From 2b364bf970b2ce6829af656990c33afd0d365f3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rami=20Ylim=C3=A4ki?= Date: Tue, 15 Jun 2010 14:44:38 +0200 Subject: [PATCH 1/4] Revert "os: Prevent backtrace from being stopped in noreturn functions." MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 579715f830fbbca9e1ecb17dc18176132f5969e7. The patch is not needed anymore. I haven't encountered backtrace problems with GCC 4.3.3. Even if the problems still persisted, this commit should be removed and instead the definition of _X_NORETURN should be modified to be empty if GCC/ARM is used. However, currently it seems that ARM backtraces are OK even if _X_NORETURN is used and -mapcs-frame is not defined in CFLAGS. Signed-off-by: Rami Ylimäki Reviewed-by: Jamey Sharp --- configure.ac | 13 ------------- os/Makefile.am | 17 +++++------------ 2 files changed, 5 insertions(+), 25 deletions(-) diff --git a/configure.ac b/configure.ac index 1ceffe7cb..de172ce1d 100644 --- a/configure.ac +++ b/configure.ac @@ -312,19 +312,6 @@ AC_CHECK_HEADER([execinfo.h],[ ])] ) -dnl ARM needs additional compiler flags for proper backtraces if GCC is -dnl used. Compile a dummy program with the -mapcs-frame option. If it -dnl succeeds, we know that we are building for ARM with GCC. -old_CFLAGS="$CFLAGS" -CFLAGS="-mapcs-frame" -AC_COMPILE_IFELSE( - AC_LANG_PROGRAM([[ ]]), - ARM_BACKTRACE_CFLAGS="$CFLAGS", - ARM_BACKTRACE_CFLAGS="" -) -CFLAGS="$old_CFLAGS" -AC_SUBST(ARM_BACKTRACE_CFLAGS) - dnl --------------------------------------------------------------------------- dnl Bus options and CPU capabilities. Replaces logic in dnl hw/xfree86/os-support/bus/Makefile.am, among others. diff --git a/os/Makefile.am b/os/Makefile.am index 3e4f2c591..66a4a0f75 100644 --- a/os/Makefile.am +++ b/os/Makefile.am @@ -1,19 +1,11 @@ -noinst_LTLIBRARIES = libos.la liblog.la +noinst_LTLIBRARIES = libos.la AM_CFLAGS = $(DIX_CFLAGS) $(SHA1_CFLAGS) SECURERPC_SRCS = rpcauth.c XDMCP_SRCS = xdmcp.c STRLCAT_SRCS = strlcat.c strlcpy.c - -# Build a convenience library liblog.la that will be added into -# libos.la. The split is done so that log.c can be built with -# different compiler options. -liblog_la_SOURCES = log.c -# Add flags needed for proper backtraces of functions marked with GCC -# __attribute__((noreturn)). Currently those flags are needed for -# FatalError and AbortServer in log.c. -liblog_la_CFLAGS = $(AM_CFLAGS) $(ARM_BACKTRACE_CFLAGS) +XORG_SRCS = log.c libos_la_SOURCES = \ WaitFor.c \ @@ -32,8 +24,9 @@ libos_la_SOURCES = \ xdmauth.c \ xsha1.c \ xstrans.c \ - xprintf.c -libos_la_LIBADD = @SHA1_LIBS@ $(DLOPEN_LIBS) liblog.la + xprintf.c \ + $(XORG_SRCS) +libos_la_LIBADD = @SHA1_LIBS@ $(DLOPEN_LIBS) if SECURE_RPC libos_la_SOURCES += $(SECURERPC_SRCS) From 671b2a1823a1c90d0b6254e2e2af8865151fff8c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rami=20Ylim=C3=A4ki?= Date: Wed, 22 Dec 2010 16:38:54 +0200 Subject: [PATCH 2/4] config: Fix linking order of Xnest libraries. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit MAIN depends on DIX and not vice versa. Signed-off-by: Rami Ylimäki --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index de172ce1d..cbbf5c3ec 100644 --- a/configure.ac +++ b/configure.ac @@ -1507,7 +1507,7 @@ if test "x$XNEST" = xyes; then if test "x$have_xnest" = xno; then AC_MSG_ERROR([Xnest build explicitly requested, but required modules not found.]) fi - XNEST_LIBS="$FB_LIB $FIXES_LIB $MI_LIB $XEXT_LIB $DBE_LIB $RECORD_LIB $GLX_LIBS $RANDR_LIB $RENDER_LIB $DAMAGE_LIB $MIEXT_SYNC_LIB $MIEXT_DAMAGE_LIB $MIEXT_SHADOW_LIB $XI_LIB $XKB_LIB $XKB_STUB_LIB $COMPOSITE_LIB $DIX_LIB $MAIN_LIB $OS_LIB" + XNEST_LIBS="$FB_LIB $FIXES_LIB $MI_LIB $XEXT_LIB $DBE_LIB $RECORD_LIB $GLX_LIBS $RANDR_LIB $RENDER_LIB $DAMAGE_LIB $MIEXT_SYNC_LIB $MIEXT_DAMAGE_LIB $MIEXT_SHADOW_LIB $XI_LIB $XKB_LIB $XKB_STUB_LIB $COMPOSITE_LIB $MAIN_LIB $DIX_LIB $OS_LIB" XNEST_SYS_LIBS="$XNESTMODULES_LIBS $GLX_SYS_LIBS" AC_SUBST([XNEST_LIBS]) AC_SUBST([XNEST_SYS_LIBS]) From 1e933665bef26c74196bb7c59910e6a78bcacf0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rami=20Ylim=C3=A4ki?