Merge commit 'upstream/master'
This commit is contained in:
commit
16b0614c8c
|
@ -76,7 +76,7 @@ endif
|
||||||
# requires X-ACE extension
|
# requires X-ACE extension
|
||||||
XSELINUX_SRCS = xselinux.c xselinux.h
|
XSELINUX_SRCS = xselinux.c xselinux.h
|
||||||
if XSELINUX
|
if XSELINUX
|
||||||
BUILTIN_SRCS += $(XSELINUX_SRCS)
|
MODULE_SRCS += $(XSELINUX_SRCS)
|
||||||
endif
|
endif
|
||||||
|
|
||||||
# Security extension: multi-level security to protect clients from each other
|
# Security extension: multi-level security to protect clients from each other
|
||||||
|
|
198
Xext/xace.c
198
Xext/xace.c
|
@ -24,31 +24,31 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||||
#include <stdarg.h>
|
#include <stdarg.h>
|
||||||
#include "scrnintstr.h"
|
#include "scrnintstr.h"
|
||||||
#include "xacestr.h"
|
#include "xacestr.h"
|
||||||
#include "modinit.h"
|
|
||||||
|
|
||||||
CallbackListPtr XaceHooks[XACE_NUM_HOOKS] = {0};
|
CallbackListPtr XaceHooks[XACE_NUM_HOOKS] = {0};
|
||||||
|
|
||||||
/* Proc vectors for untrusted clients, swapped and unswapped versions.
|
|
||||||
* These are the same as the normal proc vectors except that extensions
|
|
||||||
* that haven't declared themselves secure will have ProcBadRequest plugged
|
|
||||||
* in for their major opcode dispatcher. This prevents untrusted clients
|
|
||||||
* from guessing extension major opcodes and using the extension even though
|
|
||||||
* the extension can't be listed or queried.
|
|
||||||
*/
|
|
||||||
static int (*UntrustedProcVector[256])(
|
|
||||||
ClientPtr /*client*/
|
|
||||||
);
|
|
||||||
static int (*SwappedUntrustedProcVector[256])(
|
|
||||||
ClientPtr /*client*/
|
|
||||||
);
|
|
||||||
|
|
||||||
/* Special-cased hook functions. Called by Xserver.
|
/* Special-cased hook functions. Called by Xserver.
|
||||||
*/
|
*/
|
||||||
void XaceHookAuditBegin(ClientPtr ptr)
|
int XaceHookDispatch(ClientPtr client, int major)
|
||||||
{
|
{
|
||||||
XaceAuditRec rec = { ptr, 0 };
|
/* Call the audit begin callback, there is no return value. */
|
||||||
/* call callbacks, there is no return value. */
|
XaceAuditRec rec = { client, 0 };
|
||||||
CallCallbacks(&XaceHooks[XACE_AUDIT_BEGIN], &rec);
|
CallCallbacks(&XaceHooks[XACE_AUDIT_BEGIN], &rec);
|
||||||
|
|
||||||
|
if (major < 128) {
|
||||||
|
/* Call the core dispatch hook */
|
||||||
|
XaceCoreDispatchRec rec = { client, Success /* default allow */ };
|
||||||
|
CallCallbacks(&XaceHooks[XACE_CORE_DISPATCH], &rec);
|
||||||
|
return rec.status;
|
||||||
|
} else {
|
||||||
|
/* Call the extension dispatch hook */
|
||||||
|
ExtensionEntry *ext = GetExtensionEntry(major);
|
||||||
|
XaceExtAccessRec rec = { client, ext, DixUseAccess, Success };
|
||||||
|
if (ext)
|
||||||
|
CallCallbacks(&XaceHooks[XACE_EXT_DISPATCH], &rec);
|
||||||
|
/* On error, pretend extension doesn't exist */
|
||||||
|
return (rec.status == Success) ? Success : BadRequest;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void XaceHookAuditEnd(ClientPtr ptr, int result)
|
void XaceHookAuditEnd(ClientPtr ptr, int result)
|
||||||
|
@ -221,168 +221,6 @@ int XaceHook(int hook, ...)
|
||||||
return prv ? *prv : Success;
|
return prv ? *prv : Success;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
|
||||||
ProcXaceDispatch(ClientPtr client)
|
|
||||||
{
|
|
||||||
REQUEST(xReq);
|
|
||||||
|
|
||||||
switch (stuff->data)
|
|
||||||
{
|
|
||||||
default:
|
|
||||||
return BadRequest;
|
|
||||||
}
|
|
||||||
} /* ProcXaceDispatch */
|
|
||||||
|
|
||||||
static int
|
|
||||||
SProcXaceDispatch(ClientPtr client)
|
|
||||||
{
|
|
||||||
REQUEST(xReq);
|
|
||||||
|
|
||||||
switch (stuff->data)
|
|
||||||
{
|
|
||||||
default:
|
|
||||||
return BadRequest;
|
|
||||||
}
|
|
||||||
} /* SProcXaceDispatch */
|
|
||||||
|
|
||||||
|
|
||||||
/* XaceResetProc
|
|
||||||
*
|
|
||||||
* Arguments:
|
|
||||||
* extEntry is the extension information for the XACE extension.
|
|
||||||
*
|
|
||||||
* Returns: nothing.
|
|
||||||
*
|
|
||||||
* Side Effects:
|
|
||||||
* Performs any cleanup needed by XACE at server shutdown time.
|
|
||||||
*/
|
|
||||||
static void
|
|
||||||
XaceResetProc(ExtensionEntry *extEntry)
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
|
|
||||||
for (i=0; i<XACE_NUM_HOOKS; i++)
|
|
||||||
DeleteCallbackList(&XaceHooks[i]);
|
|
||||||
} /* XaceResetProc */
|
|
||||||
|
|
||||||
|
|
||||||
static int
|
|
||||||
XaceCatchDispatchProc(ClientPtr client)
|
|
||||||
{
|
|
||||||
REQUEST(xReq);
|
|
||||||
int major = stuff->reqType;
|
|
||||||
XaceCoreDispatchRec rec = { client, Success /* default allow */ };
|
|
||||||
|
|
||||||
if (!ProcVector[major])
|
|
||||||
return BadRequest;
|
|
||||||
|
|
||||||
/* call callbacks and return result, if any. */
|
|
||||||
CallCallbacks(&XaceHooks[XACE_CORE_DISPATCH], &rec);
|
|
||||||
|
|
||||||
if (rec.status != Success)
|
|
||||||
return rec.status;
|
|
||||||
|
|
||||||
return client->swapped ?
