xace: Add a "manage" access check when setting the Redirect event bits.

author: Eamon Walsh <ewalsh@tycho.nsa.gov> 2007-10-25 19:01:29 -0400
committer: Eamon Walsh <ewalsh@moss-charon.epoch.ncsc.mil> 2007-10-25 19:01:29 -0400
commit: 8c6923018c7d71cd15d9cf4ef9e8528ef5ec7c2e (patch)
tree: eb204e7de7e77989890c707fc40f5ba9eb70ace0 /dix/events.c
parent: 7d14ca59c5b942c09feaa2429c394cde9d8d3fd1 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/dix/events.c b/dix/events.c
index 24de94767..e13e290f4 100644
--- a/dix/events.c
+++ b/dix/events.c
@@ -3330,6 +3330,8 @@ ProcessPointerEvent (xEvent *xE, DeviceIntPtr mouse, int count)
 
 #define AtMostOneClient \
 	(SubstructureRedirectMask | ResizeRedirectMask | ButtonPressMask)
+#define ManagerMask \
+	(SubstructureRedirectMask | ResizeRedirectMask)
 
 /**
  * Recalculate which events may be deliverable for the given window.
@@ -3418,12 +3420,20 @@ EventSelectForWindow(WindowPtr pWin, ClientPtr client, Mask mask)
 {
     Mask check;
     OtherClients * others;
+    int rc;
 
     if (mask & ~AllEventMasks)
     {
 	client->errorValue = mask;
 	return BadValue;
     }
+    check = (mask & ManagerMask);
+    if (check) {
+	rc = XaceHook(XACE_RESOURCE_ACCESS, client, pWin->drawable.id,
+		      RT_WINDOW, pWin, RT_NONE, NULL, DixManageAccess);
+	if (rc != Success)
+	    return rc;
+    }
     check = (mask & AtMostOneClient);
     if (check & (pWin->eventMask|wOtherEventMasks(pWin)))
     {				       /* It is illegal for two different
author	Eamon Walsh <ewalsh@tycho.nsa.gov>	2007-10-25 19:01:29 -0400
committer	Eamon Walsh <ewalsh@moss-charon.epoch.ncsc.mil>	2007-10-25 19:01:29 -0400
commit	8c6923018c7d71cd15d9cf4ef9e8528ef5ec7c2e (patch)
tree	eb204e7de7e77989890c707fc40f5ba9eb70ace0 /dix/events.c
parent	7d14ca59c5b942c09feaa2429c394cde9d8d3fd1 (diff)