diff options
author | Peter Hutterer <peter.hutterer@who-t.net> | 2009-10-22 13:31:21 +1000 |
---|---|---|
committer | Peter Hutterer <peter.hutterer@who-t.net> | 2009-10-22 13:31:21 +1000 |
commit | 4b9979ae19ff9e9bcc7ede01b20c13d954272de1 (patch) | |
tree | d516fdb0d913482530180aa5572abc46510ec20a | |
parent | d6d3620faf23ce9adc2b91a1255f16344fc9894e (diff) | |
parent | 4549953327c31b377ad9183119b66f007fc5b698 (diff) |
Merge branch 'server-1.7-branch' of git://anongit.freedesktop.org/~ewalsh/xserver into server-1.7-nominations
-rw-r--r-- | Xext/xselinux.c | 22 | ||||
-rw-r--r-- | Xext/xselinux.h | 45 | ||||
-rw-r--r-- | Xi/queryst.c | 14 | ||||
-rw-r--r-- | Xi/xiquerydevice.c | 41 | ||||
-rw-r--r-- | Xi/xiquerydevice.h | 8 | ||||
-rw-r--r-- | dix/devices.c | 5 | ||||
-rw-r--r-- | dix/events.c | 61 | ||||
-rw-r--r-- | include/dix.h | 4 | ||||
-rw-r--r-- | xkb/xkb.c | 2 |
9 files changed, 128 insertions, 74 deletions
diff --git a/Xext/xselinux.c b/Xext/xselinux.c index b9b16b6ce..a047a00d7 100644 --- a/Xext/xselinux.c +++ b/Xext/xselinux.c @@ -544,7 +544,7 @@ SELinuxLabelResource(XaceResourceAccessRec *rec, SELinuxSubjectRec *subj, security_id_t tsid; /* Check for a create context */ - if (rec->rtype == RT_WINDOW && subj->win_create_sid) { + if (rec->rtype & RC_DRAWABLE && subj->win_create_sid) { sidget(obj->sid = subj->win_create_sid); return Success; } @@ -662,6 +662,7 @@ SELinuxDevice(CallbackListPtr *pcbl, pointer unused, pointer calldata) SELinuxSubjectRec *subj; SELinuxObjectRec *obj; SELinuxAuditRec auditdata = { .client = rec->client, .dev = rec->dev }; + security_class_t cls; int rc; subj = dixLookupPrivate(&rec->client->devPrivates, subjectKey); @@ -686,19 +687,8 @@ SELinuxDevice(CallbackListPtr *pcbl, pointer unused, pointer calldata) } } - /* XXX only check read permission on XQueryKeymap */ - /* This is to allow the numerous apps that call XQueryPointer to work */ - if (rec->access_mode & DixReadAccess) { - ClientPtr client = rec->client; - REQUEST(xReq); - if (stuff && stuff->reqType != X_QueryKeymap) { - rec->access_mode &= ~DixReadAccess; - rec->access_mode |= DixGetAttrAccess; - } - } - - rc = SELinuxDoCheck(subj, obj, SECCLASS_X_DEVICE, rec->access_mode, - &auditdata); + cls = IsPointerDevice(rec->dev) ? SECCLASS_X_POINTER : SECCLASS_X_KEYBOARD; + rc = SELinuxDoCheck(subj, obj, cls, rec->access_mode, &auditdata); if (rc != Success) rec->status = rc; } @@ -1958,8 +1948,10 @@ SELinuxExtensionInit(INITARGS) } /* Don't init unless there's something to do */ - if (!security_get_boolean_active("xserver_object_manager")) + if (!security_get_boolean_active("xserver_object_manager")) { + LogMessage(X_INFO, "SELinux: Disabled by boolean\n"); return; + } /* Check SELinux mode in configuration file */ switch(selinuxEnforcingState) { diff --git a/Xext/xselinux.h b/Xext/xselinux.h index e99f05b09..fef207adc 100644 --- a/Xext/xselinux.h +++ b/Xext/xselinux.h @@ -150,12 +150,13 @@ typedef struct { #define SECCLASS_X_SELECTION 7 #define SECCLASS_X_CURSOR 8 #define SECCLASS_X_CLIENT 9 -#define SECCLASS_X_DEVICE 10 -#define SECCLASS_X_SERVER 11 -#define SECCLASS_X_EXTENSION 12 -#define SECCLASS_X_EVENT 13 -#define SECCLASS_X_FAKEEVENT 