xace: add hooks + new access codes: Render extension

4 files changed, 94 insertions, 52 deletions

diff --git a/render/animcur.c b/render/animcur.c
index 444d70645..da3d4a02d 100644
--- a/render/animcur.c
+++ b/render/animcur.c
@@ -44,6 +44,7 @@
 #include "dixfontstr.h"
 #include "opaque.h"
 #include "picturestr.h"
+#include "xace.h"
 
 typedef struct _AnimCurElt {
     CursorPtr	pCursor;    /* cursor to show */
@@ -346,10 +347,10 @@ AnimCurInit (ScreenPtr pScreen)
 }
 
 int
-AnimCursorCreate (CursorPtr *cursors, CARD32 *deltas, int ncursor, CursorPtr *ppCursor)
+AnimCursorCreate (CursorPtr *cursors, CARD32 *deltas, int ncursor, CursorPtr *ppCursor, ClientPtr client, XID cid)
 {
     CursorPtr	pCursor;
-    int		i;
+    int		rc, i;
     AnimCurPtr	ac;
 
     for (i = 0; i < screenInfo.numScreens; i++)
@@ -366,7 +367,6 @@ AnimCursorCreate (CursorPtr *cursors, CARD32 *deltas, int ncursor, CursorPtr *pp
     if (!pCursor)
 	return BadAlloc;
     pCursor->bits = &animCursorBits;
-    animCursorBits.refcnt++;
     pCursor->refcnt = 1;
     
     pCursor->foreRed = cursors[0]->foreRed;
@@ -377,9 +377,22 @@ AnimCursorCreate (CursorPtr *cursors, CARD32 *deltas, int ncursor, CursorPtr *pp
     pCursor->backGreen = cursors[0]->backGreen;
     pCursor->backBlue = cursors[0]->backBlue;
 
+    pCursor->devPrivates = NULL;
+    pCursor->id = cid;
+
+    /* security creation/labeling check */
+    rc = XaceHook(XACE_RESOURCE_ACCESS, client, cid, RT_CURSOR,
+		  DixCreateAccess, pCursor);
+    if (rc != Success) {
+	dixFreePrivates(pCursor->devPrivates);
+	xfree(pCursor);
+	return rc;
+    }
+	
     /*
      * Fill in the AnimCurRec
      */
+    animCursorBits.refcnt++;
     ac = GetAnimCur (pCursor);
     ac->nelt = ncursor;
     ac->elts = (AnimCurElt *) (ac + 1);
diff --git a/render/picture.c b/render/picture.c
index bc2c3b526..7b200ee41 100644
--- a/render/picture.c
+++ b/render/picture.c
@@ -40,6 +40,7 @@
 #include "gcstruct.h"
 #include "servermd.h"
 #include "picturestr.h"
+#include "xace.h"
 
 _X_EXPORT DevPrivateKey PictureScreenPrivateKey = &PictureScreenPrivateKey;
 DevPrivateKey	PictureWindowPrivateKey = &PictureWindowPrivateKey;
@@ -724,6 +725,13 @@ CreatePicture (Picture		pid,
     pPicture->pFormat = pFormat;
     pPicture->format = pFormat->format | (pDrawable->bitsPerPixel << 24);
     pPicture->devPrivates = NULL;
+
+    /* security creation/labeling check */
+    *error = XaceHook(XACE_RESOURCE_ACCESS, client, pid, PictureType,
+		      DixCreateAccess|DixSetAttrAccess, pPicture);
+    if (*error != Success)
+	goto out;
+
     if (pDrawable->type == DRAWABLE_PIXMAP)
     {
 	++((PixmapPtr)pDrawable)->refcnt;
@@ -743,6 +751,7 @@ CreatePicture (Picture		pid,
 	*error = Success;
     if (*error == Success)
 	*error = (*ps->CreatePicture) (pPicture);
+out:
     if (*error != Success)
     {
 	FreePicture (pPicture, (XID) 0);
@@ -1060,14 +1069,13 @@ ChangePicture (PicturePtr	pPicture,
 			pAlpha = 0;
 		    else
 		    {
-			pAlpha = (PicturePtr) SecurityLookupIDByType(client,
-								     pid, 
-								     PictureType, 
-								     DixWriteAccess|DixReadAccess);
-			if (!pAlpha)
+			error = dixLookupResource((pointer *)&pAlpha, pid,
+						  PictureType, client,
+						  DixReadAccess);
+			if (error != Success)
 			{
 			    client->errorValue = pid;
-			    error = BadPixmap;
+			    error = (error == BadValue) ? BadPixmap : error;
 			    break;
 			}
 			if (pAlpha->pDrawable == NULL ||
@@ -1122,14 +1130,13 @@ ChangePicture (PicturePtr	pPicture,
 		    else
 		    {
 			clipType = CT_PIXMAP;
-			pPixmap = (PixmapPtr)SecurityLookupIDByType(client,
-								    pid, 
-								    RT_PIXMAP,
-								    DixReadAccess);
-			if (!pPixmap)
+			error = dixLookupResource((pointer *)&pPixmap, pid,
+						  RT_PIXMAP, client,
+						  DixReadAccess);
+			if (error != Success)
 			{
 			    client->errorValue = pid;
-			    error = BadPixmap;
+			    error = (error == BadValue) ? BadPixmap : error;
 			    break;
 			}
 		    }
diff --git a/render/picturestr.h b/render/picturestr.h
index aafe4e80a..fad974168 100644
--- a/render/picturestr.h
+++ b/render/picturestr.h
@@ -630,7 +630,7 @@ Bool
 AnimCurInit (ScreenPtr pScreen);
 
