xace: add hooks + new access codes: Render extension
This commit is contained in:
parent
1005b29cc6
commit
fd04b983db
|
@ -44,6 +44,7 @@
|
|||
#include "dixfontstr.h"
|
||||
#include "opaque.h"
|
||||
#include "picturestr.h"
|
||||
#include "xace.h"
|
||||
|
||||
typedef struct _AnimCurElt {
|
||||
CursorPtr pCursor; /* cursor to show */
|
||||
|
@ -346,10 +347,10 @@ AnimCurInit (ScreenPtr pScreen)
|
|||
}
|
||||
|
||||
int
|
||||
AnimCursorCreate (CursorPtr *cursors, CARD32 *deltas, int ncursor, CursorPtr *ppCursor)
|
||||
AnimCursorCreate (CursorPtr *cursors, CARD32 *deltas, int ncursor, CursorPtr *ppCursor, ClientPtr client, XID cid)
|
||||
{
|
||||
CursorPtr pCursor;
|
||||
int i;
|
||||
int rc, i;
|
||||
AnimCurPtr ac;
|
||||
|
||||
for (i = 0; i < screenInfo.numScreens; i++)
|
||||
|
@ -366,7 +367,6 @@ AnimCursorCreate (CursorPtr *cursors, CARD32 *deltas, int ncursor, CursorPtr *pp
|
|||
if (!pCursor)
|
||||
return BadAlloc;
|
||||
pCursor->bits = &animCursorBits;
|
||||
animCursorBits.refcnt++;
|
||||
pCursor->refcnt = 1;
|
||||
|
||||
pCursor->foreRed = cursors[0]->foreRed;
|
||||
|
@ -377,9 +377,22 @@ AnimCursorCreate (CursorPtr *cursors, CARD32 *deltas, int ncursor, CursorPtr *pp
|
|||
pCursor->backGreen = cursors[0]->backGreen;
|
||||
pCursor->backBlue = cursors[0]->backBlue;
|
||||
|
||||
pCursor->devPrivates = NULL;
|
||||
pCursor->id = cid;
|
||||
|
||||
/* security creation/labeling check */
|
||||
rc = XaceHook(XACE_RESOURCE_ACCESS, client, cid, RT_CURSOR,
|
||||
DixCreateAccess, pCursor);
|
||||
if (rc != Success) {
|
||||
dixFreePrivates(pCursor->devPrivates);
|
||||
xfree(pCursor);
|
||||
return rc;
|
||||
}
|
||||
|
||||
/*
|
||||
* Fill in the AnimCurRec
|
||||
*/
|
||||
animCursorBits.refcnt++;
|
||||
ac = GetAnimCur (pCursor);
|
||||
ac->nelt = ncursor;
|
||||
ac->elts = (AnimCurElt *) (ac + 1);
|
||||
|
|
|
@ -40,6 +40,7 @@
|
|||
#include "gcstruct.h"
|
||||
#include "servermd.h"
|
||||
#include "picturestr.h"
|
||||
#include "xace.h"
|
||||
|
||||
_X_EXPORT DevPrivateKey PictureScreenPrivateKey = &PictureScreenPrivateKey;
|
||||
DevPrivateKey PictureWindowPrivateKey = &PictureWindowPrivateKey;
|
||||
|
@ -724,6 +725,13 @@ CreatePicture (Picture pid,
|
|||
pPicture->pFormat = pFormat;
|
||||
pPicture->format = pFormat->format | (pDrawable->bitsPerPixel << 24);
|
||||
pPicture->devPrivates = NULL;
|
||||
|
||||
/* security creation/labeling check */
|
||||
*error = XaceHook(XACE_RESOURCE_ACCESS, client, pid, PictureType,
|
||||
DixCreateAccess|DixSetAttrAccess, pPicture);
|
||||
if (*error != Success)
|
||||
goto out;
|
||||
|
||||
if (pDrawable->type == DRAWABLE_PIXMAP)
|
||||
{
|
||||
++((PixmapPtr)pDrawable)->refcnt;
|
||||
|
@ -743,6 +751,7 @@ CreatePicture (Picture pid,
|
|||
*error = Success;
|
||||
if (*error == Success)
|
||||
*error = (*ps->CreatePicture) (pPicture);