= Date: Wed, 22 Dec 2010 16:51:09 +0200 Subject: [PATCH 3/4] os: Add facilities for client ID tracking. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit An interface is provided for figuring out the PID and process name of a client. Make some existing functionality from SELinux and IA extensions available for general use. Signed-off-by: Rami Ylimäki Reviewed-by: Tiago Vignatti --- configure.ac | 13 ++ dix/dispatch.c | 10 ++ dix/main.c | 3 + hw/xfree86/loader/sdksyms.sh | 1 + include/Makefile.am | 1 + include/client.h | 59 +++++++ include/dix-config.h.in | 3 + include/dixstruct.h | 2 + os/Makefile.am | 1 + os/client.c | 310 +++++++++++++++++++++++++++++++++++ 10 files changed, 403 insertions(+) create mode 100644 include/client.h create mode 100644 os/client.c diff --git a/configure.ac b/configure.ac index cbbf5c3ec..202edf046 100644 --- a/configure.ac +++ b/configure.ac @@ -623,6 +623,7 @@ AC_ARG_ENABLE(vbe, AS_HELP_STRING([--enable-vbe], [Build Xorg with VB AC_ARG_ENABLE(int10-module, AS_HELP_STRING([--enable-int10-module], [Build Xorg with int10 module (default: enabled)]), [INT10MODULE=$enableval], [INT10MODULE=yes]) AC_ARG_ENABLE(windowswm, AS_HELP_STRING([--enable-windowswm], [Build XWin with WindowsWM extension (default: no)]), [WINDOWSWM=$enableval], [WINDOWSWM=no]) AC_ARG_ENABLE(libdrm, AS_HELP_STRING([--enable-libdrm], [Build Xorg with libdrm support (default: enabled)]), [DRM=$enableval],[DRM=yes]) +AC_ARG_ENABLE(clientids, AS_HELP_STRING([--disable-clientids], [Build Xorg with client ID tracking (default: enabled)]), [CLIENTIDS=$enableval], [CLIENTIDS=yes]) dnl DDXes. AC_ARG_ENABLE(xorg, AS_HELP_STRING([--enable-xorg], [Build Xorg server (default: auto)]), [XORG=$enableval], [XORG=auto]) @@ -976,6 +977,18 @@ if test "x$RES" = xyes; then REQUIRED_MODULES="$REQUIRED_MODULES $RESOURCEPROTO" fi +# The XRes extension may support client ID tracking only if it has +# been specifically enabled. Client ID tracking is implicitly not +# supported if XRes extension is disabled. +AC_MSG_CHECKING([whether to track client ids]) +if test "x$RES" = xyes && test "x$CLIENTIDS" = xyes; then + AC_DEFINE(CLIENTIDS, 1, [Support client ID tracking]) +else + CLIENTIDS=no +fi +AC_MSG_RESULT([$CLIENTIDS]) +AM_CONDITIONAL(CLIENTIDS, [test "x$CLIENTIDS" = xyes]) + if test "x$GLX" = xyes; then PKG_CHECK_MODULES([XLIB], [x11]) PKG_CHECK_MODULES([GL], $GLPROTO $LIBGL) diff --git a/dix/dispatch.c b/dix/dispatch.c index 7b2132d3a..601b14a71 100644 --- a/dix/dispatch.c +++ b/dix/dispatch.c @@ -130,6 +130,7 @@ int ProcInitialConnection(); #include "inputstr.h" #include "xkbsrv.h" #include "site.h" +#include "client.h" #ifdef XSERVER_DTRACE #include "registry.h" @@ -3459,6 +3460,9 @@ CloseDownClient(ClientPtr client) CallCallbacks((&ClientStateCallback), (pointer)&clientinfo); } FreeClientResources(client); + /* Disable client ID tracking. This must be done after + * ClientStateCallback. */ + ReleaseClientIds(client); #ifdef XSERVER_DTRACE XSERVER_CLIENT_DISCONNECT(client->index); #endif @@ -3496,6 +3500,7 @@ void InitClient(ClientPtr client, int i, pointer ospriv) client->smart_start_tick = SmartScheduleTime; client->smart_stop_tick = SmartScheduleTime; client->smart_check_tick = SmartScheduleTime; + client->clientIds = NULL; } /************************ @@ -3535,6 +3540,11 @@ ClientPtr NextAvailableClient(pointer ospriv) currentMaxClients++; while ((nextFreeClientID < MAXCLIENTS) && clients[nextFreeClientID]) nextFreeClientID++; + + /* Enable client ID tracking. This must be done before + * ClientStateCallback. */ + ReserveClientIds(client); + if (ClientStateCallback) { NewClientInfoRec clientinfo; diff --git a/dix/main.c b/dix/main.c index 692bec1c5..31e2d48c4 100644 --- a/dix/main.c +++ b/dix/main.c @@ -104,6 +104,7 @@ Equipment Corporation. #include "extnsionst.h" #include "privates.h" #include "registry.h" +#include "client.h" #ifdef PANORAMIX #include "panoramiXsrv.h" #else @@ -258,6 +259,7 @@ int main(int argc, char *argv[], char *envp[]) InitCoreDevices(); InitInput(argc, argv); InitAndStartDevices(); + ReserveClientIds(serverClient); dixSaveScreens(serverClient, SCREEN_SAVER_FORCER, ScreenSaverReset); @@ -323,6 +325,7 @@ int main(int argc, char *argv[], char *envp[]) screenInfo.numScreens = i; } + ReleaseClientIds(serverClient); dixFreePrivates(serverClient->devPrivates, PRIVATE_CLIENT); serverClient->devPrivates = NULL; diff --git a/hw/xfree86/loader/sdksyms.sh b/hw/xfree86/loader/sdksyms.sh index f60b8ed74..18bb73523 100755 --- a/hw/xfree86/loader/sdksyms.sh +++ b/hw/xfree86/loader/sdksyms.sh @@ -259,6 +259,7 @@ cat > sdksyms.c << EOF #include "colormap.h" #include "colormapst.h" #include "hotplug.h" +#include "client.h" #include "cursor.h" #include "cursorstr.h" #include "dix.h" diff --git a/include/Makefile.am b/include/Makefile.am index 42f008269..6f63c764f 100644 --- a/include/Makefile.am +++ b/include/Makefile.am @@ -3,6 +3,7 @@ sdk_HEADERS = \ XIstubs.h \ Xprintf.h \ callback.h \ + client.h \ closestr.h \ closure.h \ colormap.h \ diff --git a/include/client.h b/include/client.h new file mode 100644 index 000000000..aaafc7da6 --- /dev/null +++ b/include/client.h @@ -0,0 +1,59 @@ +/* + * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies). All + * rights reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/* Author: Rami Ylimäki */ + +#ifndef CLIENT_H +#define CLIENT_H + +#ifdef HAVE_DIX_CONFIG_H +#include +#endif /* HAVE_DIX_CONFIG_H */ +#include +#include + +/* Client IDs. Use GetClientPid, GetClientCmdName and GetClientCmdArgs + * instead of accessing the fields directly. */ +typedef struct { + pid_t pid; /* process ID, -1 if not available */ + const char *cmdname; /* process name, NULL if not available */ + const char *cmdargs; /* process arguments, NULL if not available */ +} ClientIdRec, *ClientIdPtr; + +struct _Client; + +/* Initialize and clean up. */ +void ReserveClientIds(struct _Client *client); +void ReleaseClientIds(struct _Client *client); + +/* Determine client IDs for caching. Exported on purpose for + * extensions such as SELinux. */ +extern _X_EXPORT pid_t DetermineClientPid(struct _Client *client); +extern _X_EXPORT void DetermineClientCmd(pid_t, const char **cmdname, const char **cmdargs); + +/* Query cached client IDs. Exported on purpose for drivers. */ +extern _X_EXPORT pid_t GetClientPid(struct _Client *client); +extern _X_EXPORT const char *GetClientCmdName(struct _Client *client); +extern _X_EXPORT const char *GetClientCmdArgs(struct _Client *client); + +#endif /* CLIENT_H */ diff --git a/include/dix-config.h.in b/include/dix-config.h.in index 5622766b8..fc93f3ec1 100644 --- a/include/dix-config.h.in +++ b/include/dix-config.h.in @@ -279,6 +279,9 @@ /* Support X resource extension */ #undef RES +/* Support client