upstream/oracle/x-cons/x-s11-update-clone: open-src/xserver/xorg/sun-src/tsol/tsolpolicy.c@c21b46ed1efd (annotated)

98 c21b46ed1efd 6489660 Xorg server 7.2 [PSARC 2007/051] Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: 73 diff changeset	1	/* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2	*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3	* Permission is hereby granted, free of charge, to any person obtaining a
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	4	* copy of this software and associated documentation files (the
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	5	* "Software"), to deal in the Software without restriction, including
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	6	* without limitation the rights to use, copy, modify, merge, publish,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	7	* distribute, and/or sell copies of the Software, and to permit persons
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	8	* to whom the Software is furnished to do so, provided that the above
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	9	* copyright notice(s) and this permission notice appear in all copies of
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	10	* the Software and that both the above copyright notice(s) and this
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	11	* permission notice appear in supporting documentation.
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	12	*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	13	* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	14	* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	15	* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	16	* OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	17	* HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	18	* INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	19	* FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	20	* NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	21	* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	22	*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	23	* Except as contained in this notice, the name of a copyright holder
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	24	* shall not be used in advertising or otherwise to promote the sale, use
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	25	* or other dealings in this Software without prior written authorization
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	26	* of the copyright holder.
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	27	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	28
98 c21b46ed1efd 6489660 Xorg server 7.2 [PSARC 2007/051] Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: 73 diff changeset	29	#pragma ident "@(#)tsolpolicy.c 1.15 07/01/24 SMI"
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	30
98 c21b46ed1efd 6489660 Xorg server 7.2 [PSARC 2007/051] Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: 73 diff changeset	31	#ifdef HAVE_DIX_CONFIG_H
c21b46ed1efd 6489660 Xorg server 7.2 [PSARC 2007/051] Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: 73 diff changeset	32	#include <dix-config.h>
c21b46ed1efd 6489660 Xorg server 7.2 [PSARC 2007/051] Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: 73 diff changeset	33	#endif
c21b46ed1efd 6489660 Xorg server 7.2 [PSARC 2007/051] Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: 73 diff changeset	34
c21b46ed1efd 6489660 Xorg server 7.2 [PSARC 2007/051] Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: 73 diff changeset	35	#include <X11/X.h>
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	36	#define NEED_REPLIES
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	37	#define NEED_EVENTS
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	38	#include <stdio.h>
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	39	#include <sys/types.h>
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	40	#include <unistd.h>
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	41	#include <bsm/auditwrite.h>
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	42	#include <bsm/audit_kevents.h>
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	43	#include <bsm/audit_uevents.h>
98 c21b46ed1efd 6489660 Xorg server 7.2 [PSARC 2007/051] Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: 73 diff changeset	44	#include <X11/Xproto.h>
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	45	#include "misc.h"
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	46	#include "scrnintstr.h"
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	47	#include "os.h"
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	48	#include "regionstr.h"
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	49	#include "validate.h"
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	50	#include "windowstr.h"
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	51	#include "propertyst.h"
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	52	#include "input.h"
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	53	#include "inputstr.h"
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	54	#include "resource.h"
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	55	#include "colormapst.h"
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	56	#include "cursorstr.h"
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	57	#include "dixstruct.h"
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	58	#include "selection.h"
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	59	#include "gcstruct.h"
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	60	#include "servermd.h"
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	61	#include <syslog.h>
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	62	#include "tsolinfo.h"
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	63	#include "tsolpolicy.h"
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	64
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	65	static priv_set_t *pset_win_mac_read = NULL;
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	66	static priv_set_t *pset_win_mac_write = NULL;
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	67	static priv_set_t *pset_win_dac_read = NULL;
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	68	static priv_set_t *pset_win_dac_write = NULL;
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	69	static priv_set_t *pset_win_config = NULL;
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	70	static priv_set_t *pset_win_devices = NULL;
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	71	static priv_set_t *pset_win_fontpath = NULL;
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	72	static priv_set_t *pset_win_colormap = NULL;
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	73	static priv_set_t *pset_win_upgrade_sl = NULL;
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	74	static priv_set_t *pset_win_downgrade_sl = NULL;
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	75	static priv_set_t *pset_win_selection = NULL;
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	76
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	77	extern TsolInfoPtr GetClientTsolInfo();
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	78	extern int tsolWindowPrivateIndex;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	79	extern int tsolPixmapPrivateIndex;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	80	extern WindowPtr TsolPointerWindow();
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	81	extern char *NameForAtom(Atom atom);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	82	extern char xsltos(bslabel_t sl);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	83	extern char *ProtoNames[];
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	84	extern InputInfo inputInfo;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	85
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	86	extern unsigned long tsoldebug; /* from tsolutils.c */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	87	extern Bool priv_win_colormap;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	88	extern Bool priv_win_config;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	89	extern Bool priv_win_devices;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	90	extern Bool priv_win_dga;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	91	extern Bool priv_win_fontpath;
73 8877ee2f6c6d 6473751 [tjds] image capture in tjds is corrupt Lokanath Das <Lokanath.Das@Sun.COM> parents: 64 diff changeset	92	extern int tsolMultiLevel;
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	93
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	94	#define SAMECLIENT(client, xid) ((client)->index == CLIENT_ID(xid))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	95
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	96	int access_xid(xresource_t res, xmethod_t method, void *resource,
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	97	void subject, xpolicy_t policy_flags, void misc,
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	98	RESTYPE res_type, priv_set_t *which_priv);
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	99
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	100	int check_priv(xresource_t res, xmethod_t method, void *resource,
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	101	void subject, xpolicy_t policy_flags, void misc, priv_set_t *priv);
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	102
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	103	#ifdef DEBUG
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	104
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	105	int xtsol_debug = XTSOL_FAIL; /* set it to 0 if no logging is required */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	106	void XTsolErr(char err_type, int protocol, bslabel_t osl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	107	uid_t ouid, pid_t opid, char *opname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	108	bslabel_t *ssl, uid_t suid, pid_t spid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	109	char spname, char method, int isstring, void *xid);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	110
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	111	#define XTSOLERR(err_type, protocol, osl, ouid, opid, opname,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	112	ssl, suid, spid, spname, method, xid)\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	113	(void) XTsolErr(err_type, protocol, osl, ouid, opid,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	114	opname, ssl, suid, spid, spname, method,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	115	0, (void *) xid)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	116	#define SXTSOLERR(err_type, protocol, osl, ouid, opid, opname,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	117	ssl, suid, spid, spname, method, xid)\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	118	(void) XTsolErr(err_type, protocol, osl, ouid, opid,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	119	opname, ssl, suid, spid, spname,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	120	method, 1, (void *) xid)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	121	#else /* !DEBUG */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	122	#define XTSOLERR(err_type, protocol, osl, ouid, opid, opname,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	123	ssl, suid, spid, spname, method, xid)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	124	#define SXTSOLERR(err_type, protocol, osl, ouid, opid, opname,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	125	ssl, suid, spid, spname, method, xid)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	126	#endif /* DEBUG */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	127
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	128	int object_float(TsolInfoPtr, WindowPtr);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	129
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	130	static void
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	131	set_audit_flags(TsolInfoPtr tsolinfo)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	132	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	133	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	134	tsolinfo->flags &= ~TSOL_AUDITEVENT;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	135	if (!(tsolinfo->flags & TSOL_DOXAUDIT))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	136	tsolinfo->flags \|= TSOL_DOXAUDIT;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	137
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	138	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	139
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	140	static void
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	141	unset_audit_flags(TsolInfoPtr tsolinfo)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	142	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	143	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	144	tsolinfo->flags &= ~TSOL_AUDITEVENT;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	145	if (tsolinfo->flags & TSOL_DOXAUDIT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	146	tsolinfo->flags &= ~TSOL_DOXAUDIT;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	147
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	148	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	149
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	150	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	151	* return 1 for success and 0 for failure
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	152	* this routine contains the privd debugging for the system
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	153	* as well as auditing the success or failure of use of priv.
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	154	* Priv debugging will be done later TBD
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	155	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	156
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	157	int
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	158	xpriv_policy(priv_set_t set, priv_set_t priv, xresource_t res,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	159	xmethod_t method, void *subject, Bool do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	160	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	161	int i;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	162	static int logopened = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	163	int status = 0;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	164	int audit_status = 0;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	165	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	166	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	167
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	168	if (priv_issubset(priv, set))
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	169	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	170	status = 1;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	171	audit_status = 1;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	172	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	173	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	174	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	175	audit_status = 0;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	176	if (!logopened)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	177	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	178	/* LOG_USER doesn't work */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	179	openlog("xsun", 0, LOG_LOCAL0);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	180	logopened = TRUE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	181	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	182	/* if priv debugging is on, allow this priv to succeed */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	183	if (tsolinfo->priv_debug)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	184	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	185	#ifdef DEBUG
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	186	ErrorF("%s:Allowed priv %ld\n", tsolinfo->pname, priv);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	187	#endif /* DEBUG */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	188	syslog(LOG_DEBUG\|LOG_LOCAL0,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	189	"DEBUG: %s pid %ld lacking privilege %d to %d %d",
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	190	"xclient", tsolinfo->pid, priv, method, res);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	191	status = 1;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	192	audit_status = 1;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	193	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	194	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	195	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	196	auditwrite(AW_USEOFPRIV, audit_status, priv, AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	197	return (status);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	198	} /* xpriv_policy */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	199
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	200
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	201	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	202	* The read/modify window policy are for window attributes & not
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	203	* for window contents. read/modify pixel handle the contents policy
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	204	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	205	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	206	* read_window
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	207	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	208	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	209	read_window(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	210	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	211	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	212	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	213	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	214	int err_code = BadWindow;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	215	WindowPtr pWin = resource;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	216	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	217	ClientPtr ownerclient;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	218	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	219	TsolInfoPtr tsolownerinfo; /client who owns the window /
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	220	TsolResPtr tsolres =
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	221	(TsolResPtr)(pWin->devPrivates[tsolWindowPrivateIndex].ptr);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	222
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	223	ownerclient = clients[CLIENT_ID(pWin->drawable.id)];
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	224	tsolownerinfo = GetClientTsolInfo(ownerclient);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	225	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	226	* Anyone can read RootWindow attributes
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	227	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	228	if (WindowIsRoot(pWin))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	229	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	230	return (PASSED);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	231	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	232	/* optimization based on client id */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	233	if (SAMECLIENT(client, pWin->drawable.id))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	234	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	235	return PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	236	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	237	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	238	* MAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	239	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	240	if (policy_flags & TSOL_MAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	241	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	242	if (!(blequal(tsolinfo->sl, tsolres->sl)))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	243	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	244	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	245	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	246	if (xpriv_policy(tsolinfo->privs, pset_win_mac_read,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	247	res, method, client, do_audit) \|\|
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	248	(tsolownerinfo && HasWinSelection(tsolownerinfo)))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	249	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	250	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	251	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	252	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	253	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	254	XTSOLERR("mac", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	255	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	256	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	257	tsolinfo->pname, "read window", pWin->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	258	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	259	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	260	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	261	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	262	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	263	* DAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	264	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	265	if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	266	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	267	/* uid == DEF_UID means public window, shared read */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	268	if (!(XTSOLTrusted(pWin) \|\|
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	269	tsolres->uid == DEF_UID \|\|
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	270	tsolinfo->uid == tsolres->uid))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	271	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	272	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	273	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	274	if (xpriv_policy(tsolinfo->privs, pset_win_dac_read,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	275	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	276	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	277	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	278	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	279	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	280	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	281	XTSOLERR("dac", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	282	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	283	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	284	tsolinfo->pname, "read window", pWin->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	285	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	286	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	287	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	288	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	289	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	290	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	291	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	292	auditwrite(AW_XWINDOW, pWin->drawable.id, tsolres->uid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	293	AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	294	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	295	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	296	} /* read_window */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	297
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	298	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	299	* modify_window
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	300	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	301	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	302	modify_window(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	303	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	304	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	305	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	306	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	307	int err_code = BadWindow;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	308	WindowPtr pWin = resource;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	309	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	310	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	311	TsolResPtr tsolres =
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	312	(TsolResPtr)(pWin->devPrivates[tsolWindowPrivateIndex].ptr);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	313
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	314	/* optimization based on client id */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	315	if (SAMECLIENT(client, pWin->drawable.id))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	316	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	317	return PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	318	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	319	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	320	* Trusted Path Windows require Trusted Path attrib
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	321	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	322	if (XTSOLTrusted(pWin) && !HasTrustedPath(tsolinfo))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	323	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	324	XTSOLERR("tp", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	325	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	326	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	327	tsolinfo->pname, "modify window", pWin->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	328	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	329	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	330	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	331	* MAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	332	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	333	if ((ret_stat == PASSED) && policy_flags & TSOL_MAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	334	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	335	if (!blequal(tsolinfo->sl, tsolres->sl))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	336	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	337	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	338	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	339	if (xpriv_policy(tsolinfo->privs, pset_win_mac_write,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	340	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	341	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	342	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	343	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	344	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	345	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	346	XTSOLERR("mac", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	347	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	348	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	349	tsolinfo->pname, "modify window", pWin->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	350	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	351	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	352	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	353	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	354	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	355	* DAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	356	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	357	if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	358	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	359	if (tsolinfo->uid != tsolres->uid)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	360	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	361	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	362	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	363	if (xpriv_policy(tsolinfo->privs, pset_win_dac_write,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	364	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	365	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	366	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	367	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	368	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	369	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	370	XTSOLERR("dac", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	371	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	372	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	373	tsolinfo->pname, "modify window", pWin->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	374	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	375	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	376	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	377	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	378
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	379	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	380	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	381	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	382	auditwrite(AW_XWINDOW, pWin->drawable.id, tsolres->uid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	383	AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	384	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	385	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	386	} /* modify_window */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	387
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	388	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	389	* create_window
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	390	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	391	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	392	create_window(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	393	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	394	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	395	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	396	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	397	int err_code = BadWindow;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	398	WindowPtr pWin = resource; /* parent window */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	399	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	400	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	401	TsolResPtr tsolres =
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	402	(TsolResPtr)(pWin->devPrivates[tsolWindowPrivateIndex].ptr);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	403
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	404	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	405	* Anyone can create a child of root window
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	406	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	407	if (WindowIsRoot(pWin))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	408	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	409	return (PASSED);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	410	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	411	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	412	* Trusted Path Windows required Trusted Path attrib
