andreacavalli/xserver-multidpi
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge commit 'upstream/master'

Browse Source
This commit is contained in:
David Nusinow 2008-01-26 16:13:25 -05:00
commit 16b0614c8c
11 changed files with 271 additions and 330 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Xext/Makefile.am
View File

@ -76,7 +76,7 @@ endif
# requires X-ACE extension
XSELINUX_SRCS = xselinux.c xselinux.h
if XSELINUX
BUILTIN_SRCS += $(XSELINUX_SRCS)
MODULE_SRCS += $(XSELINUX_SRCS)
endif
# Security extension: multi-level security to protect clients from each other

198
Xext/xace.c
View File

@ -24,31 +24,31 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#include <stdarg.h>
#include "scrnintstr.h"
#include "xacestr.h"
#include "modinit.h"
CallbackListPtr XaceHooks[XACE_NUM_HOOKS] = {0};
/* Proc vectors for untrusted clients, swapped and unswapped versions.
* These are the same as the normal proc vectors except that extensions
* that haven't declared themselves secure will have ProcBadRequest plugged
* in for their major opcode dispatcher. This prevents untrusted clients
* from guessing extension major opcodes and using the extension even though
* the extension can't be listed or queried.
*/
static int (*UntrustedProcVector[256])(
ClientPtr /*client*/
);
static int (*SwappedUntrustedProcVector[256])(
ClientPtr /*client*/
);
/* Special-cased hook functions. Called by Xserver.
*/
void XaceHookAuditBegin(ClientPtr ptr)
int XaceHookDispatch(ClientPtr client, int major)
{
XaceAuditRec rec = { ptr, 0 };
/* call callbacks, there is no return value. */
/* Call the audit begin callback, there is no return value. */
XaceAuditRec rec = { client, 0 };
CallCallbacks(&XaceHooks[XACE_AUDIT_BEGIN], &rec);
if (major < 128) {
/* Call the core dispatch hook */
XaceCoreDispatchRec rec = { client, Success /* default allow */ };
CallCallbacks(&XaceHooks[XACE_CORE_DISPATCH], &rec);
return rec.status;
} else {
/* Call the extension dispatch hook */
ExtensionEntry *ext = GetExtensionEntry(major);
XaceExtAccessRec rec = { client, ext, DixUseAccess, Success };
if (ext)
CallCallbacks(&XaceHooks[XACE_EXT_DISPATCH], &rec);
/* On error, pretend extension doesn't exist */
return (rec.status == Success) ? Success : BadRequest;
}
}
void XaceHookAuditEnd(ClientPtr ptr, int result)
@ -221,168 +221,6 @@ int XaceHook(int hook, ...)
return prv ? *prv : Success;
}
static int
ProcXaceDispatch(ClientPtr client)
{
REQUEST(xReq);
switch (stuff->data)
{
default:
return BadRequest;
}
} /* ProcXaceDispatch */
static int
SProcXaceDispatch(ClientPtr client)
{
REQUEST(xReq);
switch (stuff->data)
{
default:
return BadRequest;
}
} /* SProcXaceDispatch */
/* XaceResetProc
*
* Arguments:
* extEntry is the extension information for the XACE extension.
*
* Returns: nothing.
*
* Side Effects:
* Performs any cleanup needed by XACE at server shutdown time.
*/
static void
XaceResetProc(ExtensionEntry *extEntry)
{
int i;
for (i=0; i<XACE_NUM_HOOKS; i++)
DeleteCallbackList(&XaceHooks[i]);
} /* XaceResetProc */
static int
XaceCatchDispatchProc(ClientPtr client)
{
REQUEST(xReq);
int major = stuff->reqType;
XaceCoreDispatchRec rec = { client, Success /* default allow */ };
if (!ProcVector[major])
return BadRequest;
/* call callbacks and return result, if any. */
CallCallbacks(&XaceHooks[XACE_CORE_DISPATCH], &rec);
if (rec.status != Success)
return rec.status;
return client->swapped ?
(* SwappedProcVector[major])(client) :
(* ProcVector[major])(client);
}
static int
XaceCatchExtProc(ClientPtr client)
{
REQUEST(xReq);
int major = stuff->reqType;
ExtensionEntry *ext = GetExtensionEntry(major);
XaceExtAccessRec rec = { client, ext, DixUseAccess, Success };
if (!ext || !ProcVector[major])
return BadRequest;
/* call callbacks and return result, if any. */
CallCallbacks(&XaceHooks[XACE_EXT_DISPATCH], &rec);
if (rec.status != Success)
return BadRequest; /* pretend extension doesn't exist */
return client->swapped ?
(* SwappedProcVector[major])(client) :
(* ProcVector[major])(client);
}
/* SecurityClientStateCallback
*
* Arguments:
* pcbl is &ClientStateCallback.
* nullata is NULL.
* calldata is a pointer to a NewClientInfoRec (include/dixstruct.h)
* which contains information about client state changes.
*
* Returns: nothing.
*
* Side Effects:
*
* If a new client is connecting, its authorization ID is copied to
* client->authID. If this is a generated authorization, its reference
* count is bumped, its timer is cancelled if it was running, and its
* trustlevel is copied to TRUSTLEVEL(client).
*
* If a client is disconnecting and the client was using a generated
* authorization, the authorization's reference count is decremented, and
* if it is now zero, the timer for this authorization is started.
*/
static void
XaceClientStateCallback(
CallbackListPtr *pcbl,
pointer nulldata,
pointer calldata)
{
NewClientInfoRec *pci = (NewClientInfoRec *)calldata;
ClientPtr client = pci->client;
switch (client->clientState)
{
case ClientStateRunning:
{
client->requestVector = client->swapped ?
SwappedUntrustedProcVector : UntrustedProcVector;
break;
}
default: break;
}
} /* XaceClientStateCallback */
/* XaceExtensionInit
*
* Initialize the XACE Extension
*/
void XaceExtensionInit(INITARGS)
{
ExtensionEntry *extEntry;
int i;
if (!AddCallback(&ClientStateCallback, XaceClientStateCallback, NULL))
return;
extEntry = AddExtension(XACE_EXTENSION_NAME,
XaceNumberEvents, XaceNumberErrors,
ProcXaceDispatch, SProcXaceDispatch,
XaceResetProc, StandardMinorOpcode);
/* initialize dispatching intercept functions */
for (i = 0; i < 128; i++)
{
UntrustedProcVector[i] = XaceCatchDispatchProc;
SwappedUntrustedProcVector[i] = XaceCatchDispatchProc;
}
for (i = 128; i < 256; i++)
{
UntrustedProcVector[i] = XaceCatchExtProc;
SwappedUntrustedProcVector[i] = XaceCatchExtProc;
}
}
/* XaceCensorImage
*
* Called after pScreen->GetImage to prevent pieces or trusted windows from

