Merge branch 'master' of git+ssh://git.freedesktop.org/git/xorg/xserver into input-hotplug

2 files changed, 12 insertions, 14 deletions

diff --git a/os/access.c b/os/access.c
index 69e305182..cdb17589c 100644
--- a/os/access.c
+++ b/os/access.c
@@ -202,8 +202,8 @@ SOFTWARE.
 #include "dixstruct.h"
 #include "osdep.h"
 
-#ifdef XCSECURITY
-#include "securitysrv.h"
+#ifdef XACE
+#include "xace.h"
 #endif
 
 #ifndef PATH_MAX
@@ -1386,15 +1386,6 @@ _X_EXPORT Bool LocalClient(ClientPtr client)
     pointer		addr;
     register HOST	*host;
 
-#ifdef XCSECURITY
-    /* untrusted clients can't change host access */
-    if (client->trustLevel != XSecurityClientTrusted)
-    {
-	SecurityAudit("client %d attempted to change host access\n",
-		      client->index);
-	return FALSE;
-    }
-#endif
     if (!_XSERVTransGetPeerAddr (((OsCommPtr)client->osPrivate)->trans_conn,
 	&notused, &alen, &from))
     {
@@ -1537,6 +1528,11 @@ AuthorizedClient(ClientPtr client)
 {
     if (!client || defeatAccessControl)
 	return TRUE;
+#ifdef XACE
+    /* untrusted clients can't change host access */
+    if (!XaceHook(XACE_HOSTLIST_ACCESS, client, SecurityWriteAccess))
+	return FALSE;
+#endif
     return LocalClient(client);
 }
 
diff --git a/os/connection.c b/os/connection.c
index ef0578908..687f27f95 100644
--- a/os/connection.c
+++ b/os/connection.c
@@ -148,6 +148,9 @@ extern __const__ int _nfiles;
 #ifdef XAPPGROUP
 #include "appgroup.h"
 #endif
+#ifdef XACE
+#include "xace.h"
+#endif
 #ifdef XCSECURITY
 #include "securitysrv.h"
 #endif
@@ -690,9 +693,8 @@ ClientAuthorized(ClientPtr client,
     /* indicate to Xdmcp protocol that we've opened new client */
     XdmcpOpenDisplay(priv->fd);
 #endif /* XDMCP */
-#ifdef XAPPGROUP
-    if (ClientStateCallback)
-        XagCallClientStateChange (client);
+#ifdef XACE
+    XaceHook(XACE_AUTH_AVAIL, client, auth_id);
 #endif
     /* At this point, if the client is authorized to change the access control
      * list, we should getpeername() information, and add the client to