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	413	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	414	if (XTSOLTrusted(pWin))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	415	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	416	if (!HasTrustedPath(tsolinfo))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	417	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	418	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	419	XTSOLERR("tp", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	420	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	421	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	422	tsolinfo->pname, "create window", pWin->drawable.id); */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	423	return (err_code);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	424	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	425	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	426	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	427	* MAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	428	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	429	if (policy_flags & TSOL_MAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	430	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	431	if (!blequal(tsolinfo->sl, tsolres->sl))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	432	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	433	if (!SAMECLIENT(client, pWin->parent->drawable.id) &&
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	434	(tsolinfo->flags & TSOL_AUDITEVENT))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	435	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	436	do_audit = TRUE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	437	}
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	438	if (xpriv_policy(tsolinfo->privs, pset_win_mac_write,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	439	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	440	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	441	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	442	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	443	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	444	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	445	XTSOLERR("mac", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	446	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	447	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	448	tsolinfo->pname, "create window", pWin->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	449	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	450	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	451	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	452	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	453	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	454	* DAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	455	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	456	if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	457	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	458	if (tsolinfo->uid != tsolres->uid)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	459	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	460	if (!SAMECLIENT(client, pWin->parent->drawable.id) &&
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	461	(tsolinfo->flags & TSOL_AUDITEVENT))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	462	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	463	do_audit = TRUE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	464	}
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	465	if (xpriv_policy(tsolinfo->privs, pset_win_dac_write,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	466	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	467	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	468	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	469	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	470	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	471	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	472	XTSOLERR("dac", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	473	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	474	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	475	tsolinfo->pname, "create window", pWin->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	476	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	477	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	478	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	479	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	480	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	481	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	482	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	483	auditwrite(AW_XWINDOW, pWin->drawable.id, tsolres->uid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	484	AW_SLABEL, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	485	AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	486	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	487
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	488	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	489	} /* create_window */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	490
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	491	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	492	* destroy_window
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	493	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	494	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	495	destroy_window(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	496	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	497	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	498	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	499	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	500	int err_code = BadWindow;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	501	WindowPtr pWin = resource;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	502	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	503	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	504	TsolResPtr tsolres =
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	505	(TsolResPtr)(pWin->devPrivates[tsolWindowPrivateIndex].ptr);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	506
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	507	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	508	* Trusted Path Windows required Trusted Path attrib
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	509	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	510	if (XTSOLTrusted(pWin))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	511	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	512	if (!HasTrustedPath(tsolinfo))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	513	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	514	XTSOLERR("tp", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	515	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	516	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	517	tsolinfo->pname, "destroy window", pWin->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	518	return (err_code);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	519	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	520	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	521	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	522	* MAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	523	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	524	if (policy_flags & TSOL_MAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	525	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	526	if (!blequal(tsolinfo->sl, tsolres->sl))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	527	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	528	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	529	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	530	if (xpriv_policy(tsolinfo->privs, pset_win_mac_write,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	531	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	532	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	533	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	534	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	535	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	536	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	537	XTSOLERR("mac", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	538	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	539	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	540	tsolinfo->pname, "destroy window", pWin->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	541	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	542	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	543	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	544	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	545	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	546	* DAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	547	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	548	if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	549	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	550	if (tsolinfo->uid != tsolres->uid \|\|
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	551	!same_client(client, pWin->drawable.id))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	552	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	553	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	554	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	555	if (xpriv_policy(tsolinfo->privs, pset_win_dac_write,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	556	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	557	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	558	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	559	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	560	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	561	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	562	XTSOLERR("dac", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	563	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	564	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	565	tsolinfo->pname, "destroy window", pWin->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	566	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	567	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	568	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	569	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	570	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	571	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	572	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	573	auditwrite(AW_XWINDOW, pWin->drawable.id, tsolres->uid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	574	AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	575	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	576	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	577	} /* destroy_window */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	578
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	579	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	580	* read_pixel: used for reading contents of drawable like GetImage
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	581	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	582	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	583	read_pixel(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	584	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	585	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	586	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	587	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	588	int err_code = BadDrawable;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	589	int obj_code = 0;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	590	XID obj_id = (XID)NULL;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	591	DrawablePtr pDraw = resource;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	592	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	593	PixmapPtr pMap = NullPixmap;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	594	WindowPtr pWin = NullWindow;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	595	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	596	TsolResPtr tsolres;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	597
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	598	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	599	* Public/default objects check here
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	600	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	601
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	602	if (pDraw->type == DRAWABLE_WINDOW)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	603	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	604	pWin = (WindowPtr)LookupWindow(pDraw->id, client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	605	if (pWin == NULL)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	606	return (PASSED); /* server will handle bad params */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	607	tsolres = (TsolResPtr)(pWin->devPrivates[tsolWindowPrivateIndex].ptr);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	608	obj_code = AW_XWINDOW;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	609	obj_id = pWin->drawable.id;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	610	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	611	else if (pDraw->type == DRAWABLE_PIXMAP)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	612	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	613	pMap = (PixmapPtr)LookupIDByType(pDraw->id, RT_PIXMAP);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	614	if (pMap == NULL)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	615	return (PASSED); /* server will handle bad params */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	616	tsolres = (TsolResPtr)(pMap->devPrivates[tsolPixmapPrivateIndex].ptr);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	617	obj_code = AW_XPIXMAP;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	618	obj_id = pMap->drawable.id;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	619	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	620	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	621	return (PASSED); /* UNDRAWABLE_WINDOW */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	622
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	623	/* based on client id bypass MAC/DAC */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	624	if (!SAMECLIENT(client, pDraw->id))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	625	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	626	/*
73 8877ee2f6c6d 6473751 [tjds] image capture in tjds is corrupt Lokanath Das <Lokanath.Das@Sun.COM> parents: 64 diff changeset	627	* Client must have Trusted Path to access root window
8877ee2f6c6d 6473751 [tjds] image capture in tjds is corrupt Lokanath Das <Lokanath.Das@Sun.COM> parents: 64 diff changeset	628	* in multilevel desktop.
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	629	*/
73 8877ee2f6c6d 6473751 [tjds] image capture in tjds is corrupt Lokanath Das <Lokanath.Das@Sun.COM> parents: 64 diff changeset	630	if (tsolMultiLevel && DrawableIsRoot(pDraw) &&
8877ee2f6c6d 6473751 [tjds] image capture in tjds is corrupt Lokanath Das <Lokanath.Das@Sun.COM> parents: 64 diff changeset	631	!HasTrustedPath(tsolinfo))
64 c03273ff2fb9 6426302 [tjds] capturing screen using sdtimage crashes Xserver Lokanath Das <Lokanath.Das@Sun.COM> parents: 36 diff changeset	632	return (err_code);
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	633	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	634	* MAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	635	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	636	if (policy_flags & TSOL_MAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	637	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	638	if (!bldominates(tsolinfo->sl, tsolres->sl))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	639	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	640	if (!(tsolinfo->flags & MAC_READ_AUDITED) &&
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	641	(tsolinfo->flags & TSOL_AUDITEVENT))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	642	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	643	do_audit = TRUE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	644	tsolinfo->flags \|= MAC_READ_AUDITED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	645	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	646	/* PRIV override? */
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	647	if (xpriv_policy(tsolinfo->privs, pset_win_mac_read,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	648	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	649	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	650	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	651	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	652	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	653	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	654	XTSOLERR("mac", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	655	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	656	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	657	tsolinfo->pname, "read pixel", pDraw->id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	658	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	659	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	660	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	661	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	662	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	663	* DAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	664	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	665	if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	666	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	667	if (tsolinfo->uid != tsolres->uid)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	668	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	669	if (!(tsolinfo->flags & DAC_READ_AUDITED) &&
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	670	(tsolinfo->flags & TSOL_AUDITEVENT))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	671	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	672	do_audit = TRUE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	673	tsolinfo->flags \|= DAC_READ_AUDITED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	674	}
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	675	if (xpriv_policy(tsolinfo->privs, pset_win_dac_read,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	676	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	677	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	678	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	679	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	680	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	681	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	682	XTSOLERR("mac", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	683	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	684	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	685	tsolinfo->pname, "read pixel", pDraw->id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	686	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	687	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	688	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	689	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	690	} /* end if !SAMECLIENT */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	691
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	692	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	693	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	694	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	695	auditwrite(obj_code, obj_id, tsolres->uid, AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	696	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	697	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	698	} /* read_pixel */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	699
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	700	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	701	* modify_pixel
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	702	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	703	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	704	modify_pixel(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	705	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	706	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	707	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	708	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	709	int err_code = BadDrawable;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	710	int obj_code = 0;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	711	XID obj_id = (XID)NULL;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	712	DrawablePtr pDraw = resource;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	713	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	714	PixmapPtr pMap = NullPixmap;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	715	WindowPtr pWin = NullWindow;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	716	TsolInfoPtr tsolinfo;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	717	TsolResPtr tsolres;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	718
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	719	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	720	* Trusted Path Windows required Trusted Path attrib
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	721	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	722	tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	723
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	724	if (pDraw->type == DRAWABLE_WINDOW)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	725	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	726	pWin = (WindowPtr)LookupWindow(pDraw->id, client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	727	if (pWin == NULL)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	728	return (PASSED);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	729	tsolres = (TsolResPtr)(pWin->devPrivates[tsolWindowPrivateIndex].ptr);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	730	obj_code = AW_XWINDOW;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	731	obj_id = pWin->drawable.id;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	732	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	733	else if (pDraw->type == DRAWABLE_PIXMAP)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	734	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	735	pMap = (PixmapPtr)LookupIDByType(pDraw->id, RT_PIXMAP);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	736	if (pMap == NULL)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	737	return (PASSED);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	738	tsolres = (TsolResPtr) (pMap->devPrivates[tsolPixmapPrivateIndex].ptr);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	739	obj_code = AW_XPIXMAP;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	740	obj_id = pMap->drawable.id;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	741	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	742	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	743	return (PASSED); /* UNDRAWABLE_WINDOW */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	744
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	745	/* optimization based on client id */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	746	if (!SAMECLIENT(client, pDraw->id))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	747	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	748	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	749	* Trusted Path Windows require Trusted Path attrib
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	750	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	751	if ((pDraw->type == DRAWABLE_WINDOW) &&
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	752	XTSOLTrusted(pWin) &&
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	753	!HasTrustedPath(tsolinfo))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	754	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	755	XTSOLERR("tp", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	756	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	757	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	758	tsolinfo->pname, "modify pixel", pWin->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	759	return (err_code);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	760	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	761	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	762	* You need win_config priv to write to root window
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	763	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	764	if (!priv_win_config && (pWin && WindowIsRoot(pWin)))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	765	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	766	if (!(tsolinfo->flags & CONFIG_AUDITED) &&
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	767	(tsolinfo->flags & TSOL_AUDITEVENT))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	768	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	769	do_audit = TRUE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	770	tsolinfo->flags \|= CONFIG_AUDITED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	771	}
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	772	if (xpriv_policy(tsolinfo->privs, pset_win_config,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	773	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	774	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	775	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	776	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	777	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	778	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	779	XTSOLERR("mac", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	780	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	781	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	782	tsolinfo->pname, "modify pixel", pDraw->id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	783	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	784	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	785	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	786	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	787	* MAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	788	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	789	if ((ret_stat == PASSED) && policy_flags & TSOL_MAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	790	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	791	if (!blequal(tsolinfo->sl, tsolres->sl))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	792	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	793	if (!(tsolinfo->flags & MAC_WRITE_AUDITED) &&
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	794	(tsolinfo->flags & TSOL_AUDITEVENT))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	795	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	796	do_audit = TRUE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	797	tsolinfo->flags \|= MAC_WRITE_AUDITED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	798	}
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	799	if (xpriv_policy(tsolinfo->privs, pset_win_mac_write,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	800	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	801	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	802	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	803	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	804	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	805	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	806	XTSOLERR("mac", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	807	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	808	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	809	tsolinfo->pname, "modify pixel", pDraw->id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	810	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	811	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	812	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	813	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	814	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	815	* DAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	816	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	817	if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	818	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	819	if (tsolinfo->uid != tsolres->uid)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	820	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	821	if (!(tsolinfo->flags & DAC_WRITE_AUDITED) &&
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	822	(tsolinfo->flags & TSOL_AUDITEVENT))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	823	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	824	do_audit = TRUE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	825	tsolinfo->flags \|= DAC_WRITE_AUDITED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	826	}
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	827	if (xpriv_policy(tsolinfo->privs, pset_win_dac_write,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	828	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	829	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	830	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	831	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	832	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	833	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	834	XTSOLERR("dac", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	835	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	836	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	837	tsolinfo->pname, "modify pixel", pDraw->id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	838	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	839	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	840	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	841	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	842	} /* end if SAMECLIENT */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	843
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	844	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	845	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	846	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	847	auditwrite(obj_code, obj_id, tsolres->uid, AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	848	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	849	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	850	} /* modify_pixel */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	851
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	852	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	853	* read_pixmap
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	854	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	855	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	856	read_pixmap(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	857	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	858	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	859	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	860	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	861	int err_code = BadPixmap;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	862	PixmapPtr pMap = resource;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	863	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	864	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	865	TsolResPtr tsolres =
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	866	(TsolResPtr)(pMap->devPrivates[tsolPixmapPrivateIndex].ptr);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	867
