summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEamon Walsh <ewalsh@tycho.nsa.gov>2007-08-13 13:40:47 -0400
committerEamon Walsh <ewalsh@moss-charon.epoch.ncsc.mil>2007-08-13 13:44:33 -0400
commit2763056ab5ae31bed422a0948198d98c6ace6d55 (patch)
tree9a33e4507fb823a6d9ec55eefdcae27d32a72642
parentd744df32a15103aa14237175f506350d25b2fec0 (diff)
xace: add hooks + new access codes: core protocol window requests
-rw-r--r--dix/dispatch.c53
-rw-r--r--dix/window.c162
-rw-r--r--include/window.h2
3 files changed, 112 insertions, 105 deletions
diff --git a/dix/dispatch.c b/dix/dispatch.c
index 83d761ba1..1c40e2fcb 100644
--- a/dix/dispatch.c
+++ b/dix/dispatch.c
@@ -556,12 +556,12 @@ ProcCreateWindow(ClientPtr client)
{
WindowPtr pParent, pWin;
REQUEST(xCreateWindowReq);
- int result, len, rc;
+ int len, rc;
REQUEST_AT_LEAST_SIZE(xCreateWindowReq);
LEGAL_NEW_RESOURCE(stuff->wid, client);
- rc = dixLookupWindow(&pParent, stuff->parent, client, DixWriteAccess);
+ rc = dixLookupWindow(&pParent, stuff->parent, client, DixAddAccess);
if (rc != Success)
return rc;
len = client->req_len - (sizeof(xCreateWindowReq) >> 2);
@@ -577,7 +577,7 @@ ProcCreateWindow(ClientPtr client)
stuff->borderWidth, stuff->class,
stuff->mask, (XID *) &stuff[1],
(int)stuff->depth,
- client, stuff->visual, &result);
+ client, stuff->visual, &rc);
if (pWin)
{
Mask mask = pWin->eventMask;
@@ -590,7 +590,7 @@ ProcCreateWindow(ClientPtr client)
if (client->noClientException != Success)
return(client->noClientException);
else
- return(result);
+ return rc;
}
int
@@ -602,7 +602,7 @@ ProcChangeWindowAttributes(ClientPtr client)
int len, rc;
REQUEST_AT_LEAST_SIZE(xChangeWindowAttributesReq);
- rc = dixLookupWindow(&pWin, stuff->window, client, DixWriteAccess);
+ rc = dixLookupWindow(&pWin, stuff->window, client, DixSetAttrAccess);
if (rc != Success)
return rc;
len = client->req_len - (sizeof(xChangeWindowAttributesReq) >> 2);
@@ -627,7 +627,7 @@ ProcGetWindowAttributes(ClientPtr client)
int rc;
REQUEST_SIZE_MATCH(xResourceReq);
- rc = dixLookupWindow(&pWin, stuff->id, client, DixReadAccess);
+ rc = dixLookupWindow(&pWin, stuff->id, client, DixGetAttrAccess);
if (rc != Success)
return rc;
GetWindowAttributes(pWin, client, &wa);
@@ -646,8 +646,13 @@ ProcDestroyWindow(ClientPtr client)
rc = dixLookupWindow(&pWin, stuff->id, client, DixDestroyAccess);
if (rc != Success)
return rc;
- if (pWin->parent)
+ if (pWin->parent) {
+ rc = dixLookupWindow(&pWin, pWin->parent->drawable.id, client,
+ DixRemoveAccess);
+ if (rc != Success)
+ return rc;
FreeResource(stuff->id, RT_NONE);
+ }
return(client->noClientException);
}
@@ -659,7 +664,7 @@ ProcDestroySubwindows(ClientPtr client)
int rc;
REQUEST_SIZE_MATCH(xResourceReq);
- rc = dixLookupWindow(&pWin, stuff->id, client, DixDestroyAccess);
+ rc = dixLookupWindow(&pWin, stuff->id, client, DixRemoveAccess);
if (rc != Success)
return rc;
DestroySubwindows(pWin, client);
@@ -674,7 +679,7 @@ ProcChangeSaveSet(ClientPtr client)
int result, rc;
REQUEST_SIZE_MATCH(xChangeSaveSetReq);
- rc = dixLookupWindow(&pWin, stuff->window, client, DixReadAccess);
+ rc = dixLookupWindow(&pWin, stuff->window, client, DixManageAccess);
