diff options
author | Eamon Walsh <ewalsh@tycho.nsa.gov> | 2007-10-24 19:59:58 -0400 |
---|---|---|
committer | Eamon Walsh <ewalsh@moss-charon.epoch.ncsc.mil> | 2007-10-24 19:59:58 -0400 |
commit | 4b05f19cb9e42d8c8eff5ca4e463f5bc2a05433d (patch) | |
tree | 3396bac61002bd8ce25b390fd0653af225a1d8e3 /Xext | |
parent | 0d2ef187e77b12713d2a9661932fa01dba58a945 (diff) |
xselinux: Introduce a type transition when labeling events.
Diffstat (limited to 'Xext')
-rw-r--r-- | Xext/xselinux.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/Xext/xselinux.c b/Xext/xselinux.c index 83610119a..cb62cb941 100644 --- a/Xext/xselinux.c +++ b/Xext/xselinux.c @@ -194,7 +194,8 @@ SELinuxSelectionToSID(Atom selection, SELinuxStateRec *sid_return) * Looks up the SID corresponding to the given event type */ static int -SELinuxEventToSID(unsigned type, SELinuxStateRec *sid_return) +SELinuxEventToSID(unsigned type, security_id_t sid_of_window, + SELinuxStateRec *sid_return) { const char *name = LookupEventName(type); security_context_t con; @@ -212,7 +213,7 @@ SELinuxEventToSID(unsigned type, SELinuxStateRec *sid_return) } if (!knownEvents[type]) { - /* Look in the mappings of property names to contexts */ + /* Look in the mappings of event names to contexts */ if (selabel_lookup(label_hnd, &con, name, SELABEL_X_EVENT) < 0) { ErrorF("XSELinux: an event label lookup failed!\n"); return BadValue; @@ -225,7 +226,13 @@ SELinuxEventToSID(unsigned type, SELinuxStateRec *sid_return) freecon(con); } - sid_return->sid = knownEvents[type]; + /* Perform a transition to obtain the final SID */ + if (avc_compute_create(sid_of_window, knownEvents[type], SECCLASS_X_EVENT, + &sid_return->sid) < 0) { + ErrorF("XSELinux: a compute_create call failed!\n"); + return BadValue; + } + return Success; } @@ -522,7 +529,7 @@ SELinuxSend(CallbackListPtr *pcbl, pointer unused, pointer calldata) for (i = 0; i < rec->count; i++) { SELinuxStateRec ev_sid; - rc = SELinuxEventToSID(rec->events[i].u.u.type, &ev_sid); + rc = SELinuxEventToSID(rec->events[i].u.u.type, obj->sid, &ev_sid); if (rc != Success) goto err; @@ -558,7 +565,7 @@ SELinuxReceive(CallbackListPtr *pcbl, pointer unused, pointer calldata) for (i = 0; i < rec->count; i++) { SELinuxStateRec ev_sid; - rc = SELinuxEventToSID(rec->events[i].u.u.type, &ev_sid); + rc = SELinuxEventToSID(rec->events[i].u.u.type, obj->sid, &ev_sid); if (rc != Success) goto err; |