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	868	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	869	* MAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	870	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	871	if (policy_flags & TSOL_MAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	872	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	873	if (!bldominates(tsolinfo->sl, tsolres->sl))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	874	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	875	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	876	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	877	if (xpriv_policy(tsolinfo->privs, pset_win_mac_read,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	878	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	879	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	880	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	881	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	882	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	883	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	884	XTSOLERR("mac", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	885	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	886	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	887	tsolinfo->pname, "read pixmap", pMap->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	888	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	889	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	890	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	891	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	892	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	893	* DAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	894	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	895	if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	896	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	897	if (tsolinfo->uid != tsolres->uid)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	898	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	899	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	900	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	901	if (xpriv_policy(tsolinfo->privs, pset_win_dac_read,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	902	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	903	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	904	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	905	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	906	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	907	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	908	XTSOLERR("dac", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	909	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	910	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	911	tsolinfo->pname, "read pixmap", pMap->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	912	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	913	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	914	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	915	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	916	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	917	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	918	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	919	auditwrite(AW_XPIXMAP, pMap->drawable.id, tsolres->uid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	920	AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	921	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	922	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	923	} /* read_pixmap */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	924
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	925	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	926	* modify_pixmap
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	927	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	928	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	929	modify_pixmap(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	930	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	931	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	932	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	933	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	934	int err_code = BadPixmap;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	935	PixmapPtr pMap = resource;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	936	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	937	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	938	TsolResPtr tsolres =
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	939	(TsolResPtr)(pMap->devPrivates[tsolPixmapPrivateIndex].ptr);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	940
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	941	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	942	* MAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	943	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	944	if (policy_flags & TSOL_MAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	945	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	946	if (!blequal(tsolinfo->sl, tsolres->sl))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	947	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	948	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	949	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	950	if (xpriv_policy(tsolinfo->privs, pset_win_mac_write,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	951	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	952	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	953	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	954	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	955	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	956	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	957	XTSOLERR("mac", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	958	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	959	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	960	tsolinfo->pname, "modify pixmap", pMap->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	961	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	962	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	963	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	964	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	965	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	966	* DAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	967	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	968	if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	969	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	970	if (tsolinfo->uid != tsolres->uid)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	971	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	972	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	973	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	974	if (xpriv_policy(tsolinfo->privs, pset_win_dac_write,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	975	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	976	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	977	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	978	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	979	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	980	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	981	XTSOLERR("dac", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	982	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	983	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	984	tsolinfo->pname, "modify pixmap", pMap->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	985	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	986	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	987	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	988	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	989	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	990	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	991	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	992	auditwrite(AW_XPIXMAP, pMap->drawable.id, tsolres->uid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	993	AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	994	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	995	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	996	} /* modify_pixmap */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	997
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	998	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	999	* destroy_pixmap
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1000	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1001	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1002	destroy_pixmap(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1003	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1004	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1005	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1006	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1007	int err_code = BadPixmap;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1008	PixmapPtr pMap = resource;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1009	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1010	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1011	TsolResPtr tsolres =
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1012	(TsolResPtr)(pMap->devPrivates[tsolPixmapPrivateIndex].ptr);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1013
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1014	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1015	* MAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1016	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1017	if (policy_flags & TSOL_MAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1018	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1019	if (!blequal(tsolinfo->sl, tsolres->sl))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1020	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1021	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1022	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	1023	if (xpriv_policy(tsolinfo->privs, pset_win_mac_write,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1024	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1025	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1026	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1027	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1028	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1029	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1030	XTSOLERR("mac", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1031	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1032	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1033	tsolinfo->pname, "destroy pixmap", pMap->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1034	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1035	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1036	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1037	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1038	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1039	* DAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1040	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1041	if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1042	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1043	if (tsolinfo->uid != tsolres->uid)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1044	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1045	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1046	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	1047	if (xpriv_policy(tsolinfo->privs, pset_win_dac_write,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1048	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1049	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1050	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1051	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1052	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1053	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1054	XTSOLERR("dac", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1055	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1056	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1057	tsolinfo->pname, "destroy pixmap", pMap->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1058	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1059	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1060	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1061	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1062	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1063	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1064	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1065	auditwrite(AW_XPIXMAP, pMap->drawable.id, tsolres->uid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1066	AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1067	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1068	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1069	} /* destroy_pixmap */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1070
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1071	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1072	* read_client
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1073	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1074	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1075	read_client(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1076	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1077	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1078	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1079	ClientPtr res_client;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1080	int err_code = BadAccess;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1081	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1082	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1083	TsolInfoPtr res_tsolinfo;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1084	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1085
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1086	if (!(res_client = clients[CLIENT_ID((XID)resource)]))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1087	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1088	return (BadValue);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1089	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1090	res_tsolinfo = GetClientTsolInfo(res_client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1091
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1092	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1093	* MAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1094	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1095	if (policy_flags & TSOL_MAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1096	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1097	if (!blequal(tsolinfo->sl, res_tsolinfo->sl))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1098	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1099	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1100	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	1101	if (xpriv_policy(tsolinfo->privs, pset_win_mac_read,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1102	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1103	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1104	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1105	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1106	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1107	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1108	XTSOLERR("mac", (int) misc, res_tsolinfo->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1109	res_tsolinfo->uid, res_tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1110	res_tsolinfo->pname, tsolinfo->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1111	tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1112	tsolinfo->pname, "read client", resource);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1113	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1114	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1115	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1116	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1117	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1118	* DAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1119	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1120	if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1121	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1122	if (tsolinfo->uid != res_tsolinfo->uid)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1123	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1124	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1125	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	1126	if (xpriv_policy(tsolinfo->privs, pset_win_dac_read,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1127	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1128	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1129	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1130	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1131	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1132	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1133	XTSOLERR("dac", (int) misc, res_tsolinfo->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1134	res_tsolinfo->uid, res_tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1135	res_tsolinfo->pname, tsolinfo->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1136	tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1137	tsolinfo->pname, "read client", resource);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1138	ret_stat = ret_stat;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1139	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1140	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1141	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1142	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1143	* Trusted Path Windows required Trusted Path attrib
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1144	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1145	if ((ret_stat == PASSED) && HasTrustedPath(res_tsolinfo))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1146	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1147	if (!HasTrustedPath(tsolinfo))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1148	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1149	XTSOLERR("tp", (int) misc, res_tsolinfo->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1150	res_tsolinfo->uid, res_tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1151	res_tsolinfo->pname, tsolinfo->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1152	tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1153	tsolinfo->pname, "read client", resource);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1154	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1155	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1156	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1157	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1158	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1159	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1160	auditwrite(AW_XCLIENT, res_client->index, AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1161	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1162	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1163	} /* read client */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1164
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1165	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1166	* modify_client
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1167	* Special win_config priv used for ChangeSaveSet, SetCloseDownMode
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1168	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1169	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1170	modify_client(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1171	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1172	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1173	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1174	int err_code = BadValue;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1175	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1176	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1177	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1178
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1179	if (priv_win_config)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1180	return (PASSED);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1181
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1182	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1183	do_audit = TRUE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1184	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1185	* Needs win_config priv
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1186	*/
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	1187	if (xpriv_policy(tsolinfo->privs, pset_win_config,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1188	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1189	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1190	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1191	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1192	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1193	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1194	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1195	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1196	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1197	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1198	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1199	auditwrite(AW_XCLIENT, client->index, AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1200	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1201	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1202	} /* modify_client */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1203
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1204	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1205	* destroy_client
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1206	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1207	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1208	destroy_client(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1209	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1210	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1211	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1212	ClientPtr res_client;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1213	int err_code = BadValue;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1214	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1215	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1216	TsolInfoPtr res_tsolinfo;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1217	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1218
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1219	if (!(res_client = clients[CLIENT_ID((XID)resource)]))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1220	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1221	return (BadValue);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1222	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1223
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1224	res_tsolinfo = GetClientTsolInfo(res_client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1225
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1226	/* Server a special client */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1227	if (res_client == serverClient \|\| res_tsolinfo == NULL)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1228	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1229	if (client != serverClient)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1230	return (BadValue);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1231	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1232	return (PASSED); /* internal request */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1233	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1234
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1235
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1236	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1237	* MAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1238	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1239	if (policy_flags & TSOL_MAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1240	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1241	if (!blequal(tsolinfo->sl, res_tsolinfo->sl))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1242	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1243	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1244	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	1245	if (xpriv_policy(tsolinfo->privs, pset_win_mac_write,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1246	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1247	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1248	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1249	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1250	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1251	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1252	XTSOLERR("mac", (int) misc, res_tsolinfo->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1253	res_tsolinfo->uid, res_tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1254	res_tsolinfo->pname, tsolinfo->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1255	tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1256	tsolinfo->pname, "destroy client", resource);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1257	ret_stat = ret_stat;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1258	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1259	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1260	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1261	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1262	* DAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1263	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1264	if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1265	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1266	if (tsolinfo->uid != res_tsolinfo->uid)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1267	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1268	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1269	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	1270	if (xpriv_policy(tsolinfo->privs, pset_win_dac_write,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1271	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1272	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1273	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1274	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1275	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1276	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1277	XTSOLERR("dac", (int) misc, res_tsolinfo->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1278	res_tsolinfo->uid, res_tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1279	res_tsolinfo->pname, tsolinfo->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1280	tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1281	tsolinfo->pname, "destroy client", resource);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1282	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1283	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1284	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1285	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1286	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1287	* Trusted Path Windows required Trusted Path attrib
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1288	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1289	if ((ret_stat == PASSED) && HasTrustedPath(res_tsolinfo))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1290	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1291	if (!HasTrustedPath(tsolinfo))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1292	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1293	XTSOLERR("tp", (int) misc, res_tsolinfo->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1294	res_tsolinfo->uid, res_tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1295	res_tsolinfo->pname, tsolinfo->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1296	tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1297	tsolinfo->pname, "destroy client", resource);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1298	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1299	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1300	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1301	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1302	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1303	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1304	auditwrite(AW_XCLIENT, res_client->index, AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1305	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1306	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1307	} /* destroy_client */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1308
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1309	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1310	* read_gc
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1311	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1312	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1313	read_gc(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1314	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1315	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1316	return (access_xid(res, method, resource, subject, policy_flags,
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	1317	misc, RT_GC, pset_win_dac_read));
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1318	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1319
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1320	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1321	* modify_gc
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1322	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1323	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1324	modify_gc(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1325	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1326	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1327	unsigned int protocol = (unsigned int)misc;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1328
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1329	return (access_xid(res, method, resource, subject, policy_flags,
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	1330	misc, RT_GC, pset_win_dac_write));
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1331	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1332
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1333	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1334	* read_font
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1335	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1336	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1337	read_font(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1338	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1339	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1340	return (access_xid(res, method, resource, subject, policy_flags,
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	1341	misc, RT_FONT, pset_win_dac_read));
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1342	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1343
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1344	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1345	* modify_font
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1346	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1347	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1348	modify_font(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1349	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1350	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1351	return (access_xid(res, method, resource, subject, policy_flags,
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	1352	misc,RT_FONT, pset_win_dac_write));
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1353	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1354
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1355	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1356	* modify_cursor
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1357	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1358	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1359	modify_cursor(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1360	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1361	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1362	return (access_xid(res, method, resource, subject, policy_flags,
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	1363	misc, RT_CURSOR, pset_win_dac_write));
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1364	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1365
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1366	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1367	* access_ccell: access policy for color cells.