10
Xext/xace.h
View File

@ -22,16 +22,12 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#ifdef XACE
#define XACE_EXTENSION_NAME "XAccessControlExtension"
#define XACE_MAJOR_VERSION 2
#define XACE_MINOR_VERSION 0
#include "pixmap.h" /* for DrawablePtr */
#include "regionstr.h" /* for RegionPtr */
#define XaceNumberEvents 0
#define XaceNumberErrors 0
/* Default window background */
#define XaceBackgroundNoneState None
@ -68,8 +64,8 @@ extern int XaceHook(
/* Special-cased hook functions
*/
extern int XaceHookDispatch(ClientPtr ptr, int major);
extern void XaceHookAuditEnd(ClientPtr ptr, int result);
extern void XaceHookAuditBegin(ClientPtr ptr);
/* Register a callback for a given hook.
*/
@ -104,13 +100,13 @@ extern void XaceCensorImage(
#ifdef __GNUC__
#define XaceHook(args...) Success
#define XaceHookDispatch(args...) Success
#define XaceHookAuditEnd(args...) { ; }
#define XaceHookAuditBegin(args...) { ; }
#define XaceCensorImage(args...) { ; }
#else
#define XaceHook(...) Success
#define XaceHookDispatch(...) Success
#define XaceHookAuditEnd(...) { ; }
#define XaceHookAuditBegin(...) { ; }
#define XaceCensorImage(...) { ; }
#endif

