diff --git a/Xext/Makefile.am b/Xext/Makefile.am index f57e59910..648736d95 100644 --- a/Xext/Makefile.am +++ b/Xext/Makefile.am @@ -76,7 +76,7 @@ endif # requires X-ACE extension XSELINUX_SRCS = xselinux.c xselinux.h if XSELINUX -BUILTIN_SRCS += $(XSELINUX_SRCS) +MODULE_SRCS += $(XSELINUX_SRCS) endif # Security extension: multi-level security to protect clients from each other diff --git a/Xext/xace.c b/Xext/xace.c index e85a51714..0470e44dd 100644 --- a/Xext/xace.c +++ b/Xext/xace.c @@ -24,31 +24,31 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. #include #include "scrnintstr.h" #include "xacestr.h" -#include "modinit.h" CallbackListPtr XaceHooks[XACE_NUM_HOOKS] = {0}; -/* Proc vectors for untrusted clients, swapped and unswapped versions. - * These are the same as the normal proc vectors except that extensions - * that haven't declared themselves secure will have ProcBadRequest plugged - * in for their major opcode dispatcher. This prevents untrusted clients - * from guessing extension major opcodes and using the extension even though - * the extension can't be listed or queried. - */ -static int (*UntrustedProcVector[256])( - ClientPtr /*client*/ -); -static int (*SwappedUntrustedProcVector[256])( - ClientPtr /*client*/ -); - /* Special-cased hook functions. Called by Xserver. */ -void XaceHookAuditBegin(ClientPtr ptr) +int XaceHookDispatch(ClientPtr client, int major) { - XaceAuditRec rec = { ptr, 0 }; - /* call callbacks, there is no return value. */ + /* Call the audit begin callback, there is no return value. */ + XaceAuditRec rec = { client, 0 }; CallCallbacks(&XaceHooks[XACE_AUDIT_BEGIN], &rec); + + if (major < 128) { + /* Call the core dispatch hook */ + XaceCoreDispatchRec rec = { client, Success /* default allow */ }; + CallCallbacks(&XaceHooks[XACE_CORE_DISPATCH], &rec); + return rec.status; + } else { + /* Call the extension dispatch hook */ + ExtensionEntry *ext = GetExtensionEntry(major); + XaceExtAccessRec rec = { client, ext, DixUseAccess, Success }; + if (ext) + CallCallbacks(&XaceHooks[XACE_EXT_DISPATCH], &rec); + /* On error, pretend extension doesn't exist */ + return (rec.status == Success) ? Success : BadRequest; + } } void XaceHookAuditEnd(ClientPtr ptr, int result) @@ -221,168 +221,6 @@ int XaceHook(int hook, ...) return prv ? *prv : Success; } -static int -ProcXaceDispatch(ClientPtr client) -{ - REQUEST(xReq); - - switch (stuff->data) - { - default: - return BadRequest; - } -} /* ProcXaceDispatch */ - -static int -SProcXaceDispatch(ClientPtr client) -{ - REQUEST(xReq); - - switch (stuff->data) - { - default: - return BadRequest; - } -} /* SProcXaceDispatch */ - - -/* XaceResetProc - * - * Arguments: - * extEntry is the extension information for the XACE extension. - * - * Returns: nothing. - * - * Side Effects: - * Performs any cleanup needed by XACE at server shutdown time. - */ -static void -XaceResetProc(ExtensionEntry *extEntry) -{ - int i; - - for (i=0; ireqType; - XaceCoreDispatchRec rec = { client, Success /* default allow */ }; - - if (!ProcVector[major]) - return BadRequest; - - /* call callbacks and return result, if any. */ - CallCallbacks(&XaceHooks[XACE_CORE_DISPATCH], &rec); - - if (rec.status != Success) - return rec.status; - - return client->swapped ? - (* SwappedProcVector[major])(client) : - (* ProcVector[major])(client); -} - -static int -XaceCatchExtProc(ClientPtr client) -{ - REQUEST(xReq); - int major = stuff->reqType; - ExtensionEntry *ext = GetExtensionEntry(major); - XaceExtAccessRec rec = { client, ext, DixUseAccess, Success }; - - if (!ext || !ProcVector[major]) - return BadRequest; - - /* call callbacks and return result, if any. */ - CallCallbacks(&XaceHooks[XACE_EXT_DISPATCH], &rec); - - if (rec.status != Success) - return BadRequest; /* pretend extension doesn't exist */ - - return client->swapped ? - (* SwappedProcVector[major])(client) : - (* ProcVector[major])(client); -} - - -/* SecurityClientStateCallback - * - * Arguments: - * pcbl is &ClientStateCallback. - * nullata