diff options
| author | Peter Hutterer <peter@cs.unisa.edu.au> | 2008-01-26 13:55:07 +1030 |
|---|---|---|
| committer | Peter Hutterer <peter@cs.unisa.edu.au> | 2008-01-26 13:55:07 +1030 |
| commit | 0ac175597712edfeae676f536746a4d26d625e30 (patch) | |
| tree | bd34a9601dc6f1a446646e0907e49c90c6862cc0 /Xext | |
| parent | 210eeef495770c1883c842ff003c28ce25f279d4 (diff) | |
| parent | e915a2639752bc0ea9e6e192e020cc2031c08063 (diff) | |
Merge branch 'master' into mpx
Conflicts:
Xext/sampleEVI.c
Diffstat (limited to 'Xext')
| -rw-r--r-- | Xext/EVI.c | 15 | ||||
| -rw-r--r-- | Xext/Makefile.am | 2 | ||||
| -rw-r--r-- | Xext/cup.c | 3 | ||||
| -rw-r--r-- | Xext/sampleEVI.c | 31 | ||||
| -rw-r--r-- | Xext/shm.c | 50 | ||||
| -rw-r--r-- | Xext/xace.c | 198 | ||||
| -rw-r--r-- | Xext/xace.h | 10 | ||||
| -rw-r--r-- | Xext/xselinux.c | 301 | ||||
| -rw-r--r-- | Xext/xselinux.h | 10 | ||||
| -rw-r--r-- | Xext/xvdisp.c | 6 |
10 files changed, 318 insertions, 308 deletions
diff --git a/Xext/EVI.c b/Xext/EVI.c index 50b6d3db9..6b9118771 100644 --- a/Xext/EVI.c +++ b/Xext/EVI.c @@ -34,6 +34,7 @@ THE USE OR PERFORMANCE OF THIS SOFTWARE. #include <X11/extensions/XEVIstr.h> #include "EVIstruct.h" #include "modinit.h" +#include "scrnintstr.h" static EviPrivPtr eviPriv; @@ -84,10 +85,22 @@ ProcEVIGetVisualInfo(ClientPtr client) { REQUEST(xEVIGetVisualInfoReq); xEVIGetVisualInfoReply rep; - int n, n_conflict, n_info, sz_info, sz_conflict; + int i, n, n_conflict, n_info, sz_info, sz_conflict; VisualID32 *conflict; + unsigned int total_visuals = 0; xExtendedVisualInfo *eviInfo; int status; + + /* + * do this first, otherwise REQUEST_FIXED_SIZE can overflow. we assume + * here that you don't have more than 2^32 visuals over all your screens; + * this seems like a safe assumption. + */ + for (i = 0; i < screenInfo.numScreens; i++) + total_visuals += screenInfo.screens[i]->numVisuals; + if (stuff->n_visual > total_visuals) + return BadValue; + REQUEST_FIXED_SIZE(xEVIGetVisualInfoReq, stuff->n_visual * sz_VisualID32); status = eviPriv->getVisualInfo((VisualID32 *)&stuff[1], (int)stuff->n_visual, &eviInfo, &n_info, &conflict, &n_conflict); diff --git a/Xext/Makefile.am b/Xext/Makefile.am index 4f0429e7b..9cfb458cf 100644 --- a/Xext/Makefile.am +++ b/Xext/Makefile.am @@ -77,7 +77,7 @@ endif # requires X-ACE extension XSELINUX_SRCS = xselinux.c xselinux.h if XSELINUX -BUILTIN_SRCS += $(XSELINUX_SRCS) +MODULE_SRCS += $(XSELINUX_SRCS) endif # Security extension: multi-level security to protect clients from each other diff --git a/Xext/cup.c b/Xext/cup.c index 79e11deff..7a81f5e3a 100644 --- a/Xext/cup.c +++ b/Xext/cup.c @@ -176,6 +176,9 @@ int ProcGetReservedColormapEntries( REQUEST_SIZE_MATCH (xXcupGetReservedColormapEntriesReq); + if (stuff->screen >= screenInfo.numScreens) + return BadValue; + #ifndef HAVE_SPECIAL_DESKTOP_COLORS citems[CUP_BLACK_PIXEL].pixel = screenInfo.screens[stuff->screen]->blackPixel; diff --git a/Xext/sampleEVI.c b/Xext/sampleEVI.c index 5dd6e452b..a389efe04 100644 --- a/Xext/sampleEVI.c +++ b/Xext/sampleEVI.c @@ -34,6 +34,13 @@ THE USE OR PERFORMANCE OF THIS SOFTWARE. #include <X11/extensions/XEVIstr.h> #include "EVIstruct.h" #include "scrnintstr.h" + +#if HAVE_STDINT_H +#include <stdint.h> +#elif !defined(UINT32_MAX) +#define UINT32_MAX 0xffffffffU +#endif + static int sampleGetVisualInfo( VisualID32 *visual, int n_visual, @@ -42,24 +49,36 @@ static int sampleGetVisualInfo( VisualID32 **conflict_rn, int *n_conflict_rn) { - int max_sz_evi = n_visual * sz_xExtendedVisualInfo * screenInfo.numScreens; + unsigned int max_sz_evi; VisualID32 *temp_conflict; xExtendedVisualInfo *evi; - int max_visuals = 0, max_sz_conflict, sz_conflict = 0; - int visualI, scrI, sz_evi = 0, conflictI, n_conflict; - *evi_rn = evi = (xExtendedVisualInfo *)xalloc(max_sz_evi); - if (!*evi_rn) - return BadAlloc; + unsigned int max_visuals = 0, max_sz_conflict, sz_conflict = 0; + register int visualI, scrI, sz_evi = 0, conflictI, n_conflict; + + if (n_visual > UINT32_MAX/(sz_xExtendedVisualInfo * screenInfo.numScreens)) + return BadAlloc; + max_sz_evi = n_visual * sz_xExtendedVisualInfo * screenInfo.numScreens; + for (scrI = 0; scrI < screenInfo.numScreens; scrI++) { if (screenInfo.screens[scrI]->numVisuals > max_visuals) max_visuals = screenInfo.screens[scrI]->numVisuals; } + + if (n_visual > UINT32_MAX/(sz_VisualID32 * screenInfo.numScreens + * max_visuals)) + return BadAlloc; max_sz_conflict = n_visual * sz_VisualID32 * screenInfo.numScreens * max_visuals; + + *evi_rn = evi = (xExtendedVisualInfo *)xalloc(max_sz_evi); + if (!