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1368	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1369	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1370	access_ccell(xresource_t res, xmethod_t method, void resource, void subject,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1371	xpolicy_t policy_flags, void *misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1372	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1373	#if TBD
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1374	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1375	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1376	priv_t priv;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1377	XID cmap_id = (XID)misc;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1378	EntrySecAttrPtr pentp = (EntrySecAttrPtr)resource;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1379	ClientPtr client = (ClientPtr)subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1380	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1381
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1382	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1383	* MAC check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1384	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1385	if (policy_flags & TSOL_MAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1386	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1387	if (!blequal(tsolinfo->sl, pentp->sl))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1388	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1389	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1390	do_audit = TRUE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1391	priv =
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	1392	(method == TSOL_READ) ? pset_win_mac_read : pset_win_mac_write;
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1393	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1394	* any colorcell owned by root is readable by all
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1395	*/
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	1396	if ((priv == pset_win_mac_read) && (pentp->uid == 0))
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1397	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1398	else if (xpriv_policy(tsolinfo->privs, priv,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1399	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1400	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1401	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1402	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1403	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1404	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1405	XTSOLERR("clientid mac", (int)NULL, tsolinfo->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1406	tsolinfo->uid, tsolinfo->pid, tsolinfo->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1407	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1408	tsolinfo->pname, "access ccell", cmap_id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1409	ret_stat = BadAccess;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1410	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1411	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1412	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1413	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1414	* DAC check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1415	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1416	if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1417	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1418	if (tsolinfo->uid != pentp->uid)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1419	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1420	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1421	do_audit = TRUE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1422	priv = (method == TSOL_READ) ?
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	1423	pset_win_dac_read : pset_win_dac_write;
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1424	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1425	* any colorcell owned by root is readable by all
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1426	*/
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	1427	if ((priv == pset_win_dac_read) && (pentp->uid == 0))
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1428	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1429	else if (xpriv_policy(tsolinfo->privs, priv,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1430	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1431	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1432	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1433	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1434	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1435	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1436	XTSOLERR("clientid dac", (int)NULL, tsolinfo->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1437	tsolinfo->uid, tsolinfo->pid, tsolinfo->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1438	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1439	tsolinfo->pname, "access ccell", cmap_id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1440	ret_stat = BadAccess;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1441	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1442	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1443	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1444	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1445	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1446	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1447	auditwrite(AW_XCOLORMAP, (u_long)cmap_id, tsolinfo->uid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1448	AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1449	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1450
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1451	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1452	#endif
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1453	return (PASSED);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1454	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1455
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1456	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1457	* read_ccell
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1458	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1459	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1460	read_ccell(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1461	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1462	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1463	if (priv_win_colormap)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1464	return (PASSED);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1465	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1466	return (access_ccell(res, method, resource, subject,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1467	policy_flags, misc));
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1468	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1469
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1470	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1471	* modify_ccell
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1472	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1473	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1474	modify_ccell(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1475	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1476	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1477	if (priv_win_colormap)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1478	return (PASSED);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1479	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1480	return (access_ccell(res, method, resource, subject,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1481	policy_flags, misc));
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1482	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1483
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1484	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1485	* destroy_ccell
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1486	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1487	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1488	destroy_ccell(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1489	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1490	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1491	#ifdef TBD
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1492	EntrySecAttrPtr pentp = (EntrySecAttrPtr)resource;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1493
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1494	if (priv_win_colormap)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1495	return (PASSED);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1496	else if ( pentp->sl == NULL) /* The cell is allocated by server */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1497	return (PASSED);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1498	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1499	return (access_ccell(res, method, resource, subject,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1500	policy_flags, misc));
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1501	#endif
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1502	return (PASSED);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1503	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1504
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1505	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1506	* read_cmap
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1507	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1508	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1509	read_cmap(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1510	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1511	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1512	ColormapPtr pcmp = (ColormapPtr ) resource;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1513
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1514	/* handle default colormap */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1515	if (pcmp->flags & IsDefault)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1516	return (PASSED);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1517
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1518	return (access_xid(res, method, (void *)(pcmp->mid), subject, policy_flags,
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	1519	misc, RT_COLORMAP, pset_win_dac_read));
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1520	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1521
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1522	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1523	* modify_cmap: resource passed is ColormapPtr & not an XID
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1524	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1525	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1526	modify_cmap(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1527	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1528	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1529	ColormapPtr pcmp = (ColormapPtr ) resource;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1530
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1531	/* modify default colormap ok */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1532	if (pcmp->flags & IsDefault)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1533	return (PASSED);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1534
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1535	return (access_xid(res, method,(void *)(pcmp->mid) , subject, policy_flags,
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	1536	misc, RT_COLORMAP, pset_win_dac_write));
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1537	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1538
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1539	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1540	* install_cmap: both install/uninstall
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1541	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1542	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1543	install_cmap(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1544	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1545	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1546	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1547	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1548	ColormapPtr pcmp = (ColormapPtr ) resource;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1549	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1550	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1551	int err_code = BadColor;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1552
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1553	/* handle default colormap */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1554	if (pcmp->flags & IsDefault)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1555	return (PASSED);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1556
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1557	if (priv_win_colormap)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1558	return (PASSED);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1559
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1560	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1561	do_audit = TRUE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1562
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1563	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1564	* check only win_colormap priv
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1565	*/
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	1566	if (xpriv_policy(tsolinfo->privs, pset_win_colormap,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1567	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1568	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1569	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1570	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1571	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1572	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1573	XTSOLERR("install_cmap", (int) misc, tsolinfo->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1574	tsolinfo->uid, tsolinfo->pid, tsolinfo->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1575	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1576	tsolinfo->pname, "install_cmap", pcmp->mid);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1577	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1578	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1579	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1580	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1581	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1582	auditwrite(AW_XCOLORMAP, pcmp->mid, tsolinfo->uid, AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1583	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1584	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1585	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1586
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1587	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1588	* access_xid: access policy for XIDs
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1589	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1590	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1591	access_xid(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1592	void subject, xpolicy_t policy_flags, void misc,
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	1593	RESTYPE res_type, priv_set_t *which_priv)
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1594	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1595	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1596	int object_code = 0;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1597	int err_code; /* depends on type of XID */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1598	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1599	XID object = (XID) resource;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1600	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1601	TsolInfoPtr tsolinfo = (TsolInfoPtr)NULL;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1602
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1603	if (res_type == RT_NONE)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1604	res_type = RES_TYPE(object);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1605	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1606	* assign appropriate error code
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1607	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1608	switch (res_type) {
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1609	case RT_PIXMAP:
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1610	err_code = BadPixmap;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1611	object_code = AW_XPIXMAP;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1612	break;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1613	case RT_FONT:
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1614	err_code = BadFont;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1615	object_code = AW_XFONT;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1616	break;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1617	case RT_GC:
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1618	err_code = BadGC;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1619	object_code = AW_XGC;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1620	break;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1621	case RT_CURSOR:
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1622	err_code = BadCursor;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1623	object_code = AW_XCURSOR;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1624	break;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1625	case RT_COLORMAP:
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1626	err_code = BadColor;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1627	object_code = AW_XCOLORMAP;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1628	break;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1629	default:
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1630	err_code = BadValue;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1631	break;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1632	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1633	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1634	* DAC check is based on client isolation.
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1635	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1636	if (policy_flags & TSOL_DAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1637	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1638	if (!client_private(client, object))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1639	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1640	tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1641	if (!tsolinfo)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1642	return (err_code);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1643	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1644	do_audit = TRUE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1645	/* PRIV override? */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1646	if (xpriv_policy(tsolinfo->privs, which_priv, res,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1647	method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1648	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1649	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1650	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1651	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1652	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1653	XTSOLERR("clientid", (int) misc, tsolinfo->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1654	tsolinfo->uid, tsolinfo->pid, tsolinfo->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1655	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1656	tsolinfo->pname, "access xid", object);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1657	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1658	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1659	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1660	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1661	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1662	auditwrite(object_code, (u_long)object, tsolinfo->uid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1663	AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1664	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1665	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1666	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1667	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1668	} /* access_xid */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1669
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1670	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1671	* modify_fontpath: requires win_fontpath priv
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1672	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1673	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1674	modify_fontpath(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1675	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1676	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1677	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1678	int err_code = BadFont;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1679	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1680	XID object = (XID)resource;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1681	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1682	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1683
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1684	if (priv_win_fontpath)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1685	return (PASSED);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1686
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1687	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1688	do_audit = TRUE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1689
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1690	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1691	* No MAC & DAC. Check win_fontpath priv only
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1692	*/
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	1693	if (xpriv_policy(tsolinfo->privs, pset_win_fontpath,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1694	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1695	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1696	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1697	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1698	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1699	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1700	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1701	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1702	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1703	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1704	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1705	auditwrite(AW_XFONT, (u_long)object, tsolinfo->uid, AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1706	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1707	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1708	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1709
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1710	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1711	* read_devices: All kbd/ptr ctrl/mapping related access.
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1712	* requires win_devices priv
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1713	* BadAccess is not a valid error code for many protocols
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1714	* and does not work especially for SetPointerModifierMapping etc
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1715	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1716	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1717	read_devices(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1718	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1719	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1720	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1721	int err_code = BadValue;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1722	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1723	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1724	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1725
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1726	if (priv_win_devices)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1727	return (PASSED);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1728
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1729	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1730	do_audit = TRUE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1731
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1732	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1733	* No MAC/DAC check. Needs win_devices priv
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1734	*/
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	1735	if (xpriv_policy(tsolinfo->privs, pset_win_devices,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1736	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1737	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1738	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1739	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1740	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1741	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1742	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1743	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1744	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1745	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1746	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1747	auditwrite(AW_XCLIENT, client->index, AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1748	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1749	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1750	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1751
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1752	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1753	* modify_devices: All kbd/ptr ctrl/mapping related access.