if (rc != Success)
return rc;
if (client->clientAsMask == (CLIENT_BITS(pWin->drawable.id)))
@@ -702,10 +707,10 @@ ProcReparentWindow(ClientPtr client)
int result, rc;
REQUEST_SIZE_MATCH(xReparentWindowReq);
- rc = dixLookupWindow(&pWin, stuff->window, client, DixWriteAccess);
+ rc = dixLookupWindow(&pWin, stuff->window, client, DixManageAccess);
if (rc != Success)
return rc;
- rc = dixLookupWindow(&pParent, stuff->parent, client, DixWriteAccess);
+ rc = dixLookupWindow(&pParent, stuff->parent, client, DixAddAccess);
if (rc != Success)
return rc;
if (SAME_SCREENS(pWin->drawable, pParent->drawable))
@@ -735,7 +740,7 @@ ProcMapWindow(ClientPtr client)
int rc;
REQUEST_SIZE_MATCH(xResourceReq);
- rc = dixLookupWindow(&pWin, stuff->id, client, DixReadAccess);
+ rc = dixLookupWindow(&pWin, stuff->id, client, DixShowAccess);
if (rc != Success)
return rc;
MapWindow(pWin, client);
@@ -751,7 +756,7 @@ ProcMapSubwindows(ClientPtr client)
int rc;
REQUEST_SIZE_MATCH(xResourceReq);
- rc = dixLookupWindow(&pWin, stuff->id, client, DixReadAccess);
+ rc = dixLookupWindow(&pWin, stuff->id, client, DixListAccess);
if (rc != Success)
return rc;
MapSubwindows(pWin, client);
@@ -767,7 +772,7 @@ ProcUnmapWindow(ClientPtr client)
int rc;
REQUEST_SIZE_MATCH(xResourceReq);
- rc = dixLookupWindow(&pWin, stuff->id, client, DixReadAccess);
+ rc = dixLookupWindow(&pWin, stuff->id, client, DixHideAccess);
if (rc != Success)
return rc;
UnmapWindow(pWin, FALSE);
@@ -783,7 +788,7 @@ ProcUnmapSubwindows(ClientPtr client)
int rc;
REQUEST_SIZE_MATCH(xResourceReq);
- rc = dixLookupWindow(&pWin, stuff->id, client, DixReadAccess);
+ rc = dixLookupWindow(&pWin, stuff->id, client, DixListAccess);
if (rc != Success)
return rc;
UnmapSubwindows(pWin);
@@ -799,7 +804,8 @@ ProcConfigureWindow(ClientPtr client)
int len, rc;
REQUEST_AT_LEAST_SIZE(xConfigureWindowReq);
- rc = dixLookupWindow(&pWin, stuff->window, client, DixWriteAccess);
+ rc = dixLookupWindow(&pWin, stuff->window, client,
+ DixManageAccess|DixSetAttrAccess);
if (rc != Success)
return rc;
len = client->req_len - (sizeof(xConfigureWindowReq) >> 2);
@@ -827,7 +833,7 @@ ProcCirculateWindow(ClientPtr client)
client->errorValue = stuff->direction;
return BadValue;
}
- rc = dixLookupWindow(&pWin, stuff->window, client, DixWriteAccess);
+ rc = dixLookupWindow(&pWin, stuff->window, client, DixManageAccess);
if (rc != Success)
return rc;
CirculateWindow(pWin, (int)stuff->direction, client);
@@ -842,7 +848,7 @@ GetGeometry(ClientPtr client, xGetGeometryReply *rep)
REQUEST(xResourceReq);
REQUEST_SIZE_MATCH(xResourceReq);
- rc = dixLookupDrawable(&pDraw, stuff->id, client, M_ANY, DixReadAccess);
+ rc = dixLookupDrawable(&pDraw, stuff->id, client, M_ANY, DixGetAttrAccess);
if (rc != Success)
return rc;
@@ -903,7 +909,7 @@ ProcQueryTree(ClientPtr client)
REQUEST(xResourceReq);
REQUEST_SIZE_MATCH(xResourceReq);
- rc = dixLookupWindow(&pWin, stuff->id, client, DixReadAccess);
+ rc = dixLookupWindow(&pWin, stuff->id, client, DixListAccess);
if (rc != Success)
return rc;
reply.type = X_Reply;
@@ -1260,10 +1266,10 @@ ProcTranslateCoords(ClientPtr client)
int rc;
REQUEST_SIZE_MATCH(xTranslateCoordsReq);