ID tracking in X resource extension */ +#undef CLIENTIDS + /* Support MIT-SCREEN-SAVER extension */ #undef SCREENSAVER diff --git a/include/dixstruct.h b/include/dixstruct.h index 8547b16ce..443e8b0ae 100644 --- a/include/dixstruct.h +++ b/include/dixstruct.h @@ -24,6 +24,7 @@ SOFTWARE. #ifndef DIXSTRUCT_H #define DIXSTRUCT_H +#include "client.h" #include "dix.h" #include "resource.h" #include "cursor.h" @@ -121,6 +122,7 @@ typedef struct _Client { long smart_check_tick; DeviceIntPtr clientPtr; + ClientIdPtr clientIds; } ClientRec; /* diff --git a/os/Makefile.am b/os/Makefile.am index 66a4a0f75..91ca110f4 100644 --- a/os/Makefile.am +++ b/os/Makefile.am @@ -12,6 +12,7 @@ libos_la_SOURCES = \ access.c \ auth.c \ backtrace.c \ + client.c \ connection.c \ io.c \ mitauth.c \ diff --git a/os/client.c b/os/client.c new file mode 100644 index 000000000..1311855d5 --- /dev/null +++ b/os/client.c @@ -0,0 +1,310 @@ +/* + * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies). All + * rights reserved. + * Copyright (c) 1993, 2010, Oracle and/or its affiliates. All rights reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @file + * + * This file contains functionality for identifying clients by various + * means. The primary purpose of identification is to simply aid in + * finding out which clients are using X server and how they are using + * it. For example, it's often necessary to monitor what requests + * clients are executing (to spot bad behaviour) and how they are + * allocating resources in X server (to spot excessive resource + * usage). + * + * This framework automatically allocates information, that can be + * used for client identification, when a client connects to the + * server. The information is freed when the client disconnects. The + * allocated information is just a collection of various IDs, such as + * PID and process name for local clients, that are likely to be + * useful in analyzing X server usage. + * + * Users of the framework can query ID information about clients at + * any time. To avoid repeated polling of IDs the users can also + * subscribe for notifications about the availability of ID + * information. IDs have been allocated before ClientStateCallback is + * called with ClientStateInitial state. Similarly the IDs will be + * released after ClientStateCallback is called with ClientStateGone + * state. + * + * Author: Rami Ylimäki + */ + +#include +#include +#include + +#include "client.h" +#include "os.h" +#include "dixstruct.h" + +/** + * Try to determine a PID for a client from its connection + * information. This should be called only once when new client has + * connected, use GetClientPid to determine the PID at other times. + * + * @param[in] client Connection linked to some process. + * + * @return PID of the client. Error (-1) if PID can't be determined + * for the client. + * + * @see GetClientPid + */ +pid_t DetermineClientPid(struct _Client *client) +{ + LocalClientCredRec *lcc = NULL; + pid_t pid = -1; + + if (client == NullClient) + return pid; + + if (client == serverClient) + return getpid(); + + if (GetLocalClientCreds(client, &lcc) != -1) + { + if (lcc->fieldsSet & LCC_PID_SET) + pid = lcc->pid; + FreeLocalClientCreds(lcc); + } + + return pid; +} + +/** + * Try to determine a command line string for a client based on its + * PID. Note that mapping PID to a command hasn't been implemented for + * some operating systems. This should be called only once when a new + * client has connected, use GetClientCmdName/Args to determine the + * string at other times. + * + * @param[in] pid Process ID of a client. + + * @param[out] cmdname