Replace XC-SECURITY code with XACE security hooks

(cherry picked from 8526cd6395490b03b279f1962df777fb0e4a9878 commit)
author: Eamon Walsh <ewalsh@epoch.ncsc.mil> 2004-05-05 20:04:52 +0000
committer: Alan Coopersmith <alanc@alf.(none)> 2006-06-19 17:09:37 -0700
commit: 37f0ae02457bd22b27f8f30a373e5cb19f2fbaea (patch)
tree: 94127e7ba8d70ead4ee3a0c47e56e965d0a7c685 /os/access.c
parent: 8d9ccc90a54c786ca4ba5620ab0a965e3f3bc8ea (diff)
1 files changed, 7 insertions, 12 deletions
diff --git a/os/access.c b/os/access.c
index 62af2f91f..dc54beef7 100644
--- a/os/access.c
+++ b/os/access.c
@@ -202,9 +202,8 @@ SOFTWARE.
 #include "dixstruct.h"
 #include "osdep.h"
 
-#ifdef XCSECURITY
-#define _SECURITY_SERVER
-#include <X11/extensions/security.h>
+#ifdef XACE
+#include "xace.h"
 #endif
 
 #ifndef PATH_MAX
@@ -1383,15 +1382,6 @@ _X_EXPORT Bool LocalClient(ClientPtr client)
     pointer		addr;
     register HOST	*host;
 
-#ifdef XCSECURITY
-    /* untrusted clients can't change host access */
-    if (client->trustLevel != XSecurityClientTrusted)
-    {
-	SecurityAudit("client %d attempted to change host access\n",
-		      client->index);
-	return FALSE;
-    }
-#endif
     if (!_XSERVTransGetPeerAddr (((OsCommPtr)client->osPrivate)->trans_conn,
 	&notused, &alen, &from))
     {
@@ -1534,6 +1524,11 @@ AuthorizedClient(ClientPtr client)
 {
     if (!client || defeatAccessControl)
 	return TRUE;
+#ifdef XACE
+    /* untrusted clients can't change host access */
+    if (!XaceHook(XACE_HOSTLIST_ACCESS, client, SecurityWriteAccess))
+	return FALSE;
+#endif
     return LocalClient(client);
 }
author	Eamon Walsh <ewalsh@epoch.ncsc.mil>	2004-05-05 20:04:52 +0000
committer	Alan Coopersmith <alanc@alf.(none)>	2006-06-19 17:09:37 -0700
commit	37f0ae02457bd22b27f8f30a373e5cb19f2fbaea (patch)
tree	94127e7ba8d70ead4ee3a0c47e56e965d0a7c685 /os/access.c
parent	8d9ccc90a54c786ca4ba5620ab0a965e3f3bc8ea (diff)