*evi_rn) + return BadAlloc; + temp_conflict = (VisualID32 *)xalloc(max_sz_conflict); if (!temp_conflict) { xfree(*evi_rn); return BadAlloc; } + for (scrI = 0; scrI < screenInfo.numScreens; scrI++) { for (visualI = 0; visualI < n_visual; visualI++) { evi[sz_evi].core_visual_id = visual[visualI]; diff --git a/Xext/shm.c b/Xext/shm.c index 1ee3bd14c..3e4071343 100644 --- a/Xext/shm.c +++ b/Xext/shm.c @@ -757,6 +757,8 @@ ProcPanoramiXShmCreatePixmap( int i, j, result, rc; ShmDescPtr shmdesc; REQUEST(xShmCreatePixmapReq); + unsigned int width, height, depth; + unsigned long size; PanoramiXRes *newPix; REQUEST_SIZE_MATCH(xShmCreatePixmapReq); @@ -770,11 +772,18 @@ ProcPanoramiXShmCreatePixmap( return rc; VERIFY_SHMPTR(stuff->shmseg, stuff->offset, TRUE, shmdesc, client); - if (!stuff->width || !stuff->height) + + width = stuff->width; + height = stuff->height; + depth = stuff->depth; + if (!width || !height || !depth) { client->errorValue = 0; return BadValue; } + if (width > 32767 || height > 32767) + return BadAlloc; + if (stuff->depth != 1) { pDepth = pDraw->pScreen->allowedDepths; @@ -784,10 +793,18 @@ ProcPanoramiXShmCreatePixmap( client->errorValue = stuff->depth; return BadValue; } + CreatePmap: - VERIFY_SHMSIZE(shmdesc, stuff->offset, - PixmapBytePad(stuff->width, stuff->depth) * stuff->height, - client); + size = PixmapBytePad(width, depth) * height; + if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) { + if (size < width * height) + return BadAlloc; + } + /* thankfully, offset is unsigned */ + if (stuff->offset + size < size) + return BadAlloc; + + VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client); if(!(newPix = (PanoramiXRes *) xalloc(sizeof(PanoramiXRes)))) return BadAlloc; @@ -1086,6 +1103,8 @@ ProcShmCreatePixmap(client) int i, rc; ShmDescPtr shmdesc; REQUEST(xShmCreatePixmapReq); + unsigned int width, height, depth; + unsigned long size; REQUEST_SIZE_MATCH(xShmCreatePixmapReq); client->errorValue = stuff->pid; @@ -1098,11 +1117,18 @@ ProcShmCreatePixmap(client) return rc; VERIFY_SHMPTR(stuff->shmseg, stuff->offset, TRUE, shmdesc, client); - if (!stuff->width || !stuff->height) + + width = stuff->width; + height = stuff->height; + depth = stuff->depth; + if (!width || !height || !depth) { client->errorValue = 0; return BadValue; } + if (width > 32767 || height > 32767) + return BadAlloc; + if (stuff->depth != 1) { pDepth = pDraw->pScreen->allowedDepths; @@ -1112,10 +1138,18 @@ ProcShmCreatePixmap(client) client->errorValue = stuff->depth; return BadValue; } + CreatePmap: - VERIFY_SHMSIZE(shmdesc, stuff->offset, - PixmapBytePad(stuff->width, stuff->depth) * stuff->height, - client); + size = PixmapBytePad(width, depth) * height; + if (sizeof(size) == 4 && BitsPerPixel(depth) > 8) { + if (size < width * height) + return BadAlloc; + } + /* thankfully, offset is unsigned */ + if (stuff->offset + size < size) + return BadAlloc; + + VERIFY_SHMSIZE(shmdesc, stuff->offset, size, client); pMap = (*shmFuncs[pDraw->pScreen->myNum]->CreatePixmap)( pDraw->pScreen, stuff->width, stuff->height, stuff->depth, diff --git a/Xext/xace.c b/Xext/xace.c index e85a51714..0470e44dd 100644 --- a/Xext/xace.c +++ b/Xext/xace.c @@ -24,31 +24,31 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. #include <stdarg.h> #include "scrnintstr.h" #include "xacestr.h" -#include "modinit.h" CallbackListPtr XaceHooks[XACE_NUM_HOOKS] = {0}; -/* Proc vectors for untrusted clients, swapped and unswapped versions. - * These are the same as the normal proc vectors except that extensions - * that haven't declared themselves secure will have ProcBadRequest plugged - * in for their major opcode dispatcher. This prevents untrusted clients - * from guessing extension major opcodes and using the extension even though - * the extension can't be listed or queried. - */ -static int (*UntrustedProcVector[256])( - ClientPtr /*client*/ -); -static int (*SwappedUntrustedProcVector[256])( - ClientPtr /*client*/ -); - /* Special-cased hook functions. Called by Xserver. */ -void XaceHookAuditBegin(ClientPtr ptr) +int XaceHookDispatch(ClientPtr client, int major) { - XaceAuditRec rec = { ptr, 0 }; - /* call callbacks, there is no return value. */ + /* Call the audit begin callback, there is no return value. */ + XaceAuditRec rec = { client, 0 }; CallCallbacks(&XaceHooks[XACE_AUDIT_BEGIN], &rec); + + if (major < 128) { + /* Call the core dispatch hook */ + XaceCoreDispatchRec rec = { client, Success /* default allow */ }; + CallCallbacks(&XaceHooks[XACE_CORE_DISPATCH], &rec); + return rec.status; + } else { + /* Call the extension dispatch hook */ + ExtensionEntry *ext = GetExtensionEntry(major); + XaceExtAccessRec rec = { client, ext, DixUseAccess, Success }; + if (ext) + CallCallbacks(&XaceHooks[XACE_EXT_DISPATCH], &rec); + /* On error, pretend extension doesn't exist */ + return (rec.status == Success) ? Success : BadRequest; + } } void XaceHookAuditEnd(ClientPtr ptr, int result) @@ -221,168 +221,6 @@ int XaceHook(int hook, ...) return prv ? *prv : Success; } -static int -ProcXaceDispatch(ClientPtr client) -{ - REQUEST(xReq); - - switch (stuff->data) - { - default: - return BadRequest; - } -} /* ProcXaceDispatch */ - -static int -SProcXaceDispatch(ClientPtr client) -{ - REQUEST(xReq); - - switch (stuff->data) - { - default: - return BadRequest; - } -} /* SProcXaceDispatch */ - - -/* XaceResetProc - * - * Arguments: - * extEntry is the extension information for the XACE extension. - * - * Returns: nothing. - * - * Side Effects: - * Performs any cleanup needed by XACE at server shutdown time. - */ -static void -XaceResetProc(ExtensionEntry *extEntry) -{ - int i; - - for (i=0; i<XACE_NUM_HOOKS; i++) - DeleteCallbackList(&XaceHooks[i]); -} /* XaceResetProc */ - - -static int -XaceCatchDispatchProc(ClientPtr client) -{ - REQUEST(xReq); - int major = stuff->reqType; - XaceCoreDispatchRec rec = { client, Success /* default allow */ }; - - if (!ProcVector[major]) - return BadRequest; - - /* call callbacks and return result, if any. */ - CallCallbacks(&XaceHooks[XACE_CORE_DISPATCH], &rec); - - if (rec.status != Success) - return rec.status; - - return client->swapped ? - (* SwappedProcVector[major])(client) : - (* ProcVector[major])(client); -} - -static int -XaceCatchExtProc(ClientPtr client) -{ - REQUEST(xReq); - int major = stuff->reqType; - ExtensionEntry *ext = GetExtensionEntry(major); - XaceExtAccessRec rec = { client, ext, DixUseAccess, Success }; - - if (!ext || !ProcVector[major]) - return BadRequest; - - /* call callbacks and return result, if any. */ - CallCallbacks(&XaceHooks[XACE_EXT_DISPATCH], &rec); - - if (rec.status != Success) - return BadRequest; /* pretend extension doesn't exist */ - - return client->swapped ? - (* SwappedProcVector[major])(client) : - (* ProcVector[major])(client); -} - - -/* SecurityClientStateCallback - * - * Arguments: - * pcbl is &ClientStateCallback. - * nullata is NULL. - * calldata is a pointer to a NewClientInfoRec (include/dixstruct.h) - * which contains information about client state changes. - * - * Returns: nothing. - * - * Side Effects: - * - * If a new client is connecting, its authorization ID is copied to - * client->authID. If this is a generated authorization, its reference - * count is bumped, its timer is cancelled if it was running, and its - * trustlevel is copied to TRUSTLEVEL(client). - * - * If a client is disconnecting and the client was using a generated - * authorization, the authorization's reference count is decremented, and - * if it is now zero, the timer for this authorization is started. - */ - -static void -XaceClientStateCallback( - CallbackListPtr *pcbl, - pointer nulldata, - pointer calldata) -{ - NewClientInfoRec *pci = (NewClientInfoRec *)calldata; - ClientPtr client = pci->client; - - switch (client->clientState) - { - case ClientStateRunning: - { - client->requestVector = client->swapped ? - SwappedUntrustedProcVector : UntrustedProcVector; - break; - } - default: break; - } -} /* XaceClientStateCallback */ - -/* XaceExtensionInit - * - * Initialize the XACE Extension - */ -void XaceExtensionInit(INITARGS) -{ - ExtensionEntry *extEntry; - int i; - - if (!AddCallback(&ClientStateCallback, XaceClientStateCallback, NULL)) - return; - - extEntry = AddExtension(XACE_EXTENSION_NAME, - XaceNumberEvents, XaceNumberErrors, - ProcXaceDispatch, SProcXaceDispatch, - XaceResetProc, StandardMinorOpcode); - - /* initialize dispatching intercept functions */ - for (i = 0; i < 128; i++) - { - UntrustedProcVector[i] = XaceCatchDispatchProc; - SwappedUntrustedProcVector[i] = XaceCatchDispatchProc; - } - for (i = 128; i < 