andreacavalli/xserver-multidpi
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

xselinux: Move the security class mapping to the header file.

Browse Source 
Take the mapping of DixAccess bits to Flask permissions, move it
into the header file, break up the extremely long lines, and
annotate the permission names with the bit being referenced.

Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
This commit is contained in:
Eamon Walsh 2009-06-18 18:48:24 -04:00
parent 75c51c67b3
commit 1e060c3d8b
2 changed files with 393 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
Xext/xselinux.c
View File

@ -49,6 +49,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#include "scrnintstr.h"
#include "selection.h"
#include "xacestr.h"
#define _XSELINUX_NEED_FLASK
#include "xselinux.h"
#include "../os/osdep.h"
#include "modinit.h"
@ -133,32 +134,6 @@ static unsigned numKnownEvents;
static SELinuxAtomRec *knownAtoms;
static unsigned numKnownAtoms;
/* dynamically allocated security classes and permissions */
static struct security_class_mapping map[] = {
{ "x_drawable", { "read", "write", "destroy", "create", "getattr", "setattr", "list_property", "get_property", "set_property", "", "", "list_child", "add_child", "remove_child", "hide", "show", "blend", "override", "", "", "", "", "send", "receive", "", "manage", NULL }},
{ "x_screen", { "", "", "", "", "getattr", "setattr", "saver_getattr", "saver_setattr", "", "", "", "", "", "", "hide_cursor", "show_cursor", "saver_hide", "saver_show", NULL }},
{ "x_gc", { "", "", "destroy", "create", "getattr", "setattr", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "use", NULL }},
{ "x_font", { "", "", "destroy", "create", "getattr", "", "", "", "", "", "", "", "add_glyph", "remove_glyph", "", "", "", "", "", "", "", "", "", "", "use", NULL }},
{ "x_colormap", { "read", "write", "destroy", "create", "getattr", "", "", "", "", "", "", "", "add_color", "remove_color", "", "", "", "", "", "", "install", "uninstall", "", "", "use", NULL }},
{ "x_property", { "read", "write", "destroy", "create", "getattr", "setattr", "", "", "", "", "", "", "", "", "", "", "write", NULL }},
{ "x_selection", { "read", "", "", "setattr", "getattr", "setattr", NULL }},
{ "x_cursor", { "read", "write", "destroy", "create", "getattr", "setattr", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "use", NULL }},
{ "x_client", { "", "", "destroy", "", "getattr", "setattr", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "manage", NULL }},
{ "x_device", { "read", "write", "", "", "getattr", "setattr", "", "", "", "getfocus", "setfocus", "", "", "", "", "", "", "grab", "freeze", "force_cursor", "", "", "", "", "use", "manage", "", "bell", NULL }},
{ "x_server", { "record", "", "", "", "getattr", "setattr", "", "", "", "", "", "", "", "", "", "", "", "grab", "", "", "", "", "", "", "", "manage", "debug", NULL }},
{ "x_extension", { "", "", "", "", "query", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "use", NULL }},
{ "x_event", { "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "send", "receive", NULL }},
{ "x_synthetic_event", { "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "send", "receive", NULL }},
{ "x_resource", { "read", "write", "write", "write", "read", "write", "read", "read", "write", "read", "write", "read", "write", "write", "write", "read", "read", "write", "write", "write", "write", "write", "write", "read", "read", "write", "read", "write", NULL }},
{ NULL }
};
/* x_resource "read" bits from the list above */
#define SELinuxReadMask (DixReadAccess|DixGetAttrAccess|DixListPropAccess| \
DixGetPropAccess|DixGetFocusAccess|DixListAccess| \