|
|
||||||
(* SwappedProcVector[major])(client) :
|
|
||||||
(* ProcVector[major])(client);
|
|
||||||
}
|
|
||||||
|
|
||||||
static int
|
|
||||||
XaceCatchExtProc(ClientPtr client)
|
|
||||||
{
|
|
||||||
REQUEST(xReq);
|
|
||||||
int major = stuff->reqType;
|
|
||||||
ExtensionEntry *ext = GetExtensionEntry(major);
|
|
||||||
XaceExtAccessRec rec = { client, ext, DixUseAccess, Success };
|
|
||||||
|
|
||||||
if (!ext || !ProcVector[major])
|
|
||||||
return BadRequest;
|
|
||||||
|
|
||||||
/* call callbacks and return result, if any. */
|
|
||||||
CallCallbacks(&XaceHooks[XACE_EXT_DISPATCH], &rec);
|
|
||||||
|
|
||||||
if (rec.status != Success)
|
|
||||||
return BadRequest; /* pretend extension doesn't exist */
|
|
||||||
|
|
||||||
return client->swapped ?
|
|
||||||
(* SwappedProcVector[major])(client) :
|
|
||||||
(* ProcVector[major])(client);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/* SecurityClientStateCallback
|
|
||||||
*
|
|
||||||
* Arguments:
|
|
||||||
* pcbl is &ClientStateCallback.
|
|
||||||
* nullata is NULL.
|
|
||||||
* calldata is a pointer to a NewClientInfoRec (include/dixstruct.h)
|
|
||||||
* which contains information about client state changes.
|
|
||||||
*
|
|
||||||
* Returns: nothing.
|
|
||||||
*
|
|
||||||
* Side Effects:
|
|
||||||
*
|
|
||||||
* If a new client is connecting, its authorization ID is copied to
|
|
||||||
* client->authID. If this is a generated authorization, its reference
|
|
||||||
* count is bumped, its timer is cancelled if it was running, and its
|
|
||||||
* trustlevel is copied to TRUSTLEVEL(client).
|
|
||||||
*
|
|
||||||
* If a client is disconnecting and the client was using a generated
|
|
||||||
* authorization, the authorization's reference count is decremented, and
|
|
||||||
* if it is now zero, the timer for this authorization is started.
|
|
||||||
*/
|
|
||||||
|
|
||||||
static void
|
|
||||||
XaceClientStateCallback(
|
|
||||||
CallbackListPtr *pcbl,
|
|
||||||
pointer nulldata,
|
|
||||||
pointer calldata)
|
|
||||||
{
|
|
||||||
NewClientInfoRec *pci = (NewClientInfoRec *)calldata;
|
|
||||||
ClientPtr client = pci->client;
|
|
||||||
|
|
||||||
switch (client->clientState)
|
|
||||||
{
|
|
||||||
case ClientStateRunning:
|
|
||||||
{
|
|
||||||
client->requestVector = client->swapped ?
|
|
||||||
SwappedUntrustedProcVector : UntrustedProcVector;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
default: break;
|
|
||||||
}
|
|
||||||
} /* XaceClientStateCallback */
|
|
||||||
|
|
||||||
/* XaceExtensionInit
|
|
||||||
*
|
|
||||||
* Initialize the XACE Extension
|
|
||||||
*/
|
|
||||||
void XaceExtensionInit(INITARGS)
|
|
||||||
{
|
|
||||||
ExtensionEntry *extEntry;
|
|
||||||
int i;
|
|
||||||
|
|
||||||
if (!AddCallback(&ClientStateCallback, XaceClientStateCallback, NULL))
|
|
||||||
return;
|
|
||||||
|
|
||||||
extEntry = AddExtension(XACE_EXTENSION_NAME,
|
|
||||||
XaceNumberEvents, XaceNumberErrors,
|
|
||||||
ProcXaceDispatch, SProcXaceDispatch,
|
|
||||||
XaceResetProc, StandardMinorOpcode);
|
|
||||||
|
|
||||||
/* initialize dispatching intercept functions */
|
|
||||||
for (i = 0; i < 128; i++)
|
|
||||||
{
|
|
||||||
UntrustedProcVector[i] = XaceCatchDispatchProc;
|
|
||||||
SwappedUntrustedProcVector[i] = XaceCatchDispatchProc;
|
|
||||||
}
|
|
||||||
for (i = 128; i < 256; i++)
|
|
||||||
{
|
|
||||||
UntrustedProcVector[i] = XaceCatchExtProc;
|
|
||||||
SwappedUntrustedProcVector[i] = XaceCatchExtProc;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/* XaceCensorImage
|
/* XaceCensorImage
|
||||||
*
|
*
|
||||||
* Called after pScreen->GetImage to prevent pieces or trusted windows from
|
* Called after pScreen->GetImage to prevent pieces or trusted windows from
|
||||||
|
|
10
Xext/xace.h
10
Xext/xace.h
|
@ -22,16 +22,12 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||||
|
|
||||||
#ifdef XACE
|
#ifdef XACE
|
||||||
|
|
||||||
#define XACE_EXTENSION_NAME "XAccessControlExtension"
|
|
||||||
#define XACE_MAJOR_VERSION 2
|
#define XACE_MAJOR_VERSION 2
|
||||||
#define XACE_MINOR_VERSION 0
|
#define XACE_MINOR_VERSION 0
|
||||||
|
|
||||||
#include "pixmap.h" /* for DrawablePtr */
|
#include "pixmap.h" /* for DrawablePtr */
|
||||||
#include "regionstr.h" /* for RegionPtr */
|
#include "regionstr.h" /* for RegionPtr */
|
||||||
|
|
||||||
#define XaceNumberEvents 0
|
|
||||||
#define XaceNumberErrors 0
|
|
||||||
|
|
||||||
/* Default window background */
|
/* Default window background */
|
||||||
#define XaceBackgroundNoneState None
|
#define XaceBackgroundNoneState None
|
||||||
|
|
||||||
|
@ -68,8 +64,8 @@ extern int XaceHook(
|
||||||
|
|
||||||
/* Special-cased hook functions
|
/* Special-cased hook functions
|
||||||
*/
|
*/
|
||||||
|
extern int XaceHookDispatch(ClientPtr ptr, int major);
|
||||||
extern void XaceHookAuditEnd(ClientPtr ptr, int result);
|
extern void XaceHookAuditEnd(ClientPtr ptr, int result);
|
||||||
extern void XaceHookAuditBegin(ClientPtr ptr);
|
|
||||||
|
|
||||||
/* Register a callback for a given hook.
|
/* Register a callback for a given hook.
