diff options
| author | Eamon Walsh <ewalsh@tycho.nsa.gov> | 2007-04-17 16:01:56 -0400 |
|---|---|---|
| committer | Eamon Walsh <ewalsh@moss-uranus.epoch.ncsc.mil> | 2007-04-17 16:01:56 -0400 |
| commit | 9cee4ec5e6e06d23aafb302494b082c77ade4623 (patch) | |
| tree | ee073cce5999f79df2c8aa87f4891e83a38afaaa | |
| parent | 47bd311e3dcc501cbb202ce79a55ac32e9db50f2 (diff) | |
xace: change the semantics of the return value of XACE hooks to allow
arbitrary X status codes instead of just TRUE/FALSE.
The dix layer in most cases still does not propagate the return value of
XACE hooks back to the client, however. There is more error propagation
work to do.
| -rw-r--r-- | Xext/security.c | 47 | ||||
| -rw-r--r-- | Xext/xace.c | 49 | ||||
| -rw-r--r-- | Xext/xace.h | 12 | ||||
| -rw-r--r-- | Xext/xacestr.h | 20 | ||||
| -rw-r--r-- | Xext/xselinux.c | 232 | ||||
| -rw-r--r-- | dix/devices.c | 10 | ||||
| -rw-r--r-- | dix/dispatch.c | 11 | ||||
| -rw-r--r-- | dix/dixutils.c | 7 | ||||
| -rw-r--r-- | dix/events.c | 19 | ||||
| -rw-r--r-- | dix/extension.c | 6 | ||||
| -rw-r--r-- | dix/property.c | 64 | ||||
| -rw-r--r-- | dix/resource.c | 18 | ||||
| -rw-r--r-- | dix/window.c | 13 | ||||
| -rw-r--r-- | os/access.c | 2 |
14 files changed, 256 insertions, 254 deletions
diff --git a/Xext/security.c b/Xext/security.c index 12e79f9a4..0d46359ec 100644 --- a/Xext/security.c +++ b/Xext/security.c @@ -806,7 +806,7 @@ SecurityCheckDeviceAccess(CallbackListPtr *pcbl, pointer unused, case X_SetModifierMapping: SecurityAudit("client %d attempted request %d\n", client->index, reqtype); - rec->rval = FALSE; + rec->status = BadAccess; return; default: break; @@ -875,7 +875,7 @@ SecurityCheckDeviceAccess(CallbackListPtr *pcbl, pointer unused, else SecurityAudit("client %d attempted to access device %d (%s)\n", client->index, dev->id, devname); - rec->rval = FALSE; + rec->status = BadAccess; } return; } /* SecurityCheckDeviceAccess */ @@ -1084,7 +1084,7 @@ SecurityCheckResourceIDAccess(CallbackListPtr *pcbl, pointer unused, return; deny: SecurityAuditResourceIDAccess(client, id); - rec->rval = FALSE; /* deny access */ + rec->status = BadAccess; /* deny access */ } /* SecurityCheckResourceIDAccess */ @@ -1176,7 +1176,7 @@ SecurityCheckDrawableAccess(CallbackListPtr *pcbl, pointer unused, XaceDrawableAccessRec *rec = (XaceDrawableAccessRec*)calldata; if (TRUSTLEVEL(rec->client) != XSecurityClientTrusted) - rec->rval = FALSE; + rec->status = BadAccess; } static void @@ -1192,7 +1192,7 @@ SecurityCheckMapAccess(CallbackListPtr *pcbl, pointer unused, pWin->parent && pWin->parent->parent && (TRUSTLEVEL(wClient(pWin->parent)) == XSecurityClientTrusted)) - rec->rval = FALSE; + rec->status = BadAccess; } static void @@ -1202,7 +1202,7 @@ SecurityCheckBackgrndAccess(CallbackListPtr *pcbl, pointer unused, XaceMapAccessRec *rec = (XaceMapAccessRec*)calldata; if (TRUSTLEVEL(rec->client) != XSecurityClientTrusted) - rec->rval = FALSE; + rec->status = BadAccess; } static void @@ -1214,7 +1214,7 @@ SecurityCheckExtAccess(CallbackListPtr *pcbl, pointer unused, if ((TRUSTLEVEL(rec->client) != XSecurityClientTrusted) && !EXTLEVEL(rec->ext)) - rec->rval = FALSE; + rec->status = BadAccess; } static void @@ -1225,7 +1225,7 @@ SecurityCheckHostlistAccess(CallbackListPtr *pcbl, pointer unused, if (TRUSTLEVEL(rec->client) != XSecurityClientTrusted) { - rec->rval = FALSE; + rec->status = BadAccess; if (rec->access_mode == DixWriteAccess) SecurityAudit("client %d attempted to change host access\n", rec->client->index); @@ -1255,14 +1255,14 @@ typedef struct _PropertyAccessRec { #define SecurityAnyWindow 0 #define SecurityRootWindow 1 #define SecurityWindowWithProperty 2 - char readAction; - char writeAction; - char destroyAction; + int readAction; + int writeAction; + int destroyAction; struct _PropertyAccessRec *next; } PropertyAccessRec, *PropertyAccessPtr; static PropertyAccessPtr PropertyAccessList = NULL; -static char SecurityDefaultAction = XaceErrorOperation; +static int SecurityDefaultAction = BadAtom; static char *SecurityPolicyFile = DEFAULTPOLICYFILE; static ATOM SecurityMaxPropertyName = 0; @@ -1372,8 +1372,8 @@ SecurityParsePropertyAccessRule( { char *propname; char c; - char action = SecurityDefaultAction; - char readAction, writeAction, destroyAction; + int action = SecurityDefaultAction; + int readAction, writeAction, destroyAction; PropertyAccessPtr pacl, prev, cur; char *mustHaveProperty = NULL; char *mustHaveValue = NULL; @@ -1418,9 +1418,9 @@ SecurityParsePropertyAccessRule( { switch (c) { - case 'i': action = XaceIgnoreOperation; break; - case 'a': action = XaceAllowOperation; break; - case 'e': action = XaceErrorOperation; break; + case 'i': action = XaceIgnoreError; break; + case 'a': action = Success; break; + case 'e': action = BadAtom; break; case 'r': readAction = action; break; case 'w': writeAction = action; break; @@ -1678,7 +1678,7 @@ SecurityCheckPropertyAccess(CallbackListPtr *pcbl, pointer unused, ATOM propertyName = rec->pProp->propertyName; Mask access_mode = rec->access_mode; PropertyAccessPtr pacl; - char action = SecurityDefaultAction; + int action = SecurityDefaultAction; /* if client trusted or window untrusted, allow operation */ @@ -1757,7 +1757,7 @@ SecurityCheckPropertyAccess(CallbackListPtr *pcbl, pointer unused, * If pacl doesn't apply, something above should have * executed a continue, which will skip the follwing code. */ - action = XaceAllowOperation; + action = Success; if (access_mode & DixReadAccess) action = max(action, pacl->readAction); if (access_mode & DixWriteAccess) @@ -1768,19 +1768,18 @@ SecurityCheckPropertyAccess(CallbackListPtr *pcbl, pointer unused, } /* end for each pacl */ } /* end if propertyName <= SecurityMaxPropertyName */ - if (XaceAllowOperation != action) + if (action != Success) { /* audit the access violation */ int cid = CLIENT_ID(pWin->drawable.id); int reqtype = ((xReq *)client->requestBuffer)->reqType; - char *actionstr = (XaceIgnoreOperation == action) ? - "ignored" : "error"; + char *actionstr = (XaceIgnoreError == action) ? "ignored" : "error"; SecurityAudit("client %d attempted request %d with window 0x%x property %s (atom 0x%x) of client %d, %s\n", client->index, reqtype, pWin->drawable.id, NameForAtom(propertyName), propertyName, cid, actionstr); } /* return codes increase with strictness */ - if (action > rec->rval) - rec->rval = action; + if (action != Success) + rec->status = action; } /* SecurityCheckPropertyAccess */ diff --git a/Xext/xace.c b/Xext/xace.c index aff45d90a..46fe7bc66 100644 --- a/Xext/xace.c +++ b/Xext/xace.c @@ -61,10 +61,10 @@ int XaceHook(int hook, ...) case XACE_CORE_DISPATCH: { XaceCoreDispatchRec rec = { va_arg(ap, ClientPtr), - TRUE /* default allow */ + Success /* default allow */ }; calldata = &rec; - prv = &rec.rval; + prv = &rec.status; break; } case XACE_RESOURCE_ACCESS: { @@ -74,10 +74,10 @@ int XaceHook(int hook, ...) va_arg(ap, RESTYPE), va_arg(ap, Mask), va_arg(ap, pointer), - TRUE /* default allow */ + Success /* default allow */ }; calldata = &rec; - prv = &rec.rval; + prv = &rec.status; break; } case XACE_DEVICE_ACCESS: { @@ -85,10 +85,10 @@ int XaceHook(int hook, ...) va_arg(ap, ClientPtr), va_arg(ap, DeviceIntPtr), va_arg(ap, Bool), - TRUE /* default allow */ + Success /* default allow */ }; calldata = &rec; - prv = &rec.rval; + prv = &rec.status; break; } case XACE_PROPERTY_ACCESS: { @@ -97,20 +97,20 @@ int XaceHook(int hook, ...) va_arg(ap, WindowPtr), va_arg(ap, PropertyPtr), va_arg(ap, Mask), - XaceAllowOperation /* default allow */ + Success /* default allow */ }; calldata = &rec; - prv = &rec.rval; + prv = &rec.status; break; } case XACE_DRAWABLE_ACCESS: { XaceDrawableAccessRec rec = { va_arg(ap, ClientPtr), va_arg(ap, DrawablePtr), - TRUE /* default allow */ + Success /* default allow */ }; calldata = &rec; - prv = &rec.rval; + prv = &rec.status; break; } case XACE_MAP_ACCESS: @@ -118,10 +118,10 @@ int XaceHook(int hook, ...) XaceMapAccessRec rec = { va_arg(ap, ClientPtr), va_arg(ap, WindowPtr), - TRUE /* default allow */ + Success /* default allow */ }; calldata = &rec; - prv = &rec.rval; + prv = &rec.status; break; } case XACE_EXT_DISPATCH: @@ -129,20 +129,20 @@ int XaceHook(int hook, ...) XaceExtAccessRec rec = { va_arg(ap, ClientPtr), va_arg(ap, ExtensionEntry*), - TRUE /* default allow */ + Success /* default allow */ }; calldata = &rec; - prv = &rec.rval; + prv = &rec.status; break; } case XACE_HOSTLIST_ACCESS: { XaceHostlistAccessRec rec = { va_arg(ap, ClientPtr), va_arg(ap, Mask), - TRUE /* default allow */ + Success /* default allow */ }; calldata = &rec; - prv = &rec.rval; + prv = &rec.status; break; } case XACE_SELECTION_ACCESS: { @@ -150,20 +150,20 @@ int XaceHook(int hook, ...) va_arg(ap, ClientPtr), va_arg(ap, Selection*), va_arg(ap, Mask), - TRUE /* default allow */ + Success /* default allow */ }; calldata = &rec; - prv = &rec.rval; + prv = &rec.status; break; } case XACE_SITE_POLICY: { XaceSitePolicyRec rec = { va_arg(ap, char*), va_arg(ap, int), - FALSE /* default unrecognized */ + BadValue /* default unrecognized */ }; calldata = &rec; - prv = &rec.rval; + prv = &rec.status; break; } case XACE_DECLARE_EXT_SECURE: { @@ -271,13 +271,14 @@ static int XaceCatchDispatchProc(ClientPtr client) { REQUEST(xReq); - int major = stuff->reqType; + int rc, major = stuff->reqType; if (!ProcVector[major]) return (BadRequest); - if (!XaceHook(XACE_CORE_DISPATCH, client)) - return (BadAccess); + rc = XaceHook(XACE_CORE_DISPATCH, client); + if (rc != Success) + return rc; return client->swapped ? (* SwappedProcVector[major])(client) : @@ -294,7 +295,7 @@ XaceCatchExtProc(ClientPtr client) if (!ext || !ProcVector[major]) return (BadRequest); - if (!XaceHook(XACE_EXT_DISPATCH, client, ext)) + if (XaceHook(XACE_EXT_DISPATCH, client, ext) != Success) return (BadRequest); /* pretend extension doesn't exist */ return client->swapped ? diff --git a/Xext/xace.h b/Xext/xace.h index ec138426d..083261273 100644 --- a/Xext/xace.h +++ b/Xext/xace.h @@ -20,10 +20,10 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. #ifndef _XACE_H #define _XACE_H -/* Hook return codes */ -#define XaceErrorOperation 0 -#define XaceAllowOperation 1 -#define XaceIgnoreOperation 2 +/* Special value used for ignore operation. This is a deprecated feature + * only for Security extension support. Do not use in new code. + */ +#define XaceIgnoreError BadRequest #ifdef XACE @@ -97,10 +97,10 @@ extern void XaceCensorImage( /* Define calls away when XACE is not being built. */ #ifdef __GNUC__ -#define XaceHook(args...) XaceAllowOperation +#define XaceHook(args...) Success #define XaceCensorImage(args...) { ; } #else -#define XaceHook(...) XaceAllowOperation +#define XaceHook(...) Success #define XaceCensorImage(...) { ; } #endif diff --git a/Xext/xacestr.h b/Xext/xacestr.h index 184fb9b0b..8eb74d50f 100644 --- a/Xext/xacestr.h +++ b/Xext/xacestr.h @@ -33,7 +33,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. /* XACE_CORE_DISPATCH */ typedef struct { ClientPtr client; - int rval; + int status; } XaceCoreDispatchRec; /* XACE_RESOURCE_ACCESS */ @@ -43,7 +43,7 @@ typedef struct { RESTYPE rtype; Mask access_mode; pointer res; - int rval; + int status; } XaceResourceAccessRec; /* XACE_DEVICE_ACCESS */ @@ -51,7 +51,7 @@ typedef struct { ClientPtr client; DeviceIntPtr dev; Bool fromRequest; - int rval; + int status; } XaceDeviceAccessRec; /* XACE_PROPERTY_ACCESS */ @@ -60,14 +60,14 @@ typedef struct { WindowPtr pWin; PropertyPtr pProp; Mask access_mode; - int rval; + int status; } XacePropertyAccessRec; /* XACE_DRAWABLE_ACCESS */ typedef struct { ClientPtr client; DrawablePtr pDraw; - int rval; + int status; } XaceDrawableAccessRec; /* XACE_MAP_ACCESS */ @@ -75,7 +75,7 @@ typedef struct { typedef struct { ClientPtr client; WindowPtr pWin; - int rval; + int status; } XaceMapAccessRec; /* XACE_EXT_DISPATCH */ @@ -83,14 +83,14 @@ typedef struct { typedef struct { ClientPtr client; ExtensionEntry *ext; - int rval; + int status; } XaceExtAccessRec; /* XACE_HOSTLIST_ACCESS */ typedef struct { ClientPtr client; Mask access_mode; - int rval; + int status; } XaceHostlistAccessRec; /* XACE_SELECTION_ACCESS */ @@ -98,14 +98,14 @@ typedef struct { ClientPtr client; Selection *selection; Mask access_mode; - int rval; + int status; } XaceSelectionAccessRec; /* XACE_SITE_POLICY */ typedef struct { char *policyString; int len; - int rval; + int status; } XaceSitePolicyRec; /* XACE_DECLARE_EXT_SECURE */ diff --git a/Xext/xselinux.c b/Xext/xselinux.c index 648bb6efd..3cec21bb1 100644 --- a/Xext/xselinux.c +++ b/Xext/xselinux.c @@ -193,7 +193,7 @@ SwapXID(ClientPtr client, XID id) * class: Security class of the server object being accessed. * perm: Permissions required on the object. * - * Returns: boolean TRUE=allowed, FALSE=denied. + * Returns: X status code. */ static int ServerPerm(ClientPtr client, @@ -211,18 +211,19 @@ ServerPerm(ClientPtr client, if (avc_has_perm(SID(client), RSID(serverClient,idx), class, perm, &AEREF(client), &auditdata) < 0) { - if (errno != EACCES) - ErrorF("ServerPerm: unexpected error %d\n", errno); - return FALSE; + if (errno == EACCES) + return BadAccess; + ErrorF("ServerPerm: unexpected error %d\n", errno); + return BadValue; } } else { ErrorF("No client state in server-perm check!\n"); - return TRUE; + return Success; } - return TRUE; + return Success; } /* @@ -234,7 +235,7 @@ ServerPerm(ClientPtr client, * class: Security class of the resource being accessed. * perm: Permissions required on the resource. * - * Returns: boolean TRUE=allowed, FALSE=denied. + * Returns: X status code. */ static int IDPerm(ClientPtr sclient, @@ -247,7 +248,7 @@ IDPerm(ClientPtr sclient, XSELinuxAuditRec auditdata; if (id == None) - return TRUE; + return Success; CheckXID(id); tclient = clients[CLIENT_ID(id)]; @@ -259,7 +260,7 @@ IDPerm(ClientPtr sclient, */ if (!tclient || !HAVESTATE(tclient) || !HAVESTATE(sclient)) { - return TRUE; + return Success; } auditdata.client = sclient; @@ -269,12 +270,13 @@ IDPerm(ClientPtr sclient, if (avc_has_perm(SID(sclient), RSID(tclient,idx), class, perm, &AEREF(sclient), &auditdata) < 0) { - if (errno != EACCES) - ErrorF("IDPerm: unexpected error %d\n", errno); - return FALSE; + if (errno == EACCES) + return BadAccess; + ErrorF("IDPerm: unexpected error %d\n", errno); + return BadValue; } - return TRUE; + return Success; } /* @@ -501,8 +503,9 @@ FreeClientState(ClientPtr client) #define REQUEST_SIZE_CHECK(client, req) \ (client->req_len >= (sizeof(req) >> 2)) #define IDPERM(client, req, field, class, perm) \ - (REQUEST_SIZE_CHECK(client,req) && \ - IDPerm(client, SwapXID(client,((req*)stuff)->field), class, perm)) + (REQUEST_SIZE_CHECK(client,req) ? \ + IDPerm(client, SwapXID(client,((req*)stuff)->field), class, perm) : \ + BadLength) static int CheckSendEventPerms(ClientPtr client) @@ -513,7 +516,7 @@ CheckSendEventPerms(ClientPtr client) /* might need type bounds checking here */ if (!REQUEST_SIZE_CHECK(client, xSendEventReq)) - return FALSE; + return BadLength; switch (stuff->event.u.u.type) { case SelectionClear: @@ -574,11 +577,11 @@ static int CheckConvertSelectionPerms(ClientPtr client) { register char n; - int rval = TRUE; + int rval = Success; REQUEST(xConvertSelectionReq); if (!REQUEST_SIZE_CHECK(client, xConvertSelectionReq)) - return FALSE; + return BadLength; if (client->swapped) { @@ -591,24 +594,26 @@ CheckConvertSelectionPerms(ClientPtr client) int i = 0; while ((i < NumCurrentSelections) && CurrentSelections[i].selection != stuff->selection) i++; - if (i < NumCurrentSelections) - rval = rval && IDPerm(client, CurrentSelections[i].window, - SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT); - } - rval = rval && IDPerm(client, stuff->requestor, + if (i < NumCurrentSelections) { + rval = IDPerm(client, CurrentSelections[i].window, SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT); - return rval; + if (rval != Success) + return rval; + } + } + return IDPerm(client, stuff->requestor, + SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT); } static int CheckSetSelectionOwnerPerms(ClientPtr client) { register char n; - int rval = TRUE; + int rval = Success; REQUEST(xSetSelectionOwnerReq); if (!REQUEST_SIZE_CHECK(client, xSetSelectionOwnerReq)) - return FALSE; + return BadLength; if (client->swapped) { @@ -621,13 +626,15 @@ CheckSetSelectionOwnerPerms(ClientPtr client) int i = 0; while ((i < NumCurrentSelections) && CurrentSelections[i].selection != stuff->selection) i++; - if (i < NumCurrentSelections) - rval = rval && IDPerm(client, CurrentSelections[i].window, - SECCLASS_WINDOW, WINDOW__CHSELECTION); + if (i < NumCurrentSelections) { + rval = IDPerm(client, CurrentSelections[i].window, + SECCLASS_WINDOW, WINDOW__CHSELECTION); + if (rval != Success) + return rval; + } } - rval = rval && IDPerm(client, stuff->window, + return IDPerm(client, stuff->window, SECCLASS_WINDOW, WINDOW__CHSELECTION); - return rval; } static void @@ -636,7 +643,7 @@ XSELinuxCoreDispatch(CallbackListPtr *pcbl, pointer unused, pointer calldata) XaceCoreDispatchRec *rec = (XaceCoreDispatchRec*)calldata; ClientPtr client = rec->client; REQUEST(xReq); - Bool rval; + int rval = Success, rval2 = Success, rval3 = Success; switch(stuff->reqType) { /* Drawable class control requirements */ @@ -668,9 +675,9 @@ XSELinuxCoreDispatch(CallbackListPtr *pcbl, pointer unused, pointer calldata) case X_CopyArea: case X_CopyPlane: rval = IDPERM(client, xCopyAreaReq, srcDrawable, - SECCLASS_DRAWABLE, DRAWABLE__COPY) - && IDPERM(client, xCopyAreaReq, dstDrawable, - SECCLASS_DRAWABLE, DRAWABLE__DRAW); + SECCLASS_DRAWABLE, DRAWABLE__COPY); + rval2 = IDPERM(client, xCopyAreaReq, dstDrawable, + SECCLASS_DRAWABLE, DRAWABLE__DRAW); break; case X_GetImage: rval = IDPERM(client, xGetImageReq, drawable, @@ -712,12 +719,12 @@ XSELinuxCoreDispatch(CallbackListPtr *pcbl, pointer unused, pointer calldata) case X_CreateWindow: rval = IDPERM(client, xCreateWindowReq, wid, SECCLASS_WINDOW, - WINDOW__CREATE | WINDOW__SETATTR | WINDOW__MOVE) - && IDPERM(client, xCreateWindowReq, parent, - SECCLASS_WINDOW, - WINDOW__CHSTACK | WINDOW__ADDCHILD) - && IDPERM(client, xCreateWindowReq, wid, - SECCLASS_DRAWABLE, DRAWABLE__CREATE); + WINDOW__CREATE | WINDOW__SETATTR | WINDOW__MOVE); + rval2 = IDPERM(client, xCreateWindowReq, parent, + SECCLASS_WINDOW, + WINDOW__CHSTACK | WINDOW__ADDCHILD); + rval3 = IDPERM(client, xCreateWindowReq, wid, + SECCLASS_DRAWABLE, DRAWABLE__CREATE); break; case X_DeleteProperty: rval = IDPERM(client, xDeletePropertyReq, window, @@ -728,9 +735,9 @@ XSELinuxCoreDispatch(CallbackListPtr *pcbl, pointer unused, pointer calldata) case X_DestroySubwindows: rval = IDPERM(client, xResourceReq, id, SECCLASS_WINDOW, - WINDOW__ENUMERATE | WINDOW__UNMAP | WINDOW__DESTROY) - && IDPERM(client, xResourceReq, id, - SECCLASS_DRAWABLE, DRAWABLE__DESTROY); + WINDOW__ENUMERATE | WINDOW__UNMAP | WINDOW__DESTROY); + rval2 = IDPERM(client, xResourceReq, id, + SECCLASS_DRAWABLE, DRAWABLE__DESTROY); break; case X_GetMotionEvents: rval = IDPERM(client, xGetMotionEventsReq, window, @@ -768,26 +775,26 @@ XSELinuxCoreDispatch(CallbackListPtr *pcbl, pointer unused, pointer calldata) break; case X_ReparentWindow: rval = IDPERM(client, xReparentWindowReq, window, - SECCLASS_WINDOW, WINDOW__CHPARENT | WINDOW__MOVE) - && IDPERM(client, xReparentWindowReq, parent, - SECCLASS_WINDOW, WINDOW__CHSTACK | WINDOW__ADDCHILD); + SECCLASS_WINDOW, WINDOW__CHPARENT | WINDOW__MOVE); + rval2 = IDPERM(client, xReparentWindowReq, parent, + SECCLASS_WINDOW, WINDOW__CHSTACK | WINDOW__ADDCHILD); break; case X_SendEvent: rval = CheckSendEventPerms(client); break; case X_SetInputFocus: rval = IDPERM(client, xSetInputFocusReq, focus, - SECCLASS_WINDOW, WINDOW__SETFOCUS) - && ServerPerm(client, SECCLASS_XINPUT, XINPUT__SETFOCUS); + SECCLASS_WINDOW, WINDOW__SETFOCUS); + rval2 = ServerPerm(client, SECCLASS_XINPUT, XINPUT__SETFOCUS); break; case X_SetSelectionOwner: rval = CheckSetSelectionOwnerPerms(client); break; case X_TranslateCoords: rval = IDPERM(client, xTranslateCoordsReq, srcWid, - SECCLASS_WINDOW, WINDOW__GETATTR) - && IDPERM(client, xTranslateCoordsReq, dstWid, SECCLASS_WINDOW, WINDOW__GETATTR); + rval2 = IDPERM(client, xTranslateCoordsReq, dstWid, + SECCLASS_WINDOW, WINDOW__GETATTR); break; case X_UnmapWindow: case X_UnmapSubwindows: @@ -798,10 +805,10 @@ XSELinuxCoreDispatch(CallbackListPtr *pcbl, pointer unused, pointer calldata) break; case X_WarpPointer: rval = IDPERM(client, xWarpPointerReq, srcWid, - SECCLASS_WINDOW, WINDOW__GETATTR) - && IDPERM(client, xWarpPointerReq, dstWid, - SECCLASS_WINDOW, WINDOW__GETATTR) - && ServerPerm(client, SECCLASS_XINPUT, XINPUT__WARPPOINTER); + SECCLASS_WINDOW, WINDOW__GETATTR); + rval2 = IDPERM(client, xWarpPointerReq, dstWid, + SECCLASS_WINDOW, WINDOW__GETATTR); + rval3 = ServerPerm(client, SECCLASS_XINPUT, XINPUT__WARPPOINTER); break; /* Input