xace: Remove the audit hooks and tune dispatch

There are no in-tree consumers of the audit hooks, and they are in any case redundant with the dtrace dispatch hooks. Neither is there any in-tree user of the core request dispatch hook. The extension hook is only used for non-default security cases, but in the absence of LTO we always have to take the function call into XaceHookDispatch to find out that there's no callback registered. Cc: Eamon Walsh <ewalsh@tycho.nsa.gov> Signed-off-by: Adam Jackson <ajax@redhat.com> Reviewed-by: Keith Packard <keithp@keithp.com>
author: Adam Jackson <ajax@redhat.com> 2016-04-29 14:22:52 -0400
committer: Adam Jackson <ajax@redhat.com> 2016-06-10 13:26:19 -0400
commit: 6cb34816afa95d9214199c363f9b4bb5ecbae77b (patch)
tree: e238564ed4559eb1b504cf0912075f587296a29f /Xext
parent: da9fec4eddd554b4b709ba58b4436aef5a76cd51 (diff)
2 files changed, 14 insertions, 33 deletions
diff --git a/Xext/xace.c b/Xext/xace.c
index fcb38db8c..91c74d591 100644
--- a/Xext/xace.c
+++ b/Xext/xace.c
@@ -33,28 +33,17 @@ _X_EXPORT CallbackListPtr XaceHooks[XACE_NUM_HOOKS] = { 0 };
 
 /* Special-cased hook functions.  Called by Xserver.
  */
+#undef XaceHookDispatch
 int
 XaceHookDispatch(ClientPtr client, int major)
 {
-    /* Call the audit begin callback, there is no return value. */
-    XaceAuditRec rec = { client, 0 };
-    CallCallbacks(&XaceHooks[XACE_AUDIT_BEGIN], &rec);
-
-    if (major < 128) {
-        /* Call the core dispatch hook */
-        XaceCoreDispatchRec drec = { client, Success /* default allow */  };
-        CallCallbacks(&XaceHooks[XACE_CORE_DISPATCH], &drec);
-        return drec.status;
-    }
-    else {
-        /* Call the extension dispatch hook */
-        ExtensionEntry *ext = GetExtensionEntry(major);
-        XaceExtAccessRec erec = { client, ext, DixUseAccess, Success };
-        if (ext)
-            CallCallbacks(&XaceHooks[XACE_EXT_DISPATCH], &erec);
-        /* On error, pretend extension doesn't exist */
-        return (erec.status == Success) ? Success : BadRequest;
-    }
+    /* Call the extension dispatch hook */
+    ExtensionEntry *ext = GetExtensionEntry(major);
+    XaceExtAccessRec erec = { client, ext, DixUseAccess, Success };
+    if (ext)
+        CallCallbacks(&XaceHooks[XACE_EXT_DISPATCH], &erec);
+    /* On error, pretend extension doesn't exist */
+    return (erec.status == Success) ? Success : BadRequest;
 }
 
 int
@@ -74,14 +63,6 @@ XaceHookSelectionAccess(ClientPtr client, Selection ** ppSel, Mask access_mode)
     return rec.status;
 }
 
-void
-XaceHookAuditEnd(ClientPtr ptr, int result)
-{
-    XaceAuditRec rec = { ptr, result };
-    /* call callbacks, there is no return value. */
-    CallCallbacks(&XaceHooks[XACE_AUDIT_END], &rec);
-}
-
 /* Entry point for hook functions.  Called by Xserver.
  */
 int
diff --git a/Xext/xace.h b/Xext/xace.h
index 6a8d0c4bd..8c8723288 100644
--- a/Xext/xace.h
+++ b/Xext/xace.h
@@ -52,9 +52,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #define XACE_SCREENSAVER_ACCESS		12
 #define XACE_AUTH_AVAIL			13
 #define XACE_KEY_AVAIL			14
-#define XACE_AUDIT_BEGIN		15
-#define XACE_AUDIT_END			16
-#define XACE_NUM_HOOKS			17
+#define XACE_NUM_HOOKS			15
 
 extern _X_EXPORT CallbackListPtr XaceHooks[XACE_NUM_HOOKS];
 
@@ -71,12 +69,16 @@ extern _X_EXPORT int XaceHookIsSet(int hook);
 /* Special-cased hook functions
  */
 extern _X_EXPORT int XaceHookDispatch(ClientPtr ptr, int major);
+#define XaceHookDispatch(c, m) \
+    ((XaceHooks[XACE_EXT_DISPATCH] && (m) >= EXTENSION_BASE) ? \
+    XaceHookDispatch((c), (m)) : \
+    Success)
+
 extern _X_EXPORT int XaceHookPropertyAccess(ClientPtr ptr, WindowPtr pWin,
                                             PropertyPtr *ppProp,
                                             Mask access_mode);
 extern _X_EXPORT int XaceHookSelectionAccess(ClientPtr ptr, Selection ** ppSel,
                                              Mask access_mode);
-extern _X_EXPORT void XaceHookAuditEnd(ClientPtr ptr, int result);
 
 /* Register a callback for a given hook.
  */
@@ -116,7 +118,6 @@ extern _X_EXPORT void XaceCensorImage(ClientPtr client,
 #define XaceHookDispatch(args...) Success
 #define XaceHookPropertyAccess(args...) Success
 #define XaceHookSelectionAccess(args...) Success
-#define XaceHookAuditEnd(args...) { ; }
 #define XaceCensorImage(args...) { ; }
 #else
 #define XaceHook(...) Success
@@ -124,7 +125,6 @@ extern _X_EXPORT void XaceCensorImage(ClientPtr client,
 #define XaceHookDispatch(...) Success
 #define XaceHookPropertyAccess(...) Success
 #define XaceHookSelectionAccess(...) Success
-#define XaceHookAuditEnd(...) { ; }
 #define XaceCensorImage(...) { ; }
 #endif
author	Adam Jackson <ajax@redhat.com>	2016-04-29 14:22:52 -0400
committer	Adam Jackson <ajax@redhat.com>	2016-06-10 13:26:19 -0400
commit	6cb34816afa95d9214199c363f9b4bb5ecbae77b (patch)
tree	e238564ed4559eb1b504cf0912075f587296a29f /Xext
parent	da9fec4eddd554b4b709ba58b4436aef5a76cd51 (diff)