xace: Remove the audit hooks and tune dispatch
There are no in-tree consumers of the audit hooks, and they are in any case redundant with the dtrace dispatch hooks. Neither is there any in-tree user of the core request dispatch hook. The extension hook is only used for non-default security cases, but in the absence of LTO we always have to take the function call into XaceHookDispatch to find out that there's no callback registered. Cc: Eamon Walsh <ewalsh@tycho.nsa.gov> Signed-off-by: Adam Jackson <ajax@redhat.com> Reviewed-by: Keith Packard <keithp@keithp.com>
This commit is contained in:
parent
da9fec4edd
commit
6cb34816af
35
Xext/xace.c
35
Xext/xace.c
|
@ -33,28 +33,17 @@ _X_EXPORT CallbackListPtr XaceHooks[XACE_NUM_HOOKS] = { 0 };
|
|||
|
||||
/* Special-cased hook functions. Called by Xserver.
|
||||
*/
|
||||
#undef XaceHookDispatch
|
||||
int
|
||||
XaceHookDispatch(ClientPtr client, int major)
|
||||
{
|
||||
/* Call the audit begin callback, there is no return value. */
|
||||
XaceAuditRec rec = { client, 0 };
|
||||
CallCallbacks(&XaceHooks[XACE_AUDIT_BEGIN], &rec);
|
||||
|
||||
if (major < 128) {
|
||||
/* Call the core dispatch hook */
|
||||
XaceCoreDispatchRec drec = { client, Success /* default allow */ };
|
||||
CallCallbacks(&XaceHooks[XACE_CORE_DISPATCH], &drec);
|
||||
return drec.status;
|
||||
}
|
||||
else {
|
||||
/* Call the extension dispatch hook */
|
||||
ExtensionEntry *ext = GetExtensionEntry(major);
|
||||
XaceExtAccessRec erec = { client, ext, DixUseAccess, Success };
|
||||
if (ext)
|
||||
CallCallbacks(&XaceHooks[XACE_EXT_DISPATCH], &erec);
|
||||
/* On error, pretend extension doesn't exist */
|
||||
return (erec.status == Success) ? Success : BadRequest;
|
||||
}
|
||||
/* Call the extension dispatch hook */
|
||||
ExtensionEntry *ext = GetExtensionEntry(major);
|
||||
XaceExtAccessRec erec = { client, ext, DixUseAccess, Success };
|
||||
if (ext)
|
||||
CallCallbacks(&XaceHooks[XACE_EXT_DISPATCH], &erec);
|
||||
/* On error, pretend extension doesn't exist */
|
||||
return (erec.status == Success) ? Success : BadRequest;
|
||||
}
|
||||
|
||||
int
|
||||
|
@ -74,14 +63,6 @@ XaceHookSelectionAccess(ClientPtr client, Selection ** ppSel, Mask access_mode)
|
|||
return rec.status;
|
||||
}
|
||||
|
||||
void
|
||||
XaceHookAuditEnd(ClientPtr ptr, int result)
|
||||
{
|
||||
XaceAuditRec rec = { ptr, result };
|
||||
/* call callbacks, there is no return value. */
|
||||
CallCallbacks(&XaceHooks[XACE_AUDIT_END], &rec);
|
||||
}
|
||||
|
||||
/* Entry point for hook functions. Called by Xserver.
|
||||
*/
|
||||
int
|
||||
|
|
12
Xext/xace.h
12
Xext/xace.h
|
@ -52,9 +52,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|||
#define XACE_SCREENSAVER_ACCESS 12
|
||||
#define XACE_AUTH_AVAIL 13
|
||||
#define XACE_KEY_AVAIL 14
|
||||
#define XACE_AUDIT_BEGIN 15
|
||||
#define XACE_AUDIT_END 16
|
||||
#define XACE_NUM_HOOKS 17
|
||||
#define XACE_NUM_HOOKS 15
|
||||
|
||||
extern _X_EXPORT CallbackListPtr XaceHooks[XACE_NUM_HOOKS];
|
||||
|
||||
|
@ -71,12 +69,16 @@ extern _X_EXPORT int XaceHookIsSet(int hook);
|
|||
/* Special-cased hook functions
|
||||
*/
|
||||
extern _X_EXPORT int XaceHookDispatch(ClientPtr ptr, int major);
|
||||
#define XaceHookDispatch(c, m) \
|
||||
((XaceHooks[XACE_EXT_DISPATCH] && (m) >= EXTENSION_BASE) ? \
|
||||
XaceHookDispatch((c), (m)) : \
|
||||
Success)
|
||||
|
||||
extern _X_EXPORT int XaceHookPropertyAccess(ClientPtr ptr, WindowPtr pWin,
|
||||
PropertyPtr *ppProp,
|
||||
Mask access_mode);
|
||||
extern _X_EXPORT int XaceHookSelectionAccess(ClientPtr ptr, Selection ** ppSel,
|
||||
Mask access_mode);
|
||||
extern _X_EXPORT void XaceHookAuditEnd(ClientPtr ptr, int result);
|
||||
|
||||
/* Register a callback for a given hook.
|
||||
*/
|
||||
|
@ -116,7 +118,6 @@ extern _X_EXPORT void XaceCensorImage(ClientPtr client,
|
|||
#define XaceHookDispatch(args...) Success
|
||||
#define XaceHookPropertyAccess(args...) Success
|
||||
#define XaceHookSelectionAccess(args...) Success
|
||||
#define XaceHookAuditEnd(args...) { ; }
|
||||
#define XaceCensorImage(args...) { ; }
|
||||
#else
|
||||
#define XaceHook(...) Success
|
||||
|
@ -124,7 +125,6 @@ extern _X_EXPORT void XaceCensorImage(ClientPtr client,
|
|||
#define XaceHookDispatch(...) Success
|
||||
#define XaceHookPropertyAccess(...) Success
|
||||
#define XaceHookSelectionAccess(...) Success
|
||||
#define XaceHookAuditEnd(...) { ; }
|
||||
#define XaceCensorImage(...) { ; }
|
||||
#endif
|
||||
|
||||
|
|
|
@ -426,7 +426,6 @@ Dispatch(void)
|
|||
if (result == Success)
|
||||
result =
|
||||
(*client->requestVector[client->majorOp]) (client);
|
||||
XaceHookAuditEnd(client, result);
|
||||
}
|
||||
if (!SmartScheduleSignalEnable)
|
||||
SmartScheduleTime = GetTimeInMillis();
|
||||
|
|
Loading…
Reference in New Issue