|
||||||
*/
|
*/
|
||||||
|
@ -104,13 +100,13 @@ extern void XaceCensorImage(
|
||||||
|
|
||||||
#ifdef __GNUC__
|
#ifdef __GNUC__
|
||||||
#define XaceHook(args...) Success
|
#define XaceHook(args...) Success
|
||||||
|
#define XaceHookDispatch(args...) Success
|
||||||
#define XaceHookAuditEnd(args...) { ; }
|
#define XaceHookAuditEnd(args...) { ; }
|
||||||
#define XaceHookAuditBegin(args...) { ; }
|
|
||||||
#define XaceCensorImage(args...) { ; }
|
#define XaceCensorImage(args...) { ; }
|
||||||
#else
|
#else
|
||||||
#define XaceHook(...) Success
|
#define XaceHook(...) Success
|
||||||
|
#define XaceHookDispatch(...) Success
|
||||||
#define XaceHookAuditEnd(...) { ; }
|
#define XaceHookAuditEnd(...) { ; }
|
||||||
#define XaceHookAuditBegin(...) { ; }
|
|
||||||
#define XaceCensorImage(...) { ; }
|
#define XaceCensorImage(...) { ; }
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
245
Xext/xselinux.c
245
Xext/xselinux.c
|
@ -63,6 +63,7 @@ typedef struct {
|
||||||
security_id_t sid;
|
security_id_t sid;
|
||||||
struct avc_entry_ref aeref;
|
struct avc_entry_ref aeref;
|
||||||
char *command;
|
char *command;
|
||||||
|
int privileged;
|
||||||
} SELinuxStateRec;
|
} SELinuxStateRec;
|
||||||
|
|
||||||
/* selection manager */
|
/* selection manager */
|
||||||
|
@ -71,8 +72,8 @@ typedef struct {
|
||||||
security_id_t sid;
|
security_id_t sid;
|
||||||
} SELinuxSelectionRec;
|
} SELinuxSelectionRec;
|
||||||
|
|
||||||
static ClientPtr selectionManager;
|
static ClientPtr securityManager;
|
||||||
static Window selectionWindow;
|
static Window securityWindow;
|
||||||
|
|
||||||
/* audit file descriptor */
|
/* audit file descriptor */
|
||||||
static int audit_fd;
|
static int audit_fd;
|
||||||
|
@ -287,11 +288,11 @@ SELinuxTypeToClass(RESTYPE type)
|
||||||
* Performs an SELinux permission check.
|
* Performs an SELinux permission check.
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
SELinuxDoCheck(int clientIndex, SELinuxStateRec *subj, SELinuxStateRec *obj,
|
SELinuxDoCheck(SELinuxStateRec *subj, SELinuxStateRec *obj,
|
||||||
security_class_t class, Mask mode, SELinuxAuditRec *auditdata)
|
security_class_t class, Mask mode, SELinuxAuditRec *auditdata)
|
||||||
{
|
{
|
||||||
/* serverClient requests OK */
|
/* serverClient requests OK */
|
||||||
if (clientIndex == 0)
|
if (subj->privileged)
|
||||||
return Success;
|
return Success;
|
||||||
|
|
||||||
auditdata->command = subj->command;
|
auditdata->command = subj->command;
|
||||||
|
@ -383,6 +384,7 @@ SELinuxLabelInitial(void)
|
||||||
|
|
||||||
/* Do the serverClient */
|
/* Do the serverClient */
|
||||||
state = dixLookupPrivate(&serverClient->devPrivates, stateKey);
|
state = dixLookupPrivate(&serverClient->devPrivates, stateKey);
|
||||||
|
state->privileged = 1;
|
||||||
sidput(state->sid);
|
sidput(state->sid);
|
||||||
|
|
||||||
/* Use the context of the X server process for the serverClient */
|
/* Use the context of the X server process for the serverClient */
|
||||||
|
@ -496,8 +498,8 @@ SELinuxDevice(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
||||||
obj->sid = subj->sid;
|
obj->sid = subj->sid;
|
||||||
}
|
}
|
||||||
|
|
||||||
rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_DEVICE,
|
rc = SELinuxDoCheck(subj, obj, SECCLASS_X_DEVICE, rec->access_mode,
|
||||||
rec->access_mode, &auditdata);
|
&auditdata);
|
||||||
if (rc != Success)
|
if (rc != Success)
|
||||||
rec->status = rc;
|
rec->status = rc;
|
||||||
}
|
}
|
||||||
|
@ -509,21 +511,18 @@ SELinuxSend(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
||||||
SELinuxStateRec *subj, *obj, ev_sid;
|
SELinuxStateRec *subj, *obj, ev_sid;
|
||||||
SELinuxAuditRec auditdata = { .client = rec->client };
|
SELinuxAuditRec auditdata = { .client = rec->client };
|
||||||
security_class_t class;
|
security_class_t class;
|
||||||
int rc, i, type, clientIndex;
|
int rc, i, type;
|
||||||
|
|
||||||
if (rec->dev) {
|
if (rec->dev)
|
||||||
subj = dixLookupPrivate(&rec->dev->devPrivates, stateKey);
|
subj = dixLookupPrivate(&rec->dev->devPrivates, stateKey);
|
||||||
clientIndex = -1; /* some nonzero value */
|
else
|
||||||
} else {
|
|
||||||
subj = dixLookupPrivate(&rec->client->devPrivates, stateKey);
|
subj = dixLookupPrivate(&rec->client->devPrivates, stateKey);
|
||||||
clientIndex = rec->client->index;
|
|
||||||
}
|
|
||||||
|
|
||||||
obj = dixLookupPrivate(&rec->pWin->devPrivates, stateKey);
|
obj = dixLookupPrivate(&rec->pWin->devPrivates, stateKey);
|
||||||
|
|
||||||
/* Check send permission on window */
|
/* Check send permission on window */
|
||||||
rc = SELinuxDoCheck(clientIndex, subj, obj, SECCLASS_X_DRAWABLE,
|
rc = SELinuxDoCheck(subj, obj, SECCLASS_X_DRAWABLE, DixSendAccess,
|
||||||
DixSendAccess, &auditdata);
|
&auditdata);
|
||||||
if (rc != Success)
|
if (rc != Success)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
|
@ -537,8 +536,7 @@ SELinuxSend(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
auditdata.event = type;
|
auditdata.event = type;
|
||||||
rc = SELinuxDoCheck(clientIndex, subj, &ev_sid, class,
|
rc = SELinuxDoCheck(subj, &ev_sid, class, DixSendAccess, &auditdata);
|
||||||
DixSendAccess, &auditdata);
|
|
||||||
if (rc != Success)
|
if (rc != Success)
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
@ -560,8 +558,8 @@ SELinuxReceive(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
||||||
obj = dixLookupPrivate(&rec->pWin->devPrivates, stateKey);
|
obj = dixLookupPrivate(&rec->pWin->devPrivates, stateKey);