DixShowAccess|DixBlendAccess|DixReceiveAccess| \
DixUseAccess|DixDebugAccess)
/* forward declarations */
static void SELinuxScreen(CallbackListPtr *, pointer, pointer);

392
Xext/xselinux.h
View File

@ -139,6 +139,7 @@ typedef struct {
} SELinuxListItemsReply;
#ifdef _XSELINUX_NEED_FLASK
/* Private Flask definitions */
#define SECCLASS_X_DRAWABLE 1
#define SECCLASS_X_SCREEN 2
@ -156,4 +157,395 @@ typedef struct {
#define SECCLASS_X_FAKEEVENT 14
#define SECCLASS_X_RESOURCE 15
/* Mapping from DixAccess bits to Flask permissions */
static struct security_class_mapping map[] = {
{ "x_drawable",
{ "read", /* DixReadAccess */
"write", /* DixWriteAccess */
"destroy", /* DixDestroyAccess */
"create", /* DixCreateAccess */
"getattr", /* DixGetAttrAccess */
"setattr", /* DixSetAttrAccess */
"list_property", /* DixListPropAccess */
"get_property", /* DixGetPropAccess */
"set_property", /* DixSetPropAccess */
"", /* DixGetFocusAccess */
"", /* DixSetFocusAccess */
"list_child", /* DixListAccess */
"add_child", /* DixAddAccess */
"remove_child", /* DixRemoveAccess */
"hide", /* DixHideAccess */
"show", /* DixShowAccess */
"blend", /* DixBlendAccess */
"override", /* DixGrabAccess */
"", /* DixFreezeAccess */
"", /* DixForceAccess */
"", /* DixInstallAccess */
"", /* DixUninstallAccess */
"send", /* DixSendAccess */
"receive", /* DixReceiveAccess */
"", /* DixUseAccess */
"manage", /* DixManageAccess */
NULL }},
{ "x_screen",
{ "", /* DixReadAccess */
"", /* DixWriteAccess */
"", /* DixDestroyAccess */
"", /* DixCreateAccess */
"getattr", /* DixGetAttrAccess */
"setattr", /* DixSetAttrAccess */
"saver_getattr", /* DixListPropAccess */
"saver_setattr", /* DixGetPropAccess */
"", /* DixSetPropAccess */
"", /* DixGetFocusAccess */
"", /* DixSetFocusAccess */
"", /* DixListAccess */
"", /* DixAddAccess */
"", /* DixRemoveAccess */
"hide_cursor", /* DixHideAccess */
"show_cursor", /* DixShowAccess */
"saver_hide", /* DixBlendAccess */
"saver_show", /* DixGrabAccess */
NULL }},
{ "x_gc",
{ "", /* DixReadAccess */
"", /* DixWriteAccess */
"destroy", /* DixDestroyAccess */
"create", /* DixCreateAccess */
"getattr", /* DixGetAttrAccess */
"setattr", /* DixSetAttrAccess */
"", /* DixListPropAccess */
"", /* DixGetPropAccess */
"", /* DixSetPropAccess */
"", /* DixGetFocusAccess */
"", /* DixSetFocusAccess */
"", /* DixListAccess */
"", /* DixAddAccess */
"", /* DixRemoveAccess */
"", /* DixHideAccess */
"", /* DixShowAccess */
"", /* DixBlendAccess */
"", /* DixGrabAccess */
"", /* DixFreezeAccess */
"", /* DixForceAccess */
"", /* DixInstallAccess */
"", /* DixUninstallAccess */
"", /* DixSendAccess */
"", /* DixReceiveAccess */
"use", /* DixUseAccess */
NULL }},
{ "x_font",
{ "", /* DixReadAccess */
"", /* DixWriteAccess */
"destroy", /* DixDestroyAccess */
"create", /* DixCreateAccess */
"getattr", /* DixGetAttrAccess */
"", /* DixSetAttrAccess */
"", /* DixListPropAccess */
"", /* DixGetPropAccess */
"", /* DixSetPropAccess */
"", /* DixGetFocusAccess */
"", /* DixSetFocusAccess */
"", /* DixListAccess */
"add_glyph", /* DixAddAccess */
"remove_glyph", /* DixRemoveAccess */
"", /* DixHideAccess */
"", /* DixShowAccess */
"", /* DixBlendAccess */
"", /* DixGrabAccess */
"", /* DixFreezeAccess */
"", /* DixForceAccess */
"", /* DixInstallAccess */
"", /* DixUninstallAccess */
"", /* DixSendAccess */
"", /* DixReceiveAccess */
"use", /* DixUseAccess */
NULL }},
{ "x_colormap",
{ "read", /* DixReadAccess */
"write", /* DixWriteAccess */
"destroy", /* DixDestroyAccess */
"create", /* DixCreateAccess */
"getattr", /* DixGetAttrAccess */
"", /* DixSetAttrAccess */
"", /* DixListPropAccess */
"", /* DixGetPropAccess */
"", /* DixSetPropAccess */
"", /* DixGetFocusAccess */