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1754	* requires win_devices priv
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1755	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1756	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1757	modify_devices(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1758	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1759	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1760	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1761	int err_code = BadAccess;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1762	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1763	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1764	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1765
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1766	if (priv_win_devices)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1767	return (PASSED);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1768
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1769	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1770	do_audit = TRUE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1771
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1772	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1773	* No MAC/DAC check. Needs win_devices priv
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1774	*/
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	1775	if (xpriv_policy(tsolinfo->privs, pset_win_devices,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1776	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1777	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1778	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1779	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1780	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1781	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1782	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1783	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1784	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1785	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1786	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1787	auditwrite(AW_XCLIENT, client->index, AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1788	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1789	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1790	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1791
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1792	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1793	* modify_acl
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1794	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1795	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1796	modify_acl(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1797	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1798	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1799	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1800	int err_code = BadValue;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1801	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1802	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1803	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1804
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1805	if (priv_win_config)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1806	return (PASSED);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1807
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1808	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1809	do_audit = TRUE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1810
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1811	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1812	* Needs win_config priv
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1813	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1814	if (tsolinfo->uid != OwnerUID)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1815	{
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	1816	if (xpriv_policy(tsolinfo->privs, pset_win_config, res,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1817	method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1818	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1819	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1820	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1821	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1822	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1823	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1824	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1825	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1826	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1827	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1828	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1829	auditwrite(AW_XCLIENT, client->index, AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1830	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1831	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1832	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1833
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1834	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1835	* read_atom
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1836	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1837	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1838	read_atom(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1839	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1840	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1841
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1842	return PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1843	#if 0
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1844	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1845	int err_code = BadAtom;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1846	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1847	NodePtr node = resource;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1848	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1849	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1850	int i, status;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1851	int protocol = (int)(misc);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1852
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1853	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1854	* MAC Check is slightly different. We do a series of
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1855	* MAC checks for all SLs in the table before we
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1856	* apply privs
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1857	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1858	status = FAILED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1859	if (policy_flags & TSOL_MAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1860	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1861	for ( i = 0; i < node->clientCount; i++)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1862	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1863	if (bldominates(tsolinfo->sl, node->sl[i]))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1864	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1865	status = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1866	break;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1867	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1868	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1869	if (status == FAILED)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1870	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1871	#ifdef DEBUG
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1872	if (xtsol_debug >= XTSOL_FAIL)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1873	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1874	ErrorF("\nmac failed:%s,subj(%s,%d,%d,%s),",
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1875	ProtoNames[protocol], xsltos(tsolinfo->sl),
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1876	tsolinfo->uid, tsolinfo->pid, tsolinfo->pname);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1877	ErrorF("read atom, xid %s\n", NameForAtom(node->a));
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1878	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1879	#endif /* DEBUG */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1880	/* PRIV override? */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1881	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1882	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	1883	if (xpriv_policy(tsolinfo->privs, pset_win_mac_read,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1884	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1885	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1886	status = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1887	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1888	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1889	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1890	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1891	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1892	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1893	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1894	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1895	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1896	* No DAC check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1897	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1898	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1899	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1900	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1901	auditwrite(AW_XATOM, NameForAtom(node->a), AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1902	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1903	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1904	#endif
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1905
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1906	} /* read_atom */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1907
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1908	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1909	* The read/modify window policy are for window attributes & not
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1910	* for window contents. read/modify pixel handle the contents policy
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1911	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1912	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1913	* read_property
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1914	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1915	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1916	read_property(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1917	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1918	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1919	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1920	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1921	int err_code = BadAtom;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1922	PropertyPtr pProp = resource;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1923	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1924	TsolPropPtr tsolprop = (TsolPropPtr)(pProp->secPrivate);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1925	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1926
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1927	/* Initialize property created internally by server */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1928	if (tsolprop == NULL)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1929	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1930	tsolprop = AllocTsolProp();
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1931	if (tsolprop == NULL)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1932	return(BadAlloc);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1933
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1934	tsolprop->uid = getuid();
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1935	tsolprop->sl = (bslabel_t *)lookupSL_low();
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1936	pProp->secPrivate = (pointer)tsolprop;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1937	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1938
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1939	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1940	* MAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1941	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1942	if (policy_flags & TSOL_MAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1943	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1944	if (!bldominates(tsolinfo->sl, tsolprop->sl))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1945	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1946	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1947	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	1948	if (xpriv_policy(tsolinfo->privs, pset_win_mac_read,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1949	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1950	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1951	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1952	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1953	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1954	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1955	SXTSOLERR("mac", (int) misc, tsolprop->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1956	tsolprop->uid, tsolprop->pid, tsolprop->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1957	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1958	tsolinfo->pname, "read property",
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1959	NameForAtom(pProp->propertyName));
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1960	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1961	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1962	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1963	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1964	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1965	* DAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1966	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1967	if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1968	{
73 8877ee2f6c6d 6473751 [tjds] image capture in tjds is corrupt Lokanath Das <Lokanath.Das@Sun.COM> parents: 64 diff changeset	1969	/* property created by workstation owner at admin_low is readable by roles */
8877ee2f6c6d 6473751 [tjds] image capture in tjds is corrupt Lokanath Das <Lokanath.Das@Sun.COM> parents: 64 diff changeset	1970	if (!(tsolprop->uid == OwnerUID \|\| tsolinfo->uid == tsolprop->uid))
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1971	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1972	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1973	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	1974	if (xpriv_policy(tsolinfo->privs, pset_win_dac_read,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1975	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1976	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1977	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1978	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1979	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1980	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1981	SXTSOLERR("dac", (int) misc, tsolprop->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1982	tsolprop->uid, tsolprop->pid, tsolprop->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1983	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1984	tsolinfo->pname, "read property",
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1985	NameForAtom(pProp->propertyName));
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1986	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1987	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1988	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1989	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1990
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1991	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1992	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1993	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1994	auditwrite(AW_XPROPERTY, tsolinfo->uid, tsolprop->uid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1995	NameForAtom(pProp->propertyName), AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1996	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1997	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1998	} /* read_property */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	1999
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2000	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2001	* modify_property
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2002	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2003	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2004	modify_property(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2005	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2006	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2007	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2008	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2009	int err_code = BadAtom;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2010	PropertyPtr pProp = resource;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2011	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2012	TsolPropPtr tsolprop = (TsolPropPtr)(pProp->secPrivate);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2013	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2014
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2015	/* Initialize property created internally by server */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2016	if (tsolprop == NULL)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2017	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2018	tsolprop = AllocTsolProp();
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2019	if (tsolprop == NULL)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2020	return(BadAlloc);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2021
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2022	tsolprop->uid = getuid();
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2023	tsolprop->sl = (bslabel_t *)lookupSL_low();
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2024	pProp->secPrivate = (pointer)tsolprop;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2025	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2026
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2027	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2028	* MAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2029	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2030	if (policy_flags & TSOL_MAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2031	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2032	if (!blequal(tsolinfo->sl, tsolprop->sl))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2033	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2034	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2035	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	2036	if (xpriv_policy(tsolinfo->privs, pset_win_mac_write,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2037	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2038	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2039	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2040	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2041	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2042	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2043	SXTSOLERR("mac", (int) misc, tsolprop->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2044	tsolprop->uid, tsolprop->pid, tsolprop->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2045	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2046	tsolinfo->pname, "modify property",
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2047	NameForAtom(pProp->propertyName));
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2048	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2049	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2050	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2051	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2052	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2053	* DAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2054	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2055	if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2056	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2057	if (tsolinfo->uid != tsolprop->uid)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2058	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2059	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2060	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	2061	if (xpriv_policy(tsolinfo->privs, pset_win_dac_write,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2062	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2063	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2064	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2065	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2066	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2067	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2068	SXTSOLERR("dac", (int) misc, tsolprop->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2069	tsolprop->uid, tsolprop->pid, tsolprop->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2070	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2071	tsolinfo->pname, "modify property",
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2072	NameForAtom(pProp->propertyName));
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2073	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2074	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2075	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2076	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2077
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2078	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2079	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2080	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2081	auditwrite(AW_XPROPERTY, tsolinfo->uid, tsolprop->uid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2082	NameForAtom(pProp->propertyName), AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2083	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2084	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2085	} /* modify_property */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2086
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2087	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2088	* destroy_property
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2089	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2090	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2091	destroy_property(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2092	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2093	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2094	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2095	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2096	int err_code = BadAtom;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2097	PropertyPtr pProp = resource;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2098	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2099	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2100	TsolPropPtr tsolprop = (TsolPropPtr)(pProp->secPrivate);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2101
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2102	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2103	* MAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2104	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2105	if (policy_flags & TSOL_MAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2106	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2107	if (!blequal(tsolinfo->sl, tsolprop->sl))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2108	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2109	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2110	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	2111	if (xpriv_policy(tsolinfo->privs, pset_win_mac_write,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2112	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2113	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2114	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2115	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2116	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2117	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2118	SXTSOLERR("mac", (int) misc, tsolprop->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2119	tsolprop->uid, tsolprop->pid, tsolprop->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2120	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2121	tsolinfo->pname, "destroy property",
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2122	NameForAtom(pProp->propertyName));
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2123	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2124	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2125	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2126	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2127	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2128	* DAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2129	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2130	if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2131	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2132	if (tsolinfo->uid != tsolprop->uid)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2133	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2134	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2135	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	2136	if (xpriv_policy(tsolinfo->privs, pset_win_dac_write,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2137	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2138	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2139	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2140	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2141	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2142	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2143	SXTSOLERR("dac", (int) misc, tsolprop->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2144	tsolprop->uid, tsolprop->pid, tsolprop->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2145	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2146	tsolinfo->pname, "destroy property",
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2147	NameForAtom(pProp->propertyName));
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2148	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2149	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2150	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2151	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2152	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2153	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2154	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2155	auditwrite(AW_XPROPERTY, tsolinfo->uid, tsolprop->uid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2156	NameForAtom(pProp->propertyName), AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2157	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2158	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2159	} /* destroy_property */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2160
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2161	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2162	* modify_grabwin
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2163	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2164	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2165	modify_grabwin(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2166	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2167	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2168	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2169	int err_code = BadWindow;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2170	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2171	WindowPtr pWin = resource;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2172	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2173	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2174	TsolResPtr tsolres;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2175
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2176	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2177	* Allow pointer grab on root window, as long as
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2178	* pointer is currently in a window owned by
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2179	* requesting client.