|
||||||
|
|
||||||
/* Check receive permission on window */
|
/* Check receive permission on window */
|
||||||
rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_DRAWABLE,
|
rc = SELinuxDoCheck(subj, obj, SECCLASS_X_DRAWABLE, DixReceiveAccess,
|
||||||
DixReceiveAccess, &auditdata);
|
&auditdata);
|
||||||
if (rc != Success)
|
if (rc != Success)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
|
@ -575,8 +573,7 @@ SELinuxReceive(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
auditdata.event = type;
|
auditdata.event = type;
|
||||||
rc = SELinuxDoCheck(rec->client->index, subj, &ev_sid, class,
|
rc = SELinuxDoCheck(subj, &ev_sid, class, DixReceiveAccess, &auditdata);
|
||||||
DixReceiveAccess, &auditdata);
|
|
||||||
if (rc != Success)
|
if (rc != Success)
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
@ -633,8 +630,8 @@ SELinuxExtension(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
||||||
|
|
||||||
/* Perform the security check */
|
/* Perform the security check */
|
||||||
auditdata.extension = rec->ext->name;
|
auditdata.extension = rec->ext->name;
|
||||||
rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_EXTENSION,
|
rc = SELinuxDoCheck(subj, obj, SECCLASS_X_EXTENSION, rec->access_mode,
|
||||||
rec->access_mode, &auditdata);
|
&auditdata);
|
||||||
if (rc != Success)
|
if (rc != Success)
|
||||||
rec->status = rc;
|
rec->status = rc;
|
||||||
}
|
}
|
||||||
|
@ -680,13 +677,12 @@ SELinuxProperty(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
freecon(con);
|
freecon(con);
|
||||||
avc_entry_ref_init(&obj->aeref);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Perform the security check */
|
/* Perform the security check */
|
||||||
auditdata.property = rec->pProp->propertyName;
|
auditdata.property = rec->pProp->propertyName;
|
||||||
rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_PROPERTY,
|
rc = SELinuxDoCheck(subj, obj, SECCLASS_X_PROPERTY, rec->access_mode,
|
||||||
rec->access_mode, &auditdata);
|
&auditdata);
|
||||||
if (rc != Success)
|
if (rc != Success)
|
||||||
rec->status = rc;
|
rec->status = rc;
|
||||||
}
|
}
|
||||||
|
@ -741,8 +737,7 @@ SELinuxResource(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
||||||
/* Perform the security check */
|
/* Perform the security check */
|
||||||
auditdata.restype = rec->rtype;
|
auditdata.restype = rec->rtype;
|
||||||
auditdata.id = rec->id;
|
auditdata.id = rec->id;
|
||||||
rc = SELinuxDoCheck(rec->client->index, subj, obj, class,
|
rc = SELinuxDoCheck(subj, obj, class, rec->access_mode, &auditdata);
|
||||||
rec->access_mode, &auditdata);
|
|
||||||
if (rc != Success)
|
if (rc != Success)
|
||||||
rec->status = rc;
|
rec->status = rc;
|
||||||
}
|
}
|
||||||
|
@ -775,8 +770,7 @@ SELinuxScreen(CallbackListPtr *pcbl, pointer is_saver, pointer calldata)
|
||||||
if (is_saver)
|
if (is_saver)
|
||||||
access_mode <<= 2;
|
access_mode <<= 2;
|
||||||
|
|
||||||
rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_SCREEN,
|
rc = SELinuxDoCheck(subj, obj, SECCLASS_X_SCREEN, access_mode, &auditdata);
|
||||||
access_mode, &auditdata);
|
|
||||||
if (rc != Success)
|
if (rc != Success)
|
||||||
rec->status = rc;
|
rec->status = rc;
|
||||||
}
|
}
|
||||||
|
@ -792,8 +786,8 @@ SELinuxClient(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
||||||
subj = dixLookupPrivate(&rec->client->devPrivates, stateKey);
|
subj = dixLookupPrivate(&rec->client->devPrivates, stateKey);
|
||||||
obj = dixLookupPrivate(&rec->target->devPrivates, stateKey);
|
obj = dixLookupPrivate(&rec->target->devPrivates, stateKey);
|
||||||
|
|
||||||
rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_CLIENT,
|
rc = SELinuxDoCheck(subj, obj, SECCLASS_X_CLIENT, rec->access_mode,
|
||||||
rec->access_mode, &auditdata);
|
&auditdata);
|
||||||
if (rc != Success)
|
if (rc != Success)
|
||||||
rec->status = rc;
|
rec->status = rc;
|
||||||
}
|
}
|
||||||
|
@ -809,8 +803,8 @@ SELinuxServer(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
||||||
subj = dixLookupPrivate(&rec->client->devPrivates, stateKey);
|
subj = dixLookupPrivate(&rec->client->devPrivates, stateKey);
|
||||||
obj = dixLookupPrivate(&serverClient->devPrivates, stateKey);
|
obj = dixLookupPrivate(&serverClient->devPrivates, stateKey);
|
||||||
|
|
||||||
rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_SERVER,
|
rc = SELinuxDoCheck(subj, obj, SECCLASS_X_SERVER, rec->access_mode,
|
||||||
rec->access_mode, &auditdata);
|
&auditdata);
|
||||||
if (rc != Success)
|
if (rc != Success)
|
||||||
rec->status = rc;
|
rec->status = rc;
|
||||||
}
|
}
|
||||||
|
@ -832,8 +826,8 @@ SELinuxSelection(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
||||||
}
|
}
|
||||||
|
|
||||||
auditdata.selection = rec->name;
|
auditdata.selection = rec->name;
|
||||||
rc = SELinuxDoCheck(rec->client->index, subj, &sel_sid,
|
rc = SELinuxDoCheck(subj, &sel_sid, SECCLASS_X_SELECTION, rec->access_mode,
|
||||||
SECCLASS_X_SELECTION, rec->access_mode, &auditdata);
|
&auditdata);
|
||||||
if (rc != Success)
|
if (rc != Success)
|
||||||
rec->status = rc;
|
rec->status = rc;
|
||||||
}
|
}
|
||||||
|
@ -855,9 +849,9 @@ SELinuxClientState(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
||||||
|
|
||||||
case ClientStateRetained:
|
case ClientStateRetained:
|
||||||
case ClientStateGone:
|
case ClientStateGone:
|
||||||
if (pci->client == selectionManager) {
|
if (pci->client == securityManager) {
|
||||||
selectionManager = NULL;
