xace: add hooks + new access codes: core protocol GC requests

author: Eamon Walsh <ewalsh@tycho.nsa.gov> 2007-08-14 13:09:38 -0400
committer: Eamon Walsh <ewalsh@moss-charon.epoch.ncsc.mil> 2007-08-14 13:09:38 -0400
commit: 42d6112ec21949a336ee8b34469f2695273ee2d6 (patch)
tree: 49b2123bcdee1062c047b65718d8844c1049ca20 /dix
parent: 9a183d7ba50e31afa133cc03aee7991517a283ea (diff)
2 files changed, 45 insertions, 30 deletions
diff --git a/dix/dispatch.c b/dix/dispatch.c
index 69b1922d3..4260799bd 100644
--- a/dix/dispatch.c
+++ b/dix/dispatch.c
@@ -1583,15 +1583,16 @@ ProcCreateGC(ClientPtr client)
     REQUEST_AT_LEAST_SIZE(xCreateGCReq);
     client->errorValue = stuff->gc;
     LEGAL_NEW_RESOURCE(stuff->gc, client);
-    rc = dixLookupDrawable(&pDraw, stuff->drawable, client, 0, DixReadAccess);
+    rc = dixLookupDrawable(&pDraw, stuff->drawable, client, 0,
+			   DixGetAttrAccess);
     if (rc != Success)
 	return rc;
 
     len = client->req_len -  (sizeof(xCreateGCReq) >> 2);
     if (len != Ones(stuff->mask))
         return BadLength;
-    pGC = (GC *)CreateGC(pDraw, stuff->mask, 
-			 (XID *) &stuff[1], &error);
+    pGC = (GC *)CreateGC(pDraw, stuff->mask, (XID *) &stuff[1], &error,
+			 stuff->gc, client);
     if (error != Success)
         return error;
     if (!AddResource(stuff->gc, RT_GC, (pointer)pGC))
@@ -1608,7 +1609,7 @@ ProcChangeGC(ClientPtr client)
     REQUEST(xChangeGCReq);
     REQUEST_AT_LEAST_SIZE(xChangeGCReq);
 
-    result = dixLookupGC(&pGC, stuff->gc, client, DixWriteAccess);
+    result = dixLookupGC(&pGC, stuff->gc, client, DixSetAttrAccess);
     if (result != Success)
 	return result;
 
@@ -1635,10 +1636,10 @@ ProcCopyGC(ClientPtr client)
     REQUEST(xCopyGCReq);
     REQUEST_SIZE_MATCH(xCopyGCReq);
 
-    result = dixLookupGC(&pGC, stuff->srcGC, client, DixReadAccess);
+    result = dixLookupGC(&pGC, stuff->srcGC, client, DixGetAttrAccess);
     if (result != Success)
 	return result;
-    result = dixLookupGC(&dstGC, stuff->dstGC, client, DixWriteAccess);
+    result = dixLookupGC(&dstGC, stuff->dstGC, client, DixSetAttrAccess);
     if (result != Success)
 	return result;
     if ((dstGC->pScreen != pGC->pScreen) || (dstGC->depth != pGC->depth))
@@ -1667,7 +1668,7 @@ ProcSetDashes(ClientPtr client)
          return BadValue;
     }
 
-    result = dixLookupGC(&pGC,stuff->gc, client, DixWriteAccess);
+    result = dixLookupGC(&pGC,stuff->gc, client, DixSetAttrAccess);
     if (result != Success)
 	return result;
 
@@ -1696,7 +1697,7 @@ ProcSetClipRectangles(ClientPtr client)
 	client->errorValue = stuff->ordering;
         return BadValue;
     }
-    result = dixLookupGC(&pGC,stuff->gc, client, DixWriteAccess);
+    result = dixLookupGC(&pGC,stuff->gc, client, DixSetAttrAccess);
     if (result != Success)
 	return result;
 		 
diff --git a/dix/gc.c b/dix/gc.c
index e7c48492f..ccd586bdd 100644
--- a/dix/gc.c
+++ b/dix/gc.c
@@ -63,6 +63,7 @@ SOFTWARE.
 
 #include "privates.h"
 #include "dix.h"
+#include "xace.h"
 #include <assert.h>
 
 extern XID clientErrorValue;
@@ -148,7 +149,7 @@ _X_EXPORT int
 dixChangeGC(ClientPtr client, GC *pGC, BITS32 mask, CARD32 *pC32, ChangeGCValPtr pUnion)
 {
     BITS32 	index2;
-    int 	error = 0;
+    int 	rc, error = 0;
     PixmapPtr 	pPixmap;
     BITS32	maskQ;
 
