xace: add hooks + new access codes: Render extension

author: Eamon Walsh <ewalsh@tycho.nsa.gov> 2007-08-31 09:55:27 -0400
committer: Eamon Walsh <ewalsh@moss-charon.epoch.ncsc.mil> 2007-08-31 09:55:27 -0400
commit: fd04b983db6a70bf747abe02ca07c1fbbaae6343 (patch)
tree: 977bff3fcfed236e4a2c96179f26028af18e531f /render/render.c
parent: 1005b29cc6939851b40397cc9cd0de9476ad3046 (diff)
1 files changed, 58 insertions, 36 deletions
diff --git a/render/render.c b/render/render.c
index 7b2745758..37d2d620e 100644
--- a/render/render.c
+++ b/render/render.c
@@ -46,6 +46,7 @@
 #include "glyphstr.h"
 #include <X11/Xfuncproto.h>
 #include "cursorstr.h"
+#include "xace.h"
 
 #if HAVE_STDINT_H
 #include <stdint.h>
@@ -623,7 +624,7 @@ ProcRenderCreatePicture (ClientPtr client)
 
     LEGAL_NEW_RESOURCE(stuff->pid, client);
     rc = dixLookupDrawable(&pDrawable, stuff->drawable, client, 0,
-			   DixWriteAccess);
+			   DixReadAccess|DixAddAccess);
     if (rc != Success)
 	return rc;
 
@@ -664,7 +665,7 @@ ProcRenderChangePicture (ClientPtr client)
     int len;
 
     REQUEST_AT_LEAST_SIZE(xRenderChangePictureReq);
-    VERIFY_PICTURE (pPicture, stuff->picture, client, DixWriteAccess,
+    VERIFY_PICTURE (pPicture, stuff->picture, client, DixSetAttrAccess,
 		    RenderErrBase + BadPicture);
 
     len = client->req_len - (sizeof(xRenderChangePictureReq) >> 2);
@@ -684,7 +685,7 @@ ProcRenderSetPictureClipRectangles (ClientPtr client)
     int		    result;
 
     REQUEST_AT_LEAST_SIZE(xRenderSetPictureClipRectanglesReq);
-    VERIFY_PICTURE (pPicture, stuff->picture, client, DixWriteAccess,
+    VERIFY_PICTURE (pPicture, stuff->picture, client, DixSetAttrAccess,
 		    RenderErrBase + BadPicture);
     if (!pPicture->pDrawable)
         return BadDrawable;
@@ -983,7 +984,7 @@ ProcRenderCreateGlyphSet (ClientPtr client)
 {
     GlyphSetPtr	    glyphSet;
     PictFormatPtr   format;
-    int		    f;
+    int		    rc, f;
     REQUEST(xRenderCreateGlyphSetReq);
 
     REQUEST_SIZE_MATCH(xRenderCreateGlyphSetReq);
@@ -1022,6 +1023,11 @@ ProcRenderCreateGlyphSet (ClientPtr client)
     glyphSet = AllocateGlyphSet (f, format);
     if (!glyphSet)
 	return BadAlloc;
+    /* security creation/labeling check */
+    rc = XaceHook(XACE_RESOURCE_ACCESS, client, stuff->gsid, GlyphSetType,
+		  DixCreateAccess, glyphSet);
+    if (rc != Success)
+	return rc;
     if (!AddResource (stuff->gsid, GlyphSetType, (pointer)glyphSet))
 	return BadAlloc;
     return Success;
@@ -1031,20 +1037,19 @@ static int
 ProcRenderReferenceGlyphSet (ClientPtr client)
 {
     GlyphSetPtr     glyphSet;
+    int rc;
     REQUEST(xRenderReferenceGlyphSetReq);
 
     REQUEST_SIZE_MATCH(xRenderReferenceGlyphSetReq);
 
     LEGAL_NEW_RESOURCE(stuff->gsid, client);
 
-    glyphSet = (GlyphSetPtr) SecurityLookupIDByType (client,
-						     stuff->existing,
-						     GlyphSetType,
-						     DixWriteAccess);
-    if (!glyphSet)
+    rc = dixLookupResource((pointer *)&glyphSet, stuff->existing, GlyphSetType,
+			   client, DixGetAttrAccess);
+    if (rc != Success)
     {
 	client->errorValue = stuff->existing;
-	return RenderErrBase + BadGlyphSet;
+	return (rc == BadValue) ? RenderErrBase + BadGlyphSet : rc;
     }
     glyphSet->refcnt++;
     if (!AddResource (stuff->gsid, GlyphSetType, (pointer)glyphSet))
@@ -1059,17 +1064,16 @@ static int
 ProcRenderFreeGlyphSet (ClientPtr client)
 {
     GlyphSetPtr     glyphSet;
+    int rc;
     REQUEST(xRenderFreeGlyphSetReq);
 