|
||||
out:
|
||||
if (*error != Success)
|
||||
{
|
||||
FreePicture (pPicture, (XID) 0);
|
||||
|
@ -1060,14 +1069,13 @@ ChangePicture (PicturePtr pPicture,
|
|||
pAlpha = 0;
|
||||
else
|
||||
{
|
||||
pAlpha = (PicturePtr) SecurityLookupIDByType(client,
|
||||
pid,
|
||||
PictureType,
|
||||
DixWriteAccess|DixReadAccess);
|
||||
if (!pAlpha)
|
||||
error = dixLookupResource((pointer *)&pAlpha, pid,
|
||||
PictureType, client,
|
||||
DixReadAccess);
|
||||
if (error != Success)
|
||||
{
|
||||
client->errorValue = pid;
|
||||
error = BadPixmap;
|
||||
error = (error == BadValue) ? BadPixmap : error;
|
||||
break;
|
||||
}
|
||||
if (pAlpha->pDrawable == NULL ||
|
||||
|
@ -1122,14 +1130,13 @@ ChangePicture (PicturePtr pPicture,
|
|||
else
|
||||
{
|
||||
clipType = CT_PIXMAP;
|
||||
pPixmap = (PixmapPtr)SecurityLookupIDByType(client,
|
||||
pid,
|
||||
RT_PIXMAP,
|
||||
DixReadAccess);
|
||||
if (!pPixmap)
|
||||
error = dixLookupResource((pointer *)&pPixmap, pid,
|
||||
RT_PIXMAP, client,
|
||||
DixReadAccess);
|
||||
if (error != Success)
|
||||
{
|
||||
client->errorValue = pid;
|
||||
error = BadPixmap;
|
||||
error = (error == BadValue) ? BadPixmap : error;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -630,7 +630,7 @@ Bool
|
|||
AnimCurInit (ScreenPtr pScreen);
|
||||
|
||||
int
|
||||
AnimCursorCreate (CursorPtr *cursors, CARD32 *deltas, int ncursor, CursorPtr *ppCursor);
|
||||
AnimCursorCreate (CursorPtr *cursors, CARD32 *deltas, int ncursor, CursorPtr *ppCursor, ClientPtr client, XID cid);
|
||||
|
||||
void
|
||||
AddTraps (PicturePtr pPicture,
|
||||
|
|
|
@ -46,6 +46,7 @@
|
|||
#include "glyphstr.h"
|
||||
#include <X11/Xfuncproto.h>
|
||||
#include "cursorstr.h"
|
||||
#include "xace.h"
|
||||
|
||||
#if HAVE_STDINT_H
|
||||
#include <stdint.h>
|
||||
|
@ -623,7 +624,7 @@ ProcRenderCreatePicture (ClientPtr client)
|
|||
|
||||
LEGAL_NEW_RESOURCE(stuff->pid, client);
|
||||
rc = dixLookupDrawable(&pDrawable, stuff->drawable, client, 0,
|
||||
DixWriteAccess);
|
||||
DixReadAccess|DixAddAccess);
|
||||
if (rc != Success)
|
||||
return rc;
|
||||
|
||||
|
@ -664,7 +665,7 @@ ProcRenderChangePicture (ClientPtr client)
|
|||
int len;
|
||||
|
||||
REQUEST_AT_LEAST_SIZE(xRenderChangePictureReq);
|
||||
VERIFY_PICTURE (pPicture, stuff->picture, client, DixWriteAccess,
|
||||
VERIFY_PICTURE (pPicture, stuff->picture, client, DixSetAttrAccess,
|
||||
RenderErrBase + BadPicture);
|
||||
|
||||
len = client->req_len - (sizeof(xRenderChangePictureReq) >> 2);
|
||||
|
@ -684,7 +685,7 @@ ProcRenderSetPictureClipRectangles (ClientPtr client)
|
|||
int result;
|
||||
|
||||
REQUEST_AT_LEAST_SIZE(xRenderSetPictureClipRectanglesReq);
|
||||
VERIFY_PICTURE (pPicture, stuff->picture, client, DixWriteAccess,
|
||||
VERIFY_PICTURE (pPicture, stuff->picture, client, DixSetAttrAccess,
|
||||