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2180	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2181
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2182	if (WindowIsRoot(pWin))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2183	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2184	pWin = TsolPointerWindow();
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2185	if (WindowIsRoot(pWin))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2186	return (PASSED);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2187	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2188	tsolres = (TsolResPtr) (pWin->devPrivates[tsolWindowPrivateIndex].ptr);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2189	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2190	* MAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2191	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2192	if (policy_flags & TSOL_MAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2193	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2194	if (!blequal(tsolinfo->sl, tsolres->sl))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2195	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2196	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2197	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	2198	if (xpriv_policy(tsolinfo->privs, pset_win_mac_write,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2199	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2200	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2201	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2202	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2203	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2204	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2205	XTSOLERR("mac", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2206	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2207	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2208	tsolinfo->pname, "read grabwin", pWin->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2209	do_audit = FALSE; /* don't audit this */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2210	unset_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2211	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2212	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2213	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2214	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2215	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2216	* DAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2217	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2218	if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2219	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2220	if (tsolinfo->uid != tsolres->uid /* && tsolres->uid != 0 */)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2221	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2222	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2223	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	2224	if (xpriv_policy(tsolinfo->privs, pset_win_dac_write,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2225	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2226	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2227	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2228	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2229	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2230	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2231	XTSOLERR("dac", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2232	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2233	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2234	tsolinfo->pname, "read grabwin", pWin->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2235	do_audit = FALSE; /* don't audit this */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2236	unset_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2237	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2238	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2239	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2240	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2241	/* Grab on trusted window requires TP */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2242	if ((ret_stat == PASSED) && XTSOLTrusted(pWin))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2243	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2244	if (!HasTrustedPath(tsolinfo))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2245	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2246	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2247	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2248	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2249	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2250	auditwrite(AW_XWINDOW, pWin->drawable.id, tsolres->uid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2251	AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2252	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2253	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2254	} /* modify_grabwin */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2255
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2256	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2257	* modify_confwin - ConfineTo window access
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2258	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2259	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2260	modify_confwin(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2261	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2262	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2263	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2264	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2265	int err_code = BadWindow;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2266	WindowPtr pWin = resource;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2267	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2268	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2269	TsolResPtr tsolres =
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2270	(TsolResPtr)(pWin->devPrivates[tsolWindowPrivateIndex].ptr);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2271
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2272	/*if (priv_win_devices)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2273	return (PASSED);*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2274
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2275	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2276	* confine window can be None. Root window is OK
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2277	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2278
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2279	if (pWin == NullWindow \|\| WindowIsRoot(pWin))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2280	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2281	return (PASSED);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2282	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2283	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2284	* MAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2285	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2286	if (policy_flags & TSOL_MAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2287	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2288	if (!blequal(tsolinfo->sl, tsolres->sl))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2289	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2290	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2291	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	2292	if (xpriv_policy(tsolinfo->privs, pset_win_mac_write,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2293	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2294	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2295	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2296	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2297	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2298	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2299	XTSOLERR("mac", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2300	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2301	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2302	tsolinfo->pname, "read grabwin", pWin->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2303	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2304	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2305	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2306	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2307	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2308	* DAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2309	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2310	if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2311	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2312	if (tsolinfo->uid != tsolres->uid /* && tsolres->uid != 0 */)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2313	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2314	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2315	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	2316	if (xpriv_policy(tsolinfo->privs, pset_win_dac_write,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2317	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2318	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2319	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2320	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2321	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2322	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2323	XTSOLERR("dac", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2324	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2325	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2326	tsolinfo->pname, "read grabwin", pWin->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2327	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2328	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2329	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2330	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2331	/* Trusted window requires TP */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2332	if ((ret_stat == PASSED) && XTSOLTrusted(pWin))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2333	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2334	if (!HasTrustedPath(tsolinfo))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2335	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2336	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2337	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2338	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2339	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2340	auditwrite(AW_XWINDOW, pWin->drawable.id, tsolres->uid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2341	AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2342	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2343	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2344	} /* modify_confwin */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2345
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2346	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2347	* create_srvgrab: GrabServer requires a priv
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2348	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2349	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2350	create_srvgrab(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2351	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2352	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2353	if (priv_win_config)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2354	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2355	return (PASSED);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2356	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2357	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2358	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2359	return (check_priv(res, method, resource, subject, policy_flags,
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	2360	misc, pset_win_config));
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2361	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2362	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2363
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2364	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2365	* destroy_srvgrab: GrabServer requires a priv
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2366	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2367	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2368	destroy_srvgrab(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2369	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2370	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2371	if (priv_win_config)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2372	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2373	return (PASSED);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2374	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2375	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2376	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2377	return (check_priv(res, method, resource, subject, policy_flags,
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	2378	misc, pset_win_config));
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2379	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2380	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2381
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2382	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2383	* check_priv: Use this for all policies that require
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2384	* no MAC/DAC, but a priv
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2385	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2386	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2387	check_priv(xresource_t res, xmethod_t method, void *resource,
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	2388	void subject, xpolicy_t policy_flags, void misc, priv_set_t *priv)
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2389	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2390	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2391	int err_code = BadValue;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2392	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2393	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2394	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2395
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2396	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2397	* No MAC/DAC check.
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2398	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2399	if (tsolinfo->flags & CONFIG_AUDITED)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2400	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2401	do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2402	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2403	else if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2404	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2405	do_audit = TRUE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2406	tsolinfo->flags \|= CONFIG_AUDITED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2407	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2408	if (xpriv_policy(tsolinfo->privs, priv, res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2409	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2410	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2411	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2412	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2413	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2414	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2415	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2416	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2417	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2418	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2419	auditwrite(AW_XCLIENT, client->index, AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2420	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2421	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2422	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2423
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2424	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2425	* Converts SL to string
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2426	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2427	char *
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2428	xsltos(bslabel_t *sl)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2429	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2430	char *slstring = NULL;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2431
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2432	if (bsltos(sl, &slstring, 0,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2433	VIEW_INTERNAL\|SHORT_CLASSIFICATION \| LONG_WORDS \| ALL_ENTRIES) <= 0)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2434	return (NULL);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2435	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2436	return slstring;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2437	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2438
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2439	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2440	* read_selection
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2441	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2442	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2443	read_selection(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2444	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2445	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2446	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2447	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2448	int err_code = BadAtom;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2449	Selection *selection = resource;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2450	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2451	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2452	TsolSelnPtr tsolseln = (TsolSelnPtr)(selection->secPrivate);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2453
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2454	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2455	* MAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2456	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2457	if (policy_flags & TSOL_MAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2458	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2459	if (!bldominates(tsolinfo->sl, tsolseln->sl))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2460	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2461	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2462	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	2463	if (xpriv_policy(tsolinfo->privs, pset_win_mac_read,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2464	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2465	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2466	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2467	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2468	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2469	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2470	SXTSOLERR("mac", (int) misc, tsolseln->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2471	tsolseln->uid, tsolseln->pid, tsolseln->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2472	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2473	tsolinfo->pname, "read selection",
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2474	NameForAtom(selection->selection));
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2475	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2476	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2477	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2478	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2479	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2480	* DAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2481	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2482	if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2483	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2484	/* uid == DEF_UID means public window, shared read */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2485	if (!(tsolseln->uid == DEF_UID \|\| tsolinfo->uid == tsolseln->uid))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2486	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2487	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2488	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	2489	if (xpriv_policy(tsolinfo->privs, pset_win_dac_read,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2490	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2491	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2492	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2493	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2494	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2495	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2496	SXTSOLERR("dac", (int) misc, tsolseln->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2497	tsolseln->uid, tsolseln->pid, tsolseln->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2498	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2499	tsolinfo->pname, "read selection",
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2500	NameForAtom(selection->selection));
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2501	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2502	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2503	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2504	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2505
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2506	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2507	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2508	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2509	auditwrite(AW_XATOM, NameForAtom(selection->selection),
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2510	AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2511	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2512	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2513	} /* read_selection */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2514
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2515	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2516	* modify_propwin. This is slightly different from modify_window in that
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2517	* Anyone can create/change properties on root.
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2518	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2519	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2520	modify_propwin(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2521	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2522	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2523	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2524	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2525	int err_code = BadWindow;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2526	WindowPtr pWin = resource;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2527	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2528	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2529	TsolResPtr tsolres =
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2530	(TsolResPtr)(pWin->devPrivates[tsolWindowPrivateIndex].ptr);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2531
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2532	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2533	* Anyone can modify properties on RootWindow subjected to
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2534	* property policies.
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2535	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2536	if (WindowIsRoot(pWin))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2537	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2538	return (PASSED);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2539	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2540	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2541	if (XTSOLTrusted(pWin))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2542	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2543	if (!HasTrustedPath(tsolinfo))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2544	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2545	XTSOLERR("tp", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2546	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2547	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2548	tsolinfo->pname, "modify propwin", pWin->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2549	return (err_code);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2550	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2551	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2552	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2553	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2554	* MAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2555	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2556	if (policy_flags & TSOL_MAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2557	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2558	if (!blequal(tsolinfo->sl, tsolres->sl))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2559	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2560	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2561	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	2562	if (xpriv_policy(tsolinfo->privs, pset_win_mac_write,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2563	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2564	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2565	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2566	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2567	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2568	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2569	XTSOLERR("mac", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2570	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2571	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2572	tsolinfo->pname, "modify propwin", pWin->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2573	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2574	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2575	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2576	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2577	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2578	* DAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2579	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2580	if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2581	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2582	if (tsolinfo->uid != tsolres->uid)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2583	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2584	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2585	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	2586	if (xpriv_policy(tsolinfo->privs, pset_win_dac_write,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2587	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2588	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2589	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2590	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2591	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2592	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2593	XTSOLERR("dac", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2594	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2595	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2596	tsolinfo->pname, "modify propwin", pWin->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2597	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2598	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2599	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2600	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2601	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2602	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2603	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2604	auditwrite(AW_XWINDOW, pWin->drawable.id, tsolres->uid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2605	AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2606	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2607	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2608	} /* modify_propwin */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2609
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2610	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2611	* modify_focuswin - Focus Window policy
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2612	* Focus window can be None is checked outside of this func
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2613	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2614	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2615	modify_focuswin(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2616	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2617	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2618	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2619	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2620	int err_code = BadWindow;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2621	WindowPtr pWin = resource;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2622	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2623	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2624	TsolResPtr tsolres =
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2625	(TsolResPtr)(pWin->devPrivates[tsolWindowPrivateIndex].ptr);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2626	GrabPtr grab;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2627
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2628	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2629	* MAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2630	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2631	if (policy_flags & TSOL_MAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2632	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2633	if (!blequal(tsolinfo->sl, tsolres->sl))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2634	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2635	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2636	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	2637	if (xpriv_policy(tsolinfo->privs, pset_win_mac_write,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2638	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2639	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2640	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2641	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2642	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2643	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2644	XTSOLERR("mac", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2645	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2646	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2647	tsolinfo->pname, "modify focuswin", pWin->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2648	do_audit = FALSE; /* don't audit this */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2649	unset_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2650	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2651	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2652	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2653	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2654	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2655	* DAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2656	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2657	if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2658	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2659	if (tsolinfo->uid != tsolres->uid)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2660	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2661	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2662	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	2663	if (xpriv_policy(tsolinfo->privs, pset_win_dac_write,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2664	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2665	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2666	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2667	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2668	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2669	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2670	XTSOLERR("dac", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2671	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2672	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2673	tsolinfo->pname, "modify focuswin", pWin->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2674	do_audit = FALSE; /* don't audit this */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2675	unset_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2676	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2677	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2678	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2679	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2680	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2681	* Trusted Path Windows require Trusted Path attrib
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2682	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2683	if ((ret_stat == PASSED) && XTSOLTrusted(pWin))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2684	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2685	if (!HasTrustedPath(tsolinfo))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2686	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2687	XTSOLERR("tp", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2688	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2689	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2690	tsolinfo->pname, "modify focuswin", pWin->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2691	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2692	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2693	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2694	#if 0
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2695	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2696	* This causes problems when dragging cmdtool
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2697	* TBD later
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2698	* If ptr/kbd is grabbed, then this client must be
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2699	* the grabbing client
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2700	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2701	grab = inputInfo.pointer->grab;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2702	if (grab == NULL)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2703	grab = inputInfo.keyboard->grab;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2704	if (grab)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2705	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2706	if (!SameClient(grab, client))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2707	{
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	2708	if (xpriv_policy(tsolinfo->privs, pset_win_devices,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2709	res, method, client))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2710	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2711	/* audit? */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2712	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2713	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2714	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2715	XTSOLERR("tp", (int) misc,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2716	tsolres->sl, tsolres->uid, tsolres->pid, tsolres->pname, \
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2717	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid, tsolinfo->pname, \
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2718	"modify focuswin", pWin->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2719	return (err_code);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2720	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2721	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2722	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2723	#endif
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2724	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2725	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2726	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2727	auditwrite(AW_XWINDOW, pWin->drawable.id, tsolres->uid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2728	AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2729	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2730	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2731	} /* modify_focuswin */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2732
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2733	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2734	* read_focuswin
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2735	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2736	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2737	read_focuswin(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2738	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2739	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2740	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2741	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2742	int err_code = BadWindow;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2743	WindowPtr pWin = resource;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2744	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2745	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2746	TsolResPtr tsolres =
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2747	(TsolResPtr)(pWin->devPrivates[tsolWindowPrivateIndex].ptr);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2748
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2749	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2750	* Anyone can read RootWindow attributes
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2751	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2752	if (WindowIsRoot(pWin))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2753	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2754	return (PASSED);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2755	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2756	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2757	* MAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2758	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2759	if (policy_flags & TSOL_MAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2760	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2761	if (!(bldominates(tsolinfo->sl, tsolres->sl)))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2762	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2763	if (!(tsolinfo->flags & MAC_READ_AUDITED) &&
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2764	(tsolinfo->flags & TSOL_AUDITEVENT))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2765	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2766	do_audit = TRUE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2767	tsolinfo->flags \|= MAC_READ_AUDITED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2768	}
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	2769	if (xpriv_policy(tsolinfo->privs, pset_win_mac_read,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2770	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2771	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2772	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2773	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2774	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2775	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2776	XTSOLERR("mac", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2777	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2778	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2779	tsolinfo->pname, "read focuswin", pWin->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2780	do_audit = FALSE; /* don't audit this */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2781	unset_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2782	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2783	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2784	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2785	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2786	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2787	* DAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2788	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2789	if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2790	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2791	if ((tsolinfo->uid != tsolres->uid) && (tsolres->uid != 0))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2792	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2793	if (!(tsolinfo->flags & DAC_READ_AUDITED) &&
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2794	(tsolinfo->flags & TSOL_AUDITEVENT))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2795	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2796	do_audit = TRUE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2797	tsolinfo->flags \|= DAC_READ_AUDITED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2798	}
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	2799	if (xpriv_policy(tsolinfo->privs, pset_win_dac_read,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2800	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2801	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2802	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2803	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2804	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2805	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2806	XTSOLERR("dac", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2807	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2808	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2809	tsolinfo->pname, "read focuswin", pWin->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2810	do_audit = FALSE; /* don't audit */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2811	unset_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2812	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2813	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2814	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2815	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2816	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2817	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2818	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2819	auditwrite(AW_XWINDOW, pWin->drawable.id, tsolres->uid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2820	AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2821	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2822	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2823	} /* read_focuswin */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2824
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2825	#ifdef DEBUG
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2826	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2827	* XTsolErr : used for debugging.