14 -#define SECCLASS_X_RESOURCE 15 +#define SECCLASS_X_POINTER 10 +#define SECCLASS_X_KEYBOARD 11 +#define SECCLASS_X_SERVER 12 +#define SECCLASS_X_EXTENSION 13 +#define SECCLASS_X_EVENT 14 +#define SECCLASS_X_FAKEEVENT 15 +#define SECCLASS_X_RESOURCE 16 /* Mapping from DixAccess bits to Flask permissions */ static struct security_class_mapping map[] = { @@ -370,7 +371,37 @@ static struct security_class_mapping map[] = { "", /* DixUseAccess */ "manage", /* DixManageAccess */ NULL }}, - { "x_device", + { "x_pointer", + { "read", /* DixReadAccess */ + "write", /* DixWriteAccess */ + "destroy", /* DixDestroyAccess */ + "create", /* DixCreateAccess */ + "getattr", /* DixGetAttrAccess */ + "setattr", /* DixSetAttrAccess */ + "list_property", /* DixListPropAccess */ + "get_property", /* DixGetPropAccess */ + "set_property", /* DixSetPropAccess */ + "getfocus", /* DixGetFocusAccess */ + "setfocus", /* DixSetFocusAccess */ + "", /* DixListAccess */ + "add", /* DixAddAccess */ + "remove", /* DixRemoveAccess */ + "", /* DixHideAccess */ + "", /* DixShowAccess */ + "", /* DixBlendAccess */ + "grab", /* DixGrabAccess */ + "freeze", /* DixFreezeAccess */ + "force_cursor", /* DixForceAccess */ + "", /* DixInstallAccess */ + "", /* DixUninstallAccess */ + "", /* DixSendAccess */ + "", /* DixReceiveAccess */ + "use", /* DixUseAccess */ + "manage", /* DixManageAccess */ + "", /* DixDebugAccess */ + "bell", /* DixBellAccess */ + NULL }}, + { "x_keyboard", { "read", /* DixReadAccess */ "write", /* DixWriteAccess */ "destroy", /* DixDestroyAccess */ diff --git a/Xi/queryst.c b/Xi/queryst.c index 2ba1edb63..78b97a769 100644 --- a/Xi/queryst.c +++ b/Xi/queryst.c @@ -96,7 +96,7 @@ ProcXQueryDeviceState(ClientPtr client) rep.sequenceNumber = client->sequence; rc = dixLookupDevice(&dev, stuff->deviceid, client, DixReadAccess); - if (rc != Success) + if (rc != Success && rc != BadAccess) return rc; v = dev->valuator; @@ -130,8 +130,9 @@ ProcXQueryDeviceState(ClientPtr client) tk->length = sizeof(xKeyState); tk->num_keys = k->xkbInfo->desc->max_key_code - k->xkbInfo->desc->min_key_code + 1; - for (i = 0; i < 32; i++) - tk->keys[i] = k->down[i]; + if (rc != BadAccess) + for (i = 0; i < 32; i++) + tk->keys[i] = k->down[i]; buf += sizeof(xKeyState); } @@ -140,7 +141,8 @@ ProcXQueryDeviceState(ClientPtr client) tb->class = ButtonClass; tb->length = sizeof(xButtonState); tb->num_buttons = b->numButtons; - memcpy(tb->buttons, b->down, sizeof(b->down)); + if (rc != BadAccess) + memcpy(tb->buttons, b->down, sizeof(b->down)); buf += sizeof(xButtonState); } @@ -152,7 +154,9 @@ ProcXQueryDeviceState(ClientPtr client) tv->mode = v->mode; buf += sizeof(xValuatorState); for (i = 0, values = v->axisVal; i < v->numAxes; i++) { - *((int *)buf) = *values++; + if (rc != BadAccess) + *((int *)buf) = *values; + values++; if (client->swapped) { swapl((int *)buf, n); /* macro - braces needed */ } diff --git a/Xi/xiquerydevice.c b/Xi/xiquerydevice.c index 68d91fa87..435868de2 100644 --- a/Xi/xiquerydevice.c +++ b/Xi/xiquerydevice.c @@ -45,7 +45,8 @@ #include "xiquerydevice.h" static Bool ShouldSkipDevice(ClientPtr client, int deviceid, DeviceIntPtr d); -static int ListDeviceInfo(DeviceIntPtr