diff options
| author | Keith Packard <keithp@keithp.com> | 2012-03-21 12:55:09 -0700 |
|---|---|---|
| committer | Keith Packard <keithp@keithp.com> | 2012-03-21 13:54:42 -0700 |
| commit | 9838b7032ea9792bec21af424c53c07078636d21 (patch) | |
| tree | b72d0827dac50f0f3b8eab29b3b7639546d735d7 /Xext/xselinux_hooks.c | |
| parent | 75199129c603fc8567185ac31866c9518193cb78 (diff) | |
Introduce a consistent coding style
This is strictly the application of the script 'x-indent-all.sh'
from util/modular. Compared to the patch that Daniel posted in
January, I've added a few indent flags:
-bap
-psl
-T PrivatePtr
-T pmWait
-T _XFUNCPROTOBEGIN
-T _XFUNCPROTOEND
-T _X_EXPORT
The typedefs were needed to make the output of sdksyms.sh match the
previous output, otherwise, the code is formatted badly enough that
sdksyms.sh generates incorrect output.
The generated code was compared with the previous version and found to
be essentially identical -- "assert" line numbers and BUILD_TIME were
the only differences found.
The comparison was done with this script:
dir1=$1
dir2=$2
for dir in $dir1 $dir2; do
(cd $dir && find . -name '*.o' | while read file; do
dir=`dirname $file`
base=`basename $file .o`
dump=$dir/$base.dump
objdump -d $file > $dump
done)
done
find $dir1 -name '*.dump' | while read dump; do
otherdump=`echo $dump | sed "s;$dir1;$dir2;"`
diff -u $dump $otherdump
done
Signed-off-by: Keith Packard <keithp@keithp.com>
Acked-by: Daniel Stone <daniel@fooishbar.org>
Acked-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Diffstat (limited to 'Xext/xselinux_hooks.c')
| -rw-r--r-- | Xext/xselinux_hooks.c | 654 |
1 files changed, 331 insertions, 323 deletions
diff --git a/Xext/xselinux_hooks.c b/Xext/xselinux_hooks.c index 0d4c9ab11..e9c7e93d7 100644 --- a/Xext/xselinux_hooks.c +++ b/Xext/xselinux_hooks.c @@ -45,18 +45,17 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. #define _XSELINUX_NEED_FLASK_MAP #include "xselinuxint.h" - /* structure passed to auditing callback */ typedef struct { - ClientPtr client; /* client */ - DeviceIntPtr dev; /* device */ - char *command; /* client's executable path */ - unsigned id; /* resource id, if any */ - int restype; /* resource type, if any */ - int event; /* event type, if any */ - Atom property; /* property name, if any */ - Atom selection; /* selection name, if any */ - char *extension; /* extension name, if any */ + ClientPtr client; /* client */ + DeviceIntPtr dev; /* device */ + char *command; /* client's executable path */ + unsigned id; /* resource id, if any */ + int restype; /* resource type, if any */ + int event; /* event type, if any */ + Atom property; /* property name, if any */ + Atom selection; /* selection name, if any */ + char *extension; /* extension name, if any */ } SELinuxAuditRec; /* private state keys */ @@ -78,31 +77,30 @@ static security_id_t unlabeled_sid; static void SELinuxScreen(CallbackListPtr *, pointer, pointer); /* "true" pointer value for use as callback data */ -static pointer truep = (pointer)1; - +static pointer truep = (pointer) 1; /* * Performs an SELinux permission check. */ static int -SELinuxDoCheck(SELinuxSubjectRec *subj, SELinuxObjectRec *obj, - security_class_t class, Mask mode, SELinuxAuditRec *auditdata) +SELinuxDoCheck(SELinuxSubjectRec * subj, SELinuxObjectRec * obj, + security_class_t class, Mask mode, SELinuxAuditRec * auditdata) { /* serverClient requests OK */ if (subj->privileged) - return Success; + return Success; auditdata->command = subj->command; errno = 0; if (avc_has_perm(subj->sid, obj->sid, class, mode, &subj->aeref, - auditdata) < 0) { - if (mode == DixUnknownAccess) - return Success; /* DixUnknownAccess requests OK ... for now */ - if (errno == EACCES) - return BadAccess; - ErrorF("SELinux: avc_has_perm: unexpected error %d\n", errno); - return BadValue; + auditdata) < 0) { + if (mode == DixUnknownAccess) + return Success; /* DixUnknownAccess requests OK ... for now */ + if (errno == EACCES) + return BadAccess; + ErrorF("SELinux: avc_has_perm: unexpected error %d\n", errno); + return BadValue; } return Success; @@ -124,38 +122,39 @@ SELinuxLabelClient(ClientPtr client) /* Try to get a context from the socket */ if (fd < 0 || getpeercon_raw(fd, &ctx) < 0) { - /* Otherwise, fall back to a default context */ - ctx = SELinuxDefaultClientLabel(); + /* Otherwise, fall back to a default context */ + ctx = SELinuxDefaultClientLabel(); } /* For local clients, try and determine the executable name */ if (XaceIsLocal(client)) { - /* Get cached command name if CLIENTIDS is enabled. */ - const char *cmdname = GetClientCmdName(client); - Bool cached = (cmdname != NULL); - /* If CLIENTIDS is disabled, figure out the command name from - * scratch. */ - if (!cmdname) - { - pid_t pid = DetermineClientPid(client); - if (pid != -1) - DetermineClientCmd(pid, &cmdname, NULL); - } - - if (!cmdname) - goto finish; - - strncpy(subj->command, cmdname, COMMAND_LEN - 1); - - if (!cached) - free((void *) cmdname); /* const char * */ + /* Get cached command name if CLIENTIDS is enabled. */ + const char *cmdname = GetClientCmdName(client); + Bool cached = (cmdname != NULL); + + /* If CLIENTIDS is disabled, figure out the command name from + * scratch. */ + if (!cmdname) { + pid_t pid = DetermineClientPid(client); + + if (pid != -1) + DetermineClientCmd(pid, &cmdname, NULL); + } + + if (!cmdname) + goto finish; + + strncpy(subj->command, cmdname, COMMAND_LEN - 1); + + if (!cached) + free((void *) cmdname); /* const char * */ } -finish: + finish: /* Get a SID from the context */ if (avc_context_to_sid_raw(ctx, &subj->sid) < 0) - FatalError("SELinux: client %d: context_to_sid_raw(%s) failed\n", - client->index, ctx); + FatalError("SELinux: client %d: context_to_sid_raw(%s) failed\n", + client->index, ctx); obj->sid = subj->sid; freecon(ctx); @@ -181,11 +180,11 @@ SELinuxLabelInitial(void) /* Use the context of the X server process for the serverClient */ if (getcon_raw(&ctx) < 0) - FatalError("SELinux: couldn't get context of X server process\n"); + FatalError("SELinux: couldn't get context of X server process\n"); /* Get a SID from the context */ if (avc_context_to_sid_raw(ctx, &subj->sid) < 0) - FatalError("SELinux: serverClient: context_to_sid(%s) failed\n", ctx); + FatalError("SELinux: serverClient: context_to_sid(%s) failed\n", ctx); obj->sid = subj->sid; freecon(ctx); @@ -195,13 +194,13 @@ SELinuxLabelInitial(void) srec.status = Success; for (i = 0; i < screenInfo.numScreens; i++) { - /* Do the screen object */ - srec.screen = screenInfo.screens[i]; - SELinuxScreen(NULL, NULL, &srec); + /* Do the screen object */ + srec.screen = screenInfo.screens[i]; + SELinuxScreen(NULL, NULL, &srec); - /* Do the default colormap */ - dixLookupResourceByType(&unused, screenInfo.screens[i]->defColormap, - RT_COLORMAP, serverClient, DixCreateAccess); + /* Do the default colormap */ + dixLookupResourceByType(&unused, screenInfo.screens[i]->defColormap, + RT_COLORMAP, serverClient, DixCreateAccess); } } @@ -209,50 +208,49 @@ SELinuxLabelInitial(void) * Labels new resource objects. */ static int -SELinuxLabelResource(XaceResourceAccessRec *rec, SELinuxSubjectRec *subj, - SELinuxObjectRec *obj, security_class_t class) +SELinuxLabelResource(XaceResourceAccessRec * rec, SELinuxSubjectRec * subj, + SELinuxObjectRec * obj, security_class_t class) { int offset; security_id_t tsid; /* Check for a create context */ if (rec->rtype & RC_DRAWABLE && subj->win_create_sid) { - obj->sid = subj->win_create_sid; - return Success; + obj->sid = subj->win_create_sid; + return Success; } if (rec->parent) - offset = dixLookupPrivateOffset(rec->ptype); + offset = dixLookupPrivateOffset(rec->ptype); if (rec->parent && offset >= 0) { - /* Use the SID of the parent object in the labeling operation */ - PrivateRec **privatePtr = DEVPRIV_AT(rec->parent, offset); - SELinuxObjectRec *pobj = dixLookupPrivate(privatePtr, objectKey); - tsid = pobj->sid; - } else { - /* Use the SID of the subject */ - tsid = subj->sid; + /* Use the SID of the parent object in the labeling operation */ + PrivateRec **privatePtr = DEVPRIV_AT(rec->parent, offset); + SELinuxObjectRec *pobj = dixLookupPrivate(privatePtr, objectKey); + + tsid = pobj->sid; + } + else { + /* Use the SID of the subject */ + tsid = subj->sid; } /* Perform a transition to obtain the final SID */ if (avc_compute_create(subj->sid, tsid, class, &obj->sid) < 0) { - ErrorF("SELinux: a compute_create call failed!\n"); - return BadValue; + ErrorF("SELinux: a compute_create call failed!