is NULL. - * calldata is a pointer to a NewClientInfoRec (include/dixstruct.h) - * which contains information about client state changes. - * - * Returns: nothing. - * - * Side Effects: - * - * If a new client is connecting, its authorization ID is copied to - * client->authID. If this is a generated authorization, its reference - * count is bumped, its timer is cancelled if it was running, and its - * trustlevel is copied to TRUSTLEVEL(client). - * - * If a client is disconnecting and the client was using a generated - * authorization, the authorization's reference count is decremented, and - * if it is now zero, the timer for this authorization is started. - */ - -static void -XaceClientStateCallback( - CallbackListPtr *pcbl, - pointer nulldata, - pointer calldata) -{ - NewClientInfoRec *pci = (NewClientInfoRec *)calldata; - ClientPtr client = pci->client; - - switch (client->clientState) - { - case ClientStateRunning: - { - client->requestVector = client->swapped ? - SwappedUntrustedProcVector : UntrustedProcVector; - break; - } - default: break; - } -} /* XaceClientStateCallback */ - -/* XaceExtensionInit - * - * Initialize the XACE Extension - */ -void XaceExtensionInit(INITARGS) -{ - ExtensionEntry *extEntry; - int i; - - if (!AddCallback(&ClientStateCallback, XaceClientStateCallback, NULL)) - return; - - extEntry = AddExtension(XACE_EXTENSION_NAME, - XaceNumberEvents, XaceNumberErrors, - ProcXaceDispatch, SProcXaceDispatch, - XaceResetProc, StandardMinorOpcode); - - /* initialize dispatching intercept functions */ - for (i = 0; i < 128; i++) - { - UntrustedProcVector[i] = XaceCatchDispatchProc; - SwappedUntrustedProcVector[i] = XaceCatchDispatchProc; - } - for (i = 128; i < 256; i++) - { - UntrustedProcVector[i] = XaceCatchExtProc; - SwappedUntrustedProcVector[i] = XaceCatchExtProc; - } -} - /* XaceCensorImage * * Called after pScreen->GetImage to prevent pieces or trusted windows from diff --git a/Xext/xace.h b/Xext/xace.h index 6f92290a0..4100ba16e 100644 --- a/Xext/xace.h +++ b/Xext/xace.h @@ -22,16 +22,12 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. #ifdef XACE -#define XACE_EXTENSION_NAME "XAccessControlExtension" #define XACE_MAJOR_VERSION 2 #define XACE_MINOR_VERSION 0 #include "pixmap.h" /* for DrawablePtr */ #include "regionstr.h" /* for RegionPtr */ -#define XaceNumberEvents 0 -#define XaceNumberErrors 0 - /* Default window background */ #define XaceBackgroundNoneState None @@ -68,8 +64,8 @@ extern int XaceHook( /* Special-cased hook functions */ +extern int XaceHookDispatch(ClientPtr ptr, int major); extern void XaceHookAuditEnd(ClientPtr ptr, int result); -extern void XaceHookAuditBegin(ClientPtr ptr); /* Register a callback for a given hook. */ @@ -104,13 +100,13 @@ extern void XaceCensorImage( #ifdef __GNUC__ #define XaceHook(args...) Success +#define XaceHookDispatch(args...) Success #define XaceHookAuditEnd(args...) { ; } -#define XaceHookAuditBegin(args...) { ; } #define XaceCensorImage(args...) { ; } #else #define XaceHook(...) Success +#define XaceHookDispatch(...) Success #define XaceHookAuditEnd(...) { ; } -#define XaceHookAuditBegin(...) { ; } #define XaceCensorImage(...) { ; } #endif diff --git a/Xext/xselinux.c b/Xext/xselinux.c index 4629e9027..a6e27e695 100644 --- a/Xext/xselinux.c +++ b/Xext/xselinux.c @@ -63,6 +63,7 @@ typedef struct { security_id_t sid; struct avc_entry_ref aeref; char *command; + int privileged; } SELinuxStateRec; /* selection manager */ @@ -71,8 +72,8 @@ typedef struct { security_id_t sid; } SELinuxSelectionRec; -static ClientPtr selectionManager; -static Window selectionWindow; +static ClientPtr securityManager; +static Window securityWindow; /* audit file descriptor */ static int audit_fd; @@ -271,7 +272,7 @@ SELinuxTypeToClass(RESTYPE type) knownTypes[type] = SECCLASS_X_CURSOR; if (fulltype == RT_COLORMAP) knownTypes[type] = SECCLASS_X_COLORMAP; - + /* Need to do a string lookup */ str = LookupResourceName(fulltype); if (!strcmp(str, "PICTURE")) @@ -287,11 +288,11 @@ SELinuxTypeToClass(RESTYPE type) * Performs an SELinux permission check. */ static int -SELinuxDoCheck(int clientIndex, SELinuxStateRec *subj, SELinuxStateRec *obj, +SELinuxDoCheck(SELinuxStateRec *subj, SELinuxStateRec *obj, security_class_t class, Mask mode, SELinuxAuditRec *auditdata) { /* serverClient requests OK */ - if (clientIndex == 0) + if (subj->privileged) return Success; auditdata->command = subj->command; @@ -383,6 +384,7 @@ SELinuxLabelInitial(void) /* Do the serverClient */ state = dixLookupPrivate(&serverClient->devPrivates, stateKey); + state->privileged = 1; sidput(state->sid); /* Use the context of the X server process for the serverClient */ @@ -496,8 +498,8 @@ SELinuxDevice(CallbackListPtr *pcbl, pointer unused, pointer calldata) obj->sid = subj->sid; } - rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_DEVICE, - rec->access_mode, &auditdata); + rc = SELinuxDoCheck(subj, obj, SECCLASS_X_DEVICE, rec->access_mode, + &auditdata); if (rc != Success) rec->status = rc; } @@ -509,21 +511,18 @@ SELinuxSend(CallbackListPtr *pcbl, pointer unused, pointer calldata) SELinuxStateRec *subj, *obj, ev_sid; SELinuxAuditRec auditdata = { .client = rec->client }; security_class_t class; - int rc, i, type, clientIndex; + int rc, i, type; - if (rec->dev) { + if (rec->dev) subj = dixLookupPrivate(&rec->dev->devPrivates, stateKey); - clientIndex = -1; /* some nonzero value */ - } else { + else subj = dixLookupPrivate(&rec->client->devPrivates, stateKey); - clientIndex = rec->client->index; - } obj = dixLookupPrivate(&rec->pWin->devPrivates, stateKey); /* Check send permission on window */ - rc = SELinuxDoCheck(clientIndex, subj, obj, SECCLASS_X_DRAWABLE, - DixSendAccess, &auditdata); + rc = SELinuxDoCheck(subj, obj, SECCLASS_X_DRAWABLE, DixSendAccess, + &auditdata); if (rc != Success) goto err; @@ -537,8 +536,7 @@ SELinuxSend(CallbackListPtr *pcbl, pointer unused, pointer calldata) goto err; auditdata.event = type; - rc = SELinuxDoCheck(clientIndex, subj, &ev_sid, class, - DixSendAccess, &auditdata); + rc = SELinuxDoCheck(subj, &ev_sid, class, DixSendAccess, &auditdata); if (rc != Success) goto err; } @@ -560,8 +558,8 @@ SELinuxReceive(CallbackListPtr *pcbl, pointer unused, pointer calldata) obj = dixLookupPrivate(&rec->pWin->devPrivates, stateKey); /* Check receive permission on window */ - rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_DRAWABLE, - DixReceiveAccess, &auditdata); + rc = SELinuxDoCheck(subj, obj, SECCLASS_X_DRAWABLE, DixReceiveAccess, + &auditdata); if (rc != Success) goto err; @@ -575,8 +573,7 @@ SELinuxReceive(CallbackListPtr *pcbl, pointer unused, pointer calldata) goto err; auditdata.event = type; - rc = SELinuxDoCheck(rec->client->index, subj, &ev_sid, class, - DixReceiveAccess, &auditdata); + rc = SELinuxDoCheck(subj, &ev_sid, class, DixReceiveAccess, &auditdata); if (rc != Success) goto err; } @@ -633,8 +630,8 @@ SELinuxExtension(CallbackListPtr *pcbl, pointer unused, pointer calldata) /* Perform the security check */ auditdata.extension = rec->ext->name; - rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_EXTENSION, - rec->access_mode, &auditdata); + rc = SELinuxDoCheck(subj, obj, SECCLASS_X_EXTENSION, rec->access_mode, + &auditdata); if (rc != Success) rec->status = rc; } @@ -680,13 +677,12 @@ SELinuxProperty(CallbackListPtr *pcbl, pointer unused, pointer calldata) return; } freecon(con); - avc_entry_ref_init(&obj->aeref); } /* Perform the security check */ auditdata.property = rec->pProp->propertyName; - rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_PROPERTY, - rec->access_mode, &auditdata); + rc = SELinuxDoCheck(subj, obj, SECCLASS_X_PROPERTY, rec->access_mode, + &auditdata); if (rc != Success) rec->status = rc; } @@ -741,8 +737,7 @@ SELinuxResource(CallbackListPtr *pcbl, pointer unused, pointer calldata) /* Perform the security check */ auditdata.restype = rec->rtype; auditdata.id = rec->id; - rc = SELinuxDoCheck(rec->client->index, subj, obj, class, - rec->access_mode, &auditdata); + rc = SELinuxDoCheck(subj, obj, class, rec->access_mode, &auditdata); if (rc != Success) rec->status = rc; } @@ -775,8 +770,7 @@ SELinuxScreen(CallbackListPtr *pcbl, pointer is_saver, pointer calldata) if (is_saver) access_mode <<= 2; - rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_SCREEN, - access_mode, &auditdata); + rc = SELinuxDoCheck(subj, obj, SECCLASS_X_SCREEN, access_mode, &auditdata); if (rc != Success) rec->status = rc; } @@ -792,8 +786,8 @@ SELinuxClient(CallbackListPtr *pcbl, pointer unused, pointer calldata) subj = dixLookupPrivate(&rec->client->devPrivates, stateKey); obj = dixLookupPrivate(&rec->target->devPrivates, stateKey); - rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_CLIENT, - rec->access_mode, &auditdata); + rc = SELinuxDoCheck(subj, obj, SECCLASS_X_CLIENT, rec->access_mode, + &auditdata); if (rc != Success) rec->status = rc; } @@ -809,8 +803,8 @@ SELinuxServer(CallbackListPtr *pcbl, pointer unused, pointer calldata) subj = dixLookupPrivate(&rec->client->devPrivates, stateKey); obj = dixLookupPrivate(&serverClient->devPrivates, stateKey); - rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_SERVER, - rec->access_mode, &auditdata); + rc = SELinuxDoCheck(subj, obj, SECCLASS_X_SERVER, rec->access_mode, + &auditdata); if (rc != Success) rec->status = rc; } @@ -832,8 +826,8 @@ SELinuxSelection(CallbackListPtr *pcbl, pointer unused, pointer calldata) } auditdata.selection = rec->name; - rc = SELinuxDoCheck(rec->client->index, subj, &sel_sid, - SECCLASS_X_SELECTION, rec->access_mode, &auditdata); + rc = SELinuxDoCheck(subj, &sel_sid, SECCLASS_X_SELECTION, rec->access_mode, + &auditdata); if (rc != Success) rec->status = rc; } @@ -855,9 +849,9 @@ SELinuxClientState(CallbackListPtr *pcbl, pointer unused, pointer calldata) case ClientStateRetained: case ClientStateGone: - if (pci->client == selectionManager) { - selectionManager = NULL; - selectionWindow = 0; + if (pci->client == securityManager) { + securityManager = NULL; + securityWindow = 0; } break; @@ -890,8 +884,7 @@ SELinuxResourceState(CallbackListPtr *pcbl, pointer unused, pointer calldata) if (rc != Success) FatalError("SELinux: Failed to set label property on window!\n"); freecon(ctx); - } - else + } else FatalError("SELinux: Unexpected unlabeled client found\n"); state = dixLookupPrivate(&pWin->devPrivates, stateKey); @@ -907,8 +900,7 @@ SELinuxResourceState(CallbackListPtr *pcbl, pointer unused, pointer calldata) if (rc != Success) FatalError("SELinux: Failed to set label property on window!\n"); freecon(ctx); - } - else + } else FatalError("SELinux: Unexpected unlabeled window found\n"); } @@ -943,9 +935,9 @@ SELinuxSelectionState(CallbackListPtr *pcbl, pointer unused, pointer calldata) case SelectionConvertSelection: /* redirect the convert request if necessary */ - if (selectionManager && selectionManager != rec->client) { - rec->selection->client = selectionManager; - rec->selection->window = selectionWindow; + if (securityManager && securityManager != rec->client) { + rec->selection->client = securityManager; + rec->selection->window = securityWindow; } else { rec->selection->client = rec->selection->alt_client; rec->selection->window = rec->selection->alt_window; @@ -1012,39 +1004,39 @@ ProcSELinuxQueryVersion(ClientPtr client) } static int -ProcSELinuxSetSelectionManager(ClientPtr client) +ProcSELinuxSetSecurityManager(ClientPtr client) { WindowPtr pWin; int rc; - REQUEST(SELinuxSetSelectionManagerReq); - REQUEST_SIZE_MATCH(SELinuxSetSelectionManagerReq); + REQUEST(SELinuxSetSecurityManagerReq); + REQUEST_SIZE_MATCH(SELinuxSetSecurityManagerReq); if (stuff->window == None) { - selectionManager = NULL; - selectionWindow = None; + securityManager = NULL; + securityWindow = None; } else { rc = dixLookupResource((pointer *)&pWin, stuff->window, RT_WINDOW, client, DixGetAttrAccess); if (rc != Success) return rc; - selectionManager = client; - selectionWindow = stuff->window; + securityManager = client; + securityWindow = stuff->window; } return