xace: rename hostlist security hook to "server" as this hook will be used
for other types of server access besides just the host list.
This commit is contained in:
parent
dc84bb3418
commit
3c9553ac2c
|
@ -1222,10 +1222,10 @@ SecurityCheckExtAccess(CallbackListPtr *pcbl, pointer unused,
|
|||
}
|
||||
|
||||
static void
|
||||
SecurityCheckHostlistAccess(CallbackListPtr *pcbl, pointer unused,
|
||||
pointer calldata)
|
||||
SecurityCheckServerAccess(CallbackListPtr *pcbl, pointer unused,
|
||||
pointer calldata)
|
||||
{
|
||||
XaceHostlistAccessRec *rec = (XaceHostlistAccessRec*)calldata;
|
||||
XaceServerAccessRec *rec = (XaceServerAccessRec*)calldata;
|
||||
|
||||
if (TRUSTLEVEL(rec->client) != XSecurityClientTrusted)
|
||||
{
|
||||
|
@ -1851,5 +1851,5 @@ SecurityExtensionInit(INITARGS)
|
|||
XaceRC(XACE_BACKGRND_ACCESS, SecurityCheckBackgrndAccess, NULL);
|
||||
XaceRC(XACE_EXT_DISPATCH, SecurityCheckExtAccess, NULL);
|
||||
XaceRC(XACE_EXT_ACCESS, SecurityCheckExtAccess, NULL);
|
||||
XaceRC(XACE_HOSTLIST_ACCESS, SecurityCheckHostlistAccess, NULL);
|
||||
XaceRC(XACE_SERVER_ACCESS, SecurityCheckServerAccess, NULL);
|
||||
} /* SecurityExtensionInit */
|
||||
|
|
|
@ -135,8 +135,8 @@ int XaceHook(int hook, ...)
|
|||
prv = &rec.status;
|
||||
break;
|
||||
}
|
||||
case XACE_HOSTLIST_ACCESS: {
|
||||
XaceHostlistAccessRec rec = {
|
||||
case XACE_SERVER_ACCESS: {
|
||||
XaceServerAccessRec rec = {
|
||||
va_arg(ap, ClientPtr),
|
||||
va_arg(ap, Mask),
|
||||
Success /* default allow */
|
||||
|
|
|
@ -49,7 +49,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|||
#define XACE_MAP_ACCESS 6
|
||||
#define XACE_BACKGRND_ACCESS 7
|
||||
#define XACE_EXT_ACCESS 8
|
||||
#define XACE_HOSTLIST_ACCESS 9
|
||||
#define XACE_SERVER_ACCESS 9
|
||||
#define XACE_SELECTION_ACCESS 10
|
||||
#define XACE_SCREEN_ACCESS 11
|
||||
#define XACE_SCREENSAVER_ACCESS 12
|
||||
|
|
|
@ -86,12 +86,12 @@ typedef struct {
|
|||
int status;
|
||||
} XaceExtAccessRec;
|
||||
|
||||
/* XACE_HOSTLIST_ACCESS */
|
||||
/* XACE_SERVER_ACCESS */
|
||||
typedef struct {
|
||||
ClientPtr client;
|
||||
Mask access_mode;
|
||||
int status;
|
||||
} XaceHostlistAccessRec;
|
||||
} XaceServerAccessRec;
|
||||
|
||||
/* XACE_SELECTION_ACCESS */
|
||||
typedef struct {
|
||||
|
@ -101,6 +101,8 @@ typedef struct {
|
|||
int status;
|
||||
} XaceSelectionAccessRec;
|
||||
|
||||
/* XACE_SCREEN_ACCESS */
|
||||
/* XACE_SCREENSAVER_ACCESS */
|
||||
typedef struct {
|
||||
ClientPtr client;
|
||||
ScreenPtr screen;
|
||||
|
|
|
@ -1175,15 +1175,15 @@ XSELinuxDrawable(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
|||
} /* XSELinuxDrawable */
|
||||
|
||||
static void
|
||||
XSELinuxHostlist(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
||||
XSELinuxServer(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
||||
{
|
||||
XaceHostlistAccessRec *rec = (XaceHostlistAccessRec*)calldata;
|
||||
XaceServerAccessRec *rec = (XaceServerAccessRec*)calldata;
|
||||
access_vector_t perm = (rec->access_mode == DixReadAccess) ?
|
||||
XSERVER__GETHOSTLIST : XSERVER__SETHOSTLIST;
|
||||
|
||||
if (ServerPerm(rec->client, SECCLASS_XSERVER, perm) != Success)
|
||||
rec->status = BadAccess;
|
||||
} /* XSELinuxHostlist */
|
||||
} /* XSELinuxServer */
|
||||
|
||||
/* Extension callbacks */
|
||||
static void
|
||||
|
@ -1397,7 +1397,7 @@ XSELinuxExtensionInit(INITARGS)
|
|||
XaceRegisterCallback(XACE_EXT_DISPATCH, XSELinuxExtDispatch, NULL);
|
||||
XaceRegisterCallback(XACE_RESOURCE_ACCESS, XSELinuxResLookup, NULL);
|
||||
XaceRegisterCallback(XACE_MAP_ACCESS, XSELinuxMap, NULL);
|
||||
XaceRegisterCallback(XACE_HOSTLIST_ACCESS, XSELinuxHostlist, NULL);
|
||||
XaceRegisterCallback(XACE_SERVER_ACCESS, XSELinuxServer, NULL);
|
||||
XaceRegisterCallback(XACE_BACKGRND_ACCESS, XSELinuxBackgrnd, NULL);
|
||||
XaceRegisterCallback(XACE_DRAWABLE_ACCESS, XSELinuxDrawable, NULL);
|
||||
XaceRegisterCallback(XACE_PROPERTY_ACCESS, XSELinuxProperty, NULL);
|
||||
|
|
|
@ -3346,7 +3346,7 @@ ProcListHosts(ClientPtr client)
|
|||
REQUEST_SIZE_MATCH(xListHostsReq);
|
||||
|
||||
/* untrusted clients can't list hosts */
|
||||
result = XaceHook(XACE_HOSTLIST_ACCESS, client, DixReadAccess);
|
||||
result = XaceHook(XACE_SERVER_ACCESS, client, DixReadAccess);
|
||||
if (result != Success)
|
||||
return result;
|
||||
|
||||
|
|
|
@ -1500,7 +1500,7 @@ AuthorizedClient(ClientPtr client)
|
|||
return TRUE;
|
||||
|
||||
/* untrusted clients can't change host access */
|
||||
if (XaceHook(XACE_HOSTLIST_ACCESS, client, DixWriteAccess) != Success)
|
||||
if (XaceHook(XACE_SERVER_ACCESS, client, DixWriteAccess) != Success)
|
||||
return FALSE;
|
||||
|
||||
return LocalClient(client);
|
||||
|
|
Loading…
Reference in New Issue
Block a user