andreacavalli/xserver-multidpi
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
8,300 Commits 86 Branches 473 Tags 48 MiB
b41dd4328b
Commit Graph

89 Commits

Author SHA1 Message Date
Eamon Walsh
73975ef3a3 xselinux: Allow per-client device create contexts. 
The previous behavior was to set the serverClient's value which was used globally.
This is in support of XI2, where clients can create device pairs directly.

Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
 2009-08-17 14:51:10 -04:00
Peter Hutterer
7b9e84e320 Xext: switch to byte counting functions 
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
 2009-07-14 10:14:01 +10:00
Eamon Walsh
51105de9b0 xselinux: ignore property hook calls with the new Post access mode bit set. 
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
 2009-06-26 17:05:52 -04:00
Eamon Walsh
1e060c3d8b xselinux: Move the security class mapping to the header file. 
Take the mapping of DixAccess bits to Flask permissions, move it
into the header file, break up the extremely long lines, and
annotate the permission names with the bit being referenced.

Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
 2009-06-18 20:56:18 -04:00
Eamon Walsh
0952d12717 xselinux: Relax ownership restriction on SetSelectionUseContext. 
Instead, clients should keep track of the selection instances they use.
 2009-05-11 15:27:46 -04:00
Eamon Walsh
682d7b5569 xselinux: Don't BadAlloc in List* requests if there are no items to list. 2009-04-09 02:48:04 -04:00
Eamon Walsh
e8b324102f xselinux: Don't require incoming context strings to be null-terminated. 2009-04-08 15:10:16 -04:00
Adam Jackson
283a081572 selinux: Only activate if policy says to be an object manager 2009-03-27 15:56:15 -04:00
Adam Jackson
3992dd38ca selinux: Add support for avc_acquire_netlink_fd() 
Requires libselinux 2.0.79 or newer.  Without this, libselinux will
check for policy updates on the netlink socket on basically every policy
lookup.  Statistically speaking, they never happen, and the check
translates to at least one more syscall on basically every operation.

Instead, take control of the fd from the library, and check it in
WakeupHandler if it polls readable.
 2009-03-16 13:24:48 -04:00
Keith Packard
f8dd80d13b Replace dixLookupResource by dixLookupResourceBy{Type,Class} 
dixLookupResource attempted to automatically detect whether the caller
wanted a lookup by-type or by-class, unfortunately, it guessed wrong for
RT_NONE. Instead of trying to make the guess better, this patch just reverts
the unification and creates separate functions for each operation.
 2009-03-09 13:08:09 -07:00
Eamon Walsh
c7ebb4bef1 Fix 2 const warnings. 2009-03-03 14:02:36 -05:00
Eric Paris
c7cf926d25 This patch changes all places in the X code to use _raw functions. The 
X server should never see, translate, or deal with a munged context.
Display managers which show contexts to the user should take care of
translating these to human readable form.
 2009-03-03 13:15:39 -05:00
Adam Jackson
b030f858f2 selinux: Don't bother relabeling resources that are being destroyed 
Makes window destroy about 40x faster in Xvfb.
 2009-02-27 12:45:19 -05:00
Eamon Walsh
5d065a8890 xselinux: Use xace Xtrans wrappers instead of the now-inaccessible wrapees. 2008-12-18 14:01:10 -05:00
Eamon Walsh
ed597f19fd xselinux: use "raw context" variants of getpeercon() and getcon(). 2008-11-25 22:49:19 -05:00
Eamon Walsh
2538fc0d89 xselinux: don't pass a NULL key string to selabel_lookup(). 2008-11-25 18:28:12 -05:00
Eamon Walsh
0f2fd0577f xselinux: send more specific message types to libaudit. 2008-10-30 18:29:51 -04:00
Eamon Walsh
60ad8d5d05 Attempt getpeercon() on remote sockets as well as local ones. 2008-08-28 23:45:17 -04:00
Tomas Carnecky
ebea78cdba Prepare for array-index based devPrivates. 
TODO: static indices can be made just an int; some indices
can be combined.
 2008-08-28 18:05:40 -04:00
Eamon Walsh
79dd600942 SELinux: Add an extension alias under the OS-agnostic "Flask" name. 2008-06-17 19:11:21 -04:00
Eamon Walsh
9f56fc5806 XSELinux: Add a request to get a client's context from a resource ID. 2008-03-31 17:35:10 -04:00
Eamon Walsh
b5f98fcea2 XSELinux: Add xorg.conf option for permissive/enforcing/disabled. 
Patch by Joe Nall.