Client process name without arguments. You must + * release this by calling free. On error NULL is + * returned. Pass NULL if you aren't interested in + * this value. + * @param[out] cmdargs Arguments to client process. Useful for + * identifying a client that is executed from a + * launcher program. You must release this by + * calling free. On error NULL is returned. Pass + * NULL if you aren't interested in this value. + * + * @see GetClientCmdName/Args + */ +void DetermineClientCmd(pid_t pid, const char **cmdname, const char **cmdargs) +{ + char path[PATH_MAX + 1]; + int totsize = 0; + int cmdsize = 0; + int argsize = 0; + int fd = 0; + + if (cmdname) + *cmdname = NULL; + if (cmdargs) + *cmdargs = NULL; + + if (pid == -1) + return; + + /* Check if /proc/pid/cmdline exists. It's not supported on all + * operating systems. */ + if (snprintf(path, sizeof(path), "/proc/%d/cmdline", pid) < 0) + return; + fd = open(path, O_RDONLY); + if (fd < 0) + return; + + /* Read the contents of /proc/pid/cmdline. It should contain the + * process name and arguments. */ + totsize = read(fd, path, sizeof(path)); + if (totsize <= 0) + return; + if (close(fd) < 0) + return; + path[totsize - 1] = '\0'; + + /* Contruct the process name without arguments. */ + cmdsize = strlen(path) + 1; + if (cmdname) + { + char *name = malloc(cmdsize); + if (name) + { + strncpy(name, path, cmdsize); + name[cmdsize - 1] = '\0'; + *cmdname = name; + } + } + + /* Construct the arguments for client process. */ + argsize = totsize - cmdsize; + if (cmdargs && (argsize > 0)) + { + char *args = malloc(argsize); + if (args) + { + int i = 0; + for (i = 0; i < (argsize - 1); ++i) + { + const char c = path[cmdsize + i]; + args[i] = (c == '\0') ? ' ' : c; + } + args[argsize - 1] = '\0'; + *cmdargs = args; + } + } +} + +/** + * Called when a new client connects. Allocates client ID information. + * + * @param[in] client Recently connected client. + */ +void ReserveClientIds(struct _Client *client) +{ +#ifdef CLIENTIDS + if (client == NullClient) + return; + + assert(!client->clientIds); + client->clientIds = calloc(1, sizeof(ClientIdRec)); + if (!client->clientIds) + return; + + client->clientIds->pid = DetermineClientPid(client); + if (client->clientIds->pid != -1) + DetermineClientCmd(client->clientIds->pid, &client->clientIds->cmdname, &client->clientIds->cmdargs); + + DebugF("client(%lx): Reserved pid(%d).\n", + client->clientAsMask, client->clientIds->pid); + DebugF("client(%lx): Reserved cmdname(%s) and cmdargs(%s).\n", + client->clientAsMask, + client->clientIds->cmdname ? client->clientIds->cmdname : "NULL", + client->clientIds->cmdargs ? client->clientIds->cmdargs : "NULL"); +#endif /* CLIENTIDS */ +} + +/** + * Called when an existing client disconnects. Frees client ID + * information. + * + * @param[in] client Recently disconnected client. + */ +void ReleaseClientIds(struct _Client *client) +{ +#ifdef CLIENTIDS + if (client == NullClient) + return; + + if (!client->clientIds) + return; + + DebugF("client(%lx): Released pid(%d).\n", + client->clientAsMask, client->clientIds->pid); + DebugF("client(%lx): Released cmdline(%s) and cmdargs(%s).