\n"); + return BadValue; } return Success; } - /* * Libselinux Callbacks */ static int SELinuxAudit(void *auditdata, - security_class_t class, - char *msgbuf, - size_t msgbufsize) + security_class_t class, char *msgbuf, size_t msgbufsize) { SELinuxAuditRec *audit = auditdata; ClientPtr client = audit->client; @@ -261,39 +259,39 @@ SELinuxAudit(void *auditdata, int major = -1, minor = -1; if (client) { - REQUEST(xReq); - if (stuff) { - major = client->majorOp; - minor = client->minorOp; - } + REQUEST(xReq); + if (stuff) { + major = client->majorOp; + minor = client->minorOp; + } } if (audit->id) - snprintf(idNum, 16, "%x", audit->id); + snprintf(idNum, 16, "%x", audit->id); propertyName = audit->property ? NameForAtom(audit->property) : NULL; selectionName = audit->selection ? NameForAtom(audit->selection) : NULL; return snprintf(msgbuf, msgbufsize, - "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", - (major >= 0) ? "request=" : "", - (major >= 0) ? LookupRequestName(major, minor) : "", - audit->command ? " comm=" : "", - audit->command ? audit->command : "", - audit->dev ? " xdevice=\"" : "", - audit->dev ? audit->dev->name : "", - audit->dev ? "\"" : "", - audit->id ? " resid=" : "", - audit->id ? idNum : "", - audit->restype ? " restype=" : "", - audit->restype ? LookupResourceName(audit->restype) : "", - audit->event ? " event=" : "", - audit->event ? LookupEventName(audit->event & 127) : "", - audit->property ? " property=" : "", - audit->property ? propertyName : "", - audit->selection ? " selection=" : "", - audit->selection ? selectionName : "", - audit->extension ? " extension=" : "", - audit->extension ? audit->extension : ""); + "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", + (major >= 0) ? "request=" : "", + (major >= 0) ? LookupRequestName(major, minor) : "", + audit->command ? " comm=" : "", + audit->command ? audit->command : "", + audit->dev ? " xdevice=\"" : "", + audit->dev ? audit->dev->name : "", + audit->dev ? "\"" : "", + audit->id ? " resid=" : "", + audit->id ? idNum : "", + audit->restype ? " restype=" : "", + audit->restype ? LookupResourceName(audit->restype) : "", + audit->event ? " event=" : "", + audit->event ? LookupEventName(audit->event & 127) : "", + audit->property ? " property=" : "", + audit->property ? propertyName : "", + audit->selection ? " selection=" : "", + audit->selection ? selectionName : "", + audit->extension ? " extension=" : "", + audit->extension ? audit->extension : ""); } static int @@ -305,14 +303,14 @@ SELinuxLog(int type, const char *fmt, ...) switch (type) { case SELINUX_INFO: - aut = AUDIT_USER_MAC_POLICY_LOAD; - break; + aut = AUDIT_USER_MAC_POLICY_LOAD; + break; case SELINUX_AVC: - aut = AUDIT_USER_AVC; - break; + aut = AUDIT_USER_AVC; + break; default: - aut = AUDIT_USER_SELINUX_ERR; - break; + aut = AUDIT_USER_SELINUX_ERR; + break; } va_start(ap, fmt); @@ -333,7 +331,7 @@ SELinuxDevice(CallbackListPtr *pcbl, pointer unused, pointer calldata) XaceDeviceAccessRec *rec = calldata; SELinuxSubjectRec *subj; SELinuxObjectRec *obj; - SELinuxAuditRec auditdata = { .client = rec->client, .dev = rec->dev }; + SELinuxAuditRec auditdata = {.client = rec->client,.dev = rec->dev }; security_class_t cls; int rc; @@ -342,24 +340,26 @@ SELinuxDevice(CallbackListPtr *pcbl, pointer unused, pointer calldata) /* If this is a new object that needs labeling, do it now */ if (rec->access_mode & DixCreateAccess) { - SELinuxSubjectRec *dsubj; - dsubj = dixLookupPrivate(&rec->dev->devPrivates, subjectKey); - - if (subj->dev_create_sid) { - /* Label the device with the create context */ - obj->sid = subj->dev_create_sid; - dsubj->sid = subj->dev_create_sid; - } else { - /* Label the device directly with the process SID */ - obj->sid = subj->sid; - dsubj->sid = subj->sid; - } + SELinuxSubjectRec *dsubj; + + dsubj = dixLookupPrivate(&rec->dev->devPrivates, subjectKey); + + if (subj->dev_create_sid) { + /* Label the device with the create context */ + obj->sid = subj->dev_create_sid; + dsubj->sid = subj->dev_create_sid; + } + else { + /* Label the device directly with the process SID */ + obj->sid = subj->sid; + dsubj->sid = subj->sid; + } } cls = IsPointerDevice(rec->dev) ? SECCLASS_X_POINTER : SECCLASS_X_KEYBOARD; rc = SELinuxDoCheck(subj, obj, cls, rec->access_mode, &auditdata); if (rc != Success) - rec->status = rc; + rec->status = rc; } static void @@ -368,39 +368,39 @@ SELinuxSend(CallbackListPtr *pcbl, pointer unused, pointer calldata) XaceSendAccessRec *rec = calldata; SELinuxSubjectRec *subj; SELinuxObjectRec *obj, ev_sid; - SELinuxAuditRec auditdata = { .client = rec->client, .dev = rec->dev }; + SELinuxAuditRec auditdata = {.client = rec->client,.dev = rec->dev }; security_class_t class; int rc, i, type; if (rec->dev) - subj = dixLookupPrivate(&rec->dev->devPrivates, subjectKey); + subj = dixLookupPrivate(&rec->dev->devPrivates, subjectKey); else - subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey); + subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey); obj = dixLookupPrivate(&rec->pWin->devPrivates, objectKey); /* Check send permission on window */ rc = SELinuxDoCheck(subj, obj, SECCLASS_X_DRAWABLE, DixSendAccess, - &auditdata); + &auditdata); if (rc != Success) - goto err; + goto err; /* Check send permission on specific event types */ for (i = 0; i < rec->count; i++) { - type = rec->events[i].u.u.type; - class = (type & 128) ? SECCLASS_X_FAKEEVENT : SECCLASS_X_EVENT; + type = rec->events[i].u.u.type; + class = (type & 128) ? SECCLASS_X_FAKEEVENT : SECCLASS_X_EVENT; - rc = SELinuxEventToSID(type, obj->sid, &ev_sid); - if (rc != Success) - goto err; + rc = SELinuxEventToSID(type, obj->sid, &ev_sid); + if (rc != Success) + goto err; - auditdata.event = type; - rc = SELinuxDoCheck(subj, &ev_sid, class, DixSendAccess, &auditdata); - if (rc != Success) - goto err; + auditdata.event = type; + rc = SELinuxDoCheck(subj, &ev_sid, class, DixSendAccess, &auditdata); + if (rc != Success) + goto err; } return; -err: + err: rec->status = rc; } @@ -410,7 +410,7 @@ SELinuxReceive(CallbackListPtr *pcbl, pointer unused, pointer calldata) XaceReceiveAccessRec *rec = calldata; SELinuxSubjectRec *subj; SELinuxObjectRec *obj, ev_sid; - SELinuxAuditRec auditdata = { .client = NULL }; + SELinuxAuditRec auditdata = {.client = NULL }; security_class_t class; int rc, i, type; @@ -419,26 +419,26 @@ SELinuxReceive(CallbackListPtr *pcbl, pointer unused, pointer calldata) /* Check receive permission on window */ rc = SELinuxDoCheck(subj, obj, SECCLASS_X_DRAWABLE, DixReceiveAccess, - &auditdata); + &auditdata); if (rc != Success) - goto err; + goto err; /* Check receive permission on specific event types */ for (i = 0; i < rec->count; i++) { - type = rec->events[i].u.u.type; - class = (type & 128) ? SECCLASS_X_FAKEEVENT : SECCLASS_X_EVENT; + type = rec->events[i].u.u.type; + class = (type & 128) ? SECCLASS_X_FAKEEVENT : SECCLASS_X_EVENT; - rc = SELinuxEventToSID(type, obj->sid, &ev_sid); - if (rc != Success) - goto err; + rc = SELinuxEventToSID(type, obj->sid, &ev_sid); + if (rc != Success) + goto err; - auditdata.event = type; - rc = SELinuxDoCheck(subj, &ev_sid, class, DixReceiveAccess, &auditdata); - if (rc != Success) - goto err; + auditdata.event = type; + rc = SELinuxDoCheck(subj, &ev_sid, class, DixReceiveAccess, &auditdata); + if (rc != Success) + goto err; } return; -err: + err: rec->status = rc; } @@ -448,7 +448,7 @@ SELinuxExtension(CallbackListPtr *pcbl, pointer unused, pointer calldata) XaceExtAccessRec *rec = calldata; SELinuxSubjectRec *subj, *serv; SELinuxObjectRec *obj; - SELinuxAuditRec auditdata = { .client = rec->client }; + SELinuxAuditRec auditdata = {.client = rec->client }; int rc; subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey); @@ -457,30 +457,30 @@ SELinuxExtension(CallbackListPtr *pcbl, pointer unused, pointer calldata) /* If this is a new object that needs labeling, do it now */ /* XXX there should be a separate callback for this */ if (obj->sid == NULL) { - security_id_t sid; - - serv = dixLookupPrivate(&serverClient->devPrivates, subjectKey); - rc = SELinuxExtensionToSID(rec->ext->name, &sid); - if (rc != Success) { - rec->status = rc; - return; - } - - /* Perform a transition to obtain the final SID */ - if (avc_compute_create(serv->sid, sid, SECCLASS_X_EXTENSION, - &obj->sid) < 0) { - ErrorF("SELinux: a SID transition call failed!\n"); - rec->status = BadValue; - return; - } + security_id_t sid; + + serv = dixLookupPrivate(&serverClient->devPrivates, subjectKey); + rc = SELinuxExtensionToSID(rec->ext->name, &sid); + if (rc != Success) { + rec->status = rc; + return; + } + + /* Perform a transition to obtain the final SID */ + if (avc_compute_create(serv->sid, sid, SECCLASS_X_EXTENSION, + &obj->sid) < 0) { + ErrorF("SELinux: a SID transition call failed!