 int
-AnimCursorCreate (CursorPtr *cursors, CARD32 *deltas, int ncursor, CursorPtr *ppCursor);
+AnimCursorCreate (CursorPtr *cursors, CARD32 *deltas, int ncursor, CursorPtr *ppCursor, ClientPtr client, XID cid);
 
 void
 AddTraps (PicturePtr	pPicture,
diff --git a/render/render.c b/render/render.c
index 7b2745758..37d2d620e 100644
--- a/render/render.c
+++ b/render/render.c
@@ -46,6 +46,7 @@
 #include "glyphstr.h"
 #include <X11/Xfuncproto.h>
 #include "cursorstr.h"
+#include "xace.h"
 
 #if HAVE_STDINT_H
 #include <stdint.h>
@@ -623,7 +624,7 @@ ProcRenderCreatePicture (ClientPtr client)
 
     LEGAL_NEW_RESOURCE(stuff->pid, client);
     rc = dixLookupDrawable(&pDrawable, stuff->drawable, client, 0,
-			   DixWriteAccess);
+			   DixReadAccess|DixAddAccess);
     if (rc != Success)
 	return rc;
 
@@ -664,7 +665,7 @@ ProcRenderChangePicture (ClientPtr client)
     int len;
 
     REQUEST_AT_LEAST_SIZE(xRenderChangePictureReq);
-    VERIFY_PICTURE (pPicture, stuff->picture, client, DixWriteAccess,
+    VERIFY_PICTURE (pPicture, stuff->picture, client, DixSetAttrAccess,
 		    RenderErrBase + BadPicture);
 
     len = client->req_len - (sizeof(xRenderChangePictureReq) >> 2);
@@ -684,7 +685,7 @@ ProcRenderSetPictureClipRectangles (ClientPtr client)
     int		    result;
 
     REQUEST_AT_LEAST_SIZE(xRenderSetPictureClipRectanglesReq);
-    VERIFY_PICTURE (pPicture, stuff->picture, client, DixWriteAccess,
+    VERIFY_PICTURE (pPicture, stuff->picture, client, DixSetAttrAccess,
 		    RenderErrBase + BadPicture);
     if (!pPicture->pDrawable)
         return BadDrawable;
@@ -983,7 +984,7 @@ ProcRenderCreateGlyphSet (ClientPtr client)
 {
     GlyphSetPtr	    glyphSet;
     PictFormatPtr   format;
-    int		    f;
+    int		    rc, f;
     REQUEST(xRenderCreateGlyphSetReq);
 
     REQUEST_SIZE_MATCH(xRenderCreateGlyphSetReq);
@@ -1022,6 +1023,11 @@ ProcRenderCreateGlyphSet (ClientPtr client)
     glyphSet = AllocateGlyphSet (f, format);
     if (!glyphSet)
 	return BadAlloc;
+    /* security creation/labeling check */
+    rc = XaceHook(XACE_RESOURCE_ACCESS, client, stuff->gsid, GlyphSetType,
+		  DixCreateAccess, glyphSet);
+    if (rc != Success)
+	return rc;
     if (!AddResource (stuff->gsid, GlyphSetType, (pointer)glyphSet))
 	return BadAlloc;
     return Success;
@@ -1031,20 +1037,19 @@ static int
 ProcRenderReferenceGlyphSet (ClientPtr client)
 {
     GlyphSetPtr     glyphSet;
+    int rc;
     REQUEST(xRenderReferenceGlyphSetReq);
 
     REQUEST_SIZE_MATCH(xRenderReferenceGlyphSetReq);
 
