From 3b7af72fe315c7c26c89838c0c5dacbe58765d0f Mon Sep 17 00:00:00 2001 From: Eamon Walsh Date: Fri, 26 Oct 2007 20:32:10 -0400 Subject: [PATCH] xselinux: Add a SetDeviceContext request and stubs for more requests. --- Xext/xselinux.c | 190 ++++++++++++++++++++++++++++++++++++++++++++++-- Xext/xselinux.h | 121 ++++++++++++++++++++++++++++-- 2 files changed, 298 insertions(+), 13 deletions(-) diff --git a/Xext/xselinux.c b/Xext/xselinux.c index bacbe6ef5..946e5b944 100644 --- a/Xext/xselinux.c +++ b/Xext/xselinux.c @@ -985,10 +985,6 @@ static int ProcSELinuxQueryVersion(ClientPtr client) { SELinuxQueryVersionReply rep; - /* - REQUEST(SELinuxQueryVersionReq); - REQUEST_SIZE_MATCH (SELinuxQueryVersionReq); - */ rep.type = X_Reply; rep.length = 0; @@ -1009,10 +1005,10 @@ ProcSELinuxQueryVersion(ClientPtr client) static int ProcSELinuxSetSelectionManager(ClientPtr client) { - REQUEST(SELinuxSetSelectionManagerReq); WindowPtr pWin; int rc; + REQUEST(SELinuxSetSelectionManagerReq); REQUEST_SIZE_MATCH(SELinuxSetSelectionManagerReq); if (stuff->window == None) { @@ -1031,6 +1027,98 @@ ProcSELinuxSetSelectionManager(ClientPtr client) return Success; } +static int +ProcSELinuxGetSelectionManager(ClientPtr client) +{ + SELinuxGetSelectionManagerReply rep; + + rep.type = X_Reply; + rep.length = 0; + rep.sequenceNumber = client->sequence; + rep.window = selectionWindow; + if (client->swapped) { + int n; + swaps(&rep.sequenceNumber, n); + swapl(&rep.length, n); + swapl(&rep.window, n); + } + WriteToClient(client, sizeof(rep), (char *)&rep); + return (client->noClientException); +} + +static int +ProcSELinuxSetDeviceContext(ClientPtr client) +{ + char *ctx; + security_id_t sid; + DeviceIntPtr dev; + SELinuxStateRec *state; + int rc; + + REQUEST(SELinuxSetContextReq); + REQUEST_FIXED_SIZE(SELinuxSetContextReq, stuff->context_len); + + ctx = (char *)(stuff + 1); + if (ctx[stuff->context_len - 1]) + return BadLength; + + rc = dixLookupDevice(&dev, stuff->id, client, DixManageAccess); + if (rc != Success) + return rc; + + rc = avc_context_to_sid(ctx, &sid); + if (rc != Success) + return BadValue; + + state = dixLookupPrivate(&dev->devPrivates, stateKey); + sidput(state->sid); + state->sid = sid; + ErrorF("I really, actually did relabel a device to %s\n", ctx); + return Success; +} + +static int +ProcSELinuxGetDeviceContext(ClientPtr client) +{ + return Success; +} + +static int +ProcSELinuxSetPropertyCreateContext(ClientPtr client) +{ + return Success; +} + +static int +ProcSELinuxGetPropertyCreateContext(ClientPtr client) +{ + return Success; +} + +static int +ProcSELinuxGetPropertyContext(ClientPtr client) +{ + return Success; +} + +static int +ProcSELinuxSetWindowCreateContext(ClientPtr client) +{ + return Success; +} + +static int +ProcSELinuxGetWindowCreateContext(ClientPtr client) +{ + return Success; +} + +static int +ProcSELinuxGetWindowContext(ClientPtr client) +{ + return Success; +} + static int ProcSELinuxDispatch(ClientPtr client) { @@ -1040,6 +1128,24 @@ ProcSELinuxDispatch(ClientPtr client) return ProcSELinuxQueryVersion(client); case X_SELinuxSetSelectionManager: return ProcSELinuxSetSelectionManager(client); + case