\n"); + rec->status = BadValue; + return; + } } /* Perform the security check */ auditdata.extension = rec->ext->name; rc = SELinuxDoCheck(subj, obj, SECCLASS_X_EXTENSION, rec->access_mode, - &auditdata); + &auditdata); if (rc != Success) - rec->status = rc; + rec->status = rc; } static void @@ -492,7 +492,7 @@ SELinuxSelection(CallbackListPtr *pcbl, pointer unused, pointer calldata) Selection *pSel = *rec->ppSel; Atom name = pSel->selection; Mask access_mode = rec->access_mode; - SELinuxAuditRec auditdata = { .client = rec->client, .selection = name }; + SELinuxAuditRec auditdata = {.client = rec->client,.selection = name }; security_id_t tsid; int rc; @@ -501,45 +501,45 @@ SELinuxSelection(CallbackListPtr *pcbl, pointer unused, pointer calldata) /* If this is a new object that needs labeling, do it now */ if (access_mode & DixCreateAccess) { - rc = SELinuxSelectionToSID(name, subj, &obj->sid, &obj->poly); - if (rc != Success) - obj->sid = unlabeled_sid; - access_mode = DixSetAttrAccess; + rc = SELinuxSelectionToSID(name, subj, &obj->sid, &obj->poly); + if (rc != Success) + obj->sid = unlabeled_sid; + access_mode = DixSetAttrAccess; } /* If this is a polyinstantiated object, find the right instance */ else if (obj->poly) { - rc = SELinuxSelectionToSID(name, subj, &tsid, NULL); - if (rc != Success) { - rec->status = rc; - return; - } - while (pSel->selection != name || obj->sid != tsid) { - if ((pSel = pSel->next) == NULL) - break; - obj = dixLookupPrivate(&pSel->devPrivates, objectKey); - } - - if (pSel) - *rec->ppSel = pSel; - else { - rec->status = BadMatch; - return; - } + rc = SELinuxSelectionToSID(name, subj, &tsid, NULL); + if (rc != Success) { + rec->status = rc; + return; + } + while (pSel->selection != name || obj->sid != tsid) { + if ((pSel = pSel->next) == NULL) + break; + obj = dixLookupPrivate(&pSel->devPrivates, objectKey); + } + + if (pSel) + *rec->ppSel = pSel; + else { + rec->status = BadMatch; + return; + } } /* Perform the security check */ rc = SELinuxDoCheck(subj, obj, SECCLASS_X_SELECTION, access_mode, - &auditdata); + &auditdata); if (rc != Success) - rec->status = rc; + rec->status = rc; /* Label the content (advisory only) */ if (access_mode & DixSetAttrAccess) { - data = dixLookupPrivate(&pSel->devPrivates, dataKey); - if (subj->sel_create_sid) - data->sid = subj->sel_create_sid; - else - data->sid = obj->sid; + data = dixLookupPrivate(&pSel->devPrivates, dataKey); + if (subj->sel_create_sid) + data->sid = subj->sel_create_sid; + else + data->sid = obj->sid; } } @@ -551,59 +551,59 @@ SELinuxProperty(CallbackListPtr *pcbl, pointer unused, pointer calldata) SELinuxObjectRec *obj, *data; PropertyPtr pProp = *rec->ppProp; Atom name = pProp->propertyName; - SELinuxAuditRec auditdata = { .client = rec->client, .property = name }; + SELinuxAuditRec auditdata = {.client = rec->client,.property = name }; security_id_t tsid; int rc; /* Don't care about the new content check */ if (rec->access_mode & DixPostAccess) - return; + return; subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey); obj = dixLookupPrivate(&pProp->devPrivates, objectKey); /* If this is a new object that needs labeling, do it now */ if (rec->access_mode & DixCreateAccess) { - rc = SELinuxPropertyToSID(name, subj, &obj->sid, &obj->poly); - if (rc != Success) { - rec->status = rc; - return; - } + rc = SELinuxPropertyToSID(name, subj, &obj->sid, &obj->poly); + if (rc != Success) { + rec->status = rc; + return; + } } /* If this is a polyinstantiated object, find the right instance */ else if (obj->poly) { - rc = SELinuxPropertyToSID(name, subj, &tsid, NULL); - if (rc != Success) { - rec->status = rc; - return; - } - while (pProp->propertyName != name || obj->sid != tsid) { - if ((pProp = pProp->next) == NULL) - break; - obj = dixLookupPrivate(&pProp->devPrivates, objectKey); - } - - if (pProp) - *rec->ppProp = pProp; - else { - rec->status = BadMatch; - return; - } + rc = SELinuxPropertyToSID(name, subj, &tsid, NULL); + if (rc != Success) { + rec->status = rc; + return; + } + while (pProp->propertyName != name || obj->sid != tsid) { + if ((pProp = pProp->next) == NULL) + break; + obj = dixLookupPrivate(&pProp->devPrivates, objectKey); + } + + if (pProp) + *rec->ppProp = pProp; + else { + rec->status = BadMatch; + return; + } } /* Perform the security check */ rc = SELinuxDoCheck(subj, obj, SECCLASS_X_PROPERTY, rec->access_mode, - &auditdata); + &auditdata); if (rc != Success) - rec->status = rc; + rec->status = rc; /* Label the content (advisory only) */ if (rec->access_mode & DixWriteAccess) { - data = dixLookupPrivate(&pProp->devPrivates, dataKey); - if (subj->prp_create_sid) - data->sid = subj->prp_create_sid; - else - data->sid = obj->sid; + data = dixLookupPrivate(&pProp->devPrivates, dataKey); + if (subj->prp_create_sid) + data->sid = subj->prp_create_sid; + else + data->sid = obj->sid; } } @@ -613,7 +613,7 @@ SELinuxResource(CallbackListPtr *pcbl, pointer unused, pointer calldata) XaceResourceAccessRec *rec = calldata; SELinuxSubjectRec *subj; SELinuxObjectRec *obj; - SELinuxAuditRec auditdata = { .client = rec->client }; + SELinuxAuditRec auditdata = {.client = rec->client }; Mask access_mode = rec->access_mode; PrivateRec **privatePtr; security_class_t class; @@ -624,30 +624,31 @@ SELinuxResource(CallbackListPtr *pcbl, pointer unused, pointer calldata) /* Determine if the resource object has a devPrivates field */ offset = dixLookupPrivateOffset(rec->rtype); if (offset < 0) { - /* No: use the SID of the owning client */ - class = SECCLASS_X_RESOURCE; - privatePtr = &clients[CLIENT_ID(rec->id)]->devPrivates; - obj = dixLookupPrivate(privatePtr, objectKey); - } else { - /* Yes: use the SID from the resource object itself */ - class = SELinuxTypeToClass(rec->rtype); - privatePtr = DEVPRIV_AT(rec->res, offset); - obj = dixLookupPrivate(privatePtr, objectKey); + /* No: use the SID of the owning client */ + class = SECCLASS_X_RESOURCE; + privatePtr = &clients[CLIENT_ID(rec->id)]->devPrivates; + obj = dixLookupPrivate(privatePtr, objectKey); + } + else { + /* Yes: use the SID from the resource object itself */ + class = SELinuxTypeToClass(rec->rtype); + privatePtr = DEVPRIV_AT(rec->res, offset); + obj = dixLookupPrivate(privatePtr, objectKey); } /* If this is a new object that needs labeling, do it now */ if (access_mode & DixCreateAccess && offset >= 0) { - rc = SELinuxLabelResource(rec, subj, obj, class); - if (rc != Success) { - rec->status = rc; - return; - } + rc = SELinuxLabelResource(rec, subj, obj, class); + if (rc != Success) { + rec->status = rc; + return; + } } /* Collapse generic resource permissions down to read/write */ if (class == SECCLASS_X_RESOURCE) { - access_mode = !!(rec->access_mode & SELinuxReadMask); /* rd */ - access_mode |= !!(rec->access_mode & ~SELinuxReadMask) << 1; /* wr */ + access_mode = ! !(rec->access_mode & SELinuxReadMask); /* rd */ + access_mode |= ! !(rec->access_mode & ~SELinuxReadMask) << 1; /* wr */ } /* Perform the security check */ @@ -655,13 +656,13 @@ SELinuxResource(CallbackListPtr *pcbl, pointer unused, pointer calldata) auditdata.id = rec->id; rc = SELinuxDoCheck(subj, obj, class, access_mode, &auditdata); if (rc != Success) - rec->status = rc; + rec->status = rc; /* Perform the background none check on windows */ if (access_mode & DixCreateAccess && rec->rtype == RT_WINDOW) { - rc = SELinuxDoCheck(subj, obj, class, DixBlendAccess, &auditdata); - if (rc != Success) - ((WindowPtr)rec->res)->forcedBG = TRUE; + rc = SELinuxDoCheck(subj, obj, class, DixBlendAccess, &auditdata); + if (rc != Success) + ((WindowPtr) rec->res)->forcedBG = TRUE; } } @@ -671,7 +672,7 @@ SELinuxScreen(CallbackListPtr *pcbl, pointer is_saver, pointer calldata) XaceScreenAccessRec *rec = calldata; SELinuxSubjectRec *subj; SELinuxObjectRec *obj; - SELinuxAuditRec auditdata = { .client = rec->client }; + SELinuxAuditRec auditdata = {.client = rec->client }; Mask access_mode = rec->access_mode; int rc; @@ -680,21 +681,21 @@ SELinuxScreen(CallbackListPtr *pcbl, pointer is_saver, pointer calldata) /* If this is a new object that needs labeling, do it now */ if (access_mode & DixCreateAccess) { - /* Perform a transition to obtain the final SID */ - if (avc_compute_create(subj->sid, subj->sid, SECCLASS_X_SCREEN, - &obj->sid) < 0) { - ErrorF("SELinux: a compute_create call failed!