     REQUEST_SIZE_MATCH(xRenderFreeGlyphSetReq);
-    glyphSet = (GlyphSetPtr) SecurityLookupIDByType (client,
-						     stuff->glyphset,
-						     GlyphSetType,
-						     DixDestroyAccess);
-    if (!glyphSet)
+    rc = dixLookupResource((pointer *)&glyphSet, stuff->glyphset, GlyphSetType,
+			   client, DixDestroyAccess);
+    if (rc != Success)
     {
 	client->errorValue = stuff->glyphset;
-	return RenderErrBase + BadGlyphSet;
+	return (rc == BadValue) ? RenderErrBase + BadGlyphSet : rc;
     }
     FreeResource (stuff->glyphset, RT_NONE);
     return client->noClientException;
@@ -1093,19 +1097,18 @@ ProcRenderAddGlyphs (ClientPtr client)
     xGlyphInfo	    *gi;
     CARD8	    *bits;
     int		    size;
-    int		    err = BadAlloc;
+    int		    err;
 
     REQUEST_AT_LEAST_SIZE(xRenderAddGlyphsReq);
-    glyphSet = (GlyphSetPtr) SecurityLookupIDByType (client,
-						     stuff->glyphset,
-						     GlyphSetType,
-						     DixWriteAccess);
-    if (!glyphSet)
+    err = dixLookupResource((pointer *)&glyphSet, stuff->glyphset, GlyphSetType,
+			    client, DixAddAccess);
+    if (err != Success)
     {
 	client->errorValue = stuff->glyphset;
-	return RenderErrBase + BadGlyphSet;
+	return (err == BadValue) ? RenderErrBase + BadGlyphSet : err;
     }
 
+    err = BadAlloc;
     nglyphs = stuff->nglyphs;
     if (nglyphs > UINT32_MAX / sizeof(GlyphNewRec))
 	    return BadAlloc;
@@ -1195,19 +1198,17 @@ ProcRenderFreeGlyphs (ClientPtr client)
 {
     REQUEST(xRenderFreeGlyphsReq);
     GlyphSetPtr     glyphSet;
-    int		    nglyph;
+    int		    rc, nglyph;
     CARD32	    *gids;
     CARD32	    glyph;
 
     REQUEST_AT_LEAST_SIZE(xRenderFreeGlyphsReq);
-    glyphSet = (GlyphSetPtr) SecurityLookupIDByType (client,
-						     stuff->glyphset,
-						     GlyphSetType,
-						     DixWriteAccess);
-    if (!glyphSet)
+    rc = dixLookupResource((pointer *)&glyphSet, stuff->glyphset, GlyphSetType,
+			   client, DixRemoveAccess);
+    if (rc != Success)
     {
 	client->errorValue = stuff->glyphset;
-	return RenderErrBase + BadGlyphSet;
+	return (rc == BadValue) ? RenderErrBase + BadGlyphSet : rc;
     }
     nglyph = ((client->req_len << 2) - sizeof (xRenderFreeGlyphsReq)) >> 2;
     gids = (CARD32 *) (stuff + 1);
@@ -1284,7 +1285,7 @@ ProcRenderCompositeGlyphs (ClientPtr client)
     glyphSet = (GlyphSetPtr) SecurityLookupIDByType (client,
 						     stuff->glyphset,
 						     GlyphSetType,
-						     DixReadAccess);
+						     DixUseAccess);
     if (!glyphSet)
     {
 	client->errorValue = stuff->glyphset;
@@ -1346,7 +1347,7 @@ ProcRenderCompositeGlyphs (ClientPtr client)
 		glyphSet = (GlyphSetPtr) SecurityLookupIDByType (client,
 								 gs,
 								 GlyphSetType,
-								 DixReadAccess);
+								 DixUseAccess);
 		if (!glyphSet)
 		{
 		    client->errorValue = gs;
@@ -1679,7 +1680,7 @@ ProcRenderSetPictureTransform (ClientPtr client)
     int		result;
 
