diff options
author | Eamon Walsh <ewalsh@tycho.nsa.gov> | 2008-02-15 19:53:45 -0500 |
---|---|---|
committer | Eamon Walsh <ewalsh@moss-charon.epoch.ncsc.mil> | 2008-02-20 15:59:40 -0500 |
commit | f343265a289724c81017f089c024a7618267c4e3 (patch) | |
tree | 2cf79ba31a1375d68237c77b813d79e9d72c665b | |
parent | 7c2f0a8befb310707ea923dbcdfde84521e52c88 (diff) |
XACE: Make the default window background state configurable per-window.
To recap: the original XC-SECURITY extension disallowed background "None" if
the window was untrusted. XACE 1.0 preserved this check as a hook function.
XACE pre-2.0 removed the hook and first abolished background "None entirely,
then restored it as a global on/off switch in response to Bug #13683.
Now it's back to being per-window, via a flag instead of a hook function.
-rw-r--r-- | Xext/security.c | 5 | ||||
-rw-r--r-- | Xext/xace.h | 4 | ||||
-rw-r--r-- | dix/window.c | 9 | ||||
-rw-r--r-- | include/windowstr.h | 1 |
4 files changed, 13 insertions, 6 deletions
diff --git a/Xext/security.c b/Xext/security.c index a3cde2cec..27ef38205 100644 --- a/Xext/security.c +++ b/Xext/security.c @@ -810,6 +810,11 @@ SecurityResource(CallbackListPtr *pcbl, pointer unused, pointer calldata) subj = dixLookupPrivate(&rec->client->devPrivates, stateKey); obj = dixLookupPrivate(&clients[cid]->devPrivates, stateKey); + /* disable background None for untrusted windows */ + if ((requested & DixCreateAccess) && (rec->rtype == RT_WINDOW)) + if (subj->haveState && subj->trustLevel != XSecurityClientTrusted) + ((WindowPtr)rec->res)->forcedBG = TRUE; + /* special checks for server-owned resources */ if (cid == 0) { if (rec->rtype & RC_DRAWABLE) diff --git a/Xext/xace.h b/Xext/xace.h index 2016ca322..1f07d9fd2 100644 --- a/Xext/xace.h +++ b/Xext/xace.h @@ -31,7 +31,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. #include "property.h" /* Default window background */ -#define XaceBackgroundNoneState None +#define XaceBackgroundNoneState(w) ((w)->forcedBG ? BackgroundPixel : None) /* security hooks */ /* Constants used to identify the available security hooks @@ -100,7 +100,7 @@ extern void XaceCensorImage( #else /* XACE */ /* Default window background */ -#define XaceBackgroundNoneState None +#define XaceBackgroundNoneState(w) None /* Define calls away when XACE is not being built. */ diff --git a/dix/window.c b/dix/window.c index 70e32fbcf..9975b5eec 100644 --- a/dix/window.c +++ b/dix/window.c @@ -291,6 +291,7 @@ SetWindowToDefaults(WindowPtr pWin) pWin->dontPropagate = 0; pWin->forcedBS = FALSE; pWin->redirectDraw = RedirectDrawNone; + pWin->forcedBG = FALSE; } static void @@ -702,8 +703,8 @@ CreateWindow(Window wid, WindowPtr pParent, int x, int y, unsigned w, return NullWindow; } - pWin->backgroundState = XaceBackgroundNoneState; - pWin->background.pixel = 0; + pWin->backgroundState = XaceBackgroundNoneState(pWin); + pWin->background.pixel = pScreen->whitePixel; pWin->borderIsPixel = pParent->borderIsPixel; pWin->border = pParent->border; @@ -1014,8 +1015,8 @@ ChangeWindowAttributes(WindowPtr pWin, Mask vmask, XID *vlist, ClientPtr client) if (!pWin->parent) MakeRootTile(pWin); else { - pWin->backgroundState = XaceBackgroundNoneState; - pWin->background.pixel = 0; + pWin->backgroundState = XaceBackgroundNoneState(pWin); + pWin->background.pixel = pScreen->whitePixel; } } else if (pixID == ParentRelative) diff --git a/include/windowstr.h b/include/windowstr.h index a16132458..e06a2f1bd 100644 --- a/include/windowstr.h +++ b/include/windowstr.h @@ -159,6 +159,7 @@ typedef struct _Window { unsigned dontPropagate:3;/* index into DontPropagateMasks */ unsigned forcedBS:1; /* system-supplied backingStore */ unsigned redirectDraw:2; /* COMPOSITE rendering redirect */ + unsigned forcedBG:1; /* must have an opaque background */ } WindowRec; /* |