\n", + client->clientAsMask, + client->clientIds->cmdname ? client->clientIds->cmdname : "NULL", + client->clientIds->cmdargs ? client->clientIds->cmdargs : "NULL"); + + free((void *) client->clientIds->cmdname); /* const char * */ + free((void *) client->clientIds->cmdargs); /* const char * */ + free(client->clientIds); + client->clientIds = NULL; +#endif /* CLIENTIDS */ +} + +/** + * Get cached PID of a client. + * + * param[in] client Client whose PID has been already cached. + * + * @return Cached client PID. Error (-1) if called: + * - before ClientStateInitial client state notification + * - after ClientStateGone client state notification + * - for remote clients + * + * @see DetermineClientPid + */ +pid_t GetClientPid(struct _Client *client) +{ + if (client == NullClient) + return -1; + + if (!client->clientIds) + return -1; + + return client->clientIds->pid; +} + +/** + * Get cached command name string of a client. + * + * param[in] client Client whose command line string has been already + * cached. + * + * @return Cached client command name. Error (NULL) if called: + * - before ClientStateInitial client state notification + * - after ClientStateGone client state notification + * - for remote clients + * - on OS that doesn't support mapping of PID to command line + * + * @see DetermineClientCmd + */ +const char *GetClientCmdName(struct _Client *client) +{ + if (client == NullClient) + return NULL; + + if (!client->clientIds) + return NULL; + + return client->clientIds->cmdname; +} + +/** + * Get cached command arguments string of a client. + * + * param[in] client Client whose command line string has been already + * cached. + * + * @return Cached client command arguments. Error (NULL) if called: + * - before ClientStateInitial client state notification + * - after ClientStateGone client state notification + * - for remote clients + * - on OS that doesn't support mapping of PID to command line + * + * @see DetermineClientCmd + */ +const char *GetClientCmdArgs(struct _Client *client) +{ + if (client == NullClient) + return NULL; + + if (!client->clientIds) + return NULL; + + return client->clientIds->cmdargs; +} From 296561506a91742cc150a0fb6fc0df5dbe98c780 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rami=20Ylim=C3=A4ki?= Date: Wed, 22 Dec 2010 16:57:17 +0200 Subject: [PATCH 4/4] Xext: Use general OS functions to determine client command string in SELinux. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Rami Ylimäki Reviewed-by: Tiago Vignatti --- Xext/xselinux_hooks.c | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/Xext/xselinux_hooks.c b/Xext/xselinux_hooks.c index 560e1e9bf..f1d8e5d2f 100644 --- a/Xext/xselinux_hooks.c +++ b/Xext/xselinux_hooks.c @@ -40,6 +40,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. #include "propertyst.h" #include "extnsionst.h" #include "xacestr.h" +#include "client.h" #include "../os/osdep.h" #define _XSELINUX_NEED_FLASK_MAP #include "xselinuxint.h" @@ -129,26 +130,25 @@ SELinuxLabelClient(ClientPtr client) /* For local clients, try and determine the executable name */ if (XaceIsLocal(client)) { - struct ucred creds; - socklen_t len = sizeof(creds); - char path[PATH_MAX + 1]; - size_t bytes; + /* Get cached command name if CLIENTIDS is enabled. */ + const char *cmdname = GetClientCmdName(client); + Bool cached = (cmdname != NULL); + /* If CLIENTIDS is disabled, figure out the command name from + * scratch. */ + if (!cmdname) + { + pid_t pid = DetermineClientPid(client); + if (pid != -1) + DetermineClientCmd(pid, &cmdname, NULL); + } - memset(&creds, 0, sizeof(creds)); - if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &creds, &len) < 0) + if (!cmdname) goto finish; - snprintf(path, PATH_MAX + 1, "/proc/%d/cmdline", creds.pid); - fd = open(path, O_RDONLY); - if (fd < 0) - goto finish; + strncpy(subj->command, cmdname, COMMAND_LEN - 1); - bytes = read(fd, path, PATH_MAX + 1); - close(fd); - if (bytes <= 0) - goto finish; - - strncpy(subj->command, path, COMMAND_LEN - 1); + if (!cached) + free((void *) cmdname); /* const char * */ } finish: