xselinux: Don't require device "read" permission for XQueryPointer.

These keyboard and pointer state polling calls are a real problem.
2008-02-28 21:53:16 -05:00 · 2008-02-28 21:53:16 -05:00 · d04ea267a4
commit d04ea267a4
parent 3fb17a3e64
1 changed files with 11 additions and 0 deletions
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@ -532,6 +532,17 @@ SELinuxDevice(CallbackListPtr *pcbl, pointer unused, pointer calldata)
 	dsubj->sid = subj->sid;
    }

+    /* XXX only check read permission on XQueryKeymap */
+    /* This is to allow the numerous apps that call XQueryPointer to work */
+    if (rec->access_mode & DixReadAccess) {
+	ClientPtr client = rec->client;
+	REQUEST(xReq);
+	if (stuff && stuff->reqType != X_QueryKeymap) {
+	    rec->access_mode &= ~DixReadAccess;
+	    rec->access_mode |= DixGetAttrAccess;
+	}
+    }
+
    rc = SELinuxDoCheck(subj, obj, SECCLASS_X_DEVICE, rec->access_mode,
 			&auditdata);
    if (rc != Success)