The option goes in the "extmod" subsection.
TODO: Make it easier for extension modules to handle their own options.
 2008-03-28 14:14:23 -04:00
Eamon Walsh
3bbd77ff98 XSELinux: Do a check for whether background "None" is allowed. 2008-03-20 20:03:02 -04:00
Eamon Walsh
e323bb426c XSELinux: Correctly handle some permission bits that are used more than once. 2008-03-20 19:42:09 -04:00
Eamon Walsh
d4101140f4 xselinux: Implement polyinstantiation support and related protocol. 2008-03-04 22:39:41 -05:00
Eamon Walsh
cc76ea6e3a XACE: Add generic support for property and selection polyinstantiation. 2008-02-29 18:01:37 -05:00
Eamon Walsh
34bf308a9e dix: Refactoring of selection code to allow for polyinstantiation. 
Introduces dixLookupSelection() API.
Removes NumCurrentSelections from API.
 2008-02-29 18:01:37 -05:00
Eamon Walsh
d04ea267a4 xselinux: Don't require device "read" permission for XQueryPointer. 
These keyboard and pointer state polling calls are a real problem.
 2008-02-28 21:53:16 -05:00
Eamon Walsh
3fb17a3e64 xselinux: Log messages to both libaudit and Xorg.0.log. 2008-02-28 21:52:57 -05:00
Eamon Walsh
f616735f17 xselinux: Prefix a few remaining error messages with "SELinux". 2008-02-27 22:48:29 -05:00
Eamon Walsh
e40cc5305b xselinux: Don't throw BadAccess if DixUnknownAccess is passed in to a hook. 
The avc will still appear, however, so that the callsite can be fixed.
 2008-02-27 22:48:28 -05:00
Eamon Walsh
3f0681fb0b xselinux: Stub out selection protocol requests. 2008-02-26 23:14:29 -05:00
Eamon Walsh
4632ea2258 xselinux: Rip out the selection code in advance of polyinstantiation support. 
This resolves an issue where BadWindow errors were being thrown.
 2008-02-26 22:00:52 -05:00
Eamon Walsh
e99aadbc26 xselinux: Add use to permission map for devices. 2008-02-13 20:20:49 -05:00
Eamon Walsh
31934132a4 xselinux: Use the device name in debugging output. 2008-02-07 16:32:06 -05:00
Eamon Walsh
6dcb7d732b xselinux: Split devPrivate state into subject and object records. 2008-02-07 16:00:52 -05:00
Eamon Walsh
2259b144f0 xselinux: Add getattr and setattr to the permission map for properties. 2008-02-07 14:35:02 -05:00
Eamon Walsh
5c30327275 XACE: Push the dix "structure" includes down to the security modules. 2008-02-05 21:06:05 -05:00
Eamon Walsh
bb1a577a68 XACE: Move the property access hook to its own function. 2008-02-05 20:07:08 -05:00
Eamon Walsh
46794d0c96 xselinux: Rename SelectionManager to more generic SecurityManager. 2008-01-24 19:49:13 -05:00
Eamon Walsh
6ffeecabb7 xselinux: Use a privileged bit in the state instead of passing an index 
to the permission checking function.
 2008-01-24 18:11:49 -05:00
Eamon Walsh
7ba8e97cba xselinux: Implement "get context" protocol requests. 2008-01-24 19:09:58 -05:00
Eamon Walsh
f0bf9a5231 xselinux: Whitespace fixups. 2008-01-24 19:02:35 -05:00
Eamon Walsh
3b23dd9fd4 xselinux: Fix whitespace warnings. 2007-12-28 13:29:45 -05:00
Eamon Walsh
643c52be32 xselinux: Remove "X" prefix on remaining functions and strings. 
Should be evident from the context.
 2007-12-28 13:27:28 -05:00
Eamon Walsh
f4bc333fc1 xselinux: don't FatalError on an invalid class mapping, just disable support. 2007-12-28 13:27:28 -05:00
Eamon Walsh
f3780ece52 xselinux: Implement swapped protocol request logic. 2007-12-28 13:27:28 -05:00
Eamon Walsh
1393a97ea9 xselinux: Send AVC messages to audit system instead of log file/stderr. 2007-12-20 16:23:49 -05:00
Eamon Walsh
9a7ce57363 xselinux: Add new protocol for setting device create context. 2007-12-12 20:44:59 -05:00
Eamon Walsh
5fea1ed50f registry: Remove registry code from SELinux extension. 
Moving all the names into dix/registry.c
 2007-11-20 18:39:48 -05:00