xace: add hooks + new access codes: DOUBLE-BUFFER extension

2 files changed, 20 insertions, 8 deletions

diff --git a/dbe/dbe.c b/dbe/dbe.c
index 223b0c983..8175a352f 100644
--- a/dbe/dbe.c
+++ b/dbe/dbe.c
@@ -54,6 +54,7 @@
 #define NEED_DBE_PROTOCOL
 #include "dbestruct.h"
 #include "midbe.h"
+#include "xace.h"
 
 /* GLOBALS */
 
@@ -233,7 +234,7 @@ ProcDbeAllocateBackBufferName(ClientPtr client)
     REQUEST_SIZE_MATCH(xDbeAllocateBackBufferNameReq);
 
     /* The window must be valid. */
-    status = dixLookupWindow(&pWin, stuff->window, client, DixWriteAccess);
+    status = dixLookupWindow(&pWin, stuff->window, client, DixManageAccess);
     if (status != Success)
 	return status;
 
@@ -720,7 +721,7 @@ ProcDbeGetVisualInfo(ClientPtr client)
         for (i = 0; i < stuff->n; i++)
         {
 	    rc = dixLookupDrawable(pDrawables+i, drawables[i], client, 0,
-				   DixReadAccess);
+				   DixGetAttrAccess);
 	    if (rc != Success) {
                 Xfree(pDrawables);
                 return rc;
@@ -748,7 +749,9 @@ ProcDbeGetVisualInfo(ClientPtr client)
                                     pDrawables[i]->pScreen;
         pDbeScreenPriv = DBE_SCREEN_PRIV(pScreen);
 
-        if (!(*pDbeScreenPriv->GetVisualInfo)(pScreen, &pScrVisInfo[i]))
+	rc = XaceHook(XACE_SCREEN_ACCESS, client, pScreen, DixGetAttrAccess);
+	if ((rc != Success) ||
+	    !(*pDbeScreenPriv->GetVisualInfo)(pScreen, &pScrVisInfo[i]))
         {
             /* We failed to alloc pScrVisInfo[i].visinfo. */
 
@@ -764,7 +767,7 @@ ProcDbeGetVisualInfo(ClientPtr client)
                 Xfree(pDrawables);
             }
 
-            return(BadAlloc);
+            return (rc == Success) ? BadAlloc : rc;
         }
 
         /* Account for n, number of xDbeVisInfo items in list. */
@@ -877,7 +880,7 @@ ProcDbeGetBackBufferAttributes(ClientPtr client)
     REQUEST_SIZE_MATCH(xDbeGetBackBufferAttributesReq);
 
     if (!(pDbeWindowPriv = (DbeWindowPrivPtr)SecurityLookupIDByType(client,
-		stuff->buffer, dbeWindowPrivResType, DixReadAccess)))
+		stuff->buffer, dbeWindowPrivResType, DixGetAttrAccess)))
     {
         rep.attributes = None;
     }
@@ -1615,6 +1618,9 @@ DbeExtensionInit(void)
         CreateNewResourceType(DbeDrawableDelete) | RC_DRAWABLE;
     dbeWindowPrivResType =
         CreateNewResourceType(DbeWindowPrivDelete);
+    if (!dixRegisterPrivateOffset(dbeDrawableResType,
+				  offsetof(PixmapRec, devPrivates)))
+	return;
 
     for (i = 0; i < screenInfo.numScreens; i++)
     {
diff --git a/dbe/midbe.c b/dbe/midbe.c
index f26a09c6d..e1c7f8d7d 100644
--- a/dbe/midbe.c
+++ b/dbe/midbe.c
@@ -56,6 +56,7 @@
 #include "gcstruct.h"
 #include "inputstr.h"
 #include "midbe.h"
+#include "xace.h"
 
 #include <stdio.h>
 
@@ -153,6 +154,7 @@ miDbeAllocBackBufferName(WindowPtr pWin, XID bufId, int swapAction)
     DbeScreenPrivPtr		pDbeScreenPriv;
     GCPtr			pGC;
     xRectangle			clearRect;
+    int				rc;
 
 
     pScreen = pWin->drawable.pScreen;
@@ -191,14 +193,18 @@ miDbeAllocBackBufferName(WindowPtr pWin, XID bufId, int swapAction)
             return(BadAlloc);
         }
 
+	/* Security creation/labeling check. */
+	rc = XaceHook(XACE_RESOURCE_ACCESS, serverClient, bufId,
+		      dbeDrawableResType, pDbeWindowPrivPriv->pBackBuffer,
+		      RT_WINDOW, pWin, DixCreateAccess);
 
         /* Make the back pixmap a DBE drawable resource. */
-        if (!AddResource(bufId, dbeDrawableResType,
-            (pointer)pDbeWindowPrivPriv->pBackBuffer))
+        if (rc != Success || !AddResource(bufId, dbeDrawableResType,
+					  pDbeWindowPrivPriv->pBackBuffer))
         {
             /* free the buffer and the drawable resource */
             FreeResource(bufId, RT_NONE);
-            return(BadAlloc);
+            return (rc == Success) ? BadAlloc : rc;
         }