diff options
author | Eamon Walsh <ewalsh@tycho.nsa.gov> | 2007-08-13 13:40:47 -0400 |
---|---|---|
committer | Eamon Walsh <ewalsh@moss-charon.epoch.ncsc.mil> | 2007-08-13 13:44:33 -0400 |
commit | 2763056ab5ae31bed422a0948198d98c6ace6d55 (patch) | |
tree | 9a33e4507fb823a6d9ec55eefdcae27d32a72642 | |
parent | d744df32a15103aa14237175f506350d25b2fec0 (diff) |
xace: add hooks + new access codes: core protocol window requests
-rw-r--r-- | dix/dispatch.c | 53 | ||||
-rw-r--r-- | dix/window.c | 162 | ||||
-rw-r--r-- | include/window.h | 2 |
3 files changed, 112 insertions, 105 deletions
diff --git a/dix/dispatch.c b/dix/dispatch.c index 83d761ba1..1c40e2fcb 100644 --- a/dix/dispatch.c +++ b/dix/dispatch.c @@ -556,12 +556,12 @@ ProcCreateWindow(ClientPtr client) { WindowPtr pParent, pWin; REQUEST(xCreateWindowReq); - int result, len, rc; + int len, rc; REQUEST_AT_LEAST_SIZE(xCreateWindowReq); LEGAL_NEW_RESOURCE(stuff->wid, client); - rc = dixLookupWindow(&pParent, stuff->parent, client, DixWriteAccess); + rc = dixLookupWindow(&pParent, stuff->parent, client, DixAddAccess); if (rc != Success) return rc; len = client->req_len - (sizeof(xCreateWindowReq) >> 2); @@ -577,7 +577,7 @@ ProcCreateWindow(ClientPtr client) stuff->borderWidth, stuff->class, stuff->mask, (XID *) &stuff[1], (int)stuff->depth, - client, stuff->visual, &result); + client, stuff->visual, &rc); if (pWin) { Mask mask = pWin->eventMask; @@ -590,7 +590,7 @@ ProcCreateWindow(ClientPtr client) if (client->noClientException != Success) return(client->noClientException); else - return(result); + return rc; } int @@ -602,7 +602,7 @@ ProcChangeWindowAttributes(ClientPtr client) int len, rc; REQUEST_AT_LEAST_SIZE(xChangeWindowAttributesReq); - rc = dixLookupWindow(&pWin, stuff->window, client, DixWriteAccess); + rc = dixLookupWindow(&pWin, stuff->window, client, DixSetAttrAccess); if (rc != Success) return rc; len = client->req_len - (sizeof(xChangeWindowAttributesReq) >> 2); @@ -627,7 +627,7 @@ ProcGetWindowAttributes(ClientPtr client) int rc; REQUEST_SIZE_MATCH(xResourceReq); - rc = dixLookupWindow(&pWin, stuff->id, client, DixReadAccess); + rc = dixLookupWindow(&pWin, stuff->id, client, DixGetAttrAccess); if (rc != Success) return rc; GetWindowAttributes(pWin, client, &wa); @@ -646,8 +646,13 @@ ProcDestroyWindow(ClientPtr client) rc = dixLookupWindow(&pWin, stuff->id, client, DixDestroyAccess); if (rc != Success) return rc; - if (pWin->parent) + if (pWin->parent) { + rc = dixLookupWindow(&pWin, pWin->parent->drawable.id, client, + DixRemoveAccess); + if (rc != Success) + return rc; FreeResource(stuff->id, RT_NONE); + } return(client->noClientException); } @@ -659,7 +664,7 @@ ProcDestroySubwindows(ClientPtr client) int rc; REQUEST_SIZE_MATCH(xResourceReq); - rc = dixLookupWindow(&pWin, stuff->id, client, DixDestroyAccess); + rc = dixLookupWindow(&pWin, stuff->id, client, DixRemoveAccess); if (rc != Success) return rc; DestroySubwindows(pWin, client); @@ -674,7 +679,7 @@ ProcChangeSaveSet(ClientPtr client) int result, rc; REQUEST_SIZE_MATCH(xChangeSaveSetReq); - rc = dixLookupWindow(&pWin, stuff->window, client, DixReadAccess); + rc = dixLookupWindow(&pWin, stuff->window, client, DixManageAccess); if (rc != Success) return rc; if (client->clientAsMask == (CLIENT_BITS(pWin->drawable.id))) @@ -702,10 +707,10 @@ ProcReparentWindow(ClientPtr client) int result, rc; REQUEST_SIZE_MATCH(xReparentWindowReq); - rc = dixLookupWindow(&pWin, stuff->window, client, DixWriteAccess); + rc = dixLookupWindow(&pWin, stuff->window, client, DixManageAccess); if (rc != Success) return rc; - rc = dixLookupWindow(&pParent, stuff->parent, client, DixWriteAccess); + rc = dixLookupWindow(&pParent, stuff->parent, client, DixAddAccess); if (rc != Success) return rc; if (SAME_SCREENS(pWin->drawable, pParent->drawable)) @@ -735,7 +740,7 @@ ProcMapWindow(ClientPtr client) int rc; REQUEST_SIZE_MATCH(xResourceReq); - rc = dixLookupWindow(&pWin, stuff->id, client, DixReadAccess); + rc = dixLookupWindow(&pWin, stuff->id, client, DixShowAccess); if (rc != Success) return rc; MapWindow(pWin, client); @@ -751,7 +756,7 @@ ProcMapSubwindows(ClientPtr client) int rc; REQUEST_SIZE_MATCH(xResourceReq); - rc = dixLookupWindow(&pWin, stuff->id, client, DixReadAccess); + rc = dixLookupWindow(&pWin, stuff->id, client, DixListAccess); if (rc != Success) return rc; MapSubwindows(pWin, client); @@ -767,7 +772,7 @@ ProcUnmapWindow(ClientPtr client) int rc; REQUEST_SIZE_MATCH(xResourceReq); - rc = dixLookupWindow(&pWin, stuff->id, client, DixReadAccess); + rc = dixLookupWindow(&pWin, stuff->id, client, DixHideAccess); if (rc != Success) return rc; UnmapWindow(pWin, FALSE); @@ -783,7 +788,7 @@ ProcUnmapSubwindows(ClientPtr client) int rc; REQUEST_SIZE_MATCH(xResourceReq); - rc = dixLookupWindow(&pWin, stuff->id, client, DixReadAccess); + rc = dixLookupWindow(&pWin, stuff->id, client, DixListAccess); if (rc != Success) return rc; UnmapSubwindows(pWin); @@ -799,7 +804,8 @@ ProcConfigureWindow(ClientPtr client) int len, rc; REQUEST_AT_LEAST_SIZE(xConfigureWindowReq); - rc = dixLookupWindow(&pWin, stuff->window, client, DixWriteAccess); + rc = dixLookupWindow(&pWin, stuff->window, client, + DixManageAccess|DixSetAttrAccess); if (rc != Success) return rc; len = client->req_len - (sizeof(xConfigureWindowReq) >> 2); @@ -827,7 +833,7 @@ ProcCirculateWindow(ClientPtr client) client->errorValue = stuff->direction; return BadValue; } - rc = dixLookupWindow(&pWin, stuff->window, client, DixWriteAccess); + rc = dixLookupWindow(&pWin, stuff->window, client, DixManageAccess); if (rc != Success) return rc; CirculateWindow(pWin, (int)stuff->direction, client); @@ -842,7 +848,7 @@ GetGeometry(ClientPtr client, xGetGeometryReply *rep) REQUEST(xResourceReq); REQUEST_SIZE_MATCH(xResourceReq); - rc = dixLookupDrawable(&pDraw, stuff->id, client, M_ANY, DixReadAccess); + rc = dixLookupDrawable(&pDraw, stuff->id, client, M_ANY, DixGetAttrAccess); if (rc != Success) return rc; @@ -903,7 +909,7 @@ ProcQueryTree(ClientPtr client) REQUEST(xResourceReq); REQUEST_SIZE_MATCH(xResourceReq); - rc = dixLookupWindow(&pWin, stuff->id, client, DixReadAccess); + rc = dixLookupWindow(&pWin, stuff->id, client, DixListAccess); if (rc != Success) return rc; reply.type = X_Reply; @@ -1260,10 +1266,10 @@ ProcTranslateCoords(ClientPtr client) int