Success; } static int -ProcSELinuxGetSelectionManager(ClientPtr client) +ProcSELinuxGetSecurityManager(ClientPtr client) { - SELinuxGetSelectionManagerReply rep; + SELinuxGetSecurityManagerReply rep; rep.type = X_Reply; rep.length = 0; rep.sequenceNumber = client->sequence; - rep.window = selectionWindow; + rep.window = securityWindow; if (client->swapped) { int n; swaps(&rep.sequenceNumber, n); @@ -1100,7 +1092,40 @@ ProcSELinuxSetDeviceContext(ClientPtr client) static int ProcSELinuxGetDeviceContext(ClientPtr client) { - return Success; + char *ctx; + DeviceIntPtr dev; + SELinuxStateRec *state; + SELinuxGetContextReply rep; + int rc; + + REQUEST(SELinuxGetContextReq); + REQUEST_SIZE_MATCH(SELinuxGetContextReq); + + rc = dixLookupDevice(&dev, stuff->id, client, DixGetAttrAccess); + if (rc != Success) + return rc; + + state = dixLookupPrivate(&dev->devPrivates, stateKey); + rc = avc_sid_to_context(state->sid, &ctx); + if (rc != Success) + return BadValue; + + rep.type = X_Reply; + rep.length = (strlen(ctx) + 4) >> 2; + rep.sequenceNumber = client->sequence; + rep.context_len = strlen(ctx) + 1; + + if (client->swapped) { + int n; + swapl(&rep.length, n); + swaps(&rep.sequenceNumber, n); + swaps(&rep.context_len, n); + } + + WriteToClient(client, sizeof(SELinuxGetContextReply), (char *)&rep); + WriteToClient(client, rep.context_len, ctx); + free(ctx); + return client->noClientException; } static int @@ -1118,7 +1143,54 @@ ProcSELinuxGetPropertyCreateContext(ClientPtr client) static int ProcSELinuxGetPropertyContext(ClientPtr client) { - return Success; + char *ctx; + WindowPtr pWin; + PropertyPtr pProp; + SELinuxStateRec *state; + SELinuxGetContextReply rep; + int rc; + + REQUEST(SELinuxGetPropertyContextReq); + REQUEST_SIZE_MATCH(SELinuxGetPropertyContextReq); + + rc = dixLookupWindow(&pWin, stuff->window, client, DixGetPropAccess); + if (rc != Success) + return rc; + + pProp = wUserProps(pWin); + while (pProp) { + if (pProp->propertyName == stuff->property) + break; + pProp = pProp->next; + } + if (!pProp) + return BadValue; + + rc = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, pProp, DixGetAttrAccess); + if (rc != Success) + return rc; + + state = dixLookupPrivate(&pProp->devPrivates, stateKey); + rc = avc_sid_to_context(state->sid, &ctx); + if (rc != Success) + return BadValue; + + rep.type = X_Reply; + rep.length = (strlen(ctx) + 4) >> 2; + rep.sequenceNumber = client->sequence; + rep.context_len = strlen(ctx) + 1; + + if (client->swapped) { + int n; + swapl(&rep.length, n); + swaps(&rep.sequenceNumber, n); + swaps(&rep.context_len, n); + } + + WriteToClient(client, sizeof(SELinuxGetContextReply), (char *)&rep); + WriteToClient(client, rep.context_len, ctx); + free(ctx); + return client->noClientException; } static int @@ -1136,7 +1208,40 @@ ProcSELinuxGetWindowCreateContext(ClientPtr client) static int ProcSELinuxGetWindowContext(ClientPtr client) { - return Success; + char *ctx; + WindowPtr pWin; + SELinuxStateRec *state; + SELinuxGetContextReply rep; + int rc; + + REQUEST(SELinuxGetContextReq); + REQUEST_SIZE_MATCH(SELinuxGetContextReq); + + rc = dixLookupWindow(&pWin, stuff->id, client, DixGetAttrAccess); + if (rc != Success) + return rc; + + state = dixLookupPrivate(&pWin->devPrivates, stateKey); + rc = avc_sid_to_context(state->sid, &ctx); + if (rc != Success) + return BadValue; + + rep.type = X_Reply; + rep.length = (strlen(ctx) + 4) >> 2; + rep.sequenceNumber = client->sequence; + rep.context_len = strlen(ctx) + 1; + + if (client->swapped) { + int n; + swapl(&rep.length, n); + swaps(&rep.sequenceNumber, n); + swaps(&rep.context_len, n); + } + + WriteToClient(client, sizeof(SELinuxGetContextReply), (char *)&rep); + WriteToClient(client, rep.context_len, ctx); + free(ctx); + return client->noClientException; } static int @@ -1146,10 +1251,10 @@ ProcSELinuxDispatch(ClientPtr client) switch (stuff->data) { case X_SELinuxQueryVersion: return ProcSELinuxQueryVersion(client); - case X_SELinuxSetSelectionManager: - return