xace: change the semantics of the return value of XACE hooks to allow
arbitrary X status codes instead of just TRUE/FALSE. The dix layer in most cases still does not propagate the return value of XACE hooks back to the client, however. There is more error propagation work to do.
This commit is contained in:
parent
47bd311e3d
commit
9cee4ec5e6
|
@ -806,7 +806,7 @@ SecurityCheckDeviceAccess(CallbackListPtr *pcbl, pointer unused,
|
|||
case X_SetModifierMapping:
|
||||
SecurityAudit("client %d attempted request %d\n",
|
||||
client->index, reqtype);
|
||||
rec->rval = FALSE;
|
||||
rec->status = BadAccess;
|
||||
return;
|
||||
default:
|
||||
break;
|
||||
|
@ -875,7 +875,7 @@ SecurityCheckDeviceAccess(CallbackListPtr *pcbl, pointer unused,
|
|||
else
|
||||
SecurityAudit("client %d attempted to access device %d (%s)\n",
|
||||
client->index, dev->id, devname);
|
||||
rec->rval = FALSE;
|
||||
rec->status = BadAccess;
|
||||
}
|
||||
return;
|
||||
} /* SecurityCheckDeviceAccess */
|
||||
|
@ -1084,7 +1084,7 @@ SecurityCheckResourceIDAccess(CallbackListPtr *pcbl, pointer unused,
|
|||
return;
|
||||
deny:
|
||||
SecurityAuditResourceIDAccess(client, id);
|
||||
rec->rval = FALSE; /* deny access */
|
||||
rec->status = BadAccess; /* deny access */
|
||||
} /* SecurityCheckResourceIDAccess */
|
||||
|
||||
|
||||
|
@ -1176,7 +1176,7 @@ SecurityCheckDrawableAccess(CallbackListPtr *pcbl, pointer unused,
|
|||
XaceDrawableAccessRec *rec = (XaceDrawableAccessRec*)calldata;
|
||||
|
||||
if (TRUSTLEVEL(rec->client) != XSecurityClientTrusted)
|
||||
rec->rval = FALSE;
|
||||
rec->status = BadAccess;
|
||||
}
|
||||
|
||||
static void
|
||||
|
@ -1192,7 +1192,7 @@ SecurityCheckMapAccess(CallbackListPtr *pcbl, pointer unused,
|
|||
pWin->parent && pWin->parent->parent &&
|
||||
(TRUSTLEVEL(wClient(pWin->parent)) == XSecurityClientTrusted))
|
||||
|
||||
rec->rval = FALSE;
|
||||
rec->status = BadAccess;
|
||||
}
|
||||
|
||||
static void
|
||||
|
@ -1202,7 +1202,7 @@ SecurityCheckBackgrndAccess(CallbackListPtr *pcbl, pointer unused,
|
|||
XaceMapAccessRec *rec = (XaceMapAccessRec*)calldata;
|
||||
|
||||
if (TRUSTLEVEL(rec->client) != XSecurityClientTrusted)
|
||||
rec->rval = FALSE;
|
||||
rec->status = BadAccess;
|
||||
}
|
||||
|
||||
static void
|
||||
|
@ -1214,7 +1214,7 @@ SecurityCheckExtAccess(CallbackListPtr *pcbl, pointer unused,
|
|||
if ((TRUSTLEVEL(rec->client) != XSecurityClientTrusted) &&
|
||||
!EXTLEVEL(rec->ext))
|
||||
|
||||
rec->rval = FALSE;
|
||||
rec->status = BadAccess;
|
||||
}
|
||||
|
||||
static void
|
||||
|
@ -1225,7 +1225,7 @@ SecurityCheckHostlistAccess(CallbackListPtr *pcbl, pointer unused,
|
|||
|
||||
if (TRUSTLEVEL(rec->client) != XSecurityClientTrusted)
|
||||
{
|
||||
rec->rval = FALSE;
|
||||
rec->status = BadAccess;
|
||||
if (rec->access_mode == DixWriteAccess)
|
||||
SecurityAudit("client %d attempted to change host access\n",
|
||||
rec->client->index);
|
||||
|
@ -1255,14 +1255,14 @@ typedef struct _PropertyAccessRec {
|
|||
#define SecurityAnyWindow 0
|
||||
#define SecurityRootWindow 1
|
||||
#define SecurityWindowWithProperty 2
|
||||
char readAction;
|
||||
char writeAction;
|
||||
char destroyAction;
|
||||
int readAction;
|
||||
int writeAction;
|
||||
int destroyAction;
|
||||
struct _PropertyAccessRec *next;
|
||||
} PropertyAccessRec, *PropertyAccessPtr;
|
||||
|
||||
static PropertyAccessPtr PropertyAccessList = NULL;
|
||||
static char SecurityDefaultAction = XaceErrorOperation;
|
||||
static int SecurityDefaultAction = BadAtom;
|
||||
static char *SecurityPolicyFile = DEFAULTPOLICYFILE;
|
||||
static ATOM SecurityMaxPropertyName = 0;
|
||||
|
||||
|
@ -1372,8 +1372,8 @@ SecurityParsePropertyAccessRule(
|
|||
{
|
||||
char *propname;
|
||||
char c;
|
||||
char action = SecurityDefaultAction;
|
||||
char readAction, writeAction, destroyAction;
|
||||
int action = SecurityDefaultAction;
|
||||
int readAction, writeAction, destroyAction;
|
||||
PropertyAccessPtr pacl, prev, cur;
|
||||
char *mustHaveProperty = NULL;
|
||||
char *mustHaveValue = NULL;
|
||||
|
@ -1418,9 +1418,9 @@ SecurityParsePropertyAccessRule(
|
|||
{
|
||||
switch (c)
|
||||
{
|
||||
case 'i': action = XaceIgnoreOperation; break;
|
||||
case 'a': action = XaceAllowOperation; break;
|
||||
case 'e': action = XaceErrorOperation; break;
|
||||
case 'i': action = XaceIgnoreError; break;
|
||||
case 'a': action = Success; break;
|
||||
case 'e': action = BadAtom; break;
|
||||
|
||||
case 'r': readAction = action; break;
|
||||
case 'w': writeAction = action; break;
|
||||
|
@ -1678,7 +1678,7 @@ SecurityCheckPropertyAccess(CallbackListPtr *pcbl, pointer unused,
|
|||
ATOM propertyName = rec->pProp->propertyName;
|
||||
Mask access_mode = rec->access_mode;
|
||||
PropertyAccessPtr pacl;
|
||||
char action = SecurityDefaultAction;
|
||||
int action = SecurityDefaultAction;
|
||||
|
||||
/* if client trusted or window untrusted, allow operation */
|
||||
|
||||
|
@ -1757,7 +1757,7 @@ SecurityCheckPropertyAccess(CallbackListPtr *pcbl, pointer unused,
|
|||
* If pacl doesn't apply, something above should have
|
||||
* executed a continue, which will skip the follwing code.
|
||||
*/
|
||||
action = XaceAllowOperation;
|
||||
action = Success;
|
||||
if (access_mode & DixReadAccess)
|
||||
action = max(action, pacl->readAction);
|
||||
if (access_mode & DixWriteAccess)
|
||||
|
@ -1768,19 +1768,18 @@ SecurityCheckPropertyAccess(CallbackListPtr *pcbl, pointer unused,
|
|||
} /* end for each pacl */
|
||||
} /* end if propertyName <= SecurityMaxPropertyName */
|
||||
|
||||
if (XaceAllowOperation != action)
|
||||
if (action != Success)
|
||||
{ /* audit the access violation */
|
||||
int cid = CLIENT_ID(pWin->drawable.id);
|
||||
int reqtype = ((xReq *)client->requestBuffer)->reqType;
|
||||
char *actionstr = (XaceIgnoreOperation == action) ?
|
||||
"ignored" : "error";
|
||||
char *actionstr = (XaceIgnoreError == action) ? "ignored" : "error";
|
||||
SecurityAudit("client %d attempted request %d with window 0x%x property %s (atom 0x%x) of client %d, %s\n",
|
||||
client->index, reqtype, pWin->drawable.id,
|
||||
NameForAtom(propertyName), propertyName, cid, actionstr);
|
||||
}
|
||||
/* return codes increase with strictness */
|
||||
if (action > rec->rval)
|
||||
rec->rval = action;
|
||||
if (action != Success)
|
||||
rec->status = action;
|
||||
} /* SecurityCheckPropertyAccess */
|
||||
|
||||
|
||||
|
|
49
Xext/xace.c
49
Xext/xace.c
|
@ -61,10 +61,10 @@ int XaceHook(int hook, ...)
|
|||
case XACE_CORE_DISPATCH: {
|
||||
XaceCoreDispatchRec rec = {
|
||||
va_arg(ap, ClientPtr),
|
||||
TRUE /* default allow */
|
||||
Success /* default allow */
|
||||
};
|
||||
calldata = &rec;
|
||||
prv = &rec.rval;
|
||||
prv = &rec.status;
|
||||
break;
|
||||
}
|
||||
case XACE_RESOURCE_ACCESS: {
|
||||
|
@ -74,10 +74,10 @@ int XaceHook(int hook, ...)
|
|||
va_arg(ap, RESTYPE),
|
||||
va_arg(ap, Mask),
|
||||
va_arg(ap, pointer),
|
||||
TRUE /* default allow */
|
||||
Success /* default allow */
|
||||
};
|
||||
calldata = &rec;
|
||||
prv = &rec.rval;
|
||||
prv = &rec.status;
|
||||
break;
|
||||
}
|
||||
case XACE_DEVICE_ACCESS: {
|
||||
|
@ -85,10 +85,10 @@ int XaceHook(int hook, ...)
|
|||
va_arg(ap, ClientPtr),
|
||||
va_arg(ap, DeviceIntPtr),
|
||||
va_arg(ap, Bool),
|
||||
TRUE /* default allow */
|
||||
Success /* default allow */
|
||||
};
|
||||
calldata = &rec;
|
||||
prv = &rec.rval;
|
||||
prv = &rec.status;
|
||||
break;
|
||||
}
|
||||
case XACE_PROPERTY_ACCESS: {
|
||||
|
@ -97,20 +97,20 @@ int XaceHook(int hook, ...)
|
|||
va_arg(ap, WindowPtr),
|
||||
va_arg(ap, PropertyPtr),
|
||||
va_arg(ap, Mask),
|
||||
XaceAllowOperation /* default allow */
|
||||
Success /* default allow */
|
||||
};
|
||||
calldata = &rec;
|
||||
prv = &rec.rval;
|
||||
prv = &rec.status;
|
||||
break;
|
||||
}
|
||||
case XACE_DRAWABLE_ACCESS: {
|
||||
XaceDrawableAccessRec rec = {
|
||||
va_arg(ap, ClientPtr),
|
||||
va_arg(ap, DrawablePtr),
|
||||
TRUE /* default allow */
|
||||
Success /* default allow */
|
||||
};
|
||||
calldata = &rec;
|
||||
prv = &rec.rval;
|
||||
prv = &rec.status;
|
||||
break;
|
||||
}
|
||||
case XACE_MAP_ACCESS:
|
||||
|
@ -118,10 +118,10 @@ int XaceHook(int hook, ...)
|
|||
XaceMapAccessRec rec = {
|
||||
va_arg(ap, ClientPtr),
|
||||
va_arg(ap, WindowPtr),
|
||||
TRUE /* default allow */
|
||||
Success /* default allow */
|
||||
};
|
||||
calldata = &rec;
|
||||
prv = &rec.rval;
|
||||
prv = &rec.status;
|
||||
break;
|
||||
}
|
||||
case XACE_EXT_DISPATCH:
|
||||
|
@ -129,20 +129,20 @@ int XaceHook(int hook, ...)
|
|||
XaceExtAccessRec rec = {
|
||||
va_arg(ap, ClientPtr),
|
||||
va_arg(ap, ExtensionEntry*),
|
||||
TRUE /* default allow */
|
||||
Success /* default allow */
|
||||
};
|
||||
calldata = &rec;
|
||||
prv = &rec.rval;
|
||||
prv = &rec.status;
|
||||
break;
|
||||
}
|
||||
case XACE_HOSTLIST_ACCESS: {
|
||||
XaceHostlistAccessRec rec = {
|
||||
va_arg(ap, ClientPtr),
|
||||
va_arg(ap, Mask),
|
||||
TRUE /* default allow */
|
||||
Success /* default allow */
|
||||
};
|
||||
calldata = &rec;
|
||||
prv = &rec.rval;
|
||||
prv = &rec.status;
|
||||
break;
|
||||
}
|
||||
case XACE_SELECTION_ACCESS: {
|
||||
|
@ -150,20 +150,20 @@ int XaceHook(int hook, ...)
|
|||
va_arg(ap, ClientPtr),
|
||||
va_arg(ap, Selection*),
|
||||
va_arg(ap, Mask),
|
||||
TRUE /* default allow */
|
||||
Success /* default allow */
|
||||
};
|
||||
calldata = &rec;
|
||||
prv = &rec.rval;
|
||||
prv = &rec.status;
|
||||
break;
|
||||
}
|
||||
case XACE_SITE_POLICY: {
|
||||
XaceSitePolicyRec rec = {
|
||||
va_arg(ap, char*),
|
||||
va_arg(ap, int),
|
||||
FALSE /* default unrecognized */
|
||||
BadValue /* default unrecognized */
|
||||
};
|
||||
calldata = &rec;
|
||||
prv = &rec.rval;
|
||||
prv = &rec.status;
|
||||
break;
|
||||
}
|
||||
case XACE_DECLARE_EXT_SECURE: {
|
||||
|
@ -271,13 +271,14 @@ static int
|
|||
XaceCatchDispatchProc(ClientPtr client)
|
||||
{
|
||||
REQUEST(xReq);
|
||||
int major = stuff->reqType;
|
||||
int rc, major = stuff->reqType;
|
||||
|
||||
if (!ProcVector[major])
|
||||
return (BadRequest);
|
||||
|
||||
if (!XaceHook(XACE_CORE_DISPATCH, client))
|
||||
return (BadAccess);
|
||||
rc = XaceHook(XACE_CORE_DISPATCH, client);
|
||||
if (rc != Success)
|
||||
return rc;
|
||||
|
||||
return client->swapped ?
|
||||
(* SwappedProcVector[major])(client) :
|
||||
|
@ -294,7 +295,7 @@ XaceCatchExtProc(ClientPtr client)
|
|||
if (!ext || !ProcVector[major])
|
||||
return (BadRequest);
|
||||
|
||||
if (!XaceHook(XACE_EXT_DISPATCH, client, ext))
|
||||
if (XaceHook(XACE_EXT_DISPATCH, client, ext) != Success)
|
||||
return (BadRequest); /* pretend extension doesn't exist */
|
||||
|
||||
return client->swapped ?
|
||||
|
|
12
Xext/xace.h
12
Xext/xace.h
|
@ -20,10 +20,10 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|||
#ifndef _XACE_H
|
||||
#define _XACE_H
|
||||
|
||||
/* Hook return codes */
|
||||
#define XaceErrorOperation 0
|
||||
#define XaceAllowOperation 1
|
||||
#define XaceIgnoreOperation 2
|
||||
/* Special value used for ignore operation. This is a deprecated feature
|
||||
* only for Security extension support. Do not use in new code.
|
||||
*/
|
||||
#define XaceIgnoreError BadRequest
|
||||
|
||||
#ifdef XACE
|
||||
|
||||
|
@ -97,10 +97,10 @@ extern void XaceCensorImage(
|
|||
/* Define calls away when XACE is not being built. */
|
||||
|
||||
#ifdef __GNUC__
|
||||
#define XaceHook(args...) XaceAllowOperation
|
||||
#define XaceHook(args...) Success
|
||||
#define XaceCensorImage(args...) { ; }
|
||||
#else
|
||||
#define XaceHook(...) XaceAllowOperation
|
||||
#define XaceHook(...) Success
|
||||
#define XaceCensorImage(...) { ; }
|
||||
#endif
|
||||
|
||||
|
|
|
@ -33,7 +33,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|||
/* XACE_CORE_DISPATCH */
|
||||
typedef struct {
|
||||
ClientPtr client;
|
||||
int rval;
|
||||
int status;
|
||||
} XaceCoreDispatchRec;
|
||||
|
||||
/* XACE_RESOURCE_ACCESS */
|
||||
|
@ -43,7 +43,7 @@ typedef struct {
|
|||
RESTYPE rtype;
|
||||
Mask access_mode;
|
||||
pointer res;
|
||||
int rval;
|
||||
int status;
|
||||
} XaceResourceAccessRec;
|
||||
|
||||
/* XACE_DEVICE_ACCESS */
|
||||
|
@ -51,7 +51,7 @@ typedef struct {
|
|||
ClientPtr client;
|
||||
DeviceIntPtr dev;
|
||||
Bool fromRequest;
|
||||
int rval;
|
||||
int status;
|
||||
} XaceDeviceAccessRec;
|
||||
|
||||
/* XACE_PROPERTY_ACCESS */
|
||||
|
@ -60,14 +60,14 @@ typedef struct {
|
|||
WindowPtr pWin;
|
||||
PropertyPtr pProp;
|
||||
Mask access_mode;
|
||||
int rval;
|
||||
int status;
|
||||
} XacePropertyAccessRec;
|
||||
|
||||
/* XACE_DRAWABLE_ACCESS */
|
||||
typedef struct {
|
||||
ClientPtr client;
|
||||
DrawablePtr pDraw;
|
||||
int rval;
|
||||
int status;
|
||||
} XaceDrawableAccessRec;
|
||||
|
||||
/* XACE_MAP_ACCESS */
|
||||
|
@ -75,7 +75,7 @@ typedef struct {
|
|||
typedef struct {
|
||||
ClientPtr client;
|
||||
WindowPtr pWin;
|
||||
int rval;
|
||||
int status;
|
||||
} XaceMapAccessRec;
|
||||
|
||||
/* XACE_EXT_DISPATCH */
|
||||
|
@ -83,14 +83,14 @@ typedef struct {
|
|||
typedef struct {
|
||||
ClientPtr client;
|
||||
ExtensionEntry *ext;
|
||||
int rval;
|
||||
int status;
|
||||
} XaceExtAccessRec;
|
||||
|
||||
/* XACE_HOSTLIST_ACCESS */
|
||||
typedef struct {
|
||||
ClientPtr client;
|
||||
Mask access_mode;
|
||||
int rval;
|
||||
int status;
|
||||
} XaceHostlistAccessRec;
|
||||
|
||||
/* XACE_SELECTION_ACCESS */
|
||||
|
@ -98,14 +98,14 @@ typedef struct {
|
|||
ClientPtr client;
|
||||
Selection *selection;
|
||||
Mask access_mode;
|
||||
int rval;
|
||||
int status;
|
||||
} XaceSelectionAccessRec;
|
||||
|
||||
/* XACE_SITE_POLICY */
|
||||
typedef struct {
|
||||
char *policyString;
|
||||
int len;
|
||||
int rval;
|
||||
int status;
|
||||
} XaceSitePolicyRec;
|
||||
|
||||
/* XACE_DECLARE_EXT_SECURE */
|
||||
|
|
234
Xext/xselinux.c
234
Xext/xselinux.c
|
@ -193,7 +193,7 @@ SwapXID(ClientPtr client, XID id)
|
|||
* class: Security class of the server object being accessed.
|
||||
* perm: Permissions required on the object.
|
||||
*
|
||||
* Returns: boolean TRUE=allowed, FALSE=denied.
|
||||
* Returns: X status code.
|
||||
*/
|
||||
static int
|
||||
ServerPerm(ClientPtr client,
|
||||
|
@ -211,18 +211,19 @@ ServerPerm(ClientPtr client,
|
|||
if (avc_has_perm(SID(client), RSID(serverClient,idx), class,
|
||||
perm, &AEREF(client), &auditdata) < 0)
|
||||
{
|
||||
if (errno != EACCES)
|
||||
ErrorF("ServerPerm: unexpected error %d\n", errno);
|
||||
return FALSE;
|
||||
if (errno == EACCES)
|
||||
return BadAccess;
|
||||
ErrorF("ServerPerm: unexpected error %d\n", errno);
|
||||
return BadValue;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
ErrorF("No client state in server-perm check!\n");
|
||||
return TRUE;
|
||||
return Success;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
return Success;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -234,7 +235,7 @@ ServerPerm(ClientPtr client,
|
|||
* class: Security class of the resource being accessed.
|
||||
* perm: Permissions required on the resource.
|
||||
*
|
||||
* Returns: boolean TRUE=allowed, FALSE=denied.
|
||||
* Returns: X status code.
|
||||
*/
|
||||
static int
|
||||
IDPerm(ClientPtr sclient,
|
||||
|
@ -247,7 +248,7 @@ IDPerm(ClientPtr sclient,
|
|||
XSELinuxAuditRec auditdata;
|
||||
|
||||
if (id == None)
|
||||
return TRUE;
|
||||
return Success;
|
||||
|
||||
CheckXID(id);
|
||||
tclient = clients[CLIENT_ID(id)];
|
||||
|
@ -259,7 +260,7 @@ IDPerm(ClientPtr sclient,
|
|||
*/
|
||||
if (!tclient || !HAVESTATE(tclient) || !HAVESTATE(sclient))
|
||||
{
|
||||
return TRUE;
|
||||
return Success;
|
||||
}
|
||||
|
||||
auditdata.client = sclient;
|
||||
|
@ -269,12 +270,13 @@ IDPerm(ClientPtr sclient,
|
|||
if (avc_has_perm(SID(sclient), RSID(tclient,idx), class,
|
||||
perm, &AEREF(sclient), &auditdata) < 0)
|
||||
{
|
||||
if (errno != EACCES)
|
||||
ErrorF("IDPerm: unexpected error %d\n", errno);
|
||||
return FALSE;
|
||||
if (errno == EACCES)
|
||||
return BadAccess;
|
||||
ErrorF("IDPerm: unexpected error %d\n", errno);
|
||||
return BadValue;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
return Success;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -501,8 +503,9 @@ FreeClientState(ClientPtr client)
|
|||
#define REQUEST_SIZE_CHECK(client, req) \
|
||||
(client->req_len >= (sizeof(req) >> 2))
|
||||
#define IDPERM(client, req, field, class, perm) \
|
||||
(REQUEST_SIZE_CHECK(client,req) && \
|
||||
IDPerm(client, SwapXID(client,((req*)stuff)->field), class, perm))
|
||||
(REQUEST_SIZE_CHECK(client,req) ? \
|
||||
IDPerm(client, SwapXID(client,((req*)stuff)->field), class, perm) : \
|
||||
BadLength)
|
||||
|
||||
static int
|
||||
CheckSendEventPerms(ClientPtr client)
|
||||
|
@ -513,7 +516,7 @@ CheckSendEventPerms(ClientPtr client)
|
|||
|
||||
/* might need type bounds checking here */
|
||||
if (!REQUEST_SIZE_CHECK(client, xSendEventReq))
|
||||
return FALSE;
|
||||
return BadLength;
|
||||
|
||||
switch (stuff->event.u.u.type) {
|
||||
case SelectionClear:
|
||||
|
@ -574,11 +577,11 @@ static int
|
|||
CheckConvertSelectionPerms(ClientPtr client)
|
||||
{
|
||||
register char n;
|
||||
int rval = TRUE;
|
||||
int rval = Success;
|
||||
REQUEST(xConvertSelectionReq);
|
||||
|
||||
if (!REQUEST_SIZE_CHECK(client, xConvertSelectionReq))
|
||||
return FALSE;
|
||||
return BadLength;
|
||||
|
||||
if (client->swapped)
|
||||
{
|
||||
|
@ -591,24 +594,26 @@ CheckConvertSelectionPerms(ClientPtr client)
|
|||
int i = 0;
|
||||
while ((i < NumCurrentSelections) &&
|
||||
CurrentSelections[i].selection != stuff->selection) i++;
|
||||
if (i < NumCurrentSelections)
|
||||
rval = rval && IDPerm(client, CurrentSelections[i].window,
|
||||
SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT);
|
||||
}
|
||||
rval = rval && IDPerm(client, stuff->requestor,
|
||||
if (i < NumCurrentSelections) {
|
||||
rval = IDPerm(client, CurrentSelections[i].window,
|
||||
SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT);
|
||||
return rval;
|
||||
if (rval != Success)
|
||||
return rval;
|
||||
}
|
||||
}
|
||||
return IDPerm(client, stuff->requestor,
|
||||
SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT);
|
||||
}
|
||||
|
||||
static int
|
||||
CheckSetSelectionOwnerPerms(ClientPtr client)
|
||||
{
|
||||
register char n;
|
||||
int rval = TRUE;
|
||||
int rval = Success;
|
||||
REQUEST(xSetSelectionOwnerReq);
|
||||
|
||||
if (!REQUEST_SIZE_CHECK(client, xSetSelectionOwnerReq))
|
||||
return FALSE;
|
||||
return BadLength;
|
||||
|
||||
if (client->swapped)
|
||||
{
|
||||
|
@ -621,13 +626,15 @@ CheckSetSelectionOwnerPerms(ClientPtr client)
|
|||
int i = 0;
|
||||
while ((i < NumCurrentSelections) &&
|
||||
CurrentSelections[i].selection != stuff->selection) i++;
|
||||
if (i < NumCurrentSelections)
|
||||
rval = rval && IDPerm(client, CurrentSelections[i].window,
|
||||
SECCLASS_WINDOW, WINDOW__CHSELECTION);
|
||||
}
|
||||
rval = rval && IDPerm(client, stuff->window,
|
||||
if (i < NumCurrentSelections) {
|
||||
rval = IDPerm(client, CurrentSelections[i].window,
|
||||
SECCLASS_WINDOW, WINDOW__CHSELECTION);
|
||||
if (rval != Success)
|
||||
return rval;
|
||||
}
|
||||
}
|
||||
return IDPerm(client, stuff->window,
|
||||
SECCLASS_WINDOW, WINDOW__CHSELECTION);
|
||||
return rval;
|
||||
}
|
||||
|
||||
static void
|
||||
|
@ -636,7 +643,7 @@ XSELinuxCoreDispatch(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
|||
XaceCoreDispatchRec *rec = (XaceCoreDispatchRec*)calldata;
|
||||
ClientPtr client = rec->client;
|
||||
REQUEST(xReq);
|
||||
Bool rval;
|
||||
int rval = Success, rval2 = Success, rval3 = Success;
|
||||
|
||||
switch(stuff->reqType) {
|
||||
/* Drawable class control requirements */
|
||||
|
@ -668,9 +675,9 @@ XSELinuxCoreDispatch(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
|||
case X_CopyArea:
|
||||
case X_CopyPlane:
|
||||
rval = IDPERM(client, xCopyAreaReq, srcDrawable,
|
||||
SECCLASS_DRAWABLE, DRAWABLE__COPY)
|
||||
&& IDPERM(client, xCopyAreaReq, dstDrawable,
|
||||
SECCLASS_DRAWABLE, DRAWABLE__DRAW);
|
||||
SECCLASS_DRAWABLE, DRAWABLE__COPY);
|
||||
rval2 = IDPERM(client, xCopyAreaReq, dstDrawable,
|
||||
SECCLASS_DRAWABLE, DRAWABLE__DRAW);
|
||||
break;
|
||||
case X_GetImage:
|
||||
rval = IDPERM(client, xGetImageReq, drawable,
|
||||
|
@ -712,12 +719,12 @@ XSELinuxCoreDispatch(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
|||
case X_CreateWindow:
|
||||
rval = IDPERM(client, xCreateWindowReq, wid,
|
||||
SECCLASS_WINDOW,
|
||||
WINDOW__CREATE | WINDOW__SETATTR | WINDOW__MOVE)
|
||||
&& IDPERM(client, xCreateWindowReq, parent,
|
||||
SECCLASS_WINDOW,
|
||||
WINDOW__CHSTACK | WINDOW__ADDCHILD)
|
||||
&& IDPERM(client, xCreateWindowReq, wid,
|
||||
SECCLASS_DRAWABLE, DRAWABLE__CREATE);
|
||||
WINDOW__CREATE | WINDOW__SETATTR | WINDOW__MOVE);
|
||||
rval2 = IDPERM(client, xCreateWindowReq, parent,
|
||||
SECCLASS_WINDOW,
|
||||
WINDOW__CHSTACK | WINDOW__ADDCHILD);
|
||||
rval3 = IDPERM(client, xCreateWindowReq, wid,
|
||||
SECCLASS_DRAWABLE, DRAWABLE__CREATE);
|
||||
break;
|
||||
case X_DeleteProperty:
|
||||
rval = IDPERM(client, xDeletePropertyReq, window,
|
||||
|
@ -728,9 +735,9 @@ XSELinuxCoreDispatch(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
|||
case X_DestroySubwindows:
|
||||
rval = IDPERM(client, xResourceReq, id,
|
||||
SECCLASS_WINDOW,
|
||||
WINDOW__ENUMERATE | WINDOW__UNMAP | WINDOW__DESTROY)
|
||||
&& IDPERM(client, xResourceReq, id,
|
||||
SECCLASS_DRAWABLE, DRAWABLE__DESTROY);
|
||||
WINDOW__ENUMERATE | WINDOW__UNMAP | WINDOW__DESTROY);
|
||||
rval2 = IDPERM(client, xResourceReq, id,
|
||||
SECCLASS_DRAWABLE, DRAWABLE__DESTROY);
|
||||
break;
|
||||
case X_GetMotionEvents:
|
||||
rval = IDPERM(client, xGetMotionEventsReq, window,
|
||||
|
@ -768,26 +775,26 @@ XSELinuxCoreDispatch(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
|||
break;
|
||||
case X_ReparentWindow:
|
||||
rval = IDPERM(client, xReparentWindowReq, window,
|
||||
SECCLASS_WINDOW, WINDOW__CHPARENT | WINDOW__MOVE)
|
||||
&& IDPERM(client, xReparentWindowReq, parent,
|
||||
SECCLASS_WINDOW, WINDOW__CHSTACK | WINDOW__ADDCHILD);
|
||||
SECCLASS_WINDOW, WINDOW__CHPARENT | WINDOW__MOVE);
|
||||
rval2 = IDPERM(client, xReparentWindowReq, parent,
|
||||
SECCLASS_WINDOW, WINDOW__CHSTACK | WINDOW__ADDCHILD);
|
||||
break;
|
||||
case X_SendEvent:
|
||||
rval = CheckSendEventPerms(client);
|
||||
break;
|
||||
case X_SetInputFocus:
|
||||
rval = IDPERM(client, xSetInputFocusReq, focus,
|
||||
SECCLASS_WINDOW, WINDOW__SETFOCUS)
|
||||
&& ServerPerm(client, SECCLASS_XINPUT, XINPUT__SETFOCUS);
|
||||
SECCLASS_WINDOW, WINDOW__SETFOCUS);
|
||||
rval2 = ServerPerm(client, SECCLASS_XINPUT, XINPUT__SETFOCUS);
|
||||
break;
|
||||
case X_SetSelectionOwner:
|
||||
rval = CheckSetSelectionOwnerPerms(client);
|
||||
break;
|
||||
case X_TranslateCoords:
|
||||
rval = IDPERM(client, xTranslateCoordsReq, srcWid,
|
||||
SECCLASS_WINDOW, WINDOW__GETATTR)
|
||||
&& IDPERM(client, xTranslateCoordsReq, dstWid,
|
||||
SECCLASS_WINDOW, WINDOW__GETATTR);
|
||||
rval2 = IDPERM(client, xTranslateCoordsReq, dstWid,
|
||||
SECCLASS_WINDOW, WINDOW__GETATTR);
|
||||
break;
|
||||
case X_UnmapWindow:
|
||||
case X_UnmapSubwindows:
|
||||
|
@ -798,10 +805,10 @@ XSELinuxCoreDispatch(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
|||
break;
|
||||
case X_WarpPointer:
|
||||
rval = IDPERM(client, xWarpPointerReq, srcWid,
|
||||
SECCLASS_WINDOW, WINDOW__GETATTR)
|
||||
&& IDPERM(client, xWarpPointerReq, dstWid,
|
||||
SECCLASS_WINDOW, WINDOW__GETATTR)
|
||||
&& ServerPerm(client, SECCLASS_XINPUT, XINPUT__WARPPOINTER);
|
||||
SECCLASS_WINDOW, WINDOW__GETATTR);
|
||||
rval2 = IDPERM(client, xWarpPointerReq, dstWid,
|
||||
SECCLASS_WINDOW, WINDOW__GETATTR);
|
||||
rval3 = ServerPerm(client, SECCLASS_XINPUT, XINPUT__WARPPOINTER);
|
||||
break;
|
||||
|
||||
/* Input class control requirements */
|
||||
|
@ -852,16 +859,16 @@ XSELinuxCoreDispatch(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
|||
break;
|
||||
case X_CopyColormapAndFree:
|
||||
rval = IDPERM(client, xCopyColormapAndFreeReq, mid,
|
||||
SECCLASS_COLORMAP, COLORMAP__CREATE)
|
||||
&& IDPERM(client, xCopyColormapAndFreeReq, srcCmap,
|
||||
SECCLASS_COLORMAP,
|
||||
COLORMAP__READ | COLORMAP__FREE);
|
||||
SECCLASS_COLORMAP, COLORMAP__CREATE);
|
||||
rval2 = IDPERM(client, xCopyColormapAndFreeReq, srcCmap,
|
||||
SECCLASS_COLORMAP,
|
||||
COLORMAP__READ | COLORMAP__FREE);
|
||||
break;
|
||||
case X_CreateColormap:
|
||||
rval = IDPERM(client, xCreateColormapReq, mid,
|
||||
SECCLASS_COLORMAP, COLORMAP__CREATE)
|
||||
&& IDPERM(client, xCreateColormapReq, window,
|
||||
SECCLASS_DRAWABLE, DRAWABLE__DRAW);
|
||||
SECCLASS_COLORMAP, COLORMAP__CREATE);
|
||||
rval2 = IDPERM(client, xCreateColormapReq, window,
|
||||
SECCLASS_DRAWABLE, DRAWABLE__DRAW);
|
||||
break;
|
||||
case X_FreeColormap:
|
||||
rval = IDPERM(client, xResourceReq, id,
|
||||
|
@ -873,8 +880,8 @@ XSELinuxCoreDispatch(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
|||
break;
|
||||
case X_InstallColormap:
|
||||
rval = IDPERM(client, xResourceReq, id,
|
||||
SECCLASS_COLORMAP, COLORMAP__INSTALL)
|
||||
&& ServerPerm(client, SECCLASS_COLORMAP, COLORMAP__INSTALL);
|
||||
SECCLASS_COLORMAP, COLORMAP__INSTALL);
|
||||
rval2 = ServerPerm(client, SECCLASS_COLORMAP, COLORMAP__INSTALL);
|
||||
break;
|
||||
case X_ListInstalledColormaps:
|
||||
rval = ServerPerm(client, SECCLASS_COLORMAP, COLORMAP__LIST);
|
||||
|
@ -891,8 +898,8 @@ XSELinuxCoreDispatch(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
|||
break;
|
||||
case X_UninstallColormap:
|
||||
rval = IDPERM(client, xResourceReq, id,
|
||||
SECCLASS_COLORMAP, COLORMAP__UNINSTALL)
|
||||
&& ServerPerm(client, SECCLASS_COLORMAP, COLORMAP__UNINSTALL);
|
||||
SECCLASS_COLORMAP, COLORMAP__UNINSTALL);
|
||||
rval2 = ServerPerm(client, SECCLASS_COLORMAP, COLORMAP__UNINSTALL);
|
||||
break;
|
||||
|
||||
/* Font class control requirements */
|
||||
|
@ -907,18 +914,18 @@ XSELinuxCoreDispatch(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
|||
SECCLASS_DRAWABLE, DRAWABLE__DRAW);
|
||||
break;
|
||||
case X_OpenFont:
|
||||
rval = ServerPerm(client, SECCLASS_FONT, FONT__LOAD)
|
||||
&& IDPERM(client, xOpenFontReq, fid,
|
||||
SECCLASS_FONT, FONT__USE);
|
||||
rval = ServerPerm(client, SECCLASS_FONT, FONT__LOAD);
|
||||
rval2 = IDPERM(client, xOpenFontReq, fid,
|
||||
SECCLASS_FONT, FONT__USE);
|
||||
break;
|
||||
case X_PolyText8:
|
||||
case X_PolyText16:
|
||||
/* Font accesses checked through the resource manager */
|
||||
rval = ServerPerm(client, SECCLASS_FONT, FONT__LOAD)
|
||||
&& IDPERM(client, xPolyTextReq, gc,
|
||||
SECCLASS_GC, GC__SETATTR)
|
||||
&& IDPERM(client, xPolyTextReq, drawable,
|
||||
SECCLASS_DRAWABLE, DRAWABLE__DRAW);
|
||||
rval = ServerPerm(client, SECCLASS_FONT, FONT__LOAD);
|
||||
rval2 = IDPERM(client, xPolyTextReq, gc,
|
||||
SECCLASS_GC, GC__SETATTR);
|
||||
rval3 = IDPERM(client, xPolyTextReq, drawable,
|
||||
SECCLASS_DRAWABLE, DRAWABLE__DRAW);
|
||||
break;
|
||||
|
||||
/* Pixmap class control requirements */
|
||||
|
@ -934,19 +941,19 @@ XSELinuxCoreDispatch(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
|||
/* Cursor class control requirements */
|
||||
case X_CreateCursor:
|
||||
rval = IDPERM(client, xCreateCursorReq, cid,
|
||||
SECCLASS_CURSOR, CURSOR__CREATE)
|
||||
&& IDPERM(client, xCreateCursorReq, source,
|
||||
SECCLASS_DRAWABLE, DRAWABLE__DRAW)
|
||||
&& IDPERM(client, xCreateCursorReq, mask,
|
||||
SECCLASS_DRAWABLE, DRAWABLE__COPY);
|
||||
SECCLASS_CURSOR, CURSOR__CREATE);
|
||||
rval2 = IDPERM(client, xCreateCursorReq, source,
|
||||
SECCLASS_DRAWABLE, DRAWABLE__DRAW);
|
||||
rval3 = IDPERM(client, xCreateCursorReq, mask,
|
||||
SECCLASS_DRAWABLE, DRAWABLE__COPY);
|
||||
break;
|
||||
case X_CreateGlyphCursor:
|
||||
rval = IDPERM(client, xCreateGlyphCursorReq, cid,
|
||||
SECCLASS_CURSOR, CURSOR__CREATEGLYPH)
|
||||
&& IDPERM(client, xCreateGlyphCursorReq, source,
|
||||
SECCLASS_FONT, FONT__USE)
|
||||
&& IDPERM(client, xCreateGlyphCursorReq, mask,
|
||||
SECCLASS_FONT, FONT__USE);
|
||||
SECCLASS_CURSOR, CURSOR__CREATEGLYPH);
|
||||
rval2 = IDPERM(client, xCreateGlyphCursorReq, source,
|
||||
SECCLASS_FONT, FONT__USE);
|
||||
rval3 = IDPERM(client, xCreateGlyphCursorReq, mask,
|
||||
SECCLASS_FONT, FONT__USE);
|
||||
break;
|
||||
case X_RecolorCursor:
|
||||
rval = IDPERM(client, xRecolorCursorReq, cursor,
|
||||
|
@ -970,9 +977,9 @@ XSELinuxCoreDispatch(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
|||
break;
|
||||
case X_CopyGC:
|
||||
rval = IDPERM(client, xCopyGCReq, srcGC,
|
||||
SECCLASS_GC, GC__GETATTR)
|
||||
&& IDPERM(client, xCopyGCReq, dstGC,
|
||||
SECCLASS_GC, GC__SETATTR);
|
||||
SECCLASS_GC, GC__GETATTR);
|
||||
rval2 = IDPERM(client, xCopyGCReq, dstGC,
|
||||
SECCLASS_GC, GC__SETATTR);
|
||||
break;
|
||||
case X_FreeGC:
|
||||
rval = IDPERM(client, xResourceReq, id,
|
||||
|
@ -1009,11 +1016,14 @@ XSELinuxCoreDispatch(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
|||
break;
|
||||
|
||||
default:
|
||||
rval = TRUE;
|
||||
break;
|
||||
}
|
||||
if (!rval)
|
||||
rec->rval = FALSE;
|
||||
if (rval != Success)
|
||||
rec->status = rval;
|
||||
if (rval2 != Success)
|
||||
rec->status = rval2;
|
||||
if (rval != Success)
|
||||
rec->status = rval3;
|
||||
}
|
||||
|
||||
static void
|
||||
|
@ -1050,9 +1060,10 @@ XSELinuxExtDispatch(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
|||
if (avc_has_perm(SID(client), extsid, SECCLASS_XEXTENSION,
|
||||
perm, &AEREF(client), &auditdata) < 0)
|
||||
{
|
||||
if (errno != EACCES)
|
||||
ErrorF("ExtDispatch: unexpected error %d\n", errno);
|
||||
rec->rval = FALSE;
|
||||
if (errno == EACCES)
|
||||
rec->status = BadAccess;
|
||||
ErrorF("ExtDispatch: unexpected error %d\n", errno);
|
||||
rec->status = BadValue;
|
||||
}
|
||||
} else
|
||||
ErrorF("No client state in extension dispatcher!\n");
|
||||
|
@ -1096,9 +1107,10 @@ XSELinuxProperty(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
|||
if (avc_has_perm(SID(client), propsid, SECCLASS_PROPERTY,
|
||||
perm, &AEREF(client), &auditdata) < 0)
|
||||
{
|
||||
if (errno != EACCES)
|
||||
ErrorF("Property: unexpected error %d\n", errno);
|
||||
rec->rval = XaceIgnoreOperation;
|
||||
if (errno == EACCES)
|
||||
rec->status = BadAccess;
|
||||
ErrorF("Property: unexpected error %d\n", errno);
|
||||
rec->status = BadValue;
|
||||
}
|
||||
} else
|
||||
ErrorF("No client state in property callback!\n");
|
||||
|
@ -1114,7 +1126,7 @@ XSELinuxResLookup(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
|||
ClientPtr client = rec->client;
|
||||
REQUEST(xReq);
|
||||
access_vector_t perm = 0;
|
||||
Bool rval = TRUE;
|
||||
int rval = Success;
|
||||
|
||||
/* serverClient requests OK */
|
||||
if (client->index == 0)
|
||||
|
@ -1145,35 +1157,35 @@ XSELinuxResLookup(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
|||
default:
|
||||
break;
|
||||
}
|
||||
if (!rval)
|
||||
rec->rval = FALSE;
|
||||
if (rval != Success)
|
||||
rec->status = rval;
|
||||
} /* XSELinuxResLookup */
|
||||
|
||||
static void
|
||||
XSELinuxMap(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
||||
{
|
||||
XaceMapAccessRec *rec = (XaceMapAccessRec*)calldata;
|
||||
if (!IDPerm(rec->client, rec->pWin->drawable.id,
|
||||
SECCLASS_WINDOW, WINDOW__MAP))
|
||||
rec->rval = FALSE;
|
||||
if (IDPerm(rec->client, rec->pWin->drawable.id,
|
||||
SECCLASS_WINDOW, WINDOW__MAP) != Success)
|
||||
rec->status = BadAccess;
|
||||
} /* XSELinuxMap */
|
||||
|
||||
static void
|
||||
XSELinuxBackgrnd(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
||||
{
|
||||
XaceMapAccessRec *rec = (XaceMapAccessRec*)calldata;
|
||||
if (!IDPerm(rec->client, rec->pWin->drawable.id,
|
||||
SECCLASS_WINDOW, WINDOW__TRANSPARENT))
|
||||
rec->rval = FALSE;
|
||||
if (IDPerm(rec->client, rec->pWin->drawable.id,
|
||||
SECCLASS_WINDOW, WINDOW__TRANSPARENT) != Success)
|
||||
rec->status = BadAccess;
|
||||
} /* XSELinuxBackgrnd */
|
||||
|
||||
static void
|
||||
XSELinuxDrawable(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
||||
{
|
||||
XaceDrawableAccessRec *rec = (XaceDrawableAccessRec*)calldata;
|
||||
if (!IDPerm(rec->client, rec->pDraw->id,
|
||||
SECCLASS_DRAWABLE, DRAWABLE__COPY))
|
||||
rec->rval = FALSE;
|
||||
if (IDPerm(rec->client, rec->pDraw->id,
|
||||
SECCLASS_DRAWABLE, DRAWABLE__COPY) != Success)
|
||||
rec->status = BadAccess;
|
||||
} /* XSELinuxDrawable */
|
||||
|
||||
static void
|
||||
|
@ -1183,8 +1195,8 @@ XSELinuxHostlist(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
|||
access_vector_t perm = (rec->access_mode == DixReadAccess) ?
|
||||
XSERVER__GETHOSTLIST : XSERVER__SETHOSTLIST;
|
||||
|
||||
if (!ServerPerm(rec->client, SECCLASS_XSERVER, perm))
|
||||
rec->rval = FALSE;
|
||||
if (ServerPerm(rec->client, SECCLASS_XSERVER, perm) != Success)
|
||||
rec->status = BadAccess;
|
||||
} /* XSELinuxHostlist */
|
||||
|
||||
/* Extension callbacks */
|
||||
|
|
|
@ -1206,7 +1206,7 @@ DoSetModifierMapping(ClientPtr client, KeyCode *inputMap,
|
|||
}
|
||||
}
|
||||
|
||||
if (!XaceHook(XACE_DEVICE_ACCESS, client, pDev, TRUE))
|
||||
if (XaceHook(XACE_DEVICE_ACCESS, client, pDev, TRUE) != Success)
|
||||
return BadAccess;
|
||||
|
||||
/* None of the modifiers (old or new) may be down while we change
|
||||
|
@ -1330,7 +1330,7 @@ ProcChangeKeyboardMapping(ClientPtr client)
|
|||
|
||||
for (pDev = inputInfo.devices; pDev; pDev = pDev->next) {
|
||||
if ((pDev->coreEvents || pDev == inputInfo.keyboard) && pDev->key) {
|
||||
if (!XaceHook(XACE_DEVICE_ACCESS, client, pDev, TRUE))
|
||||
if (XaceHook(XACE_DEVICE_ACCESS, client, pDev, TRUE) != Success)
|
||||
return BadAccess;
|
||||
}
|
||||
}
|
||||
|
@ -1682,7 +1682,7 @@ ProcChangeKeyboardControl (ClientPtr client)
|
|||
for (pDev = inputInfo.devices; pDev; pDev = pDev->next) {
|
||||
if ((pDev->coreEvents || pDev == inputInfo.keyboard) &&
|
||||
pDev->kbdfeed && pDev->kbdfeed->CtrlProc) {
|
||||
if (!XaceHook(XACE_DEVICE_ACCESS, client, pDev, TRUE))
|
||||
if (XaceHook(XACE_DEVICE_ACCESS, client, pDev, TRUE) != Success)
|
||||
return BadAccess;
|
||||
}
|
||||
}
|
||||
|
@ -1944,10 +1944,10 @@ ProcQueryKeymap(ClientPtr client)
|
|||
rep.length = 2;
|
||||
|
||||
if (XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
|
||||
bzero((char *)&rep.map[0], 32);
|
||||
else
|
||||
for (i = 0; i<32; i++)
|
||||
rep.map[i] = down[i];
|
||||
else
|
||||
bzero((char *)&rep.map[0], 32);
|
||||
|
||||
WriteReplyToClient(client, sizeof(xQueryKeymapReply), &rep);
|
||||
return Success;
|
||||
|
|
|
@ -1120,7 +1120,7 @@ ProcGetSelectionOwner(ClientPtr client)
|
|||
reply.sequenceNumber = client->sequence;
|
||||
if (i < NumCurrentSelections &&
|
||||
XaceHook(XACE_SELECTION_ACCESS, client, &CurrentSelections[i],
|
||||
DixReadAccess))
|
||||
DixReadAccess) == Success)
|
||||
reply.owner = CurrentSelections[i].destwindow;
|
||||
else
|
||||
reply.owner = None;
|
||||
|
@ -1161,7 +1161,7 @@ ProcConvertSelection(ClientPtr client)
|
|||
if ((i < NumCurrentSelections) &&
|
||||
(CurrentSelections[i].window != None) &&
|
||||
XaceHook(XACE_SELECTION_ACCESS, client, &CurrentSelections[i],
|
||||
DixReadAccess))
|
||||
DixReadAccess) == Success)
|
||||
{
|
||||
event.u.u.type = SelectionRequest;
|
||||
event.u.selectionRequest.time = stuff->time;
|
||||
|
@ -2276,7 +2276,7 @@ DoGetImage(ClientPtr client, int format, Drawable drawable,
|
|||
}
|
||||
|
||||
if (pDraw->type == DRAWABLE_WINDOW &&
|
||||
!XaceHook(XACE_DRAWABLE_ACCESS, client, pDraw))
|
||||
XaceHook(XACE_DRAWABLE_ACCESS, client, pDraw) != Success)
|
||||
{
|
||||
pVisibleRegion = NotClippedByChildren((WindowPtr)pDraw);
|
||||
if (pVisibleRegion)
|
||||
|
@ -3343,8 +3343,9 @@ ProcListHosts(ClientPtr client)
|
|||
REQUEST_SIZE_MATCH(xListHostsReq);
|
||||
|
||||
/* untrusted clients can't list hosts */
|
||||
if (!XaceHook(XACE_HOSTLIST_ACCESS, client, DixReadAccess))
|
||||
return BadAccess;
|
||||
result = XaceHook(XACE_HOSTLIST_ACCESS, client, DixReadAccess);
|
||||
if (result != Success)
|
||||
return result;
|
||||
|
||||
result = GetHosts(&pdata, &nHosts, &len, &reply.enabled);
|
||||
if (result != Success)
|
||||
|
|
|
@ -209,6 +209,8 @@ dixLookupDrawable(DrawablePtr *pDraw, XID id, ClientPtr client,
|
|||
{
|
||||
DrawablePtr pTmp;
|
||||
RESTYPE rtype;
|
||||
int rc;
|
||||
|
||||
*pDraw = NULL;
|
||||
client->errorValue = id;
|
||||
|
||||
|
@ -220,8 +222,9 @@ dixLookupDrawable(DrawablePtr *pDraw, XID id, ClientPtr client,
|
|||
|
||||
/* an access check is required for cached drawables */
|
||||
rtype = (type & M_WINDOW) ? RT_WINDOW : RT_PIXMAP;
|
||||
if (!XaceHook(XACE_RESOURCE_ACCESS, client, id, rtype, access, pTmp))
|
||||
return BadDrawable;
|
||||
rc = XaceHook(XACE_RESOURCE_ACCESS, client, id, rtype, access, pTmp);
|
||||
if (rc != Success)
|
||||
return rc;
|
||||
} else
|
||||
dixLookupResource((void **)&pTmp, id, RC_DRAWABLE, client, access);
|
||||
|
||||
|
|
19
dix/events.c
19
dix/events.c
|
@ -2682,7 +2682,7 @@ CheckPassiveGrabsOnWindow(
|
|||
(grab->confineTo->realized &&
|
||||
BorderSizeNotEmpty(grab->confineTo))))
|
||||
{
|
||||
if (!XaceHook(XACE_DEVICE_ACCESS, wClient(pWin), device, FALSE))
|
||||
if (XaceHook(XACE_DEVICE_ACCESS, wClient(pWin), device, FALSE))
|
||||
return FALSE;
|
||||
#ifdef XKB
|
||||
if (!noXkbExtension) {
|
||||
|
@ -3529,7 +3529,7 @@ EnterLeaveEvent(
|
|||
xKeymapEvent ke;
|
||||
ClientPtr client = grab ? rClient(grab)
|
||||
: clients[CLIENT_ID(pWin->drawable.id)];
|
||||
if (XaceHook(XACE_DEVICE_ACCESS, client, keybd, FALSE))
|
||||
if (XaceHook(XACE_DEVICE_ACCESS, client, keybd, FALSE) == Success)
|
||||
memmove((char *)&ke.map[0], (char *)&keybd->key->down[1], 31);
|
||||
else
|
||||
bzero((char *)&ke.map[0], 31);
|
||||
|
@ -3636,7 +3636,7 @@ FocusEvent(DeviceIntPtr dev, int type, int mode, int detail, WindowPtr pWin)
|
|||
{
|
||||
xKeymapEvent ke;
|
||||
ClientPtr client = clients[CLIENT_ID(pWin->drawable.id)];
|
||||
if (XaceHook(XACE_DEVICE_ACCESS, client, dev, FALSE))
|
||||
if (XaceHook(XACE_DEVICE_ACCESS, client, dev, FALSE) == Success)
|
||||
memmove((char *)&ke.map[0], (char *)&dev->key->down[1], 31);
|
||||
else
|
||||
bzero((char *)&ke.map[0], 31);
|
||||
|
@ -3924,7 +3924,7 @@ ProcSetInputFocus(client)
|
|||
|
||||
REQUEST_SIZE_MATCH(xSetInputFocusReq);
|
||||
|
||||
if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
|
||||
if (XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
|
||||
return Success;
|
||||
|
||||
return SetInputFocus(client, inputInfo.keyboard, stuff->focus,
|
||||
|
@ -4239,15 +4239,14 @@ ProcGrabKeyboard(ClientPtr client)
|
|||
|
||||
REQUEST_SIZE_MATCH(xGrabKeyboardReq);
|
||||
|
||||
if (XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE))
|
||||
result = GrabDevice(client, inputInfo.keyboard, stuff->keyboardMode,
|
||||
if (XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE)) {
|
||||
result = Success;
|
||||
rep.status = AlreadyGrabbed;
|
||||
} else
|
||||
result = GrabDevice(client, inputInfo.keyboard, stuff->keyboardMode,
|
||||
stuff->pointerMode, stuff->grabWindow,
|
||||
stuff->ownerEvents, stuff->time,
|
||||
KeyPressMask | KeyReleaseMask, &rep.status);
|
||||
else {
|
||||
result = Success;
|
||||
rep.status = AlreadyGrabbed;
|
||||
}
|
||||
|
||||
if (result != Success)
|
||||
return result;
|
||||
|
|
|
@ -319,7 +319,7 @@ ProcQueryExtension(ClientPtr client)
|
|||
else
|
||||
{
|
||||
i = FindExtension((char *)&stuff[1], stuff->nbytes);
|
||||
if (i < 0 || !XaceHook(XACE_EXT_ACCESS, client, extensions[i]))
|
||||
if (i < 0 || XaceHook(XACE_EXT_ACCESS, client, extensions[i]))
|
||||
reply.present = xFalse;
|
||||
else
|
||||
{
|
||||
|
@ -355,7 +355,7 @@ ProcListExtensions(ClientPtr client)
|
|||
for (i=0; i<NumExtensions; i++)
|
||||
{
|
||||
/* call callbacks to find out whether to show extension */
|
||||
if (!XaceHook(XACE_EXT_ACCESS, client, extensions[i]))
|
||||
if (XaceHook(XACE_EXT_ACCESS, client, extensions[i]) != Success)
|
||||
continue;
|
||||
|
||||
total_length += strlen(extensions[i]->name) + 1;
|
||||
|
@ -370,7 +370,7 @@ ProcListExtensions(ClientPtr client)
|
|||
for (i=0; i<NumExtensions; i++)
|
||||
{
|
||||
int len;
|
||||
if (!XaceHook(XACE_EXT_ACCESS, client, extensions[i]))
|
||||
if (XaceHook(XACE_EXT_ACCESS, client, extensions[i]) != Success)
|
||||
continue;
|
||||
|
||||
*bufptr++ = len = strlen(extensions[i]->name);
|
||||
|
|
|
@ -144,16 +144,12 @@ ProcRotateProperties(ClientPtr client)
|
|||
DEALLOCATE_LOCAL(props);
|
||||
return BadMatch;
|
||||
}
|
||||
switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin, pProp,
|
||||
DixReadAccess|DixWriteAccess))
|
||||
{
|
||||
case XaceErrorOperation:
|
||||
rc = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, pProp,
|
||||
DixReadAccess|DixWriteAccess);
|
||||
if (rc != Success) {
|
||||
DEALLOCATE_LOCAL(props);
|
||||
client->errorValue = atoms[i];
|
||||
return BadAtom;
|
||||
case XaceIgnoreOperation:
|
||||
DEALLOCATE_LOCAL(props);
|
||||
return Success;
|
||||
return (rc == XaceIgnoreError) ? Success : rc;
|
||||
}
|
||||
props[i] = pProp;
|
||||
}
|
||||
|
@ -246,8 +242,7 @@ dixChangeWindowProperty(ClientPtr pClient, WindowPtr pWin, Atom property,
|
|||
{
|
||||
PropertyPtr pProp;
|
||||
xEvent event;
|
||||
int sizeInBytes;
|
||||
int totalSize;
