diff --git a/Xext/xace.c b/Xext/xace.c index 0470e44dd..9ffac450d 100644 --- a/Xext/xace.c +++ b/Xext/xace.c @@ -51,6 +51,14 @@ int XaceHookDispatch(ClientPtr client, int major) } } +int XaceHookPropertyAccess(ClientPtr client, WindowPtr pWin, + PropertyPtr pProp, Mask access_mode) +{ + XacePropertyAccessRec rec = { client, pWin, pProp, access_mode, Success }; + CallCallbacks(&XaceHooks[XACE_PROPERTY_ACCESS], &rec); + return rec.status; +} + void XaceHookAuditEnd(ClientPtr ptr, int result) { XaceAuditRec rec = { ptr, result }; @@ -100,18 +108,6 @@ int XaceHook(int hook, ...) prv = &rec.status; break; } - case XACE_PROPERTY_ACCESS: { - XacePropertyAccessRec rec = { - va_arg(ap, ClientPtr), - va_arg(ap, WindowPtr), - va_arg(ap, PropertyPtr), - va_arg(ap, Mask), - Success /* default allow */ - }; - calldata = &rec; - prv = &rec.status; - break; - } case XACE_SEND_ACCESS: { XaceSendAccessRec rec = { va_arg(ap, ClientPtr), diff --git a/Xext/xace.h b/Xext/xace.h index 4100ba16e..24b9dce68 100644 --- a/Xext/xace.h +++ b/Xext/xace.h @@ -27,6 +27,8 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. #include "pixmap.h" /* for DrawablePtr */ #include "regionstr.h" /* for RegionPtr */ +#include "window.h" /* for WindowPtr */ +#include "property.h" /* for PropertyPtr */ /* Default window background */ #define XaceBackgroundNoneState None @@ -65,6 +67,8 @@ extern int XaceHook( /* Special-cased hook functions */ extern int XaceHookDispatch(ClientPtr ptr, int major); +extern int XaceHookPropertyAccess(ClientPtr ptr, WindowPtr pWin, + PropertyPtr pProp, Mask access_mode); extern void XaceHookAuditEnd(ClientPtr ptr, int result); /* Register a callback for a given hook. @@ -101,11 +105,13 @@ extern void XaceCensorImage( #ifdef __GNUC__ #define XaceHook(args...) Success #define XaceHookDispatch(args...) Success +#define XaceHookPropertyAccess(args...) Success #define XaceHookAuditEnd(args...) { ; } #define XaceCensorImage(args...) { ; } #else #define XaceHook(...) Success #define XaceHookDispatch(...) Success +#define XaceHookPropertyAccess(...) Success #define XaceHookAuditEnd(...) { ; } #define XaceCensorImage(...) { ; } #endif diff --git a/Xext/xselinux.c b/Xext/xselinux.c index a6e27e695..47383a4a9 100644 --- a/Xext/xselinux.c +++ b/Xext/xselinux.c @@ -1166,7 +1166,7 @@ ProcSELinuxGetPropertyContext(ClientPtr client) if (!pProp) return BadValue; - rc = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, pProp, DixGetAttrAccess); + rc = XaceHookPropertyAccess(client, pWin, pProp, DixGetAttrAccess); if (rc != Success) return rc; diff --git a/dix/property.c b/dix/property.c index 3c0eaf1c9..ce6116992 100644 --- a/dix/property.c +++ b/dix/property.c @@ -156,8 +156,8 @@ ProcRotateProperties(ClientPtr client) xfree(props); return BadMatch; } - rc = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, pProp, - DixReadAccess|DixWriteAccess); + rc = XaceHookPropertyAccess(client, pWin, pProp, + DixReadAccess|DixWriteAccess); if (rc != Success) { xfree(props); client->errorValue = atoms[i]; @@ -276,8 +276,8 @@ dixChangeWindowProperty(ClientPtr pClient, WindowPtr pWin, Atom property, memmove((char *)data, (char *)value, totalSize); pProp->size = len; pProp->devPrivates = NULL; - rc = XaceHook(XACE_PROPERTY_ACCESS, pClient, pWin, pProp, - DixCreateAccess|DixWriteAccess); + rc = XaceHookPropertyAccess(pClient, pWin, pProp, + DixCreateAccess|DixWriteAccess); if (rc != Success) { xfree(data); xfree(pProp); @@ -289,8 +289,7 @@ dixChangeWindowProperty(ClientPtr pClient, WindowPtr pWin, Atom property, } else { - rc = XaceHook(XACE_PROPERTY_ACCESS, pClient, pWin, pProp, - DixWriteAccess); + rc = XaceHookPropertyAccess(pClient, pWin, pProp, DixWriteAccess); if (rc != Success) { pClient->errorValue = property; return rc; @@ -382,8 +381,7 @@ DeleteProperty(ClientPtr client, WindowPtr pWin, Atom propName) } if (pProp) { - rc = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, pProp, - DixDestroyAccess); + rc = XaceHookPropertyAccess(client, pWin, pProp, DixDestroyAccess); if (rc != Success) return rc; @@ -502,7 +500,7 @@ ProcGetProperty(ClientPtr client) if (stuff->delete) access_mode |= DixDestroyAccess; - rc = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, pProp, access_mode); + rc = XaceHookPropertyAccess(client, pWin, pProp, access_mode); if (rc != Success) { client->errorValue = stuff->property; return rc;