ProcSELinuxSetSelectionManager(client); - case X_SELinuxGetSelectionManager: - return ProcSELinuxGetSelectionManager(client); + case X_SELinuxSetSecurityManager: + return ProcSELinuxSetSecurityManager(client); + case X_SELinuxGetSecurityManager: + return ProcSELinuxGetSecurityManager(client); case X_SELinuxSetDeviceCreateContext: return ProcSELinuxSetDeviceCreateContext(client); case X_SELinuxGetDeviceCreateContext: @@ -1181,21 +1286,21 @@ SProcSELinuxQueryVersion(ClientPtr client) REQUEST(SELinuxQueryVersionReq); int n; - REQUEST_SIZE_MATCH (SELinuxQueryVersionReq); - swaps(&stuff->client_major,n); - swaps(&stuff->client_minor,n); + REQUEST_SIZE_MATCH(SELinuxQueryVersionReq); + swaps(&stuff->client_major, n); + swaps(&stuff->client_minor, n); return ProcSELinuxQueryVersion(client); } static int -SProcSELinuxSetSelectionManager(ClientPtr client) +SProcSELinuxSetSecurityManager(ClientPtr client) { - REQUEST(SELinuxSetSelectionManagerReq); + REQUEST(SELinuxSetSecurityManagerReq); int n; - REQUEST_SIZE_MATCH (SELinuxSetSelectionManagerReq); - swapl(&stuff->window,n); - return ProcSELinuxSetSelectionManager(client); + REQUEST_SIZE_MATCH(SELinuxSetSecurityManagerReq); + swapl(&stuff->window, n); + return ProcSELinuxSetSecurityManager(client); } static int @@ -1205,7 +1310,7 @@ SProcSELinuxSetDeviceCreateContext(ClientPtr client) int n; REQUEST_AT_LEAST_SIZE(SELinuxSetCreateContextReq); - swaps(&stuff->context_len,n); + swaps(&stuff->context_len, n); return ProcSELinuxSetDeviceCreateContext(client); } @@ -1216,8 +1321,8 @@ SProcSELinuxSetDeviceContext(ClientPtr client) int n; REQUEST_AT_LEAST_SIZE(SELinuxSetContextReq); - swapl(&stuff->id,n); - swaps(&stuff->context_len,n); + swapl(&stuff->id, n); + swaps(&stuff->context_len, n); return ProcSELinuxSetDeviceContext(client); } @@ -1228,7 +1333,7 @@ SProcSELinuxGetDeviceContext(ClientPtr client) int n; REQUEST_SIZE_MATCH(SELinuxGetContextReq); - swapl(&stuff->id,n); + swapl(&stuff->id, n); return ProcSELinuxGetDeviceContext(client); } @@ -1239,7 +1344,7 @@ SProcSELinuxSetPropertyCreateContext(ClientPtr client) int n; REQUEST_AT_LEAST_SIZE(SELinuxSetCreateContextReq); - swaps(&stuff->context_len,n); + swaps(&stuff->context_len, n); return ProcSELinuxSetPropertyCreateContext(client); } @@ -1250,8 +1355,8 @@ SProcSELinuxGetPropertyContext(ClientPtr client) int n; REQUEST_SIZE_MATCH(SELinuxGetPropertyContextReq); - swapl(&stuff->window,n); - swapl(&stuff->property,n); + swapl(&stuff->window, n); + swapl(&stuff->property, n); return ProcSELinuxGetPropertyContext(client); } @@ -1262,7 +1367,7 @@ SProcSELinuxSetWindowCreateContext(ClientPtr client) int n; REQUEST_AT_LEAST_SIZE(SELinuxSetCreateContextReq); - swaps(&stuff->context_len,n); + swaps(&stuff->context_len, n); return ProcSELinuxSetWindowCreateContext(client); } @@ -1273,7 +1378,7 @@ SProcSELinuxGetWindowContext(ClientPtr client) int n; REQUEST_SIZE_MATCH(SELinuxGetContextReq); - swapl(&stuff->id,n); + swapl(&stuff->id, n); return ProcSELinuxGetWindowContext(client); } @@ -1287,31 +1392,31 @@ SProcSELinuxDispatch(ClientPtr client) switch (stuff->data) { case X_SELinuxQueryVersion: - return SProcSELinuxQueryVersion(client); - case X_SELinuxSetSelectionManager: - return SProcSELinuxSetSelectionManager(client); - case X_SELinuxGetSelectionManager: - return ProcSELinuxGetSelectionManager(client); + return SProcSELinuxQueryVersion(client); + case X_SELinuxSetSecurityManager: + return SProcSELinuxSetSecurityManager(client); + case X_SELinuxGetSecurityManager: + return ProcSELinuxGetSecurityManager(client); case X_SELinuxSetDeviceCreateContext: - return SProcSELinuxSetDeviceCreateContext(client); + return SProcSELinuxSetDeviceCreateContext(client); case X_SELinuxGetDeviceCreateContext: - return ProcSELinuxGetDeviceCreateContext(client); + return ProcSELinuxGetDeviceCreateContext(client); case X_SELinuxSetDeviceContext: - return SProcSELinuxSetDeviceContext(client); + return SProcSELinuxSetDeviceContext(client); case X_SELinuxGetDeviceContext: - return