|
securityManager = NULL;
|
||||||
selectionWindow = 0;
|
securityWindow = 0;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
@ -890,8 +884,7 @@ SELinuxResourceState(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
||||||
if (rc != Success)
|
if (rc != Success)
|
||||||
FatalError("SELinux: Failed to set label property on window!\n");
|
FatalError("SELinux: Failed to set label property on window!\n");
|
||||||
freecon(ctx);
|
freecon(ctx);
|
||||||
}
|
} else
|
||||||
else
|
|
||||||
FatalError("SELinux: Unexpected unlabeled client found\n");
|
FatalError("SELinux: Unexpected unlabeled client found\n");
|
||||||
|
|
||||||
state = dixLookupPrivate(&pWin->devPrivates, stateKey);
|
state = dixLookupPrivate(&pWin->devPrivates, stateKey);
|
||||||
|
@ -907,8 +900,7 @@ SELinuxResourceState(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
||||||
if (rc != Success)
|
if (rc != Success)
|
||||||
FatalError("SELinux: Failed to set label property on window!\n");
|
FatalError("SELinux: Failed to set label property on window!\n");
|
||||||
freecon(ctx);
|
freecon(ctx);
|
||||||
}
|
} else
|
||||||
else
|
|
||||||
FatalError("SELinux: Unexpected unlabeled window found\n");
|
FatalError("SELinux: Unexpected unlabeled window found\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -943,9 +935,9 @@ SELinuxSelectionState(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
||||||
|
|
||||||
case SelectionConvertSelection:
|
case SelectionConvertSelection:
|
||||||
/* redirect the convert request if necessary */
|
/* redirect the convert request if necessary */
|
||||||
if (selectionManager && selectionManager != rec->client) {
|
if (securityManager && securityManager != rec->client) {
|
||||||
rec->selection->client = selectionManager;
|
rec->selection->client = securityManager;
|
||||||
rec->selection->window = selectionWindow;
|
rec->selection->window = securityWindow;
|
||||||
} else {
|
} else {
|
||||||
rec->selection->client = rec->selection->alt_client;
|
rec->selection->client = rec->selection->alt_client;
|
||||||
rec->selection->window = rec->selection->alt_window;
|
rec->selection->window = rec->selection->alt_window;
|
||||||
|
@ -1012,39 +1004,39 @@ ProcSELinuxQueryVersion(ClientPtr client)
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
ProcSELinuxSetSelectionManager(ClientPtr client)
|
ProcSELinuxSetSecurityManager(ClientPtr client)
|
||||||
{
|
{
|
||||||
WindowPtr pWin;
|
WindowPtr pWin;
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
REQUEST(SELinuxSetSelectionManagerReq);
|
REQUEST(SELinuxSetSecurityManagerReq);
|
||||||
REQUEST_SIZE_MATCH(SELinuxSetSelectionManagerReq);
|
REQUEST_SIZE_MATCH(SELinuxSetSecurityManagerReq);
|
||||||
|
|
||||||
if (stuff->window == None) {
|
if (stuff->window == None) {
|
||||||
selectionManager = NULL;
|
securityManager = NULL;
|
||||||
selectionWindow = None;
|
securityWindow = None;
|
||||||
} else {
|
} else {
|
||||||
rc = dixLookupResource((pointer *)&pWin, stuff->window, RT_WINDOW,
|
rc = dixLookupResource((pointer *)&pWin, stuff->window, RT_WINDOW,
|
||||||
client, DixGetAttrAccess);
|
client, DixGetAttrAccess);
|
||||||
if (rc != Success)
|
if (rc != Success)
|
||||||
return rc;
|
return rc;
|
||||||
|
|
||||||
selectionManager = client;
|
securityManager = client;
|
||||||
selectionWindow = stuff->window;
|
securityWindow = stuff->window;
|
||||||
}
|
}
|
||||||
|
|
||||||
return Success;
|
return Success;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
ProcSELinuxGetSelectionManager(ClientPtr client)
|
ProcSELinuxGetSecurityManager(ClientPtr client)
|
||||||
{
|
{
|
||||||
SELinuxGetSelectionManagerReply rep;
|
SELinuxGetSecurityManagerReply rep;
|
||||||
|
|
||||||
rep.type = X_Reply;
|
rep.type = X_Reply;
|
||||||
rep.length = 0;
|
rep.length = 0;
|
||||||
rep.sequenceNumber = client->sequence;
|
rep.sequenceNumber = client->sequence;
|
||||||
rep.window = selectionWindow;
|
rep.window = securityWindow;
|
||||||
if (client->swapped) {
|
if (client->swapped) {
|
||||||
int n;
|
int n;
|
||||||
swaps(&rep.sequenceNumber, n);
|
swaps(&rep.sequenceNumber, n);
|
||||||
|
@ -1100,7 +1092,40 @@ ProcSELinuxSetDeviceContext(ClientPtr client)
|
||||||
static int
|
static int
|
||||||
ProcSELinuxGetDeviceContext(ClientPtr client)
|
ProcSELinuxGetDeviceContext(ClientPtr client)
|
||||||
{
|
{
|
||||||
return Success;
|
char *ctx;
|
||||||
|
DeviceIntPtr dev;
|
||||||
|
SELinuxStateRec *state;
|
||||||
|
SELinuxGetContextReply rep;
|
||||||
|
int rc;
|
||||||
|
|
||||||
|
REQUEST(SELinuxGetContextReq);
|
||||||
|
REQUEST_SIZE_MATCH(SELinuxGetContextReq);
|
||||||
|
|
||||||
|
rc = dixLookupDevice(&dev, stuff->id, client, DixGetAttrAccess);
|
||||||
|
if (rc != Success)
|
||||||
|
return rc;
|
||||||
|
|
||||||
|
state = dixLookupPrivate(&dev->devPrivates, stateKey);
|
||||||
|
rc = avc_sid_to_context(state->sid, &ctx);
|
||||||
|
if (rc != Success)
|
||||||
|
return BadValue;
|
||||||
|
|
||||||
|
rep.type = X_Reply;
|
||||||
|
rep.length = (strlen(ctx) + 4) >> 2;
|
||||||
|
rep.sequenceNumber = client->sequence;
|
||||||
|
rep.context_len = strlen(ctx) + 1;
|
||||||
|
|
||||||
|
if (client->swapped) {
|
||||||
|
int n;
|
||||||
|
swapl(&rep.length, n);
|
||||||
|
swaps(&rep.sequenceNumber, n);
|
||||||
|
swaps(&rep.context_len, n);
|
||||||
|
}
|
||||||
|
|
||||||
|
WriteToClient(client, sizeof(SELinuxGetContextReply), (char *)&rep);
|
||||||
|
WriteToClient(client, rep.context_len, ctx);
|
||||||
|
free(ctx);
|
||||||
|