"", /* DixSetFocusAccess */
"", /* DixListAccess */
"add_color", /* DixAddAccess */
"remove_color", /* DixRemoveAccess */
"", /* DixHideAccess */
"", /* DixShowAccess */
"", /* DixBlendAccess */
"", /* DixGrabAccess */
"", /* DixFreezeAccess */
"", /* DixForceAccess */
"install", /* DixInstallAccess */
"uninstall", /* DixUninstallAccess */
"", /* DixSendAccess */
"", /* DixReceiveAccess */
"use", /* DixUseAccess */
NULL }},
{ "x_property",
{ "read", /* DixReadAccess */
"write", /* DixWriteAccess */
"destroy", /* DixDestroyAccess */
"create", /* DixCreateAccess */
"getattr", /* DixGetAttrAccess */
"setattr", /* DixSetAttrAccess */
"", /* DixListPropAccess */
"", /* DixGetPropAccess */
"", /* DixSetPropAccess */
"", /* DixGetFocusAccess */
"", /* DixSetFocusAccess */
"", /* DixListAccess */
"", /* DixAddAccess */
"", /* DixRemoveAccess */
"", /* DixHideAccess */
"", /* DixShowAccess */
"write", /* DixBlendAccess */
NULL }},
{ "x_selection",
{ "read", /* DixReadAccess */
"", /* DixWriteAccess */
"", /* DixDestroyAccess */
"setattr", /* DixCreateAccess */
"getattr", /* DixGetAttrAccess */
"setattr", /* DixSetAttrAccess */
NULL }},
{ "x_cursor",
{ "read", /* DixReadAccess */
"write", /* DixWriteAccess */
"destroy", /* DixDestroyAccess */
"create", /* DixCreateAccess */
"getattr", /* DixGetAttrAccess */
"setattr", /* DixSetAttrAccess */
"", /* DixListPropAccess */
"", /* DixGetPropAccess */
"", /* DixSetPropAccess */
"", /* DixGetFocusAccess */
"", /* DixSetFocusAccess */
"", /* DixListAccess */
"", /* DixAddAccess */
"", /* DixRemoveAccess */
"", /* DixHideAccess */
"", /* DixShowAccess */
"", /* DixBlendAccess */
"", /* DixGrabAccess */
"", /* DixFreezeAccess */
"", /* DixForceAccess */
"", /* DixInstallAccess */
"", /* DixUninstallAccess */
"", /* DixSendAccess */
"", /* DixReceiveAccess */
"use", /* DixUseAccess */
NULL }},
{ "x_client",
{ "", /* DixReadAccess */
"", /* DixWriteAccess */
"destroy", /* DixDestroyAccess */
"", /* DixCreateAccess */
"getattr", /* DixGetAttrAccess */
"setattr", /* DixSetAttrAccess */
"", /* DixListPropAccess */
"", /* DixGetPropAccess */
"", /* DixSetPropAccess */
"", /* DixGetFocusAccess */
"", /* DixSetFocusAccess */
"", /* DixListAccess */
"", /* DixAddAccess */
"", /* DixRemoveAccess */
"", /* DixHideAccess */
"", /* DixShowAccess */
"", /* DixBlendAccess */
"", /* DixGrabAccess */
"", /* DixFreezeAccess */
"", /* DixForceAccess */
"", /* DixInstallAccess */
"", /* DixUninstallAccess */
"", /* DixSendAccess */
"", /* DixReceiveAccess */
"", /* DixUseAccess */
"manage", /* DixManageAccess */
NULL }},
{ "x_device",
{ "read", /* DixReadAccess */
"write", /* DixWriteAccess */
"", /* DixDestroyAccess */
"", /* DixCreateAccess */
"getattr", /* DixGetAttrAccess */
"setattr", /* DixSetAttrAccess */
"", /* DixListPropAccess */
"", /* DixGetPropAccess */
"", /* DixSetPropAccess */
"getfocus", /* DixGetFocusAccess */
"setfocus", /* DixSetFocusAccess */
"", /* DixListAccess */
"", /* DixAddAccess */
"", /* DixRemoveAccess */
"", /* DixHideAccess */
"", /* DixShowAccess */
"", /* DixBlendAccess */
"grab", /* DixGrabAccess */
"freeze", /* DixFreezeAccess */
"force_cursor", /* DixForceAccess */
"", /* DixInstallAccess */
"", /* DixUninstallAccess */
"", /* DixSendAccess */
"", /* DixReceiveAccess */
"use", /* DixUseAccess */
"manage", /* DixManageAccess */
"", /* DixDebugAccess */
"bell", /* DixBellAccess */
NULL }},
{ "x_server",
{ "record", /* DixReadAccess */
"", /* DixWriteAccess */
"", /* DixDestroyAccess */
"", /* DixCreateAccess */
"getattr", /* DixGetAttrAccess */
"setattr", /* DixSetAttrAccess */
"", /* DixListPropAccess */
"", /* DixGetPropAccess */
"", /* DixSetPropAccess */
