xselinux: Allow per-client device create contexts.
The previous behavior was to set the serverClient's value which was used globally. This is in support of XI2, where clients can create device pairs directly. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
This commit is contained in:
parent
66e32d252c
commit
73975ef3a3
|
@ -1318,14 +1318,6 @@ ProcSELinuxSetCreateContext(ClientPtr client, unsigned offset)
|
||||||
return BadAlloc;
|
return BadAlloc;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (offset == CTX_DEV) {
|
|
||||||
/* Device create context currently requires manage permission */
|
|
||||||
rc = XaceHook(XACE_SERVER_ACCESS, client, DixManageAccess);
|
|
||||||
if (rc != Success)
|
|
||||||
goto out;
|
|
||||||
privPtr = &serverClient->devPrivates;
|
|
||||||
}
|
|
||||||
|
|
||||||
ptr = dixLookupPrivate(privPtr, subjectKey);
|
ptr = dixLookupPrivate(privPtr, subjectKey);
|
||||||
pSid = (security_id_t *)(ptr + offset);
|
pSid = (security_id_t *)(ptr + offset);
|
||||||
sidput(*pSid);
|
sidput(*pSid);
|
||||||
|
@ -1337,7 +1329,7 @@ ProcSELinuxSetCreateContext(ClientPtr client, unsigned offset)
|
||||||
avc_context_to_sid_raw(ctx, pSid) < 0)
|
avc_context_to_sid_raw(ctx, pSid) < 0)
|
||||||
rc = BadValue;
|
rc = BadValue;
|
||||||
}
|
}
|
||||||
out:
|
|
||||||
xfree(ctx);
|
xfree(ctx);
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user