RenderErrBase + BadPicture);
|
||||
if (!pPicture->pDrawable)
|
||||
return BadDrawable;
|
||||
|
@ -983,7 +984,7 @@ ProcRenderCreateGlyphSet (ClientPtr client)
|
|||
{
|
||||
GlyphSetPtr glyphSet;
|
||||
PictFormatPtr format;
|
||||
int f;
|
||||
int rc, f;
|
||||
REQUEST(xRenderCreateGlyphSetReq);
|
||||
|
||||
REQUEST_SIZE_MATCH(xRenderCreateGlyphSetReq);
|
||||
|
@ -1022,6 +1023,11 @@ ProcRenderCreateGlyphSet (ClientPtr client)
|
|||
glyphSet = AllocateGlyphSet (f, format);
|
||||
if (!glyphSet)
|
||||
return BadAlloc;
|
||||
/* security creation/labeling check */
|
||||
rc = XaceHook(XACE_RESOURCE_ACCESS, client, stuff->gsid, GlyphSetType,
|
||||
DixCreateAccess, glyphSet);
|
||||
if (rc != Success)
|
||||
return rc;
|
||||
if (!AddResource (stuff->gsid, GlyphSetType, (pointer)glyphSet))
|
||||
return BadAlloc;
|
||||
return Success;
|
||||
|
@ -1031,20 +1037,19 @@ static int
|
|||
ProcRenderReferenceGlyphSet (ClientPtr client)
|
||||
{
|
||||
GlyphSetPtr glyphSet;
|
||||
int rc;
|
||||
REQUEST(xRenderReferenceGlyphSetReq);
|
||||
|
||||
REQUEST_SIZE_MATCH(xRenderReferenceGlyphSetReq);
|
||||
|
||||
LEGAL_NEW_RESOURCE(stuff->gsid, client);
|
||||
|
||||
glyphSet = (GlyphSetPtr) SecurityLookupIDByType (client,
|
||||
stuff->existing,
|
||||
GlyphSetType,
|
||||
DixWriteAccess);
|
||||
if (!glyphSet)
|
||||
rc = dixLookupResource((pointer *)&glyphSet, stuff->existing, GlyphSetType,
|
||||
client, DixGetAttrAccess);
|
||||
if (rc != Success)
|
||||
{
|
||||
client->errorValue = stuff->existing;
|
||||
return RenderErrBase + BadGlyphSet;
|
||||
return (rc == BadValue) ? RenderErrBase + BadGlyphSet : rc;
|
||||
}
|
||||
glyphSet->refcnt++;
|
||||
if (!AddResource (stuff->gsid, GlyphSetType, (pointer)glyphSet))
|
||||
|
@ -1059,17 +1064,16 @@ static int
|
|||
ProcRenderFreeGlyphSet (ClientPtr client)
|
||||
{
|
||||
GlyphSetPtr glyphSet;
|
||||
int rc;
|
||||
REQUEST(xRenderFreeGlyphSetReq);
|
||||
|
||||
REQUEST_SIZE_MATCH(xRenderFreeGlyphSetReq);
|
||||
glyphSet = (GlyphSetPtr) SecurityLookupIDByType (client,
|
||||
stuff->glyphset,
|
||||
GlyphSetType,
|
||||
DixDestroyAccess);
|
||||
if (!glyphSet)
|
||||
rc = dixLookupResource((pointer *)&glyphSet, stuff->glyphset, GlyphSetType,
|
||||
client, DixDestroyAccess);
|
||||
if (rc != Success)
|
||||
{
|
||||
client->errorValue = stuff->glyphset;
|
||||
return RenderErrBase + BadGlyphSet;
|
||||
return (rc == BadValue) ? RenderErrBase + BadGlyphSet : rc;
|
||||
}
|
||||
FreeResource (stuff->glyphset, RT_NONE);
|
||||
return client->noClientException;
|
||||
|
@ -1093,19 +1097,18 @@ ProcRenderAddGlyphs (ClientPtr client)
|
|||
xGlyphInfo *gi;
|
||||
CARD8 *bits;
|
||||
int size;
|
||||
int err = BadAlloc;
|
||||
int err;
|
||||
|
||||
REQUEST_AT_LEAST_SIZE(xRenderAddGlyphsReq);
|
||||
glyphSet = (GlyphSetPtr) SecurityLookupIDByType (client,
|
||||
