diff options
| author | Eamon Walsh <ewalsh@tycho.nsa.gov> | 2007-11-09 14:45:27 -0500 |
|---|---|---|
| committer | Eamon Walsh <ewalsh@moss-charon.epoch.ncsc.mil> | 2007-11-09 15:00:15 -0500 |
| commit | 45f884d79c0eebaa1eb24d7db76c1177f6b710c9 (patch) | |
| tree | 8bcd70e64ce4ef41914daa9a9564be38622f82f6 /Xext/xselinux.c | |
| parent | b092856baba5bd43b23950f23236b5cc3ce78c1e (diff) | |
xselinux: add new synthetic_event security class, and fix registry code.
Diffstat (limited to 'Xext/xselinux.c')
| -rw-r--r-- | Xext/xselinux.c | 36 |
1 files changed, 19 insertions, 17 deletions
diff --git a/Xext/xselinux.c b/Xext/xselinux.c index f6d1dcd4b..eed78f4fe 100644 --- a/Xext/xselinux.c +++ b/Xext/xselinux.c @@ -129,6 +129,7 @@ static struct security_class_mapping map[] = { { "x_server", { "record", "", "", "", "getattr", "setattr", "", "", "", "", "", "", "", "", "", "", "", "grab", "", "", "", "", "", "", "", "manage", "debug", NULL }}, { "x_extension", { "", "", "", "", "query", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "use", NULL }}, { "x_event", { "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "send", "receive", NULL }}, + { "x_synthetic_event", { "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "send", "receive", NULL }}, { "x_resource", { "read", "write", "write", "write", "read", "write", "read", "read", "write", "read", "write", "read", "write", "write", "write", "read", "read", "write", "write", "write", "write", "write", "write", "read", "read", "write", "read", "write", NULL }}, { NULL } }; @@ -501,9 +502,10 @@ static void SELinuxSend(CallbackListPtr *pcbl, pointer unused, pointer calldata) { XaceSendAccessRec *rec = calldata; - SELinuxStateRec *subj, *obj; + SELinuxStateRec *subj, *obj, ev_sid; SELinuxAuditRec auditdata = { .client = rec->client }; - int rc, i, clientIndex; + security_class_t class; + int rc, i, type, clientIndex; if (rec->dev) { subj = dixLookupPrivate(&rec->dev->devPrivates, stateKey); @@ -523,14 +525,15 @@ SELinuxSend(CallbackListPtr *pcbl, pointer unused, pointer calldata) /* Check send permission on specific event types */ for (i = 0; i < rec->count; i++) { - SELinuxStateRec ev_sid; + type = rec->events[i].u.u.type; + class = (type & 128) ? SECCLASS_X_FAKEEVENT : SECCLASS_X_EVENT; - rc = SELinuxEventToSID(rec->events[i].u.u.type, obj->sid, &ev_sid); + rc = SELinuxEventToSID(type, obj->sid, &ev_sid); if (rc != Success) goto err; auditdata.event = rec->events[i].u.u.type; - rc = SELinuxDoCheck(clientIndex, subj, &ev_sid, SECCLASS_X_EVENT, + rc = SELinuxDoCheck(clientIndex, subj, &ev_sid, class, DixSendAccess, &auditdata); if (rc != Success) goto err; @@ -1073,7 +1076,6 @@ ProcSELinuxSetDeviceContext(ClientPtr client) state = dixLookupPrivate(&dev->devPrivates, stateKey); sidput(state->sid); state->sid = sid; - ErrorF("I really, actually did relabel a device to %s\n", ctx); return Success; } @@ -1397,26 +1399,26 @@ XSELinuxExtensionInit(INITARGS) SELinuxLabelInitial(); /* Add names to registry */ - RegisterRequestName(X_SELinuxQueryVersion, 0, + RegisterRequestName(extEntry->base, X_SELinuxQueryVersion, XSELINUX_EXTENSION_NAME ":SELinuxQueryVersion"); - RegisterRequestName(X_SELinuxSetSelectionManager, 0, + RegisterRequestName(extEntry->base, X_SELinuxSetSelectionManager, XSELINUX_EXTENSION_NAME ":SELinuxSetSelectionManager"); - RegisterRequestName(X_SELinuxGetSelectionManager, 0, + RegisterRequestName(extEntry->base, X_SELinuxGetSelectionManager, XSELINUX_EXTENSION_NAME ":SELinuxGetSelectionManager"); - RegisterRequestName(X_SELinuxSetDeviceContext, 0, + RegisterRequestName(extEntry->base, X_SELinuxSetDeviceContext, XSELINUX_EXTENSION_NAME ":SELinuxSetDeviceContext"); - RegisterRequestName(X_SELinuxGetDeviceContext, 0, + RegisterRequestName(extEntry->base, X_SELinuxGetDeviceContext, XSELINUX_EXTENSION_NAME ":SELinuxGetDeviceContext"); - RegisterRequestName(X_SELinuxSetPropertyCreateContext, 0, + RegisterRequestName(extEntry->base, X_SELinuxSetPropertyCreateContext, XSELINUX_EXTENSION_NAME ":SELinuxSetPropertyCreateContext"); - RegisterRequestName(X_SELinuxGetPropertyCreateContext, 0, + RegisterRequestName(extEntry->base, X_SELinuxGetPropertyCreateContext, XSELINUX_EXTENSION_NAME ":SELinuxGetPropertyCreateContext"); - RegisterRequestName(X_SELinuxGetPropertyContext, 0, + RegisterRequestName(extEntry->base, X_SELinuxGetPropertyContext, XSELINUX_EXTENSION_NAME ":SELinuxGetPropertyContext"); - RegisterRequestName(X_SELinuxSetWindowCreateContext, 0, + RegisterRequestName(extEntry->base, X_SELinuxSetWindowCreateContext, XSELINUX_EXTENSION_NAME ":SELinuxSetWindowCreateContext"); - RegisterRequestName(X_SELinuxGetWindowCreateContext, 0, + RegisterRequestName(extEntry->base, X_SELinuxGetWindowCreateContext, XSELINUX_EXTENSION_NAME ":SELinuxGetWindowCreateContext"); - RegisterRequestName(X_SELinuxGetWindowContext, 0, + RegisterRequestName(extEntry->base, X_SELinuxGetWindowContext, XSELINUX_EXTENSION_NAME ":SELinuxGetWindowContext"); } |