     LEGAL_NEW_RESOURCE(stuff->gsid, client);
 
-    glyphSet = (GlyphSetPtr) SecurityLookupIDByType (client,
-						     stuff->existing,
-						     GlyphSetType,
-						     DixWriteAccess);
-    if (!glyphSet)
+    rc = dixLookupResource((pointer *)&glyphSet, stuff->existing, GlyphSetType,
+			   client, DixGetAttrAccess);
+    if (rc != Success)
     {
 	client->errorValue = stuff->existing;
-	return RenderErrBase + BadGlyphSet;
+	return (rc == BadValue) ? RenderErrBase + BadGlyphSet : rc;
     }
     glyphSet->refcnt++;
     if (!AddResource (stuff->gsid, GlyphSetType, (pointer)glyphSet))
@@ -1059,17 +1064,16 @@ static int
 ProcRenderFreeGlyphSet (ClientPtr client)
 {
     GlyphSetPtr     glyphSet;
+    int rc;
     REQUEST(xRenderFreeGlyphSetReq);
 
     REQUEST_SIZE_MATCH(xRenderFreeGlyphSetReq);
-    glyphSet = (GlyphSetPtr) SecurityLookupIDByType (client,
-						     stuff->glyphset,
-						     GlyphSetType,
-						     DixDestroyAccess);
-    if (!glyphSet)
+    rc = dixLookupResource((pointer *)&glyphSet, stuff->glyphset, GlyphSetType,
+			   client, DixDestroyAccess);
+    if (rc != Success)
     {
 	client->errorValue = stuff->glyphset;
-	return RenderErrBase + BadGlyphSet;
+	return (rc == BadValue) ? RenderErrBase + BadGlyphSet : rc;
     }
     FreeResource (stuff->glyphset, RT_NONE);
     return client->noClientException;
@@ -1093,19 +1097,18 @@ ProcRenderAddGlyphs (ClientPtr client)
     xGlyphInfo	    *gi;
     CARD8	    *bits;
     int		    size;
-    int		    err = BadAlloc;
+    int		    err;
 
     REQUEST_AT_LEAST_SIZE(xRenderAddGlyphsReq);
-    glyphSet = (GlyphSetPtr) SecurityLookupIDByType (client,
-						     stuff->glyphset,
-						     GlyphSetType,
-						     DixWriteAccess);
-    if (!glyphSet)
+    err = dixLookupResource((pointer *)&glyphSet, stuff->glyphset, GlyphSetType,
+			    client, DixAddAccess);
+    if (err != Success)
     {
 	client->errorValue = stuff->glyphset;
-	return RenderErrBase + BadGlyphSet;
+	return (err == BadValue) ? RenderErrBase + BadGlyphSet : err;
     }
 
+    err = BadAlloc;
     nglyphs = stuff->nglyphs;
     if (nglyphs > UINT32_MAX / sizeof(GlyphNewRec))
 	    return BadAlloc;
@@ -1195,19 +1198,17 @@ ProcRenderFreeGlyphs (ClientPtr client)
 {
     REQUEST(xRenderFreeGlyphsReq);
     GlyphSetPtr     glyphSet;
-    int		    nglyph;
+    int		    rc, nglyph;
     CARD32	    *gids;
     CARD32	    glyph;
 
     REQUEST_AT_LEAST_SIZE(xRenderFreeGlyphsReq);
-    glyphSet = (GlyphSetPtr) SecurityLookupIDByType (client,
-						     stuff->glyphset,
-						     GlyphSetType,
-						     DixWriteAccess);
-    if (!glyphSet)
+    rc = dixLookupResource((pointer *)&glyphSet, stuff->glyphset, GlyphSetType,
+			   client, DixRemoveAccess);
+    if (rc != Success)
     {
 	client->errorValue = stuff->glyphset;
-	return RenderErrBase + BadGlyphSet;
+	return (rc == BadValue) ? RenderErrBase + BadGlyphSet : rc;
     }
     nglyph = ((client->req_len << 2) - sizeof (xRenderFreeGlyphsReq)) >> 2;
     gids = (CARD32 *) (stuff + 1);
@@ -1284,7 +1285,7 @@ ProcRenderCompositeGlyphs (ClientPtr client)
     glyphSet = (GlyphSetPtr) SecurityLookupIDByType (client,
 						     stuff->glyphset,
 						     GlyphSetType,
-						     DixReadAccess);
+						     DixUseAccess);
     if (!glyphSet)
     {
 	client->errorValue = stuff->glyphset;
@@ -1346,7 +1347,7 @@ ProcRenderCompositeGlyphs (ClientPtr client)
 		glyphSet = (GlyphSetPtr) SecurityLookupIDByType (client,
 								 gs,
 								 GlyphSetType,
-								 DixReadAccess);
+								 DixUseAccess);
 		if (!glyphSet)
 		{
 		    client->errorValue = gs;
@@ -1679,7 +1680,7 @@ ProcRenderSetPictureTransform (ClientPtr client)
     int		result;
 
