XACE: Make the default window background state configurable per-window.
To recap: the original XC-SECURITY extension disallowed background "None" if the window was untrusted. XACE 1.0 preserved this check as a hook function. XACE pre-2.0 removed the hook and first abolished background "None entirely, then restored it as a global on/off switch in response to Bug #13683. Now it's back to being per-window, via a flag instead of a hook function.
This commit is contained in:
Eamon Walsh
Eamon Walsh
parent
7c2f0a8bef
commit
f343265a28
|
|
@ -810,6 +810,11 @@ SecurityResource(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
|||
subj = dixLookupPrivate(&rec->client->devPrivates, stateKey);
|
||||
obj = dixLookupPrivate(&clients[cid]->devPrivates, stateKey);
|
||||
|
||||
/* disable background None for untrusted windows */
|
||||
if ((requested & DixCreateAccess) && (rec->rtype == RT_WINDOW))
|
||||
if (subj->haveState && subj->trustLevel != XSecurityClientTrusted)
|
||||
((WindowPtr)rec->res)->forcedBG = TRUE;
|
||||
|
||||
/* special checks for server-owned resources */
|
||||
if (cid == 0) {
|
||||
if (rec->rtype & RC_DRAWABLE)
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|||
#include "property.h"
|
||||
|
||||
/* Default window background */
|
||||
#define XaceBackgroundNoneState None
|
||||
#define XaceBackgroundNoneState(w) ((w)->forcedBG ? BackgroundPixel : None)
|
||||
|
||||
/* security hooks */
|
||||
/* Constants used to identify the available security hooks
|
||||
|
|
@ -100,7 +100,7 @@ extern void XaceCensorImage(
|
|||
#else /* XACE */
|
||||
|
||||
/* Default window background */
|
||||
#define XaceBackgroundNoneState None
|
||||
#define XaceBackgroundNoneState(w) None
|
||||
|
||||
/* Define calls away when XACE is not being built. */
|
||||
|
||||
|
|
|
|||
|
|
@ -291,6 +291,7 @@ SetWindowToDefaults(WindowPtr pWin)
|
|||
pWin->dontPropagate = 0;
|
||||
pWin->forcedBS = FALSE;
|
||||
pWin->redirectDraw = RedirectDrawNone;
|
||||
pWin->forcedBG = FALSE;
|
||||
}
|
||||
|
||||
static void
|
||||
|
|
@ -702,8 +703,8 @@ CreateWindow(Window wid, WindowPtr pParent, int x, int y, unsigned w,
|
|||
return NullWindow;
|
||||
}
|
||||
|
||||
pWin->backgroundState = XaceBackgroundNoneState;
|
||||
pWin->background.pixel = 0;
|
||||
pWin->backgroundState = XaceBackgroundNoneState(pWin);
|
||||
pWin->background.pixel = pScreen->whitePixel;
|
||||
|
||||
pWin->borderIsPixel = pParent->borderIsPixel;
|
||||
pWin->border = pParent->border;
|
||||
|
|
@ -1014,8 +1015,8 @@ ChangeWindowAttributes(WindowPtr pWin, Mask vmask, XID *vlist, ClientPtr client)
|
|||
if (!pWin->parent)
|
||||
MakeRootTile(pWin);
|
||||
else {
|
||||
pWin->backgroundState = XaceBackgroundNoneState;
|
||||
pWin->background.pixel = 0;
|
||||
pWin->backgroundState = XaceBackgroundNoneState(pWin);
|
||||
pWin->background.pixel = pScreen->whitePixel;
|
||||
}
|
||||
}
|
||||
else if (pixID == ParentRelative)
|
||||
|
|
|
|||
|
|
@ -159,6 +159,7 @@ typedef struct _Window {
|
|||
unsigned dontPropagate:3;/* index into DontPropagateMasks */
|
||||
unsigned forcedBS:1; /* system-supplied backingStore */
|
||||
unsigned redirectDraw:2; /* COMPOSITE rendering redirect */
|
||||
unsigned forcedBG:1; /* must have an opaque background */
|
||||
} WindowRec;
|
||||
|
||||
/*
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user