stuff->glyphset,
|
||||
GlyphSetType,
|
||||
DixWriteAccess);
|
||||
if (!glyphSet)
|
||||
err = dixLookupResource((pointer *)&glyphSet, stuff->glyphset, GlyphSetType,
|
||||
client, DixAddAccess);
|
||||
if (err != Success)
|
||||
{
|
||||
client->errorValue = stuff->glyphset;
|
||||
return RenderErrBase + BadGlyphSet;
|
||||
return (err == BadValue) ? RenderErrBase + BadGlyphSet : err;
|
||||
}
|
||||
|
||||
err = BadAlloc;
|
||||
nglyphs = stuff->nglyphs;
|
||||
if (nglyphs > UINT32_MAX / sizeof(GlyphNewRec))
|
||||
return BadAlloc;
|
||||
|
@ -1195,19 +1198,17 @@ ProcRenderFreeGlyphs (ClientPtr client)
|
|||
{
|
||||
REQUEST(xRenderFreeGlyphsReq);
|
||||
GlyphSetPtr glyphSet;
|
||||
int nglyph;
|
||||
int rc, nglyph;
|
||||
CARD32 *gids;
|
||||
CARD32 glyph;
|
||||
|
||||
REQUEST_AT_LEAST_SIZE(xRenderFreeGlyphsReq);
|
||||
glyphSet = (GlyphSetPtr) SecurityLookupIDByType (client,
|
||||
stuff->glyphset,
|
||||
GlyphSetType,
|
||||
DixWriteAccess);
|
||||
if (!glyphSet)
|
||||
rc = dixLookupResource((pointer *)&glyphSet, stuff->glyphset, GlyphSetType,
|
||||
client, DixRemoveAccess);
|
||||
if (rc != Success)
|
||||
{
|
||||
client->errorValue = stuff->glyphset;
|
||||
return RenderErrBase + BadGlyphSet;
|
||||
return (rc == BadValue) ? RenderErrBase + BadGlyphSet : rc;
|
||||
}
|
||||
nglyph = ((client->req_len << 2) - sizeof (xRenderFreeGlyphsReq)) >> 2;
|
||||
gids = (CARD32 *) (stuff + 1);
|
||||
|
@ -1284,7 +1285,7 @@ ProcRenderCompositeGlyphs (ClientPtr client)
|
|||
glyphSet = (GlyphSetPtr) SecurityLookupIDByType (client,
|
||||
stuff->glyphset,
|
||||
GlyphSetType,
|
||||
DixReadAccess);
|
||||
DixUseAccess);
|
||||
if (!glyphSet)
|
||||
{
|
||||
client->errorValue = stuff->glyphset;
|
||||
|
@ -1346,7 +1347,7 @@ ProcRenderCompositeGlyphs (ClientPtr client)
|
|||
glyphSet = (GlyphSetPtr) SecurityLookupIDByType (client,
|
||||
gs,
|
||||
GlyphSetType,
|
||||
DixReadAccess);
|
||||
DixUseAccess);
|
||||
if (!glyphSet)
|
||||
{
|
||||
client->errorValue = gs;
|
||||
|
@ -1679,7 +1680,7 @@ ProcRenderSetPictureTransform (ClientPtr client)
|
|||
int result;
|
||||
|
||||
REQUEST_SIZE_MATCH(xRenderSetPictureTransformReq);
|
||||
VERIFY_PICTURE (pPicture, stuff->picture, client, DixWriteAccess,
|
||||
VERIFY_PICTURE (pPicture, stuff->picture, client, DixSetAttrAccess,
|
||||
RenderErrBase + BadPicture);
|
||||
result = SetPictureTransform (pPicture, (PictTransform *) &stuff->transform);
|
||||
if (client->noClientException != Success)
|
||||
|
@ -1704,7 +1705,7 @@ ProcRenderQueryFilters (ClientPtr client)
|
|||
|
||||
REQUEST_SIZE_MATCH(xRenderQueryFiltersReq);
|
||||
rc = dixLookupDrawable(&pDrawable, stuff->drawable, client, 0,
|
||||
DixReadAccess);
|
||||
DixGetAttrAccess);
|
||||
if (rc != Success)
|
||||
return rc;
|
||||
|
||||
|
@ -1809,7 +1810,7 @@ ProcRenderSetPictureFilter (ClientPtr client)
