summaryrefslogtreecommitdiff
path: root/Xext/xselinux_hooks.c
diff options
context:
space:
mode:
Diffstat (limited to 'Xext/xselinux_hooks.c')
-rw-r--r--Xext/xselinux_hooks.c15
1 files changed, 13 insertions, 2 deletions
diff --git a/Xext/xselinux_hooks.c b/Xext/xselinux_hooks.c
index fe534880b..fd2bfcfdf 100644
--- a/Xext/xselinux_hooks.c
+++ b/Xext/xselinux_hooks.c
@@ -87,6 +87,16 @@ static pointer truep = (pointer)1;
/*
+ * Returns true if device is a pointer device.
+ * Note: this duplicates dix IsPointerDevice() which is not exported.
+ */
+static inline Bool
+IsPointerDev(DeviceIntPtr dev)
+{
+ return (dev->type == MASTER_POINTER) || (dev->valuator && dev->button);
+}
+
+/*
* Performs an SELinux permission check.
*/
static int
@@ -348,6 +358,7 @@ SELinuxDevice(CallbackListPtr *pcbl, pointer unused, pointer calldata)
SELinuxSubjectRec *subj;
SELinuxObjectRec *obj;
SELinuxAuditRec auditdata = { .client = rec->client, .dev = rec->dev };
+ security_class_t cls;
int rc;
subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey);
@@ -372,8 +383,8 @@ SELinuxDevice(CallbackListPtr *pcbl, pointer unused, pointer calldata)
}
}
- rc = SELinuxDoCheck(subj, obj, SECCLASS_X_DEVICE, rec->access_mode,
- &auditdata);
+ cls = IsPointerDev(rec->dev) ? SECCLASS_X_POINTER : SECCLASS_X_KEYBOARD;
+ rc = SELinuxDoCheck(subj, obj, cls, rec->access_mode, &auditdata);
if (rc != Success)
rec->status = rc;
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-23 10:14:58 +0000