\n"); - rec->status = BadValue; - return; - } + /* Perform a transition to obtain the final SID */ + if (avc_compute_create(subj->sid, subj->sid, SECCLASS_X_SCREEN, + &obj->sid) < 0) { + ErrorF("SELinux: a compute_create call failed!\n"); + rec->status = BadValue; + return; + } } if (is_saver) - access_mode <<= 2; + access_mode <<= 2; rc = SELinuxDoCheck(subj, obj, SECCLASS_X_SCREEN, access_mode, &auditdata); if (rc != Success) - rec->status = rc; + rec->status = rc; } static void @@ -703,16 +704,16 @@ SELinuxClient(CallbackListPtr *pcbl, pointer unused, pointer calldata) XaceClientAccessRec *rec = calldata; SELinuxSubjectRec *subj; SELinuxObjectRec *obj; - SELinuxAuditRec auditdata = { .client = rec->client }; + SELinuxAuditRec auditdata = {.client = rec->client }; int rc; subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey); obj = dixLookupPrivate(&rec->target->devPrivates, objectKey); rc = SELinuxDoCheck(subj, obj, SECCLASS_X_CLIENT, rec->access_mode, - &auditdata); + &auditdata); if (rc != Success) - rec->status = rc; + rec->status = rc; } static void @@ -721,19 +722,18 @@ SELinuxServer(CallbackListPtr *pcbl, pointer unused, pointer calldata) XaceServerAccessRec *rec = calldata; SELinuxSubjectRec *subj; SELinuxObjectRec *obj; - SELinuxAuditRec auditdata = { .client = rec->client }; + SELinuxAuditRec auditdata = {.client = rec->client }; int rc; subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey); obj = dixLookupPrivate(&serverClient->devPrivates, objectKey); rc = SELinuxDoCheck(subj, obj, SECCLASS_X_SERVER, rec->access_mode, - &auditdata); + &auditdata); if (rc != Success) - rec->status = rc; + rec->status = rc; } - /* * DIX Callbacks */ @@ -745,11 +745,11 @@ SELinuxClientState(CallbackListPtr *pcbl, pointer unused, pointer calldata) switch (pci->client->clientState) { case ClientStateInitial: - SELinuxLabelClient(pci->client); - break; + SELinuxLabelClient(pci->client); + break; default: - break; + break; } } @@ -762,45 +762,48 @@ SELinuxResourceState(CallbackListPtr *pcbl, pointer unused, pointer calldata) WindowPtr pWin; if (rec->type != RT_WINDOW) - return; + return; if (rec->state != ResourceStateAdding) - return; + return; - pWin = (WindowPtr)rec->value; + pWin = (WindowPtr) rec->value; subj = dixLookupPrivate(&wClient(pWin)->devPrivates, subjectKey); if (subj->sid) { - security_context_t ctx; - int rc = avc_sid_to_context_raw(subj->sid, &ctx); - if (rc < 0) - FatalError("SELinux: Failed to get security context!\n"); - rc = dixChangeWindowProperty(serverClient, - pWin, atom_client_ctx, XA_STRING, 8, - PropModeReplace, strlen(ctx), ctx, FALSE); - if (rc != Success) - FatalError("SELinux: Failed to set label property on window!\n"); - freecon(ctx); - } else - FatalError("SELinux: Unexpected unlabeled client found\n"); + security_context_t ctx; + int rc = avc_sid_to_context_raw(subj->sid, &ctx); + + if (rc < 0) + FatalError("SELinux: Failed to get security context!\n"); + rc = dixChangeWindowProperty(serverClient, + pWin, atom_client_ctx, XA_STRING, 8, + PropModeReplace, strlen(ctx), ctx, FALSE); + if (rc != Success) + FatalError("SELinux: Failed to set label property on window!\n"); + freecon(ctx); + } + else + FatalError("SELinux: Unexpected unlabeled client found\n"); obj = dixLookupPrivate(&pWin->devPrivates, objectKey); if (obj->sid) { - security_context_t ctx; - int rc = avc_sid_to_context_raw(obj->sid, &ctx); - if (rc < 0) - FatalError("SELinux: Failed to get security context!\n"); - rc = dixChangeWindowProperty(serverClient, - pWin, atom_ctx, XA_STRING, 8, - PropModeReplace, strlen(ctx), ctx, FALSE); - if (rc != Success) - FatalError("SELinux: Failed to set label property on window!\n"); - freecon(ctx); - } else - FatalError("SELinux: Unexpected unlabeled window found\n"); + security_context_t ctx; + int rc = avc_sid_to_context_raw(obj->sid, &ctx); + + if (rc < 0) + FatalError("SELinux: Failed to get security context!\n"); + rc = dixChangeWindowProperty(serverClient, + pWin, atom_ctx, XA_STRING, 8, + PropModeReplace, strlen(ctx), ctx, FALSE); + if (rc != Success) + FatalError("SELinux: Failed to set label property on window!