256; i++) - { - UntrustedProcVector[i] = XaceCatchExtProc; - SwappedUntrustedProcVector[i] = XaceCatchExtProc; - } -} - /* XaceCensorImage * * Called after pScreen->GetImage to prevent pieces or trusted windows from diff --git a/Xext/xace.h b/Xext/xace.h index 6f92290a0..4100ba16e 100644 --- a/Xext/xace.h +++ b/Xext/xace.h @@ -22,16 +22,12 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. #ifdef XACE -#define XACE_EXTENSION_NAME "XAccessControlExtension" #define XACE_MAJOR_VERSION 2 #define XACE_MINOR_VERSION 0 #include "pixmap.h" /* for DrawablePtr */ #include "regionstr.h" /* for RegionPtr */ -#define XaceNumberEvents 0 -#define XaceNumberErrors 0 - /* Default window background */ #define XaceBackgroundNoneState None @@ -68,8 +64,8 @@ extern int XaceHook( /* Special-cased hook functions */ +extern int XaceHookDispatch(ClientPtr ptr, int major); extern void XaceHookAuditEnd(ClientPtr ptr, int result); -extern void XaceHookAuditBegin(ClientPtr ptr); /* Register a callback for a given hook. */ @@ -104,13 +100,13 @@ extern void XaceCensorImage( #ifdef __GNUC__ #define XaceHook(args...) Success +#define XaceHookDispatch(args...) Success #define XaceHookAuditEnd(args...) { ; } -#define XaceHookAuditBegin(args...) { ; } #define XaceCensorImage(args...) { ; } #else #define XaceHook(...) Success +#define XaceHookDispatch(...) Success #define XaceHookAuditEnd(...) { ; } -#define XaceHookAuditBegin(...) { ; } #define XaceCensorImage(...) { ; } #endif diff --git a/Xext/xselinux.c b/Xext/xselinux.c index 4629e9027..a6e27e695 100644 --- a/Xext/xselinux.c +++ b/Xext/xselinux.c @@ -63,6 +63,7 @@ typedef struct { security_id_t sid; struct avc_entry_ref aeref; char *command; + int privileged; } SELinuxStateRec; /* selection manager */ @@ -71,8 +72,8 @@ typedef struct { security_id_t sid; } SELinuxSelectionRec; -static ClientPtr selectionManager; -static Window selectionWindow; +static ClientPtr securityManager; +static Window securityWindow; /* audit file descriptor */ static int audit_fd; @@ -271,7 +272,7 @@ SELinuxTypeToClass(RESTYPE type) knownTypes[type] = SECCLASS_X_CURSOR; if (fulltype == RT_COLORMAP) knownTypes[type] = SECCLASS_X_COLORMAP; - + /* Need to do a string lookup */ str = LookupResourceName(fulltype); if (!strcmp(str, "PICTURE")) @@ -287,11 +288,11 @@ SELinuxTypeToClass(RESTYPE type) * Performs an SELinux permission check. */ static int -SELinuxDoCheck(int clientIndex, SELinuxStateRec *subj, SELinuxStateRec *obj, +SELinuxDoCheck(SELinuxStateRec *subj, SELinuxStateRec *obj, security_class_t class, Mask mode, SELinuxAuditRec *auditdata) { /* serverClient requests OK */ - if (clientIndex == 0) + if (subj->privileged) return Success; auditdata->command = subj->command; @@ -383,6 +384,7 @@ SELinuxLabelInitial(void) /* Do the serverClient */ state = dixLookupPrivate(&serverClient->devPrivates, stateKey); + state->privileged = 1; sidput(state->sid); /* Use the context of the X server process for the serverClient */ @@ -496,8 +498,8 @@ SELinuxDevice(CallbackListPtr *pcbl, pointer unused, pointer calldata) obj->sid = subj->sid; } - rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_DEVICE, - rec->access_mode, &auditdata); + rc = SELinuxDoCheck(subj, obj, SECCLASS_X_DEVICE, rec->access_mode, + &auditdata); if (rc != Success) rec->status = rc; } @@ -509,21 +511,18 @@ SELinuxSend(CallbackListPtr *pcbl, pointer unused, pointer calldata) SELinuxStateRec *subj, *obj, ev_sid; SELinuxAuditRec auditdata = { .client = rec->client }; security_class_t class; - int rc, i, type, clientIndex; + int rc, i, type; - if (rec->dev) { + if (rec->dev) subj = dixLookupPrivate(&rec->dev->devPrivates, stateKey); - clientIndex = -1; /* some nonzero value */ - } else { + else subj = dixLookupPrivate(&rec->client->devPrivates, stateKey); - clientIndex = rec->client->index; - } obj = dixLookupPrivate(&rec->pWin->devPrivates, stateKey); /* Check send permission on window */ - rc = SELinuxDoCheck(clientIndex, subj, obj, SECCLASS_X_DRAWABLE, - DixSendAccess, &auditdata); + rc = SELinuxDoCheck(subj, obj, SECCLASS_X_DRAWABLE, DixSendAccess, + &auditdata); if (rc != Success) goto err; @@ -537,8 +536,7 @@ SELinuxSend(CallbackListPtr *pcbl, pointer unused, pointer calldata) goto err; auditdata.event = type; - rc = SELinuxDoCheck(clientIndex, subj, &ev_sid, class, - DixSendAccess, &auditdata); + rc = SELinuxDoCheck(subj, &ev_sid, class, DixSendAccess, &auditdata); if (rc != Success) goto err; } @@ -560,8 +558,8 @@ SELinuxReceive(CallbackListPtr *pcbl, pointer unused, pointer calldata) obj = dixLookupPrivate(&rec->pWin->devPrivates, stateKey); /* Check receive permission on window */ - rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_DRAWABLE, - DixReceiveAccess, &auditdata); + rc = SELinuxDoCheck(subj, obj, SECCLASS_X_DRAWABLE, DixReceiveAccess, + &auditdata); if (rc != Success) goto err; @@ -575,8 +573,7 @@ SELinuxReceive(CallbackListPtr *pcbl, pointer unused, pointer calldata) goto err; auditdata.event = type; - rc = SELinuxDoCheck(rec->client->index, subj, &ev_sid, class, - DixReceiveAccess, &auditdata); + rc = SELinuxDoCheck(subj, &ev_sid, class, DixReceiveAccess, &auditdata); if (rc != Success) goto err; } @@ -633,8 +630,8 @@ SELinuxExtension(CallbackListPtr *pcbl, pointer unused, pointer calldata) /* Perform the security check */ auditdata.extension = rec->ext->name; - rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_EXTENSION, - rec->access_mode, &auditdata); + rc = SELinuxDoCheck(subj, obj, SECCLASS_X_EXTENSION, rec->access_mode, + &auditdata); if (rc != Success) rec->status = rc; } @@ -680,13 +677,12 @@ SELinuxProperty(CallbackListPtr *pcbl, pointer unused, pointer calldata) return; } freecon(con); - avc_entry_ref_init(&obj->aeref); } /* Perform the security check */ auditdata.property = rec->pProp->propertyName; - rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_PROPERTY, - rec->access_mode, &auditdata); + rc = SELinuxDoCheck(subj, obj, SECCLASS_X_PROPERTY, rec->access_mode, + &auditdata); if (rc != Success) rec->status = rc; } @@ -741,8 +737,7 @@ SELinuxResource(CallbackListPtr *pcbl, pointer unused, pointer calldata) /* Perform the security check */ auditdata.restype = rec->rtype; auditdata.id = rec->id; - rc = SELinuxDoCheck(rec->client->index, subj, obj, class, - rec->access_mode, &auditdata); + rc = SELinuxDoCheck(subj, obj, class, rec->access_mode, &auditdata); if (rc != Success) rec->status = rc; } @@ -775,8 +770,7 @@ SELinuxScreen(CallbackListPtr *pcbl, pointer is_saver, pointer calldata) if (is_saver) access_mode <<= 2; - rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_SCREEN, - access_mode, &auditdata); + rc = SELinuxDoCheck(subj, obj, SECCLASS_X_SCREEN, access_mode, &auditdata); if (rc != Success) rec->status = rc; } @@ -792,8 +786,8 @@ SELinuxClient(CallbackListPtr *pcbl, pointer unused, pointer calldata) subj = dixLookupPrivate(&rec->client->devPrivates, stateKey); obj = dixLookupPrivate(&rec->target->devPrivates, stateKey); - rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_CLIENT, - rec->access_mode, &auditdata); + rc = SELinuxDoCheck(subj, obj, SECCLASS_X_CLIENT, rec->access_mode, + &auditdata); if (rc != Success) rec->status = rc; } @@ -809,8 +803,8 @@ SELinuxServer(CallbackListPtr *pcbl, pointer unused, pointer calldata) subj = dixLookupPrivate(&rec->client->devPrivates, stateKey); obj = dixLookupPrivate(&serverClient->devPrivates, stateKey); - rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_SERVER, - rec->access_mode, &auditdata); + rc = SELinuxDoCheck(subj, obj, SECCLASS_X_SERVER, rec->access_mode, + &auditdata); if (rc != Success) rec->status = rc; } @@ -832,8 +826,8 @@ SELinuxSelection(CallbackListPtr *pcbl, pointer unused, pointer calldata) } auditdata.selection = rec->name; - rc = SELinuxDoCheck(rec->client->index, subj, &sel_sid, - SECCLASS_X_SELECTION, rec->access_mode, &auditdata); + rc = SELinuxDoCheck(subj, &sel_sid, SECCLASS_X_SELECTION, rec->access_mode, + &auditdata); if (rc != Success) rec->status = rc; } @@ -855,9 +849,9 @@ SELinuxClientState(CallbackListPtr *pcbl, pointer unused, pointer calldata) case ClientStateRetained: case ClientStateGone: - if (pci->client == selectionManager) { - selectionManager = NULL; - selectionWindow = 0; + if (pci->client == securityManager) { + securityManager = NULL; + securityWindow = 0; } break; @@ -890,8 +884,7 @@ SELinuxResourceState(CallbackListPtr *pcbl, pointer unused, pointer calldata) if (rc != Success) FatalError("SELinux: Failed to set label property on window!\n"); freecon(ctx); - } - else + } else FatalError("SELinux: Unexpected unlabeled client found\n"); state = dixLookupPrivate(&pWin->devPrivates, stateKey); @@ -907,8 +900,7 @@ SELinuxResourceState(CallbackListPtr *pcbl, pointer unused, pointer calldata) if (rc != Success) FatalError("SELinux: Failed to set label property on window!