@@ -267,14 +268,15 @@ dixChangeGC(ClientPtr client, GC *pGC, BITS32 mask, CARD32 *pC32, ChangeGCValPtr
 		if (pUnion)
 		{
 		    NEXT_PTR(PixmapPtr, pPixmap);
+		    rc = Success;
 		}
 		else
 		{
 		    NEXTVAL(XID, newpix);
-		    pPixmap = (PixmapPtr)SecurityLookupIDByType(client,
-					newpix, RT_PIXMAP, DixReadAccess);
+		    rc = dixLookupResource((pointer *)&pPixmap, newpix,
+					   RT_PIXMAP, client, DixReadAccess);
 		}
-		if (pPixmap)
+		if (rc == Success)
 		{
 		    if ((pPixmap->drawable.depth != pGC->depth) ||
 			(pPixmap->drawable.pScreen != pGC->pScreen))
@@ -293,7 +295,7 @@ dixChangeGC(ClientPtr client, GC *pGC, BITS32 mask, CARD32 *pC32, ChangeGCValPtr
 		else
 		{
 		    clientErrorValue = newpix;
-		    error = BadPixmap;
+		    error = (rc == BadValue) ? BadPixmap : rc;
 		}
 		break;
 	    }
@@ -303,14 +305,15 @@ dixChangeGC(ClientPtr client, GC *pGC, BITS32 mask, CARD32 *pC32, ChangeGCValPtr
 		if (pUnion)
 		{
 		    NEXT_PTR(PixmapPtr, pPixmap);
+		    rc = Success;
 		}
 		else
 		{
 		    NEXTVAL(XID, newstipple)
-		    pPixmap = (PixmapPtr)SecurityLookupIDByType(client,
-				newstipple, RT_PIXMAP, DixReadAccess);
+		    rc = dixLookupResource((pointer *)&pPixmap, newstipple,
+					   RT_PIXMAP, client, DixReadAccess);
 		}
-		if (pPixmap)
+		if (rc == Success)
 		{
 		    if ((pPixmap->drawable.depth != 1) ||
 			(pPixmap->drawable.pScreen != pGC->pScreen))
@@ -328,7 +331,7 @@ dixChangeGC(ClientPtr client, GC *pGC, BITS32 mask, CARD32 *pC32, ChangeGCValPtr
 		else
 		{
 		    clientErrorValue = newstipple;
-		    error = BadPixmap;
+		    error = (rc == BadValue) ? BadPixmap : rc;
 		}
 		break;
 	    }
@@ -345,14 +348,15 @@ dixChangeGC(ClientPtr client, GC *pGC, BITS32 mask, CARD32 *pC32, ChangeGCValPtr
 		if (pUnion)
 		{
 		    NEXT_PTR(FontPtr, pFont);
+		    rc = Success;
 		}
 		else
 		{
 		    NEXTVAL(XID, newfont)
-		    pFont = (FontPtr)SecurityLookupIDByType(client, newfont,
-						RT_FONT, DixReadAccess);
+		    rc = dixLookupResource((pointer *)&pFont, newfont,
+					   RT_FONT, client, DixUseAccess);
 		}
-		if (pFont)
+		if (rc == Success)
 		{
 		    pFont->refcnt++;
 		    if (pGC->font)
@@ -362,7 +366,7 @@ dixChangeGC(ClientPtr client, GC *pGC, BITS32 mask, CARD32 *pC32, ChangeGCValPtr
 		else
 		{
 		    clientErrorValue = newfont;
-		    error = BadFont;
+		    error = (rc == BadValue) ? BadFont : rc;
 		}
 		break;
 	    }
@@ -415,9 +419,15 @@ dixChangeGC(ClientPtr client, GC *pGC, BITS32 mask, CARD32 *pC32, ChangeGCValPtr
 			clipType = CT_NONE;
 			pPixmap = NullPixmap;
 		    }
-		    else
-		        pPixmap = (PixmapPtr)SecurityLookupIDByType(client,
-					pid, RT_PIXMAP, DixReadAccess);
+		    else {
+			rc = dixLookupResource((pointer *)&pPixmap, pid,
+					       RT_PIXMAP, client,
+					       DixReadAccess);
+			if (rc != Success) {
+			    clientErrorValue = pid;
+			    error = (rc == BadValue) ? BadPixmap : rc;
+			}
+		    }
 		}
 
 		if (pPixmap)
@@ -433,11 +443,6 @@ dixChangeGC(ClientPtr client, GC *pGC, BITS32 mask, CARD32 *pC32, ChangeGCValPtr
 			pPixmap->refcnt++;
 		    }
 		}
-		else if (!pUnion && (pid != None))
-		{
-		    clientErrorValue = pid;
-		    error = BadPixmap;
-		}
 		if(error == Success)
 		{
 		    (*pGC->funcs->ChangeClip)(pGC, clipType,
@@ -601,7 +606,8 @@ AllocateGC(ScreenPtr pScreen)
 }
 
 _X_EXPORT GCPtr
-CreateGC(DrawablePtr pDrawable, BITS32 mask, XID *pval, int *pStatus)
+CreateGC(DrawablePtr pDrawable, BITS32 mask, XID *pval, int *pStatus,
+	 XID gcid, ClientPtr client)
 {
     GCPtr pGC;
 
@@ -663,6 +669,12 @@ CreateGC(DrawablePtr pDrawable, BITS32 mask, XID *pval, int *pStatus)
     pGC->stipple = pGC->pScreen->PixmapPerDepth[0];
     pGC->stipple->refcnt++;
 
+    /* security creation/labeling check */
+    *pStatus = XaceHook(XACE_RESOURCE_ACCESS, client, gcid, RT_GC,
+			DixCreateAccess|DixSetAttrAccess, pGC);
+    if (*pStatus != Success)
+	goto out;
+
     pGC->stateChanges = (1 << (GCLastBit+1)) - 1;
     if (!(*pGC->pScreen->CreateGC)(pGC))
 	*pStatus = BadAlloc;
@@ -670,6 +682,8 @@ CreateGC(DrawablePtr pDrawable, BITS32 mask, XID *pval, int *pStatus)
         *pStatus = ChangeGC(pGC, mask, pval);
     else
 	*pStatus = Success;
+
+out:
     if (*pStatus != Success)
     {
 	if (!pGC->tileIsPixel && !pGC->tile.pixmap)
author	Eamon Walsh <ewalsh@tycho.nsa.gov>	2007-08-14 13:09:38 -0400
committer	Eamon Walsh <ewalsh@moss-charon.epoch.ncsc.mil>	2007-08-14 13:09:38 -0400
commit	42d6112ec21949a336ee8b34469f2695273ee2d6 (patch)
tree	49b2123bcdee1062c047b65718d8844c1049ca20 /dix
parent	9a183d7ba50e31afa133cc03aee7991517a283ea (diff)