\n"); + freecon(ctx); + } + else + FatalError("SELinux: Unexpected unlabeled window found\n"); } - static int netlink_fd; static void @@ -811,7 +814,7 @@ SELinuxBlockHandler(void *data, struct timeval **tv, void *read_mask) static void SELinuxWakeupHandler(void *data, int err, void *read_mask) { - if (FD_ISSET(netlink_fd, (fd_set *)read_mask)) + if (FD_ISSET(netlink_fd, (fd_set *) read_mask)) avc_netlink_check_nb(); } @@ -848,63 +851,68 @@ SELinuxFlaskReset(void) void SELinuxFlaskInit(void) { - struct selinux_opt avc_option = { AVC_OPT_SETENFORCE, (char *)0 }; + struct selinux_opt avc_option = { AVC_OPT_SETENFORCE, (char *) 0 }; security_context_t ctx; int ret = TRUE; - switch(selinuxEnforcingState) { + switch (selinuxEnforcingState) { case SELINUX_MODE_ENFORCING: - LogMessage(X_INFO, "SELinux: Configured in enforcing mode\n"); - avc_option.value = (char *)1; - break; + LogMessage(X_INFO, "SELinux: Configured in enforcing mode\n"); + avc_option.value = (char *) 1; + break; case SELINUX_MODE_PERMISSIVE: - LogMessage(X_INFO, "SELinux: Configured in permissive mode\n"); - avc_option.value = (char *)0; - break; + LogMessage(X_INFO, "SELinux: Configured in permissive mode\n"); + avc_option.value = (char *) 0; + break; default: - avc_option.type = AVC_OPT_UNUSED; - break; + avc_option.type = AVC_OPT_UNUSED; + break; } /* Set up SELinux stuff */ - selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback)SELinuxLog); - selinux_set_callback(SELINUX_CB_AUDIT, (union selinux_callback)SELinuxAudit); + selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback) SELinuxLog); + selinux_set_callback(SELINUX_CB_AUDIT, + (union selinux_callback) SELinuxAudit); if (selinux_set_mapping(map) < 0) { - if (errno == EINVAL) { - ErrorF("SELinux: Invalid object class mapping, disabling SELinux support.\n"); - return; - } - FatalError("SELinux: Failed to set up security class mapping\n"); + if (errno == EINVAL) { + ErrorF + ("SELinux: Invalid object class mapping, disabling SELinux support.\n"); + return; + } + FatalError("SELinux: Failed to set up security class mapping\n"); } if (avc_open(&avc_option, 1) < 0) - FatalError("SELinux: Couldn't initialize SELinux userspace AVC\n"); + FatalError("SELinux: Couldn't initialize SELinux userspace AVC\n"); if (security_get_initial_context_raw("unlabeled", &ctx) < 0) - FatalError("SELinux: Failed to look up unlabeled context\n"); + FatalError("SELinux: Failed to look up unlabeled context\n"); if (avc_context_to_sid_raw(ctx, &unlabeled_sid) < 0) - FatalError("SELinux: a context_to_SID call failed!\n"); + FatalError("SELinux: a context_to_SID call failed!\n"); freecon(ctx); /* Prepare for auditing */ audit_fd = audit_open(); if (audit_fd < 0) - FatalError("SELinux: Failed to open the system audit log\n"); + FatalError("SELinux: Failed to open the system audit log\n"); /* Allocate private storage */ - if (!dixRegisterPrivateKey(subjectKey, PRIVATE_XSELINUX, sizeof(SELinuxSubjectRec)) || - !dixRegisterPrivateKey(objectKey, PRIVATE_XSELINUX, sizeof(SELinuxObjectRec)) || - !dixRegisterPrivateKey(dataKey, PRIVATE_XSELINUX, sizeof(SELinuxObjectRec))) - FatalError("SELinux: Failed to allocate private storage.\n"); + if (!dixRegisterPrivateKey + (subjectKey, PRIVATE_XSELINUX, sizeof(SELinuxSubjectRec)) || + !dixRegisterPrivateKey(objectKey, PRIVATE_XSELINUX, + sizeof(SELinuxObjectRec)) || + !dixRegisterPrivateKey(dataKey, PRIVATE_XSELINUX, + sizeof(SELinuxObjectRec))) + FatalError("SELinux: Failed to allocate private storage.\n"); /* Create atoms for doing window labeling */ atom_ctx = MakeAtom("_SELINUX_CONTEXT", 16, TRUE); if (atom_ctx == BAD_RESOURCE) - FatalError("SELinux: Failed to create atom\n"); + FatalError("SELinux: Failed to create atom\n"); atom_client_ctx = MakeAtom("_SELINUX_CLIENT_CONTEXT", 23, TRUE); if (atom_client_ctx == BAD_RESOURCE) - FatalError("SELinux: Failed to create atom\n"); + FatalError("SELinux: Failed to create atom\n"); netlink_fd = avc_netlink_acquire_fd(); AddGeneralSocket(netlink_fd); @@ -928,7 +936,7 @@ SELinuxFlaskInit(void) ret &= XaceRegisterCallback(XACE_SCREEN_ACCESS, SELinuxScreen, NULL); ret &= XaceRegisterCallback(XACE_SCREENSAVER_ACCESS, SELinuxScreen, truep); if (!ret) - FatalError("SELinux: Failed to register one or more callbacks\n"); + FatalError("SELinux: Failed to register one or more callbacks\n"); /* Label objects that were created before we could register ourself */ SELinuxLabelInitial(); |