\n"); freecon(ctx); - } - else + } else FatalError("SELinux: Unexpected unlabeled window found\n"); } @@ -943,9 +935,9 @@ SELinuxSelectionState(CallbackListPtr *pcbl, pointer unused, pointer calldata) case SelectionConvertSelection: /* redirect the convert request if necessary */ - if (selectionManager && selectionManager != rec->client) { - rec->selection->client = selectionManager; - rec->selection->window = selectionWindow; + if (securityManager && securityManager != rec->client) { + rec->selection->client = securityManager; + rec->selection->window = securityWindow; } else { rec->selection->client = rec->selection->alt_client; rec->selection->window = rec->selection->alt_window; @@ -1012,39 +1004,39 @@ ProcSELinuxQueryVersion(ClientPtr client) } static int -ProcSELinuxSetSelectionManager(ClientPtr client) +ProcSELinuxSetSecurityManager(ClientPtr client) { WindowPtr pWin; int rc; - REQUEST(SELinuxSetSelectionManagerReq); - REQUEST_SIZE_MATCH(SELinuxSetSelectionManagerReq); + REQUEST(SELinuxSetSecurityManagerReq); + REQUEST_SIZE_MATCH(SELinuxSetSecurityManagerReq); if (stuff->window == None) { - selectionManager = NULL; - selectionWindow = None; + securityManager = NULL; + securityWindow = None; } else { rc = dixLookupResource((pointer *)&pWin, stuff->window, RT_WINDOW, client, DixGetAttrAccess); if (rc != Success) return rc; - selectionManager = client; - selectionWindow = stuff->window; + securityManager = client; + securityWindow = stuff->window; } return Success; } static int -ProcSELinuxGetSelectionManager(ClientPtr client) +ProcSELinuxGetSecurityManager(ClientPtr client) { - SELinuxGetSelectionManagerReply rep; + SELinuxGetSecurityManagerReply rep; rep.type = X_Reply; rep.length = 0; rep.sequenceNumber = client->sequence; - rep.window = selectionWindow; + rep.window = securityWindow; if (client->swapped) { int n; swaps(&rep.sequenceNumber, n); @@ -1100,7 +1092,40 @@ ProcSELinuxSetDeviceContext(ClientPtr client) static int ProcSELinuxGetDeviceContext(ClientPtr client) { - return Success; + char *ctx; + DeviceIntPtr dev; + SELinuxStateRec *state; + SELinuxGetContextReply rep; + int rc; + + REQUEST(SELinuxGetContextReq); + REQUEST_SIZE_MATCH(SELinuxGetContextReq); + + rc = dixLookupDevice(&dev, stuff->id, client, DixGetAttrAccess); + if (rc != Success) + return rc; + + state = dixLookupPrivate(&dev->devPrivates, stateKey); + rc = avc_sid_to_context(state->sid, &ctx); + if (rc != Success) + return BadValue; + + rep.type = X_Reply; + rep.length = (strlen(ctx) + 4) >> 2; + rep.sequenceNumber = client->sequence; + rep.context_len = strlen(ctx) + 1; + + if (client->swapped) { + int n; + swapl(&rep.length, n); + swaps(&rep.sequenceNumber, n); + swaps(&rep.context_len, n); + } + + WriteToClient(client, sizeof(SELinuxGetContextReply), (char *)&rep); + WriteToClient(client, rep.context_len, ctx); + free(ctx); + return client->noClientException; } static int @@ -1118,7 +1143,54 @@ ProcSELinuxGetPropertyCreateContext(ClientPtr client) static int ProcSELinuxGetPropertyContext(ClientPtr client) { - return Success; + char *ctx; + WindowPtr pWin; + PropertyPtr pProp; + SELinuxStateRec *state; + SELinuxGetContextReply rep; + int rc; + + REQUEST(SELinuxGetPropertyContextReq); + REQUEST_SIZE_MATCH(SELinuxGetPropertyContextReq); + + rc = dixLookupWindow(&pWin, stuff->window, client, DixGetPropAccess); + if (rc != Success) + return rc; + + pProp = wUserProps(pWin); + while (pProp) { + if (pProp->propertyName == stuff->property) + break; + pProp = pProp->next; + } + if (!pProp) + return BadValue; + + rc = XaceHook(XACE_PROPERTY_ACCESS, client, pWin, pProp, DixGetAttrAccess); + if (rc != Success) + return rc; + + state = dixLookupPrivate(&pProp->devPrivates, stateKey); + rc = avc_sid_to_context(state->sid, &ctx); + if (rc != Success) + return BadValue; + + rep.type = X_Reply; + rep.length = (strlen(ctx) + 4) >> 2; + rep.sequenceNumber = client->sequence; + rep.context_len = strlen(ctx) + 1; + + if (client->swapped) { + int n; + swapl(&rep.length, n); + swaps(&rep.sequenceNumber, n); + swaps(&rep.context_len, n); + } + + WriteToClient(client, sizeof(SELinuxGetContextReply), (char *)&rep); + WriteToClient(client, rep.context_len, ctx); + free(ctx); + return client->noClientException; } static int @@ -1136,7 +1208,40 @@ ProcSELinuxGetWindowCreateContext(ClientPtr client) static int ProcSELinuxGetWindowContext(ClientPtr client) { - return Success; + char *ctx; + WindowPtr pWin; + SELinuxStateRec *state; + SELinuxGetContextReply