return client->noClientException;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
|
@ -1118,7 +1143,54 @@ ProcSELinuxGetPropertyCreateContext(ClientPtr client)
|
||||||
static int
|
static int
|
||||||
ProcSELinuxGetPropertyContext(ClientPtr client)
|
ProcSELinuxGetPropertyContext(ClientPtr client)
|
||||||
{
|
{
|
||||||
return Success;
|
char *ctx;
|
||||||
|
WindowPtr pWin;
|
||||||
|
PropertyPtr pProp;
|
||||||
|
SELinuxStateRec *state;
|
||||||
|
SELinuxGetContextReply rep;
|
||||||
|
int rc;
|
||||||
|
|
||||||
|
REQUEST(SELinuxGetPropertyContextReq);
|
||||||
|
REQUEST_SIZE_MATCH(SELinuxGetPropertyContextReq);
|
||||||
|
|
||||||
|
rc = dixLookupWindow(&pWin, stuff->window, client, DixGetPropAccess);
|
||||||
|
if (rc != Success)
|
||||||
|
return rc;
|
||||||
|
|
||||||
|
pProp = wUserProps(pWin);
|
||||||
|
while (pProp) {
|
||||||
|
if (pProp->propertyName == stuff->property)
|
||||||
|
break;
|
||||||
|
pProp = pProp->next;
|
||||||
|
}
|
||||||
|
if (!pProp)
|
||||||
|
return BadValue;
|
||||||
|
|
||||||
|
rc = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, pProp, DixGetAttrAccess);
|
||||||
|
if (rc != Success)
|
||||||
|
return rc;
|
||||||
|
|
||||||
|
state = dixLookupPrivate(&pProp->devPrivates, stateKey);
|
||||||
|
rc = avc_sid_to_context(state->sid, &ctx);
|
||||||
|
if (rc != Success)
|
||||||
|
return BadValue;
|
||||||
|
|
||||||
|
rep.type = X_Reply;
|
||||||
|
rep.length = (strlen(ctx) + 4) >> 2;
|
||||||
|
rep.sequenceNumber = client->sequence;
|
||||||
|
rep.context_len = strlen(ctx) + 1;
|
||||||
|
|
||||||
|
if (client->swapped) {
|
||||||
|
int n;
|
||||||
|
swapl(&rep.length, n);
|
||||||
|
swaps(&rep.sequenceNumber, n);
|
||||||
|
swaps(&rep.context_len, n);
|
||||||
|
}
|
||||||
|
|
||||||
|
WriteToClient(client, sizeof(SELinuxGetContextReply), (char *)&rep);
|
||||||
|
WriteToClient(client, rep.context_len, ctx);
|
||||||
|
free(ctx);
|
||||||
|
return client->noClientException;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
|
@ -1136,7 +1208,40 @@ ProcSELinuxGetWindowCreateContext(ClientPtr client)
|
||||||
static int
|
static int
|
||||||
ProcSELinuxGetWindowContext(ClientPtr client)
|
ProcSELinuxGetWindowContext(ClientPtr client)
|
||||||
{
|
{
|
||||||
return Success;
|
char *ctx;
|
||||||
|
WindowPtr pWin;
|
||||||
|
SELinuxStateRec *state;
|
||||||
|
SELinuxGetContextReply rep;
|
||||||
|
int rc;
|
||||||
|
|
||||||
|
REQUEST(SELinuxGetContextReq);
|
||||||
|
REQUEST_SIZE_MATCH(SELinuxGetContextReq);
|
||||||
|
|
||||||
|
rc = dixLookupWindow(&pWin, stuff->id, client, DixGetAttrAccess);
|
||||||
|
if (rc != Success)
|
||||||
|
return rc;
|
||||||
|
|
||||||
|
state = dixLookupPrivate(&pWin->devPrivates, stateKey);
|
||||||
|
rc = avc_sid_to_context(state->sid, &ctx);
|
||||||
|
if (rc != Success)
|
||||||
|
return BadValue;
|
||||||
|
|
||||||
|
rep.type = X_Reply;
|
||||||
|
rep.length = (strlen(ctx) + 4) >> 2;
|
||||||
|
rep.sequenceNumber = client->sequence;
|
||||||
|
rep.context_len = strlen(ctx) + 1;
|
||||||
|
|
||||||
|
if (client->swapped) {
|
||||||
|
int n;
|
||||||
|
swapl(&rep.length, n);
|
||||||
|
swaps(&rep.sequenceNumber, n);
|
||||||
|
swaps(&rep.context_len, n);
|
||||||
|
}
|
||||||
|
|
||||||
|
WriteToClient(client, sizeof(SELinuxGetContextReply), (char *)&rep);
|
||||||
|
WriteToClient(client, rep.context_len, ctx);
|
||||||
|
free(ctx);
|
||||||
|
return client->noClientException;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
|
@ -1146,10 +1251,10 @@ ProcSELinuxDispatch(ClientPtr client)
|
||||||
switch (stuff->data) {
|
switch (stuff->data) {
|
||||||
case X_SELinuxQueryVersion:
|
case X_SELinuxQueryVersion:
|
||||||
return ProcSELinuxQueryVersion(client);
|
return ProcSELinuxQueryVersion(client);
|
||||||
case X_SELinuxSetSelectionManager:
|
case X_SELinuxSetSecurityManager:
|
||||||
return ProcSELinuxSetSelectionManager(client);
|
return ProcSELinuxSetSecurityManager(client);
|
||||||
case X_SELinuxGetSelectionManager:
|
case X_SELinuxGetSecurityManager:
|
||||||
return ProcSELinuxGetSelectionManager(client);
|
return ProcSELinuxGetSecurityManager(client);
|
||||||
case X_SELinuxSetDeviceCreateContext:
|
case X_SELinuxSetDeviceCreateContext:
|
||||||
return ProcSELinuxSetDeviceCreateContext(client);
|
return ProcSELinuxSetDeviceCreateContext(client);
|
||||||
case X_SELinuxGetDeviceCreateContext:
|
case X_SELinuxGetDeviceCreateContext:
|
||||||
|
@ -1188,14 +1293,14 @@ SProcSELinuxQueryVersion(ClientPtr client)
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
SProcSELinuxSetSelectionManager(ClientPtr client)
|
SProcSELinuxSetSecurityManager(ClientPtr client)
|
||||||
{
|
{
|
||||||
REQUEST(SELinuxSetSelectionManagerReq);
|
REQUEST(SELinuxSetSecurityManagerReq);
|
||||||
int n;
|
int n;
|
||||||
|
|
||||||
REQUEST_SIZE_MATCH (SELinuxSetSelectionManagerReq);
|
REQUEST_SIZE_MATCH(SELinuxSetSecurityManagerReq);
|
||||||
swapl(&stuff->window, n);
|
swapl(&stuff->window, n);
|
||||||
return ProcSELinuxSetSelectionManager(client);
|
return ProcSELinuxSetSecurityManager(client);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
|
@ -1288,10 +1393,10 @@ SProcSELinuxDispatch(ClientPtr client)
|
||||||
switch (stuff->data) {
|
switch (stuff->data) {
|
||||||
case X_SELinuxQueryVersion:
|
case X_SELinuxQueryVersion:
|
||||||
return SProcSELinuxQueryVersion(client);
|
return SProcSELinuxQueryVersion(client);
|
||||||
case X_SELinuxSetSelectionManager:
|
case X_SELinuxSetSecurityManager:
|
||||||
