xace: drop background-none checking hook, add new hook for controlling

access to other clients.
author: Eamon Walsh <ewalsh@tycho.nsa.gov> 2007-08-16 10:44:51 -0400
committer: Eamon Walsh <ewalsh@moss-charon.epoch.ncsc.mil> 2007-08-16 10:44:51 -0400
commit: 5bee8db003a5d552ee1d85bb6c40a3cb93bd6b2b (patch)
tree: d0f767f17e637c9e42d7985ce1b896931bdc33f4
parent: b82557c9fb60f11fd2696c8fb2ae17b9dfd915ed (diff)
5 files changed, 21 insertions, 25 deletions
diff --git a/Xext/security.c b/Xext/security.c
index 0059245c1..bf414a50f 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -1197,16 +1197,6 @@ SecurityCheckMapAccess(CallbackListPtr *pcbl, pointer unused,
 }
 
 static void
-SecurityCheckBackgrndAccess(CallbackListPtr *pcbl, pointer unused,
-			    pointer calldata)
-{
-    XaceMapAccessRec *rec = (XaceMapAccessRec*)calldata;
-
-    if (TRUSTLEVEL(rec->client) != XSecurityClientTrusted)
-	rec->status = BadAccess;
-}
-
-static void
 SecurityCheckExtAccess(CallbackListPtr *pcbl, pointer unused,
 		       pointer calldata)
 {
@@ -1848,7 +1838,6 @@ SecurityExtensionInit(INITARGS)
     XaceRC(XACE_PROPERTY_ACCESS, SecurityCheckPropertyAccess, NULL);
     XaceRC(XACE_DRAWABLE_ACCESS, SecurityCheckDrawableAccess, NULL);
     XaceRC(XACE_MAP_ACCESS, SecurityCheckMapAccess, NULL);
-    XaceRC(XACE_BACKGRND_ACCESS, SecurityCheckBackgrndAccess, NULL);
     XaceRC(XACE_EXT_DISPATCH, SecurityCheckExtAccess, NULL);
     XaceRC(XACE_EXT_ACCESS, SecurityCheckExtAccess, NULL);
     XaceRC(XACE_SERVER_ACCESS, SecurityCheckServerAccess, NULL);
diff --git a/Xext/xace.c b/Xext/xace.c
index de1887f31..54e910f82 100644
--- a/Xext/xace.c
+++ b/Xext/xace.c
@@ -113,8 +113,7 @@ int XaceHook(int hook, ...)
 	    prv = &rec.status;
 	    break;
 	}
-	case XACE_MAP_ACCESS:
-	case XACE_BACKGRND_ACCESS: {
+	case XACE_MAP_ACCESS: {
 	    XaceMapAccessRec rec = {
 		va_arg(ap, ClientPtr),
 		va_arg(ap, WindowPtr),
@@ -124,6 +123,17 @@ int XaceHook(int hook, ...)
 	    prv = &rec.status;
 	    break;
 	}
+	case XACE_CLIENT_ACCESS: {
+	    XaceClientAccessRec rec = {
+		va_arg(ap, ClientPtr),
+		va_arg(ap, ClientPtr),
+		va_arg(ap, Mask),
+		Success /* default allow */
+	    };
+	    calldata = &rec;
+	    prv = &rec.status;
+	    break;
+	}
 	case XACE_EXT_DISPATCH:
 	case XACE_EXT_ACCESS: {
 	    XaceExtAccessRec rec = {
diff --git a/Xext/xace.h b/Xext/xace.h
index f7ff205cc..f1a6e9d8c 100644
--- a/Xext/xace.h
+++ b/Xext/xace.h
@@ -47,7 +47,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #define XACE_PROPERTY_ACCESS		4
 #define XACE_DRAWABLE_ACCESS		5
 #define XACE_MAP_ACCESS			6
-#define XACE_BACKGRND_ACCESS		7
+#define XACE_CLIENT_ACCESS		7
 #define XACE_EXT_ACCESS			8
 #define XACE_SERVER_ACCESS		9
 #define XACE_SELECTION_ACCESS		10
diff --git a/Xext/xacestr.h b/Xext/xacestr.h
index e4db3a12c..10c625b18 100644
--- a/Xext/xacestr.h
+++ b/Xext/xacestr.h
@@ -71,13 +71,20 @@ typedef struct {
 } XaceDrawableAccessRec;
 
 /* XACE_MAP_ACCESS */
-/* XACE_BACKGRND_ACCESS */
 typedef struct {
     ClientPtr client;
     WindowPtr pWin;
     int status;
 } XaceMapAccessRec;
 
+/* XACE_CLIENT_ACCESS */
+typedef struct {
+    ClientPtr client;
+    ClientPtr target;
+    Mask access_mode;
+    int status;
+} XaceClientAccessRec;
+
 /* XACE_EXT_DISPATCH */
 /* XACE_EXT_ACCESS */
 typedef struct {
diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index 9cb2f326b..1ffd79d79 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -1157,15 +1157,6 @@ XSELinuxMap(CallbackListPtr *pcbl, pointer unused, pointer calldata)
 } /* XSELinuxMap */
 
 static void
-XSELinuxBackgrnd(CallbackListPtr *pcbl, pointer unused, pointer calldata)
-{
-    XaceMapAccessRec *rec = (XaceMapAccessRec*)calldata;
-    if (IDPerm(rec->client, rec->pWin->drawable.id,
-               SECCLASS_WINDOW, WINDOW__TRANSPARENT) != Success)
-	rec->status = BadAccess;
-} /* XSELinuxBackgrnd */
-
-static void
 XSELinuxDrawable(CallbackListPtr *pcbl, pointer unused, pointer calldata)
 {
     XaceDrawableAccessRec *rec = (XaceDrawableAccessRec*)calldata;
@@ -1398,7 +1389,6 @@ XSELinuxExtensionInit(INITARGS)
     XaceRegisterCallback(XACE_RESOURCE_ACCESS, XSELinuxResLookup, NULL);
     XaceRegisterCallback(XACE_MAP_ACCESS, XSELinuxMap, NULL);
     XaceRegisterCallback(XACE_SERVER_ACCESS, XSELinuxServer, NULL);
-    XaceRegisterCallback(XACE_BACKGRND_ACCESS, XSELinuxBackgrnd, NULL);
     XaceRegisterCallback(XACE_DRAWABLE_ACCESS, XSELinuxDrawable, NULL);
     XaceRegisterCallback(XACE_PROPERTY_ACCESS, XSELinuxProperty, NULL);
     /* XaceRegisterCallback(XACE_DECLARE_EXT_SECURE, XSELinuxDeclare, NULL);
author	Eamon Walsh <ewalsh@tycho.nsa.gov>	2007-08-16 10:44:51 -0400
committer	Eamon Walsh <ewalsh@moss-charon.epoch.ncsc.mil>	2007-08-16 10:44:51 -0400
commit	5bee8db003a5d552ee1d85bb6c40a3cb93bd6b2b (patch)
tree	d0f767f17e637c9e42d7985ce1b896931bdc33f4
parent	b82557c9fb60f11fd2696c8fb2ae17b9dfd915ed (diff)