class control requirements */ @@ -852,16 +859,16 @@ XSELinuxCoreDispatch(CallbackListPtr *pcbl, pointer unused, pointer calldata) break; case X_CopyColormapAndFree: rval = IDPERM(client, xCopyColormapAndFreeReq, mid, - SECCLASS_COLORMAP, COLORMAP__CREATE) - && IDPERM(client, xCopyColormapAndFreeReq, srcCmap, - SECCLASS_COLORMAP, - COLORMAP__READ | COLORMAP__FREE); + SECCLASS_COLORMAP, COLORMAP__CREATE); + rval2 = IDPERM(client, xCopyColormapAndFreeReq, srcCmap, + SECCLASS_COLORMAP, + COLORMAP__READ | COLORMAP__FREE); break; case X_CreateColormap: rval = IDPERM(client, xCreateColormapReq, mid, - SECCLASS_COLORMAP, COLORMAP__CREATE) - && IDPERM(client, xCreateColormapReq, window, - SECCLASS_DRAWABLE, DRAWABLE__DRAW); + SECCLASS_COLORMAP, COLORMAP__CREATE); + rval2 = IDPERM(client, xCreateColormapReq, window, + SECCLASS_DRAWABLE, DRAWABLE__DRAW); break; case X_FreeColormap: rval = IDPERM(client, xResourceReq, id, @@ -873,8 +880,8 @@ XSELinuxCoreDispatch(CallbackListPtr *pcbl, pointer unused, pointer calldata) break; case X_InstallColormap: rval = IDPERM(client, xResourceReq, id, - SECCLASS_COLORMAP, COLORMAP__INSTALL) - && ServerPerm(client, SECCLASS_COLORMAP, COLORMAP__INSTALL); + SECCLASS_COLORMAP, COLORMAP__INSTALL); + rval2 = ServerPerm(client, SECCLASS_COLORMAP, COLORMAP__INSTALL); break; case X_ListInstalledColormaps: rval = ServerPerm(client, SECCLASS_COLORMAP, COLORMAP__LIST); @@ -891,8 +898,8 @@ XSELinuxCoreDispatch(CallbackListPtr *pcbl, pointer unused, pointer calldata) break; case X_UninstallColormap: rval = IDPERM(client, xResourceReq, id, - SECCLASS_COLORMAP, COLORMAP__UNINSTALL) - && ServerPerm(client, SECCLASS_COLORMAP, COLORMAP__UNINSTALL); + SECCLASS_COLORMAP, COLORMAP__UNINSTALL); + rval2 = ServerPerm(client, SECCLASS_COLORMAP, COLORMAP__UNINSTALL); break; /* Font class control requirements */ @@ -907,18 +914,18 @@ XSELinuxCoreDispatch(CallbackListPtr *pcbl, pointer unused, pointer calldata) SECCLASS_DRAWABLE, DRAWABLE__DRAW); break; case X_OpenFont: - rval = ServerPerm(client, SECCLASS_FONT, FONT__LOAD) - && IDPERM(client, xOpenFontReq, fid, - SECCLASS_FONT, FONT__USE); + rval = ServerPerm(client, SECCLASS_FONT, FONT__LOAD); + rval2 = IDPERM(client, xOpenFontReq, fid, + SECCLASS_FONT, FONT__USE); break; case X_PolyText8: case X_PolyText16: /* Font accesses checked through the resource manager */ - rval = ServerPerm(client, SECCLASS_FONT, FONT__LOAD) - && IDPERM(client, xPolyTextReq, gc, - SECCLASS_GC, GC__SETATTR) - && IDPERM(client, xPolyTextReq, drawable, - SECCLASS_DRAWABLE, DRAWABLE__DRAW); + rval = ServerPerm(client, SECCLASS_FONT, FONT__LOAD); + rval2 = IDPERM(client, xPolyTextReq, gc, + SECCLASS_GC, GC__SETATTR); + rval3 = IDPERM(client, xPolyTextReq, drawable, + SECCLASS_DRAWABLE, DRAWABLE__DRAW); break; /* Pixmap class control requirements */ @@ -934,19 +941,19 @@ XSELinuxCoreDispatch(CallbackListPtr *pcbl, pointer unused, pointer calldata) /* Cursor class control requirements */ case X_CreateCursor: rval = IDPERM(client, xCreateCursorReq, cid, - SECCLASS_CURSOR, CURSOR__CREATE) - && IDPERM(client, xCreateCursorReq, source, - SECCLASS_DRAWABLE, DRAWABLE__DRAW) - && IDPERM(client, xCreateCursorReq, mask, - SECCLASS_DRAWABLE, DRAWABLE__COPY); + SECCLASS_CURSOR, CURSOR__CREATE); + rval2 = IDPERM(client, xCreateCursorReq, source, + SECCLASS_DRAWABLE, DRAWABLE__DRAW); + rval3 = IDPERM(client, xCreateCursorReq, mask, + SECCLASS_DRAWABLE, DRAWABLE__COPY); break; case X_CreateGlyphCursor: rval = IDPERM(client, xCreateGlyphCursorReq, cid, - SECCLASS_CURSOR, CURSOR__CREATEGLYPH) - && IDPERM(client, xCreateGlyphCursorReq, source, - SECCLASS_FONT, FONT__USE) - && IDPERM(client, xCreateGlyphCursorReq, mask, - SECCLASS_FONT, FONT__USE); + SECCLASS_CURSOR, CURSOR__CREATEGLYPH); + rval2 = IDPERM(client, xCreateGlyphCursorReq, source, + SECCLASS_FONT, FONT__USE); + rval3 = IDPERM(client, xCreateGlyphCursorReq, mask, + SECCLASS_FONT, FONT__USE); break; case X_RecolorCursor: rval = IDPERM(client, xRecolorCursorReq, cursor, @@ -970,9 +977,9 @@ XSELinuxCoreDispatch(CallbackListPtr *pcbl, pointer unused, pointer calldata) break; case X_CopyGC: rval = IDPERM(client, xCopyGCReq, srcGC, - SECCLASS_GC, GC__GETATTR) - && IDPERM(client, xCopyGCReq, dstGC, - SECCLASS_GC, GC__SETATTR); + SECCLASS_GC, GC__GETATTR); + rval2 = IDPERM(client, xCopyGCReq, dstGC, + SECCLASS_GC, GC__SETATTR); break; case X_FreeGC: rval = IDPERM(client, xResourceReq, id, @@ -1009,11 +1016,14 @@ XSELinuxCoreDispatch(CallbackListPtr *pcbl, pointer unused, pointer calldata) break; default: - rval = TRUE; break; } - if (!rval) - rec->rval = FALSE; + if (rval != Success) + rec->status = rval; + if (rval2 != Success) + rec->status = rval2; + if (rval != Success) + rec->status = rval3; } static void @@ -1050,9 +1060,10 @@ XSELinuxExtDispatch(CallbackListPtr *pcbl, pointer unused, pointer calldata) if (avc_has_perm(SID(client), extsid, SECCLASS_XEXTENSION, perm, &AEREF(client), &auditdata) < 0) { - if (errno != EACCES) - ErrorF("ExtDispatch: unexpected error %d\n", errno); - rec->rval = FALSE; + if (errno == EACCES) + rec->status = BadAccess; + ErrorF("ExtDispatch: unexpected error %d\n", errno); + rec->status = BadValue; } } else ErrorF("No client state in extension dispatcher!