dev, xXIDeviceInfo* info); +static int +ListDeviceInfo(ClientPtr client, DeviceIntPtr dev, xXIDeviceInfo* info); static int SizeDeviceInfo(DeviceIntPtr dev); static void SwapDeviceInfo(DeviceIntPtr dev, xXIDeviceInfo* info); int @@ -119,7 +120,7 @@ ProcXIQueryDevice(ClientPtr client) ptr = info; if (dev) { - len = ListDeviceInfo(dev, (xXIDeviceInfo*)info); + len = ListDeviceInfo(client, dev, (xXIDeviceInfo*)info); if (client->swapped) SwapDeviceInfo(dev, (xXIDeviceInfo*)info); info += len; @@ -131,7 +132,7 @@ ProcXIQueryDevice(ClientPtr client) { if (!skip[i]) { - len = ListDeviceInfo(dev, (xXIDeviceInfo*)info); + len = ListDeviceInfo(client, dev, (xXIDeviceInfo*)info); if (client->swapped) SwapDeviceInfo(dev, (xXIDeviceInfo*)info); info += len; @@ -143,7 +144,7 @@ ProcXIQueryDevice(ClientPtr client) { if (!skip[i]) { - len = ListDeviceInfo(dev, (xXIDeviceInfo*)info); + len = ListDeviceInfo(client, dev, (xXIDeviceInfo*)info); if (client->swapped) SwapDeviceInfo(dev, (xXIDeviceInfo*)info); info += len; @@ -240,7 +241,7 @@ SizeDeviceClasses(DeviceIntPtr dev) * @return Number of bytes written into info. */ int -ListButtonInfo(DeviceIntPtr dev, xXIButtonInfo* info) +ListButtonInfo(DeviceIntPtr dev, xXIButtonInfo* info, Bool reportState) { unsigned char *bits; int mask_len; @@ -257,9 +258,11 @@ ListButtonInfo(DeviceIntPtr dev, xXIButtonInfo* info) bits = (unsigned char*)&info[1]; memset(bits, 0, mask_len * 4); - for (i = 0; dev && dev->button && i < dev->button->numButtons; i++) - if (BitIsOn(dev->button->down, i)) - SetBit(bits, i); + if (reportState) + for (i = 0; dev && dev->button && i < dev->button->numButtons; i++) + if (BitIsOn(dev->button->down, i)) + SetBit(bits, i); + bits += mask_len * 4; memcpy(bits, dev->button->labels, dev->button->numButtons * sizeof(Atom)); @@ -327,7 +330,8 @@ SwapKeyInfo(DeviceIntPtr dev, xXIKeyInfo* info) * @return The number of bytes written into info. */ int -ListValuatorInfo(DeviceIntPtr dev, xXIValuatorInfo* info, int axisnumber) +ListValuatorInfo(DeviceIntPtr dev, xXIValuatorInfo* info, int axisnumber, + Bool reportState) { ValuatorClassPtr v = dev->valuator; @@ -345,6 +349,9 @@ ListValuatorInfo(DeviceIntPtr dev, xXIValuatorInfo* info, int axisnumber) info->mode = v->mode; /* Server doesn't have per-axis mode yet */ info->sourceid = v->sourceid; + if (!reportState) + info->value = info->min; + return info->length * 4; } @@ -389,7 +396,7 @@ int GetDeviceUse(DeviceIntPtr dev, uint16_t *attachment) * @return The number of bytes used. */ static int -ListDeviceInfo(DeviceIntPtr dev, xXIDeviceInfo* info) +ListDeviceInfo(ClientPtr client, DeviceIntPtr dev, xXIDeviceInfo* info) { char *any = (char*)&info[1]; int len = 0, total_len = 0; @@ -407,7 +414,8 @@ ListDeviceInfo(DeviceIntPtr dev, xXIDeviceInfo* info) any += len; total_len += len; - return total_len + ListDeviceClasses(dev, any, &info->num_classes); + total_len += ListDeviceClasses(client, dev, any, &info->num_classes); + return total_len; } /** @@ -416,16 +424,21 @@ ListDeviceInfo(DeviceIntPtr dev, xXIDeviceInfo* info) * written. */ int -ListDeviceClasses(DeviceIntPtr dev, char *any, uint16_t *nclasses) +ListDeviceClasses(ClientPtr