|
||||
int sizeInBytes, totalSize, rc;
|
||||
pointer data;
|
||||
|
||||
sizeInBytes = format>>3;
|
||||
|
@ -277,32 +272,24 @@ dixChangeWindowProperty(ClientPtr pClient, WindowPtr pWin, Atom property,
|
|||
memmove((char *)data, (char *)value, totalSize);
|
||||
pProp->size = len;
|
||||
pProp->devPrivates = NULL;
|
||||
switch (XaceHook(XACE_PROPERTY_ACCESS, pClient, pWin, pProp,
|
||||
DixCreateAccess))
|
||||
{
|
||||
case XaceErrorOperation:
|
||||
rc = XaceHook(XACE_PROPERTY_ACCESS, pClient, pWin, pProp,
|
||||
DixCreateAccess);
|
||||
if (rc != Success) {
|
||||
xfree(data);
|
||||
xfree(pProp);
|
||||
pClient->errorValue = property;
|
||||
return BadAtom;
|
||||
case XaceIgnoreOperation:
|
||||
xfree(data);
|
||||
xfree(pProp);
|
||||
return Success;
|
||||
return (rc == XaceIgnoreError) ? Success : rc;
|
||||
}
|
||||
pProp->next = pWin->optional->userProps;
|
||||
pWin->optional->userProps = pProp;
|
||||
}
|
||||
else
|
||||
{
|
||||
switch (XaceHook(XACE_PROPERTY_ACCESS, pClient, pWin, pProp,
|
||||
DixWriteAccess))
|
||||
{
|
||||
case XaceErrorOperation:
|
||||
rc = XaceHook(XACE_PROPERTY_ACCESS, pClient, pWin, pProp,
|
||||
DixWriteAccess);
|
||||
if (rc != Success) {
|
||||
pClient->errorValue = property;
|
||||
return BadAtom;
|
||||
case XaceIgnoreOperation:
|
||||
return Success;
|
||||
return (rc == XaceIgnoreError) ? Success : rc;
|
||||
}
|
||||
/* To append or prepend to a property the request format and type
|
||||
must match those of the already defined property. The
|
||||
|
@ -471,7 +458,8 @@ int
|
|||
ProcGetProperty(ClientPtr client)
|
||||
{
|
||||
PropertyPtr pProp, prevProp;
|
||||
unsigned long n, len, ind, rc;
|
||||
unsigned long n, len, ind;
|
||||
int rc;
|
||||
WindowPtr pWin;
|
||||
xGetPropertyReply reply;
|
||||
Mask access_mode = DixReadAccess;
|
||||
|
@ -517,13 +505,12 @@ ProcGetProperty(ClientPtr client)
|
|||
|
||||
if (stuff->delete)
|
||||
access_mode |= DixDestroyAccess;
|
||||
switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin, pProp, access_mode))
|
||||
{
|
||||
case XaceErrorOperation:
|
||||
|
||||
rc = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, pProp, access_mode);
|
||||
if (rc != Success) {
|
||||
client->errorValue = stuff->property;
|
||||
return BadAtom;;
|
||||
case XaceIgnoreOperation:
|
||||
return NullPropertyReply(client, pProp->type, pProp->format, &reply);
|
||||
return (rc == XaceIgnoreError) ?
|
||||
NullPropertyReply(client, pProp->type, pProp->format, &reply) : rc;
|
||||
}
|
||||
|
||||
/* If the request type and actual type don't match. Return the
|
||||
|
@ -669,14 +656,11 @@ ProcDeleteProperty(ClientPtr client)
|
|||
return (BadAtom);
|
||||
}
|
||||
|
||||
switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin,
|
||||
FindProperty(pWin, stuff->property), DixDestroyAccess))
|
||||
{
|
||||
case XaceErrorOperation:
|
||||
result = XaceHook(XACE_PROPERTY_ACCESS, client, pWin,
|
||||
FindProperty(pWin, stuff->property), DixDestroyAccess);
|
||||
if (result != Success) {
|
||||
client->errorValue = stuff->property;
|
||||
return BadAtom;;
|
||||
case XaceIgnoreOperation:
|
||||
return Success;
|
||||
return (result == XaceIgnoreError) ? Success : result;
|
||||
}
|
||||
|
||||
result = DeleteProperty(pWin, stuff->property);
|
||||
|
|
|
@ -918,12 +918,16 @@ dixLookupResource(pointer *result, XID id, RESTYPE rtype,
|
|||
(!istype && res->type & rtype)))
|
||||
break;
|
||||
}
|
||||
if (res) {
|
||||
if (client && !XaceHook(XACE_RESOURCE_ACCESS, client, id, res->type,
|
||||
mode, res->value))
|
||||
return BadAccess;
|
||||
*result = res->value;
|
||||
return Success;
|
||||
if (!res)
|
||||
return BadValue;
|
||||
|
||||
if (client) {
|
||||
cid = XaceHook(XACE_RESOURCE_ACCESS, client, id, res->type,
|
||||
mode, res->value);
|
||||
if (cid != Success)
|
||||
return cid;
|
||||
}
|
||||
return BadValue;
|
||||
|
||||
*result = res->value;
|
||||
return Success;
|
||||
}
|
||||
|
|
13
dix/window.c
13
dix/window.c
|
@ -732,17 +732,16 @@ CreateWindow(Window wid, WindowPtr pParent, int x, int y, unsigned w,
|
|||
|
||||
/* security creation/labeling check
|
||||
*/
|
||||
if (!XaceHook(XACE_RESOURCE_ACCESS, client,
|
||||
wid, RT_WINDOW, DixCreateAccess, pWin))
|
||||
{
|
||||
*error = XaceHook(XACE_RESOURCE_ACCESS, client, wid, RT_WINDOW,
|
||||
DixCreateAccess, pWin);
|
||||
if (*error != Success) {
|
||||
xfree(pWin);
|
||||
*error = BadAccess;
|
||||
return NullWindow;
|
||||
}
|
||||
/* can't let untrusted clients have background None windows;
|
||||
* they make it too easy to steal window contents
|
||||
*/
|
||||
if (XaceHook(XACE_BACKGRND_ACCESS, client, pWin))
|
||||
if (XaceHook(XACE_BACKGRND_ACCESS, client, pWin) == Success)
|
||||
pWin->backgroundState = None;
|
||||
else {
|
||||
pWin->backgroundState = BackgroundPixel;
|
||||
|
@ -1052,7 +1051,7 @@ ChangeWindowAttributes(WindowPtr pWin, Mask vmask, XID *vlist, ClientPtr client)
|
|||
if (pixID == None)
|
||||
{
|
||||
/* can't let untrusted clients have background None windows */
|
||||
if (XaceHook(XACE_BACKGRND_ACCESS, client, pWin)) {
|
||||
if (XaceHook(XACE_BACKGRND_ACCESS, client, pWin) == Success) {
|
||||
if (pWin->backgroundState == BackgroundPixmap)
|
||||
(*pScreen->DestroyPixmap)(pWin->background.pixmap);
|
||||
if (!pWin->parent)
|
||||
|
@ -2773,7 +2772,7 @@ MapWindow(WindowPtr pWin, ClientPtr client)
|
|||
return(Success);
|
||||
|
||||
/* general check for permission to map window */
|
||||
if (!XaceHook(XACE_MAP_ACCESS, client, pWin))
|
||||
if (XaceHook(XACE_MAP_ACCESS, client, pWin) != Success)
|
||||
return Success;
|
||||
|
||||
pScreen = pWin->drawable.pScreen;
|
||||
|
|
|
@ -1528,7 +1528,7 @@ AuthorizedClient(ClientPtr client)
|
|||
return TRUE;
|
||||
|
||||
/* untrusted clients can't change host access */
|
||||
if (!XaceHook(XACE_HOSTLIST_ACCESS, client, DixWriteAccess))
|
||||
if (XaceHook(XACE_HOSTLIST_ACCESS, client, DixWriteAccess) != Success)
|
||||
return FALSE;
|
||||
|
||||
return LocalClient(client);
|
||||
|
|
Loading…
Reference in New Issue