\n"); @@ -1096,9 +1107,10 @@ XSELinuxProperty(CallbackListPtr *pcbl, pointer unused, pointer calldata) if (avc_has_perm(SID(client), propsid, SECCLASS_PROPERTY, perm, &AEREF(client), &auditdata) < 0) { - if (errno != EACCES) - ErrorF("Property: unexpected error %d\n", errno); - rec->rval = XaceIgnoreOperation; + if (errno == EACCES) + rec->status = BadAccess; + ErrorF("Property: unexpected error %d\n", errno); + rec->status = BadValue; } } else ErrorF("No client state in property callback!\n"); @@ -1114,7 +1126,7 @@ XSELinuxResLookup(CallbackListPtr *pcbl, pointer unused, pointer calldata) ClientPtr client = rec->client; REQUEST(xReq); access_vector_t perm = 0; - Bool rval = TRUE; + int rval = Success; /* serverClient requests OK */ if (client->index == 0) @@ -1145,35 +1157,35 @@ XSELinuxResLookup(CallbackListPtr *pcbl, pointer unused, pointer calldata) default: break; } - if (!rval) - rec->rval = FALSE; + if (rval != Success) + rec->status = rval; } /* XSELinuxResLookup */ static void XSELinuxMap(CallbackListPtr *pcbl, pointer unused, pointer calldata) { XaceMapAccessRec *rec = (XaceMapAccessRec*)calldata; - if (!IDPerm(rec->client, rec->pWin->drawable.id, - SECCLASS_WINDOW, WINDOW__MAP)) - rec->rval = FALSE; + if (IDPerm(rec->client, rec->pWin->drawable.id, + SECCLASS_WINDOW, WINDOW__MAP) != Success) + rec->status = BadAccess; } /* XSELinuxMap */ static void XSELinuxBackgrnd(CallbackListPtr *pcbl, pointer unused, pointer calldata) { XaceMapAccessRec *rec = (XaceMapAccessRec*)calldata; - if (!IDPerm(rec->client, rec->pWin->drawable.id, - SECCLASS_WINDOW, WINDOW__TRANSPARENT)) - rec->rval = FALSE; + if (IDPerm(rec->client, rec->pWin->drawable.id, + SECCLASS_WINDOW, WINDOW__TRANSPARENT) != Success) + rec->status = BadAccess; } /* XSELinuxBackgrnd */ static void XSELinuxDrawable(CallbackListPtr *pcbl, pointer unused, pointer calldata) { XaceDrawableAccessRec *rec = (XaceDrawableAccessRec*)calldata; - if (!IDPerm(rec->client, rec->pDraw->id, - SECCLASS_DRAWABLE, DRAWABLE__COPY)) - rec->rval = FALSE; + if (IDPerm(rec->client, rec->pDraw->id, + SECCLASS_DRAWABLE, DRAWABLE__COPY) != Success) + rec->status = BadAccess; } /* XSELinuxDrawable */ static void @@ -1183,8 +1195,8 @@ XSELinuxHostlist(CallbackListPtr *pcbl, pointer unused, pointer calldata) access_vector_t perm = (rec->access_mode == DixReadAccess) ? XSERVER__GETHOSTLIST : XSERVER__SETHOSTLIST; - if (!ServerPerm(rec->client, SECCLASS_XSERVER, perm)) - rec->rval = FALSE; + if (ServerPerm(rec->client, SECCLASS_XSERVER, perm) != Success) + rec->status = BadAccess; } /* XSELinuxHostlist */ /* Extension callbacks */ diff --git a/dix/devices.c b/dix/devices.c index 1ce6be666..5ffa81daf 100644 --- a/dix/devices.c +++ b/dix/devices.c @@ -1206,7 +1206,7 @@ DoSetModifierMapping(ClientPtr client, KeyCode *inputMap, } } - if (!XaceHook(XACE_DEVICE_ACCESS, client, pDev, TRUE)) + if (XaceHook(XACE_DEVICE_ACCESS, client, pDev, TRUE) != Success) return BadAccess; /* None of the modifiers (old or new) may be down while we change @@ -1330,7 +1330,7 @@ ProcChangeKeyboardMapping(ClientPtr client) for (pDev = inputInfo.devices; pDev; pDev = pDev->next) { if ((pDev->coreEvents || pDev == inputInfo.keyboard) && pDev->key) { - if (!XaceHook(XACE_DEVICE_ACCESS, client, pDev, TRUE)) + if (XaceHook(XACE_DEVICE_ACCESS, client, pDev, TRUE) != Success) return BadAccess; } } @@ -1682,7 +1682,7 @@ ProcChangeKeyboardControl (ClientPtr client) for (pDev = inputInfo.devices; pDev; pDev = pDev->next) { if ((pDev->coreEvents || pDev == inputInfo.keyboard) && pDev->kbdfeed && pDev->kbdfeed->CtrlProc) { - if (!XaceHook(XACE_DEVICE_ACCESS, client, pDev, TRUE)) + if (XaceHook(XACE_DEVICE_ACCESS, client, pDev, TRUE) != Success) return BadAccess; } } @@ -1944,10 +1944,10 @@ ProcQueryKeymap(ClientPtr client) rep.length = 2; if (XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE)) + bzero((char *)&rep.map[0], 32); + else for (i = 0; i<32; i++) rep.map[i] = down[i]; - else - bzero((char *)&rep.map[0], 32); WriteReplyToClient(client, sizeof(xQueryKeymapReply), &rep); return Success; diff --git a/dix/dispatch.c b/dix/dispatch.c index 0a86dc5fe..4519d8582 100644 --- a/dix/dispatch.c +++ b/dix/dispatch.c @@ -1120,7 +1120,7 @@ ProcGetSelectionOwner(ClientPtr client) reply.sequenceNumber = client->sequence; if (i < NumCurrentSelections && XaceHook(XACE_SELECTION_ACCESS, client, &CurrentSelections[i], - DixReadAccess)) + DixReadAccess) == Success) reply.owner = CurrentSelections[i].destwindow; else reply.owner = None; @@ -1161,7 +1161,7 @@ ProcConvertSelection(ClientPtr client) if ((i < NumCurrentSelections) && (CurrentSelections[i].window != None) && XaceHook(XACE_SELECTION_ACCESS, client, &CurrentSelections[i], - DixReadAccess)) + DixReadAccess) == Success) { event.u.u.type = SelectionRequest; event.u.selectionRequest.time = stuff->time; @@ -2276,7 +2276,7 @@ DoGetImage(ClientPtr client, int format, Drawable drawable, } if (pDraw->type == DRAWABLE_WINDOW && - !XaceHook(XACE_DRAWABLE_ACCESS, client, pDraw)) + XaceHook(XACE_DRAWABLE_ACCESS, client, pDraw) != Success) { pVisibleRegion = NotClippedByChildren((WindowPtr)pDraw); if (pVisibleRegion) @@ -3343,8 +3343,9 @@ ProcListHosts(ClientPtr