client, DeviceIntPtr dev, + char *any, uint16_t *nclasses) { int total_len = 0; int len; int i; + int rc; + + /* Check if the current device state should be suppressed */ + rc = XaceHook(XACE_DEVICE_ACCESS, client, dev, DixReadAccess); if (dev->button) { (*nclasses)++; - len = ListButtonInfo(dev, (xXIButtonInfo*)any); + len = ListButtonInfo(dev, (xXIButtonInfo*)any, rc == Success); any += len; total_len += len; } @@ -441,7 +454,7 @@ ListDeviceClasses(DeviceIntPtr dev, char *any, uint16_t *nclasses) for (i = 0; dev->valuator && i < dev->valuator->numAxes; i++) { (*nclasses)++; - len = ListValuatorInfo(dev, (xXIValuatorInfo*)any, i); + len = ListValuatorInfo(dev, (xXIValuatorInfo*)any, i, rc == Success); any += len; total_len += len; } diff --git a/Xi/xiquerydevice.h b/Xi/xiquerydevice.h index 34e87bdde..02f06591e 100644 --- a/Xi/xiquerydevice.h +++ b/Xi/xiquerydevice.h @@ -37,9 +37,11 @@ int SProcXIQueryDevice(ClientPtr client); int ProcXIQueryDevice(ClientPtr client); void SRepXIQueryDevice(ClientPtr client, int size, xXIQueryDeviceReply *rep); int SizeDeviceClasses(DeviceIntPtr dev); -int ListDeviceClasses(DeviceIntPtr dev, char* any, uint16_t* nclasses); +int ListDeviceClasses(ClientPtr client, DeviceIntPtr dev, + char* any, uint16_t* nclasses); int GetDeviceUse(DeviceIntPtr dev, uint16_t *attachment); -int ListButtonInfo(DeviceIntPtr dev, xXIButtonInfo* info); +int ListButtonInfo(DeviceIntPtr dev, xXIButtonInfo* info, Bool reportState); int ListKeyInfo(DeviceIntPtr dev, xXIKeyInfo* info); -int ListValuatorInfo(DeviceIntPtr dev, xXIValuatorInfo* info, int axisnumber); +int ListValuatorInfo(DeviceIntPtr dev, xXIValuatorInfo* info, + int axisnumber, Bool reportState); #endif /* QUERYDEV_H */ diff --git a/dix/devices.c b/dix/devices.c index e86e606c0..6a7907399 100644 --- a/dix/devices.c +++ b/dix/devices.c @@ -2221,12 +2221,15 @@ ProcQueryKeymap(ClientPtr client) rep.length = 2; rc = XaceHook(XACE_DEVICE_ACCESS, client, keybd, DixReadAccess); - if (rc != Success) + if (rc != Success && rc != BadAccess) return rc; for (i = 0; i<32; i++) rep.map[i] = down[i]; + if (rc == BadAccess) + memset(rep.map, 0, 32); + WriteReplyToClient(client, sizeof(xQueryKeymapReply), &rep); return Success; diff --git a/dix/events.c b/dix/events.c index 8f63d3381..1b40ba511 100644 --- a/dix/events.c +++ b/dix/events.c @@ -2498,15 +2498,15 @@ DeliverDeviceEvents(WindowPtr pWin, InternalEvent *event, GrabPtr grab, if (mask & XI_MASK) { rc = EventToXI(event, &xE, &count); - if (rc == Success && - XaceHook(XACE_SEND_ACCESS, NULL, dev, pWin, xE, count) == Success) - { - filter = GetEventFilter(dev, xE); - FixUpEventFromWindow(dev, xE, pWin, child, FALSE); - deliveries = DeliverEventsToWindow(dev, pWin, xE, count, - filter, grab); - if (deliveries > 0) - goto unwind; + if (rc == Success) { + if (XaceHook(XACE_SEND_ACCESS, NULL, dev, pWin, xE, count) == Success) { + filter = GetEventFilter(dev, xE); + FixUpEventFromWindow(dev, xE, pWin, child, FALSE); + deliveries = DeliverEventsToWindow(dev, pWin, xE, count, + filter, grab); + if (deliveries > 0) + goto unwind; + } } else if (rc != BadMatch) ErrorF("[dix] %s: XI conversion failed in DDE (%d, %d). Skipping delivery.