- rc = dixLookupWindow(&pWin, stuff->srcWid, client, DixReadAccess);
+ rc = dixLookupWindow(&pWin, stuff->srcWid, client, DixGetAttrAccess);
if (rc != Success)
return rc;
- rc = dixLookupWindow(&pDst, stuff->dstWid, client, DixReadAccess);
+ rc = dixLookupWindow(&pDst, stuff->dstWid, client, DixGetAttrAccess);
if (rc != Success)
return rc;
rep.type = X_Reply;
@@ -3233,12 +3239,15 @@ ProcQueryBestSize (ClientPtr client)
}
rc = dixLookupDrawable(&pDraw, stuff->drawable, client, M_ANY,
- DixReadAccess);
+ DixGetAttrAccess);
if (rc != Success)
return rc;
if (stuff->class != CursorShape && pDraw->type == UNDRAWABLE_WINDOW)
return (BadMatch);
pScreen = pDraw->pScreen;
+ rc = XaceHook(XACE_SCREEN_ACCESS, client, pScreen, DixGetAttrAccess);
+ if (rc != Success)
+ return rc;
(* pScreen->QueryBestSize)(stuff->class, &stuff->width,
&stuff->height, pScreen);
reply.type = X_Reply;
diff --git a/dix/window.c b/dix/window.c
index 2f151b09c..3addc73cd 100644
--- a/dix/window.c
+++ b/dix/window.c
@@ -733,20 +733,14 @@ CreateWindow(Window wid, WindowPtr pParent, int x, int y, unsigned w,
/* security creation/labeling check
*/
*error = XaceHook(XACE_RESOURCE_ACCESS, client, wid, RT_WINDOW,
- DixCreateAccess, pWin);
+ DixCreateAccess|DixSetAttrAccess, pWin);
if (*error != Success) {
xfree(pWin);
return NullWindow;
}
- /* can't let untrusted clients have background None windows;
- * they make it too easy to steal window contents
- */
- if (XaceHook(XACE_BACKGRND_ACCESS, client, pWin) == Success)
- pWin->backgroundState = None;
- else {
- pWin->backgroundState = BackgroundPixel;
- pWin->background.pixel = 0;
- }
+
+ pWin->backgroundState = BackgroundPixel;
+ pWin->background.pixel = 0;
pWin->borderIsPixel = pParent->borderIsPixel;
pWin->border = pParent->border;
@@ -980,7 +974,7 @@ DeleteWindow(pointer value, XID wid)
return Success;
}
-void
+int
DestroySubwindows(WindowPtr pWin, ClientPtr client)
{
/* XXX
@@ -992,8 +986,15 @@ DestroySubwindows(WindowPtr pWin, ClientPtr client)
* If you care, simply delete the call to UnmapSubwindows.
*/
UnmapSubwindows(pWin);
- while (pWin->lastChild)
+ while (pWin->lastChild) {
+ int rc = XaceHook(XACE_RESOURCE_ACCESS, client,
+ pWin->lastChild->drawable.id, RT_WINDOW,
+ DixDestroyAccess, pWin->lastChild);
+ if (rc != Success)
+ return rc;
FreeResource(pWin->lastChild->drawable.id, RT_NONE);
+ }
+ return Success;
}
#define DeviceEventMasks (KeyPressMask | KeyReleaseMask | ButtonPressMask | \
@@ -1010,25 +1011,20 @@ DestroySubwindows(WindowPtr pWin, ClientPtr client)
_X_EXPORT int
ChangeWindowAttributes(WindowPtr pWin, Mask vmask, XID *vlist, ClientPtr client)
{
- Mask index2;
XID *pVlist;
PixmapPtr pPixmap;
Pixmap pixID;
CursorPtr pCursor, pOldCursor;
Cursor cursorID;
- WindowPtr pChild;
+ WindowPtr pChild, pLayerWin;
Colormap cmap;
ColormapPtr pCmap;
xEvent xE;
- int result;
+ int error, rc;
ScreenPtr pScreen;
- Mask vmaskCopy = 0;
- Mask tmask;
+ Mask index2, tmask, vmaskCopy = 0;
unsigned int val;
- int error;
- Bool checkOptional = FALSE;
- Bool borderRelative = FALSE;
- WindowPtr pLayerWin;
+ Bool checkOptional = FALSE, borderRelative = FALSE;