245
Xext/xselinux.c
View File

@ -63,6 +63,7 @@ typedef struct {
security_id_t sid;
struct avc_entry_ref aeref;
char *command;
int privileged;
} SELinuxStateRec;
/* selection manager */
@ -71,8 +72,8 @@ typedef struct {
security_id_t sid;
} SELinuxSelectionRec;
static ClientPtr selectionManager;
static Window selectionWindow;
static ClientPtr securityManager;
static Window securityWindow;
/* audit file descriptor */
static int audit_fd;
@ -287,11 +288,11 @@ SELinuxTypeToClass(RESTYPE type)
* Performs an SELinux permission check.
*/
static int
SELinuxDoCheck(int clientIndex, SELinuxStateRec *subj, SELinuxStateRec *obj,
SELinuxDoCheck(SELinuxStateRec *subj, SELinuxStateRec *obj,
security_class_t class, Mask mode, SELinuxAuditRec *auditdata)
{
/* serverClient requests OK */
if (clientIndex == 0)
if (subj->privileged)
return Success;
auditdata->command = subj->command;
@ -383,6 +384,7 @@ SELinuxLabelInitial(void)
/* Do the serverClient */
state = dixLookupPrivate(&serverClient->devPrivates, stateKey);
state->privileged = 1;
sidput(state->sid);
/* Use the context of the X server process for the serverClient */
@ -496,8 +498,8 @@ SELinuxDevice(CallbackListPtr *pcbl, pointer unused, pointer calldata)
obj->sid = subj->sid;
}
rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_DEVICE,
rec->access_mode, &auditdata);
rc = SELinuxDoCheck(subj, obj, SECCLASS_X_DEVICE, rec->access_mode,
&auditdata);
if (rc != Success)
rec->status = rc;
}
@ -509,21 +511,18 @@ SELinuxSend(CallbackListPtr *pcbl, pointer unused, pointer calldata)
SELinuxStateRec *subj, *obj, ev_sid;
SELinuxAuditRec auditdata = { .client = rec->client };
security_class_t class;
int rc, i, type, clientIndex;
int rc, i, type;
if (rec->dev) {
if (rec->dev)
subj = dixLookupPrivate(&rec->dev->devPrivates, stateKey);
clientIndex = -1; /* some nonzero value */
} else {
else
subj = dixLookupPrivate(&rec->client->devPrivates, stateKey);
clientIndex = rec->client->index;
}
obj = dixLookupPrivate(&rec->pWin->devPrivates, stateKey);
/* Check send permission on window */
rc = SELinuxDoCheck(clientIndex, subj, obj, SECCLASS_X_DRAWABLE,
DixSendAccess, &auditdata);
rc = SELinuxDoCheck(subj, obj, SECCLASS_X_DRAWABLE, DixSendAccess,
&auditdata);
if (rc != Success)
goto err;
@ -537,8 +536,7 @@ SELinuxSend(CallbackListPtr *pcbl, pointer unused, pointer calldata)
goto err;
auditdata.event = type;
rc = SELinuxDoCheck(clientIndex, subj, &ev_sid, class,
DixSendAccess, &auditdata);
rc = SELinuxDoCheck(subj, &ev_sid, class, DixSendAccess, &auditdata);
if (rc != Success)
goto err;
}
@ -560,8 +558,8 @@ SELinuxReceive(CallbackListPtr *pcbl, pointer unused, pointer calldata)
obj = dixLookupPrivate(&rec->pWin->devPrivates, stateKey);
/* Check receive permission on window */
rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_DRAWABLE,
DixReceiveAccess, &auditdata);
rc = SELinuxDoCheck(subj, obj, SECCLASS_X_DRAWABLE, DixReceiveAccess,
&auditdata);
if (rc != Success)
goto err;
@ -575,8 +573,7 @@ SELinuxReceive(CallbackListPtr *pcbl, pointer unused, pointer calldata)
goto err;
auditdata.event = type;
rc = SELinuxDoCheck(rec->client->index, subj, &ev_sid, class,
DixReceiveAccess, &auditdata);
rc = SELinuxDoCheck(subj, &ev_sid, class, DixReceiveAccess, &auditdata);
if (rc != Success)
goto err;
}
@ -633,8 +630,8 @@ SELinuxExtension(CallbackListPtr *pcbl, pointer unused, pointer calldata)
/* Perform the security check */