\n", dev->name, event->any.type, rc); @@ -2516,15 +2516,15 @@ DeliverDeviceEvents(WindowPtr pWin, InternalEvent *event, GrabPtr grab, if ((mask & CORE_MASK) && IsMaster(dev) && dev->coreEvents) { rc = EventToCore(event, &core); - if (rc == Success && - XaceHook(XACE_SEND_ACCESS, NULL, dev, pWin, &core, 1) == Success) - { - filter = GetEventFilter(dev, &core); - FixUpEventFromWindow(dev, &core, pWin, child, FALSE); - deliveries = DeliverEventsToWindow(dev, pWin, &core, 1, - filter, grab); - if (deliveries > 0) - goto unwind; + if (rc == Success) { + if (XaceHook(XACE_SEND_ACCESS, NULL, dev, pWin, &core, 1) == Success) { + filter = GetEventFilter(dev, &core); + FixUpEventFromWindow(dev, &core, pWin, child, FALSE); + deliveries = DeliverEventsToWindow(dev, pWin, &core, 1, + filter, grab); + if (deliveries > 0) + goto unwind; + } } else if (rc != BadMatch) ErrorF("[dix] %s: Core conversion failed in DDE (%d, %d).\n", dev->name, event->any.type, rc); @@ -3804,13 +3804,13 @@ DeliverFocusedEvent(DeviceIntPtr keybd, InternalEvent *event, WindowPtr window) if (sendCore) { rc = EventToCore(event, &core); - if (rc == Success && - XaceHook(XACE_SEND_ACCESS, NULL, keybd, focus, &core, 1) == Success) - { - FixUpEventFromWindow(keybd, &core, focus, None, FALSE); - deliveries = DeliverEventsToWindow(keybd, focus, &core, 1, - GetEventFilter(keybd, &core), - NullGrab); + if (rc == Success) { + if (XaceHook(XACE_SEND_ACCESS, NULL, keybd, focus, &core, 1) == Success) { + FixUpEventFromWindow(keybd, &core, focus, None, FALSE); + deliveries = DeliverEventsToWindow(keybd, focus, &core, 1, + GetEventFilter(keybd, &core), + NullGrab); + } } else if (rc != BadMatch) ErrorF("[dix] %s: core conversion failed DFE (%d, %d). Skipping delivery.\n", keybd->name, event->any.type, rc); @@ -4974,7 +4974,7 @@ ProcQueryPointer(ClientPtr client) if (rc != Success) return rc; rc = XaceHook(XACE_DEVICE_ACCESS, client, mouse, DixReadAccess); - if (rc != Success) + if (rc != Success && rc != BadAccess) return rc; keyboard = GetPairedDevice(mouse); @@ -5022,6 +5022,15 @@ ProcQueryPointer(ClientPtr client) } #endif + if (rc == BadAccess) { + rep.mask = 0; + rep.child = None; + rep.rootX = 0; + rep.rootY = 0; + rep.winX = 0; + rep.winY = 0; + } + WriteReplyToClient(client, sizeof(xQueryPointerReply), &rep); return(Success); diff --git a/include/dix.h b/include/dix.h index b1edb6c46..9fd2ed8f8 100644 --- a/include/dix.h +++ b/include/dix.h @@ -587,8 +587,8 @@ typedef struct { extern int XItoCoreType(int xi_type); extern Bool DevHasCursor(DeviceIntPtr pDev); -extern Bool IsPointerDevice( DeviceIntPtr dev); -extern Bool IsKeyboardDevice(DeviceIntPtr dev); +extern Bool _X_EXPORT IsPointerDevice( DeviceIntPtr dev); +extern Bool _X_EXPORT IsKeyboardDevice(DeviceIntPtr dev); extern Bool IsPointerEvent(InternalEvent *event); extern Bool IsMaster(DeviceIntPtr dev); @@ -554,7 +554,7 @@ ProcXkbGetState(ClientPtr client) if (!(client->xkbClientFlags&_XkbClientInitialized)) return BadAccess; - CHK_KBD_DEVICE(dev, stuff->deviceSpec, client, DixReadAccess); + CHK_KBD_DEVICE(dev, stuff->deviceSpec, client, DixGetAttrAccess); xkb= &dev->key->xkbInfo->state; bzero(&rep,sizeof(xkbGetStateReply)); |