) Success
 #define XaceHookSelectionAccess(args...) Success
-#define XaceHookAuditEnd(args...) { ; }
 #define XaceCensorImage(args...) { ; }
 #else
 #define XaceHook(...) Success
@ -124,7 +125,6 @@ extern _X_EXPORT void XaceCensorImage(ClientPtr client,
 #define XaceHookDispatch(...) Success
 #define XaceHookPropertyAccess(...) Success
 #define XaceHookSelectionAccess(...) Success
-#define XaceHookAuditEnd(...) { ; }
 #define XaceCensorImage(...) { ; }
 #endif

--- a/dix/dispatch.c
+++ b/dix/dispatch.c
@ -426,7 +426,6 @@ Dispatch(void)
                    if (result == Success)
                        result =
                            (*client->requestVector[client->majorOp]) (client);
-                    XaceHookAuditEnd(client, result);
                }
                if (!SmartScheduleSignalEnable)
                    SmartScheduleTime = GetTimeInMillis();