return SProcSELinuxSetSelectionManager(client);
|
return SProcSELinuxSetSecurityManager(client);
|
||||||
case X_SELinuxGetSelectionManager:
|
case X_SELinuxGetSecurityManager:
|
||||||
return ProcSELinuxGetSelectionManager(client);
|
return ProcSELinuxGetSecurityManager(client);
|
||||||
case X_SELinuxSetDeviceCreateContext:
|
case X_SELinuxSetDeviceCreateContext:
|
||||||
return SProcSELinuxSetDeviceCreateContext(client);
|
return SProcSELinuxSetDeviceCreateContext(client);
|
||||||
case X_SELinuxGetDeviceCreateContext:
|
case X_SELinuxGetDeviceCreateContext:
|
||||||
|
|
|
@ -31,8 +31,8 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||||
|
|
||||||
/* Extension protocol */
|
/* Extension protocol */
|
||||||
#define X_SELinuxQueryVersion 0
|
#define X_SELinuxQueryVersion 0
|
||||||
#define X_SELinuxSetSelectionManager 1
|
#define X_SELinuxSetSecurityManager 1
|
||||||
#define X_SELinuxGetSelectionManager 2
|
#define X_SELinuxGetSecurityManager 2
|
||||||
#define X_SELinuxSetDeviceCreateContext 3
|
#define X_SELinuxSetDeviceCreateContext 3
|
||||||
#define X_SELinuxGetDeviceCreateContext 4
|
#define X_SELinuxGetDeviceCreateContext 4
|
||||||
#define X_SELinuxSetDeviceContext 5
|
#define X_SELinuxSetDeviceContext 5
|
||||||
|
@ -72,13 +72,13 @@ typedef struct {
|
||||||
CARD8 SELinuxReqType;
|
CARD8 SELinuxReqType;
|
||||||
CARD16 length;
|
CARD16 length;
|
||||||
CARD32 window;
|
CARD32 window;
|
||||||
} SELinuxSetSelectionManagerReq;
|
} SELinuxSetSecurityManagerReq;
|
||||||
|
|
||||||
typedef struct {
|
typedef struct {
|
||||||
CARD8 reqType;
|
CARD8 reqType;
|
||||||
CARD8 SELinuxReqType;
|
CARD8 SELinuxReqType;
|
||||||
CARD16 length;
|
CARD16 length;
|
||||||
} SELinuxGetSelectionManagerReq;
|
} SELinuxGetSecurityManagerReq;
|
||||||
|
|
||||||
typedef struct {
|
typedef struct {
|
||||||
CARD8 type;
|
CARD8 type;
|
||||||
|
@ -91,7 +91,7 @@ typedef struct {
|
||||||
CARD32 pad4;
|
CARD32 pad4;
|
||||||
CARD32 pad5;
|
CARD32 pad5;
|
||||||
CARD32 pad6;
|
CARD32 pad6;
|
||||||
} SELinuxGetSelectionManagerReply;
|
} SELinuxGetSecurityManagerReply;
|
||||||
|
|
||||||
typedef struct {
|
typedef struct {
|
||||||
CARD8 reqType;
|
CARD8 reqType;
|
||||||
|
|
|
@ -463,7 +463,8 @@ Dispatch(void)
|
||||||
if (result > (maxBigRequestSize << 2))
|
if (result > (maxBigRequestSize << 2))
|
||||||
result = BadLength;
|
result = BadLength;
|
||||||
else {
|
else {
|
||||||
XaceHookAuditBegin(client);
|
result = XaceHookDispatch(client, MAJOROP);
|
||||||
|
if (result == Success)
|
||||||
result = (* client->requestVector[MAJOROP])(client);
|
result = (* client->requestVector[MAJOROP])(client);
|
||||||
XaceHookAuditEnd(client, result);
|
XaceHookAuditEnd(client, result);
|
||||||
}
|
}
|
||||||
|
|
|
@ -38,6 +38,15 @@ static MODULESETUPPROTO(extmodSetup);
|
||||||
* Array describing extensions to be initialized
|
* Array describing extensions to be initialized
|
||||||
*/
|
*/
|
||||||
static ExtensionModule extensionModules[] = {
|
static ExtensionModule extensionModules[] = {
|
||||||
|
#ifdef XSELINUX
|
||||||
|
{
|
||||||
|
SELinuxExtensionInit,
|
||||||
|
SELINUX_EXTENSION_NAME,
|
||||||
|
NULL,
|
||||||
|
NULL,
|
||||||
|
NULL
|
||||||
|
},
|
||||||
|
#endif
|
||||||
#ifdef SHAPE
|
#ifdef SHAPE
|
||||||
{
|
{
|
||||||
ShapeExtensionInit,
|
ShapeExtensionInit,
|
||||||
|
|
|
@ -125,12 +125,9 @@ extern void ShmRegisterFuncs(
|
||||||
ShmFuncsPtr funcs);
|
ShmFuncsPtr funcs);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef XACE
|
|
||||||
extern void XaceExtensionInit(INITARGS);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef XSELINUX
|
#ifdef XSELINUX
|
||||||
extern void SELinuxExtensionInit(INITARGS);
|
extern void SELinuxExtensionInit(INITARGS);
|
||||||
|
#include "xselinux.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if 1
|
#if 1
|
||||||
|
|
|
@ -66,6 +66,8 @@ typedef enum {
|
||||||
DDC_QUIRK_DETAILED_USE_MAXIMUM_SIZE = 1 << 5,
|
DDC_QUIRK_DETAILED_USE_MAXIMUM_SIZE = 1 << 5,
|
||||||
/* Monitor forgot to set the first detailed is preferred bit. */
|
/* Monitor forgot to set the first detailed is preferred bit. */
|
||||||
DDC_QUIRK_FIRST_DETAILED_PREFERRED = 1 << 6,
|
DDC_QUIRK_FIRST_DETAILED_PREFERRED = 1 << 6,
|
||||||
|
/* use +hsync +vsync for detailed mode */
|
||||||
|
DDC_QUIRK_DETAILED_SYNC_PP = 1 << 7,
|
||||||
} ddc_quirk_t;
|
} ddc_quirk_t;
|
||||||
|
|
||||||
static Bool quirk_prefer_large_60 (int scrnIndex, xf86MonPtr DDC)
|
static Bool quirk_prefer_large_60 (int scrnIndex, xf86MonPtr DDC)
|
||||||
|
@ -160,6 +162,15 @@ static Bool quirk_first_detailed_preferred (int scrnIndex, xf86MonPtr DDC)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static Bool quirk_detailed_sync_pp(int scrnIndex, xf86MonPtr DDC)
|
||||||
|
{
|
||||||
|
/* Bug #12439: Samsung SyncMaster 205BW */
|
||||||
|
if (memcmp (DDC->vendor.name, "SAM", 4) == 0 &&
|
||||||
|
DDC->vendor.prod_id == 541)
|
||||||
|
return TRUE;
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
typedef struct {
|
typedef struct {
|
||||||
Bool (*detect) (int scrnIndex, xf86MonPtr DDC);
|
Bool (*detect) (int scrnIndex, xf86MonPtr DDC);
|
||||||
ddc_quirk_t quirk;
|
ddc_quirk_t quirk;
|
||||||
|
@ -195,6 +206,10 @@ static const ddc_quirk_map_t ddc_quirks[] = {
|
||||||
quirk_first_detailed_preferred, DDC_QUIRK_FIRST_DETAILED_PREFERRED,
|
quirk_first_detailed_preferred, DDC_QUIRK_FIRST_DETAILED_PREFERRED,
|
||||||
"First detailed timing was not marked as preferred."
|
"First detailed timing was not marked as preferred."