SProcSELinuxGetDeviceContext(client); + return SProcSELinuxGetDeviceContext(client); case X_SELinuxSetPropertyCreateContext: - return SProcSELinuxSetPropertyCreateContext(client); + return SProcSELinuxSetPropertyCreateContext(client); case X_SELinuxGetPropertyCreateContext: - return ProcSELinuxGetPropertyCreateContext(client); + return ProcSELinuxGetPropertyCreateContext(client); case X_SELinuxGetPropertyContext: - return SProcSELinuxGetPropertyContext(client); + return SProcSELinuxGetPropertyContext(client); case X_SELinuxSetWindowCreateContext: - return SProcSELinuxSetWindowCreateContext(client); + return SProcSELinuxSetWindowCreateContext(client); case X_SELinuxGetWindowCreateContext: - return ProcSELinuxGetWindowCreateContext(client); + return ProcSELinuxGetWindowCreateContext(client); case X_SELinuxGetWindowContext: - return SProcSELinuxGetWindowContext(client); + return SProcSELinuxGetWindowContext(client); default: return BadRequest; } @@ -1376,8 +1481,8 @@ SELinuxExtensionInit(INITARGS) /* Setup SELinux stuff */ if (!is_selinux_enabled()) { - ErrorF("SELinux: SELinux not enabled, disabling SELinux support.\n"); - return; + ErrorF("SELinux: SELinux not enabled, disabling SELinux support.\n"); + return; } selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback)SELinuxLog); @@ -1408,7 +1513,7 @@ SELinuxExtensionInit(INITARGS) /* Prepare for auditing */ audit_fd = audit_open(); if (audit_fd < 0) - FatalError("SELinux: Failed to open the system audit log\n"); + FatalError("SELinux: Failed to open the system audit log\n"); /* Allocate private storage */ if (!dixRequestPrivate(stateKey, sizeof(SELinuxStateRec))) diff --git a/Xext/xselinux.h b/Xext/xselinux.h index ba1380b57..7eeea5046 100644 --- a/Xext/xselinux.h +++ b/Xext/xselinux.h @@ -31,8 +31,8 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. /* Extension protocol */ #define X_SELinuxQueryVersion 0 -#define X_SELinuxSetSelectionManager 1 -#define X_SELinuxGetSelectionManager 2 +#define X_SELinuxSetSecurityManager 1 +#define X_SELinuxGetSecurityManager 2 #define X_SELinuxSetDeviceCreateContext 3 #define X_SELinuxGetDeviceCreateContext 4 #define X_SELinuxSetDeviceContext 5 @@ -72,13 +72,13 @@ typedef struct { CARD8 SELinuxReqType; CARD16 length; CARD32 window; -} SELinuxSetSelectionManagerReq; +} SELinuxSetSecurityManagerReq; typedef struct { CARD8 reqType; CARD8 SELinuxReqType; CARD16 length; -} SELinuxGetSelectionManagerReq; +} SELinuxGetSecurityManagerReq; typedef struct { CARD8 type; @@ -91,7 +91,7 @@ typedef struct { CARD32 pad4; CARD32 pad5; CARD32 pad6; -} SELinuxGetSelectionManagerReply; +} SELinuxGetSecurityManagerReply; typedef struct { CARD8 reqType; diff --git a/dix/dispatch.c b/dix/dispatch.c index 004509caa..663bf7dd5 100644 --- a/dix/dispatch.c +++ b/dix/dispatch.c @@ -463,8 +463,9 @@ Dispatch(void) if (result > (maxBigRequestSize << 2)) result = BadLength; else { - XaceHookAuditBegin(client); - result = (* client->requestVector[MAJOROP])(client); + result = XaceHookDispatch(client, MAJOROP); + if (result == Success) + result = (* client->requestVector[MAJOROP])(client); XaceHookAuditEnd(client, result); } #ifdef XSERVER_DTRACE diff --git a/hw/xfree86/dixmods/extmod/modinit.c b/hw/xfree86/dixmods/extmod/modinit.c index acd700694..d0d892aaf 100644 --- a/hw/xfree86/dixmods/extmod/modinit.c +++ b/hw/xfree86/dixmods/extmod/modinit.c @@ -38,6 +38,15 @@ static MODULESETUPPROTO(extmodSetup); * Array describing extensions to be initialized */ static ExtensionModule extensionModules[] = { +#ifdef XSELINUX + { + SELinuxExtensionInit, + SELINUX_EXTENSION_NAME, + NULL, + NULL, + NULL + }, +#endif #ifdef SHAPE { ShapeExtensionInit, diff --git a/hw/xfree86/dixmods/extmod/modinit.h b/hw/xfree86/dixmods/extmod/modinit.h index 99d714c4f..3c2e2022a 100644 --- a/hw/xfree86/dixmods/extmod/modinit.h +++ b/hw/xfree86/dixmods/extmod/modinit.h @@ -125,12 +125,9 @@ extern void ShmRegisterFuncs( ShmFuncsPtr funcs); #endif -#ifdef XACE -extern void XaceExtensionInit(INITARGS); -#endif - #ifdef XSELINUX extern