     REQUEST_SIZE_MATCH(xRenderSetPictureTransformReq);
-    VERIFY_PICTURE (pPicture, stuff->picture, client, DixWriteAccess,
+    VERIFY_PICTURE (pPicture, stuff->picture, client, DixSetAttrAccess,
 		    RenderErrBase + BadPicture);
     result = SetPictureTransform (pPicture, (PictTransform *) &stuff->transform);
     if (client->noClientException != Success)
@@ -1704,7 +1705,7 @@ ProcRenderQueryFilters (ClientPtr client)
 
     REQUEST_SIZE_MATCH(xRenderQueryFiltersReq);
     rc = dixLookupDrawable(&pDrawable, stuff->drawable, client, 0,
-			   DixReadAccess);
+			   DixGetAttrAccess);
     if (rc != Success)
 	return rc;
     
@@ -1809,7 +1810,7 @@ ProcRenderSetPictureFilter (ClientPtr client)
     char	*name;
     
     REQUEST_AT_LEAST_SIZE (xRenderSetPictureFilterReq);
-    VERIFY_PICTURE (pPicture, stuff->picture, client, DixWriteAccess,
+    VERIFY_PICTURE (pPicture, stuff->picture, client, DixSetAttrAccess,
 		    RenderErrBase + BadPicture);
     name = (char *) (stuff + 1);
     params = (xFixed *) (name + ((stuff->nbytes + 3) & ~3));
@@ -1853,7 +1854,8 @@ ProcRenderCreateAnimCursor (ClientPtr client)
 	deltas[i] = elt->delay;
 	elt++;
     }
-    ret = AnimCursorCreate (cursors, deltas, ncursor, &pCursor);
+    ret = AnimCursorCreate (cursors, deltas, ncursor, &pCursor, client,
+			    stuff->cid);
     xfree (cursors);
     if (ret != Success)
 	return ret;
@@ -1899,6 +1901,11 @@ static int ProcRenderCreateSolidFill(ClientPtr client)
     pPicture = CreateSolidPicture(stuff->pid, &stuff->color, &error);
     if (!pPicture)
 	return error;
+    /* security creation/labeling check */
+    error = XaceHook(XACE_RESOURCE_ACCESS, client, stuff->pid, PictureType,
+		  DixCreateAccess, pPicture);
+    if (error != Success)
+	return error;
     if (!AddResource (stuff->pid, PictureType, (pointer)pPicture))
 	return BadAlloc;
     return Success;
@@ -1928,6 +1935,11 @@ static int ProcRenderCreateLinearGradient (ClientPtr client)
                                             stuff->nStops, stops, colors, &error);
     if (!pPicture)
 	return error;
+    /* security creation/labeling check */
+    error = XaceHook(XACE_RESOURCE_ACCESS, client, stuff->pid, PictureType,
+		  DixCreateAccess, pPicture);
+    if (error != Success)
+	return error;
     if (!AddResource (stuff->pid, PictureType, (pointer)pPicture))
 	return BadAlloc;
     return Success;
@@ -1958,6 +1970,11 @@ static int ProcRenderCreateRadialGradient (ClientPtr client)
                                             stuff->nStops, stops, colors, &error);
     if (!pPicture)
 	return error;
+    /* security creation/labeling check */
+    error = XaceHook(XACE_RESOURCE_ACCESS, client, stuff->pid, PictureType,
+		  DixCreateAccess, pPicture);
+    if (error != Success)
+	return error;
     if (!AddResource (stuff->pid, PictureType, (pointer)pPicture))
 	return BadAlloc;
     return Success;
@@ -1987,6 +2004,11 @@ static int ProcRenderCreateConicalGradient (ClientPtr client)
                                              stuff->nStops, stops, colors, &error);
     if (!pPicture)
 	return error;
+    /* security creation/labeling check */
+    error = XaceHook(XACE_RESOURCE_ACCESS, client, stuff->pid, PictureType,
+		  DixCreateAccess, pPicture);
+    if (error != Success)
+	return error;
     if (!AddResource (stuff->pid, PictureType, (pointer)pPicture))
 	return BadAlloc;
     return Success;