client) REQUEST_SIZE_MATCH(xListHostsReq); /* untrusted clients can't list hosts */ - if (!XaceHook(XACE_HOSTLIST_ACCESS, client, DixReadAccess)) - return BadAccess; + result = XaceHook(XACE_HOSTLIST_ACCESS, client, DixReadAccess); + if (result != Success) + return result; result = GetHosts(&pdata, &nHosts, &len, &reply.enabled); if (result != Success) diff --git a/dix/dixutils.c b/dix/dixutils.c index e97a791a8..4d082cd58 100644 --- a/dix/dixutils.c +++ b/dix/dixutils.c @@ -209,6 +209,8 @@ dixLookupDrawable(DrawablePtr *pDraw, XID id, ClientPtr client, { DrawablePtr pTmp; RESTYPE rtype; + int rc; + *pDraw = NULL; client->errorValue = id; @@ -220,8 +222,9 @@ dixLookupDrawable(DrawablePtr *pDraw, XID id, ClientPtr client, /* an access check is required for cached drawables */ rtype = (type & M_WINDOW) ? RT_WINDOW : RT_PIXMAP; - if (!XaceHook(XACE_RESOURCE_ACCESS, client, id, rtype, access, pTmp)) - return BadDrawable; + rc = XaceHook(XACE_RESOURCE_ACCESS, client, id, rtype, access, pTmp); + if (rc != Success) + return rc; } else dixLookupResource((void **)&pTmp, id, RC_DRAWABLE, client, access); diff --git a/dix/events.c b/dix/events.c index bc6b6ae97..88895b5f2 100644 --- a/dix/events.c +++ b/dix/events.c @@ -2682,7 +2682,7 @@ CheckPassiveGrabsOnWindow( (grab->confineTo->realized && BorderSizeNotEmpty(grab->confineTo)))) { - if (!XaceHook(XACE_DEVICE_ACCESS, wClient(pWin), device, FALSE)) + if (XaceHook(XACE_DEVICE_ACCESS, wClient(pWin), device, FALSE)) return FALSE; #ifdef XKB if (!noXkbExtension) { @@ -3529,7 +3529,7 @@ EnterLeaveEvent( xKeymapEvent ke; ClientPtr client = grab ? rClient(grab) : clients[CLIENT_ID(pWin->drawable.id)]; - if (XaceHook(XACE_DEVICE_ACCESS, client, keybd, FALSE)) + if (XaceHook(XACE_DEVICE_ACCESS, client, keybd, FALSE) == Success) memmove((char *)&ke.map[0], (char *)&keybd->key->down[1], 31); else bzero((char *)&ke.map[0], 31); @@ -3636,7 +3636,7 @@ FocusEvent(DeviceIntPtr dev, int type, int mode, int detail, WindowPtr pWin) { xKeymapEvent ke; ClientPtr client = clients[CLIENT_ID(pWin->drawable.id)]; - if (XaceHook(XACE_DEVICE_ACCESS, client, dev, FALSE)) + if (XaceHook(XACE_DEVICE_ACCESS, client, dev, FALSE) == Success) memmove((char *)&ke.map[0], (char *)&dev->key->down[1], 31); else bzero((char *)&ke.map[0], 31); @@ -3924,7 +3924,7 @@ ProcSetInputFocus(client) REQUEST_SIZE_MATCH(xSetInputFocusReq); - if (!XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE)) + if (XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE)) return Success; return SetInputFocus(client, inputInfo.keyboard, stuff->focus, @@ -4239,15 +4239,14 @@ ProcGrabKeyboard(ClientPtr client) REQUEST_SIZE_MATCH(xGrabKeyboardReq); - if (XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE)) - result = GrabDevice(client, inputInfo.keyboard, stuff->keyboardMode, + if (XaceHook(XACE_DEVICE_ACCESS, client, inputInfo.keyboard, TRUE)) { + result = Success; + rep.status = AlreadyGrabbed; + } else + result = GrabDevice(client, inputInfo.keyboard, stuff->keyboardMode, stuff->pointerMode, stuff->grabWindow, stuff->ownerEvents, stuff->time, KeyPressMask | KeyReleaseMask, &rep.status); - else { - result = Success; - rep.status = AlreadyGrabbed; - } if (result != Success) return result; diff --git a/dix/extension.c b/dix/extension.c index d409c3f75..ad4e697b1 100644 --- a/dix/extension.c +++ b/dix/extension.c @@ -319,7 +319,7 @@ ProcQueryExtension(ClientPtr client) else { i = FindExtension((char *)&stuff[1], stuff->nbytes); - if (i < 0 || !XaceHook(XACE_EXT_ACCESS, client, extensions[i])) + if (i < 0 || XaceHook(XACE_EXT_ACCESS, client, extensions[i])) reply.present = xFalse; else { @@ -355,7 +355,7 @@ ProcListExtensions(ClientPtr client) for (i=0; i<NumExtensions; i++) { /* call callbacks to find out whether to show extension */ - if (!XaceHook(XACE_EXT_ACCESS, client, extensions[i])) + if (XaceHook(XACE_EXT_ACCESS, client, extensions[i]) != Success) continue; total_length += strlen(extensions[i]->name) + 1; @@ -370,7 +370,7 @@ ProcListExtensions(ClientPtr client) for (i=0; i<NumExtensions; i++) { int len; - if (!XaceHook(XACE_EXT_ACCESS, client, extensions[i])) + if (XaceHook(XACE_EXT_ACCESS, client, extensions[i]) != Success) continue; *bufptr++ = len = strlen(extensions[i]->name); diff --git a/dix/property.c b/dix/property.c index 8deb62180..09f9e3152 100644 --- a/dix/property.c +++ b/dix/property.c @@ -144,16 +144,12 @@ ProcRotateProperties(ClientPtr client) DEALLOCATE_LOCAL(props); return BadMatch; } - switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin, pProp, - DixReadAccess|DixWriteAccess)) - { - case XaceErrorOperation: + rc = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, pProp, + DixReadAccess|DixWriteAccess); + if (rc != Success) { DEALLOCATE_LOCAL(props); client->errorValue = atoms[i]; - return BadAtom; - case XaceIgnoreOperation: - DEALLOCATE_LOCAL(props); - return Success; + return (rc == XaceIgnoreError) ? Success : rc; } props[i] = pProp; } @@ -246,8 +242,7 @@ dixChangeWindowProperty(ClientPtr pClient, WindowPtr pWin, Atom property, { PropertyPtr pProp; xEvent event; - int sizeInBytes; - int totalSize; + int sizeInBytes, totalSize, rc; pointer data; sizeInBytes = format>>3; @@ -277,32 +272,24 @@ dixChangeWindowProperty(ClientPtr pClient, WindowPtr pWin, Atom property, memmove((char *)data, (char *)value, totalSize); pProp->size = len; pProp->devPrivates = NULL; - switch (XaceHook(XACE_PROPERTY_ACCESS, pClient, pWin, pProp, - DixCreateAccess)) - { - case XaceErrorOperation: + rc = XaceHook(XACE_PROPERTY_ACCESS, pClient, pWin, pProp, + DixCreateAccess); + if (rc != Success) { xfree(data); xfree(pProp); pClient->errorValue = property; - return BadAtom; - case XaceIgnoreOperation: - xfree(data); - xfree(pProp); - return Success; + return (rc == XaceIgnoreError) ? Success : rc; } pProp->next = pWin->optional->userProps; pWin->optional->userProps = pProp; } else { - switch (XaceHook(XACE_PROPERTY_ACCESS, pClient, pWin, pProp, - DixWriteAccess)) - { - case XaceErrorOperation: + rc = XaceHook(XACE_PROPERTY_ACCESS, pClient, pWin, pProp, + DixWriteAccess); + if (rc != Success) { pClient->errorValue = property; - return BadAtom; - case XaceIgnoreOperation: - return Success; + return (rc == XaceIgnoreError) ? Success : rc; } /* To append or prepend to a property the request format and type must match those of the already defined property. The @@ -471,7 +458,8 @@ int ProcGetProperty(ClientPtr client) { PropertyPtr pProp, prevProp; - unsigned long n, len, ind, rc; + unsigned long n, len, ind; + int rc; WindowPtr pWin; xGetPropertyReply reply; Mask access_mode = DixReadAccess; @@ -517,13 +505,12 @@ ProcGetProperty(ClientPtr client) if (stuff->delete) access_mode |= DixDestroyAccess; - switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin, pProp, access_mode)) - { - case XaceErrorOperation: + + rc = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, pProp, access_mode); + if (rc != Success) { client->errorValue = stuff->property; - return BadAtom;; - case XaceIgnoreOperation: - return NullPropertyReply(client, pProp->type, pProp->format, &reply); + return (rc == XaceIgnoreError) ? + NullPropertyReply(client, pProp->type, pProp->format, &reply) : rc; } /* If the request type and actual type don't match. Return the @@ -669,14 +656,11 @@ ProcDeleteProperty(ClientPtr client) return (BadAtom); } - switch (XaceHook(XACE_PROPERTY_ACCESS, client, pWin, - FindProperty(pWin, stuff->property), DixDestroyAccess)) - { - case XaceErrorOperation: + result = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, + FindProperty(pWin, stuff->property), DixDestroyAccess); + if (result != Success) { client->errorValue = stuff->property; - return BadAtom;; - case XaceIgnoreOperation: - return Success; + return (result == XaceIgnoreError) ? Success : result; } result = DeleteProperty(pWin, stuff->property); diff --git a/dix/resource.c b/dix/resource.c index e1bb74f64..67124c754 100644 --- a/dix/resource.c +++ b/dix/resource.c @@ -918,12 +918,16 @@ dixLookupResource(pointer *result, XID id, RESTYPE rtype, (!istype && res->type & rtype))) break; } - if (res) { - if (client && !XaceHook(XACE_RESOURCE_ACCESS, client, id, res->type, - mode, res->value)) - return BadAccess; - *result = res->value; - return Success; + if (!res) + return BadValue; + + if (client) { + cid = XaceHook(XACE_RESOURCE_ACCESS, client, id, res->type, + mode, res->value); + if (cid != Success) + return cid; } - return BadValue; + + *result = res->value; + return Success; } diff --git a/dix/window.c b/dix/window.c index b50594797..95b7b168c 100644 --- a/dix/window.c +++ b/dix/window.c @@ -732,17 +732,16 @@ CreateWindow(Window wid, WindowPtr pParent, int x, int y, unsigned w, /* security creation/labeling check */ - if (!XaceHook(XACE_RESOURCE_ACCESS, client, - wid, RT_WINDOW, DixCreateAccess, pWin)) - { + *error = XaceHook(XACE_RESOURCE_ACCESS, client, wid, RT_WINDOW, + DixCreateAccess, pWin); + if (*error != Success) { xfree(pWin); - *error = BadAccess; return NullWindow; } /* can't let untrusted clients have background None windows; * they make it too easy to steal window contents */ - if (XaceHook(XACE_BACKGRND_ACCESS, client, pWin)) + if (XaceHook(XACE_BACKGRND_ACCESS, client, pWin) == Success) pWin->backgroundState = None; else { pWin->backgroundState = BackgroundPixel; @@ -1052,7 +1051,7 @@ ChangeWindowAttributes(WindowPtr pWin, Mask vmask, XID *vlist, ClientPtr client) if (pixID == None) { /* can't let untrusted clients have background None windows */ - if (XaceHook(XACE_BACKGRND_ACCESS, client, pWin)) { + if (XaceHook(XACE_BACKGRND_ACCESS, client, pWin) == Success) { if (pWin->backgroundState == BackgroundPixmap) (*pScreen->DestroyPixmap)(pWin->background.pixmap); if (!pWin->parent) @@ -2773,7 +2772,7 @@ MapWindow(WindowPtr pWin, ClientPtr client) return(Success); /* general check for permission to map window */ - if (!XaceHook(XACE_MAP_ACCESS, client, pWin)) + if (XaceHook(XACE_MAP_ACCESS, client, pWin) != Success) return Success; pScreen = pWin->drawable.pScreen; diff --git a/os/access.c b/os/access.c index 221b8cbcd..d9fcd4466 100644 --- a/os/access.c +++ b/os/access.c @@ -1528,7 +1528,7 @@ AuthorizedClient(ClientPtr client) return TRUE; /* untrusted clients can't change host access */ - if (!XaceHook(XACE_HOSTLIST_ACCESS, client, DixWriteAccess)) + if (XaceHook(XACE_HOSTLIST_ACCESS, client, DixWriteAccess) != Success) return FALSE; return LocalClient(client); |