rep; + int rc; + + REQUEST(SELinuxGetContextReq); + REQUEST_SIZE_MATCH(SELinuxGetContextReq); + + rc = dixLookupWindow(&pWin, stuff->id, client, DixGetAttrAccess); + if (rc != Success) + return rc; + + state = dixLookupPrivate(&pWin->devPrivates, stateKey); + rc = avc_sid_to_context(state->sid, &ctx); + if (rc != Success) + return BadValue; + + rep.type = X_Reply; + rep.length = (strlen(ctx) + 4) >> 2; + rep.sequenceNumber = client->sequence; + rep.context_len = strlen(ctx) + 1; + + if (client->swapped) { + int n; + swapl(&rep.length, n); + swaps(&rep.sequenceNumber, n); + swaps(&rep.context_len, n); + } + + WriteToClient(client, sizeof(SELinuxGetContextReply), (char *)&rep); + WriteToClient(client, rep.context_len, ctx); + free(ctx); + return client->noClientException; } static int @@ -1146,10 +1251,10 @@ ProcSELinuxDispatch(ClientPtr client) switch (stuff->data) { case X_SELinuxQueryVersion: return ProcSELinuxQueryVersion(client); - case X_SELinuxSetSelectionManager: - return ProcSELinuxSetSelectionManager(client); - case X_SELinuxGetSelectionManager: - return ProcSELinuxGetSelectionManager(client); + case X_SELinuxSetSecurityManager: + return ProcSELinuxSetSecurityManager(client); + case X_SELinuxGetSecurityManager: + return ProcSELinuxGetSecurityManager(client); case X_SELinuxSetDeviceCreateContext: return ProcSELinuxSetDeviceCreateContext(client); case X_SELinuxGetDeviceCreateContext: @@ -1181,21 +1286,21 @@ SProcSELinuxQueryVersion(ClientPtr client) REQUEST(SELinuxQueryVersionReq); int n; - REQUEST_SIZE_MATCH (SELinuxQueryVersionReq); - swaps(&stuff->client_major,n); - swaps(&stuff->client_minor,n); + REQUEST_SIZE_MATCH(SELinuxQueryVersionReq); + swaps(&stuff->client_major, n); + swaps(&stuff->client_minor, n); return ProcSELinuxQueryVersion(client); } static int -SProcSELinuxSetSelectionManager(ClientPtr client) +SProcSELinuxSetSecurityManager(ClientPtr client) { - REQUEST(SELinuxSetSelectionManagerReq); + REQUEST(SELinuxSetSecurityManagerReq); int n; - REQUEST_SIZE_MATCH (SELinuxSetSelectionManagerReq); - swapl(&stuff->window,n); - return ProcSELinuxSetSelectionManager(client); + REQUEST_SIZE_MATCH(SELinuxSetSecurityManagerReq); + swapl(&stuff->window, n); + return ProcSELinuxSetSecurityManager(client); } static int @@ -1205,7 +1310,7 @@ SProcSELinuxSetDeviceCreateContext(ClientPtr client) int n; REQUEST_AT_LEAST_SIZE(SELinuxSetCreateContextReq); - swaps(&stuff->context_len,n); + swaps(&stuff->context_len, n); return ProcSELinuxSetDeviceCreateContext(client); } @@ -1216,8 +1321,8 @@ SProcSELinuxSetDeviceContext(ClientPtr client) int n; REQUEST_AT_LEAST_SIZE(SELinuxSetContextReq); - swapl(&stuff->id,n); - swaps(&stuff->context_len,n); + swapl(&stuff->id, n); + swaps(&stuff->context_len, n); return ProcSELinuxSetDeviceContext(client); } @@ -1228,7 +1333,7 @@ SProcSELinuxGetDeviceContext(ClientPtr client) int n; REQUEST_SIZE_MATCH(SELinuxGetContextReq); - swapl(&stuff->id,n); + swapl(&stuff->id, n); return ProcSELinuxGetDeviceContext(client); } @@ -1239,7 +1344,7 @@ SProcSELinuxSetPropertyCreateContext(ClientPtr client) int n; REQUEST_AT_LEAST_SIZE(SELinuxSetCreateContextReq); - swaps(&stuff->context_len,n); + swaps(&stuff->context_len, n); return ProcSELinuxSetPropertyCreateContext(client); } @@ -1250,8 +1355,8 @@ SProcSELinuxGetPropertyContext(ClientPtr client) int n; REQUEST_SIZE_MATCH(SELinuxGetPropertyContextReq); - swapl(&stuff->window,n); - swapl(&stuff->property,n); + swapl(&stuff->window, n); + swapl(&stuff->property, n); return ProcSELinuxGetPropertyContext(client); } @@ -1262,7 +1367,7 @@ SProcSELinuxSetWindowCreateContext(ClientPtr client) int n; REQUEST_AT_LEAST_SIZE(SELinuxSetCreateContextReq); - swaps(&stuff->context_len,n); + swaps(&stuff->context_len, n); return ProcSELinuxSetWindowCreateContext(client); } @@ -1273,7 +1378,7 @@ SProcSELinuxGetWindowContext(ClientPtr client) int n; REQUEST_SIZE_MATCH(SELinuxGetContextReq); - swapl(&stuff->id,n); + swapl(&stuff->id, n); return ProcSELinuxGetWindowContext(client); } @@ -1287,31 +1392,31 @@ SProcSELinuxDispatch(ClientPtr client) switch (stuff->data) { case X_SELinuxQueryVersion: - return SProcSELinuxQueryVersion(client); - case X_SELinuxSetSelectionManager: - return SProcSELinuxSetSelectionManager(client); - case X_SELinuxGetSelectionManager: - return ProcSELinuxGetSelectionManager(client); + return SProcSELinuxQueryVersion(client); + case X_SELinuxSetSecurityManager: + return SProcSELinuxSetSecurityManager(client); + case X_SELinuxGetSecurityManager: + return ProcSELinuxGetSecurityManager(client); case X_SELinuxSetDeviceCreateContext: - return SProcSELinuxSetDeviceCreateContext(client); + return SProcSELinuxSetDeviceCreateContext(client); case X_SELinuxGetDeviceCreateContext: - return ProcSELinuxGetDeviceCreateContext(client); + return ProcSELinuxGetDeviceCreateContext(client); case X_SELinuxSetDeviceContext: - return SProcSELinuxSetDeviceContext(client); + return SProcSELinuxSetDeviceContext(client); case X_SELinuxGetDeviceContext: - return SProcSELinuxGetDeviceContext(client); + return SProcSELinuxGetDeviceContext(client); case X_SELinuxSetPropertyCreateContext: - return SProcSELinuxSetPropertyCreateContext(client); + return SProcSELinuxSetPropertyCreateContext(client); case X_SELinuxGetPropertyCreateContext: - return ProcSELinuxGetPropertyCreateContext(client); + return ProcSELinuxGetPropertyCreateContext(client); case X_SELinuxGetPropertyContext: - return SProcSELinuxGetPropertyContext(client); + return SProcSELinuxGetPropertyContext(client); case X_SELinuxSetWindowCreateContext: - return SProcSELinuxSetWindowCreateContext(client); + return SProcSELinuxSetWindowCreateContext(client); case X_SELinuxGetWindowCreateContext: - return ProcSELinuxGetWindowCreateContext(client); + return ProcSELinuxGetWindowCreateContext(client); case X_SELinuxGetWindowContext: - return SProcSELinuxGetWindowContext(client); + return SProcSELinuxGetWindowContext(client); default: return BadRequest; } @@ -1376,8 +1481,8 @@ SELinuxExtensionInit(INITARGS) /* Setup SELinux stuff */ if (!is_selinux_enabled()) { - ErrorF("SELinux: SELinux not enabled, disabling SELinux support.\n"); - return; + ErrorF("SELinux: SELinux not enabled, disabling SELinux support.\n"); + return; } selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback)SELinuxLog); @@ -1408,7 +1513,7 @@ SELinuxExtensionInit(INITARGS) /* Prepare for auditing */ audit_fd = audit_open(); if (audit_fd < 0) - FatalError("SELinux: Failed to open the system audit log\n"); + FatalError("SELinux: Failed to open the system audit log\n"); /* Allocate private storage */ if (!dixRequestPrivate(stateKey, sizeof(SELinuxStateRec))) diff --git a/Xext/xselinux.h b/Xext/xselinux.h index ba1380b57..7eeea5046 100644 --- a/Xext/xselinux.h +++ b/Xext/xselinux.h @@ -31,8 +31,8 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. /* Extension protocol */ #define X_SELinuxQueryVersion 0 -#define X_SELinuxSetSelectionManager 1 -#define X_SELinuxGetSelectionManager 2 +#define X_SELinuxSetSecurityManager 1 +#define X_SELinuxGetSecurityManager 2 #define X_SELinuxSetDeviceCreateContext 3 #define X_SELinuxGetDeviceCreateContext 4 #define X_SELinuxSetDeviceContext 5 @@ -72,13 +72,13 @@ typedef struct { CARD8 SELinuxReqType; CARD16 length; CARD32 window; -} SELinuxSetSelectionManagerReq; +} SELinuxSetSecurityManagerReq; typedef struct { CARD8 reqType; CARD8 SELinuxReqType; CARD16 length; -} SELinuxGetSelectionManagerReq; +} SELinuxGetSecurityManagerReq; typedef struct { CARD8 type; @@ -91,7 +91,7 @@ typedef struct { CARD32 pad4; CARD32 pad5; CARD32 pad6; -} SELinuxGetSelectionManagerReply; +} SELinuxGetSecurityManagerReply; typedef struct { CARD8 reqType; diff --git a/Xext/xvdisp.c b/Xext/xvdisp.c index 17ff1d788..de0128e14 100644 --- a/Xext/xvdisp.c +++ b/Xext/xvdisp.c @@ -1532,6 +1532,7 @@ SProcXvShmPutImage(ClientPtr client) swapl(&stuff->gc, n); swapl(&stuff->shmseg, n); swapl(&stuff->id, n); + swapl(&stuff->offset, n); swaps(&stuff->src_x, n); swaps(&stuff->src_y, n); swaps(&stuff->src_w, n); @@ -1540,7 +1541,6 @@ SProcXvShmPutImage(ClientPtr client) swaps(&stuff->drw_y, n); swaps(&stuff->drw_w, n); swaps(&stuff->drw_h, n); - swaps(&stuff->offset, n); swaps(&stuff->width, n); swaps(&stuff->height, n); return XvProcVector[xv_ShmPutImage](client); @@ -1588,6 +1588,7 @@ SProcXvSetPortAttribute(ClientPtr client) swaps(&stuff->length, n); swapl(&stuff->port, n); swapl(&stuff->attribute, n); + swapl(&stuff->value, n); return XvProcVector[xv_SetPortAttribute](client); } @@ -1632,9 +1633,10 @@ SProcXvQueryImageAttributes(ClientPtr client) char n; REQUEST(xvQueryImageAttributesReq); swaps(&stuff->length, n); + swapl(&stuff->port, n); swapl(&stuff->id, n); swaps(&stuff->width, n); - swaps(&stuff->width, n); + swaps(&stuff->height, n); return XvProcVector[xv_QueryImageAttributes](client); } |