X_SELinuxGetSelectionManager: + return ProcSELinuxGetSelectionManager(client); + case X_SELinuxSetDeviceContext: + return ProcSELinuxSetDeviceContext(client); + case X_SELinuxGetDeviceContext: + return ProcSELinuxGetDeviceContext(client); + case X_SELinuxSetPropertyCreateContext: + return ProcSELinuxSetPropertyCreateContext(client); + case X_SELinuxGetPropertyCreateContext: + return ProcSELinuxGetPropertyCreateContext(client); + case X_SELinuxGetPropertyContext: + return ProcSELinuxGetPropertyContext(client); + case X_SELinuxSetWindowCreateContext: + return ProcSELinuxSetWindowCreateContext(client); + case X_SELinuxGetWindowCreateContext: + return ProcSELinuxGetWindowCreateContext(client); + case X_SELinuxGetWindowContext: + return ProcSELinuxGetWindowContext(client); default: return BadRequest; } @@ -1068,6 +1174,60 @@ SProcSELinuxSetSelectionManager(ClientPtr client) return ProcSELinuxSetSelectionManager(client); } +static int +SProcSELinuxGetSelectionManager(ClientPtr client) +{ + return ProcSELinuxGetSelectionManager(client); +} + +static int +SProcSELinuxSetDeviceContext(ClientPtr client) +{ + return ProcSELinuxSetDeviceContext(client); +} + +static int +SProcSELinuxGetDeviceContext(ClientPtr client) +{ + return ProcSELinuxGetDeviceContext(client); +} + +static int +SProcSELinuxSetPropertyCreateContext(ClientPtr client) +{ + return ProcSELinuxSetPropertyCreateContext(client); +} + +static int +SProcSELinuxGetPropertyCreateContext(ClientPtr client) +{ + return ProcSELinuxGetPropertyCreateContext(client); +} + +static int +SProcSELinuxGetPropertyContext(ClientPtr client) +{ + return ProcSELinuxGetPropertyContext(client); +} + +static int +SProcSELinuxSetWindowCreateContext(ClientPtr client) +{ + return ProcSELinuxSetWindowCreateContext(client); +} + +static int +SProcSELinuxGetWindowCreateContext(ClientPtr client) +{ + return ProcSELinuxGetWindowCreateContext(client); +} + +static int +SProcSELinuxGetWindowContext(ClientPtr client) +{ + return ProcSELinuxGetWindowContext(client); +} + static int SProcSELinuxDispatch(ClientPtr client) { @@ -1080,7 +1240,25 @@ SProcSELinuxDispatch(ClientPtr client) case X_SELinuxQueryVersion: return SProcSELinuxQueryVersion(client); case X_SELinuxSetSelectionManager: - return SProcSELinuxSetSelectionManager(client); + return SProcSELinuxSetSelectionManager(client); + case X_SELinuxGetSelectionManager: + return SProcSELinuxGetSelectionManager(client); + case X_SELinuxSetDeviceContext: + return SProcSELinuxSetDeviceContext(client); + case X_SELinuxGetDeviceContext: + return SProcSELinuxGetDeviceContext(client); + case X_SELinuxSetPropertyCreateContext: + return SProcSELinuxSetPropertyCreateContext(client); + case X_SELinuxGetPropertyCreateContext: + return SProcSELinuxGetPropertyCreateContext(client); + case X_SELinuxGetPropertyContext: + return SProcSELinuxGetPropertyContext(client); + case X_SELinuxSetWindowCreateContext: + return SProcSELinuxSetWindowCreateContext(client); + case X_SELinuxGetWindowCreateContext: + return SProcSELinuxGetWindowCreateContext(client); + case X_SELinuxGetWindowContext: + return SProcSELinuxGetWindowContext(client); default: return BadRequest; } diff --git