auditdata.extension = rec->ext->name;
rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_EXTENSION,
rec->access_mode, &auditdata);
rc = SELinuxDoCheck(subj, obj, SECCLASS_X_EXTENSION, rec->access_mode,
&auditdata);
if (rc != Success)
rec->status = rc;
}
@ -680,13 +677,12 @@ SELinuxProperty(CallbackListPtr *pcbl, pointer unused, pointer calldata)
return;
}
freecon(con);
avc_entry_ref_init(&obj->aeref);
}
/* Perform the security check */
auditdata.property = rec->pProp->propertyName;
rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_PROPERTY,
rec->access_mode, &auditdata);
rc = SELinuxDoCheck(subj, obj, SECCLASS_X_PROPERTY, rec->access_mode,
&auditdata);
if (rc != Success)
rec->status = rc;
}
@ -741,8 +737,7 @@ SELinuxResource(CallbackListPtr *pcbl, pointer unused, pointer calldata)
/* Perform the security check */
auditdata.restype = rec->rtype;
auditdata.id = rec->id;
rc = SELinuxDoCheck(rec->client->index, subj, obj, class,
rec->access_mode, &auditdata);
rc = SELinuxDoCheck(subj, obj, class, rec->access_mode, &auditdata);
if (rc != Success)
rec->status = rc;
}
@ -775,8 +770,7 @@ SELinuxScreen(CallbackListPtr *pcbl, pointer is_saver, pointer calldata)
if (is_saver)
access_mode <<= 2;
rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_SCREEN,
access_mode, &auditdata);
rc = SELinuxDoCheck(subj, obj, SECCLASS_X_SCREEN, access_mode, &auditdata);
if (rc != Success)
rec->status = rc;
}
@ -792,8 +786,8 @@ SELinuxClient(CallbackListPtr *pcbl, pointer unused, pointer calldata)
subj = dixLookupPrivate(&rec->client->devPrivates, stateKey);
obj = dixLookupPrivate(&rec->target->devPrivates, stateKey);
rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_CLIENT,
rec->access_mode, &auditdata);
rc = SELinuxDoCheck(subj, obj, SECCLASS_X_CLIENT, rec->access_mode,
&auditdata);
if (rc != Success)
rec->status = rc;
}
@ -809,8 +803,8 @@ SELinuxServer(CallbackListPtr *pcbl, pointer unused, pointer calldata)
subj = dixLookupPrivate(&rec->client->devPrivates, stateKey);
obj = dixLookupPrivate(&serverClient->devPrivates, stateKey);
rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_SERVER,
rec->access_mode, &auditdata);
rc = SELinuxDoCheck(subj, obj, SECCLASS_X_SERVER, rec->access_mode,
&auditdata);
if (rc != Success)
rec->status = rc;
}
@ -832,8 +826,8 @@ SELinuxSelection(CallbackListPtr *pcbl, pointer unused, pointer calldata)
}
auditdata.selection = rec->name;
rc = SELinuxDoCheck(rec->client->index, subj, &sel_sid,
SECCLASS_X_SELECTION, rec->access_mode, &auditdata);
rc = SELinuxDoCheck(subj, &sel_sid, SECCLASS_X_SELECTION, rec->access_mode,
&auditdata);
if (rc != Success)
rec->status = rc;
}
@ -855,9 +849,9 @@ SELinuxClientState(CallbackListPtr *pcbl, pointer unused, pointer calldata)
case ClientStateRetained:
case ClientStateGone:
if (pci->client == selectionManager) {
selectionManager = NULL;
selectionWindow = 0;
if (pci->client == securityManager) {
securityManager = NULL;
securityWindow = 0;
}
break;
@ -890,8 +884,7 @@ SELinuxResourceState(CallbackListPtr *pcbl, pointer unused, pointer calldata)
if (rc != Success)
FatalError("SELinux: Failed to set label property on window!\n");
freecon(ctx);
}
else
} else
FatalError("SELinux: Unexpected unlabeled client found\n");
state = dixLookupPrivate(&pWin->devPrivates, stateKey);
@ -907,8 +900,7 @@ SELinuxResourceState(CallbackListPtr *pcbl, pointer unused, pointer calldata)