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2828	* WARNING: ErrorF can take upto 10 args & no more
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2829	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2830	void
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2831	XTsolErr(char err_type, int protocol, bslabel_t osl, uid_t ouid, pid_t opid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2832	char opname, bslabel_t ssl, uid_t suid, pid_t spid, char *spname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2833	char method, int isstring, void xid)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2834	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2835	if (xtsol_debug < XTSOL_FAIL)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2836	return;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2837	if (protocol == X_QueryTree \|\| protocol == X_GetInputFocus)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2838	return;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2839	/* range check of protocol */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2840	if (protocol > X_NoOperation)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2841	protocol = 0; /* unknown or extension */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2842	ErrorF("\n%s failed:%s,obj(%s,%d,%d,%s), subj(%s,%d,%d,%s),",
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2843	err_type, ProtoNames[protocol], xsltos(osl), ouid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2844	opid, opname, xsltos(ssl), suid, spid, spname);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2845	if (isstring)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2846	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2847	ErrorF("%s, xid=%s\n", method, (char ) xid); / for atom/prop names */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2848	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2849	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2850	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2851	ErrorF("%s, xid=%X\n", method, (long) xid); /* for window/pixmaps */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2852	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2853	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2854	#endif /* DEBUG */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2855
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2856	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2857	* read_extn
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2858	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2859	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2860	read_extn(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2861	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2862	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2863	int err_code = BadAccess;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2864	char extn_name = (char )resource;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2865	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2866	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2867
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2868	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2869	* No policy for this
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2870	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2871
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2872	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2873	if (extn_name != NULL & *extn_name != '\0')
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2874	ErrorF("Access to %s extension allowed\n", extn_name);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2875	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2876	return (PASSED);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2877	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2878
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2879	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2880	* modify_window
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2881	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2882	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2883	modify_tpwin(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2884	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2885	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2886	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2887	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2888	int err_code = BadWindow;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2889	WindowPtr pWin = resource;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2890	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2891	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2892	TsolResPtr tsolres =
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2893	(TsolResPtr)(pWin->devPrivates[tsolWindowPrivateIndex].ptr);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2894
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2895	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2896	* MAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2897	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2898	if (policy_flags & TSOL_MAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2899	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2900	if (!blequal(tsolinfo->sl, tsolres->sl))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2901	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2902	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2903	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	2904	if (xpriv_policy(tsolinfo->privs, pset_win_mac_write,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2905	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2906	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2907	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2908	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2909	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2910	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2911	XTSOLERR("mac", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2912	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2913	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2914	tsolinfo->pname, "modify tpwin", pWin->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2915	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2916	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2917	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2918	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2919	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2920	* DAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2921	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2922	if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2923	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2924	if (tsolinfo->uid != tsolres->uid)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2925	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2926	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2927	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	2928	if (xpriv_policy(tsolinfo->privs, pset_win_dac_write,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2929	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2930	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2931	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2932	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2933	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2934	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2935	XTSOLERR("dac", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2936	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2937	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2938	tsolinfo->pname, "modify tpwin", pWin->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2939	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2940	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2941	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2942	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2943	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2944	* Trusted Path Windows require Trusted Path attrib
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2945	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2946	if ((ret_stat == PASSED) && XTSOLTrusted(pWin))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2947	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2948	if (!HasTrustedPath(tsolinfo))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2949	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2950	XTSOLERR("tp", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2951	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2952	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2953	tsolinfo->pname, "modify tpwin", pWin->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2954	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2955	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2956	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2957	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2958	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2959	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2960	auditwrite(AW_XWINDOW, pWin->drawable.id, tsolres->uid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2961	AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2962	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2963	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2964	} /* modify_tpwin */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2965
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2966	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2967	* modify_sl
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2968	* requires win_upgrade/downgrade_sl privs
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2969	* misc parameter is actually sl of resource & not the protocol no.
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2970	* misc == NULL means we are trying to set session hi/lo clearance
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2971	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2972	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2973	modify_sl(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2974	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2975	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2976	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2977	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2978	int err_code = BadAccess;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2979	bslabel_t sl = (bslabel_t )resource; /* sl to be set */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2980	bslabel_t res_sl = (bslabel_t )misc; /* resource sl */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2981	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2982	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2983
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2984	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2985	* Are we trying to check for session hi/lo clearance
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2986	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2987	if (misc == NULL)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2988	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2989	if (priv_win_config)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2990	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2991
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2992	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2993	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	2994	if (xpriv_policy(tsolinfo->privs, pset_win_config,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2995	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2996	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2997	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2998	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	2999	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3000	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3001	#ifdef DEBUG
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3002	ErrorF("modify_sl: failed for %s\n", tsolinfo->pname);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3003	#endif /* DEBUG */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3004	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3005	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3006	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3007	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3008	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3009	auditwrite(AW_SLABEL, sl, AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3010	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3011	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3012	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3013	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3014	* No MAC/DAC Check. Check only for upgrade/downgrade priv
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3015	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3016	if (bldominates(sl, res_sl))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3017	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3018	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3019	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3020	if (xpriv_policy(tsolinfo->privs, pset_win_upgrade_sl,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3021	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3022	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3023	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3024	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3025	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3026	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3027	#ifdef DEBUG
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3028	ErrorF("modify_sl: failed for %s\n", tsolinfo->pname);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3029	#endif /* DEBUG */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3030	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3031	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3032	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3033	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3034	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3035	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3036	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3037	if (xpriv_policy(tsolinfo->privs, pset_win_downgrade_sl,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3038	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3039	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3040	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3041	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3042	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3043	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3044	#ifdef DEBUG
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3045	ErrorF("modify_sl: failed for %s\n", tsolinfo->pname);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3046	#endif /* DEBUG */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3047	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3048	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3049	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3050	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3051	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3052	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3053	auditwrite(AW_SLABEL, sl, AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3054	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3055	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3056	} /* modify_sl */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3057
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3058
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3059	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3060	* modify_eventwin
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3061	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3062	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3063	modify_eventwin(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3064	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3065	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3066	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3067	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3068	int err_code = BadWindow;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3069	WindowPtr pWin = resource;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3070	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3071	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3072	TsolResPtr tsolres =
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3073	(TsolResPtr)(pWin->devPrivates[tsolWindowPrivateIndex].ptr);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3074	TsolInfoPtr tsolownerinfo; /client who owns the window /
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3075	ClientPtr ownerclient;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3076
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3077	ownerclient = clients[CLIENT_ID(pWin->drawable.id)];
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3078	tsolownerinfo = GetClientTsolInfo(ownerclient);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3079
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3080	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3081	* Anyone can send event to root win
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3082	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3083	if (WindowIsRoot(pWin) \|\| XTSOLTrusted(pWin))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3084	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3085	return (PASSED);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3086	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3087	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3088	* MAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3089	* NOTE: window sl must dominate the client's sl for send event
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3090	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3091	if (policy_flags & TSOL_MAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3092	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3093	if (!bldominates(tsolres->sl, tsolinfo->sl))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3094	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3095	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3096	* event sends to windows owned by client with priv_win_seln
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3097	* particularly front panel whose sl is admin_low
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3098	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3099	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3100	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3101	if (xpriv_policy(tsolinfo->privs, pset_win_mac_write,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3102	res, method, client, do_audit) \|\|
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3103	(tsolownerinfo && HasWinSelection(tsolownerinfo)))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3104	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3105	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3106	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3107	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3108	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3109	XTSOLERR("mac", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3110	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3111	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3112	tsolinfo->pname, "modify eventwin", pWin->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3113	ret_stat = ret_stat;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3114	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3115	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3116	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3117	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3118	* DAC Check
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3119	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3120	if ((ret_stat == PASSED) && policy_flags & TSOL_DAC)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3121	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3122	/* uid == DEF_UID means public window */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3123	if (!(XTSOLTrusted(pWin) \|\|
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3124	tsolres->uid == DEF_UID \|\|
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3125	tsolinfo->uid == tsolres->uid))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3126	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3127	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3128	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3129	if (xpriv_policy(tsolinfo->privs, pset_win_dac_write,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3130	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3131	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3132	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3133	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3134	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3135	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3136	XTSOLERR("dac", (int) misc, tsolres->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3137	tsolres->uid, tsolres->pid, tsolres->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3138	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3139	tsolinfo->pname, "modify eventwin", pWin->drawable.id);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3140	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3141	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3142	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3143	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3144	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3145	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3146	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3147	auditwrite(AW_XWINDOW, pWin->drawable.id, tsolres->uid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3148	AW_APPEND, AW_END);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3149	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3150	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3151	} /* modify_eventwin */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3152
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3153	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3154	* modify_stripe
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3155	* Trusted stripe requires only trusted path attrib
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3156	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3157	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3158	modify_stripe(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3159	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3160	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3161	int err_code = BadAccess;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3162	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3163	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3164
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3165	if (!HasTrustedPath(tsolinfo))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3166	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3167	XTSOLERR("tp", (int) misc, tsolinfo->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3168	tsolinfo->uid, tsolinfo->pid, tsolinfo->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3169	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3170	tsolinfo->pname, "modify stripe", 0);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3171	return (err_code);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3172	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3173	return (PASSED);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3174	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3175
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3176	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3177	* modify_wowner
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3178	* set workstation owner
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3179	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3180	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3181	modify_wowner(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3182	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3183	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3184	int err_code = BadAccess;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3185	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3186	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3187
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3188	if (!HasTrustedPath(tsolinfo))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3189	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3190	XTSOLERR("tp", (int) misc, tsolinfo->sl,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3191	tsolinfo->uid, tsolinfo->pid, tsolinfo->pname,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3192	tsolinfo->sl, tsolinfo->uid, tsolinfo->pid,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3193	tsolinfo->pname, "modify tpwin", 0);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3194	return (err_code);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3195	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3196	return (PASSED);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3197	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3198
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3199	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3200	* modify_uid
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3201	* Set UID for resource
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3202	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3203	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3204	modify_uid(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3205	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3206	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3207	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3208	int err_code = BadAccess;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3209	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3210	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3211	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3212
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3213	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3214	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3215	if (xpriv_policy(tsolinfo->privs, pset_win_dac_write,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3216	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3217	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3218	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3219	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3220	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3221	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3222	#ifdef DEBUG
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3223	ErrorF("modify_uid: failed for %s\n", tsolinfo->pname);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3224	#endif /* DEBUG */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3225	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3226	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3227	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3228	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3229	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3230	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3231
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3232	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3233	* modify_polyinfo
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3234	* Modify polyinstantiation info(sl, uid)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3235	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3236	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3237	modify_polyinfo(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3238	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3239	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3240	int ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3241	int err_code = BadAccess;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3242	Bool do_audit = FALSE;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3243	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3244	TsolInfoPtr tsolinfo = GetClientTsolInfo(client);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3245
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3246	if (tsolinfo->flags & TSOL_AUDITEVENT)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3247	do_audit = TRUE;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3248	if (xpriv_policy(tsolinfo->privs, pset_win_mac_write,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3249	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3250	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3251	ret_stat = PASSED;
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3252	if (xpriv_policy(tsolinfo->privs, pset_win_dac_write,
0 b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3253	res, method, client, do_audit))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3254	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3255	ret_stat = PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3256	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3257	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3258	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3259	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3260	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3261	ret_stat = err_code;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3262	#ifdef DEBUG
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3263	ErrorF("modify_polyinfo: failed for %s\n", tsolinfo->pname);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3264	#endif /* DEBUG */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3265	if (do_audit)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3266	set_audit_flags(tsolinfo);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3267	return (ret_stat);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3268	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3269
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3270	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3271	* access_dbe - check whether the buffer is client-private
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3272	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3273	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3274	access_dbe(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3275	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3276	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3277	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3278	XID object = (XID) resource;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3279
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3280	if (client_private(client, object))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3281	return (PASSED);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3282	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3283	return BadAccess;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3284	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3285
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3286	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3287	* swap_dbe - check if the window is created by the client
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3288	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3289	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3290	swap_dbe(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3291	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3292	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3293	WindowPtr pWin = resource;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3294	ClientPtr client = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3295
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3296	if (SAMECLIENT(client, pWin->drawable.id))
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3297	return PASSED;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3298	else
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3299	return BadAccess;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3300	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3301
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3302	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3303	* Return value of 0 success, errcode for failure
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3304	*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3305	* Dummy function.