a/Xext/xselinux.h b/Xext/xselinux.h index 691154d1d..50838d754 100644 --- a/Xext/xselinux.h +++ b/Xext/xselinux.h @@ -30,10 +30,19 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. #define XSELinuxNumberErrors 0 /* Extension protocol */ -#define X_SELinuxQueryVersion 0 -#define X_SELinuxSetSelectionManager 1 +#define X_SELinuxQueryVersion 0 +#define X_SELinuxSetSelectionManager 1 +#define X_SELinuxGetSelectionManager 2 +#define X_SELinuxSetDeviceContext 3 +#define X_SELinuxGetDeviceContext 4 +#define X_SELinuxSetPropertyCreateContext 5 +#define X_SELinuxGetPropertyCreateContext 6 +#define X_SELinuxGetPropertyContext 7 +#define X_SELinuxSetWindowCreateContext 8 +#define X_SELinuxGetWindowCreateContext 9 +#define X_SELinuxGetWindowContext 10 -typedef struct _SELinuxQueryVersion { +typedef struct { CARD8 reqType; CARD8 SELinuxReqType; CARD16 length; @@ -41,7 +50,6 @@ typedef struct _SELinuxQueryVersion { CARD8 client_minor; CARD16 unused; } SELinuxQueryVersionReq; -#define sz_SELinuxQueryVersionReq 8 typedef struct { CARD8 type; @@ -56,15 +64,114 @@ typedef struct { CARD32 pad5; CARD32 pad6; } SELinuxQueryVersionReply; -#define sz_SELinuxQueryVersionReply 32 -typedef struct _SELinuxSetSelectionManager { +typedef struct { CARD8 reqType; CARD8 SELinuxReqType; CARD16 length; CARD32 window; } SELinuxSetSelectionManagerReq; -#define sz_SELinuxSetSelectionManagerReq 8 + +typedef struct { + CARD8 reqType; + CARD8 SELinuxReqType; + CARD16 length; +} SELinuxGetSelectionManagerReq; + +typedef struct { + CARD8 type; + CARD8 pad1; + CARD16 sequenceNumber; + CARD32 length; + CARD32 window; + CARD32 pad2; + CARD32 pad3; + CARD32 pad4; + CARD32 pad5; + CARD32 pad6; +} SELinuxGetSelectionManagerReply; + +typedef struct { + CARD8 reqType; + CARD8 SELinuxReqType; + CARD16 length; + CARD8 permanent; + CARD8 unused; + CARD16 context_len; +} SELinuxSetCreateContextReq; + +typedef struct { + CARD8 reqType; + CARD8 SELinuxReqType; + CARD16 length; +} SELinuxGetCreateContextReq; + +typedef struct { + CARD8 type; + CARD8 permanent; + CARD16 sequenceNumber; + CARD32 length; + CARD16 context_len; + CARD16 pad1; + CARD32 pad2; + CARD32 pad3; + CARD32 pad4; + CARD32 pad5; + CARD32 pad6; +} SELinuxGetCreateContextReply; + +typedef struct { + CARD8 reqType; + CARD8 SELinuxReqType; + CARD16 length; + CARD32 id; + CARD16 unused; + CARD16 context_len; +} SELinuxSetContextReq; + +typedef struct { + CARD8 reqType; + CARD8 SELinuxReqType; + CARD16 length; + CARD32 id; +} SELinuxGetContextReq; + +typedef struct { + CARD8 type; + CARD8 pad1; + CARD16 sequenceNumber; + CARD32 length; + CARD16 context_len; + CARD16 pad2; + CARD32 pad3; + CARD32 pad4; + CARD32 pad5; + CARD32 pad6; + CARD32 pad7; +} SELinuxGetContextReply; + +typedef struct { + CARD8 reqType; + CARD8 SELinuxReqType; + CARD16 length; + CARD32 window; + CARD32 property; +} SELinuxGetPropertyContextReq; + +typedef struct { + CARD8 type; + CARD8 pad1; + CARD16 sequenceNumber; + CARD32 length; + CARD16 context_len; + CARD16 pad2; + CARD32 pad3; + CARD32 pad4; + CARD32 pad5; + CARD32 pad6; + CARD32 pad7; +} SELinuxGetPropertyContextReply; + /* Private Flask definitions */ #define SECCLASS_X_DRAWABLE 1