xselinux: Move functions around; add some more comments.

1 files changed, 150 insertions, 117 deletions

diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index 9ff055484..fc91ae384 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -50,6 +50,11 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #include <stdarg.h>
 #include "modinit.h"
 
+
+/*
+ * Globals
+ */
+
 /* private state record */
 static DevPrivateKey stateKey = &stateKey;
 
@@ -108,6 +113,14 @@ static struct security_class_mapping map[] = {
     { NULL }
 };
 
+/* forward declarations */
+static void SELinuxScreen(CallbackListPtr *, pointer, pointer);
+
+
+/*
+ * Support Routines
+ */
+
 /*
  * Returns the object class corresponding to the given resource type.
  */
@@ -150,7 +163,6 @@ SELinuxTypeToClass(RESTYPE type)
 	    knownTypes[type] = SECCLASS_X_FONT;
     }
 
-//    ErrorF("Returning a class of %d for a type of %d\n", knownTypes[type], type);
     return knownTypes[type];
 }
 
@@ -163,8 +175,6 @@ SELinuxDoCheck(ClientPtr client, SELinuxStateRec *obj, security_class_t class,
 {
     SELinuxStateRec *subj;
 
-//    ErrorF("SuperCheck: client=%d, class=%d, access_mode=%x\n", client->index, class, access_mode);
-
     /* serverClient requests OK */
     if (client->index == 0)
 	return Success;
@@ -185,11 +195,101 @@ SELinuxDoCheck(ClientPtr client, SELinuxStateRec *obj, security_class_t class,
     return Success;
 }
 
-//static void
-//SELinuxSelection(CallbackListPtr *pcbl, pointer unused, pointer calldata)
-//{
-//    XaceSelectionAccessRec *rec = calldata;
-//}
+/*
+ * Labels initial server objects.
+ */
+static void
+SELinuxFixupLabels(void)
+{
+    int i;
+    XaceScreenAccessRec srec;
+    SELinuxStateRec *state;
+    security_context_t ctx;
+    pointer unused;
+
+    /* Do the serverClient */
+    state = dixLookupPrivate(&serverClient->devPrivates, stateKey);
+    sidput(state->sid);
+
+    /* Use the context of the X server process for the serverClient */
+    if (getcon(&ctx) < 0)
+	FatalError("Couldn't get context of X server process\n");
+
+    /* Get a SID from the context */
+    if (avc_context_to_sid(ctx, &state->sid) < 0)
+	FatalError("serverClient: context_to_sid(%s) failed\n", ctx);
+
+    freecon(ctx);
+
+    srec.client = serverClient;
+    srec.access_mode = DixCreateAccess;
+    srec.status = Success;
+
+    for (i = 0; i < screenInfo.numScreens; i++) {
+	/* Do the screen object */
+	srec.screen = screenInfo.screens[i];
+	SELinuxScreen(NULL, NULL, &srec);
+
+	/* Do the default colormap */
+	dixLookupResource(&unused, screenInfo.screens[i]->defColormap,
+			  RT_COLORMAP, serverClient, DixCreateAccess);
+    }
+}
+
+
+/*
+ * Libselinux Callbacks
+ */
+
+static int
+SELinuxAudit(void *auditdata,
+	     security_class_t class,
+	     char *msgbuf,
+	     size_t msgbufsize)
+{
+    SELinuxAuditRec *audit = auditdata;
+    ClientPtr client = audit->client;
+    char idNum[16], *propertyName;
+    int major = 0, minor = 0;
+    REQUEST(xReq);
+
+    if (audit->id)
+	snprintf(idNum, 16, "%x", audit->id);
+    if (stuff) {
+	major = stuff->reqType;
+	minor = (major < 128) ? 0 : MinorOpcodeOfRequest(client);
+    }
+
+    propertyName = audit->property ? NameForAtom(audit->property) : NULL;
+
+    return snprintf(msgbuf, msgbufsize, "%s%s%s%s%s%s%s%s%s%s%s%s",
+		    stuff ? "request=" : "",
+		    stuff ? LookupRequestName(major, minor) : "",
+		    audit->client_path ? " comm=" : "",
+		    audit->client_path ? audit->client_path : "",
+		    audit->id ? " resid=" : "",
+		    audit->id ? idNum : "",
+		    audit->restype ? " restype=" : "",
+		    audit->restype ? LookupResourceName(audit->restype) : "",
+		    audit->property ? " property=" : "",
+		    audit->property ? propertyName : "",
+		    audit->extension ? " extension=" : "",
+		    audit->extension ? audit->extension : "");
+}
+
+static int
+SELinuxLog(int type, const char *fmt, ...)
+{
+    va_list ap;
+    va_start(ap, fmt);
+    VErrorF(fmt, ap);
+    va_end(ap);
+    return 0;
+}
+
+/*
+ * XACE Callbacks
+ */
 
 static void
 SELinuxExtension(CallbackListPtr *pcbl, pointer unused, pointer calldata)
@@ -418,30 +518,10 @@ SELinuxServer(CallbackListPtr *pcbl, pointer unused, pointer calldata)
 	rec->status = rc;
 }
 
-/* Extension callbacks */
-static void
-SELinuxStateInit(CallbackListPtr *pcbl, pointer unused, pointer calldata)
-{
-    PrivateCallbackRec *rec = calldata;
-    SELinuxStateRec *state = *rec->value;
-
-    sidget(unlabeled_sid);
-    state->sid = unlabeled_sid;
-
-    avc_entry_ref_init(&state->aeref);
-}
-
-static void
-SELinuxStateFree(CallbackListPtr *pcbl, pointer unused, pointer calldata)
-{
-    PrivateCallbackRec *rec = calldata;
-    SELinuxStateRec *state = *rec->value;
 
