summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEamon Walsh <ewalsh@tycho.nsa.gov>2008-02-15 19:53:45 -0500
committerEamon Walsh <ewalsh@moss-charon.epoch.ncsc.mil>2008-02-20 15:59:40 -0500
commitf343265a289724c81017f089c024a7618267c4e3 (patch)
tree2cf79ba31a1375d68237c77b813d79e9d72c665b
parent7c2f0a8befb310707ea923dbcdfde84521e52c88 (diff)
XACE: Make the default window background state configurable per-window.
To recap: the original XC-SECURITY extension disallowed background "None" if the window was untrusted. XACE 1.0 preserved this check as a hook function. XACE pre-2.0 removed the hook and first abolished background "None entirely, then restored it as a global on/off switch in response to Bug #13683. Now it's back to being per-window, via a flag instead of a hook function.
-rw-r--r--Xext/security.c5
-rw-r--r--Xext/xace.h4
-rw-r--r--dix/window.c9
-rw-r--r--include/windowstr.h1
4 files changed, 13 insertions, 6 deletions
diff --git a/Xext/security.c b/Xext/security.c
index a3cde2cec..27ef38205 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -810,6 +810,11 @@ SecurityResource(CallbackListPtr *pcbl, pointer unused, pointer calldata)
subj = dixLookupPrivate(&rec->client->devPrivates, stateKey);
obj = dixLookupPrivate(&clients[cid]->devPrivates, stateKey);
+ /* disable background None for untrusted windows */
+ if ((requested & DixCreateAccess) && (rec->rtype == RT_WINDOW))
+ if (subj->haveState && subj->trustLevel != XSecurityClientTrusted)
+ ((WindowPtr)rec->res)->forcedBG = TRUE;
+
/* special checks for server-owned resources */
if (cid == 0) {
if (rec->rtype & RC_DRAWABLE)
diff --git a/Xext/xace.h b/Xext/xace.h
index 2016ca322..1f07d9fd2 100644
--- a/Xext/xace.h
+++ b/Xext/xace.h
@@ -31,7 +31,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#include "property.h"
/* Default window background */
-#define XaceBackgroundNoneState None
+#define XaceBackgroundNoneState(w) ((w)->forcedBG ? BackgroundPixel : None)
/* security hooks */
/* Constants used to identify the available security hooks
@@ -100,7 +100,7 @@ extern void XaceCensorImage(
#else /* XACE */
/* Default window background */
-#define XaceBackgroundNoneState None
+#define XaceBackgroundNoneState(w) None
/* Define calls away when XACE is not being built. */
diff --git a/dix/window.c b/dix/window.c
index 70e32fbcf..9975b5eec 100644
--- a/dix/window.c
+++ b/dix/window.c
@@ -291,6 +291,7 @@ SetWindowToDefaults(WindowPtr pWin)
pWin->dontPropagate = 0;
pWin->forcedBS = FALSE;
pWin->redirectDraw = RedirectDrawNone;
+ pWin->forcedBG = FALSE;
}
static void
@@ -702,8 +703,8 @@ CreateWindow(Window wid, WindowPtr pParent, int x, int y, unsigned w,
return NullWindow;
}
- pWin->backgroundState = XaceBackgroundNoneState;
- pWin->background.pixel = 0;
+ pWin->backgroundState = XaceBackgroundNoneState(pWin);
+ pWin->background.pixel = pScreen->whitePixel;
pWin->borderIsPixel = pParent->borderIsPixel;
pWin->border = pParent->border;
@@ -1014,8 +1015,8 @@ ChangeWindowAttributes(WindowPtr pWin, Mask vmask, XID *vlist, ClientPtr client)
if (!pWin->parent)
MakeRootTile(pWin);
else {
- pWin->backgroundState = XaceBackgroundNoneState;
- pWin->background.pixel = 0;
+ pWin->backgroundState = XaceBackgroundNoneState(pWin);
+ pWin->background.pixel = pScreen->whitePixel;
}
}
else if (pixID == ParentRelative)
diff --git a/include/windowstr.h b/include/windowstr.h
index a16132458..e06a2f1bd 100644
--- a/include/windowstr.h
+++ b/include/windowstr.h
@@ -159,6 +159,7 @@ typedef struct _Window {
unsigned dontPropagate:3;/* index into DontPropagateMasks */
unsigned forcedBS:1; /* system-supplied backingStore */
unsigned redirectDraw:2; /* COMPOSITE rendering redirect */
+ unsigned forcedBG:1; /* must have an opaque background */
} WindowRec;
/*