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
quirk_detailed_sync_pp, DDC_QUIRK_DETAILED_SYNC_PP,
|
||||||
|
"Use +hsync +vsync for detailed timing."
|
||||||
|
},
|
||||||
{
|
{
|
||||||
NULL, DDC_QUIRK_NONE,
|
NULL, DDC_QUIRK_NONE,
|
||||||
"No known quirks"
|
"No known quirks"
|
||||||
|
@ -341,6 +356,9 @@ DDCModeFromDetailedTiming(int scrnIndex, struct detailed_timings *timing,
|
||||||
if (timing->interlaced)
|
if (timing->interlaced)
|
||||||
Mode->Flags |= V_INTERLACE;
|
Mode->Flags |= V_INTERLACE;
|
||||||
|
|
||||||
|
if (quirks & DDC_QUIRK_DETAILED_SYNC_PP)
|
||||||
|
Mode->Flags |= V_PVSYNC | V_PHSYNC;
|
||||||
|
else {
|
||||||
if (timing->misc & 0x02)
|
if (timing->misc & 0x02)
|
||||||
Mode->Flags |= V_PVSYNC;
|
Mode->Flags |= V_PVSYNC;
|
||||||
else
|
else
|
||||||
|
@ -350,6 +368,7 @@ DDCModeFromDetailedTiming(int scrnIndex, struct detailed_timings *timing,
|
||||||
Mode->Flags |= V_PHSYNC;
|
Mode->Flags |= V_PHSYNC;
|
||||||
else
|
else
|
||||||
Mode->Flags |= V_NHSYNC;
|
Mode->Flags |= V_NHSYNC;
|
||||||
|
}
|
||||||
|
|
||||||
return Mode;
|
return Mode;
|
||||||
}
|
}
|
||||||
|
|
|
@ -142,17 +142,8 @@ mtrr_open(int verbosity)
|
||||||
/* Only report absence of /proc/mtrr once. */
|
/* Only report absence of /proc/mtrr once. */
|
||||||
static Bool warned = FALSE;
|
static Bool warned = FALSE;
|
||||||
|
|
||||||
char **fn;
|
|
||||||
static char *mtrr_files[] = {
|
|
||||||
"/dev/cpu/mtrr", /* Possible future name */
|
|
||||||
"/proc/mtrr", /* Current name */
|
|
||||||
NULL
|
|
||||||
};
|
|
||||||
|
|
||||||
if (mtrr_fd == MTRR_FD_UNOPENED) {
|
if (mtrr_fd == MTRR_FD_UNOPENED) {
|
||||||
/* So open it. */
|
mtrr_fd = open("/proc/mtrr", O_WRONLY);
|
||||||
for (fn = mtrr_files; mtrr_fd < 0 && *fn; fn++)
|
|
||||||
mtrr_fd = open(*fn, O_WRONLY);
|
|
||||||
|
|
||||||
if (mtrr_fd < 0)
|
if (mtrr_fd < 0)
|
||||||
mtrr_fd = MTRR_FD_PROBLEM;
|
mtrr_fd = MTRR_FD_PROBLEM;
|
||||||
|
|
|
@ -244,9 +244,6 @@ typedef void (*InitExtension)(INITARGS);
|
||||||
#define _XAG_SERVER_
|
#define _XAG_SERVER_
|
||||||
#include <X11/extensions/Xagstr.h>
|
#include <X11/extensions/Xagstr.h>
|
||||||
#endif
|
#endif
|
||||||
#ifdef XACE
|
|
||||||
#include "xace.h"
|
|
||||||
#endif
|
|
||||||
#ifdef XCSECURITY
|
#ifdef XCSECURITY
|
||||||
#include "securitysrv.h"
|
#include "securitysrv.h"
|
||||||
#include <X11/extensions/securstr.h>
|
#include <X11/extensions/securstr.h>
|
||||||
|
@ -323,9 +320,6 @@ extern void DbeExtensionInit(INITARGS);
|
||||||
#ifdef XAPPGROUP
|
#ifdef XAPPGROUP
|
||||||
extern void XagExtensionInit(INITARGS);
|
extern void XagExtensionInit(INITARGS);
|
||||||
#endif
|
#endif
|
||||||
#ifdef XACE
|
|
||||||
extern void XaceExtensionInit(INITARGS);
|
|
||||||
#endif
|
|
||||||
#ifdef XCSECURITY
|
#ifdef XCSECURITY
|
||||||
extern void SecurityExtensionInit(INITARGS);
|
extern void SecurityExtensionInit(INITARGS);
|
||||||
#endif
|
#endif
|
||||||
|
@ -599,9 +593,6 @@ InitExtensions(argc, argv)
|
||||||
#ifdef XAPPGROUP
|
#ifdef XAPPGROUP
|
||||||
if (!noXagExtension) XagExtensionInit();
|
if (!noXagExtension) XagExtensionInit();
|
||||||
#endif
|
#endif
|
||||||
#ifdef XACE
|
|
||||||
XaceExtensionInit();
|
|
||||||
#endif
|
|
||||||
#ifdef XCSECURITY
|
#ifdef XCSECURITY
|
||||||
if (!noSecurityExtension) SecurityExtensionInit();
|
if (!noSecurityExtension) SecurityExtensionInit();
|
||||||
#endif
|
#endif
|
||||||
|
@ -696,15 +687,9 @@ static ExtensionModule staticExtensions[] = {
|
||||||
#ifdef XAPPGROUP
|
#ifdef XAPPGROUP
|
||||||
{ XagExtensionInit, XAGNAME, &noXagExtension, NULL, NULL },
|
{ XagExtensionInit, XAGNAME, &noXagExtension, NULL, NULL },
|
||||||
#endif
|
#endif
|
||||||
#ifdef XACE
|
|
||||||
{ XaceExtensionInit, XACE_EXTENSION_NAME, NULL, NULL, NULL },
|
|
||||||
#endif
|
|
||||||
#ifdef XCSECURITY
|
#ifdef XCSECURITY
|
||||||
{ SecurityExtensionInit, SECURITY_EXTENSION_NAME, &noSecurityExtension, NULL, NULL },
|
{ SecurityExtensionInit, SECURITY_EXTENSION_NAME, &noSecurityExtension, NULL, NULL },
|
||||||
#endif
|
#endif
|
||||||
#ifdef XSELINUX
|
|
||||||
{ SELinuxExtensionInit, SELINUX_EXTENSION_NAME, NULL, NULL, NULL },
|
|
||||||
#endif
|
|
||||||
#ifdef XPRINT
|
#ifdef XPRINT
|
||||||
{ XpExtensionInit, XP_PRINTNAME, NULL, NULL, NULL },
|
{ XpExtensionInit, XP_PRINTNAME, NULL, NULL, NULL },
|
||||||
#endif
|
#endif
|
||||||
|
|
Loading…
Reference in New Issue
Block a user