if ((pWin->drawable.class == InputOnly) && (vmask & (~INPUTONLY_LEGAL_MASK)))
return BadMatch;
@@ -1050,17 +1046,13 @@ ChangeWindowAttributes(WindowPtr pWin, Mask vmask, XID *vlist, ClientPtr client)
borderRelative = TRUE;
if (pixID == None)
{
- /* can't let untrusted clients have background None windows */
- if (XaceHook(XACE_BACKGRND_ACCESS, client, pWin) == Success) {
- if (pWin->backgroundState == BackgroundPixmap)
- (*pScreen->DestroyPixmap)(pWin->background.pixmap);
- if (!pWin->parent)
- MakeRootTile(pWin);
- else
- pWin->backgroundState = None;
- } else {
- /* didn't change the backgrnd to None, so don't tell ddx */
- index2 = 0;
+ if (pWin->backgroundState == BackgroundPixmap)
+ (*pScreen->DestroyPixmap)(pWin->background.pixmap);
+ if (!pWin->parent)
+ MakeRootTile(pWin);
+ else {
+ pWin->backgroundState = BackgroundPixel;
+ pWin->background.pixel = 0;
}
}
else if (pixID == ParentRelative)
@@ -1083,9 +1075,9 @@ ChangeWindowAttributes(WindowPtr pWin, Mask vmask, XID *vlist, ClientPtr client)
}
else
{
- pPixmap = (PixmapPtr)SecurityLookupIDByType(client, pixID,
- RT_PIXMAP, DixReadAccess);
- if (pPixmap != (PixmapPtr) NULL)
+ rc = dixLookupResource((pointer *)&pPixmap, pixID, RT_PIXMAP,
+ client, DixReadAccess);
+ if (rc == Success)
{
if ((pPixmap->drawable.depth != pWin->drawable.depth) ||
(pPixmap->drawable.pScreen != pScreen))
@@ -1101,7 +1093,7 @@ ChangeWindowAttributes(WindowPtr pWin, Mask vmask, XID *vlist, ClientPtr client)
}
else
{
- error = BadPixmap;
+ error = (rc == BadValue) ? BadPixmap : rc;
client->errorValue = pixID;
goto PatchUp;
}
@@ -1130,42 +1122,40 @@ ChangeWindowAttributes(WindowPtr pWin, Mask vmask, XID *vlist, ClientPtr client)
error = BadMatch;
goto PatchUp;
}
- if (pWin->borderIsPixel == FALSE)
- (*pScreen->DestroyPixmap)(pWin->border.pixmap);
- pWin->border = pWin->parent->border;
- if ((pWin->borderIsPixel = pWin->parent->borderIsPixel) == TRUE)
- {
+ if (pWin->parent->borderIsPixel == TRUE) {
+ if (pWin->borderIsPixel == FALSE)
+ (*pScreen->DestroyPixmap)(pWin->border.pixmap);
+ pWin->border = pWin->parent->border;
+ pWin->borderIsPixel = TRUE;
index2 = CWBorderPixel;
+ break;
}
else
{
- pWin->parent->border.pixmap->refcnt++;
+ pixID = pWin->parent->border.pixmap->drawable.id;
}
}
- else
- {
- pPixmap = (PixmapPtr)SecurityLookupIDByType(client, pixID,
- RT_PIXMAP, DixReadAccess);
- if (pPixmap)
- {
- if ((pPixmap->drawable.depth != pWin->drawable.depth) ||
- (pPixmap->drawable.pScreen != pScreen))
- {
- error = BadMatch;
- goto PatchUp;
- }
- if (pWin->borderIsPixel == FALSE)
- (*pScreen->DestroyPixmap)(pWin->border.pixmap);
- pWin->borderIsPixel = FALSE;
- pWin->border.pixmap = pPixmap;
- pPixmap->refcnt++;
- }
- else
+ rc = dixLookupResource((pointer *)&pPixmap, pixID, RT_PIXMAP,
+ client, DixReadAccess);
+ if (rc == Success)
+ {
+ if ((pPixmap->drawable.depth != pWin->drawable.depth) ||
+ (pPixmap->drawable.pScreen != pScreen))
{
- error = BadPixmap;
- client->errorValue = pixID;
+ error = BadMatch;
goto PatchUp;
}
+ if (pWin->borderIsPixel == FALSE)
+ (*pScreen->DestroyPixmap)(pWin->border.pixmap);
+ pWin->borderIsPixel = FALSE;
+ pWin->border.pixmap = pPixmap;
+ pPixmap->refcnt++;
+ }
+ else