     REQUEST_SIZE_MATCH(xRenderSetPictureTransformReq);
-    VERIFY_PICTURE (pPicture, stuff->picture, client, DixWriteAccess,
+    VERIFY_PICTURE (pPicture, stuff->picture, client, DixSetAttrAccess,
 		    RenderErrBase + BadPicture);
     result = SetPictureTransform (pPicture, (PictTransform *) &stuff->transform);
     if (client->noClientException != Success)
@@ -1704,7 +1705,7 @@ ProcRenderQueryFilters (ClientPtr client)
 
     REQUEST_SIZE_MATCH(xRenderQueryFiltersReq);
     rc = dixLookupDrawable(&pDrawable, stuff->drawable, client, 0,
-			   DixReadAccess);
+			   DixGetAttrAccess);
     if (rc != Success)
 	return rc;
     
@@ -1809,7 +1810,7 @@ ProcRenderSetPictureFilter (ClientPtr client)
     char	*name;
     
     REQUEST_AT_LEAST_SIZE (xRenderSetPictureFilterReq);
-    VERIFY_PICTURE (pPicture, stuff->picture, client, DixWriteAccess,
+    VERIFY_PICTURE (pPicture, stuff->picture, client, DixSetAttrAccess,
 		    RenderErrBase + BadPicture);
     name = (char *) (stuff + 1);
     params = (xFixed *) (name + ((stuff->nbytes + 3) & ~3));
@@ -1853,7 +1854,8 @@ ProcRenderCreateAnimCursor (ClientPtr client)
 	deltas[i] = elt->delay;
 	elt++;
     }
-    ret = AnimCursorCreate (cursors, deltas, ncursor, &pCursor);
+    ret = AnimCursorCreate (cursors, deltas, ncursor, &pCursor, client,
+			    stuff->cid);
     xfree (cursors);
     if (ret != Success)
 	return ret;
@@ -1899,6 +1901,11 @@ static int ProcRenderCreateSolidFill(ClientPtr client)
     pPicture = CreateSolidPicture(stuff->pid, &stuff->color, &error);
     if (!pPicture)
 	return error;
+    /* security creation/labeling check */
+    error = XaceHook(XACE_RESOURCE_ACCESS, client, stuff->pid, PictureType,
+		  DixCreateAccess, pPicture);
+    if (error != Success)
+	return error;
     if (!AddResource (stuff->pid, PictureType, (pointer)pPicture))
 	return BadAlloc;
     return Success;
@@ -1928,6 +1935,11 @@ static int ProcRenderCreateLinearGradient (ClientPtr client)
                                             stuff->nStops, stops, colors, &error);
     if (!pPicture)
 	return error;
+    /* security creation/labeling check */
+    error = XaceHook(XACE_RESOURCE_ACCESS, client, stuff->pid, PictureType,
+		  DixCreateAccess, pPicture);
+    if (error != Success)
+	return error;
     if (!AddResource (stuff->pid, PictureType, (pointer)pPicture))
 	return BadAlloc;
     return Success;
@@ -1958,6 +1970,11 @@ static int ProcRenderCreateRadialGradient (ClientPtr client)
                                             stuff->nStops, stops, colors, &error);
     if (!pPicture)
 	return error;
+    /* security creation/labeling check */
+    error = XaceHook(XACE_RESOURCE_ACCESS, client, stuff->pid, PictureType,
+		  DixCreateAccess, pPicture);
+    if (error != Success)
+	return error;
     if (!AddResource (stuff->pid, PictureType, (pointer)pPicture))
 	return BadAlloc;
     return Success;
@@ -1987,6 +2004,11 @@ static int ProcRenderCreateConicalGradient (ClientPtr client)
                                              stuff->nStops, stops, colors, &error);
     if (!pPicture)
 	return error;
+    /* security creation/labeling check */
+    error = XaceHook(XACE_RESOURCE_ACCESS, client, stuff->pid, PictureType,
+		  DixCreateAccess, pPicture);
+    if (error != Success)
+	return error;
     if (!AddResource (stuff->pid, PictureType, (pointer)pPicture))
 	return BadAlloc;
     return Success;
author	Eamon Walsh <ewalsh@tycho.nsa.gov>	2007-08-31 09:55:27 -0400
committer	Eamon Walsh <ewalsh@moss-charon.epoch.ncsc.mil>	2007-08-31 09:55:27 -0400
commit	fd04b983db6a70bf747abe02ca07c1fbbaae6343 (patch)
tree	977bff3fcfed236e4a2c96179f26028af18e531f /render/render.c
parent	1005b29cc6939851b40397cc9cd0de9476ad3046 (diff)