"", /* DixGetFocusAccess */
"", /* DixSetFocusAccess */
"", /* DixListAccess */
"", /* DixAddAccess */
"", /* DixRemoveAccess */
"", /* DixHideAccess */
"", /* DixShowAccess */
"", /* DixBlendAccess */
"grab", /* DixGrabAccess */
"", /* DixFreezeAccess */
"", /* DixForceAccess */
"", /* DixInstallAccess */
"", /* DixUninstallAccess */
"", /* DixSendAccess */
"", /* DixReceiveAccess */
"", /* DixUseAccess */
"manage", /* DixManageAccess */
"debug", /* DixDebugAccess */
NULL }},
{ "x_extension",
{ "", /* DixReadAccess */
"", /* DixWriteAccess */
"", /* DixDestroyAccess */
"", /* DixCreateAccess */
"query", /* DixGetAttrAccess */
"", /* DixSetAttrAccess */
"", /* DixListPropAccess */
"", /* DixGetPropAccess */
"", /* DixSetPropAccess */
"", /* DixGetFocusAccess */
"", /* DixSetFocusAccess */
"", /* DixListAccess */
"", /* DixAddAccess */
"", /* DixRemoveAccess */
"", /* DixHideAccess */
"", /* DixShowAccess */
"", /* DixBlendAccess */
"", /* DixGrabAccess */
"", /* DixFreezeAccess */
"", /* DixForceAccess */
"", /* DixInstallAccess */
"", /* DixUninstallAccess */
"", /* DixSendAccess */
"", /* DixReceiveAccess */
"use", /* DixUseAccess */
NULL }},
{ "x_event",
{ "", /* DixReadAccess */
"", /* DixWriteAccess */
"", /* DixDestroyAccess */
"", /* DixCreateAccess */
"", /* DixGetAttrAccess */
"", /* DixSetAttrAccess */
"", /* DixListPropAccess */
"", /* DixGetPropAccess */
"", /* DixSetPropAccess */
"", /* DixGetFocusAccess */
"", /* DixSetFocusAccess */
"", /* DixListAccess */
"", /* DixAddAccess */
"", /* DixRemoveAccess */
"", /* DixHideAccess */
"", /* DixShowAccess */
"", /* DixBlendAccess */
"", /* DixGrabAccess */
"", /* DixFreezeAccess */
"", /* DixForceAccess */
"", /* DixInstallAccess */
"", /* DixUninstallAccess */
"send", /* DixSendAccess */
"receive", /* DixReceiveAccess */
NULL }},
{ "x_synthetic_event",
{ "", /* DixReadAccess */
"", /* DixWriteAccess */
"", /* DixDestroyAccess */
"", /* DixCreateAccess */
"", /* DixGetAttrAccess */
"", /* DixSetAttrAccess */
"", /* DixListPropAccess */
"", /* DixGetPropAccess */
"", /* DixSetPropAccess */
"", /* DixGetFocusAccess */
"", /* DixSetFocusAccess */
"", /* DixListAccess */
"", /* DixAddAccess */
"", /* DixRemoveAccess */
"", /* DixHideAccess */
"", /* DixShowAccess */
"", /* DixBlendAccess */
"", /* DixGrabAccess */
"", /* DixFreezeAccess */
"", /* DixForceAccess */
"", /* DixInstallAccess */
"", /* DixUninstallAccess */
"send", /* DixSendAccess */
"receive", /* DixReceiveAccess */
NULL }},
{ "x_resource",
{ "read", /* DixReadAccess */
"write", /* DixWriteAccess */
"write", /* DixDestroyAccess */
"write", /* DixCreateAccess */
"read", /* DixGetAttrAccess */
"write", /* DixSetAttrAccess */
"read", /* DixListPropAccess */
"read", /* DixGetPropAccess */
"write", /* DixSetPropAccess */
"read", /* DixGetFocusAccess */
"write", /* DixSetFocusAccess */
"read", /* DixListAccess */
"write", /* DixAddAccess */
"write", /* DixRemoveAccess */
"write", /* DixHideAccess */
"read", /* DixShowAccess */
"read", /* DixBlendAccess */
"write", /* DixGrabAccess */
"write", /* DixFreezeAccess */
"write", /* DixForceAccess */
"write", /* DixInstallAccess */
"write", /* DixUninstallAccess */
"write", /* DixSendAccess */
"read", /* DixReceiveAccess */
"read", /* DixUseAccess */
"write", /* DixManageAccess */
"read", /* DixDebugAccess */
"write", /* DixBellAccess */
NULL }},
{ NULL }
};
/* x_resource "read" bits from the list above */
#define SELinuxReadMask (DixReadAccess|DixGetAttrAccess|DixListPropAccess| \
DixGetPropAccess|DixGetFocusAccess|DixListAccess| \
DixShowAccess|DixBlendAccess|DixReceiveAccess| \
DixUseAccess|DixDebugAccess)
#endif /* _XSELINUX_NEED_FLASK */
#endif /* _XSELINUX_H */