+ {
+ error = (rc == BadValue) ? BadPixmap : rc;
+ client->errorValue = pixID;
+ goto PatchUp;
}
break;
case CWBorderPixel:
@@ -1290,20 +1280,20 @@ ChangeWindowAttributes(WindowPtr pWin, Mask vmask, XID *vlist, ClientPtr client)
#endif /* DO_SAVE_UNDERS */
break;
case CWEventMask:
- result = EventSelectForWindow(pWin, client, (Mask )*pVlist);
- if (result)
+ rc = EventSelectForWindow(pWin, client, (Mask )*pVlist);
+ if (rc)
{
- error = result;
+ error = rc;
goto PatchUp;
}
pVlist++;
break;
case CWDontPropagate:
- result = EventSuppressForWindow(pWin, client, (Mask )*pVlist,
+ rc = EventSuppressForWindow(pWin, client, (Mask )*pVlist,
&checkOptional);
- if (result)
+ if (rc)
{
- error = result;
+ error = rc;
goto PatchUp;
}
pVlist++;
@@ -1317,6 +1307,15 @@ ChangeWindowAttributes(WindowPtr pWin, Mask vmask, XID *vlist, ClientPtr client)
client->errorValue = val;
goto PatchUp;
}
+ if (val == xTrue) {
+ rc = XaceHook(XACE_RESOURCE_ACCESS, client, pWin->drawable.id,
+ RT_WINDOW, DixGrabAccess, pWin);
+ if (rc != Success) {
+ error = rc;
+ client->errorValue = pWin->drawable.id;
+ goto PatchUp;
+ }
+ }
pWin->overrideRedirect = val;
break;
case CWColormap:
@@ -1354,11 +1353,11 @@ ChangeWindowAttributes(WindowPtr pWin, Mask vmask, XID *vlist, ClientPtr client)
error = BadMatch;
goto PatchUp;
}
- pCmap = (ColormapPtr)SecurityLookupIDByType(client, cmap,
- RT_COLORMAP, DixReadAccess);
- if (!pCmap)
+ rc = dixLookupResource((pointer *)&pCmap, cmap, RT_COLORMAP,
+ client, DixUseAccess);
+ if (rc != Success)
{
- error = BadColor;
+ error = (rc == BadValue) ? BadColor : rc;
client->errorValue = cmap;
goto PatchUp;
}
@@ -1430,11 +1429,11 @@ ChangeWindowAttributes(WindowPtr pWin, Mask vmask, XID *vlist, ClientPtr client)
}
else
{
- pCursor = (CursorPtr)SecurityLookupIDByType(client, cursorID,
- RT_CURSOR, DixReadAccess);
- if (!pCursor)
+ rc = dixLookupResource((pointer *)&pCursor, cursorID,
+ RT_CURSOR, client, DixReadAccess);
+ if (rc != Success)
{
- error = BadCursor;
+ error = (rc == BadValue) ? BadCursor : rc;
client->errorValue = cursorID;
goto PatchUp;
}
@@ -2267,7 +2266,7 @@ ConfigureWindow(WindowPtr pWin, Mask mask, XID *vlist, ClientPtr client)
unsigned short w = pWin->drawable.width,
h = pWin->drawable.height,
bw = pWin->borderWidth;
- int action, smode = Above;
+ int rc, action, smode = Above;
#ifdef XAPPGROUP
ClientPtr win_owner;
ClientPtr ag_leader = NULL;
@@ -2328,12 +2327,11 @@ ConfigureWindow(WindowPtr pWin, Mask mask, XID *vlist, ClientPtr client)
case CWSibling:
sibwid = (Window ) *pVlist;
pVlist++;
- pSib = (WindowPtr )SecurityLookupIDByType(client, sibwid,
- RT_WINDOW, DixReadAccess);
- if (!pSib)
+ rc = dixLookupWindow(&pSib, sibwid, client, DixGetAttrAccess);
+ if (rc != Success)
{
client->errorValue = sibwid;
- return(BadWindow);
+ return rc;
}
if (pSib->parent != pParent)
return(BadMatch);
diff --git a/include/window.h b/include/window.h
index 312b75e88..472f37973 100644
--- a/include/window.h
+++ b/include/window.h
@@ -119,7 +119,7 @@ extern int DeleteWindow(
pointer /*pWin*/,
XID /*wid*/);
-extern void DestroySubwindows(
+extern int DestroySubwindows(
WindowPtr /*pWin*/,
ClientPtr /*client*/);