-    xfree(state->client_path);
-
-    if (avc_active)
-	sidput(state->sid);
-}
+/*
+ * DIX Callbacks
+ */
 
 static void
 SELinuxClientState(CallbackListPtr *pcbl, pointer unused, pointer calldata)
@@ -506,7 +586,6 @@ finish:
     freecon(ctx);
 }
 
-/* Labeling callbacks */
 static void
 SELinuxResourceState(CallbackListPtr *pcbl, pointer unused, pointer calldata)
 {
@@ -553,113 +632,67 @@ SELinuxResourceState(CallbackListPtr *pcbl, pointer unused, pointer calldata)
 	FatalError("XSELinux: Unexpected unlabeled window found\n");
 }
 
-/* Extension dispatch functions */
-static int
-ProcSELinuxDispatch(ClientPtr client)
-{
-    return BadRequest;
-}
+
+/*
+ * DevPrivates Callbacks
+ */
 
 static void
-SELinuxResetProc(ExtensionEntry *extEntry)
+SELinuxStateInit(CallbackListPtr *pcbl, pointer unused, pointer calldata)
 {
-    /* XXX unregister all callbacks here */
-
-    selabel_close(label_hnd);
-    label_hnd = NULL;
-
-    audit_close(audit_fd);
+    PrivateCallbackRec *rec = calldata;
+    SELinuxStateRec *state = *rec->value;
 
-    avc_destroy();
-    avc_active = 0;
+    sidget(unlabeled_sid);
+    state->sid = unlabeled_sid;
 
-    xfree(knownTypes);
-    knownTypes = NULL;
-    numKnownTypes = 0;
+    avc_entry_ref_init(&state->aeref);
 }
 
-static int
-SELinuxAudit(void *auditdata,
-	     security_class_t class,
-	     char *msgbuf,
-	     size_t msgbufsize)
+static void
+SELinuxStateFree(CallbackListPtr *pcbl, pointer unused, pointer calldata)
 {
-    SELinuxAuditRec *audit = auditdata;
-    ClientPtr client = audit->client;
-    char idNum[16], *propertyName;
-    int major = 0, minor = 0;
-    REQUEST(xReq);
-
-    if (audit->id)
-	snprintf(idNum, 16, "%x", audit->id);
-    if (stuff) {
-	major = stuff->reqType;
-	minor = (major < 128) ? 0 : MinorOpcodeOfRequest(client);
-    }
+    PrivateCallbackRec *rec = calldata;
+    SELinuxStateRec *state = *rec->value;
 
-    propertyName = audit->property ? NameForAtom(audit->property) : NULL;
+    xfree(state->client_path);
 
-    return snprintf(msgbuf, msgbufsize, "%s%s%s%s%s%s%s%s%s%s%s%s",
-		    stuff ? "request=" : "",
-		    stuff ? LookupRequestName(major, minor) : "",
-		    audit->client_path ? " client=" : "",
-		    audit->client_path ? audit->client_path : "",
-		    audit->id ? " resid=" : "",
-		    audit->id ? idNum : "",
-		    audit->restype ? " restype=" : "",
-		    audit->restype ? LookupResourceName(audit->restype) : "",
-		    audit->property ? " property=" : "",
-		    audit->property ? propertyName : "",
-		    audit->extension ? " extension=" : "",
-		    audit->extension ? audit->extension : "");
+    if (avc_active)
+	sidput(state->sid);
 }
 
+
+/*
+ * Extension Dispatch
+ */
+
 static int
-SELinuxLog(int type, const char *fmt, ...)
+ProcSELinuxDispatch(ClientPtr client)
 {
-    va_list ap;
-    va_start(ap, fmt);
-    VErrorF(fmt, ap);
-    va_end(ap);
-    return 0;
+    return BadRequest;
 }
 
-static void
-SELinuxFixupLabels(void)
-{
-    int i;
-    XaceScreenAccessRec srec;
-    SELinuxStateRec *state;
-    security_context_t ctx;
-    pointer unused;
 
-    /* Do the serverClient */
-    state = dixLookupPrivate(&serverClient->devPrivates, stateKey);
-    sidput(state->sid);
-
-    /* Use the context of the X server process for the serverClient */
-    if (getcon(&ctx) < 0)
-	FatalError("Couldn't get context of X server process\n");
+/*
+ * Extension Setup / Teardown
+ */
 
-    /* Get a SID from the context */
-    if (avc_context_to_sid(ctx, &state->sid) < 0)
-	FatalError("serverClient: context_to_sid(%s) failed\n", ctx);
+static void
+SELinuxResetProc(ExtensionEntry *extEntry)
+{
+    /* XXX unregister all callbacks here */
 
-    freecon(ctx);
+    selabel_close(label_hnd);
+    label_hnd = NULL;
 
-    srec.client = serverClient;
-    srec.access_mode = DixCreateAccess;
-    srec.status = Success;
+    audit_close(audit_fd);
 
-    for (i = 0; i < screenInfo.numScreens; i++) {
-	/* Do the screen object */
-	srec.screen = screenInfo.screens[i];
-	SELinuxScreen(NULL, NULL, &srec);
+    avc_destroy();
+    avc_active = 0;
 
-	/* Do the default colormap */
-	dixLookupResource(&unused, screenInfo.screens[i]->defColormap,
-			  RT_COLORMAP, serverClient, DixCreateAccess);
-    }
+    xfree(knownTypes);
+    knownTypes = NULL;
+    numKnownTypes = 0;
 }
 
 void