if (rc != Success)
FatalError("SELinux: Failed to set label property on window!\n");
freecon(ctx);
}
else
} else
FatalError("SELinux: Unexpected unlabeled window found\n");
}
@ -943,9 +935,9 @@ SELinuxSelectionState(CallbackListPtr *pcbl, pointer unused, pointer calldata)
case SelectionConvertSelection:
/* redirect the convert request if necessary */
if (selectionManager && selectionManager != rec->client) {
rec->selection->client = selectionManager;
rec->selection->window = selectionWindow;
if (securityManager && securityManager != rec->client) {
rec->selection->client = securityManager;
rec->selection->window = securityWindow;
} else {
rec->selection->client = rec->selection->alt_client;
rec->selection->window = rec->selection->alt_window;
@ -1012,39 +1004,39 @@ ProcSELinuxQueryVersion(ClientPtr client)
}
static int
ProcSELinuxSetSelectionManager(ClientPtr client)
ProcSELinuxSetSecurityManager(ClientPtr client)
{
WindowPtr pWin;
int rc;
REQUEST(SELinuxSetSelectionManagerReq);
REQUEST_SIZE_MATCH(SELinuxSetSelectionManagerReq);
REQUEST(SELinuxSetSecurityManagerReq);
REQUEST_SIZE_MATCH(SELinuxSetSecurityManagerReq);
if (stuff->window == None) {
selectionManager = NULL;
selectionWindow = None;
securityManager = NULL;
securityWindow = None;
} else {
rc = dixLookupResource((pointer *)&pWin, stuff->window, RT_WINDOW,
client, DixGetAttrAccess);
if (rc != Success)
return rc;
selectionManager = client;
selectionWindow = stuff->window;
securityManager = client;
securityWindow = stuff->window;
}
return Success;
}
static int
ProcSELinuxGetSelectionManager(ClientPtr client)
ProcSELinuxGetSecurityManager(ClientPtr client)
{
SELinuxGetSelectionManagerReply rep;
SELinuxGetSecurityManagerReply rep;
rep.type = X_Reply;
rep.length = 0;
rep.sequenceNumber = client->sequence;
rep.window = selectionWindow;
rep.window = securityWindow;
if (client->swapped) {
int n;
swaps(&rep.sequenceNumber, n);
@ -1100,7 +1092,40 @@ ProcSELinuxSetDeviceContext(ClientPtr client)
static int
ProcSELinuxGetDeviceContext(ClientPtr client)
{
return Success;
char *ctx;
DeviceIntPtr dev;
SELinuxStateRec *state;
SELinuxGetContextReply rep;
int rc;
REQUEST(SELinuxGetContextReq);
REQUEST_SIZE_MATCH(SELinuxGetContextReq);
rc = dixLookupDevice(&dev, stuff->id, client, DixGetAttrAccess);
if (rc != Success)
return rc;
state = dixLookupPrivate(&dev->devPrivates, stateKey);
rc = avc_sid_to_context(state->sid, &ctx);
if (rc != Success)
return BadValue;
rep.type = X_Reply;
rep.length = (strlen(ctx) + 4) >> 2;
rep.sequenceNumber = client->sequence;
rep.context_len = strlen(ctx) + 1;
if (client->swapped) {
int n;
swapl(&rep.length, n);
swaps(&rep.sequenceNumber, n);
swaps(&rep.context_len, n);
}
WriteToClient(client, sizeof(SELinuxGetContextReply), (char *)&rep);
WriteToClient(client, rep.context_len, ctx);
free(ctx);
return client->noClientException;
}
static int
@ -1118,7 +1143,54 @@ ProcSELinuxGetPropertyCreateContext(ClientPtr client)
static int
ProcSELinuxGetPropertyContext(ClientPtr client)
{
return Success;
char *ctx;
WindowPtr pWin;
PropertyPtr pProp;
SELinuxStateRec *state;
SELinuxGetContextReply rep;
int rc;
REQUEST(SELinuxGetPropertyContextReq);
REQUEST_SIZE_MATCH(SELinuxGetPropertyContextReq);
rc = dixLookupWindow(&pWin, stuff->window, client, DixGetPropAccess);
if (rc != Success)
return rc;
pProp = wUserProps(pWin);
while (pProp) {
if (pProp->propertyName == stuff->property)
