Remove the root window context line from the configuration file.

This context will be derived through a type_transition rule instead.
author: Eamon Walsh <ewalsh@tycho.nsa.gov> 2007-01-19 14:56:38 -0500
committer: Eamon Walsh <ewalsh@moss-uranus.epoch.ncsc.mil> 2007-01-19 14:56:38 -0500
commit: 700fccf863593cbea1691789f1f1cafc08a32fee (patch)
tree: 1674f334e83c2a786a4d8fb4295d350fcfbba995 /Xext
parent: 3a9791b456f35adb252a9059b19265c6c447f1ba (diff)
2 files changed, 1 insertions, 58 deletions
diff --git a/Xext/XSELinuxConfig b/Xext/XSELinuxConfig
index 49582647e..e45fdcc31 100644
--- a/Xext/XSELinuxConfig
+++ b/Xext/XSELinuxConfig
@@ -9,7 +9,6 @@
 # security policy.  Only one nonlocal_context rule may be defined.
 #
 nonlocal_context			system_u:object_r:remote_xclient_t:s0
-root_window_context			system_u:object_r:root_window_t:s0
 
 #
 # Property rules map a property name to a SELinux type.  The type must
diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index 9b5ee1000..a6e021319 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -128,9 +128,6 @@ Atom atom_client_ctx;
 /* security context for non-local clients */
 static char *XSELinuxNonlocalContextDefault = NULL;
 
-/* security context for the root window */
-static char *XSELinuxRootWindowContext = NULL;
-
 /* Selection stuff from dix */
 extern Selection *CurrentSelections;
 extern int NumCurrentSelections;
@@ -1241,9 +1238,7 @@ static char *XSELinuxKeywords[] = {
     "extension",
 #define XSELinuxKeywordNonlocalContext 3
     "nonlocal_context",
-#define XSELinuxKeywordRootWindowContext 4
-    "root_window_context",
-#define XSELinuxKeywordDefault 5
+#define XSELinuxKeywordDefault 4
     "default"
 };
 
@@ -1582,39 +1577,6 @@ XSELinuxParseNonlocalContext(char *p)
 } /* XSELinuxParseNonlocalContext */
 
 static Bool
-XSELinuxParseRootWindowContext(char *p)
-{
-    char *context;
-
-    context = XSELinuxParseString(&p);
-    if (!context || (strlen(context) == 0))
-    {
-        return FALSE;
-    }
-
-    if (XSELinuxRootWindowContext != NULL)
-    {
-        return FALSE;
-    }
-
-    /* validate the context */
-    if (security_check_context(context))
-    {
-        return FALSE;
-    }
-
-    XSELinuxRootWindowContext = (char *)xalloc(strlen(context)+1);
-    if (!XSELinuxRootWindowContext)
-    {
-        ErrorF("XSELinux: out of memory\n");
-        return FALSE;
-    }
-    strcpy(XSELinuxRootWindowContext, context);
-
-    return TRUE;
-} /* XSELinuxParseRootWindowContext */
-
-static Bool
 XSELinuxLoadConfigFile(void)
 {
     FILE *f;
@@ -1630,7 +1592,6 @@ XSELinuxLoadConfigFile(void)
     propertyTypes = extensionTypes = NULL;
     XSELinuxPropertyTypeDefault = XSELinuxExtensionTypeDefault = NULL;
     XSELinuxNonlocalContextDefault = NULL;
-    XSELinuxRootWindowContext = NULL;
 
 #ifndef __UNIXOS2__
     f = fopen(XSELINUXCONFIGFILE, "r");
@@ -1671,10 +1632,6 @@ XSELinuxLoadConfigFile(void)
                 validLine = XSELinuxParseNonlocalContext(p);
                 break;
 
-            case XSELinuxKeywordRootWindowContext:
-                validLine = XSELinuxParseRootWindowContext(p);
-                break;
-
             default:
                 validLine = (*p == '\0');
                 break;
@@ -1706,11 +1663,6 @@ XSELinuxLoadConfigFile(void)
         ErrorF("XSELinux: No default context for non-local clients specified\n");
         goto out;
     }
-    else if (XSELinuxRootWindowContext == NULL)
-    {
-        ErrorF("XSELinux: No context specified for the root window\n");
-        goto out;
-    }
 
     /* Finally, append the default property and extension types to the
      * bottoms of the propertyTypes and extensionTypes arrays, respectively.
@@ -1780,10 +1732,6 @@ XSELinuxFreeConfigData(void)
     /* finally, take care of the context for non-local connections */
     xfree(XSELinuxNonlocalContextDefault);
     XSELinuxNonlocalContextDefault = NULL;
-
-    /* ... and for the root window */
-    xfree(XSELinuxRootWindowContext);
-    XSELinuxRootWindowContext = NULL;
 } /* XSELinuxFreeConfigData */
 
 /* Extension dispatch functions */
@@ -1890,10 +1838,6 @@ XSELinuxExtensionInit(INITARGS)
 
     /* Load the config file.  If this fails, shut down the server,
      * since an unknown security status is worse than no security.
-     *
-     * Note that this must come before we assign a security state
-     * for the serverClient, because the serverClient's root windows
-     * are assigned a context based on data in the config file.
      */
     if (XSELinuxLoadConfigFile() != TRUE)
     {
author	Eamon Walsh <ewalsh@tycho.nsa.gov>	2007-01-19 14:56:38 -0500
committer	Eamon Walsh <ewalsh@moss-uranus.epoch.ncsc.mil>	2007-01-19 14:56:38 -0500
commit	700fccf863593cbea1691789f1f1cafc08a32fee (patch)
tree	1674f334e83c2a786a4d8fb4295d350fcfbba995 /Xext
parent	3a9791b456f35adb252a9059b19265c6c447f1ba (diff)