From d04ea267a4a51c16088d9ef429681a1edde536b1 Mon Sep 17 00:00:00 2001 From: Eamon Walsh Date: Thu, 28 Feb 2008 21:53:16 -0500 Subject: [PATCH] xselinux: Don't require device "read" permission for XQueryPointer. These keyboard and pointer state polling calls are a real problem. --- Xext/xselinux.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/Xext/xselinux.c b/Xext/xselinux.c index 3aa62e2c6..9adc93195 100644 --- a/Xext/xselinux.c +++ b/Xext/xselinux.c @@ -532,6 +532,17 @@ SELinuxDevice(CallbackListPtr *pcbl, pointer unused, pointer calldata) dsubj->sid = subj->sid; } + /* XXX only check read permission on XQueryKeymap */ + /* This is to allow the numerous apps that call XQueryPointer to work */ + if (rec->access_mode & DixReadAccess) { + ClientPtr client = rec->client; + REQUEST(xReq); + if (stuff && stuff->reqType != X_QueryKeymap) { + rec->access_mode &= ~DixReadAccess; + rec->access_mode |= DixGetAttrAccess; + } + } + rc = SELinuxDoCheck(subj, obj, SECCLASS_X_DEVICE, rec->access_mode, &auditdata); if (rc != Success)