break;
pProp = pProp->next;
}
if (!pProp)
return BadValue;
rc = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, pProp, DixGetAttrAccess);
if (rc != Success)
return rc;
state = dixLookupPrivate(&pProp->devPrivates, stateKey);
rc = avc_sid_to_context(state->sid, &ctx);
if (rc != Success)
return BadValue;
rep.type = X_Reply;
rep.length = (strlen(ctx) + 4) >> 2;
rep.sequenceNumber = client->sequence;
rep.context_len = strlen(ctx) + 1;
if (client->swapped) {
int n;
swapl(&rep.length, n);
swaps(&rep.sequenceNumber, n);
swaps(&rep.context_len, n);
}
WriteToClient(client, sizeof(SELinuxGetContextReply), (char *)&rep);
WriteToClient(client, rep.context_len, ctx);
free(ctx);
return client->noClientException;
}
static int
@ -1136,7 +1208,40 @@ ProcSELinuxGetWindowCreateContext(ClientPtr client)
static int
ProcSELinuxGetWindowContext(ClientPtr client)
{
return Success;
char *ctx;
WindowPtr pWin;
SELinuxStateRec *state;
SELinuxGetContextReply rep;
int rc;
REQUEST(SELinuxGetContextReq);
REQUEST_SIZE_MATCH(SELinuxGetContextReq);
rc = dixLookupWindow(&pWin, stuff->id, client, DixGetAttrAccess);
if (rc != Success)
return rc;
state = dixLookupPrivate(&pWin->devPrivates, stateKey);
rc = avc_sid_to_context(state->sid, &ctx);
if (rc != Success)
return BadValue;
rep.type = X_Reply;
rep.length = (strlen(ctx) + 4) >> 2;
rep.sequenceNumber = client->sequence;
rep.context_len = strlen(ctx) + 1;
if (client->swapped) {
int n;
swapl(&rep.length, n);
swaps(&rep.sequenceNumber, n);
swaps(&rep.context_len, n);
}
WriteToClient(client, sizeof(SELinuxGetContextReply), (char *)&rep);
WriteToClient(client, rep.context_len, ctx);
free(ctx);
return client->noClientException;
}
static int
@ -1146,10 +1251,10 @@ ProcSELinuxDispatch(ClientPtr client)
switch (stuff->data) {
case X_SELinuxQueryVersion:
return ProcSELinuxQueryVersion(client);
case X_SELinuxSetSelectionManager:
return ProcSELinuxSetSelectionManager(client);
case X_SELinuxGetSelectionManager:
return ProcSELinuxGetSelectionManager(client);
case X_SELinuxSetSecurityManager:
return ProcSELinuxSetSecurityManager(client);
case X_SELinuxGetSecurityManager:
return ProcSELinuxGetSecurityManager(client);
case X_SELinuxSetDeviceCreateContext:
return ProcSELinuxSetDeviceCreateContext(client);
case X_SELinuxGetDeviceCreateContext:
@ -1188,14 +1293,14 @@ SProcSELinuxQueryVersion(ClientPtr client)
}
static int
SProcSELinuxSetSelectionManager(ClientPtr client)
SProcSELinuxSetSecurityManager(ClientPtr client)
{
REQUEST(SELinuxSetSelectionManagerReq);
REQUEST(SELinuxSetSecurityManagerReq);
int n;
REQUEST_SIZE_MATCH (SELinuxSetSelectionManagerReq);
REQUEST_SIZE_MATCH(SELinuxSetSecurityManagerReq);
swapl(&stuff->window, n);
return ProcSELinuxSetSelectionManager(client);
return ProcSELinuxSetSecurityManager(client);
}
static int
@ -1288,10 +1393,10 @@ SProcSELinuxDispatch(ClientPtr client)
switch (stuff->data) {
case X_SELinuxQueryVersion:
return SProcSELinuxQueryVersion(client);
case X_SELinuxSetSelectionManager:
return SProcSELinuxSetSelectionManager(client);
case X_SELinuxGetSelectionManager:
return ProcSELinuxGetSelectionManager(client);
case X_SELinuxSetSecurityManager:
return SProcSELinuxSetSecurityManager(client);
case X_SELinuxGetSecurityManager:
return ProcSELinuxGetSecurityManager(client);
case X_SELinuxSetDeviceCreateContext:
return SProcSELinuxSetDeviceCreateContext(client);
case X_SELinuxGetDeviceCreateContext:

10
Xext/xselinux.h
View File

@ -31,8 +31,8 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
/* Extension protocol */
#define X_SELinuxQueryVersion 0
#define X_SELinuxSetSelectionManager 1
#define X_SELinuxGetSelectionManager 2
#define X_SELinuxSetSecurityManager 1
#define X_SELinuxGetSecurityManager 2
#define X_SELinuxSetDeviceCreateContext 3
#define X_SELinuxGetDeviceCreateContext 4
#define X_SELinuxSetDeviceContext 5
@ -72,13 +72,13 @@ typedef struct {
CARD8 SELinuxReqType;
CARD16 length;
CARD32 window;
} SELinuxSetSelectionManagerReq;
} SELinuxSetSecurityManagerReq;
typedef struct {
CARD8 reqType;
CARD8 SELinuxReqType;
CARD16 length;
} SELinuxGetSelectionManagerReq;
} SELinuxGetSecurityManagerReq;
typedef struct {
CARD8 type;
@ -91,7 +91,7 @@ typedef struct {
CARD32 pad4;
CARD32 pad5;
CARD32 pad6;
} SELinuxGetSelectionManagerReply;
} SELinuxGetSecurityManagerReply;
typedef struct {
CARD8 reqType;

3
dix/dispatch.c
View File

@ -463,7 +463,8 @@ Dispatch(void)
if (result > (maxBigRequestSize << 2))
result = BadLength;
else {
XaceHookAuditBegin(client);
result = XaceHookDispatch(client, MAJOROP);
if (result == Success)
result = (* client->requestVector[MAJOROP])(client);
XaceHookAuditEnd(client, result);
}

9
hw/xfree86/dixmods/extmod/modinit.c
View File

@ -38,6 +38,15 @@ static MODULESETUPPROTO(extmodSetup);
* Array describing extensions to be initialized
*/
static ExtensionModule extensionModules[] = {
#ifdef XSELINUX
{
SELinuxExtensionInit,
SELINUX_EXTENSION_NAME,
NULL,
NULL,
NULL
},
#endif
#ifdef SHAPE
{
ShapeExtensionInit,

5
hw/xfree86/dixmods/extmod/modinit.h
View File

@ -125,12 +125,9 @@ extern void ShmRegisterFuncs(
ShmFuncsPtr funcs);
#endif
#ifdef XACE
extern void XaceExtensionInit(INITARGS);
#endif
#ifdef XSELINUX
extern void SELinuxExtensionInit(INITARGS);
#include "xselinux.h"
#endif
#if 1