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3306	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3307	static int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3308	no_policy(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3309	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3310	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3311	#ifdef DEBUG
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3312	ErrorF("policy not implemented for res=%d, method=%d\n",
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3313	res, method);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3314	#endif /* DEBUG */
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3315	return (PASSED);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3316	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3317
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3318	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3319	* X POLICY FUNCTION TABLE. One row per resource.
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3320	*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3321	* TSOL_RES_NAME READ MODIFY CREATE\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3322	* DESTROY SPECIAL
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3323	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3324	static int (*XTSOL_policy_table[TSOL_MAX_XRES_TYPES][TSOL_MAX_XMETHODS])() = {
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3325	/* TSOL_RES_ACL */ no_policy, modify_acl, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3326	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3327	/* TSOL_RES_ATOM */ read_atom, no_policy, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3328	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3329	/* TSOL_RES_BELL */ no_policy, modify_devices, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3330	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3331	/* TSOL_RES_BTNGRAB */ no_policy, no_policy, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3332	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3333	/* TSOL_RES_CCELL */ read_ccell, modify_ccell, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3334	destroy_ccell, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3335	/* TSOL_RES_CLIENT */ read_client, modify_client, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3336	destroy_client, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3337	/* TSOL_RES_CMAP */ read_cmap, modify_cmap, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3338	modify_cmap, install_cmap,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3339	/* TSOL_RES_CONFWIN */ no_policy, modify_confwin, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3340	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3341	/* TSOL_RES_CURSOR */ no_policy, modify_cursor, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3342	modify_cursor, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3343	/* TSOL_RES_EVENTWIN */ no_policy, modify_eventwin, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3344	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3345	/* TSOL_RES_EXTN */ read_extn, no_policy, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3346	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3347	/* TSOL_RES_FOCUSWIN */ read_focuswin, modify_focuswin, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3348	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3349	/* TSOL_RES_FONT */ read_font, modify_font, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3350	modify_font, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3351	/* TSOL_RES_FONTLIST */ no_policy, no_policy, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3352	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3353	/* TSOL_RES_FONTPATH */ no_policy, modify_fontpath, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3354	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3355	/* TSOL_RES_GC */ read_gc, modify_gc, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3356	modify_gc, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3357	/* TSOL_RES_GRABWIN */ no_policy, modify_grabwin, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3358	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3359	/* TSOL_RES_HOSTLIST */ no_policy, no_policy, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3360	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3361	/* TSOL_RES_IL */ no_policy, no_policy, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3362	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3363	/* TSOL_RES_KBDCTL */ no_policy, modify_devices, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3364	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3365	/* TSOL_RES_KBDGRAB */ no_policy, no_policy, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3366	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3367	/* TSOL_RES_KEYGRAB */ no_policy, no_policy, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3368	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3369	/* TSOL_RES_KEYMAP */ read_devices, modify_devices, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3370	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3371	/* TSOL_RES_MODMAP */ no_policy, modify_devices, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3372	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3373	/* TSOL_RES_PIXEL */ read_pixel, modify_pixel, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3374	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3375	/* TSOL_RES_PIXMAP */ read_pixmap, modify_pixmap, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3376	destroy_pixmap, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3377	/* TSOL_RES_POLYINFO */ no_policy, modify_polyinfo, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3378	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3379	/* TSOL_RES_PROPERTY */ read_property, modify_property, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3380	destroy_property, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3381	/* TSOL_RES_PROPWIN */ read_window, modify_propwin, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3382	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3383	/* TSOL_RES_IIL */ no_policy, no_policy, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3384	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3385	/* TSOL_RES_PROP_SL */ no_policy, no_policy, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3386	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3387	/* TSOL_RES_PROP_UID */ no_policy, no_policy, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3388	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3389	/* TSOL_RES_PTRCTL */ no_policy, modify_devices, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3390	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3391	/* TSOL_RES_PTRGRAB */ no_policy, no_policy, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3392	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3393	/* TSOL_RES_PTRLOC */ no_policy, no_policy, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3394	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3395	/* TSOL_RES_PTRMAP */ no_policy, modify_devices, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3396	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3397	/* TSOL_RES_PTRMOTION */ no_policy, no_policy, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3398	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3399	/* TSOL_RES_SCRSAVER */ no_policy, modify_devices, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3400	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3401	/* TSOL_RES_SELECTION */ read_selection, no_policy, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3402	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3403	/* TSOL_RES_SELNWIN */ no_policy, no_policy, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3404	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3405	/* TSOL_RES_SENDEVENT */ no_policy, no_policy, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3406	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3407	/* TSOL_RES_SL */ no_policy, modify_sl, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3408	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3409	/* TSOL_RES_SRVGRAB */ no_policy, no_policy, create_srvgrab,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3410	destroy_srvgrab, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3411	/* TSOL_RES_STRIPE */ no_policy, modify_stripe, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3412	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3413	/* TSOL_RES_TPWIN */ no_policy, modify_tpwin, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3414	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3415	/* TSOL_RES_UID */ no_policy, modify_uid, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3416	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3417	/* TSOL_RES_VISUAL */ no_policy, no_policy, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3418	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3419	/* TSOL_RES_WINATTR */ no_policy, no_policy, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3420	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3421	/* TSOL_RES_WINDOW */ read_window, modify_window, create_window,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3422	destroy_window, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3423	/* TSOL_RES_WINLOC */ no_policy, no_policy, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3424	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3425	/* TSOL_RES_WINMAP */ no_policy, no_policy, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3426	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3427	/* TSOL_RES_WINSIZE */ no_policy, no_policy, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3428	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3429	/* TSOL_RES_WINSTACK */ no_policy, no_policy, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3430	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3431	/* TSOL_RES_WOWNER */ no_policy, modify_wowner, no_policy,\
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3432	no_policy, no_policy,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3433	/* TSOL_RES_DBE */ no_policy, no_policy, access_dbe,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3434	access_dbe, swap_dbe
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3435	};
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3436
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3437	struct xpolicy_cache {
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3438	xresource_t res;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3439	xmethod_t method;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3440	void *resource;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3441	void *subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3442	xpolicy_t policy_flags;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3443	int ret_value;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3444	int count;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3445	};
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3446	static struct xpolicy_cache policy_cache;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3447
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3448	/*
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3449	* main xtsol_policy. External interface to dix layer of X server
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3450	*/
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3451	int
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3452	xtsol_policy(xresource_t res, xmethod_t method, void *resource,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3453	void subject, xpolicy_t policy_flags, void misc)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3454	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3455	int res_type;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3456	int ret_value;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3457
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3458	assert(res >= TSOL_START_XRES && res < TSOL_MAX_XRES_TYPES);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3459	assert(method >= 0 && method < TSOL_MAX_XMETHODS);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3460	assert(policy_flags != 0);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3461	res_type = (int)(res - TSOL_START_XRES);
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3462
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3463	if (policy_cache.subject == subject &&
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3464	policy_cache.res == res &&
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3465	policy_cache.method == method &&
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3466	policy_cache.resource == resource &&
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3467	policy_cache.policy_flags == policy_flags)
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3468	{
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3469
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3470	policy_cache.count++;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3471	return policy_cache.ret_value;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3472	} else {
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3473	policy_cache.res = res;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3474	policy_cache.method = method;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3475	policy_cache.resource = resource;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3476	policy_cache.subject = subject;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3477	policy_cache.policy_flags = policy_flags;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3478
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3479	ret_value = ((XTSOL_policy_table[res_type][method]) (res,
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3480	method, resource, subject, policy_flags, misc));
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3481	policy_cache.ret_value = ret_value;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3482
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3483	return ret_value;
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3484	}
b949c5054bc4 Initial OpenSolaris release: X-src-20060331 Alan Coopersmith <Alan.Coopersmith@Sun.COM> parents: diff changeset	3485	}
36 07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3486
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3487	/*
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3488	* Allocate a single privilege set
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3489	*/
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3490	static priv_set_t *
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3491	alloc_win_priv(const char *priv)
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3492	{
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3493	priv_set_t *pset;
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3494
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3495	if ((pset = priv_allocset()) == NULL) {
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3496	perror("priv_allocset");
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3497	FatalError("Cannot allocate privilege set");
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3498	}
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3499	priv_emptyset(pset);
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3500	priv_addset(pset, priv);
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3501
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3502	return pset;
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3503	}
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3504
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3505	/*
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3506	* Initialize all string window privileges to the binary equivalent.
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3507	* Binary privilege testing is much faster than the string testing
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3508	*/
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3509	void
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3510	init_win_privsets()
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3511	{
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3512
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3513	pset_win_mac_read = alloc_win_priv(PRIV_WIN_MAC_READ);
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3514	pset_win_mac_write = alloc_win_priv(PRIV_WIN_MAC_WRITE);
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3515	pset_win_dac_read = alloc_win_priv(PRIV_WIN_DAC_READ);
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3516	pset_win_dac_write = alloc_win_priv(PRIV_WIN_DAC_WRITE);
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3517	pset_win_config = alloc_win_priv(PRIV_WIN_CONFIG);
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3518	pset_win_devices = alloc_win_priv(PRIV_WIN_DEVICES);
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3519	pset_win_fontpath = alloc_win_priv(PRIV_WIN_FONTPATH);
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3520	pset_win_colormap = alloc_win_priv(PRIV_WIN_COLORMAP);
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3521	pset_win_upgrade_sl = alloc_win_priv(PRIV_WIN_UPGRADE_SL);
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3522	pset_win_downgrade_sl = alloc_win_priv(PRIV_WIN_DOWNGRADE_SL);
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3523	pset_win_selection = alloc_win_priv(PRIV_WIN_SELECTION);
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3524	}
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3525
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3526	void
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3527	free_win_privsets()
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3528	{
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3529	priv_freeset(pset_win_mac_read);
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3530	priv_freeset(pset_win_mac_write);
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3531	priv_freeset(pset_win_dac_read);
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3532	priv_freeset(pset_win_dac_write);
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3533	priv_freeset(pset_win_config);
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3534	priv_freeset(pset_win_devices);
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3535	priv_freeset(pset_win_fontpath);
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3536	priv_freeset(pset_win_colormap);
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3537	priv_freeset(pset_win_upgrade_sl);
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3538	priv_freeset(pset_win_downgrade_sl);
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3539	priv_freeset(pset_win_selection);
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3540	}
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3541
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3542	int
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3543	HasWinSelection(TsolInfoPtr tsolinfo)
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3544	{
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3545	return (priv_issubset(pset_win_selection, (tsolinfo->privs)));
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3546	}
07b00e5ea8c8 Trusted Extensions bug fixes Lokanath Das <Lokanath.Das@Sun.COM> parents: 0 diff changeset	3547

author	Alan Coopersmith <Alan.Coopersmith@Sun.COM>
	Wed, 31 Jan 2007 16:30:33 -0800
changeset 98	c21b46ed1efd
parent 73	XORG_NV/sun-src/xc/programs/Xserver/tsol/tsolpolicy.c@8877ee2f6c6d
child 168	7e5ba43e5235
permissions	-rw-r--r--