void SELinuxExtensionInit(INITARGS); +#include "xselinux.h" #endif #if 1 diff --git a/hw/xfree86/modes/xf86EdidModes.c b/hw/xfree86/modes/xf86EdidModes.c index 87a812765..b865727ef 100644 --- a/hw/xfree86/modes/xf86EdidModes.c +++ b/hw/xfree86/modes/xf86EdidModes.c @@ -66,6 +66,8 @@ typedef enum { DDC_QUIRK_DETAILED_USE_MAXIMUM_SIZE = 1 << 5, /* Monitor forgot to set the first detailed is preferred bit. */ DDC_QUIRK_FIRST_DETAILED_PREFERRED = 1 << 6, + /* use +hsync +vsync for detailed mode */ + DDC_QUIRK_DETAILED_SYNC_PP = 1 << 7, } ddc_quirk_t; static Bool quirk_prefer_large_60 (int scrnIndex, xf86MonPtr DDC) @@ -160,6 +162,15 @@ static Bool quirk_first_detailed_preferred (int scrnIndex, xf86MonPtr DDC) return FALSE; } +static Bool quirk_detailed_sync_pp(int scrnIndex, xf86MonPtr DDC) +{ + /* Bug #12439: Samsung SyncMaster 205BW */ + if (memcmp (DDC->vendor.name, "SAM", 4) == 0 && + DDC->vendor.prod_id == 541) + return TRUE; + return FALSE; +} + typedef struct { Bool (*detect) (int scrnIndex, xf86MonPtr DDC); ddc_quirk_t quirk; @@ -195,6 +206,10 @@ static const ddc_quirk_map_t ddc_quirks[] = { quirk_first_detailed_preferred, DDC_QUIRK_FIRST_DETAILED_PREFERRED, "First detailed timing was not marked as preferred." }, + { + quirk_detailed_sync_pp, DDC_QUIRK_DETAILED_SYNC_PP, + "Use +hsync +vsync for detailed timing." + }, { NULL, DDC_QUIRK_NONE, "No known quirks" @@ -341,15 +356,19 @@ DDCModeFromDetailedTiming(int scrnIndex, struct detailed_timings *timing, if (timing->interlaced) Mode->Flags |= V_INTERLACE; - if (timing->misc & 0x02) - Mode->Flags |= V_PVSYNC; - else - Mode->Flags |= V_NVSYNC; + if (quirks & DDC_QUIRK_DETAILED_SYNC_PP) + Mode->Flags |= V_PVSYNC | V_PHSYNC; + else { + if (timing->misc & 0x02) + Mode->Flags |= V_PVSYNC; + else + Mode->Flags |= V_NVSYNC; - if (timing->misc & 0x01) - Mode->Flags |= V_PHSYNC; - else - Mode->Flags |= V_NHSYNC; + if (timing->misc & 0x01) + Mode->Flags |= V_PHSYNC; + else + Mode->Flags |= V_NHSYNC; + } return Mode; } diff --git a/hw/xfree86/os-support/linux/lnx_video.c b/hw/xfree86/os-support/linux/lnx_video.c index ad2b66f74..1bd2d575f 100644 --- a/hw/xfree86/os-support/linux/lnx_video.c +++ b/hw/xfree86/os-support/linux/lnx_video.c @@ -142,17 +142,8 @@ mtrr_open(int verbosity) /* Only report absence of /proc/mtrr once. */ static Bool warned = FALSE; - char **fn; - static char *mtrr_files[] = { - "/dev/cpu/mtrr", /* Possible future name */ - "/proc/mtrr", /* Current name */ - NULL - }; - if (mtrr_fd == MTRR_FD_UNOPENED) { - /* So open it. */ - for (fn = mtrr_files; mtrr_fd < 0 && *fn; fn++) - mtrr_fd = open(*fn, O_WRONLY); + mtrr_fd = open("/proc/mtrr", O_WRONLY); if (mtrr_fd < 0) mtrr_fd = MTRR_FD_PROBLEM; diff --git a/mi/miinitext.c b/mi/miinitext.c index b14690756..261fac9fc 100644 --- a/mi/miinitext.c +++ b/mi/miinitext.c @@ -244,9 +244,6 @@ typedef void (*InitExtension)(INITARGS); #define _XAG_SERVER_ #include #endif -#ifdef XACE -#include "xace.h" -#endif #ifdef XCSECURITY #include "securitysrv.h" #include @@ -323,9 +320,6 @@ extern void DbeExtensionInit(INITARGS); #ifdef XAPPGROUP extern void XagExtensionInit(INITARGS); #endif -#ifdef XACE -extern void XaceExtensionInit(INITARGS); -#endif #ifdef XCSECURITY extern void SecurityExtensionInit(INITARGS); #endif @@ -599,9 +593,6 @@ InitExtensions(argc, argv) #ifdef XAPPGROUP if (!noXagExtension) XagExtensionInit(); #endif -#ifdef XACE - XaceExtensionInit(); -#endif #ifdef XCSECURITY if (!noSecurityExtension) SecurityExtensionInit(); #endif @@ -696,15 +687,9 @@ static ExtensionModule staticExtensions[] = { #ifdef XAPPGROUP { XagExtensionInit, XAGNAME, &noXagExtension, NULL, NULL }, #endif -#ifdef XACE - { XaceExtensionInit, XACE_EXTENSION_NAME, NULL, NULL, NULL }, -#endif #ifdef XCSECURITY { SecurityExtensionInit, SECURITY_EXTENSION_NAME, &noSecurityExtension, NULL, NULL }, #endif -#ifdef XSELINUX - { SELinuxExtensionInit, SELINUX_EXTENSION_NAME, NULL, NULL, NULL }, -#endif #ifdef XPRINT { XpExtensionInit, XP_PRINTNAME, NULL, NULL, NULL }, #endif