19
hw/xfree86/modes/xf86EdidModes.c
View File

@ -66,6 +66,8 @@ typedef enum {
DDC_QUIRK_DETAILED_USE_MAXIMUM_SIZE = 1 << 5,
/* Monitor forgot to set the first detailed is preferred bit. */
DDC_QUIRK_FIRST_DETAILED_PREFERRED = 1 << 6,
/* use +hsync +vsync for detailed mode */
DDC_QUIRK_DETAILED_SYNC_PP = 1 << 7,
} ddc_quirk_t;
static Bool quirk_prefer_large_60 (int scrnIndex, xf86MonPtr DDC)
@ -160,6 +162,15 @@ static Bool quirk_first_detailed_preferred (int scrnIndex, xf86MonPtr DDC)
return FALSE;
}
static Bool quirk_detailed_sync_pp(int scrnIndex, xf86MonPtr DDC)
{
/* Bug #12439: Samsung SyncMaster 205BW */
if (memcmp (DDC->vendor.name, "SAM", 4) == 0 &&
DDC->vendor.prod_id == 541)
return TRUE;
return FALSE;
}
typedef struct {
Bool (*detect) (int scrnIndex, xf86MonPtr DDC);
ddc_quirk_t quirk;
@ -195,6 +206,10 @@ static const ddc_quirk_map_t ddc_quirks[] = {
quirk_first_detailed_preferred, DDC_QUIRK_FIRST_DETAILED_PREFERRED,
"First detailed timing was not marked as preferred."
},
{
quirk_detailed_sync_pp, DDC_QUIRK_DETAILED_SYNC_PP,
"Use +hsync +vsync for detailed timing."
},
{
NULL, DDC_QUIRK_NONE,
"No known quirks"
@ -341,6 +356,9 @@ DDCModeFromDetailedTiming(int scrnIndex, struct detailed_timings *timing,
if (timing->interlaced)
Mode->Flags |= V_INTERLACE;
if (quirks & DDC_QUIRK_DETAILED_SYNC_PP)
Mode->Flags |= V_PVSYNC | V_PHSYNC;
else {
if (timing->misc & 0x02)
Mode->Flags |= V_PVSYNC;
else
@ -350,6 +368,7 @@ DDCModeFromDetailedTiming(int scrnIndex, struct detailed_timings *timing,
Mode->Flags |= V_PHSYNC;
else
Mode->Flags |= V_NHSYNC;
}
return Mode;
}

11
hw/xfree86/os-support/linux/lnx_video.c
View File

@ -142,17 +142,8 @@ mtrr_open(int verbosity)
/* Only report absence of /proc/mtrr once. */
static Bool warned = FALSE;
char **fn;
static char *mtrr_files[] = {
"/dev/cpu/mtrr", /* Possible future name */
"/proc/mtrr", /* Current name */
NULL
};
if (mtrr_fd == MTRR_FD_UNOPENED) {
/* So open it. */
for (fn = mtrr_files; mtrr_fd < 0 && *fn; fn++)
mtrr_fd = open(*fn, O_WRONLY);
mtrr_fd = open("/proc/mtrr", O_WRONLY);
if (mtrr_fd < 0)
mtrr_fd = MTRR_FD_PROBLEM;

15
mi/miinitext.c
View File

@ -244,9 +244,6 @@ typedef void (*InitExtension)(INITARGS);
#define _XAG_SERVER_
#include <X11/extensions/Xagstr.h>
#endif
#ifdef XACE
#include "xace.h"
#endif
#ifdef XCSECURITY
#include "securitysrv.h"
#include <X11/extensions/securstr.h>
@ -323,9 +320,6 @@ extern void DbeExtensionInit(INITARGS);
#ifdef XAPPGROUP
extern void XagExtensionInit(INITARGS);
#endif
#ifdef XACE
extern void XaceExtensionInit(INITARGS);
#endif
#ifdef XCSECURITY
extern void SecurityExtensionInit(INITARGS);
#endif
@ -599,9 +593,6 @@ InitExtensions(argc, argv)
#ifdef XAPPGROUP
if (!noXagExtension) XagExtensionInit();
#endif
#ifdef XACE
XaceExtensionInit();
#endif
#ifdef XCSECURITY
if (!noSecurityExtension) SecurityExtensionInit();
#endif
@ -696,15 +687,9 @@ static ExtensionModule staticExtensions[] = {
#ifdef XAPPGROUP
{ XagExtensionInit, XAGNAME, &noXagExtension, NULL, NULL },
#endif
#ifdef XACE
{ XaceExtensionInit, XACE_EXTENSION_NAME, NULL, NULL, NULL },
#endif
#ifdef XCSECURITY
{ SecurityExtensionInit, SECURITY_EXTENSION_NAME, &noSecurityExtension, NULL, NULL },
#endif
#ifdef XSELINUX
{ SELinuxExtensionInit, SELINUX_EXTENSION_NAME, NULL, NULL, NULL },
#endif
#ifdef XPRINT
{ XpExtensionInit, XP_PRINTNAME, NULL, NULL, NULL },
#endif