|
|||
char *name;
|
||||
|
||||
REQUEST_AT_LEAST_SIZE (xRenderSetPictureFilterReq);
|
||||
VERIFY_PICTURE (pPicture, stuff->picture, client, DixWriteAccess,
|
||||
VERIFY_PICTURE (pPicture, stuff->picture, client, DixSetAttrAccess,
|
||||
RenderErrBase + BadPicture);
|
||||
name = (char *) (stuff + 1);
|
||||
params = (xFixed *) (name + ((stuff->nbytes + 3) & ~3));
|
||||
|
@ -1853,7 +1854,8 @@ ProcRenderCreateAnimCursor (ClientPtr client)
|
|||
deltas[i] = elt->delay;
|
||||
elt++;
|
||||
}
|
||||
ret = AnimCursorCreate (cursors, deltas, ncursor, &pCursor);
|
||||
ret = AnimCursorCreate (cursors, deltas, ncursor, &pCursor, client,
|
||||
stuff->cid);
|
||||
xfree (cursors);
|
||||
if (ret != Success)
|
||||
return ret;
|
||||
|
@ -1899,6 +1901,11 @@ static int ProcRenderCreateSolidFill(ClientPtr client)
|
|||
pPicture = CreateSolidPicture(stuff->pid, &stuff->color, &error);
|
||||
if (!pPicture)
|
||||
return error;
|
||||
/* security creation/labeling check */
|
||||
error = XaceHook(XACE_RESOURCE_ACCESS, client, stuff->pid, PictureType,
|
||||
DixCreateAccess, pPicture);
|
||||
if (error != Success)
|
||||
return error;
|
||||
if (!AddResource (stuff->pid, PictureType, (pointer)pPicture))
|
||||
return BadAlloc;
|
||||
return Success;
|
||||
|
@ -1928,6 +1935,11 @@ static int ProcRenderCreateLinearGradient (ClientPtr client)
|
|||
stuff->nStops, stops, colors, &error);
|
||||
if (!pPicture)
|
||||
return error;
|
||||
/* security creation/labeling check */
|
||||
error = XaceHook(XACE_RESOURCE_ACCESS, client, stuff->pid, PictureType,
|
||||
DixCreateAccess, pPicture);
|
||||
if (error != Success)
|
||||
return error;
|
||||
if (!AddResource (stuff->pid, PictureType, (pointer)pPicture))
|
||||
return BadAlloc;
|
||||
return Success;
|
||||
|
@ -1958,6 +1970,11 @@ static int ProcRenderCreateRadialGradient (ClientPtr client)
|
|||
stuff->nStops, stops, colors, &error);
|
||||
if (!pPicture)
|
||||
return error;
|
||||
/* security creation/labeling check */
|
||||
error = XaceHook(XACE_RESOURCE_ACCESS, client, stuff->pid, PictureType,
|
||||
DixCreateAccess, pPicture);
|
||||
if (error != Success)
|
||||
return error;
|
||||
if (!AddResource (stuff->pid, PictureType, (pointer)pPicture))
|
||||
return BadAlloc;
|
||||
return Success;
|
||||
|
@ -1987,6 +2004,11 @@ static int ProcRenderCreateConicalGradient (ClientPtr client)
|
|||
stuff->nStops, stops, colors, &error);
|
||||
if (!pPicture)
|
||||
return error;
|
||||
/* security creation/labeling check */
|
||||
error = XaceHook(XACE_RESOURCE_ACCESS, client, stuff->pid, PictureType,
|
||||
DixCreateAccess, pPicture);
|
||||
if (error != Success)
|
||||
return error;
|
||||
if (!AddResource (stuff->pid, PictureType, (pointer)pPicture))
|
||||
return BadAlloc;
|
||||
return Success;
|
||||
|
|
Loading…
Reference in New Issue
Block a user