rc; REQUEST_SIZE_MATCH(xTranslateCoordsReq); - rc = dixLookupWindow(&pWin, stuff->srcWid, client, DixReadAccess); + rc = dixLookupWindow(&pWin, stuff->srcWid, client, DixGetAttrAccess); if (rc != Success) return rc; - rc = dixLookupWindow(&pDst, stuff->dstWid, client, DixReadAccess); + rc = dixLookupWindow(&pDst, stuff->dstWid, client, DixGetAttrAccess); if (rc != Success) return rc; rep.type = X_Reply; @@ -3233,12 +3239,15 @@ ProcQueryBestSize (ClientPtr client) } rc = dixLookupDrawable(&pDraw, stuff->drawable, client, M_ANY, - DixReadAccess); + DixGetAttrAccess); if (rc != Success) return rc; if (stuff->class != CursorShape && pDraw->type == UNDRAWABLE_WINDOW) return (BadMatch); pScreen = pDraw->pScreen; + rc = XaceHook(XACE_SCREEN_ACCESS, client, pScreen, DixGetAttrAccess); + if (rc != Success) + return rc; (* pScreen->QueryBestSize)(stuff->class, &stuff->width, &stuff->height, pScreen); reply.type = X_Reply; diff --git a/dix/window.c b/dix/window.c index 2f151b09c..3addc73cd 100644 --- a/dix/window.c +++ b/dix/window.c @@ -733,20 +733,14 @@ CreateWindow(Window wid, WindowPtr pParent, int x, int y, unsigned w, /* security creation/labeling check */ *error = XaceHook(XACE_RESOURCE_ACCESS, client, wid, RT_WINDOW, - DixCreateAccess, pWin); + DixCreateAccess|DixSetAttrAccess, pWin); if (*error != Success) { xfree(pWin); return NullWindow; } - /* can't let untrusted clients have background None windows; - * they make it too easy to steal window contents - */ - if (XaceHook(XACE_BACKGRND_ACCESS, client, pWin) == Success) - pWin->backgroundState = None; - else { - pWin->backgroundState = BackgroundPixel; - pWin->background.pixel = 0; - } + + pWin->backgroundState = BackgroundPixel; + pWin->background.pixel = 0; pWin->borderIsPixel = pParent->borderIsPixel; pWin->border = pParent->border; @@ -980,7 +974,7 @@ DeleteWindow(pointer value, XID wid) return Success; } -void +int DestroySubwindows(WindowPtr pWin, ClientPtr client) { /* XXX @@ -992,8 +986,15 @@ DestroySubwindows(WindowPtr pWin, ClientPtr client) * If you care, simply delete the call to UnmapSubwindows. */ UnmapSubwindows(pWin); - while (pWin->lastChild) + while (pWin->lastChild) { + int rc = XaceHook(XACE_RESOURCE_ACCESS, client, + pWin->lastChild->drawable.id, RT_WINDOW, + DixDestroyAccess, pWin->lastChild); + if (rc != Success) + return rc; FreeResource(pWin->lastChild->drawable.id, RT_NONE); + } + return Success; } #define DeviceEventMasks (KeyPressMask | KeyReleaseMask | ButtonPressMask | \ @@ -1010,25 +1011,20 @@ DestroySubwindows(WindowPtr pWin, ClientPtr client) _X_EXPORT int ChangeWindowAttributes(WindowPtr pWin, Mask vmask, XID *vlist, ClientPtr client) { - Mask index2; XID *pVlist; PixmapPtr pPixmap; Pixmap pixID; CursorPtr pCursor, pOldCursor; Cursor cursorID; - WindowPtr pChild; + WindowPtr pChild, pLayerWin; Colormap cmap; ColormapPtr pCmap; xEvent xE; - int result; + int error, rc; ScreenPtr pScreen; - Mask vmaskCopy = 0; - Mask tmask; + Mask index2, tmask, vmaskCopy = 0; unsigned int val; - int error; - Bool checkOptional = FALSE; - Bool borderRelative = FALSE; - WindowPtr pLayerWin; + Bool checkOptional = FALSE, borderRelative = FALSE; if ((pWin->drawable.class == InputOnly) && (vmask & (~INPUTONLY_LEGAL_MASK))) return BadMatch; @@ -1050,17 +1046,13 @@ ChangeWindowAttributes(WindowPtr pWin, Mask vmask, XID *vlist, ClientPtr client) borderRelative = TRUE; if (pixID == None) { - /* can't let untrusted clients have background None windows */ - if (XaceHook(XACE_BACKGRND_ACCESS, client, pWin) == Success) { - if (pWin->backgroundState == BackgroundPixmap) - (*pScreen->DestroyPixmap)(pWin->background.pixmap); - if (!pWin->parent) - MakeRootTile(pWin); - else - pWin->backgroundState = None; - } else { - /* didn't change the backgrnd to None, so don't tell ddx */ - index2 = 0; + if (pWin->backgroundState == BackgroundPixmap) + (*pScreen->DestroyPixmap)(pWin->background.pixmap); + if (!pWin->parent) + MakeRootTile(pWin); + else { + pWin->backgroundState = BackgroundPixel; + pWin->background.pixel = 0; } } else if (pixID == ParentRelative) @@ -1083,9 +1075,9 @@ ChangeWindowAttributes(WindowPtr pWin, Mask vmask, XID *vlist, ClientPtr client) } else { - pPixmap = (PixmapPtr)SecurityLookupIDByType(client, pixID, - RT_PIXMAP, DixReadAccess); - if (pPixmap != (PixmapPtr) NULL) + rc = dixLookupResource((pointer *)&pPixmap, pixID, RT_PIXMAP, + client, DixReadAccess); + if (rc == Success) { if ((pPixmap->drawable.depth != pWin->drawable.depth) || (pPixmap->drawable.pScreen != pScreen)) @@ -1101,7 +1093,7 @@ ChangeWindowAttributes(WindowPtr pWin, Mask vmask, XID *vlist, ClientPtr client) } else { - error = BadPixmap; + error = (rc == BadValue) ? BadPixmap : rc; client->errorValue = pixID; goto PatchUp; } @@ -1130,42 +1122,40 @@ ChangeWindowAttributes(WindowPtr pWin, Mask vmask, XID *vlist, ClientPtr client) error = BadMatch; goto PatchUp; } - if (pWin->borderIsPixel == FALSE) - (*pScreen->DestroyPixmap)(pWin->border.pixmap); - pWin->border = pWin->parent->border; - if ((pWin->borderIsPixel = pWin->parent->borderIsPixel) == TRUE) - { + if (pWin->parent->borderIsPixel == TRUE) { + if (pWin->borderIsPixel == FALSE) + (*pScreen->DestroyPixmap)(pWin->border.pixmap); + pWin->border = pWin->parent->border; + pWin->borderIsPixel = TRUE; index2 = CWBorderPixel; + break; } else { - pWin->parent->border.pixmap->refcnt++; + pixID = pWin->parent->border.pixmap->drawable.id; } } - else - { - pPixmap = (PixmapPtr)SecurityLookupIDByType(client, pixID, - RT_PIXMAP, DixReadAccess); - if (pPixmap) - { - if ((pPixmap->drawable.depth != pWin->drawable.depth) || - (pPixmap->drawable.pScreen != pScreen)) - { - error = BadMatch; - goto PatchUp; - } - if (pWin->borderIsPixel == FALSE) - (*pScreen->DestroyPixmap)(pWin->border.pixmap); - pWin->borderIsPixel = FALSE; - pWin->border.pixmap = pPixmap; - pPixmap->refcnt++; - } - else + rc = dixLookupResource((pointer *)&pPixmap, pixID, RT_PIXMAP, + client, DixReadAccess); + if (rc == Success) + { + if ((pPixmap->drawable.depth != pWin->drawable.depth) || + (pPixmap->drawable.pScreen != pScreen)) { - error = BadPixmap; - client->errorValue = pixID; + error = BadMatch; goto PatchUp; } + if (pWin->borderIsPixel == FALSE) + (*pScreen->DestroyPixmap)(pWin->border.pixmap); + pWin->borderIsPixel = FALSE; + pWin->border.pixmap = pPixmap; + pPixmap->refcnt++; + } + else + { + error = (rc == BadValue) ? BadPixmap : rc; + client->errorValue = pixID; + goto PatchUp; } break; case CWBorderPixel: @@ -1290,20 +1280,20 @@ ChangeWindowAttributes(WindowPtr pWin, Mask vmask, XID *vlist, ClientPtr client) #endif /* DO_SAVE_UNDERS */ break; case CWEventMask: - result = EventSelectForWindow(pWin, client, (Mask )*pVlist); - if (result) + rc = EventSelectForWindow(pWin, client, (Mask )*pVlist); + if (rc) { - error = result; + error = rc; goto PatchUp; } pVlist++; break; case CWDontPropagate: - result = EventSuppressForWindow(pWin, client, (Mask )*pVlist, + rc = EventSuppressForWindow(pWin, client, (Mask )*pVlist, &checkOptional); - if (result) + if (rc) { - error = result; + error = rc; goto PatchUp; } pVlist++; @@ -1317,6 +1307,15 @@ ChangeWindowAttributes(WindowPtr pWin, Mask vmask, XID *vlist, ClientPtr client) client->errorValue = val; goto PatchUp; } + if (val == xTrue) { + rc = XaceHook(XACE_RESOURCE_ACCESS, client, pWin->drawable.id, + RT_WINDOW, DixGrabAccess, pWin); + if (rc != Success) { + error = rc; + client->errorValue = pWin->drawable.id; + goto PatchUp; + } + } pWin->overrideRedirect = val; break; case CWColormap: @@ -1354,11 +1353,11 @@ ChangeWindowAttributes(WindowPtr pWin, Mask vmask, XID *vlist, ClientPtr client) error = BadMatch; goto PatchUp; } - pCmap = (ColormapPtr)SecurityLookupIDByType(client, cmap, - RT_COLORMAP, DixReadAccess); - if (!pCmap) + rc = dixLookupResource((pointer *)&pCmap, cmap, RT_COLORMAP, + client, DixUseAccess); + if (rc != Success) { - error = BadColor; + error = (rc == BadValue) ? BadColor : rc; client->errorValue = cmap; goto PatchUp; } @@ -1430,11 +1429,11 @@ ChangeWindowAttributes(WindowPtr pWin, Mask vmask, XID *vlist, ClientPtr client) } else { - pCursor = (CursorPtr)SecurityLookupIDByType(client, cursorID, - RT_CURSOR, DixReadAccess); - if (!pCursor) + rc = dixLookupResource((pointer *)&pCursor, cursorID, + RT_CURSOR, client, DixReadAccess); + if (rc != Success) { - error = BadCursor; + error = (rc == BadValue) ? BadCursor : rc; client->errorValue = cursorID; goto PatchUp; } @@ -2267,7 +2266,7 @@ ConfigureWindow(WindowPtr pWin, Mask mask, XID *vlist, ClientPtr client) unsigned short w = pWin->drawable.width, h = pWin->drawable.height, bw = pWin->borderWidth; - int action, smode = Above; + int rc, action, smode = Above; #ifdef XAPPGROUP ClientPtr win_owner; ClientPtr ag_leader = NULL; @@ -2328,12 +2327,11 @@ ConfigureWindow(WindowPtr pWin, Mask mask, XID *vlist, ClientPtr client) case CWSibling: sibwid = (Window ) *pVlist; pVlist++; - pSib = (WindowPtr )SecurityLookupIDByType(client, sibwid, - RT_WINDOW, DixReadAccess); - if (!pSib) + rc = dixLookupWindow(&pSib, sibwid, client, DixGetAttrAccess); + if (rc != Success) { client->errorValue = sibwid; - return(BadWindow); + return rc; } if (pSib->parent != pParent) return(BadMatch); diff --git a/include/window.h b/include/window.h index 312b75e88..472f37973 100644 --- a/include/window.h +++ b/include/window.h @@ -119,7 +119,7 @@ extern int DeleteWindow( pointer /*pWin*/, XID /*wid*/); -extern void DestroySubwindows( +extern int DestroySubwindows( WindowPtr /*pWin*/, ClientPtr /*client*/); |